登录注册

Jar文件详情内容

esapi-2.2.0.0.jar

所在目录：/org/owasp/esapi/esapi/2.2.0.0 查看esapi所有版本文件

组织ID:	org.owasp.esapi
项目ID:	esapi
版本:	2.2.0.0
最后修改时间:	2019-06-25 10:16:14
包类型:	jar
标题:	BSD
描述:	The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP web site. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.
相关URL:	https://oss.sonatype.org/content/repositories/snapshots
大小:	430.31KB

Maven引入代码:	`<dependency> <groupId>org.owasp.esapi</groupId> <artifactId>esapi</artifactId> <version>2.2.0.0</version> </dependency>`
Gradle引入代码:	`org.owasp.esapi:esapi:2.2.0.0`
下载Jar包:	esapi-2.2.0.0.jar
POM文件内容:	展开复制 <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.owasp.esapi</groupId> <artifactId>esapi</artifactId> <version>2.2.0.0</version> <packaging>jar</packaging> <distributionManagement> <snapshotRepository> <id>sonatype-nexus-snapshots</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> </snapshotRepository> <repository> <id>sonatype-nexus-staging</id> <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url> </repository> </distributionManagement> <parent> <groupId>org.sonatype.oss</groupId> <artifactId>oss-parent</artifactId> <version>9</version> </parent> <licenses> <license> <name>BSD</name> <url>http://www.opensource.org/licenses/bsd-license.php</url> <comments>Code License - New BSD License</comments> </license> <license> <name>Creative Commons 3.0 BY-SA</name> <url>http://creativecommons.org/licenses/by-sa/3.0/</url> <comments>Content License - Create Commons 3.0 BY-SA</comments> </license> </licenses> <name>ESAPI</name> <url>https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API</url> <description>The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP web site. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC. </description> <organization> <name>The Open Web Application Security Project (OWASP)</name> <url>http://www.owasp.org/index.php</url> </organization> <mailingLists> <mailingList> <name>ESAPI-Project-Users</name> <subscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/join</subscribe> <unsubscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/unsubscribe</unsubscribe> <post>mailto:esapi-project-users@owasp.org</post> <archive>(Pre 3/25/2019) https://lists.owasp.org/pipermail/esapi-users/</archive> <!--This is the OWASP ESAPI mailing list for ESAPI users, regardless of programming language. For example, ESAPI users with questions about ESAPI for Java or ESAPI for PHP would both post here.--> </mailingList> <mailingList> <name>ESAPI-Project-Dev</name> <subscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/join</subscribe> <unsubscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/unsubscribe</unsubscribe> <post>mailto:esapi-project-dev@owasp.org</post> <archive>(Pre 3/25/2019) https://lists.owasp.org/pipermail/esapi-dev/</archive> <!--This is the OWASP ESAPI mailing list for ESAPI for Java developers. While the list is not closed, the topics of discussion are likely to be less relevant to those only using ESAPI. Note that this is the list for ESAPI for Java. Most other language implementations, such ESAPI for PHP, have their own mailing lists.--> </mailingList> <mailingList> <name>OWASP-ESAPI (Inactive! Archive only!)</name> <archive>https://lists.owasp.org/pipermail/owasp-esapi/</archive> <!--The name of the obsolete mailing list that previously was a combination of an ESAPI users lists and ESAP development list. While obsolete, it is still sometimes useful for searching through old historical posts. NOTE: NEW POSTS SHOULD NO LONGER BE MADE TO THIS LIST!--> </mailingList> </mailingLists> <scm> <connection>scm:git:git://github.com/ESAPI/esapi-java-legacy.git</connection> <developerConnection>scm:git:git@github.com:ESAPI/esapi-java-legacy.git</developerConnection> <url>https://github.com/ESAPI/esapi-java-legacy</url> </scm> <issueManagement> <system>GitHub Issue Tracking</system> <url>https://github.com/ESAPI/esapi-java-legacy/issues</url> </issueManagement> <developers> <developer> <name>Jeff Williams</name> <organization>Aspect Security</organization> <roles> <role>Project Inventor</role> </roles> </developer> <developer> <name>Kevin W. Wall</name> <organization>Wells Fargo</organization> <roles> <role>Project