001: /* ====================================================================
002: * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
003: *
004: * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
005: *
006: * Redistribution and use in source and binary forms, with or without
007: * modification, are permitted provided that the following conditions
008: * are met:
009: *
010: * 1. Redistributions of source code must retain the above copyright
011: * notice, this list of conditions and the following disclaimer.
012: *
013: * 2. Redistributions in binary form must reproduce the above copyright
014: * notice, this list of conditions and the following disclaimer in
015: * the documentation and/or other materials provided with the
016: * distribution.
017: *
018: * 3. The end-user documentation included with the redistribution,
019: * if any, must include the following acknowledgment:
020: * "This product includes software developed by Jcorporate Ltd.
021: * (http://www.jcorporate.com/)."
022: * Alternately, this acknowledgment may appear in the software itself,
023: * if and wherever such third-party acknowledgments normally appear.
024: *
025: * 4. "Jcorporate" and product names such as "Expresso" must
026: * not be used to endorse or promote products derived from this
027: * software without prior written permission. For written permission,
028: * please contact info@jcorporate.com.
029: *
030: * 5. Products derived from this software may not be called "Expresso",
031: * or other Jcorporate product names; nor may "Expresso" or other
032: * Jcorporate product names appear in their name, without prior
033: * written permission of Jcorporate Ltd.
034: *
035: * 6. No product derived from this software may compete in the same
036: * market space, i.e. framework, without prior written permission
037: * of Jcorporate Ltd. For written permission, please contact
038: * partners@jcorporate.com.
039: *
040: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
041: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
042: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
043: * DISCLAIMED. IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
044: * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
045: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
046: * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
047: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
048: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
049: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
050: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
051: * SUCH DAMAGE.
052: * ====================================================================
053: *
054: * This software consists of voluntary contributions made by many
055: * individuals on behalf of the Jcorporate Ltd. Contributions back
056: * to the project(s) are encouraged when you make modifications.
057: * Please send them to support@jcorporate.com. For more information
058: * on Jcorporate Ltd. and its products, please see
059: * <http://www.jcorporate.com/>.
060: *
061: * Portions of this software are based upon other open source
062: * products and are subject to their respective licenses.
063: */
064:
065: package com.jcorporate.expresso.core.security.filters;
066:
067: import com.jcorporate.expresso.services.test.ExpressoTestCase;
068: import junit.framework.TestSuite;
069:
070: /**
071: * Unit test for Security Filters
072: *
073: * @author Michael Rimov
074: * @version $Revision: 1.2 $ $Date: 2004/11/17 20:48:23 $
075: */
076: public class FilterTest extends ExpressoTestCase {
077: private static final String[] TestStrings = { "abcdefg<>%^lmnop",
078: "\"This is a test of the emergency broadcast system!!!\"",
079: "cat /etc/password", "\\What about This???\\",
080: "\' Or this \'", "& This? ",
081: "And lets just talk about some other stuff\n \t!!",
082: "<a href=\"www.nazdome.com\">",
083: "javascript:openWindow(\"Bad Girls dot Com\");" };
084: FilterManager fm = null;
085:
086: public FilterTest(String testName) throws Exception {
087: super (testName);
088: }
089:
090: public void setUp() {
091:
092: //Load FilterManager
093: fm = FilterManager.getInstance();
094:
095: if (fm == null) {
096: fail("Filter Manager was NULL!");
097:
098: return;
099: }
100: }
101:
102: public static void main(String[] args) throws Exception {
103: junit.textui.TestRunner.run(suite());
104: }
105:
106: public static junit.framework.Test suite() throws Exception {
107: return new TestSuite(FilterTest.class);
108: }
109:
110: public void testStandardFilter() throws Exception {
111: final String[] StandardFilterResult = {
112: "abcdefg<>%^lmnop",
113: ""This is a test of the emergency broadcast "
114: + "system!!!"",
115: "cat /etc/password",
116: "\\What about This???\\",
117: "' Or this '",
118: "& This? ",
119: "And lets just talk about some other stuff<br /> !!",
120: "<a href="www.nazdome.com">",
121: "javascript:openWindow("Bad Girls "
122: + "dot Com");" };
123: String result1;
124: String result2;
125:
126: //Standard Filter
127: for (int i = 0; i < TestStrings.length; i++) {
128: result1 = fm.filterString(TestStrings[i], ISO_8859_1.class,
129: "standardFilter");
130: assertTrue("Standard Filter Round 1: i="
131: + Integer.toString(i), result1
132: .equals(StandardFilterResult[i]));
133:
134: //result2 should equal reslt1. Further filtering shouldn't cause
135: //further multilation of the filtering string.
