Skip to content

More tests #901

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: develop
Choose a base branch
from
Open

More tests #901

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
60a566b
Adding Test for ACRParameterLoaderHelper
jeremiahjstacey Nov 1, 2025
9dcfc91
ACRParameterLoaderHelper Test Updates
jeremiahjstacey Nov 1, 2025
0b349f0
ACRParameterLoaderHelperTest Updates
jeremiahjstacey Nov 1, 2025
c4db5ee
ACRParameterLoaderHelper Tests
jeremiahjstacey Nov 1, 2025
ae82fe4
DoNothinAction Cleanup
jeremiahjstacey Nov 1, 2025
a08e14e
Waf Action Tests
jeremiahjstacey Nov 1, 2025
92c99ea
Tests for esapi tags
jeremiahjstacey Nov 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 8 additions & 3 deletions ...n/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,14 @@

final public class ACRParameterLoaderHelper {

protected static String DEFAULT_KEY_FORMAT = "AccessControlRules.AccessControlRule(%s).Parameters.Parameter(%s)[@value]";
protected static String TIME_FORMAT = "h:mm a";


private ACRParameterLoaderHelper() { /* NO-OP Utility Ctr.*/ }

public static Object getParameterValue(XMLConfiguration config, int currentRule, int currentParameter, String parameterType) throws Exception {
String key = "AccessControlRules.AccessControlRule(" +
currentRule + ").Parameters.Parameter(" + currentParameter + ")[@value]";
String key = String.format(DEFAULT_KEY_FORMAT, currentRule, currentParameter);
Object parameterValue;
if("String".equalsIgnoreCase(parameterType)) {
parameterValue = config.getString(key);
Expand All @@ -31,7 +36,7 @@ public static Object getParameterValue(XMLConfiguration config, int currentRule,
} else if("Date".equalsIgnoreCase(parameterType)){
parameterValue = java.text.DateFormat.getDateInstance().parse(config.getString(key));
} else if("Time".equalsIgnoreCase(parameterType)){
java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat("h:mm a");
java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat(TIME_FORMAT);
parameterValue = sdf.parseObject(config.getString(key));
// parameterValue = java.text.DateFormat.getTimeInstance().parse(config.getString(key));
}
Expand Down
4 changes: 0 additions & 4 deletions src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,6 @@
*/
public class DoNothingAction extends Action {

public boolean failedRule() {
return this.failed;
}
Copy link
Collaborator Author

@jeremiahjstacey jeremiahjstacey Nov 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This method duplicates the super class' implementation. No point in it.



public boolean isActionNecessary() {
return false;
Expand Down
262 changes: 262 additions & 0 deletions ...va/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,262 @@
package org.owasp.esapi.reference.accesscontrol.policyloader;

import static org.junit.Assert.assertEquals;
import static org.mockito.ArgumentMatchers.eq;

import java.math.BigDecimal;
import java.math.BigInteger;
import java.util.Date;
import java.util.Random;

import org.apache.commons.configuration.XMLConfiguration;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;


public class ACRParameterLoaderHelperTest {


XMLConfiguration config = Mockito.spy(XMLConfiguration.class);

private String randomTestKey;
private int randomRuleIndex;
private int randomParameterIndex;

@Before
public void buildUniqueKey () {
// Assembling a unique key each test verifies that the delegate calls are getting the expected values from the test calls.
randomRuleIndex = Math.abs(new Random().nextInt() % 100);
randomParameterIndex = Math.abs(new Random().nextInt() % 100);
randomTestKey = String.format(ACRParameterLoaderHelper.DEFAULT_KEY_FORMAT, randomRuleIndex, randomParameterIndex);
}

@Test (expected = IllegalArgumentException.class)
public void testUnsupportedTypeThrowsException() throws Exception {
ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "Foo_to_the_Bar");
}

@Test
public void testStringParam_lowercaseType() throws Exception {
Mockito.doReturn("unused").when(config).getString(eq(randomTestKey));
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "string".toLowerCase());

