Produced by Araxis Merge on 3/8/2018 10:14:53 AM Eastern Standard Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | PRE_PPS-N_v3.0.1.zip\PS_PPS_security\src\test\java\gov\va\med\pharmacy\peps\common\utility\security | ESAPIValidatorTest.java | Fri Jan 12 15:43:44 2018 UTC |
2 | PRE_PPS-N_v3.0.1.zip\PS_PPS_security\src\test\java\gov\va\med\pharmacy\peps\common\utility\security | ESAPIValidatorTest.java | Wed Mar 7 18:22:57 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 2 | 1054 |
Changed | 1 | 2 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | package go v.va.med.p harmacy.pe ps.common. utility.se curity; | |
2 | ||
3 | import sta tic gov.va .med.pharm acy.peps.c ommon.util ity.securi ty.ESAPIVa lidator.va lidateStri ngInput; | |
4 | import sta tic org.ha mcrest.Cor eMatchers. *; | |
5 | import sta tic org.ju nit.Assert .assertEqu als; | |
6 | import sta tic org.ju nit.Assert .assertNul l; | |
7 | import sta tic org.ju nit.Assert .assertTha t; | |
8 | import sta tic org.ju nit.Assert .assertTru e; | |
9 | import sta tic org.ju nit.Assert .fail; | |
10 | ||
11 | import jav a.util.Arr ayList; | |
12 | import jav a.util.Arr ays; | |
13 | import jav a.util.Lis t; | |
14 | ||
15 | import org .junit.Bef oreClass; | |
16 | import org .junit.Ign ore; | |
17 | import org .junit.Tes t; | |
18 | ||
19 | /** | |
20 | * <p>Auto mated test s for {@li nk ESAPIVa lidator}.< /p> | |
21 | * | |
22 | * <p> | |
23 | * These a re not str ictly unit tests sin ce they us e the ESAP I Validato r, but the y don't re quire a da tabase or even a Spr ing | |
24 | * context . Therefor e we run t hese tests with the other unit tests. | |
25 | * </p> | |
26 | */ | |
27 | public cla ss ESAPIVa lidatorTes t { | |
28 | ||
29 | /** | |
30 | * Val idate long : invalid input test . | |
31 | */ | |
32 | @Test | |
33 | public void vali dateLong_I nvalidInpu t_Test() { | |
34 | ||
35 | lo ng output = -1; | |
36 | St ring input = "9x"; | |
37 | tr y { | |
38 | output = ESAPIVali dator.vali dateLongIn put(input) ; | |
39 | fail("No exception thrown fo r invalid input char acter(s)." ); | |
40 | } catch (Thr owable t) { | |
41 | // succe ss | |
42 | System.o ut.println (output + ""); | |
43 | } | |
44 | } | |
45 | ||
46 | /** | |
47 | * Val idate long : valid in put test. | |
48 | */ | |
49 | @Test | |
50 | public void vali dateLong_V alidInput_ Test() { | |
51 | ||
52 | lo ng output = -1; | |
53 | St ring input = "9"; | |
54 | tr y { | |
55 | output = ESAPIVali dator.vali dateLongIn put(input) ; | |
56 | // succe ss | |
57 | System.o ut.println (output); | |
58 | assertEq uals(9, ou tput); | |
59 | } catch (Thr owable t) { | |
60 | fail("Ex ception th rown for v alid input character (s)."); | |
61 | } | |
62 | } | |
63 | ||
64 | /** | |
65 | * Val idate long : valid in put test. | |
66 | */ | |
67 | @Test | |
68 | public void vali dateLong_V alidInputZ ero_Test() { | |
69 | ||
70 | lo ng output = -1; | |
71 | St ring input = "0"; | |
72 | tr y { | |
73 | output = ESAPIVali dator.vali dateLongIn put(input) ; | |
74 | // succe ss | |
