Changelog for ESAPI 1.4.4 r1064 | schallee@darkmist.net | 2010-01-30 17:55:30 HST Changed paths: M /branches/1.4/src/test/java/org/owasp/esapi/reference/ExecutorTest.java Reimplement existing tests using platform independent properties for the location of java. This should alleviate the need to SYSROOT and the like on windows. I think we're good to remove the windows & unix ones but I'm waiting a bit first. ---------------------------------------------------------------------------- r1063 | manico.james | 2010-01-30 17:55:15 HST Changed paths: M /branches/1.4/documentation/site/jdepend-report.html cleanup ---------------------------------------------------------------------------- r1062 | schallee@darkmist.net | 2010-01-30 17:53:41 HST Changed paths: M /branches/1.4/src/test/java/org/owasp/esapi/util/FileTestUtils.java Several changes including making some internal methods private. Add nonexistantFile method to get a file that is non-existant. ---------------------------------------------------------------------------- r1061 | manico.james | 2010-01-30 17:52:25 HST Changed paths: M /branches/1.4/documentation/site/css/maven-base.css M /branches/1.4/documentation/site/css/maven-theme.css M /branches/1.4/documentation/site/css/print.css style fix ---------------------------------------------------------------------------- r1060 | manico.james | 2010-01-30 17:48:35 HST Changed paths: M /branches/1.4/documentation/site/jdepend-report.html cleanup ---------------------------------------------------------------------------- r1059 | manico.james | 2010-01-30 17:46:57 HST Changed paths: D /branches/1.4/documentation/site/site cleanup ---------------------------------------------------------------------------- r1058 | manico.james | 2010-01-30 17:44:58 HST Changed paths: D /branches/1.4/documentation/site/site/css cleanup ---------------------------------------------------------------------------- r1057 | manico.james | 2010-01-30 17:44:04 HST Changed paths: D /branches/1.4/documentation/site/site/images/logos/maven-feather.png D /branches/1.4/documentation/site/site/jdepend-report.html cleanup ---------------------------------------------------------------------------- r1056 | manico.james | 2010-01-30 17:43:16 HST Changed paths: D /branches/1.4/documentation/site/site/images/add.gif D /branches/1.4/documentation/site/site/images/collapsed.gif D /branches/1.4/documentation/site/site/images/expanded.gif D /branches/1.4/documentation/site/site/images/external-classic.png D /branches/1.4/documentation/site/site/images/external.png D /branches/1.4/documentation/site/site/images/file.gif D /branches/1.4/documentation/site/site/images/fix.gif D /branches/1.4/documentation/site/site/images/folder-closed.gif D /branches/1.4/documentation/site/site/images/folder-open.gif D /branches/1.4/documentation/site/site/images/help_logo.gif D /branches/1.4/documentation/site/site/images/icon_alert.gif D /branches/1.4/documentation/site/site/images/icon_alertsml.gif D /branches/1.4/documentation/site/site/images/icon_arrowfolder1_sml.gif D /branches/1.4/documentation/site/site/images/icon_arrowfolder2_sml.gif D /branches/1.4/documentation/site/site/images/icon_arrowfolderclosed1_sml.gif D /branches/1.4/documentation/site/site/images/icon_arrowfolderopen2_sml.gif D /branches/1.4/documentation/site/site/images/icon_arrowmembers1_sml.gif D /branches/1.4/documentation/site/site/images/icon_arrowmembers2_sml.gif D /branches/1.4/documentation/site/site/images/icon_arrowusergroups1_sml.gif D /branches/1.4/documentation/site/site/images/icon_arrowusergroups2_sml.gif D /branches/1.4/documentation/site/site/images/icon_arrowwaste1_sml.gif D /branches/1.4/documentation/site/site/images/icon_arrowwaste2_sml.gif D /branches/1.4/documentation/site/site/images/icon_confirmsml.gif D /branches/1.4/documentation/site/site/images/icon_doc_lrg.gif D /branches/1.4/documentation/site/site/images/icon_doc_sml.gif D /branches/1.4/documentation/site/site/images/icon_error_lrg.gif D /branches/1.4/documentation/site/site/images/icon_error_sml.gif D /branches/1.4/documentation/site/site/images/icon_folder_lrg.gif D /branches/1.4/documentation/site/site/images/icon_folder_sml.gif D /branches/1.4/documentation/site/site/images/icon_help_lrg.gif D /branches/1.4/documentation/site/site/images/icon_help_sml.gif D /branches/1.4/documentation/site/site/images/icon_info_lrg.gif D /branches/1.4/documentation/site/site/images/icon_info_sml.gif D /branches/1.4/documentation/site/site/images/icon_infosml.gif D /branches/1.4/documentation/site/site/images/icon_members_lrg.gif D /branches/1.4/documentation/site/site/images/icon_members_sml.gif D /branches/1.4/documentation/site/site/images/icon_sortdown.gif D /branches/1.4/documentation/site/site/images/icon_sortleft.gif D /branches/1.4/documentation/site/site/images/icon_sortright.gif D /branches/1.4/documentation/site/site/images/icon_sortup.gif D /branches/1.4/documentation/site/site/images/icon_success_lrg.gif D /branches/1.4/documentation/site/site/images/icon_success_sml.gif