0

I'm using ESAPI library to encode name variable in my code.And my project is implemented on spring.

ESAPI.encoder().encodeForSQL( new OracleCodec(), name);

    import org.owasp.esapi.ESAPI;
import org.owasp.esapi.codecs.Codec;
import org.owasp.esapi.codecs.MySQLCodec;
import org.owasp.esapi.reference.DefaultEncoder;
    import org.springframework.jdbc.core.support.JdbcDaoSupport;

    public class StringJdbcDao extends JdbcDaoSupport{


    public void execute(){
            BufferedReader r = new BufferedReader(new InputStreamReader(sqlDDL));
                        try {
                            // read the first line, skipping any '--' comment lines
                            boolean firstLine = true;
                            StringBuffer buf = new StringBuffer();
                            for (String line = r.readLine(); line != null; line = r.readLine()) {
                                **line = ESAPI.encoder().encodeForSQL(new MySQLCodec(MySQLCodec.MYSQL_MODE), line.trim());**
                                getSpringJdbcTemplate().execute(line);
    }
    }

I get the below error.

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.sakaiproject.genericdao.test.GenericDaoTarget' defined in class path resource [spring-jdbc.xml]: Invocation of init method failed; nested exception is org.springframework.beans.factory.BeanInitializationException: Initialization of DAO failed; nested exception is org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception. at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1338) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409) at java.security.AccessController.doPrivileged(Native Method) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)

Niranga Sandaruwan
  • 691
  • 2
  • 19
  • 39

0 Answers0