75 | System.o ut.println (output); | |
76 | assertEq uals(0, ou tput); | |
77 | } catch (Thr owable t) { | |
78 | fail("Ex ception th rown for v alid input character (s)."); | |
79 | } | |
80 | } | |
81 | ||
82 | /** | |
83 | * Val idate Doub le: invali d input te st. | |
84 | */ | |
85 | @Test | |
86 | public void vali dateDouble _InvalidIn put_Test() { | |
87 | ||
88 | do uble outpu t = -1; | |
89 | St ring input = "9x"; | |
90 | tr y { | |
91 | output = ESAPIVali dator.vali dateDouble Input(inpu t); | |
92 | fail("No exception thrown fo r invalid input char acter(s)." ); | |
93 | } catch (Thr owable t) { | |
94 | // succe ss | |
95 | System.o ut.println (output + ""); | |
96 | } | |
97 | } | |
98 | ||
99 | /** | |
100 | * Val idate long : valid in put test. | |
101 | */ | |
102 | @Test | |
103 | public void vali dateDouble _ValidInpu t_Test() { | |
104 | ||
105 | do uble outpu t = -1; | |
106 | Do uble input = 9.25; | |
107 | tr y { | |
108 | output = ESAPIVali dator.vali dateDouble Input(inpu t.toString ()); | |
109 | // succe ss | |
110 | System.o ut.println (output); | |
111 | assertEq uals(9.25, output, 0 ); | |
112 | } catch (Thr owable t) { | |
113 | fail("Ex ception th rown for v alid input character (s)."); | |
114 | } | |
115 | } | |
116 | ||
117 | /** | |
118 | * Val idate long : valid in put test. | |
119 | */ | |
120 | @Test | |
121 | public void vali dateDouble _ValidInpu tZero_Test () { | |
122 | ||
123 | do uble outpu t = -1; | |
124 | Do uble input = 0.25; | |
125 | tr y { | |
126 | output = ESAPIVali dator.vali dateDouble Input(inpu t.toString ()); | |
127 | // succe ss | |
128 | System.o ut.println (output); | |
129 | assertEq uals(0.25, output, 0 ); | |
130 | } catch (Thr owable t) { | |
131 | fail("Ex ception th rown for v alid input character (s)."); | |
132 | } | |
133 | } | |
134 | ||
135 | /** | |
136 | * Val idate file name: no path inval id file ex tension te st. | |
137 | */ | |
138 | @Test | |
139 | public void vali dateFileNa me_NoPath_ InvalidFil eExtension _Test() { | |
140 | ||
141 | St ring outpu t = null; | |
142 | Li st<String> allowedEx tensions = new Array List<Strin g>(); | |
143 | ||
144 | // With bad type (file extension ) Errors o ut/throws exception | |
145 | St ring input = "someFi leName.txt "; | |
146 | al lowedExten sions.add( "tmp"); | |
147 | tr y { | |
148 | output = ESAPIVali dator.vali dateFileNa meInput(in put, allow edExtensio ns); | |
149 | fail("No exception thrown fo r invalid input char acter(s)." ); | |
150 | } catch (Thr owable t) { | |
151 | assertTh at(t.getMe ssage(), i s("Invalid file name value fou nd in inpu t.")); | |
152 | System.o ut.println ("Output = " + outpu t); | |
153 | } | |
154 | ||
155 | } | |
156 | ||
157 | @Test | |
158 | public void vali dateFileNa me_NoPath_ ValidFileE xtension_T est() { | |
159 | ||
160 | St ring outpu t; | |
161 | Li st<String> allowedEx tensions = new Array List<Strin g>(); | |
162 | ||
163 | // Valid fil e name | |
164 | ou tput = nul l; | |
165 | St ring input = "someFi leName.tmp "; | |
