I have upgraded esapi to esapi-2.5.2.0. I downloaded esapi-2.5.2.0-configuration.jar, extracted validation.properties and ESAPI.properties to put them on classpath. In my code i have this call ESAPI.validator().isValidInput("Parameter_Value_Default", value, "ParameterStandard", MAX_PARAMTER_VALUE_LENGTH, true) that returned true but returns false after the upgrade
It is using "ParameterStandard" that was part of validation.properties in version 2.2.3.1 but it is no longer in version 2.5.2.0.
Why ParameterStandard is missing in 2.5.2.0? What is the right way to fix isValidInput so that it returns true again? thank you
That validation property doesn't ring a bell and doesn't sound like something we would name it, but of course I could be wrong. I've looked at the tagged esapi-2.3.1.0 code and I don't see that parameter anywhere. Here's where I would expect it to be: https://github.com/ESAPI/esapi-java-legacy/blob/esapi-2.2.3.1/configuration/esapi/validation.properties (which is the version intended for production) and I don't see it in the test version either: https://github.com/ESAPI/esapi-java-legacy/blob/esapi-2.2.3.1/src/test/resources/esapi/validation.properties It also in neither of the ESAPI.properties files from that release.
If I had to guess, I'd say that Validation.ParamterStandard is a custom value that someone on your team added. So just copy / paste it in from your old validation.properties to the new one and you should be good to go.