NoClassDefFoundError encountered while fixing CRLF sequence in HttpHeader

半腔热情 提交于 2021-02-11 12:19:02

问题


After performing Vera code scan on my code, a flaw was reported saying " Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting - CWE ID 113') on the below code.

public void writeCookies() {
            for (final Cookie cookie : cookies) {
                super.addCookie(cookie);
            }

The flaw code reported is super.addCookie(cookie). To fix this I added below code

public void writeCookies() {
            for (final Cookie cookie : cookies) {
                cookie.setSecure(true);
                ESAPI.httpUtilities().addCookie(((HttpServletResponse)super.getResponse()),cookie);
            }
        }

Now the Veracode scan doesn't report any flaw in the code. However, while running the application, I get NoClassDefFoundError as below

Error Message: javax.servlet.ServletException: java.lang.NoClassDefFoundError: org.apache.commons.fileupload.FileItemFactory Error Code: 500 Target Servlet: com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor Error Stack: java.lang.NoClassDefFoundError: org.apache.commons.fileupload.FileItemFactory at java.lang.J9VMInternals.verifyImpl(Native Method) at java.lang.J9VMInternals.verify(J9VMInternals.java:94) at java.lang.J9VMInternals.initialize(J9VMInternals.java:171) at java.lang.Class.forNameImpl(Native Method) at java.lang.Class.forName(Class.java:180) at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:74) at org.owasp.esapi.ESAPI.httpUtilities(ESAPI.java:121)

My ESAPI.properties file is at location src/main/resources/ESAPI.properties The content of ESAPI.properties file is

*

Encoder.AllowMultipleEncoding=false Encoder.AllowMixedEncoding=false Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities

*

Please suggest me on how to fix this NoClassDefFoundError...

来源:https://stackoverflow.com/questions/50261616/noclassdeffounderror-encountered-while-fixing-crlf-sequence-in-httpheader

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!