166 | al lowedExten sions.add( "tmp"); | |
167 | tr y { | |
168 | output = ESAPIVali dator.vali dateFileNa meInput(in put, allow edExtensio ns); | |
169 | // succe ss | |
170 | System.o ut.println (output); | |
171 | assertEq uals(input , output); | |
172 | } catch (Thr owable t) { | |
173 | fail("Ex ception th rown for v alid input character (s)."); | |
174 | } | |
175 | } | |
176 | ||
177 | /** | |
178 | * Val idate file name: wit h unexpect ed path an d valid fi le extensi on. | |
179 | */ | |
180 | @Test | |
181 | public void vali dateFileNa me_WithPat h_ValidFil eExtension _Test() { | |
182 | ||
183 | St ring outpu t; | |
184 | Li st<String> allowedEx tensions = new Array List<Strin g>(); | |
185 | ||
186 | // With path data (fil e separato rs) Errors out/throw s exceptio n | |
187 | ou tput = nul l; | |
188 | St ring input = "somePa th/someFil eName.tmp" ; | |
189 | al lowedExten sions.add( "tmp"); | |
190 | tr y { | |
191 | output = ESAPIVali dator.vali dateFileNa meInput(in put, allow edExtensio ns); | |
192 | fail("No exception thrown fo r invalid input char acter(s)." ); | |
193 | } catch (Thr owable t) { | |
194 | System.o ut.println ("Output = " + outpu t); | |
195 | assertTh at(t.getMe ssage(), i s("Invalid file name value fou nd in inpu t.")); | |
196 | } | |
197 | } | |
198 | ||
199 | @Test | |
200 | public void vali dateFileNa meTest() { | |
201 | ||
202 | St ring outpu t; | |
203 | Li st<String> allowedEx tensions = new Array List<Strin g>(); | |
204 | ||
205 | // Valid fil e name | |
206 | ou tput = nul l; | |
207 | St ring input = "someFi leName.tmp "; | |
208 | al lowedExten sions.add( "tmp"); | |
209 | tr y { | |
210 | output = ESAPIVali dator.vali dateFileNa meInput(in put, allow edExtensio ns); | |
211 | // succe ss | |
212 | System.o ut.println (output); | |
213 | assertEq uals(input , output); | |
214 | } catch (Thr owable t) { | |
215 | fail("Ex ception th rown for v alid input character (s)."); | |
216 | } | |
217 | ||
218 | // With path data (fil e separato rs) Errors out/throw s exceptio n | |
219 | ou tput = nul l; | |
220 | in put = "som ePath/some FileName.t mp"; | |
221 | al lowedExten sions.add( "tmp"); | |
222 | tr y { | |
223 | output = ESAPIVali dator.vali dateFileNa meInput(in put, allow edExtensio ns); | |
224 | fail("No exception thrown fo r invalid input char acter(s)." ); | |
225 | } catch (Thr owable t) { | |
226 | // succe ss | |
227 | System.o ut.println ("Output = " + outpu t); | |
228 | } | |
229 | } | |
230 | ||
231 | /** | |
232 | * Val idate file name with path: Val id path an d valid fi le extensi on. | |
233 | */ | |
234 | @Test | |
235 | public void vali dateFileNa meWithPath _ValidPath _ValidFile Extension_ Test() { | |
236 | ||
237 | St ring outpu t = null; | |
238 | Li st<String> allowedEx tensions = new Array List<Strin g>(); | |
239 | ||
240 | St ring input = "C:/tmp /someFileN ame.tmp"; | |
241 | al lowedExten sions.add( "tmp"); | |
242 | tr y { | |
243 | output = ESAPIVali dator.vali dateFileNa meInputWit hPath(inpu t, allowed Extensions ); | |
