[OWASP-ESAPI] Help needed building OWASP ESAPI from source using Eclipse

Neil Matatall neil at owasp.org
Mon Nov 9 01:58:20 EST 2009 

Hi all, I followed the instructions on the building from eclipse page
on a clean machine, and it worked great.  We *may* want to recommend
that users use the WTP releases as they come with a lot of optional
libraries that support a lot of the optional features of m2eclipse.

My jUnit output:
Runs: 754/754  Errors: 108, Failures: 25

Ubuntu 9.10
java-6-sun-1.6.0.15
Eclipse: Version: 3.5.1 Build id: M20090917-0800

On Sun, Nov 8, 2009 at 4:05 PM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
> Pawan Singh wrote:
>> I 100% agree with fixing the tests so they succeed out of the box and
>> removing the "Skip Tests" part from the build instructions completely.
>>
>> Initially, I thought there is some problem with my environment which is
>> causing those tests to fail but I cross checked with Jim and he confirmed
>> the same problem.
>>
>> I think it will be a good idea to first check if there are
>> no environmental/OS specific issues which is causing these tests to fail.
>> If there are then we can document the instructions on fixing those issues
>> accordingly in the build and Install docs.
>>
>> Otherwise, we can decide upon fixing or using @ignore annotation as Kevin
>> suggested for those specific tests.
>>
>> If there is anyone on the list for whom all 429 tests are passing then we
>> can probably take his/her help in configuring and documenting
>> those environment specific settings.
>>
>>
>> My Test Results :
>>
>> Failed tests:
>>   testEncodeForSQL(org.owasp.esapi.reference.EncoderTest)
>>   testUnicodeString(org.owasp.esapi.PlainTextTest)
>>   testOverwrite(org.owasp.esapi.PlainTextTest)
>>   testGetRequestAttribute(org.owasp.esapi.reference.HTTPUtilitiesTest)
>>   testCreateSafeFile(org.owasp.esapi.reference.SafeFileTest)
>>   testAddDirectReference(org.owasp.esapi.reference.IntegerAccessReferenceMapTest)
>>   testNewEncryptDecrypt(org.owasp.esapi.reference.EncryptorTest)
>>
>> Tests in error:
>>   testShouldReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
>>   testShouldNotReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
>>   testGoodExtension(org.owasp.esapi.waf.RestrictExtensionTest)
>>   testBadExtension(org.owasp.esapi.waf.RestrictExtensionTest)
>>   enforceAuthorizationRuleNotFoundNullKey(org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoaderTest)
>>   testSetup(org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoaderTest)
>>   isAuthorizedEchoPolicyParameter(org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoaderTest)
>>   testRedirectBeanShellRule(org.owasp.esapi.waf.BeanShellTest)
>>   testShouldAddHeader(org.owasp.esapi.waf.AddHeaderTest)
>>   testShouldNotAddHeader(org.owasp.esapi.waf.AddHeaderTest)
>>   testMatchRule(org.owasp.esapi.reference.AccessControllerTest)
>>   testIsAuthorizedForURL(org.owasp.esapi.reference.AccessControllerTest)
>>   testIsAuthorizedForFunction(org.owasp.esapi.reference.AccessControllerTest)
>>   testIsAuthorizedForData(org.owasp.esapi.reference.AccessControllerTest)
>>   testIsAuthorizedForFile(org.owasp.esapi.reference.AccessControllerTest)
>>   testIsAuthorizedForService(org.owasp.esapi.reference.AccessControllerTest)
>>   testGoodRequest(org.owasp.esapi.waf.GoodRequestTest)
>>   testGetValidDirectoryPath(org.owasp.esapi.reference.ValidatorTest)
>>   testConfigurationCanBeRead(org.owasp.esapi.waf.WAFFilterTest)
>>   testShouldAddHeader(org.owasp.esapi.waf.AddHeaderTest)
>>   testShouldNotAddHeader(org.owasp.esapi.waf.AddHeaderTest)
>>   testRedirectBeanShellRule(org.owasp.esapi.waf.BeanShellTest)
>>   testBadDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
>>   testGoodDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
>>   testAuthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
>>   testUnauthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
>>   testGoodSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
>>   testBadSchemeSSLNotRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
>>   testBadSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
>>   testGoodRequest(org.owasp.esapi.waf.GoodRequestTest)
>>   testAddHttpOnlyOnSessionCookie(org.owasp.esapi.waf.HttpOnlyTest)
>>   testAddHttpOnlyOnCustomCookie(org.owasp.esapi.waf.HttpOnlyTest)
>>   testUnauthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
>>   testAuthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
>>   testShouldReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
>>   testShouldNotReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
>>   testNoContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
>>   testGoodContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
>>   testBadContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
>>   testGoodExtension(org.owasp.esapi.waf.RestrictExtensionTest)
>>   testBadExtension(org.owasp.esapi.waf.RestrictExtensionTest)
>>   testGoodMethod(org.owasp.esapi.waf.RestrictMethodTest)
>>   testBadMethod(org.owasp.esapi.waf.RestrictMethodTest)
>>   testBadUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
>>   testGoodUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
>>   testNonAttacktAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
>>   testAttackAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
>>   testNoContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
>>   testGoodContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
>>   testBadContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
>>   testAddHttpOnlyOnSessionCookie(org.owasp.esapi.waf.HttpOnlyTest)
>>   testAddHttpOnlyOnCustomCookie(org.owasp.esapi.waf.HttpOnlyTest)
>>   testSetters(org.owasp.esapi.ESAPITest)
>>   testNonAttacktAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