// I don't really care what the response is here;
// I care that the delegate class was called as expected with the generated string key.
Mockito.verify(config, Mockito.times(1)).getString(randomTestKey);
Assert.assertEquals(String.class, response.getClass());
Assert.assertEquals("unused", response);
}

@Test
public void testStringArrayParam_lowercaseType() throws Exception {
Mockito.doReturn(new String[0]).when(config).getStringArray(eq(randomTestKey));
// Mockito.when(config.getStringArray(eq(randomTestKey))).thenReturn();
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "stringarray".toLowerCase());
Mockito.verify(config, Mockito.times(1)).getStringArray(randomTestKey);
Assert.assertEquals(String[].class, response.getClass());
}

@Test
public void testBooleanParam_lowercaseType() throws Exception {
Mockito.doReturn(Boolean.TRUE).when(config).getBoolean(eq(randomTestKey));
// Mockito.when(config.getBoolean(eq(randomTestKey))).thenReturn(Boolean.TRUE);
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "boolean".toLowerCase());
Mockito.verify(config, Mockito.times(1)).getBoolean(randomTestKey);
Assert.assertEquals(Boolean.class, response.getClass());
}

@Test
public void testByteParam_lowercaseType() throws Exception {
Mockito.doReturn( (byte)0 ).when(config).getByte( eq(randomTestKey) );
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "byte".toLowerCase());
Mockito.verify(config, Mockito.times(1)).getByte(randomTestKey);
Assert.assertEquals(Byte.class, response.getClass());
}

@Test
public void testIntParam_lowercaseType() throws Exception {
Mockito.doReturn(0).when(config).getInt(eq(randomTestKey));
// Mockito.when(config.getInt(eq(randomTestKey))).thenReturn(0);
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "int".toLowerCase());
Mockito.verify(config, Mockito.times(1)).getInt(randomTestKey);
Assert.assertEquals(Integer.class, response.getClass());
}

@Test
public void testLongParam_lowercaseType() throws Exception {
Mockito.doReturn(0L).when(config).getLong(eq(randomTestKey));
// Mockito.when(config.getLong(eq(randomTestKey))).thenReturn(0L);
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "long".toLowerCase());
Mockito.verify(config, Mockito.times(1)).getLong(randomTestKey);
Assert.assertEquals(Long.class, response.getClass());
}

@Test
public void testFloatParam_lowercaseType() throws Exception {
Mockito.doReturn((float) 0).when(config).getFloat(eq(randomTestKey));
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "float".toLowerCase());
Mockito.verify(config, Mockito.times(1)).getFloat(randomTestKey);
Assert.assertEquals(Float.class, response.getClass());
}

@Test
public void testDoubleParam_lowercaseType() throws Exception {
Mockito.doReturn(0d).when(config).getDouble(eq(randomTestKey));
// Mockito.when(config.getDouble(eq(randomTestKey))).thenReturn(0d);
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "double".toLowerCase());
Mockito.verify(config, Mockito.times(1)).getDouble(randomTestKey);
Assert.assertEquals(Double.class, response.getClass());
}


@Test
public void testBigDecimalParam_lowercaseType() throws Exception {
Mockito.doReturn(new BigDecimal(0)).when(config).getBigDecimal(eq(randomTestKey));
// Mockito.when(config.getBigDecimal(eq(randomTestKey))).thenReturn();
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "bigdecimal".toLowerCase());
Mockito.verify(config, Mockito.times(1)).getBigDecimal(randomTestKey);
Assert.assertEquals(BigDecimal.class, response.getClass());
}

@Test
public void testBigIntegerParam_lowercaseType() throws Exception {
Mockito.doReturn(new BigInteger("0")).when(config).getBigInteger(eq(randomTestKey));
// Mockito.when(config.getBigInteger(eq(randomTestKey))).thenReturn();
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "biginteger".toLowerCase());
Mockito.verify(config, Mockito.times(1)).getBigInteger(randomTestKey);
Assert.assertEquals(BigInteger.class, response.getClass());
}

