Skip to content

gracefully handle null within 'stripControls', #906 #907

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ThrawnCA wants to merge 3 commits into
base: develop
Choose a base branch
from
+16 −2
Open

gracefully handle null within 'stripControls', #906 #907

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7ca5606
gracefully handle null within 'stripControls', #906
ThrawnCA Feb 5, 2026
6b7d156
add unit tests for 'stripControls'
ThrawnCA Feb 6, 2026
e942bc3
fix spelling
ThrawnCA Feb 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ add
```xml
<classifier>jakarta</classifier>
```
and include whatever jakara.servlet:jakarta.servlet-api version you are using with
and include whatever jakarta.servlet:jakarta.servlet-api version you are using with
```xml
<scope>provided</scope>
```
Expand Down
2 changes: 1 addition & 1 deletion documentation/esapi4java-core-2.5.3.0-release-notes.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ This is a patch release with the primary intent of providing a Jakarta compatibl
Encryptor.DigitalSignatureAlgorithm=SHA256withDSA # The old SHA1withDSA doesn't support 2048-bit RSA modulus length
Encryptor.DigitalSignatureKeyLength=2048
Note that if you have persisted previous digital signatures that you must continue to verify, you will have to regenerate them.
* Thanks to a PR by @jcputney (PR #799), I have attempted to upload additional artifacts to Maven Central that will be a transformed jar suitable for use with the new 'jakarata.servlet' changes for Jakarata EE 9 and later. (Previously, 'javax.servlet' was the name space). Because we are still supporting JDK 8 at this point, we still need to support the 'javax.servlet' namespace as well. In addition to the standard jar artifacts, there should be a new esapi-<release>-jakarta.jar (which uses 'jakarta.servlet' instead of 'javax.servlet' namespace) as well as corresponding *-javadoc.jar and *-sources.jar files. I am not sure it will work as we have no tests for it, but looing at the binaries, it seems like it should.
* Thanks to a PR by @jcputney (PR #799), I have attempted to upload additional artifacts to Maven Central that will be a transformed jar suitable for use with the new 'jakarta.servlet' changes for Jakarta EE 9 and later. (Previously, 'javax.servlet' was the name space). Because we are still supporting JDK 8 at this point, we still need to support the 'javax.servlet' namespace as well. In addition to the standard jar artifacts, there should be a new esapi-<release>-jakarta.jar (which uses 'jakarta.servlet' instead of 'javax.servlet' namespace) as well as corresponding *-javadoc.jar and *-sources.jar files. I am not sure it will work as we have no tests for it, but looing at the binaries, it seems like it should.
For additional details, see:
https://github.com/ESAPI/esapi-java-legacy/pull/799
https://github.com/ESAPI/esapi-java-legacy/discussions/768
Expand Down
3 changes: 3 additions & 0 deletions src/main/java/org/owasp/esapi/StringUtilities.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ public static String replaceLinearWhiteSpace( String input ) {
* @return the stripped value
*/
public static String stripControls( String input ) {
if ( input == null ) {
return null;
}
StringBuilder sb = new StringBuilder();
for ( int i=0; i<input.length(); i++ ) {
char c = input.charAt( i );
Expand Down
11 changes: 11 additions & 0 deletions src/test/java/org/owasp/esapi/StringUtilitiesTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,4 +87,15 @@ public void testReplaceNull() {
assertEquals( " Test ", StringUtilities.replaceNull( " Test ", "Replaced" ) );
assertEquals( "Replaced", StringUtilities.replaceNull( " NULL ", "Replaced" ) );
}

public void testStripControls() {
// valid characters are preserved
assertEquals( "\u0021abc\u007e", StringUtilities.stripControls( "\u0021abc\u007e" ) );
// control characters become spaces
assertEquals( " a b c ", StringUtilities.stripControls( "\u0000a\u0020b\u007fc\uffff" ) );
// blank strings are preserved
assertEquals( "", StringUtilities.stripControls( "" ) );
assertEquals( " ", StringUtilities.stripControls( " " ) );
assertEquals( null, StringUtilities.stripControls( null ) );
}
}
Loading