diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java index d0846fc2a..eaf08f894 100644 --- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java +++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java @@ -4,9 +4,14 @@ final public class ACRParameterLoaderHelper { + protected static String DEFAULT_KEY_FORMAT = "AccessControlRules.AccessControlRule(%s).Parameters.Parameter(%s)[@value]"; + protected static String TIME_FORMAT = "h:mm a"; + + + private ACRParameterLoaderHelper() { /* NO-OP Utility Ctr.*/ } + public static Object getParameterValue(XMLConfiguration config, int currentRule, int currentParameter, String parameterType) throws Exception { - String key = "AccessControlRules.AccessControlRule(" + - currentRule + ").Parameters.Parameter(" + currentParameter + ")[@value]"; + String key = String.format(DEFAULT_KEY_FORMAT, currentRule, currentParameter); Object parameterValue; if("String".equalsIgnoreCase(parameterType)) { parameterValue = config.getString(key); @@ -31,7 +36,7 @@ public static Object getParameterValue(XMLConfiguration config, int currentRule, } else if("Date".equalsIgnoreCase(parameterType)){ parameterValue = java.text.DateFormat.getDateInstance().parse(config.getString(key)); } else if("Time".equalsIgnoreCase(parameterType)){ - java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat("h:mm a"); + java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat(TIME_FORMAT); parameterValue = sdf.parseObject(config.getString(key)); // parameterValue = java.text.DateFormat.getTimeInstance().parse(config.getString(key)); } diff --git a/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java b/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java index 70d5970f2..893655675 100644 --- a/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java +++ b/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java @@ -22,10 +22,6 @@ */ public class DoNothingAction extends Action { - public boolean failedRule() { - return this.failed; - } - public boolean isActionNecessary() { return false; diff --git a/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java new file mode 100644 index 000000000..c851c6cb5 --- /dev/null +++ b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java @@ -0,0 +1,262 @@ +package org.owasp.esapi.reference.accesscontrol.policyloader; + +import static org.junit.Assert.assertEquals; +import static org.mockito.ArgumentMatchers.eq; + +import java.math.BigDecimal; +import java.math.BigInteger; +import java.util.Date; +import java.util.Random; + +import org.apache.commons.configuration.XMLConfiguration; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; + + +public class ACRParameterLoaderHelperTest { + + + XMLConfiguration config = Mockito.spy(XMLConfiguration.class); + + private String randomTestKey; + private int randomRuleIndex; + private int randomParameterIndex; + + @Before + public void buildUniqueKey () { + // Assembling a unique key each test verifies that the delegate calls are getting the expected values from the test calls. + randomRuleIndex = Math.abs(new Random().nextInt() % 100); + randomParameterIndex = Math.abs(new Random().nextInt() % 100); + randomTestKey = String.format(ACRParameterLoaderHelper.DEFAULT_KEY_FORMAT, randomRuleIndex, randomParameterIndex); + } + + @Test (expected = IllegalArgumentException.class) + public void testUnsupportedTypeThrowsException() throws Exception { + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "Foo_to_the_Bar"); + } + + @Test + public void testStringParam_lowercaseType() throws Exception { + Mockito.doReturn("unused").when(config).getString(eq(randomTestKey)); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "string".toLowerCase()); + + // I don't really care what the response is here; + // I care that the delegate class was called as expected with the generated string key. + Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + Assert.assertEquals(String.class, response.getClass()); + Assert.assertEquals("unused", response); + } + + @Test + public void testStringArrayParam_lowercaseType() throws Exception { + Mockito.doReturn(new String[0]).when(config).getStringArray(eq(randomTestKey)); + // Mockito.when(config.getStringArray(eq(randomTestKey))).thenReturn(); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "stringarray".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getStringArray(randomTestKey); + Assert.assertEquals(String[].class, response.getClass()); + } + + @Test + public void testBooleanParam_lowercaseType() throws Exception { + Mockito.doReturn(Boolean.TRUE).when(config).getBoolean(eq(randomTestKey)); + // Mockito.when(config.getBoolean(eq(randomTestKey))).thenReturn(Boolean.TRUE); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "boolean".