DEVHIDE
Login Or Sign up

Cannot resolve symbol 'owasp', import error in intellij

474 Views Asked by At

I want to use ESAPI in my project and have added following dependency in the pom.xml

pom.xml with dependency:

            <dependency>
                <groupId>org.owasp.encoder</groupId>
                <artifactId>encoder</artifactId>
                <version>1.2.3</version>
            </dependency>
            <dependency>
                <groupId>org.owasp.esapi</groupId>
                <artifactId>esapi</artifactId>
                <version>2.5.0.0</version>
            </dependency>

But when I import org.owasp.esapi.* intellij give me warning as shown in image. enter image description here

I want to use ESAPI logger to prevent CRLF injection possibilities in log statements. My current project uses slf4j.Logger

I am very new to this ESAPI and OWASP and have never used it and have tried from here https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#configuring-esapi-to-use-slf4j

Please tell me if im doing something wrong and how to correctly use ESAPI in project.

owasp esapi crlf-vulnerability
Original Q&A
2

There are 2 best solutions below

2
jdk On BEST ANSWER

Well i found that I was adding this dependency in <dependencyManagement> tag instead of <dependencies> tag, that's why it wasn't downloading from the repository.

Previous:

<dependencyManagement>
  <dependencies>
    <dependency>
        <groupId>org.owasp.esapi</groupId>
        <artifactId>esapi</artifactId>
        <version>2.5.0.0</version>
    </dependency>
  </dependencies>
</dependencyManagement>

after fix:

  <dependencies>
    <dependency>
        <groupId>org.owasp.esapi</groupId>
        <artifactId>esapi</artifactId>
        <version>2.5.0.0</version>
    </dependency>
  </dependencies>

Whats the difference in <dependencies> and <dependencyManagement> please refer this Differences between dependencyManagement and dependencies in Maven

1
Kevin W. Wall On

Hmm. What JDK are you using with IntelliJ? Java 8 or later is required as of 2.4.0.0. That's the only thing that I can think of that would cause this behavior. Looks okay otherwise. Did you check if the esapi-2.5.0.0.jar got pulled down? Because it's either not finding that or it's not compatible with the Java version that your IntelliJ IDE is using.

Related Questions in OWASP

Related Questions in ESAPI

Related Questions in CRLF-VULNERABILITY

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.