Cannot resolve symbol 'owasp', import error in intellij
I want to use ESAPI in my project and have added following dependency in the pom.xml
pom.xml with dependency:
<dependency>
<groupId>org.owasp.encoder</groupId>
<artifactId>encoder</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.5.0.0</version>
</dependency>
But when I import org.owasp.esapi.* intellij give me warning as shown in image.
I want to use ESAPI logger to prevent CRLF injection possibilities in log statements.
My current project uses slf4j.Logger
I am very new to this ESAPI and OWASP and have never used it and have tried from here https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-with-SLF4J#configuring-esapi-to-use-slf4j
Please tell me if im doing something wrong and how to correctly use ESAPI in project.
Well i found that I was adding this dependency in <dependencyManagement> tag instead of <dependencies> tag, that's why it wasn't downloading from the repository.
Previous:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.5.0.0</version>
</dependency>
</dependencies>
</dependencyManagement>
after fix:
<dependencies>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.5.0.0</version>
</dependency>
</dependencies>
Whats the difference in <dependencies> and <dependencyManagement> please refer this Differences between dependencyManagement and dependencies in Maven
- Options for token storage and refresh in SPAs
- Exclude CRS rules for some specific URLs
- How do I mitigate the HTTP Parameter Pollution vulnerability for the Captcha.aspx in the ASP.NET Web Forms application
- owasp-dependency-check: JavaScript code is not analyzed
- Blank Pages and Responses when using OWASP CSRF Guard
- OWASP ZAP not cleaning up after itself
- Use of a broken or risky cryptographic algorithm encryption algorithm. base64EncodedString should not be used
- What is "X-Content-Type-Options=nosniff"?
- HTML-Entity escaping to prevent XSS
- ModSecurity WAF log configuration
- Why is it common to put CSRF prevention tokens in cookies?
- Hello, how to solve Permission denied Error while trying to generate OWASP ZAP report using Full Scan Docker image
- Writing exclude configs for dependancy check
- Hydra with OWASP juice-shop
- Zap proxy converts Http requests to Https
- How to run security check on Angular project or how to run OWASP dependency check for Angular Project
- What are the differences between API IO and Web App IO? (OWASP's top 10s)
- Postman unable sending to OWASP ZAP with the same proxy configuration
- How to create "unsafe" environment for JavaScript XSS testing
- Bicep code to deploy WAF policy for Azure Application gateway
- How can i integrate OWASP ZAP with Cypress to run both together and get the Zap test Result and Owasp Zap result at the same time?
- OWASP ZAP Scan tool doesn't support requests in XML format
- Allowing "//" in URL.Any Security Standards for URL Definition?
- How to login and scan with OWASP Zap
- ZAP baseline scan doesn't generate report
- iOS certificate pinning with Swift and NSURLSession
- OWASP ZAP baseline scan returns unexpected error 1 in CI/CD pipeline
- How to force specific version of a transitive dependency (netty-codec-http) in gradle?
- Cross-Site Request Forgery Prevention: using a cookie for the Synchronizer Token Pattern
- OWASP sanitizer generates unexpected results