[Esapi-user] DefaultEncoder - constructor must be synhcronized.

• Next message: [Esapi-user] DefaultEncoder - constructor must be synhcronized.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, 

 

I just found out that the call to the DefaultEncoder constructor  must
be synchronized.

The DefaultEncoder uses HTMLEntityCodec which in turn uses a static
HashMap.

When the HashMap is initialized with values by more than one thread it
may cause a severe problem.

 

In our production environment I found one machine utilizing 25% of the
CPU by two threads that are stuck on initializing the DefaultEncoder.

<?xml version="1.0" encoding="utf-8"?>

<stack_trace>

  <threadstackframeinfo ="0" class="java.util.HashMap"
method="put(java.lang.Object, java.lang.Object)" line="374"
source_file="HashMap.java"/>

  <threadstackframeinfo ="1"
class="org.owasp.esapi.codecs.HTMLEntityCodec" method="initializeMaps()"
line="808" source_file="HTMLEntityCodec.java"/>

  <threadstackframeinfo ="2"
class="org.owasp.esapi.codecs.HTMLEntityCodec" method="&lt;init&gt;()"
line="44" source_file="HTMLEntityCodec.java"/>

  <threadstackframeinfo ="3"
class="org.owasp.esapi.reference.DefaultEncoder" method="&lt;init&gt;()"
line="75" source_file="DefaultEncoder.java"/>

</stack_trace>

 

Shlomo Rothschild | Chief Architect & CISO | Unisfair
<http://www.unisfair.com/> 
P: +972.3.6117300#235 | C: +972.54.3150906

www.twitter.com/unisfair <http://www.twitter.com/unisfair>  |
www.facebook.com/unisfair <http://www.facebook.com/unisfair> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100801/ae028d50/attachment.html 

• Next message: [Esapi-user] DefaultEncoder - constructor must be synhcronized.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]