From 60a566bfe03be3b16ac599aff124eaaf55320503 Mon Sep 17 00:00:00 2001 From: "jeremiah.stacey" Date: Sat, 1 Nov 2025 10:40:44 -0500 Subject: [PATCH 1/7] Adding Test for ACRParameterLoaderHelper verifying case-insensitive matches for string arguments. Tests assert that the delegate XMLConfiguration receive the expected calls. --- .../ACRParameterLoaderHelperTest.java | 229 ++++++++++++++++++ 1 file changed, 229 insertions(+) create mode 100644 src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java diff --git a/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java new file mode 100644 index 000000000..811499562 --- /dev/null +++ b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java @@ -0,0 +1,229 @@ +package org.owasp.esapi.reference.accesscontrol.policyloader; + +import static org.mockito.ArgumentMatchers.eq; + +import java.math.BigDecimal; +import java.math.BigInteger; +import java.util.Date; +import java.util.Random; + +import org.apache.commons.configuration.XMLConfiguration; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; + +public class ACRParameterLoaderHelperTest { + private static String DEFAULT_KEY_FORMAT = "AccessControlRules.AccessControlRule(%s).Parameters.Parameter(%s)[@value]"; + + XMLConfiguration config = Mockito.spy(XMLConfiguration.class); + + private String randomTestKey; + private int randomRuleIndex; + private int randomParameterIndex; + + @Before + public void buildUniqueKey () { + // Assembling a unique key each test verifies that the delegate calls are getting the expected values from the test calls. + randomRuleIndex = Math.abs(new Random().nextInt() % 100); + randomParameterIndex = Math.abs(new Random().nextInt() % 100); + randomTestKey = String.format(DEFAULT_KEY_FORMAT, randomRuleIndex, randomParameterIndex); + } + + + @Test + public void testStringParam_lowercaseType() throws Exception { + Mockito.doReturn("unused").when(config).getString(eq(randomTestKey)); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "string".toLowerCase()); + + // I don't really care what the response is here; + // I care that the delegate class was called as expected with the generated string key. + Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + } + + @Test + public void testStringArrayParam_lowercaseType() throws Exception { + Mockito.doReturn(new String[0]).when(config).getStringArray(eq(randomTestKey)); + // Mockito.when(config.getStringArray(eq(randomTestKey))).thenReturn(); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "stringarray".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getStringArray(randomTestKey); + } + + @Test + public void testBooleanParam_lowercaseType() throws Exception { + Mockito.doReturn(Boolean.TRUE).when(config).getBoolean(eq(randomTestKey)); + // Mockito.when(config.getBoolean(eq(randomTestKey))).thenReturn(Boolean.TRUE); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "boolean".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getBoolean(randomTestKey); + } + + @Test + public void testByteParam_lowercaseType() throws Exception { + Mockito.doReturn( (byte)0 ).when(config).getByte( eq(randomTestKey) ); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "byte".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getByte(randomTestKey); + } + + @Test + public void testIntParam_lowercaseType() throws Exception { + Mockito.doReturn(0).when(config).getInt(eq(randomTestKey)); + // Mockito.when(config.getInt(eq(randomTestKey))).thenReturn(0); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "int".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getInt(randomTestKey); + } + + @Test + public void testLongParam_lowercaseType() throws Exception { + Mockito.doReturn(0L).when(config).getLong(eq(randomTestKey)); + // Mockito.when(config.getLong(eq(randomTestKey))).thenReturn(0L); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "long".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getLong(randomTestKey); + } + + @Test + public void testFloatParam_lowercaseType() throws Exception { + Mockito.doReturn((float) 0).when(config).getFloat(eq(randomTestKey)); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "float".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getFloat(randomTestKey); + } + + @Test + public void testDoubleParam_lowercaseType() throws Exception { + Mockito.doReturn(0d).when(config).getDouble(eq(randomTestKey)); + // Mockito.when(config.getDouble(eq(randomTestKey))).thenReturn(0d); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "double".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getDouble(randomTestKey); + } + + + @Test + public void testBigDecimalParam_lowercaseType() throws Exception { + Mockito.doReturn(new BigDecimal(0)).when(config).getBigDecimal(eq(randomTestKey)); + // Mockito.when(config.getBigDecimal(eq(randomTestKey))).thenReturn(); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "bigdecimal".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getBigDecimal(randomTestKey); + } + + @Test + public void testBigIntegerParam_lowercaseType() throws Exception { + Mockito.doReturn(new BigInteger("0")).when(config).getBigInteger(eq(randomTestKey)); + // Mockito.when(config.getBigInteger(eq(randomTestKey))).thenReturn(); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "biginteger".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getBigInteger(randomTestKey); + } + + @Test + public void testDateParam_lowercaseType() throws Exception { + String adate = java.text.DateFormat.getDateInstance().format(new Date()); + Mockito.doReturn(adate).when(config).getString(eq(randomTestKey)); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "date".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + } + + @Test + public void testTimeParam_lowercaseType() throws Exception { + String atime = new java.text.SimpleDateFormat("h:mm a").format(new Date()); + Mockito.doReturn(atime).when(config).getString(eq(randomTestKey)); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "time".toLowerCase()); + Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + } + + // ------------ + + @Test + public void testStringParam_uppercaseType() throws Exception { + Mockito.doReturn("unused").when(config).getString(eq(randomTestKey)); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "string".toUpperCase()); + + // I don't really care what the response is here; + // I care that the delegate class was called as expected with the generated string key. + Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + } + + @Test + public void testStringArrayParam_uppercaseType() throws Exception { + Mockito.doReturn(new String[0]).when(config).getStringArray(eq(randomTestKey)); + // Mockito.when(config.getStringArray(eq(randomTestKey))).thenReturn(); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "stringarray".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getStringArray(randomTestKey); + } + + @Test + public void testBooleanParam_uppercaseType() throws Exception { + Mockito.doReturn(Boolean.TRUE).when(config).getBoolean(eq(randomTestKey)); + // Mockito.when(config.getBoolean(eq(randomTestKey))).thenReturn(Boolean.TRUE); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "boolean".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getBoolean(randomTestKey); + } + + @Test + public void testByteParam_uppercaseType() throws Exception { + Mockito.doReturn( (byte)0 ).when(config).getByte( eq(randomTestKey) ); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "byte".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getByte(randomTestKey); + } + + @Test + public void testIntParam_uppercaseType() throws Exception { + Mockito.doReturn(0).when(config).getInt(eq(randomTestKey)); + // Mockito.when(config.getInt(eq(randomTestKey))).thenReturn(0); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "int".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getInt(randomTestKey); + } + + @Test + public void testLongParam_uppercaseType() throws Exception { + Mockito.doReturn(0L).when(config).getLong(eq(randomTestKey)); + // Mockito.when(config.getLong(eq(randomTestKey))).thenReturn(0L); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "long".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getLong(randomTestKey); + } + + @Test + public void testFloatParam_uppercaseType() throws Exception { + Mockito.doReturn((float) 0).when(config).getFloat(eq(randomTestKey)); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "float".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getFloat(randomTestKey); + } + + @Test + public void testDoubleParam_uppercaseType() throws Exception { + Mockito.doReturn(0d).when(config).getDouble(eq(randomTestKey)); + // Mockito.when(config.getDouble(eq(randomTestKey))).thenReturn(0d); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "double".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getDouble(randomTestKey); + } + + + @Test + public void testBigDecimalParam_uppercaseType() throws Exception { + Mockito.doReturn(new BigDecimal(0)).when(config).getBigDecimal(eq(randomTestKey)); + // Mockito.when(config.getBigDecimal(eq(randomTestKey))).thenReturn(); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "bigdecimal".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getBigDecimal(randomTestKey); + } + + @Test + public void testBigIntegerParam_uppercaseType() throws Exception { + Mockito.doReturn(new BigInteger("0")).when(config).getBigInteger(eq(randomTestKey)); + // Mockito.when(config.getBigInteger(eq(randomTestKey))).thenReturn(); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "biginteger".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getBigInteger(randomTestKey); + } + + @Test + public void testDateParam_uppercaseType() throws Exception { + String adate = java.text.DateFormat.getDateInstance().format(new Date()); + Mockito.doReturn(adate).when(config).getString(eq(randomTestKey)); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "date".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + } + + @Test + public void testTimeParam_uppercaseType() throws Exception { + String atime = new java.text.SimpleDateFormat("h:mm a").format(new Date()); + Mockito.doReturn(atime).when(config).getString(eq(randomTestKey)); + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "time".toUpperCase()); + Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + } + +} From 9dcfc916890cde8e6d7181256a93f426adcffba6 Mon Sep 17 00:00:00 2001 From: "jeremiah.stacey" Date: Sat, 1 Nov 2025 10:46:09 -0500 Subject: [PATCH 2/7] ACRParameterLoaderHelper Test Updates Created a private constructor in implementation to prevent utility class instances. Moved test-scope key format into class instance. Updated uses. Moved test-scoped time format into class instances. Updated uses. --- .../policyloader/ACRParameterLoaderHelper.java | 11 ++++++++--- .../policyloader/ACRParameterLoaderHelperTest.java | 9 ++++----- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java index d0846fc2a..eaf08f894 100644 --- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java +++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java @@ -4,9 +4,14 @@ final public class ACRParameterLoaderHelper { + protected static String DEFAULT_KEY_FORMAT = "AccessControlRules.AccessControlRule(%s).Parameters.Parameter(%s)[@value]"; + protected static String TIME_FORMAT = "h:mm a"; + + + private ACRParameterLoaderHelper() { /* NO-OP Utility Ctr.