java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception

java eclipse security esapi invocationtargetexception
T E M picture T E M · Dec 18, 2012 · Viewed 8.3k times · Source

I'm a newbie to ESAPIm and I've been looking for answers for days. I got the following error: 

Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: C:\Documents and Settings\Administrator\Desktop\TEM - Workspace\testSecurity\ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
Found in 'user.home' directory: C:\Documents and Settings\Administrator\esapi\ESAPI.properties
Loaded 'ESAPI.properties' properties file
Attempting to load validation.properties via file I/O.
Attempting to load validation.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: C:\Documents and Settings\Administrator\Desktop\TEM - Workspace\testSecurity\validation.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\validation.properties
Found in 'user.home' directory: C:\Documents and Settings\Administrator\esapi\validation.properties
Loaded 'validation.properties' properties file
java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception

Hoping to find real answers as soon as possible. This is my code for login using ESAPI:

/* throws SQLExceptions */
public void login(String username, String password)
{
    try
    {
        if(con == null)
            connect();
        if(con != null)
        {
            Codec ORACLE_CODEC = new OracleCodec();

            String query = "SELECT * FROM tblmember where username = '"+ ESAPI.encoder().encodeForSQL(ORACLE_CODEC, username) +"'AND password '"+ESAPI.encoder().encodeForSQL(ORACLE_CODEC, password)+"' FROM ";

            stm = con.createStatement();
            rs = stm.executeQuery(query);

            if(rs.next())
            {
                System.out.println(rs.getString("address"));
                System.out.println(ESAPI.encoder().encodeForSQL(ORACLE_CODEC,"address"));
            }
        }
        else
        {
            System.out.println("Not Connected!");
        }
    }
    catch(Exception ex)
    {
        System.out.println(ex.getMessage() + " login");
    }           
}

public static void main(String[] args) throws SQLException 
{
    SQLInjection sq = new SQLInjection();
    sq.login("username", "password");
}

Thank you very much for your response :)

Answer

Johne Altamera picture Johne Altamera · Dec 18, 2012

Just to give you a tip on using APIs, always make sure that you read the documentation(s) included. There you may find information that will give you an aid in using the API. I believe this was a dependency issue. You can check it here.

Hope this helps.

Related questions

Can't start Eclipse - Java was started but returned exit code=13

I am trying to get my first taste of Android development using Eclipse. I ran into this problem when trying to run Eclipse, having installed version 4.2 only minutes ago. After first trying to start Eclipse without any parameters to specify …

Read More
Failed to load the JNI shared Library (JDK)

When I try opening Eclipse, a pop-up dialog states: Failed to load the JNI shared library "C:/JDK/bin/client/jvm.dll"`. Following this, Eclipse force closes. Here's a few points I'd like to make: I checked to see if …

Read More
No compiler is provided in this environment. Perhaps you are running on a JRE rather than a JDK?

I'm compiling a project in Eclipse using m2eclipse. I set the JDK path in Eclipse like this: Windows-->preferences-->installed jres--> jdk1.7.xx path But this is showing an error [ERROR] COMPILATION ERROR : [INFO] ------------------------------------------------------------- [ERROR] …

Read More