136: result2 = fm.filterString(result1, ISO_8859_1.class,
137: "standardFilter");
138: assertTrue("Standard Filter Round 2: i="
139: + Integer.toString(i), result2.equals(result1));
140: }
141: }
142:
143: public void testStripFilter() throws Exception {
144: // result with stripped chars replaced with " " - stripFilter has now changed
145: // final String[] StripFilterResult = {
146: // "abcdefg %^lmnop",
147: // " This is a test of the emergency broadcast system!!! ",
148: // "cat /etc/password", "\\What about This???\\", "' Or this '",
149: // " This? ", "And lets just talk about some other stuff !!",
150: // " a href= www.nazdome.com ",
151: // "javascript:openWindow( Bad Girls dot Com );"
152: // };
153: final String[] StripFilterResult = { "abcdefg%^lmnop",
154: "This is a test of the emergency broadcast system!!!",
155: "cat /etc/password", "\\What about This???\\",
156: "' Or this '", " This? ",
157: "And lets just talk about some other stuff !!",
158: "a href=www.nazdome.com",
159: "javascript:openWindow(Bad Girls dot Com);" };
160:
161: String result1;
162: String result2;
163:
164: for (int i = 0; i < TestStrings.length; i++) {
165: result1 = fm.filterString(TestStrings[i], ISO_8859_1.class,
166: "stripFilter");
167: assertTrue(
168: "Strip Filter Round 1: i=" + Integer.toString(i),
169: result1.equals(StripFilterResult[i]));
170:
171: //result2 should equal reslt1. Further filtering shouldn't cause
172: //further multilation of the filtering string.
173: result2 = fm.filterString(result1, ISO_8859_1.class,
174: "stripFilter");
175: assertTrue(
176: "Strip Filter Round 2: i=" + Integer.toString(i),
177: result2.equals(result1));
178: }
179: }
180:
181: public void testRawFilter() throws Exception {
182: final String[] RawFilterResult = {
183: "abcdefg<>%^lmnop",
184: "\"This is a test of the emergency broadcast system!!!\"",
185: "cat /etc/password", "\\What about This???\\",
186: "\' Or this \'", "& This? ",
187: "And lets just talk about some other stuff\n \t!!",
188: "<a href=\"www.nazdome.com\">",
189: "javascript:openWindow(\"Bad Girls dot Com\");" };
190: String result1;
191: String result2;
192:
193: for (int i = 0; i < TestStrings.length; i++) {
194: result1 = fm.filterString(TestStrings[i], ISO_8859_1.class,
195: "rawFilter");
196: assertTrue("Raw Filter Rount 1: i=" + Integer.toString(i),
197: result1.equals(RawFilterResult[i]));
198:
199: //result2 should equal reslt1. Further filtering shouldn't cause
200: //further multilation of the filtering string.
201: result2 = fm.filterString(result1, ISO_8859_1.class,
202: "rawFilter");
203: assertTrue("Raw Filter Rount 2: i=" + Integer.toString(i),
204: result2.equals(result1));
205: }
206: }
207:
208: /* This was removed because I suspect of an APi change that required it.
209:
210: @todo research this.
211:
212: public void testBadCharset() throws Exception {
213:
214: //
215:
216: //Finally, check for bad inputs
217:
218: //
219:
220: String temp;
221:
222: try {
223:
224: temp = fm.filterString(TestStrings[0], "ISO-8859", "rawFilter");
225:
226: fail("Failed Test: Bad Characterset parameter");
227:
228: return;
229:
230: } catch(IllegalArgumentException e) { }
231:
232: }
233:
234: */
235: /**
236: * The filter manager should throw an IllegalArgumentException if a bad
237: * filtername is passed to it.
238: */
239: public void testBadFiltername() throws Exception {
240: String temp;
241:
242: try {
243: temp = fm.filterString(TestStrings[0], ISO_8859_1.class,
244: "badFilterName");
245: fail("Failed Test: Bad FilterName parameter");
246:
247: return;
248: } catch (IllegalArgumentException e) {
249: }
250: }
251:
252: }
|