1

我正在尝试使用 ESAPI 提供的 jar (esapi-2.0_rc11) 中 DefaultValidator 类的 getValidFileName (String, String, list, boolean) 方法来验证文件名。但是在运行时得到没有这样的方法异常。

这是我的代码:

public static String getValidFileName(String input,String[] strFileExtns, Boolean isNullable) throws Exception
{   
    List <String> fileExtnsList = new ArrayList <String>();

if (strFileExtns != null && strFileExtns.length > 0)
    for(int i=0; i<strFileExtns.length; i++)
    fileExtnsList.add(strFileExtns[i]);

    return new DefaultValidator().getValidFileName("FileNameValidation", input, fileExtnsList, isNullable);
}

我正进入(状态 java.lang.NoSuchMethodError:org/owasp/esapi/reference/DefaultValidator.getValidFileName(Ljava/lang/String;Ljava/lang/String;Ljava/util/List;Z)Ljava/lang/String;

jar中的代码:

public String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull)
    throws ValidationException, IntrusionException
  {
    if ((allowedExtensions == null) || (allowedExtensions.isEmpty())) {
      throw new ValidationException("Internal Error", "getValidFileName called with an empty or null list of allowed Extensions, therefore no files can be uploaded");
    }

    String canonical = "";
    try
    {
      if (isEmpty(input)) {
        if (allowNull) return null;
        throw new ValidationException(context + ": Input file name required", "Input required: context=" + context + ", input=" + input, context);
      }

      canonical = new File(input).getCanonicalFile().getName();
      getValidInput(context, input, "FileName", 255, true);

      File f = new File(canonical);
      String c = f.getCanonicalPath();
      String cpath = c.substring(c.lastIndexOf(File.separator) + 1);

      if (!(input.equals(cpath)))
        throw new ValidationException(context + ": Invalid file name", "Invalid directory name does not match the canonical path: context=" + context + ", input=" + input + ", canonical=" + canonical, context);
    }
    catch (IOException e)
    {
      throw new ValidationException(context + ": Invalid file name", "Invalid file name does not exist: context=" + context + ", canonical=" + canonical, e, context);
    }

    Iterator i = allowedExtensions.iterator();
    while (i.hasNext()) {
      String ext = (String)i.next();
      if (input.toLowerCase().endsWith(ext.toLowerCase()))
        return canonical;
    }

    throw new ValidationException(context + ": Invalid file name does not have valid extension ( " + allowedExtensions + ")", "Invalid file name does not have valid extension ( " + allowedExtensions + "): context=" + context + ", input=" + input, context);
  }

有人请帮我解决这个问题。

4

1 回答 1

1

java.lang.NoSuchMethodError 错误通常是由依赖问题引起的。如果您使用的是 maven(我假设您可能是,因为它经常会出现此错误),请按如下方式排除错误:

尝试在命令行上发出“mvn dependency:tree -Dverbose”并检查包含 org/owasp/esapi/reference/DefaultValidator 的库是否是您想要的版本。如果没有,您可以使用 excludes 标记从包含不正确版本的依赖项中排除不正确的版本。

还要检查生成的类路径是否以正确的顺序列出了依赖项。

于 2013-01-16T07:16:04.513 回答