@Test
public void testDateParam_lowercaseType() throws Exception {
String adate = java.text.DateFormat.getDateInstance().format(new Date());
Mockito.doReturn(adate).when(config).getString(eq(randomTestKey));
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "date".toLowerCase());
Mockito.verify(config, Mockito.times(1)).getString(randomTestKey);
Assert.assertEquals(Date.class, response.getClass());
}

@Test
public void testTimeParam_lowercaseType() throws Exception {
String atime = new java.text.SimpleDateFormat(ACRParameterLoaderHelper.TIME_FORMAT).format(new Date());
Mockito.doReturn(atime).when(config).getString(eq(randomTestKey));
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "time".toLowerCase());
Mockito.verify(config, Mockito.times(1)).getString(randomTestKey);
Assert.assertEquals(Date.class, response.getClass());
}



@Test
public void testStringParam_uppercaseType() throws Exception {
Mockito.doReturn("unused").when(config).getString(eq(randomTestKey));
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "string".toUpperCase());

// I don't really care what the response is here;
// I care that the delegate class was called as expected with the generated string key.
Mockito.verify(config, Mockito.times(1)).getString(randomTestKey);
Assert.assertEquals(String.class, response.getClass());
Assert.assertEquals("unused", response);
}

@Test
public void testStringArrayParam_uppercaseType() throws Exception {
Mockito.doReturn(new String[0]).when(config).getStringArray(eq(randomTestKey));
// Mockito.when(config.getStringArray(eq(randomTestKey))).thenReturn();
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "stringarray".toUpperCase());
Mockito.verify(config, Mockito.times(1)).getStringArray(randomTestKey);
Assert.assertEquals(String[].class, response.getClass());
}

@Test
public void testBooleanParam_uppercaseType() throws Exception {
Mockito.doReturn(Boolean.TRUE).when(config).getBoolean(eq(randomTestKey));
// Mockito.when(config.getBoolean(eq(randomTestKey))).thenReturn(Boolean.TRUE);
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "boolean".toUpperCase());
Mockito.verify(config, Mockito.times(1)).getBoolean(randomTestKey);
Assert.assertEquals(Boolean.class, response.getClass());
}

@Test
public void testByteParam_uppercaseType() throws Exception {
Mockito.doReturn( (byte)0 ).when(config).getByte( eq(randomTestKey) );
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "byte".toUpperCase());
Mockito.verify(config, Mockito.times(1)).getByte(randomTestKey);
Assert.assertEquals(Byte.class, response.getClass());
}

@Test
public void testIntParam_uppercaseType() throws Exception {
Mockito.doReturn(0).when(config).getInt(eq(randomTestKey));
// Mockito.when(config.getInt(eq(randomTestKey))).thenReturn(0);
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "int".toUpperCase());
Mockito.verify(config, Mockito.times(1)).getInt(randomTestKey);
Assert.assertEquals(Integer.class, response.getClass());
}

@Test
public void testLongParam_uppercaseType() throws Exception {
Mockito.doReturn(0L).when(config).getLong(eq(randomTestKey));
// Mockito.when(config.getLong(eq(randomTestKey))).thenReturn(0L);
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "long".toUpperCase());
Mockito.verify(config, Mockito.times(1)).getLong(randomTestKey);
Assert.assertEquals(Long.class, response.getClass());
}

@Test
public void testFloatParam_uppercaseType() throws Exception {
Mockito.doReturn((float) 0).when(config).getFloat(eq(randomTestKey));
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "float".toUpperCase());
Mockito.verify(config, Mockito.times(1)).getFloat(randomTestKey);
Assert.assertEquals(Float.class, response.getClass());
}

@Test
public void testDoubleParam_uppercaseType() throws Exception {
Mockito.doReturn(0d).when(config).getDouble(eq(randomTestKey));
// Mockito.when(config.getDouble(eq(randomTestKey))).thenReturn(0d);
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "double".toUpperCase());
Mockito.verify(config, Mockito.times(1)).getDouble(randomTestKey);
Assert.assertEquals(Double.class, response.getClass());
}


