[Esapi-user] Path Manipulation Fortify

Parmar, Amandeep Amandeep.Parmar at fisglobal.com
Tue Nov 19 07:28:59 UTC 2013


Hi,

I was getting a path manipulation issue from Fortify on
File existingFile = new File(${FileName});
I have changed it to use ESAPI APi:
            File existingFile = new File(ESAPI.validator().getValidInput("test",existingFileName,"FileName",200,false));

But it throws me an error as:
Exception in thread "main" java.lang.NoClassDefFoundError: org.apache.commons.fileupload.ProgressListener
      at java.lang.J9VMInternals.verifyImpl(Native Method)
      at java.lang.J9VMInternals.verify(J9VMInternals.java:72)
      at java.lang.J9VMInternals.initialize(J9VMInternals.java:134)
      at java.lang.Class.forNameImpl(Native Method)
      at java.lang.Class.forName(Class.java:136)
      at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:74)
      at org.owasp.esapi.ESAPI.httpUtilities(ESAPI.java:121)
      at org.owasp.esapi.ESAPI.currentRequest(ESAPI.java:70)
      at org.owasp.esapi.reference.Log4JLogger.log(Log4JLogger.java:434)
      at org.owasp.esapi.reference.Log4JLogger.warning(Log4JLogger.java:205)
      at org.owasp.esapi.reference.DefaultIntrusionDetector.addException(DefaultIntrusionDetector.java:65)
      at org.owasp.esapi.errors.EnterpriseSecurityException.<init>(EnterpriseSecurityException.java:75)
      at org.owasp.esapi.errors.ValidationException.<init>(ValidationException.java:76)
      at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:144)
      at org.owasp.esapi.reference.validation.StringValidationRule.getValid(StringValidationRule.java:306)
      at org.owasp.esapi.reference.DefaultValidator.getValidInput(DefaultValidator.java:214)
      at com.certegy.utilities.file.Tst.renameFile(Tst.java:23)
      at com.certegy.utilities.file.Tst.main(Tst.java:16)
Caused by: java.lang.ClassNotFoundException: org.apache.commons.fileupload.ProgressListener


Any suggestions?

Thanks,

_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20131119/f8219795/attachment.html>


More information about the Esapi-user mailing list