[28866] | 1 | OWASP ESAPI for C++ package and its dependencies
|
---|
| 2 | -------------------------------------------------------
|
---|
| 3 | Used to ensure cgiargs that go into the webpage are safe.
|
---|
| 4 | See https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
|
---|
| 5 |
|
---|
| 6 |
|
---|
| 7 | OWASP ESAPI FOR C++
|
---|
| 8 | -------------------------------------------------------
|
---|
| 9 | The site is:
|
---|
| 10 | http://owasp-esapi-cplusplus.googlecode.com/svn/trunk/doc/html/index.html
|
---|
| 11 |
|
---|
| 12 | The code is from the 3 Mar 2014 svn checkout:
|
---|
| 13 | svn checkout https://owasp-esapi-cplusplus.googlecode.com/svn/trunk/ owasp-esapi-cpp
|
---|
| 14 |
|
---|
| 15 | A slight modification has been made to the package's GNUmakefile: the 2 references to -Wtrampolines have been commented out
|
---|
| 16 |
|
---|
| 17 |
|
---|
| 18 | COMPILATION
|
---|
| 19 | ----------------------------
|
---|
| 20 |
|
---|
| 21 | ./CASCADE-MAKE.sh
|
---|
| 22 |
|
---|
| 23 |
|
---|
| 24 | To compile up the test/TestMainWin32 binary:
|
---|
| 25 | runtime-src/packages/security/owasp-esapi-cpp/test>g++ -std=gnu++0x -DDEBUG -O0 -g3 -ggdb TestMainWin32.cpp -o TestMain.exe -I../esapi -I../.. -I../../echoprint-svn/linux/include -L ../lib -lesapi-c++
|
---|
| 26 |
|
---|
| 27 | Note that in the example above, the -std=gnu++0x used with gnu compilers (try -std=c++0x on other systems like VisC++) turns on experimental features of the c++ language. If this is undesirable, edit the owasp-for-cpp/esapi/EsapiCommon.h:
|
---|
| 28 |
|
---|
| 29 | //# include <memory>
|
---|
| 30 | //# include <unordered_map>
|
---|
| 31 | //using std::shared_ptr;
|
---|
| 32 | //using std::unordered_map;
|
---|
| 33 | # include <boost/shared_ptr.hpp>
|
---|
| 34 | # include <boost/unordered_map.hpp>
|
---|
| 35 | using boost::shared_ptr;
|
---|
| 36 | using boost::unordered_map;
|
---|
| 37 |
|
---|
| 38 |
|
---|
| 39 | The above uses the include files for unordered_map and shared_ptr from boost instead.
|
---|
| 40 |
|
---|
| 41 |
|
---|
| 42 |
|
---|
| 43 | OWASP-ESAPI-FOR-C++'s DEPENDENCIES
|
---|
| 44 | -------------------------------------
|
---|
| 45 | OWASP-ESAPI for C++ depends on the following:
|
---|
| 46 | - cryptopp
|
---|
| 47 | - Boost
|
---|
| 48 | - the safeint/Safe Integer header file, SafeInt3.hpp
|
---|
| 49 |
|
---|
| 50 | Compiling up Boost requires the following dependencies in the given order:
|
---|
| 51 | - zlib, bzip2, curl, cmake
|
---|
| 52 |
|
---|
| 53 | Boost compilation steps were taken from the echoprint gs2-extension
|
---|
| 54 | http://trac.greenstone.org/browser/gs2-extensions/echoprint/trunk/src?rev=head
|
---|
| 55 |
|
---|