问题
After performing Vera code scan on my code, a flaw was reported saying " Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting - CWE ID 113') on the below code.
public void writeCookies() {
for (final Cookie cookie : cookies) {
super.addCookie(cookie);
}
The flaw code reported is super.addCookie(cookie). To fix this I added below code
public void writeCookies() {
for (final Cookie cookie : cookies) {
cookie.setSecure(true);
ESAPI.httpUtilities().addCookie(((HttpServletResponse)super.getResponse()),cookie);
}
}
Now the Veracode scan doesn't report any flaw in the code. However, while running the application, I get NoClassDefFoundError as below
Error Message: javax.servlet.ServletException: java.lang.NoClassDefFoundError: org.apache.commons.fileupload.FileItemFactory Error Code: 500 Target Servlet: com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor Error Stack: java.lang.NoClassDefFoundError: org.apache.commons.fileupload.FileItemFactory at java.lang.J9VMInternals.verifyImpl(Native Method) at java.lang.J9VMInternals.verify(J9VMInternals.java:94) at java.lang.J9VMInternals.initialize(J9VMInternals.java:171) at java.lang.Class.forNameImpl(Native Method) at java.lang.Class.forName(Class.java:180) at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:74) at org.owasp.esapi.ESAPI.httpUtilities(ESAPI.java:121)
My ESAPI.properties file is at location src/main/resources/ESAPI.properties The content of ESAPI.properties file is
*
Encoder.AllowMultipleEncoding=false Encoder.AllowMixedEncoding=false Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
*
Please suggest me on how to fix this NoClassDefFoundError...
来源:https://stackoverflow.com/questions/50261616/noclassdeffounderror-encountered-while-fixing-crlf-sequence-in-httpheader