*/ } + public static Object getParameterValue(XMLConfiguration config, int currentRule, int currentParameter, String parameterType) throws Exception { - String key = "AccessControlRules.AccessControlRule(" + - currentRule + ").Parameters.Parameter(" + currentParameter + ")[@value]"; + String key = String.format(DEFAULT_KEY_FORMAT, currentRule, currentParameter); Object parameterValue; if("String".equalsIgnoreCase(parameterType)) { parameterValue = config.getString(key); @@ -31,7 +36,7 @@ public static Object getParameterValue(XMLConfiguration config, int currentRule, } else if("Date".equalsIgnoreCase(parameterType)){ parameterValue = java.text.DateFormat.getDateInstance().parse(config.getString(key)); } else if("Time".equalsIgnoreCase(parameterType)){ - java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat("h:mm a"); + java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat(TIME_FORMAT); parameterValue = sdf.parseObject(config.getString(key)); // parameterValue = java.text.DateFormat.getTimeInstance().parse(config.getString(key)); } diff --git a/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java index 811499562..9ea5480bc 100644 --- a/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java +++ b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java @@ -13,7 +13,7 @@ import org.mockito.Mockito; public class ACRParameterLoaderHelperTest { - private static String DEFAULT_KEY_FORMAT = "AccessControlRules.AccessControlRule(%s).Parameters.Parameter(%s)[@value]"; + XMLConfiguration config = Mockito.spy(XMLConfiguration.class); @@ -26,7 +26,7 @@ public void buildUniqueKey () { // Assembling a unique key each test verifies that the delegate calls are getting the expected values from the test calls. randomRuleIndex = Math.abs(new Random().nextInt() % 100); randomParameterIndex = Math.abs(new Random().nextInt() % 100); - randomTestKey = String.format(DEFAULT_KEY_FORMAT, randomRuleIndex, randomParameterIndex); + randomTestKey = String.format(ACRParameterLoaderHelper.DEFAULT_KEY_FORMAT, randomRuleIndex, randomParameterIndex); } @@ -121,13 +121,12 @@ public void testDateParam_lowercaseType() throws Exception { @Test public void testTimeParam_lowercaseType() throws Exception { - String atime = new java.text.SimpleDateFormat("h:mm a").format(new Date()); + String atime = new java.text.SimpleDateFormat(ACRParameterLoaderHelper.TIME_FORMAT).format(new Date()); Mockito.doReturn(atime).when(config).getString(eq(randomTestKey)); ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "time".toLowerCase()); Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); } - // ------------ @Test public void testStringParam_uppercaseType() throws Exception { @@ -220,7 +219,7 @@ public void testDateParam_uppercaseType() throws Exception { @Test public void testTimeParam_uppercaseType() throws Exception { - String atime = new java.text.SimpleDateFormat("h:mm a").format(new Date()); + String atime = new java.text.SimpleDateFormat(ACRParameterLoaderHelper.TIME_FORMAT).format(new Date()); Mockito.doReturn(atime).when(config).getString(eq(randomTestKey)); ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "time".toUpperCase()); Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); From 0b349f0ec3401591169905ae011bb612bfbc29e9 Mon Sep 17 00:00:00 2001 From: "jeremiah.stacey" Date: Sat, 1 Nov 2025 10:51:29 -0500 Subject: [PATCH 3/7] ACRParameterLoaderHelperTest Updates Adding case verifying exception on unknown parameter type. --- .../policyloader/ACRParameterLoaderHelperTest.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java index 9ea5480bc..5a36184f2 100644 --- a/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java +++ b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java @@ -29,6 +29,10 @@ public void buildUniqueKey () { randomTestKey = String.format(ACRParameterLoaderHelper.DEFAULT_KEY_FORMAT, randomRuleIndex, randomParameterIndex); } + @Test (expected = IllegalArgumentException.class) + public void testUnsupportedTypeThrowsException() throws Exception { + ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "Foo_to_the_Bar"); + } @Test public void testStringParam_lowercaseType() throws Exception { From c4db5eeb09e9abfbec9f651e8c1bd96de06aef47 Mon Sep 17 00:00:00 2001 From: "jeremiah.stacey" Date: Sat, 1 Nov 2025 11:06:40 -0500 Subject: [PATCH 4/7] ACRParameterLoaderHelper Tests Adding validation to assert the data type of the returned Objects. --- .../ACRParameterLoaderHelperTest.java | 78 +++++++++++++------ 1 file changed, 54 insertions(+), 24 deletions(-) diff --git a/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java index 5a36184f2..c851c6cb5 100644 --- a/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java +++ b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelperTest.java @@ -1,5 +1,6 @@ package org.owasp.esapi.reference.accesscontrol.policyloader; +import