You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If the configuration factory is set to NullConfigurationProviderFactory there is a null pointer exception when printing out the configuration.
java.lang.NullPointerException
at org.owasp.csrfguard.CsrfGuard.toString(CsrfGuard.java:497)
at org.owasp.csrfguard.CsrfGuardServletContextListener.printConfigIfConfigured(CsrfGuardServletContextListener.java:101)
at org.owasp.csrfguard.CsrfGuardServletContextListener.contextInitialized(CsrfGuardServletContextListener.java:86)
This is because NullConfigurationProvider returns NULL for getPrng()
public SecureRandom getPrng() {
return null;
}
and the rest of the code (including CsrfGuard.toString()) assumes getPrng() returns non-null.
However, I'm not sure if NullConfigurationProvider is still supported.
My use case:
I am integrating CSRFGuard with a project and would like to specify the csrfguard.properties file as an environment variable. I created a custom ConfigurationProvider (works great) but if I cannot read the given file I wanted to default to NullConfigurationProvider.
Because of this bug I will default to Overlay instead, which will do.
Is NullConfigurationProvider still supported?
Edit: added a PR just in case it is.
The text was updated successfully, but these errors were encountered:
If the configuration factory is set to NullConfigurationProviderFactory there is a null pointer exception when printing out the configuration.
java.lang.NullPointerException
at org.owasp.csrfguard.CsrfGuard.toString(CsrfGuard.java:497)
at org.owasp.csrfguard.CsrfGuardServletContextListener.printConfigIfConfigured(CsrfGuardServletContextListener.java:101)
at org.owasp.csrfguard.CsrfGuardServletContextListener.contextInitialized(CsrfGuardServletContextListener.java:86)
This is because NullConfigurationProvider returns NULL for getPrng()
public SecureRandom getPrng() {
return null;
}
and the rest of the code (including CsrfGuard.toString()) assumes getPrng() returns non-null.
However, I'm not sure if NullConfigurationProvider is still supported.
My use case:
I am integrating CSRFGuard with a project and would like to specify the csrfguard.properties file as an environment variable. I created a custom ConfigurationProvider (works great) but if I cannot read the given file I wanted to default to NullConfigurationProvider.
Because of this bug I will default to Overlay instead, which will do.
Is NullConfigurationProvider still supported?
Edit: added a PR just in case it is.
The text was updated successfully, but these errors were encountered: