[Esapi-dev] Help regarding issue 251

Jim Manico jim.manico at owasp.org
Thu Oct 2 21:18:30 UTC 2014


Indeed it is. DateFormat for Java 6 stops processing of the Date as soon as
it's valid. Is it worth bringing this issue to the JCP as well?

--
Jim Manico
@Manicode
(808) 652-3805

On Oct 2, 2014, at 2:00 PM, Jeff Williams <jeff.williams at aspectsecurity.com>
wrote:

  It’s a good bug.



--Jeff



*From:* esapi-dev-bounces at lists.owasp.org [
mailto:esapi-dev-bounces at lists.owasp.org <esapi-dev-bounces at lists.owasp.org>]
*On Behalf Of *Fabio Cerullo
*Sent:* Thursday, October 02, 2014 4:44 PM
*To:* Jim Manico
*Cc:* esapi-dev at lists.owasp.org
*Subject:* Re: [Esapi-dev] Help regarding issue 251



Nalin



Thanks for your interest to fix ESAPI issues. Someone from the dev team
will help you out addressing this or any other bug that might interest you.



Regards

Fabio

On Thursday, 2 October 2014, Jim Manico <jim.manico at owasp.org> wrote:

You do not stop injection at the input validation layer, I do not
think this is a good bug.

--
Jim Manico
@Manicode
(808) 652-3805

> On Oct 2, 2014, at 10:53 AM, Nalin Goel <naling1994 at gmail.com
<javascript:;>> wrote:
>
> Hi guys,
>
> I am new to open-source and would like to work with owasp-esapi.
>
> I did some research on issue 251(IsValidDate not recognizing inection
attacks) and would appreciate guidance as well as feedback as to what our
inputs might be.
>
> Any help on getting me started is appreciated .
> _______________________________________________
> Esapi-dev mailing list
> Esapi-dev at lists.owasp.org <javascript:;>
> https://lists.owasp.org/mailman/listinfo/esapi-dev
_______________________________________________
Esapi-dev mailing list
Esapi-dev at lists.owasp.org <javascript:;>
https://lists.owasp.org/mailman/listinfo/esapi-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-dev/attachments/20141002/131ed577/attachment.html>


More information about the Esapi-dev mailing list