nomadinjax/esapi4cf

Issues

• Going to assume this project is dead?

  #65 opened 7 years ago by KrunchMuffin
  1

• Ensure all SafeSession methods access the CF session scope, not J2EE session

  #62 opened 11 years ago by nomadinjax
  0

• Allow the password complexity rules "magic" number to be configurable in ESAPI.properties, defaulting to 16

  #63 opened 11 years ago by nomadinjax
  0

• Investigate session invalidation

  #44 opened 11 years ago by nomadinjax
  3

• Create some basic automation tests using CFSelenium

  #56 opened 11 years ago by nomadinjax
  1

• Get 'SafeFileTest.testJavaFileInjectionGood' unit test passing

  #18 opened 11 years ago by nomadinjax
  1

• Get 'SafeFileTest.testAlternateDataStream' unit test passing

  #17 opened 11 years ago by nomadinjax
  0

• Get 'SafeFileTest.testMultipleJavaFileInjectionBad' unit test passing

  #16 opened 11 years ago by nomadinjax
  0

• Get 'SafeFileTest.testMultipleJavaFileInjectionGood' unit test passing

  #14 opened 11 years ago by nomadinjax
  0

• Get SafeFileTest 'testCreateFileNameNull' unit test passing

  #61 opened 11 years ago by nomadinjax
  0

• Investigate possible concurrency issues with modules

  #60 opened 11 years ago by nomadinjax
  1

• AuthenticatorTest#testSetCurrentUser Runnable is incomplete

  #58 opened 11 years ago by nomadinjax
  0

• AuthenticatorTest#testGetCurrentUser Runnable is incomplete

  #57 opened 11 years ago by nomadinjax
  1

• DefaultEncryptedProperties utility is marked incomplete

  #59 opened 11 years ago by nomadinjax
  0

• ColdFusion 10 cannot authenticate with login() method

  #39 opened 11 years ago by nomadinjax
  4

• Need to allow for resource bundling of validation and other textual messages

  #31 opened 11 years ago by nomadinjax
  3

• HttpUtilities.logHTTPRequest must exclude CFID/CFTOKEN cookies

  #55 opened 11 years ago by nomadinjax
  1

• Provide simpler methods to override Authenticator module

  #43 opened 11 years ago by nomadinjax
  3

• Add to default Authenticator ability to implement additional authentication types without overriding default method.

  #41 opened 11 years ago by nomadinjax
  0

• Modify Authenticator and AccessController to isolate data reads/writes to more easily override for DB interaction

  #40 opened 11 years ago by nomadinjax
  1

• Add log4j as alternative Logger

  #54 opened 11 years ago by nomadinjax
  1

• Allow the Date Validators to accept a min/max value for validation

  #29 opened 11 years ago by nomadinjax
  1

• Add getValidBoolean to validator

  #49 opened 11 years ago by nomadinjax
  1

• Convert mock HTTP request, response, session objects to Java

  #50 opened 11 years ago by nomadinjax
  1

• User implementations must be serializable

  #47 opened 11 years ago by nomadinjax
  2

• User serialization not working in Railo

  #52 opened 11 years ago by nomadinjax
  0

• Port the ESAPI SwingSet project files into the GitHub.io site.

  #15 opened 11 years ago by nomadinjax
  2

• Create AccessController documentation

  #51 opened 11 years ago by nomadinjax
  0

• Get 'HTTPUtilitiesTest.testGetFileUploads' unit test passing

  #22 opened 11 years ago by nomadinjax
  0

• EnterpriseSecurityExceptionTest interferes with unit test extending

  #48 opened 11 years ago by nomadinjax
  1

• allow null/blank format argument to getValidDate/getValidNumber

  #46 opened 11 years ago by nomadinjax
  1

• Make getESAPI4JVersion cleaner - no try/catch

  #45 opened 11 years ago by nomadinjax
  2

• ESAPIUserSessionKey is placed into Java Session, not CF Application Session

  #42 opened 11 years ago by nomadinjax
  1

• Context must be accounted for in cookie paths

  #38 opened 11 years ago by nomadinjax
  1

• Get 'UserTest.testLogout' unit test passing

  #19 opened 11 years ago by nomadinjax
  0

• Get 'ExecutorTest.testExecuteWindowsSystemCommand' unit test passing

  #24 opened 11 years ago by nomadinjax
  0

• Get 'HTTPUtilitiesTest.testChangeSessionIdentifier' unit test passing

  #21 opened 11 years ago by nomadinjax
  0

• Get 'ExecutorTest.testExecuteSystemCommand' unit test passing

  #23 opened 11 years ago by nomadinjax
  0

• Railo 4 only: Fix 'Could not initialize class org.owasp.esapi.codecs.Base64' error

  #28 opened 11 years ago by nomadinjax
  2

• Get 'EncoderTest.testEncodeForHTMLAttribute' unit test passing

  #25 opened 11 years ago by nomadinjax
  1

• Get 'EncoderTest.testEncodeForVBScript' unit test passing

  #26 opened 11 years ago by nomadinjax
  1

• None of the 'AccessControllerTest' unit tests are passing

  #20 opened 11 years ago by nomadinjax
  1

• SafeRequest - HTTPParameterName and HTTPParameterValue had hard-coded maxlengths

  #36 opened 11 years ago by nomadinjax
  1

• getSecurity method needs to be public

  #37 opened 11 years ago by nomadinjax
  2

• getValidDate returntype is 'String' - should allow for Date or empty string

  #30 opened 11 years ago by nomadinjax
  2

• DefaultSecurityConfiguration exception "Complex object types cannot be converted to simple values." Line 265

  #35 opened 11 years ago by nomadinjax
  1

• setResourceDirectory value not being picked up

  #34 opened 11 years ago by nomadinjax
  1

• DefaultValidator#assertIsValidHTTPRequest - error cookie.getValue(), should be httpCookie variable

  #33 opened 11 years ago by nomadinjax
  1

• FileBasedAuthenticator#login - try/catch around isSecureChannel that will never catch

  #32 opened 11 years ago by nomadinjax
  1

• Get valid test cases for 'IntegerAccessReferenceMapTest'

  #27 opened 11 years ago by nomadinjax
  2