D /branches/1.4/documentation/site/site/images/icon_usergroups_lrg.gif D /branches/1.4/documentation/site/site/images/icon_usergroups_sml.gif D /branches/1.4/documentation/site/site/images/icon_warning_lrg.gif D /branches/1.4/documentation/site/site/images/icon_warning_sml.gif D /branches/1.4/documentation/site/site/images/icon_waste_lrg.gif D /branches/1.4/documentation/site/site/images/icon_waste_sml.gif D /branches/1.4/documentation/site/site/images/newwindow-classic.png D /branches/1.4/documentation/site/site/images/newwindow.png D /branches/1.4/documentation/site/site/images/none.png D /branches/1.4/documentation/site/site/images/nw_maj.gif D /branches/1.4/documentation/site/site/images/nw_maj_hi.gif D /branches/1.4/documentation/site/site/images/nw_maj_rond.gif D /branches/1.4/documentation/site/site/images/nw_med.gif D /branches/1.4/documentation/site/site/images/nw_med_hi.gif D /branches/1.4/documentation/site/site/images/nw_med_rond.gif D /branches/1.4/documentation/site/site/images/nw_min.gif D /branches/1.4/documentation/site/site/images/nw_min_036.gif D /branches/1.4/documentation/site/site/images/nw_min_hi.gif D /branches/1.4/documentation/site/site/images/pdf.gif D /branches/1.4/documentation/site/site/images/poweredby_036.gif D /branches/1.4/documentation/site/site/images/product_logo.gif D /branches/1.4/documentation/site/site/images/remove.gif D /branches/1.4/documentation/site/site/images/se_maj_rond.gif D /branches/1.4/documentation/site/site/images/strich.gif D /branches/1.4/documentation/site/site/images/sw_maj_rond.gif D /branches/1.4/documentation/site/site/images/sw_med_rond.gif D /branches/1.4/documentation/site/site/images/sw_min.gif D /branches/1.4/documentation/site/site/images/update.gif cleanup ---------------------------------------------------------------------------- r1055 | manico.james | 2010-01-30 17:41:22 HST Changed paths: A /branches/1.4/documentation/site/jdepend-report.html cleanup ---------------------------------------------------------------------------- r1054 | manico.james | 2010-01-30 17:41:08 HST Changed paths: A /branches/1.4/documentation/site/css R /branches/1.4/documentation/site/css/maven-base.css R /branches/1.4/documentation/site/css/maven-theme.css R /branches/1.4/documentation/site/css/print.css A /branches/1.4/documentation/site/images cleanup ---------------------------------------------------------------------------- r1053 | manico.james | 2010-01-30 17:39:51 HST Changed paths: M /branches/1.4/documentation/site/site/css/maven-base.css M /branches/1.4/documentation/site/site/css/maven-theme.css M /branches/1.4/documentation/site/site/css/print.css style fix ---------------------------------------------------------------------------- r1052 | manico.james | 2010-01-30 17:37:38 HST Changed paths: M /branches/1.4/documentation/site/site/jdepend-report.html style fix ---------------------------------------------------------------------------- r1051 | manico.james | 2010-01-30 17:35:15 HST Changed paths: M /branches/1.4/documentation/site/site/jdepend-report.html make sure it renders via direct browsing ---------------------------------------------------------------------------- r1050 | manico.james | 2010-01-30 17:34:40 HST Changed paths: D /branches/1.4/documentation/jdepend-report.xml not needed, we have HTML version ---------------------------------------------------------------------------- r1049 | manico.james | 2010-01-30 17:34:19 HST Changed paths: D /branches/1.4/documentation/site/jdepend-report.xml not needed, we have HTML version ---------------------------------------------------------------------------- r1048 | manico.james | 2010-01-30 17:33:45 HST Changed paths: A /branches/1.4/documentation/site A /branches/1.4/documentation/site/jdepend-report.xml A /branches/1.4/documentation/site/site A /branches/1.4/documentation/site/site/css A /branches/1.4/documentation/site/site/css/maven-base.css A /branches/1.4/documentation/site/site/css/maven-theme.css A /branches/1.4/documentation/site/site/css/print.css A /branches/1.4/documentation/site/site/images A /branches/1.4/documentation/site/site/images/add.gif A /branches/1.4/documentation/site/site/images/collapsed.gif A /branches/1.4/documentation/site/site/images/expanded.gif A /branches/1.4/documentation/site/site/images/external-classic.png A /branches/1.4/documentation/site/site/images/external.png A /branches/1.4/documentation/site/site/images/file.gif A /branches/1.4/documentation/site/site/images/fix.gif A /branches/1.4/documentation/site/site/images/folder-closed.gif A /branches/1.4/documentation/site/site/images/folder-open.gif A /branches/1.4/documentation/site/site/images/help_logo.gif A /branches/1.4/documentation/site/site/images/icon_alert.gif A /branches/1.4/documentation/site/site/images/icon_alertsml.gif A /branches/1.4/documentation/site/site/images/icon_arrowfolder1_sml.gif A /branches/1.4/documentation/site/site/images/icon_arrowfolder2_sml.gif A /branches/1.4/documentation/site/site/images/icon_arrowfolderclosed1_sml.gif