loading from the root of the application was broken #489
Conversation
|
Sorry for the whitespace changes. It seems, that my eclipse is doing weird things :-( |
There was a problem hiding this comment.
Also, general comment: Make sure your file modifications are saved using UTF-8 encoding with only newlines for the line terminator (i.e., UNIX style line terminators). We have tried to standardize on tabsize of 4 with tabs expanded to spaces as well. It helps if you have this in your $HOME/.gitconfig file:
[core]
autocrlf = input
src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
Show resolved
Hide resolved
|
|
||
| RESOURCE_DIRECTORY("resourceDirectory/"), | ||
| SRC_MAIN_RESOURCES("src/main/resources/"), | ||
| ROOT(""), |
There was a problem hiding this comment.
@xeno6696 Can you confirm that this is the correct value?
There was a problem hiding this comment.
Doesn’t look right. I would have just restored the value I clobbered in the if block
There was a problem hiding this comment.
Unfortunately it is the right value. As you can read here:
http://www.thinkplexx.com/learn/howto/java/system/java-resource-loading-explained-absolute-and-relative-names-difference-between-classloader-and-class-resource-loading
"There are ClassLoader.getResource() and Class.getResource() and they work differently [...] The name should not have a leading “/”."
Please also check the new added test in DefaultSecurityConfigurationTest.
There was a problem hiding this comment.
@JoergAdler Sorry for the delay. My concern is that what you did here, isn't what was done in the past:
// try root directory path given by user
if (in == null){
in = loaders[i].getResourceAsStream(fileName);
}
Which looked erroneous to me, but it IS what we were doing. I think if we at least re-include that case I'm fine with the rest of the changes. I'm still not sure why that case was referred to as "root." I wanted to debug the old 2.1.0.1 release but that would have required me getting an older JDK and I didn't care all that much.
|
It has been too long and the author of this PR has not responded. I am still going to include this fix in the 2.2.0.0 release, but I can wait no longer for the PR to get cleaned up (all the white-space diffs, plus the new property file really only needs a single property in it), so I am going to reject this PR. I will still credit @JoergAdler in the 2.2.0.0 release notes though as contributing toward the fix. Thanks Jörg. |
|
Hi, Sorry that I not responded for a long time. When I get it right, the following problems still exists in the pull request: formatting and the property file should have only one property. If you want, I could fix still fix this and reopen the pull request? Feel also free to edit the pull request in my fork. |
|
No worries. I've already made the changes based on your changes and tests, added some comments and additional tests, reduced the ESAPI-root-cp.properties file to a single property (and, it turns we really didn't need it to test this; using Oh, one last thing. @xeno6696 mentioned in #489 (comment) that: So that makes we feel a lot better about all this. But like I said, I already extracted your changes from your PR and pulled them into my commits, so don't sweat it. I'm pretty much done with everything other than closing out a couple of more issues and updating the release notes, but I'm hoping that I should have the official 2.2.0.0 release out sometime late Sunday evening if all goes to plan. |
* Change release version to 2.2.0.0 for official release. * Update / correct ESAPI release steps. * Fix ironic spelling typo. * Fix ironic spelling typo. * Changes to suppress most of the noise, but also fixes to all for .XML and .PROPERTIES suffixes and to fix and return null when property is null or empty string. * Changes to suppress most of the noise and to actually handle the exceptions that we should have been all along (e.g., IOExceptions). * Comment out the crude benchmark related assertion that sometimes was failing because of JIT-related issues. Needs to be eventually replaced by JMH. * Close #499 by resetting 'parent' when Windows is detected to root of drive where Windows is installed. * Close issue #488. These are slight enhancements to PR #489 by @JoergAdler that I rejected because Eclipse did something to cause every line to differ. But shout out to Jörg Adler for originally finding this issue and patching it. * Close issue #488. These are slight enhancements to PR #489 by @JoergAdler that I rejected because Eclipse did something to cause every line to differ. But shout out to Jörg Adler for originally finding this issue and patching it. I also added an additional test or 2, so don't blame @JoergAdler if I messed that up. * Close issue #488. These are slight enhancements to PR #489 by @JoergAdler that I rejected because Eclipse did something to cause every line to differ. But shout out to Jörg Adler for originally finding this issue and patching it. I tremendously stripped down the contents of this file because really all it needed was a single property referencing the validation.properties file. * Add 3 additional issues that were closed and fixes to some minor formatting. * Final updates for the ESAPI 2.2.0.0 official release. * Figure I probably ought to add my name instead of assuming people knew it and my email address. * Changed schema from allowing unbounded number of properties to allow only 10000. That really should NOT be a problem. However, it should help silence some of the SAST engines. * Additional changes to fix GitHub Issue #500
Hi,
with 2.2.0-RC2 a esapi.properties in the root of the application wasn't loadable anymore. I've done a fix for this.