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getBoolean(randomTestKey); + Assert.assertEquals(Boolean.class, response.getClass()); + } + + @Test + public void testByteParam_lowercaseType() throws Exception { + Mockito.doReturn( (byte)0 ).when(config).getByte( eq(randomTestKey) ); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "byte".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getByte(randomTestKey); + Assert.assertEquals(Byte.class, response.getClass()); + } + + @Test + public void testIntParam_lowercaseType() throws Exception { + Mockito.doReturn(0).when(config).getInt(eq(randomTestKey)); + // Mockito.when(config.getInt(eq(randomTestKey))).thenReturn(0); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "int".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getInt(randomTestKey); + Assert.assertEquals(Integer.class, response.getClass()); + } + + @Test + public void testLongParam_lowercaseType() throws Exception { + Mockito.doReturn(0L).when(config).getLong(eq(randomTestKey)); + // Mockito.when(config.getLong(eq(randomTestKey))).thenReturn(0L); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "long".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getLong(randomTestKey); + Assert.assertEquals(Long.class, response.getClass()); + } + + @Test + public void testFloatParam_lowercaseType() throws Exception { + Mockito.doReturn((float) 0).when(config).getFloat(eq(randomTestKey)); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "float".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getFloat(randomTestKey); + Assert.assertEquals(Float.class, response.getClass()); + } + + @Test + public void testDoubleParam_lowercaseType() throws Exception { + Mockito.doReturn(0d).when(config).getDouble(eq(randomTestKey)); + // Mockito.when(config.getDouble(eq(randomTestKey))).thenReturn(0d); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "double".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getDouble(randomTestKey); + Assert.assertEquals(Double.class, response.getClass()); + } + + + @Test + public void testBigDecimalParam_lowercaseType() throws Exception { + Mockito.doReturn(new BigDecimal(0)).when(config).getBigDecimal(eq(randomTestKey)); + // Mockito.when(config.getBigDecimal(eq(randomTestKey))).thenReturn(); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "bigdecimal".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getBigDecimal(randomTestKey); + Assert.assertEquals(BigDecimal.class, response.getClass()); + } + + @Test + public void testBigIntegerParam_lowercaseType() throws Exception { + Mockito.doReturn(new BigInteger("0")).when(config).getBigInteger(eq(randomTestKey)); + // Mockito.when(config.getBigInteger(eq(randomTestKey))).thenReturn(); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "biginteger".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getBigInteger(randomTestKey); + Assert.assertEquals(BigInteger.class, response.getClass()); + } + + @Test + public void testDateParam_lowercaseType() throws Exception { + String adate = java.text.DateFormat.getDateInstance().format(new Date()); + Mockito.doReturn(adate).when(config).getString(eq(randomTestKey)); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "date".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + Assert.assertEquals(Date.class, response.getClass()); + } + + @Test + public void testTimeParam_lowercaseType() throws Exception { + String atime = new java.text.SimpleDateFormat(ACRParameterLoaderHelper.TIME_FORMAT).format(new Date()); + Mockito.doReturn(atime).when(config).getString(eq(randomTestKey)); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "time".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + Assert.assertEquals(Date.class, response.getClass()); + } + + + + @Test + public void testStringParam_uppercaseType() throws Exception { + Mockito.doReturn("unused").when(config).getString(eq(randomTestKey)); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "string".toUpperCase()); + + // I don't really care what the response is here; + // I care that the delegate class was called as expected with the generated string key. + Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + Assert.assertEquals(String.class, response.getClass()); + Assert.assertEquals("unused", response); + } + + @Test + public void testStringArrayParam_uppercaseType() throws Exception { + Mockito.doReturn(new String[0]).when(config).getStringArray(eq(randomTestKey)); + // Mockito.when(config.getStringArray(eq(randomTestKey))).thenReturn(); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "stringarray".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getStringArray(randomTestKey); + Assert.assertEquals(String[].class, response.getClass()); + } + + @Test + public void testBooleanParam_uppercaseType() throws Exception { + Mockito.doReturn(Boolean.TRUE).when(config).getBoolean(eq(randomTestKey)); + // Mockito.when(config.getBoolean(eq(randomTestKey))).thenReturn(Boolean.TRUE); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "boolean".