[owasp-esapi-java/f17] Initial import
Marek Goldmann
goldmann at fedoraproject.org
Wed Oct 10 10:47:25 UTC 2012
commit 7b35a34a75ee7df3afa2c5334be946d65c2094d7
Author: Marek Goldmann <goldmann at fedoraproject.org>
Date: Wed Oct 10 12:47:07 2012 +0200
Initial import
.gitignore | 1 +
...alidator-implementation-bsed-on-Antisammy.patch | 299 ++++++++++++++++++++
...ent-directory-to-testing-bin-is-a-symlink.patch | 31 ++
...etContextPath-method-in-MockServletContex.patch | 24 ++
owasp-esapi-java.spec | 134 +++++++++
sources | 1 +
6 files changed, 490 insertions(+), 0 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e69de29..db2719d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/owasp-esapi-java-2.0.1.tar.xz
diff --git a/0001-Remove-validator-implementation-bsed-on-Antisammy.patch b/0001-Remove-validator-implementation-bsed-on-Antisammy.patch
new file mode 100644
index 0000000..009e6bc
--- /dev/null
+++ b/0001-Remove-validator-implementation-bsed-on-Antisammy.patch
@@ -0,0 +1,299 @@
+From 25bc5154b9731fe87e8f92c582c49d68da43909b Mon Sep 17 00:00:00 2001
+From: Marek Goldmann <goldmann at fedoraproject.org>
+Date: Mon, 8 Oct 2012 13:25:34 +0200
+Subject: [PATCH] Remove validator implementation bsed on Antisammy
+
+---
+ .../owasp/esapi/reference/DefaultValidator.java | 28 +----
+ .../reference/validation/HTMLValidationRule.java | 129 ---------------------
+ .../org/owasp/esapi/reference/ValidatorTest.java | 62 ----------
+ 3 files changed, 3 insertions(+), 216 deletions(-)
+ delete mode 100644 src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
+
+diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+index 85c3343..ced7747 100644
+--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
++++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+@@ -43,7 +43,6 @@ import org.owasp.esapi.errors.ValidationAvailabilityException;
+ import org.owasp.esapi.errors.ValidationException;
+ import org.owasp.esapi.reference.validation.CreditCardValidationRule;
+ import org.owasp.esapi.reference.validation.DateValidationRule;
+-import org.owasp.esapi.reference.validation.HTMLValidationRule;
+ import org.owasp.esapi.reference.validation.IntegerValidationRule;
+ import org.owasp.esapi.reference.validation.NumberValidationRule;
+ import org.owasp.esapi.reference.validation.StringValidationRule;
+@@ -307,25 +306,14 @@ public class DefaultValidator implements org.owasp.esapi.Validator {
+ * {@inheritDoc}
+ */
+ public boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull) throws IntrusionException {
+- try {
+- getValidSafeHTML( context, input, maxLength, allowNull);
+- return true;
+- } catch( Exception e ) {
+- return false;
+- }
++ return false;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+- try {
+- getValidSafeHTML( context, input, maxLength, allowNull);
+- return true;
+- } catch( ValidationException e ) {
+- errors.addError(context, e);
+- return false;
+- }
++ return false;
+ }
+
+ /**
+@@ -334,23 +322,13 @@ public class DefaultValidator implements org.owasp.esapi.Validator {
+ * This implementation relies on the OWASP AntiSamy project.
+ */
+ public String getValidSafeHTML( String context, String input, int maxLength, boolean allowNull ) throws ValidationException, IntrusionException {
+- HTMLValidationRule hvr = new HTMLValidationRule( "safehtml", encoder );
+- hvr.setMaximumLength(maxLength);
+- hvr.setAllowNull(allowNull);
+- hvr.setValidateInputAndCanonical(false);
+- return hvr.getValid(context, input);
++ return "";
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+- try {
+- return getValidSafeHTML(context, input, maxLength, allowNull);
+- } catch (ValidationException e) {
+- errors.addError(context, e);
+- }
+-
+ return "";
+ }
+
+diff --git a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
+deleted file mode 100644
+index e08e2b0..0000000
+--- a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
++++ /dev/null
+@@ -1,129 +0,0 @@
+-/**
+- * OWASP Enterprise Security API (ESAPI)
+- *
+- * This file is part of the Open Web Application Security Project (OWASP)
+- * Enterprise Security API (ESAPI) project. For details, please see
+- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+- *
+- * Copyright (c) 2007 - The OWASP Foundation
+- *
+- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+- * LICENSE before you use, modify, and/or redistribute this software.