>>   testAttackAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
>>   testGoodMethod(org.owasp.esapi.waf.RestrictMethodTest)
>>   testBadMethod(org.owasp.esapi.waf.RestrictMethodTest)
>>   testBadDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
>>   testGoodDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
>>   testGoodSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
>>   testBadSchemeSSLNotRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
>>   testBadSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
>>   testBadUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
>>   testGoodUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
>>   testAuthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
>>   testUnauthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
>>   testUnauthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
>>   testAuthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
>>   testSeal(org.owasp.esapi.reference.EncryptorTest)
>>   testVerifySeal(org.owasp.esapi.reference.EncryptorTest)
>>
>> Tests run: 429, Failures: 7, Errors: 70, Skipped: 0
>
> I'm running on OpenSuSE 11.1. My tests faired a little better.
>
>        Tests run: 429, Failures: 6, Errors: 57, Skipped: 0
>
> Here are my results:
>
> Results :
>
> Failed tests:
>
> testSetup(org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoaderTest)
>  testEncodeForSQL(org.owasp.esapi.reference.EncoderTest)
>  testIsInvalidFilename(org.owasp.esapi.reference.ValidatorTest)
>  testGetRequestAttribute(org.owasp.esapi.reference.HTTPUtilitiesTest)
>  testCreateSafeFileURIConstructor(org.owasp.esapi.reference.SafeFileTest)
>  testAddDirectReference(org.owasp.esapi.reference.IntegerAccessReferenceMapTest)
>
> Tests in error:
>  testShouldReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
>  testShouldNotReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
>  testGoodExtension(org.owasp.esapi.waf.RestrictExtensionTest)
>  testBadExtension(org.owasp.esapi.waf.RestrictExtensionTest)
>  testRedirectBeanShellRule(org.owasp.esapi.waf.BeanShellTest)
>  testShouldAddHeader(org.owasp.esapi.waf.AddHeaderTest)
>  testShouldNotAddHeader(org.owasp.esapi.waf.AddHeaderTest)
>  testGoodRequest(org.owasp.esapi.waf.GoodRequestTest)
>  testConfigurationCanBeRead(org.owasp.esapi.waf.WAFFilterTest)
>  testShouldAddHeader(org.owasp.esapi.waf.AddHeaderTest)
>  testShouldNotAddHeader(org.owasp.esapi.waf.AddHeaderTest)
>  testRedirectBeanShellRule(org.owasp.esapi.waf.BeanShellTest)
>  testBadDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
>  testGoodDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
>  testAuthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
>  testUnauthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
>  testGoodSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
>  testBadSchemeSSLNotRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
>  testBadSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
>  testGoodRequest(org.owasp.esapi.waf.GoodRequestTest)
>  testAddHttpOnlyOnSessionCookie(org.owasp.esapi.waf.HttpOnlyTest)
>  testAddHttpOnlyOnCustomCookie(org.owasp.esapi.waf.HttpOnlyTest)
>  testUnauthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
>  testAuthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
>  testShouldReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
>  testShouldNotReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
>  testNoContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
>  testGoodContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
>  testBadContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
>  testGoodExtension(org.owasp.esapi.waf.RestrictExtensionTest)
>  testBadExtension(org.owasp.esapi.waf.RestrictExtensionTest)
>  testGoodMethod(org.owasp.esapi.waf.RestrictMethodTest)
>  testBadMethod(org.owasp.esapi.waf.RestrictMethodTest)
>  testBadUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
>  testGoodUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
>  testNonAttacktAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
>  testAttackAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
>  testNoContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
>  testGoodContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
>  testBadContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
>  testAddHttpOnlyOnSessionCookie(org.owasp.esapi.waf.HttpOnlyTest)
>  testAddHttpOnlyOnCustomCookie(org.owasp.esapi.waf.HttpOnlyTest)
>  testNonAttacktAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
>  testAttackAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
>  testGoodMethod(org.owasp.esapi.waf.RestrictMethodTest)
>  testBadMethod(org.owasp.esapi.waf.RestrictMethodTest)
>  testBadDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
>  testGoodDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
>  testGoodSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
>  testBadSchemeSSLNotRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
>  testBadSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
>  testBadUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
>  testGoodUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
>  testAuthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
>  testUnauthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
>  testUnauthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
>  testAuthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
>
> Tests run: 429, Failures: 6, Errors: 57, Skipped: 0
>
> -kevin
> --
> Kevin W. Wall
> "The most likely way for the world to be destroyed, most experts agree,
> is by accident. That's where we come in; we're computer professionals.
> We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi
>



-- 

--

Neil

More information about the OWASP-ESAPI mailing list