244 | assertEq uals(input , output); | |
245 | } catch (Thr owable t) { | |
246 | System.o ut.println ("Output = " + outpu t); | |
247 | } | |
248 | } | |
249 | ||
250 | /** | |
251 | * Val idate file name with path: Val id path an d invalid file exten sion. | |
252 | */ | |
253 | @Test | |
254 | public void vali dateFileNa meWithPath _ValidPath _InvalidFi leExtensio n_Test() { | |
255 | ||
256 | St ring outpu t = null; | |
257 | Li st<String> allowedEx tensions = new Array List<Strin g>(); | |
258 | ||
259 | St ring input = "C:/tmp /someFileN ame.txt"; | |
260 | al lowedExten sions.add( "tmp"); | |
261 | tr y { | |
262 | output = ESAPIVali dator.vali dateFileNa meInputWit hPath(inpu t, allowed Extensions ); | |
263 | System.o ut.println ("Output = " + outpu t); | |
264 | fail("Ex pected an RuntimeExc eption to be thrown" ); | |
265 | } catch (Thr owable t) { | |
266 | assertTh at(t.getMe ssage(), i s("Invalid file name value fou nd in inpu t.")); | |
267 | } | |
268 | } | |
269 | ||
270 | ||
271 | /** | |
272 | * Val idate ACCE SS_CONTROL _DB: inval id input. | |
273 | */ | |
274 | @Test | |
275 | public final voi d validate AccessCont rolDb_Inva lidInput_T est() { | |
276 | St ring outpu t = null; | |
277 | St ring input = "*xx"; | |
278 | ||
279 | tr y { | |
280 | output = ESAPIVali dator.vali dateString Input(inpu t, ESAPIVa lidationTy pe.ACCESS_ CONTROL_DB ); | |
281 | fail("No exception thrown fo r invalid input char acter(s)." ); | |
282 | } catch (Thr owable t) { | |
283 | System.o ut.println (output); | |
284 | assertTr ue(t.getMe ssage().co ntains("In valid char acters fou nd in inpu t")); | |
285 | } | |
286 | } | |
287 | ||
288 | /** | |
289 | * Val idate ACCE SS_CONTROL _DB valid input test . | |
290 | */ | |
291 | @Test | |
292 | public final voi d validate AccessCont rolDb_Vali dInputTest () { | |
293 | St ring outpu t = null; | |
294 | St ring input = "xx"; | |
295 | ||
296 | tr y { | |
297 | output = ESAPIVali dator.vali dateString Input(inpu t, ESAPIVa lidationTy pe.ACCESS_ CONTROL_DB ); | |
298 | System.o ut.println (output); | |
299 | assertEq uals(input , output); | |
300 | } catch (Thr owable t) { | |
301 | System.o ut.println (output); | |
302 | fail("Ex ception th rown for v alid input character (s)."); | |
303 | } | |
304 | } | |
305 | ||
306 | ||
307 | @Test | |
308 | public void vali dateCrossS iteScripti ngReflecte d_ValidInp ut_WithLes sThan_Test () { | |
309 | fi nal String input = " This is a valid inpu t with a l ot of char acters inc lude < and the word script"; | |
310 | fi nal String output = ESAPIValid ator.valid ateStringI nput(input , ESAPIVal idationTyp e.CROSS_SI TE_SCRIPTI NG_REFLECT ED); | |
311 | as sertEquals (input, ou tput); | |
312 | } | |
313 | ||
314 | /** | |
315 | * Tes t method v alidateStr ing for ca se CrossSi teScriptin gReflected . | |
316 | * | |
317 | * */ | |
318 | @Test | |
319 | public void vali dateCrossS iteScripti ngReflecte d_InvalidI nput_Test( ) { | |
320 | fi nal String input = " This is a invalid in put with a lot of ch aracters i nclude the tag <scri pt"; | |
