[OWASP-ESAPI] The IntegerAccessReferenceMapTest#testAddDirectReference() challenge
Jeff Ichnowski
jeff.ichnowski at owasp.org
Thu Nov 12 00:26:40 EST 2009
Classic. Nice catch. =)
You could also fix that by having the subclasses never call the Set version
of the parent constructor. And instead have them call the update method
directly. E.g.:
public IntegerAccessReferenceMap(Set<Object> directReferences, int
initialSize)
{
super(initialSize);
update(directReferences);
}
It occurs to me that this problem might actually plage other subclasses that
do similar implementation patterns. It might be best to remove the Set
version of the constructor altogether. E.g. a
SecureRandomAccessReferenceMap would have the same problem if it relied on
the initalization of a SecureRandom object.
Probably worth bringing up after other people have a chance to go through
your puzzle. :)
Cheers,
-Jeff
On Wed, Nov 11, 2009 at 8:49 PM, Ed Schaller <schallee at darkmist.net> wrote:
> Ok, so this is the most bizarre bug I have seen in quite a while. It's
> quite a mind twister and kind of fun. So I thought I'd give others a
> chance to enjoy and puzzle out what's going on.
>
> It's so odd that one solution I implemented doesn't really give away
> what is going on. You could consider it a hint:
>
> http://www.darkmist.net/~schallee/IntegerAccessReferenceMap.patch<http://www.darkmist.net/%7Eschallee/IntegerAccessReferenceMap.patch>
>
> I'll post the solution tomorrow evening if no one's had the time to look
> at it yet.
>
> Enjoy
>
> >>>------>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAkr7k+AACgkQ8kiOCKEpeEEyOQCfZpsw8JUiY4HmeXpaY1iNOh72
> LaQAn36SFj1FY/O3SlXn94wPHTKuoWY8
> =loqK
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20091111/0a2ec6a3/attachment.html
More information about the OWASP-ESAPI
mailing list