PR to fix #517 and #588 (#591)

* Bump release to new release number, 2.2.2.0.

* Fixed #517 and #588 with currently only one unit test failing.

* Fixed my pom.xml for #588 and #517

* Fixed an encoding bug that was causing an early truncation involving invalid escape sequences.
This was causing test input jeff\WILLIAMS to be converted to jeffWILLIAMS and then passing a
validation test that it should have been failing.  Special thanks to Jeremiah Stacey for the root
cause analysis and repair.  For #517 and #588.

Co-authored-by: kwwall <[email protected]>
Co-authored-by: xeno6696 <xeno6696[at]gmail.com>

Author: xeno6696

src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java

@@ -211,7 +211,8 @@ public Character decodeCharacter( PushbackSequence<Character> input ) {
 		}
 
 		// ignore the backslash and return the character
-		return second;
+		input.reset();
+		return null;
 	}
 
 }

src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java

@@ -274,16 +274,16 @@ public String getValid( String context, String input ) throws ValidationExceptio
 		if (canonicalizeInput) {
 		    data = encoder.canonicalize(input);
 		} else {
-		    String message = String.format("Input validaiton excludes canonicalization.  Context: %s   Input: %s", context, input);
+		    String message = String.format("Input validation excludes canonicalization.  Context: %s   Input: %s", context, input);
 		    LOGGER.warning(Logger.SECURITY_AUDIT, message);
             data = input;
 		}
 
 		// check whitelist patterns
-		checkWhitelist(context, input);
+		checkWhitelist(context, data, input);
 
 		// check blacklist patterns
-		checkBlacklist(context, input);
+		checkBlacklist(context, data, input);
 
 		// validation passed
 		return data;

src/test/java/org/owasp/esapi/reference/EncoderTest.java

@@ -232,7 +232,7 @@ public void testCanonicalize() throws EncodingException {
         assertEquals( "\'", instance.canonicalize("\\'"));
         assertEquals( "\"", instance.canonicalize("\\\""));
         assertEquals( "\\", instance.canonicalize("\\\\"));
-        assertEquals( "<", instance.canonicalize("\\<"));
+        assertEquals( "\\<", instance.canonicalize("\\<"));
 
         assertEquals( "<", instance.canonicalize("\\u003c"));
         assertEquals( "<", instance.canonicalize("\\U003c"));