Co-owner</role> </roles> </developer> <developer> <name>Matt Seil</name> <organization>OWASP</organization> <roles> <role>Project Co-owner</role> </roles> </developer> <developer> <name>Chris Schmidt</name> <organization>Synopsys</organization> <roles> <role>Former project co-owner</role> </roles> </developer> </developers> <contributors> <contributor> <name>Dave Wichers</name> <organization>Aspect Security</organization> </contributor> <contributor> <name>Jim Manico</name> </contributor> <contributor> <name>Jeremiah J. Stacey</name> </contributor> </contributors> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <dependencies> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.0.1</version> <scope>provided</scope> </dependency> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>javax.servlet.jsp-api</artifactId> <version>2.3.3</version> <scope>provided</scope> </dependency> <dependency> <groupId>com.io7m.xom</groupId> <artifactId>xom</artifactId> <version>1.2.10</version> <exclusions> <!-- excluded because we directly import newer versions. --> <exclusion> <groupId>xalan</groupId> <artifactId>xalan</artifactId> </exclusion> <exclusion> <groupId>xerces</groupId> <artifactId>xercesImpl</artifactId> </exclusion> <exclusion> <groupId>xml-apis</groupId> <artifactId>xml-apis</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>commons-beanutils</groupId> <artifactId>commons-beanutils</artifactId> <!-- We need to use 1.9.2 (or later) here to address CVE-2014-0114. --> <version>1.9.3</version> <!-- NOTE: commons-beanutils uses commons-collections 3.2.2. We use commons-collections 4.2. Package names are different so this shouldn't cause any problems as long as 3.x doesn't have any CVEs. May have to rethink / exclude / etc. if there are. --> </dependency> <dependency> <groupId>commons-configuration</groupId> <artifactId>commons-configuration</artifactId> <version>1.10</version> <exclusions> <!-- excluded because multiple dependencies import newer version. --> <exclusion> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>commons-lang</groupId> <artifactId>commons-lang</artifactId> <version>2.6</version> </dependency> <dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <!-- Upgrading to 1.4 causes this test case failure: [ERROR] HTTPUtilitiesTest.testGetFileUploads:259. TODO: Figure out why, and fix. --> <version>1.3.3</version> <exclusions> <!-- excluded because we directly import newer version. --> <exclusion> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-collections4</artifactId> <!-- Using 4.2 because 4.3 requires Java 8. Trying to make sure ESAPI supports Java 7+ --> <version>4.2</version> </dependency> <dependency> <groupId>org.apache-extras.beanshell</groupId> <artifactId>bsh</artifactId> <version>2.0b6</version> </dependency> <dependency> <groupId>org.owasp.antisamy</groupId> <artifactId>antisamy</artifactId> <version>1.5.8</version> <exclusions> <exclusion> <groupId>xml-apis</groupId> <artifactId>xml-apis</artifactId> </exclusion> <exclusion> <groupId>xerces</groupId> <artifactId>xercesImpl</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.26</version> </dependency> <!-- FORCE SPECIFIC VERSIONS OF TRANSITIVE DEPENDENCIES EXCLUDED ABOVE. This is to force patched versions of these libraries with known CVEs against them. --> <dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> <version>2.6</version> </dependency> <dependency> <groupId>org.apache.xmlgraphics</groupId> <artifactId>batik-css</artifactId> <version>1.11</version> <exclusions> <exclusion> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> </exclusion> <exclusion> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>xalan</groupId> <artifactId>xalan</artifactId> <version>2.7.2</version> <exclusions> <exclusion> <groupId>xml-apis</groupId> <artifactId>xml-apis</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>xerces</groupId> <artifactId>xercesImpl</artifactId> <version>2.12.0</version> </dependency> <dependency> <groupId>xml-apis</groupId> <artifactId>xml-apis</artifactId> <version>1.4.01</version> </dependency> <!