static org.junit.Assert.assertEquals; import static org.mockito.ArgumentMatchers.eq; import java.math.BigDecimal; @@ -8,10 +9,12 @@ import java.util.Random; import org.apache.commons.configuration.XMLConfiguration; +import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.mockito.Mockito; + public class ACRParameterLoaderHelperTest { @@ -37,65 +40,74 @@ public void testUnsupportedTypeThrowsException() throws Exception { @Test public void testStringParam_lowercaseType() throws Exception { Mockito.doReturn("unused").when(config).getString(eq(randomTestKey)); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "string".toLowerCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "string".toLowerCase()); // I don't really care what the response is here; // I care that the delegate class was called as expected with the generated string key. Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + Assert.assertEquals(String.class, response.getClass()); + Assert.assertEquals("unused", response); } @Test public void testStringArrayParam_lowercaseType() throws Exception { Mockito.doReturn(new String[0]).when(config).getStringArray(eq(randomTestKey)); // Mockito.when(config.getStringArray(eq(randomTestKey))).thenReturn(); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "stringarray".toLowerCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "stringarray".toLowerCase()); Mockito.verify(config, Mockito.times(1)).getStringArray(randomTestKey); + Assert.assertEquals(String[].class, response.getClass()); } @Test public void testBooleanParam_lowercaseType() throws Exception { Mockito.doReturn(Boolean.TRUE).when(config).getBoolean(eq(randomTestKey)); // Mockito.when(config.getBoolean(eq(randomTestKey))).thenReturn(Boolean.TRUE); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "boolean".toLowerCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "boolean".toLowerCase()); Mockito.verify(config, Mockito.times(1)).getBoolean(randomTestKey); + Assert.assertEquals(Boolean.class, response.getClass()); } @Test public void testByteParam_lowercaseType() throws Exception { Mockito.doReturn( (byte)0 ).when(config).getByte( eq(randomTestKey) ); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "byte".toLowerCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "byte".toLowerCase()); Mockito.verify(config, Mockito.times(1)).getByte(randomTestKey); + Assert.assertEquals(Byte.class, response.getClass()); } @Test public void testIntParam_lowercaseType() throws Exception { Mockito.doReturn(0).when(config).getInt(eq(randomTestKey)); // Mockito.when(config.getInt(eq(randomTestKey))).thenReturn(0); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "int".toLowerCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "int".toLowerCase()); Mockito.verify(config, Mockito.times(1)).getInt(randomTestKey); + Assert.assertEquals(Integer.class, response.getClass()); } @Test public void testLongParam_lowercaseType() throws Exception { Mockito.doReturn(0L).when(config).getLong(eq(randomTestKey)); // Mockito.when(config.getLong(eq(randomTestKey))).thenReturn(0L); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "long".toLowerCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "long".toLowerCase()); Mockito.verify(config, Mockito.times(1)).getLong(randomTestKey); + Assert.assertEquals(Long.class, response.getClass()); } @Test public void testFloatParam_lowercaseType() throws Exception { Mockito.doReturn((float) 0).when(config).getFloat(eq(randomTestKey)); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "float".toLowerCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "float".toLowerCase()); Mockito.verify(config, Mockito.times(1)).getFloat(randomTestKey); + Assert.assertEquals(Float.class, response.getClass()); } @Test public void testDoubleParam_lowercaseType() throws Exception { Mockito.doReturn(0d).when(config).getDouble(eq(randomTestKey)); // Mockito.when(config.getDouble(eq(randomTestKey))).thenReturn(0d); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "double".toLowerCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "double".toLowerCase()); Mockito.verify(config, Mockito.times(1)).getDouble(randomTestKey); + Assert.assertEquals(Double.class, response.getClass()); } @@ -103,97 +115,111 @@ public void testDoubleParam_lowercaseType() throws Exception { public void testBigDecimalParam_lowercaseType() throws Exception { Mockito.doReturn(new BigDecimal(0)).when(config).getBigDecimal(eq(randomTestKey)); // Mockito.when(config.getBigDecimal(eq(randomTestKey))).thenReturn(); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "bigdecimal".toLowerCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "bigdecimal".toLowerCase()); Mockito.verify(config, Mockito.times(1)).getBigDecimal(randomTestKey); + Assert.assertEquals(BigDecimal.class, response.getClass()); } @Test public void testBigIntegerParam_lowercaseType() throws Exception { Mockito.doReturn(new BigInteger("0")).when(config).getBigInteger(eq(randomTestKey)); // Mockito.when(config.getBigInteger(eq(randomTestKey))).thenReturn(); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "biginteger".toLowerCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "biginteger".toLowerCase()); Mockito.verify(config, Mockito.times(1)).getBigInteger(randomTestKey); + Assert.assertEquals(BigInteger.class, response.getClass()); } @Test public void testDateParam_lowercaseType() throws