java.lang.reflect.InitationTargetException Encoder 类 (org.owasp.esapi.reference.DefaultEncoder) CTOR 抛出异常

Question

我是 ESAPIm 的新手，几天来我一直在寻找答案。我收到以下错误:

Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: C:\Documents and Settings\Administrator\Desktop\TEM - Workspace\testSecurity\ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
Found in 'user.home' directory: C:\Documents and Settings\Administrator\esapi\ESAPI.properties
Loaded 'ESAPI.properties' properties file
Attempting to load validation.properties via file I/O.
Attempting to load validation.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: C:\Documents and Settings\Administrator\Desktop\TEM - Workspace\testSecurity\validation.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\validation.properties
Found in 'user.home' directory: C:\Documents and Settings\Administrator\esapi\validation.properties
Loaded 'validation.properties' properties file
java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception

希望尽快找到真正的答案。 这是我使用 ESAPI 登录的代码:

/* throws SQLExceptions */
public void login(String username, String password)
{
    try
    {
        if(con == null)
            connect();
        if(con != null)
        {
            Codec ORACLE_CODEC = new OracleCodec();

            String query = "SELECT * FROM tblmember where username = '"+ ESAPI.encoder().encodeForSQL(ORACLE_CODEC, username) +"'AND password '"+ESAPI.encoder().encodeForSQL(ORACLE_CODEC, password)+"' FROM ";

            stm = con.createStatement();
            rs = stm.executeQuery(query);

            if(rs.next())
            {
                System.out.println(rs.getString("address"));
                System.out.println(ESAPI.encoder().encodeForSQL(ORACLE_CODEC,"address"));
            }
        }
        else
        {
            System.out.println("Not Connected!");
        }
    }
    catch(Exception ex)
    {
        System.out.println(ex.getMessage() + " login");
    }           
}

public static void main(String[] args) throws SQLException 
{
    SQLInjection sq = new SQLInjection();
    sq.login("username", "password");
}

非常感谢您的回复:)

Answer 1

只是为了给您提供有关使用 API 的提示，请务必确保您阅读了随附的文档。您可以在那里找到有助于您使用 API 的信息。我相信这是一个依赖性问题。您可以查看here .

希望这有帮助。