-- Dependencies which are ONLY used for JUnit tests --> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.12</version> <scope>test</scope> </dependency> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> <version>1.61</version> <scope>test</scope> </dependency> <!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-mockito --> <dependency> <groupId>org.powermock</groupId> <artifactId>powermock-api-mockito2</artifactId> <version>2.0.0</version> <scope>test</scope> <exclusions> <exclusion> <!-- A subdependency: org.powermock:powermock-core:2.0.0, results in the import of: org.javassist:javassist:3.24.0-GA which was compiled for Java 8 by accident. org.javassist:javassist:3.25.0-GA was released for Java 7. So we exclude it here, and import the version we need below. --> <groupId>org.javassist</groupId> <artifactId>javassist</artifactId> </exclusion> <!-- The following exclusions and import of mockito-core 2.27.0 result in 100% convergence in the test dependencies, --> <exclusion> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> </exclusion> <exclusion> <groupId>org.powermock</groupId> <artifactId>powermock-reflect</artifactId> </exclusion> <exclusion> <groupId>net.bytebuddy</groupId> <artifactId>byte-buddy</artifactId> </exclusion> <exclusion> <groupId>net.bytebuddy</groupId> <artifactId>byte-buddy-agent</artifactId> </exclusion> </exclusions> <!-- exclusions> </exclusions --> </dependency> <!-- The following imported solely so we can exclude its dependency on: org.objenesis:objenesis, which conflicts with another import by a dependency of powermock-api-mockito2. --> <dependency> <!-- This version is compatible with Java 7, the previous version was not (by accident). --> <groupId>org.javassist</groupId> <artifactId>javassist</artifactId> <version>3.25.0-GA</version> <scope>test</scope> </dependency> <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> <version>2.27.0</version> <scope>test</scope> </dependency> <dependency> <groupId>org.powermock</groupId> <artifactId>powermock-module-junit4</artifactId> <version>2.0.0</version> <scope>test</scope> </dependency> <dependency> <groupId>org.powermock</groupId> <artifactId>powermock-reflect</artifactId> <version>2.0.0</version> <scope>test</scope> <exclusions> <exclusion> <groupId>org.objenesis</groupId> <artifactId>objenesis</artifactId> </exclusion> <exclusion> <groupId>net.bytebuddy</groupId> <artifactId>byte-buddy</artifactId> </exclusion> <exclusion> <groupId>net.bytebuddy</groupId> <artifactId>byte-buddy-agent</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.openjdk.jmh</groupId> <artifactId>jmh-core</artifactId> <version>1.21</version> <scope>test</scope> </dependency> <dependency> <groupId>org.openjdk.jmh</groupId> <artifactId>jmh-generator-annprocess</artifactId> <version>1.21</version> <scope>test</scope> </dependency> </dependencies> <build> <pluginManagement> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-assembly-plugin</artifactId> <version>3.1.1</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-dependency-plugin</artifactId> <version>3.1.1</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-release-plugin</artifactId> <version>2.5.3</version> </plugin> </plugins> </pluginManagement> <plugins> <plugin> <groupId>com.github.spotbugs</groupId> <artifactId>spotbugs-maven-plugin</artifactId> <version>3.1.11</version> <dependencies> <!-- overwrite dependency on spotbugs if you want to specify the version of spotbugs --> <dependency> <groupId>com.github.spotbugs</groupId> <artifactId>spotbugs</artifactId> <version>3.1.12</version> </dependency> </dependencies> <executions> <execution> <!-- requires Java 8. So only run it if using Java 8 or greater. This property set in a profile below. --> <phase>${PhaseIfJava8plus}</phase> </execution> </executions> <configuration> <findbugsXmlOutput>true</findbugsXmlOutput> <findbugsXmlWithMessages>true</findbugsXmlWithMessages> <xmlOutput>true</xmlOutput> <threshold>Low</threshold> <effort>Max</effort> <relaxed>false</relaxed> </configuration> </plugin> <plugin> <groupId>net.sourceforge.maven-taglib</groupId> <artifactId>maven-taglib-plugin</artifactId> <version>2.4</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-changelog-plugin</artifactId> <version>2.3</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-clean-plugin</artifactId> <version>3.1.0</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.8.0</version> <configuration> <source>1.7</source> <target>1.7</target> <testSource>1.7</testSource> <testTarget>1.7</testTarget> <debug>true</debug> <showWarnings>true</showWarnings> <showDeprecation>false</showDeprecation> <compilerArgs> <!