[Esapi-user] getValidFile bug (ESAPI 2.0, at least)

Kevin W. Wall kevin.w.wall at gmail.com
Wed Aug 4 22:09:43 EDT 2010


Jim Manico wrote:
> How about
> 
> if ((allowedExtensions == null) || (allowedExtensions.isEmpty())) {
> 	throw new ValidationException( "Internal Error", "You called
> getValidFileName with an empty or null list of allowed Extensions, therefore
> no files can be uploaded" );
> }

This one, but I suggest for the logged message part,

	getValidFileName called with an empty ...

rather than "You called getValidFileName with an empty ..."

I like this better than RuntimeException. (Unless you want to make
it IllegalArgumentException, which *is* a RuntimeException. But I like
this better since you already need to catch ValidationExeption.)

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME


More information about the Esapi-user mailing list