Skip to content

Fix to Google Issue 212 #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from Dec 29, 2015
Merged

Fix to Google Issue 212 #2

merged 1 commit into from Dec 29, 2015

Conversation

ghost
Copy link

@ghost ghost commented Oct 22, 2014

to know if an uncaught exception is a security exception or usual runtime exception.

@karansanwal
Fix to Google Issue 212
82715bf 
to know if an uncaught exception is a security exception or usual runtime exception.
@ghost
Copy link
Author

ghost commented Oct 22, 2014

extending to EnterpriseRuntimeSecurityException creates an error, will look up to that.

@ghost ghost closed this Oct 22, 2014
@ghost ghost reopened this Oct 27, 2014
This was referenced Nov 13, 2014
Closed
Closed
Closed
Open
Closed
@chrisisbeef
Copy link
Member

Did you discover why extending EnterpriseRuntimeSecurityException errors? This should be an unchecked / runtime exception.

@kwwall kwwall merged commit 82715bf into ESAPI:master Dec 29, 2015
xeno6696 added a commit that referenced this pull request Jan 20, 2016
@xeno6696
Merge pull request #2 from ESAPI/master
b687fe5 
Pull new history for experimentation.
xeno6696 added a commit that referenced this pull request May 13, 2018
@xeno6696
Merge pull request #434 from xeno6696/develop
5f528d8 
Moved esapi.tld into the correct resources location.  Fixes issues #2
@ghost ghost mentioned this pull request Sep 3, 2018
Closed
@xeno6696 xeno6696 mentioned this pull request Jan 28, 2021
Open
xeno6696 pushed a commit to xeno6696/esapi-java-legacy that referenced this pull request Jun 27, 2025
@kwwall
Draft ESAPI#2. Needs reviewd and completed. Track changes disabled.
aa1c9d9
kwwall added a commit that referenced this pull request Jun 27, 2025
@xeno6696 @kwwall @jeremiahjstacey
Merging Private Branch contents from Kevin's Repo. (#888)
f75ac2c 
* Fix javadoc botch forgetting to end italics. :(

* Added new static method 'isMethodExplicityEnabled' abd other minor Javadoc tweaks.

* Added default exception message if one wasn't specified or was empty.

* Changed to use a more politically correct property name. But I still
like 'ESAPI.enableLegCannonModeAndGetMyAssFired.justification' better.  ;-)

* Add code to ensure that DefaultEncoder.encodeForSQL is explicity enabled if someone wants to use it.

* Updating ESAPI util for ExplictMethod verify

Updating parameter null check to test null case.
Removing null check on property result (if null ConfigurationException
is thrown).

Simplifying return from method to verify response is not empty.

* ESAPI methodEnabled Tests

Adding branch testing for ESAPI.isMethodExplicitlyEnabled behavior to
account for parameter cases.

Only case not covered is providing an ESAPI.properties that does not
contain the new key.

* Test Coverage

using the SecurityConfigurationWrapper to verify remaining test case
when a ConfigurationException is thrown when the new property is
missing or undefined.

* Added deprecations, deprecation warnings, and other Javadoc refinements.

* Reference specific CVE ID for logged message.

* Change from EVENT_FAILURE to SECURITY_FAILURE, because it potentially is, despite best intentions.

* Draft #2. Needs reviewd and completed. Track changes disabled.

* Apparently {@inheritdoc} doesn't inherit @deprecated from interfaces.
Plus minor type fix ('class' ==> 'method').

* Draft 3 - completed several more sections.

* Minor corrections to ESAPI Security Bulletin #13.

* Update to FileUploads 1.6.0 to address CVE-2025-48976, which likely didn't affect HTTPUtilities.getFileUploads interaces anyway.

* Implement java.util.function.Supplier since we are using Java 8 for a while.

* Incorporate Jeremiah Stacey's feedback.

* Incorporate Erika von Kampen's feedback.

* Final draft of Security Bulletin #13 until CVE published. (Need to include its summary description.)

* Fix minor typos.

* Update versions of spotbugs-maven-plugin and maven-pmd-plugin.

* Update previous release date.

* release info for 2.7.0.0

* ESAPI 2.7.0.0 release notes.

---------

Co-authored-by: kwwall <[email protected]>
Co-authored-by: jeremiah.stacey <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chrisisbeef @kwwall @karansanwal