Exception { String adate = java.text.DateFormat.getDateInstance().format(new Date()); Mockito.doReturn(adate).when(config).getString(eq(randomTestKey)); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "date".toLowerCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "date".toLowerCase()); Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + Assert.assertEquals(Date.class, response.getClass()); } @Test public void testTimeParam_lowercaseType() throws Exception { String atime = new java.text.SimpleDateFormat(ACRParameterLoaderHelper.TIME_FORMAT).format(new Date()); Mockito.doReturn(atime).when(config).getString(eq(randomTestKey)); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "time".toLowerCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "time".toLowerCase()); Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + Assert.assertEquals(Date.class, response.getClass()); } + @Test public void testStringParam_uppercaseType() throws Exception { Mockito.doReturn("unused").when(config).getString(eq(randomTestKey)); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "string".toUpperCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "string".toUpperCase()); // I don't really care what the response is here; // I care that the delegate class was called as expected with the generated string key. Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + Assert.assertEquals(String.class, response.getClass()); + Assert.assertEquals("unused", response); } @Test public void testStringArrayParam_uppercaseType() throws Exception { Mockito.doReturn(new String[0]).when(config).getStringArray(eq(randomTestKey)); // Mockito.when(config.getStringArray(eq(randomTestKey))).thenReturn(); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "stringarray".toUpperCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "stringarray".toUpperCase()); Mockito.verify(config, Mockito.times(1)).getStringArray(randomTestKey); + Assert.assertEquals(String[].class, response.getClass()); } @Test public void testBooleanParam_uppercaseType() throws Exception { Mockito.doReturn(Boolean.TRUE).when(config).getBoolean(eq(randomTestKey)); // Mockito.when(config.getBoolean(eq(randomTestKey))).thenReturn(Boolean.TRUE); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "boolean".toUpperCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "boolean".toUpperCase()); Mockito.verify(config, Mockito.times(1)).getBoolean(randomTestKey); + Assert.assertEquals(Boolean.class, response.getClass()); } @Test public void testByteParam_uppercaseType() throws Exception { Mockito.doReturn( (byte)0 ).when(config).getByte( eq(randomTestKey) ); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "byte".toUpperCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "byte".toUpperCase()); Mockito.verify(config, Mockito.times(1)).getByte(randomTestKey); + Assert.assertEquals(Byte.class, response.getClass()); } @Test public void testIntParam_uppercaseType() throws Exception { Mockito.doReturn(0).when(config).getInt(eq(randomTestKey)); // Mockito.when(config.getInt(eq(randomTestKey))).thenReturn(0); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "int".toUpperCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "int".toUpperCase()); Mockito.verify(config, Mockito.times(1)).getInt(randomTestKey); + Assert.assertEquals(Integer.class, response.getClass()); } @Test public void testLongParam_uppercaseType() throws Exception { Mockito.doReturn(0L).when(config).getLong(eq(randomTestKey)); // Mockito.when(config.getLong(eq(randomTestKey))).thenReturn(0L); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "long".toUpperCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "long".toUpperCase()); Mockito.verify(config, Mockito.times(1)).getLong(randomTestKey); + Assert.assertEquals(Long.class, response.getClass()); } @Test public void testFloatParam_uppercaseType() throws Exception { Mockito.doReturn((float) 0).when(config).getFloat(eq(randomTestKey)); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "float".toUpperCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "float".toUpperCase()); Mockito.verify(config, Mockito.times(1)).getFloat(randomTestKey); + Assert.assertEquals(Float.class, response.getClass()); } @Test public void testDoubleParam_uppercaseType() throws Exception { Mockito.doReturn(0d).when(config).getDouble(eq(randomTestKey)); // Mockito.when(config.getDouble(eq(randomTestKey))).thenReturn(0d); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "double".toUpperCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "double".toUpperCase()); Mockito.verify(config, Mockito.times(1)).getDouble(randomTestKey); + Assert.assertEquals(Double.class, response.getClass()); } @@ -201,32 +227,36 @@ public void testDoubleParam_uppercaseType() throws Exception { public void testBigDecimalParam_uppercaseType() throws Exception { Mockito.doReturn(new BigDecimal(0)).when(config).getBigDecimal(eq(randomTestKey)); // Mockito.when(config.getBigDecimal(eq(randomTestKey))).thenReturn(); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "bigdecimal".toUpperCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "bigdecimal".toUpperCase()); Mockito.verify(config, Mockito.times(1)).getBigDecimal(randomTestKey); + Assert.assertEquals(BigDecimal.class, response.getClass()); } @Test public void testBigIntegerParam_uppercaseType() throws Exception { Mockito.doReturn(new