-- This fails: <arg>-Xmaxwarns 2000</arg> Must be passed as two separate args, as shown below. --> <arg>-Xmaxwarns</arg> <arg>2000</arg> <arg> <!-- Eventually desire is to use just -Xlint:all here, but for now, this is just to cross off another criteria for CII Badging process. However, this is main reason we increased maxwarns above. --> -Xlint:all,-deprecation,-rawtypes,-unchecked </arg> </compilerArgs> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-deploy-plugin</artifactId> <version>2.8.2</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-eclipse-plugin</artifactId> <version>2.10</version> <configuration> <downloadSources>true</downloadSources> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-enforcer-plugin</artifactId> <version>3.0.0-M2</version> <dependencies> <dependency> <groupId>org.codehaus.mojo</groupId> <artifactId>extra-enforcer-rules</artifactId> <version>1.2</version> </dependency> </dependencies> <executions> <execution> <id>enforce-bytecode-version</id> <goals> <goal>enforce</goal> </goals> <configuration> <rules> <enforceBytecodeVersion> <maxJdkVersion>1.7</maxJdkVersion> </enforceBytecodeVersion> </rules> <fail>true</fail> </configuration> </execution> <execution> <id>enforce-jdk-version</id> <goals> <goal>enforce</goal> </goals> <configuration> <rules> <requireJavaVersion> <version>1.7</version> <message> ESAPI 2.x now uses the JDK1.7 for it's baseline. Please make sure that your JAVA_HOME environment variable is pointed to a JDK1.7 distribution. </message> </requireJavaVersion> </rules> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <version>1.6</version> <executions> <execution> <id>sign-artifacts</id> <phase>verify</phase> <goals> <goal>sign</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-install-plugin</artifactId> <version>2.5.2</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jar-plugin</artifactId> <version>3.1.0</version> <configuration> <archive> <manifest> <addDefaultImplementationEntries>true</addDefaultImplementationEntries> <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries> </manifest> </archive> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> <version>3.1.0</version> <configuration> <source>7</source> <doclint>none</doclint> </configuration> <!-- generate esapi-VERSION.javadoc.jar --> <executions> <execution> <id>attach-javadocs</id> <phase>package</phase> <goals><goal>jar</goal></goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jxr-plugin</artifactId> <version>3.0.0</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-pmd-plugin</artifactId> <version>3.11.0</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-project-info-reports-plugin</artifactId> <version>3.0.0</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> <version>3.1.0</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-site-plugin</artifactId> <version>3.7.1</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-source-plugin</artifactId> <version>3.0.1</version> <executions> <execution> <id>attach-sources</id> <phase>package</phase> <goals><goal>jar-no-fork</goal></goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-report-plugin</artifactId> <version>2.22.1</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> <version>2.22.1</version> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>cobertura-maven-plugin</artifactId> <version>2.7</version> <configuration> <formats> <format>html</format> <format>xml</format> </formats> </configuration> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>jdepend-maven-plugin</artifactId> <version>2.0</version> </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>versions-maven-plugin</artifactId> <version>2.7</version> </plugin> <plugin> <groupId>org.eluder.coveralls</groupId> <artifactId>coveralls-maven-plugin</artifactId> <version>4.3.0</version> </plugin> <plugin> <groupId>org.owasp</groupId> <artifactId>dependency-check-maven</artifactId> <version>5.0.0</version> <configuration> <failBuildOnCVSS>5.9</failBuildOnCVSS> <suppressionFile>./suppressions.xml</suppressionFile> </configuration> <executions> <execution> <!