I was looking to add latest versions of esapi and antiSamy to an app running on ACF9. I have it working now but isn't really proper probably. In my mind these functions were "helpers" so I had them set up external to MG. Now that I have them in Coldspring I have to reference them with a _modelglue.GetBean approach (or so I believe). Anyway it's pretty much at the controller level where these get called in order to scrub and format input and output that originated from the user. I've got one spot where the model uses esapi in order to format some stored text for output in the email. Maybe these functions should have been in a section in the model...
On Monday, November 3, 2014 11:48:21 AM UTC-7, Dan Wilson - [email protected] wrote: > > Interesting. Did you add the OWASP code to your web application? I don't > think Model Glue does that internally > > DW > > Irvin Wilson <javascript:> > Monday, November 03, 2014 1:32 PM > I fired onSessionEnd manually and trapped > > <cfset var componentMetadata = getMetadata( arguments.instance ) /> > <cfset var scope = componentMetadata.extends /> > > since it was componentMetadata.extends that was breaking. This is what I > get. Not sure if same as session expiring naturally? That said, it sorta > makes sense now but not sure what to do about it. > > Results of the following: > <cfdump var=#arguments.type# label="type" /> > <cfdump var=#instance# label="instance" /> > <cfdump var=#componentMetadata# abort="true" label="componentMetadata" /> > > ModelGlue.gesture.ModelGlueinstance - object of org.owasp.esapi.ESAPI > Class Nameorg.owasp.esapi.ESAPIMethodsMethodReturn TypeaccessController() > org.owasp.esapi.AccessControllerauthenticator() > org.owasp.esapi.AuthenticatorclearCurrent()voidcurrentRequest() > javax.servlet.http.HttpServletRequestcurrentResponse() > javax.servlet.http.HttpServletResponseencoder()org.owasp.esapi.Encoder > encryptor()org.owasp.esapi.Encryptorexecutor()org.owasp.esapi.Executor > getLogger(java.lang.Class)org.owasp.esapi.Logger > getLogger(java.lang.String)org.owasp.esapi.LoggerhttpUtilities() > org.owasp.esapi.HTTPUtilitiesinitialize(java.lang.String)java.lang.String > intrusionDetector()org.owasp.esapi.IntrusionDetectorlog() > org.owasp.esapi.Loggeroverride(org.owasp.esapi.SecurityConfiguration)void > randomizer()org.owasp.esapi.RandomizersecurityConfiguration() > org.owasp.esapi.SecurityConfigurationvalidator()org.owasp.esapi.ValidatorcomponentMetadata > > - object of java.lang.Class > Class Namejava.lang.ClassMethodsMethodReturn Type > asSubclass(java.lang.Class)java.lang.Classcast(java.lang.Object) > java.lang.ObjectdesiredAssertionStatus()booleanforName(java.lang.String, > boolean, java.lang.ClassLoader)java.lang.ClassforName(java.lang.String) > java.lang.ClassgetAnnotation(java.lang.Class) > java.lang.annotation.AnnotationgetAnnotations() > java.lang.annotation.Annotation[]getCanonicalName()java.lang.String > getClassLoader()java.lang.ClassLoadergetClasses()java.lang.Class[] > getComponentType()java.lang.ClassgetConstructor(java.lang.Class[]) > java.lang.reflect.ConstructorgetConstructors() > java.lang.reflect.Constructor[]getDeclaredAnnotations() > java.lang.annotation.Annotation[]getDeclaredClasses()java.lang.Class[] > getDeclaredConstructor(java.lang.Class[])java.lang.reflect.Constructor > getDeclaredConstructors()java.lang.reflect.Constructor[] > getDeclaredField(java.lang.String)java.lang.reflect.Field > getDeclaredFields()java.lang.reflect.Field[]getDeclaredMethod(java.lang.String, > > java.lang.Class[])java.lang.reflect.MethodgetDeclaredMethods() > java.lang.reflect.Method[]getDeclaringClass()java.lang.Class > getEnclosingClass()java.lang.ClassgetEnclosingConstructor() > java.lang.reflect.ConstructorgetEnclosingMethod()java.lang.reflect.Method > getEnumConstants()java.lang.Object[]getField(java.lang.String) > java.lang.reflect.FieldgetFields()java.lang.reflect.Field[] > getGenericInterfaces()java.lang.reflect.Type[]getGenericSuperclass() > java.lang.reflect.TypegetInterfaces()java.lang.Class[]getMethod(java.lang.String, > > java.lang.Class[])java.lang.reflect.MethodgetMethods() > java.lang.reflect.Method[]getModifiers()intgetName()java.lang.String > getPackage()java.lang.PackagegetProtectionDomain() > java.security.ProtectionDomaingetResource(java.lang.String)java.net.URL > getResourceAsStream(java.lang.String)java.io.InputStreamgetSigners() > java.lang.Object[]getSimpleName()java.lang.StringgetSuperclass() > java.lang.ClassgetTypeParameters()java.lang.reflect.TypeVariable[] > isAnnotation()booleanisAnnotationPresent(java.lang.Class)boolean > isAnonymousClass()booleanisArray()booleanisAssignableFrom(java.lang.Class) > booleanisEnum()booleanisInstance(java.lang.Object)booleanisInterface() > booleanisLocalClass()booleanisMemberClass()booleanisPrimitive()boolean > isSynthetic()booleannewInstance()java.lang.ObjecttoString() > java.lang.String > > > > -- > -- > Model-Glue Sites: > Home Page: http://www.model-glue.com > Documentation: http://docs.model-glue.com > Bug Tracker: http://bugs.model-glue.com > Blog: http://www.model-glue.com/blog > > You received this message because you are subscribed to the Google > Groups "model-glue" group. > To post to this group, send email to [email protected] > <javascript:> > To unsubscribe from this group, send email to > [email protected] <javascript:> > For more options, visit this group at > http://groups.google.com/group/model-glue?hl=en > --- > You received this message because you are subscribed to the Google Groups > "model-glue" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > For more options, visit https://groups.google.com/d/optout. > > -- -- Model-Glue Sites: Home Page: http://www.model-glue.com Documentation: http://docs.model-glue.com Bug Tracker: http://bugs.model-glue.com Blog: http://www.model-glue.com/blog You received this message because you are subscribed to the Google Groups "model-glue" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/model-glue?hl=en --- You received this message because you are subscribed to the Google Groups "model-glue" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
