[Esapi-user] [Esapi-dev] ESAPI Question

Chris Schmidt chris.schmidt at owasp.org
Wed Jul 13 13:55:49 EDT 2011


Looks to me like ESAPI isn't able to find the esapi.properties file in 
your test classpath. Ensure that the properties file is accessible and 
is being found by ESAPI and you should be good to go. :)

On 7/13/2011 11:51 AM, Yan Yan Wang wrote:
> Thanks for everyone's response.
>
> Yes, we are testing our own code that uses esapi. We have tried to mockup requests and call setCurrent on httputilities, it failed. Does someone have a junit test code snippet that I can take a look at it? We use RSA on win.
>
> Here is the stack trace:
>
> java.lang.Exception: Unexpected exception, expected<sf.iasc.application.ssoeventhandler.exception.UnexpectedApplicationException>  but was<org.owasp.esapi.errors.ConfigurationException>
> 	at org.junit.internal.runners.MethodRoadie.runTestMethod(MethodRoadie.java:110)
> 	at org.junit.internal.runners.MethodRoadie$2.run(MethodRoadie.java:79)
> 	at org.junit.internal.runners.MethodRoadie.runBeforesThenTestThenAfters(MethodRoadie.java:87)
> 	at org.junit.internal.runners.MethodRoadie.runTest(MethodRoadie.java:77)
> 	at org.junit.internal.runners.MethodRoadie.run(MethodRoadie.java:42)
> 	at org.junit.internal.runners.JUnit4ClassRunner.invokeTestMethod(JUnit4ClassRunner.java:88)
> 	at org.junit.internal.runners.JUnit4ClassRunner.runMethods(JUnit4ClassRunner.java:51)
> 	at org.junit.internal.runners.JUnit4ClassRunner$1.run(JUnit4ClassRunner.java:44)
> 	at org.junit.internal.runners.ClassRoadie.runUnprotected(ClassRoadie.java:26)
> 	at org.junit.internal.runners.ClassRoadie.runProtected(ClassRoadie.java:36)
> 	at org.junit.internal.runners.JUnit4ClassRunner.run(JUnit4ClassRunner.java:42)
> 	at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:38)
> 	at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
> 	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460)
> 	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673)
> 	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386)
> 	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
> Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.
> 	at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
> 	at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:182)
> 	at org.owasp.esapi.ESAPI.httpUtilities(ESAPI.java:121)
> 	at sf.iasc.application.ssoeventhandler.event.RedirectingEvent.appendQueryStringToUrl(RedirectingEvent.java:114)
> 	at sf.iasc.application.ssoeventhandler.event.RedirectingEventTest.appendQueryStringThrowsUnexpectedApplicationExceptionWhenQueryStringParameterFailsValidation(RedirectingEventTest.java:348)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:618)
> 	at org.junit.internal.runners.TestMethod.invoke(TestMethod.java:59)
> 	at org.junit.internal.runners.MethodRoadie.runTestMethod(MethodRoadie.java:98)
> 	... 16 more
> Caused by: java.lang.reflect.InvocationTargetException
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:618)
> 	at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
> 	... 26 more
> Caused by: java.lang.NullPointerException
> 	at org.owasp.esapi.reference.DefaultSecurityConfiguration.getESAPIProperty(DefaultSecurityConfiguration.java:1057)
> 	at org.owasp.esapi.reference.DefaultSecurityConfiguration.setCipherXProperties(DefaultSecurityConfiguration.java:245)
> 	at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:220)
> 	at org.owasp.esapi.reference.DefaultSecurityConfiguration.getInstance(DefaultSecurityConfiguration.java:75)
> 	... 31 more
>
> -----Original Message-----
> From: Chris Schmidt [mailto:chris.schmidt at owasp.org]
> Sent: Tuesday, July 12, 2011 7:52 PM
> To: Jim Manico
> Cc: Yan Yan Wang; esapi-dev at lists.owasp.org; Esapi-user at lists.owasp.org
> Subject: Re: [Esapi-user] [Esapi-dev] ESAPI Question
>
> It sounds more like you are trying to unit test your own code that is using esapi, is that correct? If so - you will need to mock up requests and call setCurrent on httpitiliyies with your mock requests prior to each test running (setup) and clearcurrent after each (teardown)
>
> Sent from my iPwn
>
> On Jul 12, 2011, at 5:23 PM, Jim Manico<jim.manico at owasp.org>  wrote:
>
>> Can you send us your log file entries illustrating this problem in detail?
>>
>> - Jim
>>
>>
>>> We encountered “org.owasp.esapi.errors.ConfigurationException” during
>>> unit testing. The JUnit test isn't running in-container as ESAPI is. We
>>> could implement a mock object, but the tests can't verify that ESAPI is
>>> returning the correct value since it has to run in container. Does
>>> anyone have good suggestions for the problem?
>>>
>>> Thanks.
>>>
>>> YanYan
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Esapi-dev mailing list
>>> Esapi-dev at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/esapi-dev
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-user



More information about the Esapi-user mailing list