-- This version of Dep Ck requires Java 8. So only run it if using Java 8 or greater. This property set in a profile below. --> <phase>${PhaseIfJava8plus}</phase> <goals> <goal>check</goal> </goals> </execution> </executions> </plugin> </plugins> </build> <reporting> <plugins> <plugin> <groupId>net.sourceforge.maven-taglib</groupId> <artifactId>maven-taglib-plugin</artifactId> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-changelog-plugin</artifactId> <configuration> <issueIDRegexPattern>[Ii]ssue[# ]*(\d)+</issueIDRegexPattern> <issueLinkUrl>https://github.com/ESAPI/esapi-java-legacy/issues/%ISSUE%</issueLinkUrl> <type>date</type> <dates> <!-- Should be date of previous official release --> <date>2015-02-05 00:00:00</date> </dates> </configuration> </plugin> <plugin> <!-- Generate /site/apidocs and /site/testapidocs --> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> <configuration> <doclint>none</doclint> <source>7</source> </configuration> </plugin> <plugin> <!-- This plugin required in reporting section, as other maven reporting plugins use the Source XRef this plugin generates. Without it, you get these errors when running mvn site: [WARNING] Unable to locate Source XRef to link to - DISABLED --> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jxr-plugin</artifactId> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-pmd-plugin</artifactId> <configuration> <targetJdk>1.7</targetJdk> <sourceEncoding>utf-8</sourceEncoding> <!-- excludeFromFailureFile>exclude-pmd.properties</excludeFromFailureFile --> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-project-info-reports-plugin</artifactId> <reportSets> <reportSet> <reports> <report>dependency-convergence</report> </reports> </reportSet> </reportSets> <configuration> <!-- setting this is supposed to make generating this report much faster, but didn't affect me without it, so I turned it off (DRW) --> <!-- dependencyLocationsEnabled>false</dependencyLocationsEnabled --> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-report-plugin</artifactId> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> </plugin> <plugin> <!-- Using this introduces these errors: Skipped "JDepend" report (jdepend-maven-plugin:2.0:generate), file "jdepend-report.html" already exists. but don't know how to eliminate them, without disabling this plugin. --> <groupId>org.codehaus.mojo</groupId> <artifactId>jdepend-maven-plugin</artifactId> </plugin> <!-- Check for updates to dependencies and report on them. --> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>versions-maven-plugin</artifactId> <reportSets> <reportSet> <reports> <report>dependency-updates-report</report> <report>plugin-updates-report</report> <report>property-updates-report</report> </reports> </reportSet> </reportSets> </plugin> </plugins> </reporting> <profiles> <profile> <activation> <jdk>[1.8,)</jdk> </activation> <properties> <PhaseIfJava8plus>site</PhaseIfJava8plus> </properties> </profile> <profile> <!-- Activate to sign jars and build distributable download. --> <id>dist</id> <!-- This profile is activated when mvn release:perform is called from the command line to actually do a release. If you need this profile active for some reason outside of performing a release, use mvn <command> -Pdist --> <activation> <property> <name>performRelease</name> <value>true</value> </property> </activation> <build> <plugins> <plugin> <artifactId>maven-jar-plugin</artifactId> <!-- <executions> <execution> <phase>package</phase> <goals> <goal>sign</goal> </goals> </execution> </executions> --> <configuration> <!-- <keystore>codesign.keystore</keystore> <alias>owasp foundation, inc.'s godaddy.com, inc. id</alias> <verify>true</verify> --> <archive> <manifest> <addDefaultImplementationEntries>true</addDefaultImplementationEntries> <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries> </manifest> <manifestEntries> <Sealed>true</Sealed> </manifestEntries> </archive> </configuration> </plugin> <!