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getBoolean(randomTestKey); + Assert.assertEquals(Boolean.class, response.getClass()); + } + + @Test + public void testByteParam_uppercaseType() throws Exception { + Mockito.doReturn( (byte)0 ).when(config).getByte( eq(randomTestKey) ); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "byte".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getByte(randomTestKey); + Assert.assertEquals(Byte.class, response.getClass()); + } + + @Test + public void testIntParam_uppercaseType() throws Exception { + Mockito.doReturn(0).when(config).getInt(eq(randomTestKey)); + // Mockito.when(config.getInt(eq(randomTestKey))).thenReturn(0); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "int".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getInt(randomTestKey); + Assert.assertEquals(Integer.class, response.getClass()); + } + + @Test + public void testLongParam_uppercaseType() throws Exception { + Mockito.doReturn(0L).when(config).getLong(eq(randomTestKey)); + // Mockito.when(config.getLong(eq(randomTestKey))).thenReturn(0L); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "long".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getLong(randomTestKey); + Assert.assertEquals(Long.class, response.getClass()); + } + + @Test + public void testFloatParam_uppercaseType() throws Exception { + Mockito.doReturn((float) 0).when(config).getFloat(eq(randomTestKey)); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "float".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getFloat(randomTestKey); + Assert.assertEquals(Float.class, response.getClass()); + } + + @Test + public void testDoubleParam_uppercaseType() throws Exception { + Mockito.doReturn(0d).when(config).getDouble(eq(randomTestKey)); + // Mockito.when(config.getDouble(eq(randomTestKey))).thenReturn(0d); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "double".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getDouble(randomTestKey); + Assert.assertEquals(Double.class, response.getClass()); + } + + + @Test + public void testBigDecimalParam_uppercaseType() throws Exception { + Mockito.doReturn(new BigDecimal(0)).when(config).getBigDecimal(eq(randomTestKey)); + // Mockito.when(config.getBigDecimal(eq(randomTestKey))).thenReturn(); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "bigdecimal".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getBigDecimal(randomTestKey); + Assert.assertEquals(BigDecimal.class, response.getClass()); + } + + @Test + public void testBigIntegerParam_uppercaseType() throws Exception { + Mockito.doReturn(new BigInteger("0")).when(config).getBigInteger(eq(randomTestKey)); + // Mockito.when(config.getBigInteger(eq(randomTestKey))).thenReturn(); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "biginteger".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getBigInteger(randomTestKey); + Assert.assertEquals(BigInteger.class, response.getClass()); + } + + @Test + public void testDateParam_uppercaseType() throws Exception { + String adate = java.text.DateFormat.getDateInstance().format(new Date()); + Mockito.doReturn(adate).when(config).getString(eq(randomTestKey)); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "date".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + Assert.assertEquals(Date.class, response.getClass()); + } + + @Test + public void testTimeParam_uppercaseType() throws Exception { + String atime = new java.text.SimpleDateFormat(ACRParameterLoaderHelper.TIME_FORMAT).format(new Date()); + Mockito.doReturn(atime).when(config).getString(eq(randomTestKey)); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "time".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + Assert.assertEquals(Date.class, response.getClass()); + } + +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForBase64TagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForBase64TagTest.java new file mode 100644 index 000000000..64cc259b8 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForBase64TagTest.java @@ -0,0 +1,52 @@ +package org.owasp.esapi.tags; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.io.UnsupportedEncodingException; + +import javax.servlet.jsp.JspTagException; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForBase64TagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() throws Exception { + String input = "Magic String"; + EncodeForBase64Tag uit = new EncodeForBase64Tag(); + Mockito.when(encoder.encodeForBase64(input.getBytes("UTF-8"), false)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForBase64(input.getBytes("UTF-8"), false); + + } + + @Test + public void testSettersGetters() { + EncodeForBase64Tag uit = new EncodeForBase64Tag(); + assertEquals("UTF-8", uit.getEncoding()); + assertFalse(uit.getWrap()); + + uit.setWrap(true); + uit.setEncoding("ASCII"); + + assertEquals("ASCII", uit.getEncoding()); + assertTrue(uit.getWrap()); + } + + @Test (expected = JspTagException.class) + public void assertExceptionOnEncodingFalure() throws Exception { + String input = "Magic String"; + EncodeForBase64Tag uit = new EncodeForBase64Tag(); + Mockito.when(encoder.encodeForBase64(input.getBytes("UTF-8"), false)).thenAnswer(i -> { throw new UnsupportedEncodingException();}); + uit.encode(input, encoder); + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForCSSTagTest2.java b/src/test/java/org/owasp/esapi/tags/EncodeForCSSTagTest2.java new file mode 100644 index 000000000..f1539eae0 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForCSSTagTest2.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForCSSTagTest2 { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForCSSTag uit = new EncodeForCSSTag(); + Mockito.when(encoder.encodeForCSS(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForCSS(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTagTest.java new file mode 100644 index 000000000..5162b3aef --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForHTMLAttributeTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForHTMLAttributeTag uit = new EncodeForHTMLAttributeTag(); + Mockito.when(encoder.encodeForHTMLAttribute(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForHTMLAttribute(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForHTMLTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForHTMLTagTest.java new file mode 100644 index 000000000..2f4a2e654 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForHTMLTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForHTMLTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForHTMLTag uit = new EncodeForHTMLTag(); + Mockito.when(encoder.encodeForHTML(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForHTML(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForJavaScriptTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForJavaScriptTagTest.java new file mode 100644 index 000000000..7d874e85e --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForJavaScriptTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForJavaScriptTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForJavaScriptTag uit = new EncodeForJavaScriptTag(); + Mockito.when(encoder.encodeForJavaScript(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForJavaScript(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForURLTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForURLTagTest.java new file mode 100644 index 000000000..ca6d10562 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForURLTagTest.java @@ -0,0 +1,34 @@ +package org.owasp.esapi.tags; + +import javax.servlet.jsp.JspTagException; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; +import org.owasp.esapi.errors.EncodingException; + +public class EncodeForURLTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() throws Exception { + String input = "Magic String"; + EncodeForURLTag uit = new EncodeForURLTag(); + Mockito.when(encoder.encodeForURL(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForURL(input); + + } + + @Test (expected = JspTagException.class) + public void assertExceptionOnEncodingFalure() throws Exception { + String input = "Magic String"; + EncodeForURLTag uit = new EncodeForURLTag(); + Mockito.when(encoder.encodeForURL(input)).thenThrow(new EncodingException("Test-Scope", "SAMPLE")); + uit.encode(input, encoder); + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForVBScriptTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForVBScriptTagTest.java new file mode 100644 index 000000000..9e3a94a82 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForVBScriptTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForVBScriptTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForVBScriptTag uit = new EncodeForVBScriptTag(); + Mockito.when(encoder.encodeForVBScript(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForVBScript(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForXMLAttributeTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForXMLAttributeTagTest.java new file mode 100644 index 000000000..79c5b2aed --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForXMLAttributeTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForXMLAttributeTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForXMLAttributeTag uit = new EncodeForXMLAttributeTag(); + Mockito.when(encoder.encodeForXMLAttribute(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForXMLAttribute(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForXMLTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForXMLTagTest.java new file mode 100644 index 000000000..54e50d4c6 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForXMLTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForXMLTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForXMLTag uit = new EncodeForXMLTag(); + Mockito.when(encoder.encodeForXML(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForXML(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForXPathTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForXPathTagTest.java new file mode 100644 index 000000000..ad0528725 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForXPathTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForXPathTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForXPathTag uit = new EncodeForXPathTag(); + Mockito.when(encoder.encodeForXPath(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForXPath(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/waf/actions/ActionTest.java b/src/test/java/org/owasp/esapi/waf/actions/ActionTest.java new file mode 100644 index 000000000..5f8e83bb3 --- /dev/null +++ b/src/test/java/org/owasp/esapi/waf/actions/ActionTest.java @@ -0,0 +1,25 @@ +package org.owasp.esapi.waf.actions; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +public class ActionTest { + + @Test + public void assertDefaultState() { + Action uit = new Action() {}; + assertTrue(uit.failedRule()); + assertTrue(uit.isActionNecessary()); + } + + @Test + public void assertSettersGetters() { + Action uit = new Action() {}; + uit.setActionNecessary(false); + uit.setFailed(false); + assertFalse(uit.failedRule()); + assertFalse(uit.isActionNecessary()); + } +} diff --git a/src/test/java/org/owasp/esapi/waf/actions/BlockActionTest.java b/src/test/java/org/owasp/esapi/waf/actions/BlockActionTest.java new file mode 100644 index 000000000..dd16ee11c --- /dev/null +++ b/src/test/java/org/owasp/esapi/waf/actions/BlockActionTest.java @@ -0,0 +1,26 @@ +package org.owasp.esapi.waf.actions; + +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +public class BlockActionTest { + + @Test + public void assertDefaultState() { + BlockAction uit = new BlockAction(); + assertTrue(uit.failedRule()); + assertTrue(uit.isActionNecessary()); + } + + @Test + public void assertSettersGetters_DO_NOTHING() { + BlockAction uit = new BlockAction(); + uit.setActionNecessary(false); + uit.setFailed(false); + + //Beautiful.... + assertTrue(uit.failedRule()); + assertTrue(uit.isActionNecessary()); + } +} diff --git a/src/test/java/org/owasp/esapi/waf/actions/DefaultActionTest.java b/src/test/java/org/owasp/esapi/waf/actions/DefaultActionTest.java new file mode 100644 index 000000000..f497f5f40 --- /dev/null +++ b/src/test/java/org/owasp/esapi/waf/actions/DefaultActionTest.java @@ -0,0 +1,26 @@ +package org.owasp.esapi.waf.actions; + +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +public class DefaultActionTest { + + @Test + public void assertDefaultState() { + DefaultAction uit = new DefaultAction(); + assertTrue(uit.failedRule()); + assertTrue(uit.isActionNecessary()); + } + + @Test + public void assertSettersGetters_DO_NOTHING() { + DefaultAction uit = new DefaultAction(); + uit.setActionNecessary(false); + uit.setFailed(false); + + //Beautiful.... + assertTrue(uit.failedRule()); + assertTrue(uit.isActionNecessary()); + } +} diff --git a/src/test/java/org/owasp/esapi/waf/actions/DoNothingActionTest.java b/src/test/java/org/owasp/esapi/waf/actions/DoNothingActionTest.java new file mode 100644 index 000000000..7eff95926 --- /dev/null +++ b/src/test/java/org/owasp/esapi/waf/actions/DoNothingActionTest.java @@ -0,0 +1,32 @@ +package org.owasp.esapi.waf.actions; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +public class DoNothingActionTest { + + @Test + public void assertDefaultState() { + DoNothingAction uit = new DoNothingAction(); + assertTrue(uit.failedRule()); + assertFalse(uit.isActionNecessary()); + } + + @Test + public void assertSetGetFailed() { + DoNothingAction uit = new DoNothingAction(); + uit.setFailed(false); + assertFalse(uit.failedRule()); + } + + @Test + public void assertSetGetActionNecessary_DOES_NOTHING() { + DoNothingAction uit = new DoNothingAction(); + uit.setActionNecessary(true); + + // Room for improvement. + assertFalse(uit.isActionNecessary()); + } +} diff --git a/src/test/java/org/owasp/esapi/waf/actions/RedirectActionTest.java b/src/test/java/org/owasp/esapi/waf/actions/RedirectActionTest.java new file mode 100644 index 000000000..aca6b07da --- /dev/null +++ b/src/test/java/org/owasp/esapi/waf/actions/RedirectActionTest.java @@ -0,0 +1,30 @@ +package org.owasp.esapi.waf.actions; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +public class RedirectActionTest { + + @Test + public void assertDefaultState() { + RedirectAction uit = new RedirectAction(); + assertTrue(uit.failedRule()); + assertTrue(uit.isActionNecessary()); + assertNull(uit.getRedirectURL()); + } + + @Test + public void assertSettersGetters() { + RedirectAction uit = new RedirectAction(); + uit.setActionNecessary(false); + uit.setFailed(false); + uit.setRedirectURL("http://going_nowhere.com"); + assertFalse(uit.failedRule()); + assertFalse(uit.isActionNecessary()); + assertEquals("http://going_nowhere.com", uit.getRedirectURL()); + } +}