Skip to content

Fix resource loading in HtmlSanitizerFuzzerTest #366

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jmanico merged 1 commit into from
Dec 19, 2025
Merged

Fix resource loading in HtmlSanitizerFuzzerTest #366

jmanico merged 1 commit into from
Dec 19, 2025
+12 −5

Conversation

@jospint
Copy link
Contributor

@jospint jospint commented Dec 19, 2025

Summary

Fix the failing HtmlSanitizerFuzzerTest.testFuzzHtmlParser test that was causing CI builds to fail.

Problem

The test was using org.apache.commons.codec.Resources.getInputStream() to load the benchmark resource file benchmark-data/Yahoo!.html. This method uses the thread's context class loader, which may not have the test resources on its classpath in certain execution environments like GitHub Actions with Maven Surefire.

java.lang.IllegalArgumentException: Unable to resolve required resource: benchmark-data/Yahoo!.html
    at org.apache.commons.codec.Resources.getInputStream(Resources.java:41)
    at org.owasp.html.HtmlSanitizerFuzzerTest.testFuzzHtmlParser(HtmlSanitizerFuzzerTest.java:66)

Solution

Replace the commons-codec Resources utility with the standard Java class loader approach:

getClass().getClassLoader().getResourceAsStream("benchmark-data/Yahoo!.html")

This is more reliable because it uses the same class loader that loaded the test class itself, guaranteeing the resource will be found since both the test class and the resource file are in the same classpath scope (target/test-classes/).

Changes

  • Removed org.apache.commons.codec.Resources import
  • Added java.io.InputStream import
  • Used standard Java resource loading with try-with-resources to properly handle the stream

Testing

  • All 324 tests pass locally with ./mvnw -B verify

@jospint
Fix resource loading in HtmlSanitizerFuzzerTest
17e5950 
Replace org.apache.commons.codec.Resources.getInputStream() with
standard Java class loader resource loading. The commons-codec
Resources class uses the thread context class loader which may not
have test resources on its classpath in certain environments like
GitHub Actions with Maven Surefire.

Using getClass().getClassLoader().getResourceAsStream() is more
reliable because it uses the same class loader that loaded the test
class, guaranteeing the resource will be found.
@jospint jospint mentioned this pull request Dec 19, 2025
Merged
@jmanico jmanico merged commit 742cbc0 into OWASP:main Dec 19, 2025
2 checks passed
@jospint jospint deleted the fix/resource-loading-in-fuzzer-test branch December 19, 2025 13:55
@melloware
Copy link

melloware commented Dec 19, 2025

Yep this was the same fix I made in my PR to get it to pass. I will rebase with this change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmanico jmanico jmanico approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jospint @melloware @jmanico