-- For building the distribution zip file. --> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-assembly-plugin</artifactId> <configuration> <descriptors> <descriptor>src/main/assembly/dist.xml</descriptor> </descriptors> </configuration> <executions> <execution> <id>make-dist</id> <phase>package</phase> <goals> <goal>single</goal> </goals> </execution> </executions> </plugin> <!-- Performs a full release. See release documentation for information on how to perform an ESAPI release using Maven --> <!-- mvn release:prepare was not working as expected, so I'm commenting this out and we are doing all this SCM magic manually for now. - kevin wall, 2019-04-09 <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-release-plugin</artifactId> <version>2.5.3</version> <configuration> <tagBase>https://github.com/ESAPI/esapi-java-legacy/tags</tagBase> </configuration> </plugin> --> </plugins> </build> </profile> </profiles> </project>
Jar包内容:	展开复制 META-INF/MANIFEST.MF org.owasp.esapi.IntrusionDetector.class org.owasp.esapi.tags.ELEncodeFunctions.class org.owasp.esapi.Randomizer.class org.owasp.esapi.filters.SecurityWrapperRequest.class org.owasp.esapi.filters.ESAPIFilter.class org.owasp.esapi.filters.SecurityWrapper.class org.owasp.esapi.reference.validation.IntegerValidationRule.class org.owasp.esapi.reference.validation.NumberValidationRule.class org.owasp.esapi.reference.JavaLogFactory$1.class org.owasp.esapi.reference.accesscontrol.FileBasedACRs$Rule.class org.owasp.esapi.util.DefaultMessageUtil.class org.owasp.esapi.util.ObjFactory.class org.owasp.esapi.logging.slf4j.Slf4JLogLevelHandlers$1.class org.owasp.esapi.logging.slf4j.Slf4JLogger.class org.owasp.esapi.logging.slf4j.Slf4JLogFactory.class org.owasp.esapi.logging.cleaning.LogScrubber.class org.owasp.esapi.logging.cleaning.CodecLogScrubber.class org.owasp.esapi.StringUtilities.class org.owasp.esapi.Logger.class org.owasp.esapi.crypto.CryptoHelper.class org.owasp.esapi.crypto.KeyDerivationFunction.class org.owasp.esapi.crypto.CipherTextSerializer.class org.owasp.esapi.crypto.KeyDerivationFunction$PRF_ALGORITHMS.class org.owasp.esapi.crypto.CipherSpec$CipherTransformationComponent.class org.owasp.esapi.crypto.CryptoToken.class org.owasp.esapi.codecs.AbstractCodec.class org.owasp.esapi.codecs.HTMLEntityCodec.class org.owasp.esapi.codecs.PushbackSequence.class org.owasp.esapi.codecs.DB2Codec.class org.owasp.esapi.codecs.Base64$InputStream.class org.owasp.esapi.codecs.PushBackSequenceImpl.class org.owasp.esapi.codecs.OracleCodec.class org.owasp.esapi.codecs.MySQLCodec$1.class org.owasp.esapi.waf.ESAPIWebApplicationFirewallFilter.class org.owasp.esapi.waf.rules.RuleUtil.class org.owasp.esapi.waf.rules.GeneralAttackSignatureRule.class org.owasp.esapi.waf.rules.RestrictUserAgentRule.class org.owasp.esapi.waf.rules.HTTPMethodRule.class org.owasp.esapi.waf.internal.InterceptingServletOutputStream.class org.owasp.esapi.waf.actions.RedirectAction.class org.owasp.esapi.waf.ConfigurationException.class org.owasp.esapi.Validator.class org.owasp.esapi.LogFactory.class org.owasp.esapi.configuration.EsapiPropertyLoader.class org.owasp.esapi.configuration.EsapiPropertyLoaderFactory.class org.owasp.esapi.errors.EncryptionException.class org.owasp.esapi.errors.ValidationException.class org.owasp.esapi.errors.EncodingException.class org.owasp.esapi.errors.EnterpriseSecurityException.class org.owasp.esapi.AccessControlRule.class org.owasp.esapi.AccessController.class META-INF/maven/org.owasp.esapi/esapi/pom.properties org.owasp.esapi.PreparedString.class org.owasp.esapi.tags.EncodeForURLTag.class org.owasp.esapi.tags.EncodeForCSSTag.class org.owasp.esapi.tags.EncodeForJavaScriptTag.class org.owasp.esapi.tags.EncodeForBase64Tag.class org.owasp.esapi.tags.EncodeForVBScriptTag.class org.owasp.esapi.reference.validation.BaseValidationRule.class org.owasp.esapi.reference.validation.HTMLValidationRule.class org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR.class org.owasp.esapi.reference.accesscontrol.FileBasedACRs.class org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter.class org.owasp.esapi.reference.AbstractAccessReferenceMap.class org.owasp.esapi.reference.DefaultEncoder.class