nxbdi/owasp-esapi-java

Issues

• isValidInput failing for HTTPParameterValue {internalAction:getScreen}

  #343 opened 10 years ago by GoogleCodeExporter
  1

• StringUtilities.union() method is broken, weakens GenerateStrongPassword

  #344 opened 10 years ago by GoogleCodeExporter
  0

• Need to update Apache Commons BeanUtils

  #340 opened 10 years ago by GoogleCodeExporter
  0

• Multiple URLs are not supported by Validator.Redirect

  #341 opened 10 years ago by GoogleCodeExporter
  0

• Duplicates ESAPI_en_US.properties in esapi-2.1.0-dist.zip

  #342 opened 10 years ago by GoogleCodeExporter
  1

• ESAPI configuration files not included in dist.

  #338 opened 10 years ago by GoogleCodeExporter
  0

• SecurityConfiguration for ESAPI.Encoder not found in ESAPI.properties. Using default: org.owasp.esapi.reference.DefaultEncoder

  #339 opened 10 years ago by GoogleCodeExporter
  1

• User session just jumped from unknown to 0:0:0:0:0:0:0:1

  #337 opened 10 years ago by GoogleCodeExporter
  1

• HttpParamtervalue for allowing Xml Data

  #334 opened 10 years ago by GoogleCodeExporter
  0

• HTTPParameterValue

  #335 opened 10 years ago by GoogleCodeExporter
  0

• EncryptedPropertiesUtils Switch for Adding Values

  #336 opened 10 years ago by GoogleCodeExporter
  0

• Performance

  #332 opened 10 years ago by GoogleCodeExporter
  3

• -Log4JLogger.java doesn't output correct file & line number-Similar issue as reported in Issue 268

  #333 opened 10 years ago by GoogleCodeExporter
  0

• logger is gettin class cast exception

  #329 opened 10 years ago by GoogleCodeExporter
  0

• [deleted issue]

  #330 opened 10 years ago by GoogleCodeExporter
  0

• Regex in ESAPI.properties is not considering few of the french characters

  #331 opened 10 years ago by GoogleCodeExporter
  2

• Log4j configuration with no root level causes NPE in Log4jLogger.java

  #327 opened 10 years ago by GoogleCodeExporter
  1

• Content Security Policy - Java Servlet Filter

  #328 opened 10 years ago by GoogleCodeExporter
  0

• StringUtils.union broken which has minor impact on CSRF Protection and random file name generation

  #323 opened 10 years ago by GoogleCodeExporter
  7

• [deleted issue]

  #324 opened 10 years ago by GoogleCodeExporter
  0

• AbstractAccessReferenceMap.addDirectReference not invariant

  #325 opened 10 years ago by GoogleCodeExporter
  0

• setHeader blocks legitimate headers due to header name size limit being too low

  #326 opened 10 years ago by GoogleCodeExporter
  0

• Construct "&" in Validator.URL is simple character class, not reference to ampersand

  #322 opened 10 years ago by GoogleCodeExporter
  0

• ClassCastException during web application redeploy due to the grift logging classes

  #319 opened 10 years ago by GoogleCodeExporter
  1

• ClassCastException on SecurityWrapperResponse

  #320 opened 10 years ago by GoogleCodeExporter
  0

• Patch for /trunk/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java

  #321 opened 10 years ago by GoogleCodeExporter
  1

• RequestRateThrottleFilter may not work as expected with hits=1 or hits=2

  #317 opened 10 years ago by GoogleCodeExporter
  5

• PolicyFactory Sanitize method weird output

  #318 opened 10 years ago by GoogleCodeExporter
  1

• Unsynchronized get method, synchronized set method

  #316 opened 10 years ago by GoogleCodeExporter
  1

• Incorrect Equality test on floating point values

  #313 opened 10 years ago by GoogleCodeExporter
  1

• Resource leak: FileInputStream is not closed on method exit

  #314 opened 10 years ago by GoogleCodeExporter
  1

• Incorrect lazy initialization of static field instance

  #315 opened 10 years ago by GoogleCodeExporter
  1

• ValidatorTest.testIsValidDate fails if default locale is not US

  #310 opened 10 years ago by GoogleCodeExporter
  2

• Deprecate current HttpUtilities.setRememberToken() and replace with one not requiring user password

  #311 opened 10 years ago by GoogleCodeExporter
  0

• Resource leak: This FileReader is not closed on method exit

  #312 opened 10 years ago by GoogleCodeExporter
  0

• ESAPI.properties file not being built / deployed as part of production downloads

  #309 opened 10 years ago by GoogleCodeExporter
  5

• Insecure default configuration for Executor.ApprovedExecutables in ESAPI.properties file

  #307 opened 10 years ago by GoogleCodeExporter
  1

• [deleted issue]

  #308 opened 10 years ago by GoogleCodeExporter
  0

• Crypto MAC by-pass makes default ESAPI symmetric encrytion using CBC mode vulnerable to padding oracle attacks

  #306 opened 10 years ago by GoogleCodeExporter
  14

• Make HTMLValidationRule to look for antisamy-esapi.xml in classpaths

  #304 opened 10 years ago by GoogleCodeExporter
  1

• Double checked locking on Log4JLogFactory.getInstance()

  #305 opened 10 years ago by GoogleCodeExporter
  1

• AuthenticatedUser isCredentialsNonExpired() have todo comment, but default return false;

  #302 opened 10 years ago by GoogleCodeExporter
  0

• Eliminate eclipse code warnings to improve quality

  #303 opened 10 years ago by GoogleCodeExporter
  0

• ClassCastException when using ESAPI logger

  #299 opened 10 years ago by GoogleCodeExporter
  3

• Canonicaling "%Device% changes the meaning of the input string

  #300 opened 10 years ago by GoogleCodeExporter
  0

• Issue with decodeFromURL method in the DefaultEncoder

  #301 opened 10 years ago by GoogleCodeExporter
  0

• HTMLEntityCodec#decode incorrectly decodes upper-case accented letters as their lower-case counterparts

  #296 opened 10 years ago by GoogleCodeExporter
  0

• HTMLEntityCodec destroys 32-bit CJK (Chinese, Japanese and Korean) characters

  #297 opened 10 years ago by GoogleCodeExporter
  1

• encodeForCSS brakes color values

  #298 opened 10 years ago by GoogleCodeExporter
  0

• encodeForHTMLAttribute escapes the forward slash

  #295 opened 10 years ago by GoogleCodeExporter
  0