+- *
+- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+- * @created 2007
+- */
+-package org.owasp.esapi.reference.validation;
+-
+-import java.io.IOException;
+-import java.io.InputStream;
+-import java.util.List;
+-
+-import org.owasp.esapi.errors.ConfigurationException;
+-import org.owasp.esapi.ESAPI;
+-import org.owasp.esapi.Encoder;
+-import org.owasp.esapi.Logger;
+-import org.owasp.esapi.StringUtilities;
+-import org.owasp.esapi.errors.ValidationException;
+-import org.owasp.validator.html.AntiSamy;
+-import org.owasp.validator.html.CleanResults;
+-import org.owasp.validator.html.Policy;
+-import org.owasp.validator.html.PolicyException;
+-import org.owasp.validator.html.ScanException;
+-
+-
+-/**
+- * A validator performs syntax and possibly semantic validation of a single
+- * piece of data from an untrusted source.
+- *
+- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+- * href="http://www.aspectsecurity.com">Aspect Security</a>
+- * @since June 1, 2007
+- * @see org.owasp.esapi.Validator
+- */
+-public class HTMLValidationRule extends StringValidationRule {
+-
+- /** OWASP AntiSamy markup verification policy */
+- private static Policy antiSamyPolicy = null;
+- private static final Logger LOGGER = ESAPI.getLogger( "HTMLValidationRule" );
+-
+- static {
+- InputStream resourceStream = null;
+- try {
+- resourceStream = ESAPI.securityConfiguration().getResourceStream("antisamy-esapi.xml");
+- } catch (IOException e) {
+- throw new ConfigurationException("Couldn't find antisamy-esapi.xml", e);
+- }
+- if (resourceStream != null) {
+- try {
+- antiSamyPolicy = Policy.getInstance(resourceStream);
+- } catch (PolicyException e) {
+- throw new ConfigurationException("Couldn't parse antisamy policy", e);
+- }
+- }
+- }
+-
+- public HTMLValidationRule( String typeName ) {
+- super( typeName );
+- }
+-
+- public HTMLValidationRule( String typeName, Encoder encoder ) {
+- super( typeName, encoder );
+- }
+-
+- public HTMLValidationRule( String typeName, Encoder encoder, String whitelistPattern ) {
+- super( typeName, encoder, whitelistPattern );
+- }
+-
+- /**
+- * {@inheritDoc}
+- */
+- @Override
+- public String getValid( String context, String input ) throws ValidationException {
+- return invokeAntiSamy( context, input );
+- }
+-
+- /**
+- * {@inheritDoc}
+- */
+- @Override
+- public String sanitize( String context, String input ) {
+- String safe = "";
+- try {
+- safe = invokeAntiSamy( context, input );
+- } catch( ValidationException e ) {
+- // just return safe
+- }
+- return safe;
+- }
+-
+- private String invokeAntiSamy( String context, String input ) throws ValidationException {
+- // CHECKME should this allow empty Strings? " " us IsBlank instead?
+- if ( StringUtilities.isEmpty(input) ) {
+- if (allowNull) {
+- return null;
+- }
+- throw new ValidationException( context + " is required", "AntiSamy validation error: context=" + context + ", input=" + input, context );
+- }
+-
+- String canonical = super.getValid( context, input );
+-
+- try {
+- AntiSamy as = new AntiSamy();
+- CleanResults test = as.scan(canonical, antiSamyPolicy);
+-
+- List<String> errors = test.getErrorMessages();
+- if ( !errors.isEmpty() ) {
+- LOGGER.info( Logger.SECURITY_FAILURE, "Cleaned up invalid HTML input: " + errors );
+- }
+-
+- return test.getCleanHTML().trim();
+-
+- } catch (ScanException e) {
+- throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input: context=" + context + " error=" + e.getMessage(), e, context );
+- } catch (PolicyException e) {
+- throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + context + " error=" + e.getMessage(), e, context );
+- }
+- }
+-}
+-
+diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+index 9402630..fbb19f7 100644
+--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
++++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+@@ -34,7 +34,6 @@ import org.owasp.esapi.errors.ValidationException;
+ import org.owasp.esapi.filters.SecurityWrapperRequest;