321 | tr y { | |
322 | ESAPIVal idator.val idateStrin gInput(inp ut, ESAPIV alidationT ype.CROSS_ SITE_SCRIP TING_REFLE CTED); | |
323 | fail("Sh ould not g et here: a n exceptio n should h ave been t hrown."); | |
324 | } catch (Run timeExcept ion t) { | |
325 | assertTr ue(t.getMe ssage().co ntains("In valid char acters fou nd in inpu t")); | |
326 | } | |
327 | } | |
328 | ||
329 | /** | |
330 | * Tes t method v alidateStr ing for ca se {@link ESAPIValid ationType# REQUEST_UR I}. | |
331 | */ | |
332 | @Test | |
333 | public void vali dateReques tUri_Valid Input_Test () { | |
334 | // basic str ing test | |
335 | St ring input = "This i s a valid input with a lot of characters include t he word sc ript"; | |
336 | in put = vali dateString Input(inpu t, ESAPIVa lidationTy pe.REQUEST _URI); | |
337 | ||
338 | // test incl uding all valid spec ial charac ters and a ll valid % encoding values | |
339 | // encoded v alues corr espond to the charac ters %.,': #$&?+-_=[] /\ () | |
340 | in put = "spe cial chars :.,'#$&?+- _=[0]\\/ e ncoding: % 25%2E%2C%2 7%3A%23%24 %26%3F%2B% 2D%5F%3D%5 B%5D%2F%5C %20%28%29" ; | |
341 | in put = vali dateString Input(inpu t, ESAPIVa lidationTy pe.REQUEST _URI); | |
342 | } | |
343 | ||
344 | /** | |
345 | * Tes t method v alidateStr ing for ca se {@link ESAPIValid ationType# REQUEST_UR I}. | |
346 | */ | |
347 | @Test | |
348 | public void vali dateReques tUri_Inval idInput_Te st() { | |
349 | // test a st ring conta ining "<" | |
350 | // the RegEx does not allow "<" or ">" | |
351 | St ring outpu t = null; | |
352 | St ring input = "This i s a invali d input wi th a lot o f characte rs include the tag < script"; | |
353 | tr y { | |
354 | output = ESAPIVali dator.vali dateString Input(inpu t, ESAPIVa lidationTy pe.REQUEST _URI); | |
355 | } catch (Run timeExcept ion t) { | |
356 | output = null; | |
357 | } finally { | |
358 | assertNu ll("Valida tion was e xpected to fail with a Runtime Exception" , output); | |
359 | } | |
360 | ||
361 | // test a st ring conta ining%3C w hich corre sponds to < | |
362 | // the RegEx only allo ws specifi c encoded values | |
363 | ou tput = nul l; | |
364 | in put = "/PR E/searchIt ems.go?&se archTerms% 5B0%3C.val ue=oxygen% 25"; | |
365 | tr y { | |
366 | output = ESAPIVali dator.vali dateString Input(inpu t, ESAPIVa lidationTy pe.REQUEST _URI); | |
367 | } catch (Run timeExcept ion t) { | |
368 | output = null; | |
369 | } finally { | |
370 | assertNu ll("Valida tion was e xpected to fail with a Runtime Exception" , output); | |
371 | } | |
372 | ||
373 | // check a s et of inva lid specia l characte rs | |
374 | St ring parti alInput = "null"; | |
375 | In teger i = 0; | |
376 | in put = "!@% ^*()<>{}|\ ""; | |
377 | ||
378 | fo r (i = 0; i < input. length(); i++) { | |
379 | partialI nput = inp ut.charAt( i) + " cha r"; | |
380 | try { | |
381 | outp ut = valid ateStringI nput(parti alInput, E SAPIValida tionType.R EQUEST_URI ); | |
382 | } catch (RuntimeEx ception e) { | |
383 | outp ut = null; | |
384 | } finall y { | |
