[OWASP-ESAPI] The IntegerAccessReferenceMapTest#testAddDirectReference() challenge
jeff.ichnowski at owasp.org
Thu Nov 12 00:26:40 EST 2009
Classic. Nice catch. =)
You could also fix that by having the subclasses never call the Set version
of the parent constructor. And instead have them call the update method
public IntegerAccessReferenceMap(Set<Object> directReferences, int
It occurs to me that this problem might actually plage other subclasses that
do similar implementation patterns. It might be best to remove the Set
version of the constructor altogether. E.g. a
SecureRandomAccessReferenceMap would have the same problem if it relied on
the initalization of a SecureRandom object.
Probably worth bringing up after other people have a chance to go through
your puzzle. :)
On Wed, Nov 11, 2009 at 8:49 PM, Ed Schaller <schallee at darkmist.net> wrote:
> Ok, so this is the most bizarre bug I have seen in quite a while. It's
> quite a mind twister and kind of fun. So I thought I'd give others a
> chance to enjoy and puzzle out what's going on.
> It's so odd that one solution I implemented doesn't really give away
> what is going on. You could consider it a hint:
> I'll post the solution tomorrow evening if no one's had the time to look
> at it yet.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> -----END PGP SIGNATURE-----
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI