Skip to content

Update CreditCard Validation class#912

Open
noloader wants to merge 1 commit into
ESAPI:developfrom
noloader:develop
Open

Update CreditCard Validation class#912
noloader wants to merge 1 commit into
ESAPI:developfrom
noloader:develop

Conversation

@noloader

@noloader noloader commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Update documentation
Add additional self tests
Add tests to verify canonicalization output

Update documentation
Add additional self tests
Add tests to verify canonicalization output
@noloader

noloader commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Hi Everyone,

I could not get ESAPI to build on Fedora 44 with OpenJDK 25. There were too many runtime errors. They seemed to be related to reflection.

I see "Java CI with Maven" in the CI/CD pipeline is having trouble, too. I was hoping to use ESAPI/GitHub pipeline to perform the testing.

$ lsb_release -a
Distributor ID: Fedora
Description:    Fedora Linux 44 (KDE Plasma Desktop Edition)
Release:        44

$ java -version
openjdk version "25.0.3" 2026-04-21
OpenJDK Runtime Environment (Red_Hat-25.0.3.0.9-1) (build 25.0.3+9)
OpenJDK 64-Bit Server VM (Red_Hat-25.0.3.0.9-1) (build 25.0.3+9, mixed mode, sharing)

@jeremiahjstacey

Copy link
Copy Markdown
Collaborator
$ java -version
openjdk version "25.0.3" 2026-04-21
OpenJDK Runtime Environment (Red_Hat-25.0.3.0.9-1) (build 25.0.3+9)
OpenJDK 64-Bit Server VM (Red_Hat-25.0.3.0.9-1) (build 25.0.3+9, mixed mode, sharing)

This is presently expected. Java 8 is needed for compatibility with the reflection utilities presently used to test the heavily used singleton state in this baseline.

We have been debating newer versions of Java, and associated tool updates; however, that path is not yet fully fleshed out.
For now the recommended (if not required) java version is 8. (we are aware of EOL and a large number of the restrictions that come with it)

@noloader

noloader commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

One thing I forgot to mention in the first comment... I could not tell what the canonical form is for a Credit Card number. I got lost when trying to find the behavior in the Encoder (and I was not able to run the code to see it in action).

I deduced the canonical form from the regex of ^(\\d{4}[- ]?){3}\\d{4}$. Since the regex asks for four groups of four decimal digits -- with spaces and hyphens optional -- the canonical form can only be the string of 16 decimal digits. Otherwise, space or hyphen would not be optional.

If someone can verify the canonicalized form for a credit card number, that would be super helpful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants