From 17e5950849898f564b15391d87bc23a81d46344d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jose=CC=81=20Pintado?= Date: Fri, 19 Dec 2025 14:45:48 +0100 Subject: [PATCH] Fix resource loading in HtmlSanitizerFuzzerTest Replace org.apache.commons.codec.Resources.getInputStream() with standard Java class loader resource loading. The commons-codec Resources class uses the thread context class loader which may not have test resources on its classpath in certain environments like GitHub Actions with Maven Surefire. Using getClass().getClassLoader().getResourceAsStream() is more reliable because it uses the same class loader that loaded the test class, guaranteeing the resource will be found. --- .../org/owasp/html/HtmlSanitizerFuzzerTest.java | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/owasp-java-html-sanitizer/src/test/java/org/owasp/html/HtmlSanitizerFuzzerTest.java b/owasp-java-html-sanitizer/src/test/java/org/owasp/html/HtmlSanitizerFuzzerTest.java index c302dd8e..633ed91d 100644 --- a/owasp-java-html-sanitizer/src/test/java/org/owasp/html/HtmlSanitizerFuzzerTest.java +++ b/owasp-java-html-sanitizer/src/test/java/org/owasp/html/HtmlSanitizerFuzzerTest.java @@ -29,6 +29,7 @@ package org.owasp.html; import java.io.BufferedReader; +import java.io.InputStream; import java.io.InputStreamReader; import java.nio.charset.StandardCharsets; import java.util.List; @@ -37,8 +38,6 @@ import java.util.concurrent.TimeUnit; import java.util.stream.Collectors; -import org.apache.commons.codec.Resources; - /** * Throws malformed inputs at the HTML sanitizer to try and crash it. * This test is stochastic -- not guaranteed to pass or fail consistently. @@ -62,9 +61,17 @@ public void text(String textChunk) { /* do nothing */ } }; public final void testFuzzHtmlParser() throws Exception { - String html = new BufferedReader(new InputStreamReader( - Resources.getInputStream("benchmark-data/Yahoo!.html"), - StandardCharsets.UTF_8)).lines().collect(Collectors.joining()); + String html; + try (InputStream resourceStream = getClass().getClassLoader() + .getResourceAsStream("benchmark-data/Yahoo!.html")) { + if (resourceStream == null) { + throw new IllegalArgumentException( + "Unable to resolve required resource: benchmark-data/Yahoo!.html"); + } + html = new BufferedReader(new InputStreamReader( + resourceStream, + StandardCharsets.UTF_8)).lines().collect(Collectors.joining()); + } int length = html.length(); char[] fuzzyHtml0 = new char[length];