A /branches/1.4/documentation/site/site/images/icon_arrowfolderopen2_sml.gif A /branches/1.4/documentation/site/site/images/icon_arrowmembers1_sml.gif A /branches/1.4/documentation/site/site/images/icon_arrowmembers2_sml.gif A /branches/1.4/documentation/site/site/images/icon_arrowusergroups1_sml.gif A /branches/1.4/documentation/site/site/images/icon_arrowusergroups2_sml.gif A /branches/1.4/documentation/site/site/images/icon_arrowwaste1_sml.gif A /branches/1.4/documentation/site/site/images/icon_arrowwaste2_sml.gif A /branches/1.4/documentation/site/site/images/icon_confirmsml.gif A /branches/1.4/documentation/site/site/images/icon_doc_lrg.gif A /branches/1.4/documentation/site/site/images/icon_doc_sml.gif A /branches/1.4/documentation/site/site/images/icon_error_lrg.gif A /branches/1.4/documentation/site/site/images/icon_error_sml.gif A /branches/1.4/documentation/site/site/images/icon_folder_lrg.gif A /branches/1.4/documentation/site/site/images/icon_folder_sml.gif A /branches/1.4/documentation/site/site/images/icon_help_lrg.gif A /branches/1.4/documentation/site/site/images/icon_help_sml.gif A /branches/1.4/documentation/site/site/images/icon_info_lrg.gif A /branches/1.4/documentation/site/site/images/icon_info_sml.gif A /branches/1.4/documentation/site/site/images/icon_infosml.gif A /branches/1.4/documentation/site/site/images/icon_members_lrg.gif A /branches/1.4/documentation/site/site/images/icon_members_sml.gif A /branches/1.4/documentation/site/site/images/icon_sortdown.gif A /branches/1.4/documentation/site/site/images/icon_sortleft.gif A /branches/1.4/documentation/site/site/images/icon_sortright.gif A /branches/1.4/documentation/site/site/images/icon_sortup.gif A /branches/1.4/documentation/site/site/images/icon_success_lrg.gif A /branches/1.4/documentation/site/site/images/icon_success_sml.gif A /branches/1.4/documentation/site/site/images/icon_usergroups_lrg.gif A /branches/1.4/documentation/site/site/images/icon_usergroups_sml.gif A /branches/1.4/documentation/site/site/images/icon_warning_lrg.gif A /branches/1.4/documentation/site/site/images/icon_warning_sml.gif A /branches/1.4/documentation/site/site/images/icon_waste_lrg.gif A /branches/1.4/documentation/site/site/images/icon_waste_sml.gif A /branches/1.4/documentation/site/site/images/logos A /branches/1.4/documentation/site/site/images/logos/maven-feather.png A /branches/1.4/documentation/site/site/images/newwindow-classic.png A /branches/1.4/documentation/site/site/images/newwindow.png A /branches/1.4/documentation/site/site/images/none.png A /branches/1.4/documentation/site/site/images/nw_maj.gif A /branches/1.4/documentation/site/site/images/nw_maj_hi.gif A /branches/1.4/documentation/site/site/images/nw_maj_rond.gif A /branches/1.4/documentation/site/site/images/nw_med.gif A /branches/1.4/documentation/site/site/images/nw_med_hi.gif A /branches/1.4/documentation/site/site/images/nw_med_rond.gif A /branches/1.4/documentation/site/site/images/nw_min.gif A /branches/1.4/documentation/site/site/images/nw_min_036.gif A /branches/1.4/documentation/site/site/images/nw_min_hi.gif A /branches/1.4/documentation/site/site/images/pdf.gif A /branches/1.4/documentation/site/site/images/poweredby_036.gif A /branches/1.4/documentation/site/site/images/product_logo.gif A /branches/1.4/documentation/site/site/images/remove.gif A /branches/1.4/documentation/site/site/images/se_maj_rond.gif A /branches/1.4/documentation/site/site/images/strich.gif A /branches/1.4/documentation/site/site/images/sw_maj_rond.gif A /branches/1.4/documentation/site/site/images/sw_med_rond.gif A /branches/1.4/documentation/site/site/images/sw_min.gif A /branches/1.4/documentation/site/site/images/update.gif A /branches/1.4/documentation/site/site/jdepend-report.html 1.4.4 final! ---------------------------------------------------------------------------- r1047 | manico.james | 2010-01-30 13:10:47 HST Changed paths: A /branches/1.4/documentation/jdepend-report.xml dependencies ---------------------------------------------------------------------------- r1046 | manico.james | 2010-01-30 13:09:37 HST Changed paths: M /branches/1.4/pom.xml updating version to 1.4.4 in prep for release ---------------------------------------------------------------------------- r1045 | manico.james | 2010-01-30 12:59:37 HST Changed paths: M /branches/1.4/.classpath A /branches/1.4/src/test R /branches/1.4/src/test/java R /branches/1.4/src/test/java/org R /branches/1.4/src/test/java/org/owasp R /branches/1.4/src/test/java/org/owasp/esapi R /branches/1.4/src/test/java/org/owasp/esapi/AllTests.java R /branches/1.4/src/test/java/org/owasp/esapi/ESAPITest.java R /branches/1.4/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java R /branches/1.4/src/test/java/org/owasp/esapi/codecs R /branches/1.4/src/test/java/org/owasp/esapi/codecs/CSSCodecTest.java R /branches/1.4/src/test/java/org/owasp/esapi/codecs/CodecTest.java R /branches/1.4/src/test/java/org/owasp/esapi/codecs/HashTrieTest.java R /branches/1.4/src/test/java/org/owasp/esapi/codecs/XMLEntityCodecTest.java