I use the function canonicilize to detect suspicious requests, but using it against a form variable using a simple UUID it throws an error:
form[key] = canonicalize(form[key], true, true);
Below stacktrace shows it has casting issues with the logger (Caused by:
java.lang.ClassCastException: org.owasp.esapi.reference.Log4JLogger cannot be
cast to org.owasp.esapi.Logger at
org.owasp.esapi.reference.Log4JLogFactory.getLogger(Log4JLogFactory.java:88) at
), although I’m not sure if that is causing it. Any idea?
java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
StackTrace
string lucee.runtime.exp.NativeException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception. at
org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129) at org.owasp.esapi.ESAPI.encoder(ESAPI.java:99) at org.lucee.extension.esapi.functions.ESAPIEncode.canonicalize(ESAPIEncode.java:147) at org.lucee.extension.esapi.functions.Canonicalize.call(Canonicalize.java:29) at sun.reflect.GeneratedMethodAccessor165.invoke(Unknown Source) at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at lucee.runtime.reflection.pairs.MethodInstance.invoke(MethodInstance.java:56) at lucee.runtime.reflection.Reflector.callStaticMethod(Reflector.java:951) at lucee.runtime.functions.BIFProxy.invoke(BIFProxy.java:41) at lucee.runtime.functions.FunctionHandlerPool.invoke(FunctionHandlerPool.java:40) at
corehandling_cfm$cf$3b.call(/core/coreHandling.cfm:103) at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:945) at
lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:837) at
lucee.runtime.PageContextImpl.doInclude(PageContextImpl.java:818) at
application_cfc$cf.udfCall(/core/Application.cfc:57) at
lucee.runtime.type.UDFImpl.implementation(UDFImpl.java:106) at
lucee.runtime.type.UDFImpl._call(UDFImpl.java:344) at
lucee.runtime.type.UDFImpl.call(UDFImpl.java:217) at
lucee.runtime.ComponentImpl._call(ComponentImpl.java:680) at
lucee.runtime.ComponentImpl._call(ComponentImpl.java:568) at
lucee.runtime.ComponentImpl.call(ComponentImpl.java:1898) at
lucee.runtime.listener.ModernAppListener.call(ModernAppListener.java:436) at
lucee.runtime.listener.ModernAppListener._onRequest(ModernAppListener.java:215) at
lucee.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:42) at
lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2416) at
lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2406) at
lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2381) at
lucee.runtime.engine.Request.exe(Request.java:43) at
lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1170) at
lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:1116) at
lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:10
2) at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:62) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
ava:303) at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208
) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j
ava:241) at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208
) at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:2
20) at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122
) at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:50
4) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.ja
va:1074) at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProt
ocol.java:611) at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:6
1) at java.lang.Thread.run(Thread.java:748) Caused by:
org.owasp.esapi.errors.ConfigurationException:
java.lang.reflect.InvocationTargetException Encoder class
(org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception. ... 53 more
Caused by: java.lang.reflect.InvocationTargetException at
sun.reflect.GeneratedMethodAccessor166.invoke(Unknown Source) at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.jav
a:43) at java.lang.reflect.Method.invoke(Method.java:498) at
org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86) ... 52 more Caused by:
java.lang.ClassCastException: **org.owasp.esapi.reference.Log4JLogger cannot be
cast to org.owasp.esapi.Logger** at
org.owasp.esapi.reference.Log4JLogFactory.getLogger(Log4JLogFactory.java:88) at
org.owasp.esapi.ESAPI.getLogger(ESAPI.java:153) at
org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:83) at
org.owasp.esapi.reference.DefaultEncoder.getInstance(DefaultEncoder.java:67)