org.owasp.esapi.reference.RandomAccessReferenceMap.class org.owasp.esapi.reference.DefaultRandomizer.class org.owasp.esapi.reference.JavaLogFactory.class org.owasp.esapi.Authenticator.class org.owasp.esapi.Logger$EventType.class org.owasp.esapi.util.ByteConversionUtil.class org.owasp.esapi.codecs.Trie.class org.owasp.esapi.codecs.Base64.class org.owasp.esapi.codecs.AbstractPushbackSequence.class org.owasp.esapi.codecs.WindowsCodec.class org.owasp.esapi.codecs.MySQLCodec$Mode.class org.owasp.esapi.codecs.XMLEntityCodec.class org.owasp.esapi.codecs.AbstractCharacterCodec.class org.owasp.esapi.waf.rules.RestrictContentTypeRule.class org.owasp.esapi.waf.rules.PathExtensionRule.class org.owasp.esapi.waf.rules.SimpleVirtualPatchRule.class org.owasp.esapi.waf.rules.AuthenticatedRule.class org.owasp.esapi.waf.rules.MustMatchRule.class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest$RAFInputStream.class org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest.class org.owasp.esapi.waf.actions.DefaultAction.class org.owasp.esapi.waf.configuration.AppGuardianConfiguration.class org.owasp.esapi.Encoder.class org.owasp.esapi.ESAPI.class org.owasp.esapi.configuration.EsapiPropertyManager.class org.owasp.esapi.configuration.consts.EsapiConfiguration.class org.owasp.esapi.errors.AccessControlException.class org.owasp.esapi.errors.AuthenticationHostException.class org.owasp.esapi.errors.ValidationAvailabilityException.class org.owasp.esapi.ValidationRule.class META-INF/esapi.tld org.owasp.esapi.tags.EncodeForXMLTag.class org.owasp.esapi.tags.EncodeForXPathTag.class org.owasp.esapi.filters.ClickjackFilter.class org.owasp.esapi.filters.RequestRateThrottleFilter.class org.owasp.esapi.filters.SecurityWrapperResponse.class org.owasp.esapi.User.class org.owasp.esapi.Encryptor.class org.owasp.esapi.AccessReferenceMap.class org.owasp.esapi.reference.Log4JLoggerFactory.class org.owasp.esapi.reference.AbstractAuthenticator$ThreadLocalUser.class org.owasp.esapi.reference.DefaultExecutor.class org.owasp.esapi.reference.DefaultHTTPUtilities$ThreadLocalRequest.class org.owasp.esapi.reference.JavaLogFactory$JavaLogger.class org.owasp.esapi.reference.FileBasedAuthenticator.class org.owasp.esapi.reference.DefaultExecutor$ReadThread.class org.owasp.esapi.reference.Log4JLogFactory.class org.owasp.esapi.reference.JavaLogFactory$JavaLoggerLevel.class org.owasp.esapi.reference.DefaultIntrusionDetector.class org.owasp.esapi.reference.Log4JLogger.class org.owasp.esapi.reference.crypto.JavaEncryptor.class org.owasp.esapi.reference.validation.StringValidationRule.class org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoader.class org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR.class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters.class org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper.class org.owasp.esapi.reference.accesscontrol.policyloader.DynaBeanACRParameterLoader.class org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO.class org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader.class org.owasp.esapi.reference.accesscontrol.DelegatingACR.class org.owasp.esapi.reference.accesscontrol.BaseACR.class org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR.class org.owasp.esapi.reference.AbstractAuthenticator$1.class org.owasp.esapi.reference.DefaultValidator.class org.owasp.esapi.util.ObjFactory$MethodWrappedInfo.class org.owasp.esapi.logging.slf4j.Slf4JLogLevelHandler.class org.owasp.esapi.logging.slf4j.Slf4JLogLevelHandlers$5.class org.owasp.esapi.logging.slf4j.Slf4JLogBridge.class org.owasp.esapi.logging.slf4j.Slf4JLogLevelHandlers$4.class org.owasp.esapi.codecs.HashTrie$Entry.class org.owasp.esapi.codecs.AbstractIntegerCodec.class org.owasp.esapi.codecs.MySQLCodec.class org.owasp.esapi.codecs.PercentCodec.class org.owasp.esapi.codecs.PushbackString.class org.owasp.esapi.codecs.HashTrie$Node.class org.owasp.esapi.codecs.Hex.class org.owasp.esapi.waf.rules.ReplaceContentRule.class org.owasp.esapi.waf.rules.BeanShellRule.class org.owasp.esapi.waf.rules.AddHeaderRule.class org.owasp.esapi.waf.rules.IPRule.class org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule.class org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse.class