@Test
public void testBigDecimalParam_uppercaseType() throws Exception {
Mockito.doReturn(new BigDecimal(0)).when(config).getBigDecimal(eq(randomTestKey));
// Mockito.when(config.getBigDecimal(eq(randomTestKey))).thenReturn();
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "bigdecimal".toUpperCase());
Mockito.verify(config, Mockito.times(1)).getBigDecimal(randomTestKey);
Assert.assertEquals(BigDecimal.class, response.getClass());
}

@Test
public void testBigIntegerParam_uppercaseType() throws Exception {
Mockito.doReturn(new BigInteger("0")).when(config).getBigInteger(eq(randomTestKey));
// Mockito.when(config.getBigInteger(eq(randomTestKey))).thenReturn();
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "biginteger".toUpperCase());
Mockito.verify(config, Mockito.times(1)).getBigInteger(randomTestKey);
Assert.assertEquals(BigInteger.class, response.getClass());
}

@Test
public void testDateParam_uppercaseType() throws Exception {
String adate = java.text.DateFormat.getDateInstance().format(new Date());
Mockito.doReturn(adate).when(config).getString(eq(randomTestKey));
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "date".toUpperCase());
Mockito.verify(config, Mockito.times(1)).getString(randomTestKey);
Assert.assertEquals(Date.class, response.getClass());
}

@Test
public void testTimeParam_uppercaseType() throws Exception {
String atime = new java.text.SimpleDateFormat(ACRParameterLoaderHelper.TIME_FORMAT).format(new Date());
Mockito.doReturn(atime).when(config).getString(eq(randomTestKey));
Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "time".toUpperCase());
Mockito.verify(config, Mockito.times(1)).getString(randomTestKey);
Assert.assertEquals(Date.class, response.getClass());
}

}
52 changes: 52 additions & 0 deletions src/test/java/org/owasp/esapi/tags/EncodeForBase64TagTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
package org.owasp.esapi.tags;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;

import java.io.UnsupportedEncodingException;

import javax.servlet.jsp.JspTagException;

import org.junit.Test;
import org.mockito.Mockito;
import org.owasp.esapi.Encoder;

public class EncodeForBase64TagTest {


Encoder encoder = Mockito.spy(Encoder.class);


@Test
public void assertEncoderInvocation() throws Exception {
String input = "Magic String";
EncodeForBase64Tag uit = new EncodeForBase64Tag();
Mockito.when(encoder.encodeForBase64(input.getBytes("UTF-8"), false)).thenReturn("unused");

uit.encode(input, encoder);
Mockito.verify(encoder, Mockito.times(1)).encodeForBase64(input.getBytes("UTF-8"), false);

}

@Test
public void testSettersGetters() {
EncodeForBase64Tag uit = new EncodeForBase64Tag();
assertEquals("UTF-8", uit.getEncoding());
assertFalse(uit.getWrap());

uit.setWrap(true);
uit.setEncoding("ASCII");

assertEquals("ASCII", uit.getEncoding());
assertTrue(uit.getWrap());
}

@Test (expected = JspTagException.class)
public void assertExceptionOnEncodingFalure() throws Exception {
String input = "Magic String";
EncodeForBase64Tag uit = new EncodeForBase64Tag();
Mockito.when(encoder.encodeForBase64(input.getBytes("UTF-8"), false)).thenAnswer(i -> { throw new UnsupportedEncodingException();});
uit.encode(input, encoder);
}
}
23 changes: 23 additions & 0 deletions src/test/java/org/owasp/esapi/tags/EncodeForCSSTagTest2.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
package org.owasp.esapi.tags;

import org.junit.Test;
import org.mockito.Mockito;
import org.owasp.esapi.Encoder;

public class EncodeForCSSTagTest2 {


Encoder encoder = Mockito.spy(Encoder.class);


@Test
public void assertEncoderInvocation() {
String input = "Magic String";
EncodeForCSSTag uit = new EncodeForCSSTag();
Mockito.when(encoder.encodeForCSS(input)).thenReturn("unused");

uit.encode(input, encoder);
Mockito.verify(encoder, Mockito.times(1)).encodeForCSS(input);

}
}
Loading