BigInteger("0")).when(config).getBigInteger(eq(randomTestKey)); // Mockito.when(config.getBigInteger(eq(randomTestKey))).thenReturn(); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "biginteger".toUpperCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "biginteger".toUpperCase()); Mockito.verify(config, Mockito.times(1)).getBigInteger(randomTestKey); + Assert.assertEquals(BigInteger.class, response.getClass()); } @Test public void testDateParam_uppercaseType() throws Exception { String adate = java.text.DateFormat.getDateInstance().format(new Date()); Mockito.doReturn(adate).when(config).getString(eq(randomTestKey)); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "date".toUpperCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "date".toUpperCase()); Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + Assert.assertEquals(Date.class, response.getClass()); } @Test public void testTimeParam_uppercaseType() throws Exception { String atime = new java.text.SimpleDateFormat(ACRParameterLoaderHelper.TIME_FORMAT).format(new Date()); Mockito.doReturn(atime).when(config).getString(eq(randomTestKey)); - ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "time".toUpperCase()); + Object response = ACRParameterLoaderHelper.getParameterValue(config, randomRuleIndex, randomParameterIndex, "time".toUpperCase()); Mockito.verify(config, Mockito.times(1)).getString(randomTestKey); + Assert.assertEquals(Date.class, response.getClass()); } } From ae82fe428f421ffe7dab37d7568917e8a6ab6a9e Mon Sep 17 00:00:00 2001 From: "jeremiah.stacey" Date: Sat, 1 Nov 2025 11:38:58 -0500 Subject: [PATCH 5/7] DoNothinAction Cleanup Removing useless method override. --- .../java/org/owasp/esapi/waf/actions/DoNothingAction.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java b/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java index 70d5970f2..893655675 100644 --- a/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java +++ b/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java @@ -22,10 +22,6 @@ */ public class DoNothingAction extends Action { - public boolean failedRule() { - return this.failed; - } - public boolean isActionNecessary() { return false; From a08e14e48ad7fb81e845d166288617acd40e56d7 Mon Sep 17 00:00:00 2001 From: "jeremiah.stacey" Date: Sat, 1 Nov 2025 11:39:41 -0500 Subject: [PATCH 6/7] Waf Action Tests Adding tests for the current behavior of the WAF Action classes. --- .../owasp/esapi/waf/actions/ActionTest.java | 25 +++++++++++++++ .../esapi/waf/actions/BlockActionTest.java | 26 +++++++++++++++ .../esapi/waf/actions/DefaultActionTest.java | 26 +++++++++++++++ .../waf/actions/DoNothingActionTest.java | 32 +++++++++++++++++++ .../esapi/waf/actions/RedirectActionTest.java | 30 +++++++++++++++++ 5 files changed, 139 insertions(+) create mode 100644 src/test/java/org/owasp/esapi/waf/actions/ActionTest.java create mode 100644 src/test/java/org/owasp/esapi/waf/actions/BlockActionTest.java create mode 100644 src/test/java/org/owasp/esapi/waf/actions/DefaultActionTest.java create mode 100644 src/test/java/org/owasp/esapi/waf/actions/DoNothingActionTest.java create mode 100644 src/test/java/org/owasp/esapi/waf/actions/RedirectActionTest.java diff --git a/src/test/java/org/owasp/esapi/waf/actions/ActionTest.java b/src/test/java/org/owasp/esapi/waf/actions/ActionTest.java new file mode 100644 index 000000000..5f8e83bb3 --- /dev/null +++ b/src/test/java/org/owasp/esapi/waf/actions/ActionTest.java @@ -0,0 +1,25 @@ +package org.owasp.esapi.waf.actions; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +public class ActionTest { + + @Test + public void assertDefaultState() { + Action uit = new Action() {}; + assertTrue(uit.failedRule()); + assertTrue(uit.isActionNecessary()); + } + + @Test + public void assertSettersGetters() { + Action uit = new Action() {}; + uit.setActionNecessary(false); + uit.setFailed(false); + assertFalse(uit.failedRule()); + assertFalse(uit.isActionNecessary()); + } +} diff --git a/src/test/java/org/owasp/esapi/waf/actions/BlockActionTest.java b/src/test/java/org/owasp/esapi/waf/actions/BlockActionTest.java new file mode 100644 index 000000000..dd16ee11c --- /dev/null +++ b/src/test/java/org/owasp/esapi/waf/actions/BlockActionTest.java @@ -0,0 +1,26 @@ +package org.owasp.esapi.waf.actions; + +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +public class BlockActionTest { + + @Test + public void assertDefaultState() { + BlockAction uit = new BlockAction(); + assertTrue(uit.failedRule()); + assertTrue(uit.isActionNecessary()); + } + + @Test + public void assertSettersGetters_DO_NOTHING() { + BlockAction uit = new BlockAction(); + uit.setActionNecessary(false); + uit.setFailed(false); + + //Beautiful.... + assertTrue(uit.failedRule()); + assertTrue(uit.isActionNecessary()); + } +} diff --git a/src/test/java/org/owasp/esapi/waf/actions/DefaultActionTest.java b/src/test/java/org/owasp/esapi/waf/actions/DefaultActionTest.java new file mode 100644 index 000000000..f497f5f40 --- /dev/null +++ b/src/test/java/org/owasp/esapi/waf/actions/DefaultActionTest.java @@ -0,0 +1,26 @@ +package org.owasp.esapi.waf.actions; + +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +public class DefaultActionTest { + + @Test + public void assertDefaultState() { + DefaultAction uit = new DefaultAction(); + assertTrue(uit.failedRule()); + assertTrue(uit.isActionNecessary()); + } + + @Test + public void assertSettersGetters_DO_NOTHING() { + DefaultAction uit = new DefaultAction(); + uit.setActionNecessary(false); + uit.setFailed(false); + + //Beautiful.... + assertTrue(uit.failedRule()); + assertTrue(uit.isActionNecessary()); + } +} diff --git a/src/test/java/org/owasp/esapi/waf/actions/DoNothingActionTest.java b/src/test/java/org/owasp/esapi/waf/actions/DoNothingActionTest.java new file mode 100644 index 000000000..7eff95926 --- /dev/null +++ b/src/test/java/org/owasp/esapi/waf/actions/DoNothingActionTest.java @@ -0,0 +1,32 @@ +package org.owasp.esapi.waf.actions; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +public class DoNothingActionTest { + + @Test + public void assertDefaultState() { + DoNothingAction uit = new DoNothingAction(); + assertTrue(uit.failedRule()); + assertFalse(uit.isActionNecessary()); + } + + @Test + public void assertSetGetFailed() { + DoNothingAction uit = new DoNothingAction(); + uit.setFailed(false); + assertFalse(uit.failedRule()); + } + + @Test + public void assertSetGetActionNecessary_DOES_NOTHING() { + DoNothingAction uit = new DoNothingAction(); + uit.setActionNecessary(true); + + // Room for improvement. + assertFalse(uit.isActionNecessary()); + } +} diff --git a/src/test/java/org/owasp/esapi/waf/actions/RedirectActionTest.java b/src/test/java/org/owasp/esapi/waf/actions/RedirectActionTest.java new file mode 100644 index 000000000..aca6b07da --- /dev/null +++ b/src/test/java/org/owasp/esapi/waf/actions/RedirectActionTest.java @@ -0,0 +1,30 @@ +package org.owasp.esapi.waf.actions; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +import org.junit.Test; + +public class RedirectActionTest { + + @Test + public void assertDefaultState() { + RedirectAction uit = new RedirectAction(); + assertTrue(uit.failedRule()); + assertTrue(uit.isActionNecessary()); + assertNull(uit.getRedirectURL()); + } + + @Test + public void assertSettersGetters() { + RedirectAction uit = new RedirectAction(); + uit.setActionNecessary(false); + uit.setFailed(false); + uit.setRedirectURL("http://going_nowhere.com"); + assertFalse(uit.failedRule()); + assertFalse(uit.isActionNecessary()); + assertEquals("http://going_nowhere.com", uit.getRedirectURL()); + } +} From 92c99ea3eb46da2c070b7e6e227d017a887e08ba Mon Sep 17 00:00:00 2001 From: "jeremiah.stacey" Date: Sat, 1 Nov 2025 12:13:41 -0500 Subject: [PATCH 7/7] Tests for esapi tags Doing basic testing for some coverage. Nothing too verbose; only testing the content specified in each of the tag subclasses. --- .../esapi/tags/EncodeForBase64TagTest.java | 52 +++++++++++++++++++ .../esapi/tags/EncodeForCSSTagTest2.java | 23 ++++++++ .../tags/EncodeForHTMLAttributeTagTest.java | 23 ++++++++ .../esapi/tags/EncodeForHTMLTagTest.java | 23 ++++++++ .../tags/EncodeForJavaScriptTagTest.java | 23 ++++++++ .../owasp/esapi/tags/EncodeForURLTagTest.java | 34 ++++++++++++ .../esapi/tags/EncodeForVBScriptTagTest.java | 23 ++++++++ .../tags/EncodeForXMLAttributeTagTest.java | 23 ++++++++ .../owasp/esapi/tags/EncodeForXMLTagTest.java | 23 ++++++++ .../esapi/tags/EncodeForXPathTagTest.java | 23 ++++++++ 10 files changed, 270 insertions(+) create mode 100644 src/test/java/org/owasp/esapi/tags/EncodeForBase64TagTest.java create mode 100644 src/test/java/org/owasp/esapi/tags/EncodeForCSSTagTest2.java create mode 100644 src/test/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTagTest.java create mode 100644 src/test/java/org/owasp/esapi/tags/EncodeForHTMLTagTest.java create mode 100644 src/test/java/org/owasp/esapi/tags/EncodeForJavaScriptTagTest.java create mode 100644 src/test/java/org/owasp/esapi/tags/EncodeForURLTagTest.java create mode 100644 src/test/java/org/owasp/esapi/tags/EncodeForVBScriptTagTest.java create mode 100644 src/test/java/org/owasp/esapi/tags/EncodeForXMLAttributeTagTest.java create mode 100644 src/test/java/org/owasp/esapi/tags/EncodeForXMLTagTest.java create mode 100644 src/test/java/org/owasp/esapi/tags/EncodeForXPathTagTest.java diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForBase64TagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForBase64TagTest.java new file mode 100644 index 000000000..64cc259b8 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForBase64TagTest.java @@ -0,0 +1,52 @@ +package org.owasp.esapi.tags; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.io.UnsupportedEncodingException; + +import javax.servlet.jsp.JspTagException; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForBase64TagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() throws Exception { + String input = "Magic String"; + EncodeForBase64Tag uit = new EncodeForBase64Tag(); + Mockito.when(encoder.encodeForBase64(input.getBytes("UTF-8"), false)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForBase64(input.getBytes("UTF-8"), false); + + } + + @Test + public void testSettersGetters() { + EncodeForBase64Tag uit = new EncodeForBase64Tag(); + assertEquals("UTF-8", uit.getEncoding()); + assertFalse(uit.getWrap()); + + uit.setWrap(true); + uit.setEncoding("ASCII"); + + assertEquals("ASCII", uit.getEncoding()); + assertTrue(uit.getWrap()); + } + + @Test (expected = JspTagException.class) + public void assertExceptionOnEncodingFalure() throws Exception { + String input = "Magic String"; + EncodeForBase64Tag uit = new EncodeForBase64Tag(); + Mockito.when(encoder.encodeForBase64(input.getBytes("UTF-8"), false)).thenAnswer(i -> { throw new UnsupportedEncodingException();}); + uit.encode(input, encoder); + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForCSSTagTest2.java b/src/test/java/org/owasp/esapi/tags/EncodeForCSSTagTest2.java new file mode 100644 index 000000000..f1539eae0 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForCSSTagTest2.