Skip to content

Guard EncryptedProperties store operations due to Java 11 changes (GH #721)#730

Closed
noloader wants to merge 0 commit into
ESAPI:developfrom
noloader:java11
Closed

Guard EncryptedProperties store operations due to Java 11 changes (GH #721)#730
noloader wants to merge 0 commit into
ESAPI:developfrom
noloader:java11

Conversation

@noloader

@noloader noloader commented Jul 21, 2022

Copy link
Copy Markdown
Contributor

This check-in guards the EncryptedProperties self test failures due to Java 11 deprecating some write and store operations.

Previously the self test code would perform a write or store operation. This was Ok on Java 8 and 9, but causes an exception on Java 11.

EncryptedPropertiesUtils.storeProperties(encryptedFilePath, props, "<property value>");

This change guards the write and store operations, and skips the test if an UnsupportedOperationException is encountered.

boolean supported = true;
try {
    EncryptedPropertiesUtils.storeProperties(encryptedFilePath, props, "<property value>");
}
catch (UnsupportedOperationException ex) {
    supported = false;
}

if ( supported ) {
    // Continue with self test
}
else {
    // Print message that test was skipped
}

This was referenced Jul 21, 2022
Open
Open
@kwwall

kwwall commented Jul 27, 2022

Copy link
Copy Markdown
Contributor

@noloader - So, I did the following steps:

$ git clone git@github.com:noloader/esapi-java-legacy.git walton-pr730
$ cd walton-pr730
$ jdk 11   # Alias for a dot script that sets me up to use Java 11
$ mvn compile
$ mvn test

The 'mvn test' resulted in these errors, the same place you are experiencing them. I am running on a fully-patched Linux Mint 19.2, with a 4.15.0-189-generic kernel on x86_64 processor. The significant error output from 'mvn test' was:

[INFO] Results:
[INFO] 
[ERROR] Errors: 
[ERROR]   EncryptedPropertiesUtilsTest.testCreateNew:93 » UnsupportedOperation This method has been removed for security.
[ERROR]   EncryptedPropertiesUtilsTest.testLoadEncryptedAndAdd:165 » UnsupportedOperation This method has been removed for security.
[ERROR]   EncryptedPropertiesUtilsTest.testLoadPlaintextAndEncrypt:131 » UnsupportedOperation This method has been removed for security.
[ERROR]   ReferenceEncryptedPropertiesTest.testStoreLoad:160 » UnsupportedOperation This method has been removed for security.
[INFO] 
[ERROR] Tests run: 4274, Failures: 0, Errors: 4, Skipped: 0
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE

I've attached the Surefire report, but not sure it will help.
org.owasp.esapi.reference.crypto.EncryptedPropertiesUtilsTest.txt
org.owasp.esapi.reference.crypto.ReferenceEncryptedPropertiesTest.txt

@kwwall

kwwall commented Jul 27, 2022

Copy link
Copy Markdown
Contributor

@noloader - BTW, this now is getting merge conflicts. That may be because I merged PR #720 after you created this PR and that PR was created before this. I presume you would want to keep the 'java 11' stuff.

@noloader noloader closed this Jul 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@noloader @kwwall