R /branches/1.4/src/test/java/org/owasp/esapi/errors R /branches/1.4/src/test/java/org/owasp/esapi/errors/EnterpriseSecurityExceptionTest.java R /branches/1.4/src/test/java/org/owasp/esapi/filters R /branches/1.4/src/test/java/org/owasp/esapi/filters/ESAPIFilterTest.java R /branches/1.4/src/test/java/org/owasp/esapi/http R /branches/1.4/src/test/java/org/owasp/esapi/http/TestFilterChain.java R /branches/1.4/src/test/java/org/owasp/esapi/http/TestHttpServletRequest.java R /branches/1.4/src/test/java/org/owasp/esapi/http/TestHttpServletResponse.java R /branches/1.4/src/test/java/org/owasp/esapi/http/TestHttpSession.java R /branches/1.4/src/test/java/org/owasp/esapi/http/TestRequestDispatcher.java R /branches/1.4/src/test/java/org/owasp/esapi/http/TestServletInputStream.java R /branches/1.4/src/test/java/org/owasp/esapi/http/package.html R /branches/1.4/src/test/java/org/owasp/esapi/reference R /branches/1.4/src/test/java/org/owasp/esapi/reference/AccessControllerTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/AccessReferenceMapTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/EncoderTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/EncryptedPropertiesTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/EncryptorTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/ExecutorTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/IntegerAccessReferenceMapTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/IntrusionDetectorTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/LoggerTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/RandomizerTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/SafeFileTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/UserTest.java R /branches/1.4/src/test/java/org/owasp/esapi/reference/ValidatorTest.java R /branches/1.4/src/test/java/org/owasp/esapi/util R /branches/1.4/src/test/java/org/owasp/esapi/util/FileTestUtils.java R /branches/1.4/src/test/resources R /branches/1.4/src/test/resources/DataAccessRules.txt R /branches/1.4/src/test/resources/ESAPI.properties R /branches/1.4/src/test/resources/FileAccessRules.txt R /branches/1.4/src/test/resources/FunctionAccessRules.txt R /branches/1.4/src/test/resources/ServiceAccessRules.txt R /branches/1.4/src/test/resources/URLAccessRules.txt R /branches/1.4/src/test/resources/antisamy-esapi.xml R /branches/1.4/src/test/resources/keystore R /branches/1.4/src/test/resources/test.properties R /branches/1.4/src/test/resources/testupload.txt R /branches/1.4/src/test/resources/testupload.txt37082 R /branches/1.4/src/test/resources/testupload.txt44847 R /branches/1.4/src/test/resources/users.txt D /branches/1.4/src/test-files undoing unit test move ---------------------------------------------------------------------------- r1044 | manico.james | 2010-01-30 12:51:46 HST Changed paths: M /branches/1.4/.classpath classpath fix for test file move ---------------------------------------------------------------------------- r1043 | manico.james | 2010-01-30 12:47:00 HST Changed paths: D /branches/1.4/src/test A /branches/1.4/src/test-files moving to test-files directory so javadoc will ignore it ---------------------------------------------------------------------------- r1040 | schallee@darkmist.net | 2010-01-30 10:12:19 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/tags/BaseEncodeTag.java M /branches/1.4/src/main/java/org/owasp/esapi/tags/EncodeForBase64Tag.java M /branches/1.4/src/main/java/org/owasp/esapi/tags/EncodeForURLTag.java Change to use initCause on exceptions so it's compatible with servlet 2.3. ---------------------------------------------------------------------------- r1039 | manico.james | 2010-01-29 18:43:31 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/reference/DefaultValidator.java fixing isValidDouble ---------------------------------------------------------------------------- r1038 | schallee@darkmist.net | 2010-01-29 18:13:42 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/filters/SafeRequest.java Apparently no one ever called this method. Fix to return a real String[] before casting... Thanks find bugs! ---------------------------------------------------------------------------- r1037 | schallee@darkmist.net | 2010-01-29 18:10:20 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java Remove necessary static from resourceDirectory and fix two places where it was referred to staticly needlessly. ---------------------------------------------------------------------------- r1036 | schallee@darkmist.net | 2010-01-29 18:02:44 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/codecs/HashTrie.java The "ack! where'd my '=' go?" commit. ---------------------------------------------------------------------------- r1035 | schallee@darkmist.net | 2010-01-29 17:56:21 HST Changed paths: M /branches/1.4/src/test/java/org/owasp/esapi/reference/ExecutorTest.java Add test using java as the executable from java.home in initial work to move away from hard coded system paths in