+ import org.owasp.esapi.http.MockHttpServletRequest;
+ import org.owasp.esapi.http.MockHttpServletResponse;
+-import org.owasp.esapi.reference.validation.HTMLValidationRule;
+ import org.owasp.esapi.reference.validation.StringValidationRule;
+
+ import javax.servlet.http.Cookie;
+@@ -273,40 +272,6 @@ public class ValidatorTest extends TestCase {
+ // instance.getValidRedirectLocation(String, String, boolean, ValidationErrorList)
+ }
+
+- public void testGetValidSafeHTML() throws Exception {
+- System.out.println("getValidSafeHTML");
+- Validator instance = ESAPI.validator();
+- ValidationErrorList errors = new ValidationErrorList();
+-
+- // new school test case setup
+- HTMLValidationRule rule = new HTMLValidationRule("test");
+- ESAPI.validator().addRule(rule);
+-
+- assertEquals("Test.", ESAPI.validator().getRule("test").getValid("test", "Test. <script>alert(document.cookie)</script>"));
+-
+- String test1 = "<b>Jeff</b>";
+- String result1 = instance.getValidSafeHTML("test", test1, 100, false, errors);
+- assertEquals(test1, result1);
+-
+- String test2 = "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>";
+- String result2 = instance.getValidSafeHTML("test", test2, 100, false, errors);
+- assertEquals(test2, result2);
+-
+- String test3 = "Test. <script>alert(document.cookie)</script>";
+- assertEquals("Test.", rule.getSafe("test", test3));
+-
+- assertEquals("Test. <<div>load=alert()</div>", rule.getSafe("test", "Test. <<div on<script></script>load=alert()"));
+- assertEquals("Test. <div>b</div>", rule.getSafe("test", "Test. <div style={xss:expression(xss)}>b</div>"));
+- assertEquals("Test.", rule.getSafe("test", "Test. <s%00cript>alert(document.cookie)</script>"));
+- assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
+- assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
+- // TODO: ENHANCE waiting for a way to validate text headed for an attribute for scripts
+- // This would be nice to catch, but just looks like text to AntiSamy
+- // assertFalse(instance.isValidSafeHTML("test", "\" onload=\"alert(document.cookie)\" "));
+- // String result4 = instance.getValidSafeHTML("test", test4);
+- // assertEquals("", result4);
+- }
+-
+ public void testIsInvalidFilename() {
+ System.out.println("testIsInvalidFilename");
+ Validator instance = ESAPI.validator();
+@@ -913,33 +878,6 @@ public class ValidatorTest extends TestCase {
+ // isValidRedirectLocation(String, String, boolean)
+ }
+
+- public void testIsValidSafeHTML() {
+- System.out.println("isValidSafeHTML");
+- Validator instance = ESAPI.validator();
+-
+- assertTrue(instance.isValidSafeHTML("test", "<b>Jeff</b>", 100, false));
+- assertTrue(instance.isValidSafeHTML("test", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false));
+- assertTrue(instance.isValidSafeHTML("test", "Test. <script>alert(document.cookie)</script>", 100, false));
+- assertTrue(instance.isValidSafeHTML("test", "Test. <div style={xss:expression(xss)}>", 100, false));
+- assertTrue(instance.isValidSafeHTML("test", "Test. <s%00cript>alert(document.cookie)</script>", 100, false));
+- assertTrue(instance.isValidSafeHTML("test", "Test. <s\tcript>alert(document.cookie)</script>", 100, false));
+- assertTrue(instance.isValidSafeHTML("test", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false));
+-
+- // TODO: waiting for a way to validate text headed for an attribute for scripts
+- // This would be nice to catch, but just looks like text to AntiSamy
+- // assertFalse(instance.isValidSafeHTML("test", "\" onload=\"alert(document.cookie)\" "));
+- ValidationErrorList errors = new ValidationErrorList();
+- assertTrue(instance.isValidSafeHTML("test1", "<b>Jeff</b>", 100, false, errors));
+- assertTrue(instance.isValidSafeHTML("test2", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false, errors));
+- assertTrue(instance.isValidSafeHTML("test3", "Test. <script>alert(document.cookie)</script>", 100, false, errors));
+- assertTrue(instance.isValidSafeHTML("test4", "Test. <div style={xss:expression(xss)}>", 100, false, errors));
+- assertTrue(instance.isValidSafeHTML("test5", "Test. <s%00cript>alert(document.cookie)</script>", 100, false, errors));
+- assertTrue(instance.isValidSafeHTML("test6", "Test. <s\tcript>alert(document.cookie)</script>", 100, false, errors));
+- assertTrue(instance.isValidSafeHTML("test7", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false, errors));
+- assertTrue(errors.size() == 0);
+-
+- }
+-
+ public void testSafeReadLine() {
+ System.out.println("safeReadLine");
+
diff --git a/0002-Use-different-directory-to-testing-bin-is-a-symlink.patch b/0002-Use-different-directory-to-testing-bin-is-a-symlink.patch
new file mode 100644
index 0000000..2883c06
--- /dev/null
+++ b/0002-Use-different-directory-to-testing-bin-is-a-symlink.patch
@@ -0,0 +1,31 @@
+From c2f4ac116780eb6424c6453c2b834831f7de1d9c Mon Sep 17 00:00:00 2001
+From: Marek Goldmann <goldmann at fedoraproject.org>
+Date: Mon, 8 Oct 2012 13:54:14 +0200
+Subject: [PATCH] Use different directory to testing, /bin is a symlink
+
+---
+ src/test/java/org/owasp/esapi/reference/ValidatorTest.java | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+index fbb19f7..41e7953 100644
+--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
++++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+@@ -379,7 +379,7 @@ public class ValidatorTest extends TestCase {
+
+ // Unix specific paths should pass
+ assertTrue(instance.isValidDirectoryPath("test", "/", parent, false)); // Root directory
+- assertTrue(instance.isValidDirectoryPath("test", "/bin", parent, false)); // Always exist directory
++ assertTrue(instance.isValidDirectoryPath("test", "/var", parent, false)); // Always exist directory
+
+ // Unix specific paths that should not exist or work
+ assertFalse(instance.isValidDirectoryPath("test", "/bin/sh", parent, false)); // Standard shell, not dir
+@@ -403,7 +403,7 @@ public class ValidatorTest extends TestCase {
+ // Unix specific paths should pass
+ assertTrue(instance.isValidDirectoryPath("test6", "/", parent, false, errors)); // Root directory
+ assertTrue(errors.size()==5);
+- assertTrue(instance.isValidDirectoryPath("test7", "/bin", parent, false, errors)); // Always exist directory
++ assertTrue(instance.isValidDirectoryPath("test7", "/var", parent, false, errors)); // Always exist directory
+ assertTrue(errors.size()==5);
+
+ // Unix specific paths that should not exist or work
diff --git a/0003-Implement-getContextPath-method-in-MockServletContex.patch b/0003-Implement-getContextPath-method-in-MockServletContex.patch
new file mode 100644
index 0000000..be1ea41
--- /dev/null
+++ b/0003-Implement-getContextPath-method-in-MockServletContex.patch
@@ -0,0 +1,24 @@
+From 2afc097f5ea665412e7357c5e43ecc5dffeeb730 Mon Sep 17 00:00:00 2001
+From: Marek Goldmann <goldmann at fedoraproject.org>
+Date: Tue, 9 Oct 2012 13:44:50 +0200
+Subject: [PATCH] Implement getContextPath method in MockServletContext
+
+---
+ src/test/java/org/owasp/esapi/http/MockServletContext.java | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/test/java/org/owasp/esapi/http/MockServletContext.java b/src/test/java/org/owasp/esapi/http/MockServletContext.java
+index 8c2c4f2..18114a1 100644
+--- a/src/test/java/org/owasp/esapi/http/MockServletContext.java
++++ b/src/test/java/org/owasp/esapi/http/MockServletContext.java
+@@ -546,4 +546,8 @@ public class MockServletContext implements ServletContext {
+ public String getServletContextName() {
+ return null;
+ }
+-}
+\ No newline at end of file
++
++ public String getContextPath() {
++ return "/";
++ }
++}
diff --git a/owasp-esapi-java.spec b/owasp-esapi-java.spec
new file mode 100644
index 0000000..e0e5fa3
--- /dev/null
+++ b/owasp-esapi-java.spec
@@ -0,0 +1,134 @@
+Name: owasp-esapi-java
+Version: 2.0.1
+Release: 2%{?dist}
+Summary: OWASP Enterprise Security API
+Group: Development/Libraries
+License: BSD
+URL: http://code.google.com/p/owasp-esapi-java/
