[Esapi-user] [Esapi-dev] It's SOUP!!!

Chris Schmidt chris.schmidt at owasp.org
Fri Feb 4 10:18:31 EST 2011

It seems like this should be using the same directory that ESAPI is
configured to use for configuration files to me? Is there a reason that this
is hardcoded to use a specific directory?

On 2/4/11 7:29 AM, "Calderon, Juan Carlos (GE, Corporate, consultant)"
<juan.calderon at ge.com> wrote:

> I am very familiar with WAF, actually I did a line-by-line code review
> of it.  
> ESAPI WAF uses a XML policy file for configuration that should be in
> your $HOME/.esapi directory. If you wiped that file then I guess most of
> the test cases will fail.
> WAF also heavily uses ESAPI logging facilities, but I assume ESAPI is
> working fine in your environment.
> Regards,
> Juan C Calderon
> -----Original Message-----
> From: esapi-dev-bounces at lists.owasp.org
> [mailto:esapi-dev-bounces at lists.owasp.org] On Behalf Of Kevin W. Wall
> Sent: Friday, February 04, 2011 1:34 AM
> To: ESAPI-Developers; ESAPI-Users
> Subject: [Esapi-dev] It's SOUP!!!
> OK boys and girls, geeks and nerds, hackers, crackers, and anyone still
> patient enough to read my emails...  I'll make this short...
> really.
> I've finished committing a bejillion things and closed out about
> 5 or so Google Issues.  The biggest changes were as a result of the
> crypto review process done by the NSA as well as Jeff Walton.
> (Jeff, would appreciate if you could take a quick look at the new
> KeyDerivationFunction class. Thanks!)
> Anyhow, as I've discussed with Jim, Chris, Jeff, and Arshan, the WAF
> JUnit tests (and possibly some others related to access control) are
> failing (well, giving 'errors' actually).
> When I run all the tests, I am now getting something like 66 'errors'.
> I never touched the WAF code so not sure what is going on, other than as
> I mentioned in previous off-list emails that I did blow away my
> $HOME/.esapi directory which had a lot of WAF and access control files
> populated in it.
> It was shortly after I blew that directory away that I started noticing
> these failures in the JUnit tests.  But Jim and Chris said to commit the
> code anyhow and they would take a look at it.
> For those of you who are ambitious, you might try retrieving and
> building from the SVN trunk and see if you can reproduce it. It could
> just be my environment.
> For now, I'm off to bed. Will check back in latter tomorrow.
> Later,
> -kevin
> --
> Kevin W. Wall
> "The most likely way for the world to be destroyed, most experts agree,
> is by accident. That's where we come in; we're computer professionals.
> We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME
> _______________________________________________
> Esapi-dev mailing list
> Esapi-dev at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-dev
> _______________________________________________
> Esapi-dev mailing list
> Esapi-dev at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-dev

Chris Schmidt
ESAPI Project Manager (http://www.esapi.org)
ESAPI4JS Project Owner (http://bit.ly/9hRTLH)
Blog: http://yet-another-dev.blogspot.com

More information about the Esapi-user mailing list