org.owasp.esapi.waf.actions.BlockAction.class org.owasp.esapi.waf.configuration.ConfigurationParser.class org.owasp.esapi.SecurityConfiguration$Threshold.class org.owasp.esapi.configuration.XmlEsapiPropertyLoader.class org.owasp.esapi.configuration.consts.EsapiConfigurationType.class org.owasp.esapi.errors.EnterpriseSecurityRuntimeException.class org.owasp.esapi.errors.EncryptionRuntimeException.class org.owasp.esapi.errors.ConfigurationException.class org.owasp.esapi.errors.IntrusionException.class org.owasp.esapi.errors.ValidationUploadException.class org.owasp.esapi.HTTPUtilities.class ESAPI-properties.xsd org.owasp.esapi.tags.BaseEncodeTag.class org.owasp.esapi.tags.EncodeForHTMLTag.class org.owasp.esapi.tags.EncodeForXMLAttributeTag.class org.owasp.esapi.tags.EncodeForHTMLAttributeTag.class org.owasp.esapi.reference.IntegerAccessReferenceMap.class org.owasp.esapi.reference.DefaultHTTPUtilities$1.class org.owasp.esapi.reference.DefaultAccessController.class org.owasp.esapi.reference.AbstractAuthenticator.class org.owasp.esapi.reference.DefaultSecurityConfiguration$DefaultSearchPath.class org.owasp.esapi.reference.DefaultUser.class org.owasp.esapi.reference.DefaultIntrusionDetector$Event.class org.owasp.esapi.reference.crypto.EncryptedPropertiesUtils.class org.owasp.esapi.reference.crypto.DefaultEncryptedProperties.class org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties.class org.owasp.esapi.reference.DefaultEncoder$UriSegment.class org.owasp.esapi.reference.DefaultHTTPUtilities$ThreadLocalResponse.class org.owasp.esapi.reference.DefaultHTTPUtilities.class org.owasp.esapi.reference.DefaultSecurityConfiguration.class org.owasp.esapi.reference.validation.CreditCardValidationRule.class org.owasp.esapi.reference.validation.DateValidationRule.class org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR.class org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController.class org.owasp.esapi.util.NullSafe.class org.owasp.esapi.util.CollectionsUtil.class org.owasp.esapi.logging.slf4j.Slf4JLogLevelHandlers.class #内容未全部加载，请点击展开加载全部代码(NowJava.com)
依赖Jar:	javax.servlet-api-3.0.1.jar /javax.servlet/javax.servlet-api/3.0.1 查看javax.servlet-api所有版本文件 javax.servlet.jsp-api-2.3.3.jar /javax.servlet.jsp/javax.servlet.jsp-api/2.3.3 查看javax.servlet.jsp-api所有版本文件 xom-1.2.10.jar /com.io7m.xom/xom/1.2.10 查看xom所有版本文件 commons-beanutils-1.9.3.jar /commons-beanutils/commons-beanutils/1.9.3 查看commons-beanutils所有版本文件 commons-configuration-1.10.jar /commons-configuration/commons-configuration/1.10 查看commons-configuration所有版本文件 commons-lang-2.6.jar /commons-lang/commons-lang/2.6 查看commons-lang所有版本文件 commons-fileupload-1.3.3.jar /commons-fileupload/commons-fileupload/1.3.3 查看commons-fileupload所有版本文件 log4j-1.2.17.jar /log4j/log4j/1.2.17 查看log4j所有版本文件 commons-collections4-4.2.jar /org.apache.commons/commons-collections4/4.2 查看commons-collections4所有版本文件 bsh-2.0b6.jar /org.apache-extras.beanshell/bsh/2.0b6 查看bsh所有版本文件 antisamy-1.5.8.jar /org.owasp.antisamy/antisamy/1.5.8 查看antisamy所有版本文件 slf4j-api-1.7.26.jar /org.slf4j/slf4j-api/1.7.26 查看slf4j-api所有版本文件 commons-io-2.6.jar /commons-io/commons-io/2.6 查看commons-io所有版本文件 batik-css-1.11.jar /org.apache.xmlgraphics/batik-css/1.11 查看batik-css所有版本文件 xalan-2.7.2.jar /xalan/xalan/2.7.2 查看xalan所有版本文件 xercesImpl-2.12.0.jar /xerces/xercesImpl/2.12.0 查看xercesImpl所有版本文件 xml-apis-1.4.01.jar /xml-apis/xml-apis/1.4.01 查看xml-apis所有版本文件 junit-4.12.jar /junit/junit/4.12 查看junit所有版本文件 bcprov-jdk15on-1.61.jar /org.bouncycastle/bcprov-jdk15on/1.61 查看bcprov-jdk15on所有版本文件 powermock-api-mockito2-2.0.0.jar /org.powermock/powermock-api-mockito2/2.0.0 查看powermock-api-mockito2所有版本文件 javassist-3.25.0-GA.jar /org.javassist/javassist/3.25.0-GA 查看javassist所有版本文件 mockito-core-2.27.0.jar /org.mockito/mockito-core/2.27.0 查看mockito-core所有版本文件 powermock-module-junit4-2.0.0.jar /org.powermock/powermock-module-junit4/2.0.0 查看powermock-module-junit4所有版本文件 powermock-reflect-2.0.0.jar /org.powermock/powermock-reflect/2.0.0 查看powermock-reflect所有版本文件 jmh-core-1.21.jar /org.openjdk.jmh/jmh-core/1.21 查看jmh-core所有版本文件 jmh-generator-annprocess-1.21.jar /org.openjdk.jmh/jmh-generator-annprocess/1.21 查看jmh-generator-annprocess所有版本文件