+
+# svn export http://owasp-esapi-java.googlecode.com/svn/tags/esapi-2.0.1/ owasp-esapi-java-2.0.1
+# tar cafJ owasp-esapi-java-2.0.1.tar.xz owasp-esapi-java-2.0.1
+Source0: owasp-esapi-java-%{version}.tar.xz
+
+# Antisammy is not available
+Patch0: 0001-Remove-validator-implementation-bsed-on-Antisammy.patch
+# Use different directory in tests
+Patch1: 0002-Use-different-directory-to-testing-bin-is-a-symlink.patch
+# Missing implementations
+Patch2: 0003-Implement-getContextPath-method-in-MockServletContex.patch
+
+BuildArch: noarch
+
+BuildRequires: jpackage-utils
+BuildRequires: java-devel
+BuildRequires: maven
+BuildRequires: maven-compiler-plugin
+BuildRequires: maven-dependency-plugin
+BuildRequires: maven-install-plugin
+BuildRequires: maven-jar-plugin
+BuildRequires: maven-javadoc-plugin
+BuildRequires: maven-surefire-plugin
+BuildRequires: maven-surefire-plugin
+BuildRequires: maven-surefire-provider-junit4
+BuildRequires: sonatype-oss-parent
+BuildRequires: tomcat6-servlet-2.5-api
+BuildRequires: tomcat-jsp-2.2-api
+BuildRequires: bsh
+BuildRequires: junit
+BuildRequires: apache-commons-io
+BuildRequires: apache-commons-collections
+BuildRequires: apache-commons-fileupload
+BuildRequires: log4j
+BuildRequires: xom
+
+Requires: jpackage-utils
+Requires: java
+Requires: tomcat6-servlet-2.5-api
+Requires: tomcat-jsp-2.2-api
+Requires: apache-commons-collections
+Requires: apache-commons-fileupload
+Requires: log4j
+Requires: bsh
+Requires: xom
+
+%description
+OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source,
+web application security control library that makes it easier for programmers
+to write lower-risk applications. The ESAPI for Java library is designed to
+make it easier for programmers to retrofit security into existing applications.
+ESAPI for Java also serves as a solid foundation for new development.
+
+%package javadoc
+Summary: Javadocs for %{name}
+Group: Documentation
+Requires: jpackage-utils
+
+%description javadoc
+This package contains the API documentation for %{name}.
+
+%package doc
+Summary: Documentation for %{name}
+Group: Documentation
+License: CC-BY-SA
+
+%description doc
+This package contains the documentation for %{name}.
+
+%prep
+%setup -q -n owasp-esapi-java-%{version}
+
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+
+# Plugin not available
+%pom_remove_plugin "org.codehaus.mojo:versions-maven-plugin"
+
+# Atisammy not available
+%pom_remove_dep "org.owasp.antisamy:antisamy"
+
+# No POM file for bsh-core in Fedora
+%pom_xpath_inject "pom:dependencies/pom:dependency[pom:artifactId='bsh-core']" "<systemPath>$(build-classpath bsh-core)</systemPath>"
+%pom_xpath_inject "pom:dependencies/pom:dependency[pom:artifactId='bsh-core']" "<scope>system</scope>"
+
+%build
+mvn-rpmbuild \
+ -Dproject.build.sourceEncoding=UTF-8 \
+ package javadoc:aggregate
+
+%install
+install -d -m 755 $RPM_BUILD_ROOT%{_javadir}
+install -d -m 755 $RPM_BUILD_ROOT%{_mavenpomdir}
+install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}
+
+# JAR
+install -pm 644 target/esapi-%{version}.jar $RPM_BUILD_ROOT%{_javadir}/%{name}.jar
+
+# POM
+install -pm 644 pom.xml $RPM_BUILD_ROOT%{_mavenpomdir}/JPP-%{name}.pom
+
+# DEPMAP
+%add_maven_depmap JPP-%{name}.pom %{name}.jar
+
+# APIDOCS
+cp -rp target/site/apidocs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}
+
+%files
+%{_mavenpomdir}/*
+%{_mavendepmapfragdir}/*
+%{_javadir}/*
+
+%files javadoc
+%{_javadocdir}/%{name}
+
+%files doc
+%doc documentation/*
+
+%changelog
+* Wed Oct 10 2012 Marek Goldmann <mgoldman at redhat.com> - 2.0.1-2
+- Using build-classpath
+- Fixed doc subpackage R
+
+* Mon Oct 08 2012 Marek Goldmann <mgoldman at redhat.com> 2.0.1-1
+- Initial packaging
+
diff --git a/sources b/sources
index e69de29..28a9da8 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+bf6822f93b00bcd126627d1b2f64c8dc owasp-esapi-java-2.0.1.tar.xz
More information about the scm-commits
mailing list