385 | asse rtNull("Va lidation w as expecte d to fail with a Run timeExcept ion", outp ut); | |
386 | } | |
387 | } | |
388 | } | |
389 | ||
390 | /** | |
391 | * Thi s test wil l fail if an excepti on is thro wn, indica ting that the known good URL i n the test data fail ed the val idation | |
392 | * for CrossSite ScriptingR eflected. | |
393 | */ | |
394 | @Test | |
395 | public void test ValidUrlIn put() { | |
396 | // simple se arch conta ining "asp irin" | |
397 | St ring url = "/PRE/sea rchItems.g o?_subCate gories=on& searchTerm s%5B0%5D.s earchType= CONTAINS" | |
398 | + "&sear chTerms%5B 0%5D.value =aspirin&s earchTerms %5B0%5D.se archField. key=produc t.va.produ ct.name" | |
399 | + "&stre ngth=&enti tyType=PRO DUCT&dosag eForm=&_re questStatu s=on&_item Status=on& isFirstRun =false" | |
400 | + "&hasE ntityChang ed=false&i temStatus= ACTIVE&ite mStatus=IN ACTIVE&req uestStatus =APPROVED" | |
401 | + "&requ estStatus= PENDING&re questStatu s=REJECTED &_categori es=on&tabl eId=search ResultsTab le"; | |
402 | ||
403 | ur l = valida teStringIn put(url, E SAPIValida tionType.R EQUEST_URI ); | |
404 | ||
405 | // search co ntaining " aspirin" a nd other c riteria | |
406 | ur l = "/PRE/ searchItem s.go?_subC ategories= on&searchT erms%5B0%5 D.searchTy pe=CONTAIN S&searchTe rms%5B0%5D .value=asp irin" | |
407 | + "&sear chTerms%5B 0%5D.searc hField.key =product.v a.product. name&stren gth=1&enti tyType=PRO DUCT&dosag eForm=" | |
408 | + "&subC ategories= HERBAL&sub Categories =CHEMOTHER APY&subCat egories=OT C&subCateg ories=VETE RINARY&_re questStatu s=on" | |
409 | + "&_ite mStatus=on &isFirstRu n=false&ha sEntityCha nged=false &itemStatu s=ACTIVE&i temStatus= INACTIVE" | |
410 | + "&cate gories=MED ICATION&ca tegories=I NVESTIGATI ONAL&categ ories=COMP OUND&categ ories=SUPP LY&request Status=APP ROVED" | |
411 | + "&requ estStatus= PENDING&re questStatu s=REJECTED &_categori es=on&tabl eId=search ResultsTab le"; | |
412 | ||
413 | ur l = valida teStringIn put(url, E SAPIValida tionType.R EQUEST_URI ); | |
414 | ||
415 | // simple se arch conta ining "oxy gen%" | |
416 | ur l = "/PRE/ searchItem s.go?isFir stRun=fals e&hasEntit yChanged=f alse" | |
417 | + "&sear chTerms%5B 0%5D.value =oxygen%25 &searchTer ms%5B0%5D. searchType =BEGINS_WI TH" | |
418 | + "&enti tyType=PRO DUCT&searc hTerms%5B0 %5D.search Field.key= product.va .product.n ame&streng th=&dosage Form=" | |
419 | + "&_cat egories=on &_subCateg ories=on&_ itemStatus =on&_reque stStatus=o n"; | |
420 | ||
421 | ur l = valida teStringIn put(url, E SAPIValida tionType.R EQUEST_URI ); | |
422 | } | |
423 | ||
424 | /** | |
425 | * Tes t method v alidateStr ing for ca se Command Injection. | |
426 | * | |
427 | * */ | |
428 | @Test | |
429 | @Ignor e | |
430 | public void vali dateComman dInjection Test() { | |
431 | ||
432 | } | |
433 | ||
434 | /** | |
435 | * Tes t method v alidateStr ing for ca se LogForg ing. | |
436 | * | |
437 | * */ | |
438 | @Test | |
439 | public final voi d validate LogForging Test() { | |
440 | St ring outpu t = null; | |
