Investigate possible concurrency issues with modules
Closed this issue · 1 comments
In ESAPI4J v1.x, there were possible concurrency issues mentioned. These were addressed in ESAPI4J v2.x when the main ESAPI class singleton methodology was rewritten.
Since ESAPI4CF is currently based on ESAPI4J v1.x, we need to investigate this possibility. Testing the Encoder would most likely be easiest.
There are concurrency tests for the Encoder in ESAPI4J v2.x code - https://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/test/java/org/owasp/esapi/reference/EncoderTest.java - testConcurrency.
This test should be ported to ESAPI4CF and get it passing. If the new test case uncovers a concurrency issue consider using named locks in the main ESAPI component. NOTE: the issue may only show in CF8 since ESAPI4J v2 should already address this concurrency issue.
Cannot test against CF8 until the code is merged into master.