windows. ---------------------------------------------------------------------------- r1034 | schallee@darkmist.net | 2010-01-29 17:55:20 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/codecs/HashTrie.java dereference before null check fix ---------------------------------------------------------------------------- r1032 | manico.james | 2010-01-29 17:38:43 HST Changed paths: M /branches/1.4/pom.xml update to mailing lists ---------------------------------------------------------------------------- r1027 | manico.james | 2010-01-29 15:55:37 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/ValidationErrorList.java M /branches/1.4/src/main/java/org/owasp/esapi/codecs/OracleCodec.java M /branches/1.4/src/main/java/org/owasp/esapi/reference/DefaultValidator.java M /branches/1.4/src/main/java/org/owasp/esapi/reference/Log4JLogFactory.java email address update ---------------------------------------------------------------------------- r1025 | manico.james | 2010-01-28 18:25:57 HST Changed paths: M /branches/1.4/pom.xml 1.4.4 rc6 pom update ---------------------------------------------------------------------------- r1024 | manico.james | 2010-01-28 18:22:56 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java make file io loading of properties file happen before classapth loading ---------------------------------------------------------------------------- r1023 | manico.james | 2010-01-28 18:22:23 HST Changed paths: M /branches/1.4/.settings/org.eclipse.jdt.core.prefs A /branches/1.4/.settings/org.eclipse.jdt.ui.prefs forcing settings to SPACES not TABS ---------------------------------------------------------------------------- r1022 | manico.james | 2010-01-28 16:13:59 HST Changed paths: M /branches/1.4/src/main/resources/ESAPI.properties M /branches/1.4/src/test/resources/ESAPI.properties small clarification ---------------------------------------------------------------------------- r1021 | manico.james | 2010-01-28 12:13:53 HST Changed paths: M /branches/1.4/pom.xml 1.4.4 rc5 pom update ---------------------------------------------------------------------------- r1020 | manico.james | 2010-01-28 12:12:02 HST Changed paths: M /branches/1.4/pom.xml M /branches/1.4/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java 1.4.4 rc5 ---------------------------------------------------------------------------- r1019 | manico.james | 2010-01-27 20:07:01 HST Changed paths: M /branches/1.4/pom.xml added jdepend ---------------------------------------------------------------------------- r1017 | manico.james | 2010-01-27 19:45:09 HST Changed paths: M /branches/1.4/pom.xml M /branches/1.4/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java 1.4.4 rc4 final ---------------------------------------------------------------------------- r1016 | manico.james | 2010-01-27 19:30:49 HST Changed paths: M /branches/1.4/pom.xml bump pom to 1.4.4 rc3 ---------------------------------------------------------------------------- r1015 | manico.james | 2010-01-27 19:28:14 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java classloading code new cycles through all all classloading types for each file/directory structure possibility ---------------------------------------------------------------------------- r1014 | manico.james | 2010-01-27 18:16:12 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java attempting Thread.currentThread().getContextClassLoader() if getClass().getClassLoader() fails. ---------------------------------------------------------------------------- r1013 | manico.james | 2010-01-27 17:39:32 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java tab to space cleanup ---------------------------------------------------------------------------- r1012 | manico.james | 2010-01-27 17:35:09 HST Changed paths: M /branches/1.4/.classpath M /branches/1.4/.project M /branches/1.4/.settings/org.eclipse.jdt.core.prefs M /branches/1.4/pom.xml M /branches/1.4/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java M /branches/1.4/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java rewrote resource writing code, ESAPI 1.4.4 rc2 final ---------------------------------------------------------------------------- r1010 | schallee@darkmist.net | 2010-01-27 16:02:40 HST Changed paths: M /branches/1.4/src/test/java/org/owasp/esapi/util/FileTestUtils.java Switch from SecureRandom to Random seeded by SecureRandom. ---------------------------------------------------------------------------- r1009 | manico.james | 2010-01-27 14:54:49 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java rolling back the fix to the space issue in filepaths for property file loading. ---------------------------------------------------------------------------- r1008 | schallee@darkmist.net | 2010-01-26 17:22:42 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/codecs/PushbackString.java M /branches/1.4/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java M /branches/1.4/src/test/java/org/owasp/esapi/reference/EncoderTest.java Port canonicalization from 2.0 to 1.4. Port tests as well. This, I