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForCSSTagTest2 { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForCSSTag uit = new EncodeForCSSTag(); + Mockito.when(encoder.encodeForCSS(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForCSS(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTagTest.java new file mode 100644 index 000000000..5162b3aef --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForHTMLAttributeTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForHTMLAttributeTag uit = new EncodeForHTMLAttributeTag(); + Mockito.when(encoder.encodeForHTMLAttribute(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForHTMLAttribute(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForHTMLTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForHTMLTagTest.java new file mode 100644 index 000000000..2f4a2e654 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForHTMLTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForHTMLTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForHTMLTag uit = new EncodeForHTMLTag(); + Mockito.when(encoder.encodeForHTML(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForHTML(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForJavaScriptTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForJavaScriptTagTest.java new file mode 100644 index 000000000..7d874e85e --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForJavaScriptTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForJavaScriptTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForJavaScriptTag uit = new EncodeForJavaScriptTag(); + Mockito.when(encoder.encodeForJavaScript(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForJavaScript(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForURLTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForURLTagTest.java new file mode 100644 index 000000000..ca6d10562 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForURLTagTest.java @@ -0,0 +1,34 @@ +package org.owasp.esapi.tags; + +import javax.servlet.jsp.JspTagException; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; +import org.owasp.esapi.errors.EncodingException; + +public class EncodeForURLTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() throws Exception { + String input = "Magic String"; + EncodeForURLTag uit = new EncodeForURLTag(); + Mockito.when(encoder.encodeForURL(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForURL(input); + + } + + @Test (expected = JspTagException.class) + public void assertExceptionOnEncodingFalure() throws Exception { + String input = "Magic String"; + EncodeForURLTag uit = new EncodeForURLTag(); + Mockito.when(encoder.encodeForURL(input)).thenThrow(new EncodingException("Test-Scope", "SAMPLE")); + uit.encode(input, encoder); + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForVBScriptTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForVBScriptTagTest.java new file mode 100644 index 000000000..9e3a94a82 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForVBScriptTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForVBScriptTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForVBScriptTag uit = new EncodeForVBScriptTag(); + Mockito.when(encoder.encodeForVBScript(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForVBScript(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForXMLAttributeTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForXMLAttributeTagTest.java new file mode 100644 index 000000000..79c5b2aed --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForXMLAttributeTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForXMLAttributeTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForXMLAttributeTag uit = new EncodeForXMLAttributeTag(); + Mockito.when(encoder.encodeForXMLAttribute(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForXMLAttribute(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForXMLTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForXMLTagTest.java new file mode 100644 index 000000000..54e50d4c6 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForXMLTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForXMLTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForXMLTag uit = new EncodeForXMLTag(); + Mockito.when(encoder.encodeForXML(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForXML(input); + + } +} diff --git a/src/test/java/org/owasp/esapi/tags/EncodeForXPathTagTest.java b/src/test/java/org/owasp/esapi/tags/EncodeForXPathTagTest.java new file mode 100644 index 000000000..ad0528725 --- /dev/null +++ b/src/test/java/org/owasp/esapi/tags/EncodeForXPathTagTest.java @@ -0,0 +1,23 @@ +package org.owasp.esapi.tags; + +import org.junit.Test; +import org.mockito.Mockito; +import org.owasp.esapi.Encoder; + +public class EncodeForXPathTagTest { + + + Encoder encoder = Mockito.spy(Encoder.class); + + + @Test + public void assertEncoderInvocation() { + String input = "Magic String"; + EncodeForXPathTag uit = new EncodeForXPathTag(); + Mockito.when(encoder.encodeForXPath(input)).thenReturn("unused"); + + uit.encode(input, encoder); + Mockito.verify(encoder, Mockito.times(1)).encodeForXPath(input); + + } +}