[Esapi-user] How do we customize the error messages with OWASP

Kesavanarayanan, Ramesh Ramesh.Kesavanarayanan at Pearson.com
Wed Jul 28 15:05:56 EDT 2010


Basically I have bifurcated into 2 types of exceptions
1.	Length issue
2.	Character / Format issue

Here is the code snippet I have written to take care of this. 

My application does JSP --> Struts Action --> ESAPI

try {
	ESAPI.validator().getValidInput(arg0, arg2);
} catch (Exception e) {
	Object[] arguments = { ((ValidationException)
e).getContext(),"is invalid" };
	String errorMsg = null;
	if (e.getMessage().contains("Invalid input. The maximum length
of")) {
		errorMsg = ((ValidationException) e).getContext()+ " "+
e.getMessage().substring(e.getMessage().indexOf("Invalid input."));
	} else {
		errorMsg =
MessageFormat.format(loadExceptionKeyFromFile(), arguments);
	}
	if (e instanceof ValidationException) {
		errors.add(ApplicationConstants.FAIL, errorMsg);
	} else if (e instanceof IntrusionException) {
		errors.add(ApplicationConstants.FAIL, errorMsg);
	}
}


public static String loadExceptionKeyFromFile() {
	Properties messages = null;
	InputStream inStream = null;
	String input = "Exception.message";
	if (pattern == null) {
		try {
			inStream =
ESAPI.securityConfiguration().getResourceStream("ESAPI_en_US.properties"
);
			messages = new Properties();
			messages.load(inStream);
			pattern = messages.getProperty(input);
		} catch (IOException e1) {
			e1.printStackTrace();
		} finally {
			if (inStream != null)
				try {
					inStream.close();
				} catch (Exception ee) {
				}
		}
	}
	return pattern;
}

And here is my ESAPI_en_US.properties (this file I have put under
resources folder from where I read esapi.properties)

### Custom Exception message with OWASP
Exception.message=The {0} format {1}.


Regards |  Ramesh Kesavanarayanan  |    319-354-9200 ext 215785 / 215972
(O) |  /  319-621-7641 (M)   | ramesh.kesavanarayanan at pearson.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100728/c9e03af2/attachment.html 


More information about the Esapi-user mailing list