调用DefaultValidator.getValidFileName()的NoSuchMethoException

时间:2013-01-16 05:04:55

标签: java xss esapi

我正在尝试使用来自ESAPI提供的jar(esapi-2.0_rc11)的DefaultValidator类的getValidFileName(String,String,list,boolean)方法来验证文件名。但是在运行时没有这样的方法异常。

这是我的代码:

public static String getValidFileName(String input,String[] strFileExtns, Boolean isNullable) throws Exception
{   
    List <String> fileExtnsList = new ArrayList <String>();

if (strFileExtns != null && strFileExtns.length > 0)
    for(int i=0; i<strFileExtns.length; i++)
    fileExtnsList.add(strFileExtns[i]);

    return new DefaultValidator().getValidFileName("FileNameValidation", input, fileExtnsList, isNullable);
}

我到了 java.lang.NoSuchMethodError:org/owasp/esapi/reference/DefaultValidator.getValidFileName(Ljava/lang/String;Ljava/lang/String;Ljava/util/List;Z)Ljava/lang/String;

jar中的代码:

public String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull)
    throws ValidationException, IntrusionException
  {
    if ((allowedExtensions == null) || (allowedExtensions.isEmpty())) {
      throw new ValidationException("Internal Error", "getValidFileName called with an empty or null list of allowed Extensions, therefore no files can be uploaded");
    }

    String canonical = "";
    try
    {
      if (isEmpty(input)) {
        if (allowNull) return null;
        throw new ValidationException(context + ": Input file name required", "Input required: context=" + context + ", input=" + input, context);
      }

      canonical = new File(input).getCanonicalFile().getName();
      getValidInput(context, input, "FileName", 255, true);

      File f = new File(canonical);
      String c = f.getCanonicalPath();
      String cpath = c.substring(c.lastIndexOf(File.separator) + 1);

      if (!(input.equals(cpath)))
        throw new ValidationException(context + ": Invalid file name", "Invalid directory name does not match the canonical path: context=" + context + ", input=" + input + ", canonical=" + canonical, context);
    }
    catch (IOException e)
    {
      throw new ValidationException(context + ": Invalid file name", "Invalid file name does not exist: context=" + context + ", canonical=" + canonical, e, context);
    }

    Iterator i = allowedExtensions.iterator();
    while (i.hasNext()) {
      String ext = (String)i.next();
      if (input.toLowerCase().endsWith(ext.toLowerCase()))
        return canonical;
    }

    throw new ValidationException(context + ": Invalid file name does not have valid extension ( " + allowedExtensions + ")", "Invalid file name does not have valid extension ( " + allowedExtensions + "): context=" + context + ", input=" + input, context);
  }

有人请帮助我。

1 个答案:

答案 0 :(得分:1)

java.lang.NoSuchMethodError错误通常是由依赖性问题引起的。如果你正在使用maven(我假设你可能会因为这个错误经常发生),请按如下方式排除错误:

尝试在命令行上发出“mvn dependency:tree -Dverbose”,并检查包含org / owasp / esapi / reference / DefaultValidator的库是否是您想要的版本。如果没有,您可以使用排除标记从包含不正确版本的依赖项中排除不正确的版本。

同时检查生成的类路径是否按正确的顺序列出了依赖项。

相关问题
最新问题