[Esapi-user] getValidFile bug (ESAPI 2.0, at least)

Kevin W. Wall kevin.w.wall at gmail.com
Wed Aug 4 22:09:43 EDT 2010

Jim Manico wrote:
> How about
> if ((allowedExtensions == null) || (allowedExtensions.isEmpty())) {
> 	throw new ValidationException( "Internal Error", "You called
> getValidFileName with an empty or null list of allowed Extensions, therefore
> no files can be uploaded" );
> }

This one, but I suggest for the logged message part,

	getValidFileName called with an empty ...

rather than "You called getValidFileName with an empty ..."

I like this better than RuntimeException. (Unless you want to make
it IllegalArgumentException, which *is* a RuntimeException. But I like
this better since you already need to catch ValidationExeption.)

Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME

More information about the Esapi-user mailing list