441 | St ring input = null; | |
442 | ||
443 | in put = "xx xxx\r\nxxx "; | |
444 | ou tput = ESA PIValidato r.validate StringInpu t(input, E SAPIValida tionType.L OG_FORGING ); | |
445 | Sy stem.out.p rintln(out put); | |
446 | as sertEquals ("xx xxx xxx", outp ut); | |
447 | ||
448 | ou tput = nul l; | |
449 | in put = "xx xxxo xxx"; | |
450 | ou tput = ESA PIValidato r.validate StringInpu t(input, E SAPIValida tionType.L OG_FORGING ); | |
451 | Sy stem.out.p rintln(out put); | |
452 | as sertEquals (input, ou tput); | |
453 | ||
454 | ou tput = nul l; | |
455 | in put = "** xx^o xxx y yyyyyyyyyy yyyyyyyyyy yyyyyy ,./ 432"; | |
456 | ou tput = ESA PIValidato r.validate StringInpu t(input, E SAPIValida tionType.L OG_FORGING ); | |
457 | Sy stem.out.p rintln(out put); | |
458 | as sertEquals (input, ou tput); | |
459 | } | |
460 | ||
461 | /** | |
462 | * Tes t method v alidateStr ing for ca se PathMan ipulation. | |
463 | * | |
464 | * */ | |
465 | @Test | |
466 | @Ignor e | |
467 | public void vali datePathMa nipulation Test() { | |
468 | ||
469 | } | |
470 | ||
471 | /** | |
472 | * Tes t method v alidateStr ing for ca se Portabi lityFlawFi leSeparato r. | |
473 | * | |
474 | * */ | |
475 | @Test | |
476 | @Ignor e | |
477 | public void vali datePortab ilityFlawF ileSeparat orTest() { | |
478 | ||
479 | } | |
480 | ||
481 | /** | |
482 | * Tes t method v alidateStr ing for ca se SystemI nformation LeakExtern al. | |
483 | * | |
484 | * */ | |
485 | @Test | |
486 | @Ignor e | |
487 | public void vali dateSystem Informatio nLeakExter nalTest() { | |
488 | ||
489 | } | |
490 | ||
491 | /** | |
492 | * Tes t method v alidateStr ing for ca se XmlExtE ntityInj. | |
493 | * | |
494 | * */ | |
495 | @Test | |
496 | @Ignor e | |
497 | public void vali dateXmlExt EntityInjT est() { | |
498 | ||
499 | } | |
500 | ||
501 | @Test( expected = RuntimeEx ception.cl ass) | |
502 | public void vali dateVaHttp sUrlTest_N oHttps() { | |
503 | ES APIValidat or.validat eStringInp ut("http:/ /foobar.va .gov", ESA PIValidati onType.VA_ HTTPS_URL) ; | |
504 | } | |
505 | ||
506 | @Test( expected = RuntimeEx ception.cl ass) | |
507 | public void vali dateVaHttp sUrlTest_N oVa() { | |
508 | ES APIValidat or.validat eStringInp ut("https: //www.goog le.com", E SAPIValida tionType.V A_HTTPS_UR L); | |
509 | } | |
510 | ||
511 | @Test | |
512 | public void vali dateVaHttp sUrlTest_V alid() { | |
513 | fi nal List<S tring> url s = Arrays .asList( | |
514 | // Try l ots of per mutations to make su re we're a s flexible as we sho uld be. | |
515 | "https:/ /www.va.go v", | |
516 | "https:/ /www.va.go v/", | |
517 | "https:/ /va.gov", | |
518 | "https:/ /va.gov/fo obar", | |
519 | "https:// DNS . URL /centrallo gin/centra llanding.a spx"); | |
520 | ||
521 | fo r (final S tring url : urls) { | |
522 | assertTh at( | |
523 | ESAP IValidator .validateS tringInput (url, ESAP IValidatio nType.VA_H TTPS_URL), | |
524 | equa lTo(url)); | |
525 | } | |
526 | } | |
527 | ||
528 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.