believe, fixes the last failing unit test in 1.4. Also add PushbackString#toString() for easier debugging. ---------------------------------------------------------------------------- r1007 | schallee@darkmist.net | 2010-01-26 06:41:05 HST Changed paths: M /branches/1.4/pom.xml Since 1.4.3 is out, fix version to 1.4.4-SNAPSHOT... ---------------------------------------------------------------------------- r1006 | schallee@darkmist.net | 2010-01-26 06:39:14 HST Changed paths: M /branches/1.4/src/main/java/org/owasp/esapi/HTTPUtilities.java M /branches/1.4/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java M /branches/1.4/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java M /branches/1.4/src/main/java/org/owasp/esapi/codecs/HashTrie.java M /branches/1.4/src/main/java/org/owasp/esapi/codecs/PercentCodec.java M /branches/1.4/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java M /branches/1.4/src/main/java/org/owasp/esapi/filters/SafeRequest.java M /branches/1.4/src/main/java/org/owasp/esapi/reference/FileBasedAccessController.java M /branches/1.4/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java M /branches/1.4/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java M /branches/1.4/src/test/java/org/owasp/esapi/codecs/CSSCodecTest.java M /branches/1.4/src/test/java/org/owasp/esapi/codecs/HashTrieTest.java M /branches/1.4/src/test/java/org/owasp/esapi/codecs/XMLEntityCodecTest.java M /branches/1.4/src/test/java/org/owasp/esapi/http/TestHttpSession.java M /branches/1.4/src/test/java/org/owasp/esapi/reference/EncoderTest.java M /branches/1.4/src/test/java/org/owasp/esapi/reference/EncryptedPropertiesTest.java M /branches/1.4/src/test/java/org/owasp/esapi/reference/EncryptorTest.java M /branches/1.4/src/test/java/org/owasp/esapi/reference/SafeFileTest.java M /branches/1.4/src/test/java/org/owasp/esapi/util/FileTestUtils.java Lots of little fixes for compiler warnings in eclipse in the 1.4 branch. There are still a lot but now there are less... ---------------------------------------------------------------------------- Changelog for ESAPI 1.4.3 r1000 | manico.james | 2010-01-24 11:07:43 HST code comment clarification for order of property file loading ---------------------------------------------------------------------------- r997 | manico.james | 2010-01-23 21:52:42 HST if .esapi folder not found or does not contain ESAPI.properties, look for a directory named 'resources' on the classpath ---------------------------------------------------------------------------- r978 | schallee@darkmist.net | 2010-01-21 08:31:11 HST Unit test for previous commit. ---------------------------------------------------------------------------- r977 | schallee@darkmist.net | 2010-01-21 08:15:35 HST Handle null from getResource when a resource is not found. Instead of a NPE being thrown, a FileNotFoundException is which is inline with the javadocs for the method that say a IOException is thrown "If the file cannot be found or opended for reading." ---------------------------------------------------------------------------- r976 | schallee@darkmist.net | 2010-01-21 08:13:23 HST Change version from 1.4.2 to 1.4.3-SNAPSHOT so a stray mvn install doesn't mess up local repositories. ---------------------------------------------------------------------------- r973 | schallee@darkmist.net | 2010-01-18 03:58:31 HST Add wrapped getDisableIntrusionDetection() and change to concrete instead of abstract so missing methods cause compilation errors with this instead of subclasses of it (not that direct instances of this class are very useful...). ---------------------------------------------------------------------------- Changelog for ESAPI 1.4.2 r928 | manico.james | 2010-01-14 12:43:11 HST validation doc cleanup ---------------------------------------------------------------------------- r951 | manico.james | 2010-01-17 13:41:00 HST undoing the 2.0->1.4 Encoder changes ---------------------------------------------------------------------------- r955 | manico.james | 2010-01-17 15:29:03 HST properly defaulting intrusion detection disabling to false ---------------------------------------------------------------------------- r971 | manico.james | 2010-01-18 00:36:40 HST pom now titled 1.4.2 ---------------------------------------------------------------------------- r944 | manico.james | 2010-01-16 15:42:47 HST normalize removed from codebase completely ---------------------------------------------------------------------------- r940 | manico.james | 2010-01-16 00:43:55 HST http://code.google.com/p/owasp-esapi-java/issues/detail?id=90 backported to the 1.4 branch ---------------------------------------------------------------------------- r926 | manico.james | 2010-01-13 14:58:20 HST documentation cleanup for validation ---------------------------------------------------------------------------- r953 | manico.james | 2010-01-17 14:41:54 HST deprecating encrypt/decrypt functions due to weak crypto ---------------------------------------------------------------------------- r956 | manico.james | 2010-01-17 15:49:29 HST cleanup of new intrusion disable code ---------------------------------------------------------------------------- r950 | manico.james | 2010-01-17 12:09:15 HST backported the entire 1.5 encoder mechanism back to 1.4 ---------------------------------------------------------------------------- r965 | manico.james | 2010-01-17 19:58:51 HST backported spaces in resource paths per 1.5 changes ---------------------------------------------------------------------------- r942 | schallee@darkmist.net | 2010-01-16 09:19:16 HST Use the "basedir" system property to find the src/test/resources directory containing the config files for tests. ---------------------------------------------------------------------------- r946 | manico.james | 2010-01-16 16:53:23 HST Removing System.out.printlns ---------------------------------------------------------------------------- r930 | schallee@darkmist.net | 2010-01-15 03:39:18 HST Remove unneeded cast to DefaultSecurityConfiguration which also prevents other implementations of SecurityConfiguration from working. Note that this was previously fixed in the 2.0 branch. ---------------------------------------------------------------------------- r948 | schallee@darkmist.net | 2010-01-17 12:04:31 HST Make patterns private static in SafeFile instead of one per instance. Remove some more characters from the tests so that it passes as is in windows. SafeFile needs work but now isn't the time for it. ---------------------------------------------------------------------------- r934 | schallee@darkmist.net | 2010-01-15 11:34:55 HST Lots of changes to rather broken tests in SafeFileTest. Tests that were testing java.io.File were modified to actually test SafeFile or removed. Further, printing of test results and not using junit was fixed. As there haven't been major changes to SafeFile this change to SafeFileTest will be commited to the 2.0 branch as well. ---------------------------------------------------------------------------- r938 | schallee@darkmist.net | 2010-01-15 19:18:16 HST Fixes for Encryptedproperties, DefaultEncryptedProperties and EncryptedPropertiesTest in 1.4. These will be migrated to 2.0 in my next commit. Modify DefaultEncrypedProperties#getProperty(String) to return null when the key does not exist. This is more inline with what users will expect as it is what java.util.Properties#getProperty(String) does. Previously this would throw a NullPointerException in Base64#decode(String) when it tried to decode null which was confusing at best. Modify javadoc for EncryptedProperties#getProperty(String) to define the expected behavior in the case of a non-existent key. Add EncryptedPropertiesTest#testNonExistantKey() to test the behavior of non-existent keys in isolation. Modify EncryptedPropertiesTest#testGetProperty() to not expect an Exception to be thrown in the case of a non-existant key. Modify EncrypedPropertiesTest#testKeySet() to not depend on the order of the keys in the key set. Combine EncrypedPropertiesTest#testStore() and EncryptedPropertiesTest#testLoad() into EncryptedProperties#testStoreLoad() as testLoad() depended on testStore() running first which I'm not sure junit/surefire guarantees. Also modify to write to and read from a byte array input and output stream to avoid managing a temporary file. Remove EncryptedProperties#main(String[]) as it wasn't worth porting the above to it and mvn -Dtest=EncryptedPropertiesTest test is functionally equivalent to what was originally desired. I think that's all... ---------------------------------------------------------------------------- r931 | schallee@darkmist.net | 2010-01-15 03:42:05 HST Fix unix test that expects /bin/sh to be a directory. Note that this was also previously fixed in the 2.0 branch. ---------------------------------------------------------------------------- r932 | schallee@darkmist.net | 2010-01-15 03:45:08 HST Fix unix test in a similar fashion to how it was fixed in the 2.0 branch. This required the reimplemnentation/backport of SecurityConfigurationWrapper for 1.4 as well. ---------------------------------------------------------------------------- r945 | manico.james | 2010-01-16 16:51:34 HST Fix to filepath validation including relevant unit tests. ---------------------------------------------------------------------------- r933 | schallee@darkmist.net | 2010-01-15 03:48:25 HST Fix HTTPUtilitiesTest that was trying to use the resources directory which was null causing a NPE. This also adds some file test utilities for creating temporary directories and recursively removing them. This may be worth forwarding to 2.0 at some point to help cleanup other file based unit tests there as well. ---------------------------------------------------------------------------- r941 | schallee@darkmist.net | 2010-01-16 08:15:42 HST Change the CSS encoding in 1.4 to be like the version in 2.0. Update the EncoderTest to handle this change. ---------------------------------------------------------------------------- r936 | schallee@darkmist.net | 2010-01-15 17:47:48 HST Change setCurrentHTTP to not attempt to wrap a null request or null response. ---------------------------------------------------------------------------- r954 | manico.james | 2010-01-17 15:00:10 HST Allows for complete disabling of the ESAPI intrusion detector. Reference implementation ESAPI.properties defaults intrusion detection to ON. ---------------------------------------------------------------------------- r947 | schallee@darkmist.net | 2010-01-17 06:33:50 HST Add commented sections of pom.xml and external-1.4-jdk.txt containing information on how to have Maven compile and run tests with an external 1.4 JDK. ---------------------------------------------------------------------------- r880 | schallee@darkmist.net | 2009-12-07 12:50:29 HST Backport current JSP tag libraries from 2.0rcs to 1.4.1rcs No changes were needed. ---------------------------------------------------------------------------- r881 | schallee@darkmist.net | 2009-12-07 12:53:53 HST Change version of Junit library to 3.8.1 instead of 4.4. ESAPI 1.4 is targeted at Java 1.4 and Junit 4 requires Java 1.5 (aka 5.0). This change allows tests to build with a Java 1.4 compiler. ---------------------------------------------------------------------------- r902 | schallee@darkmist.net | 2009-12-08 12:11:30 HST Remove use of sun proprietary normalize method. This breaks this method's functionality which I do not like. However, this is what has been done in the 2.0 branch. There is code commented out in the 2.0 branch to use the new java.text.Normalize however that is only available in 1.6. To make matters worse, the interface to the sun proprietary version has changed and, as is, this will not compile with latter jdks (at least 1.6). I am adding a issue to document and remind us about this. ---------------------------------------------------------------------------- r903 | schallee@darkmist.net | 2009-12-08 12:28:03 HST Big nasty patch to back port the XMLEntityCodec to 1.4. This includes most of the functionality needed for the HTMLCodec fix which is next. This includes codec.HashTrieTest, util.NullSafe and util.CollectionsUtil. Two new classes have been added: codec.AbstractCodec: This is a base abstract codec.Codec implementation to ease porting. In 1.4 Codec is a interface and in 2.0 it is a abstract class. Ports back to 1.4 ca use AbstractCodec as their base instead. util.PrimWrap: This is a simple class to wrap primitives in their java.lang classes. This is here to help back porting of auto boxing code from the 2.0 branch. By using this instead of new Character(), etc we can easily implement our own fly weight caching of these objects as 1.5 does in it's auto boxing if and when the overhead incurred in creating new objects each time becomes a issue. ---------------------------------------------------------------------------- r910 | schallee@darkmist.net | 2009-12-13 16:07:55 HST CSSCodec: fix issues with backslash self for hex digits (issue 77) split out tests from CodecTest add tests to verify lack of regression for issue 77 change to not encode alphanumerics HTMLEntityCodec: fix theta/thetasym issues with decoding by backporting 2.0 fix (issue 45) JavaScriptCodec: fix corner case which would throw a IndexOutOfBoundsException (issue 78) changed massive if (a) ret, if(b) ret, to switch statement PercentCodec: back port percent codec fixes for issue 75 CodecTest: back ported to 1.4 modify some tests to work with 1.4 as 1.4 encodes somethings differently I think that's all... ---------------------------------------------------------------------------- r911 | schallee@darkmist.net | 2009-12-13 17:10:02 HST Fix issue 15 by extending HttpServlet{Request,Response}Wrapper instead of just implementing HttpServlet{Request,Response}. As this change only changes this classes super class (no longer java.lang.Object) and the interfaces are the same this shouldn't cause existing code issues. This does fix the problem where containers expect to be able to unwrap their original request in the wrapped one. ---------------------------------------------------------------------------- r912 | schallee@darkmist.net | 2009-12-13 17:37:11 HST HashTrieTest#testValues() was throwing a ClassCastException in the sort. It turns out Boolean is not Comparable in 1.4 but is in 1.5. This has been changed to Integer in the 1.4 branch. ---------------------------------------------------------------------------- r913 | schallee@darkmist.net | 2009-12-13 18:12:09 HST CSSCodec: switch back to back slash self for printable ascii EncoderTest: fix tests that got messed up by back ports and such normalize still fails but this is known (issue 74) double encoding fails and needs checking ---------------------------------------------------------------------------- Changelog for ESAPI 1.4.1 1) Fix to OracleCodec and MySQL codec. Defaults to basic encoding so ' encodes to '' and '' decodes to ' 2) Added support for Log4J Log Factory by setting LogDefaultLog4J=true in ESAPI.properties