Skip to content

Commit 95baa9a

Browse files
committed
Merge pull request #1 from quest313/issue-195
Issue 195 : Junit Tests. Credits to quest313. (Thanks!)
2 parents a0cf3e1 + 7cabdb9 commit 95baa9a

File tree

3 files changed

+140
-1
lines changed

3 files changed

+140
-1
lines changed

README.md

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
Enterprise Security API for Java (Legacy)
2+
=================
3+
<table border=0>
4+
<tr>
5+
<td>
6+
OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing applications. ESAPI for Java also serves as a solid foundation for new development.
7+
</td>
8+
</tr>
9+
</table>
10+
11+
<b>What does Legacy mean?</b><br/>
12+
<p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however feature development for this branch will not be done. Features that have already been scheduled for the 2.x branch will move forward, but the main focus will be working on the ESAPI 3.x branch.
13+
14+
<b>Where can I find ESAPI 3.x</b><br/>
15+
https://github.com/ESAPI/esapi-java
16+
17+
<b>How can I contribute or fix bugs?</b><br/>
18+
Fork and submit a pull request! Simple as pi!
19+
20+
<b>What happened to Google code?</b><br/>
21+
In mid-2014 ESAPI Migrated all code to GitHub, in November we started using JIRA/Confluence.
22+
23+
<b>What about the issues still located on Google Code</b><br/>
24+
We will be migrating the issues from Google Code to JIRA as time allows, in the meantime - if you would like to work on a Google Code issue, please create a new issue in JIRA and reference the Google Code issue in the issue Description.
25+
26+
Wiki: https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
27+
28+
Nightly Build: https://esapi.ci.cloudbees.com
29+
30+
JIRA: https://owasp-esapi.atlassian.net/browse/ESAPILEG
31+
32+
Documentation: https://owasp-esapi.atlassian.net/wiki/display/ESAPILEG/ESAPI+Legacy (Coming Soon)
33+
34+
Realtime Support available on our IRC Channel:<br/>
35+
Server: irc.freenode.net<br/>
36+
Channel: #esapi<br/>
37+
Webchat http://webchat.freenode.net/
38+

src/main/java/org/owasp/esapi/filters/ClickjackFilter.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -95,8 +95,8 @@ public void init(FilterConfig filterConfig) {
9595
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
9696
{
9797
HttpServletResponse res = (HttpServletResponse)response;
98-
chain.doFilter(request, response);
9998
res.addHeader("X-FRAME-OPTIONS", mode );
99+
chain.doFilter(request, response);
100100
}
101101

102102
/**
Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
/**
2+
* OWASP Enterprise Security API (ESAPI)
3+
*
4+
* This file is part of the Open Web Application Security Project (OWASP)
5+
* Enterprise Security API (ESAPI) project. For details, please see
6+
* <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
7+
*
8+
* Copyright (c) 2007 - The OWASP Foundation
9+
*
10+
* The ESAPI is published by OWASP under the BSD license. You should read and accept the
11+
* LICENSE before you use, modify, and/or redistribute this software.
12+
*
13+
* @author Ben Sleek <a href="http://www.spartasystems.com">Sparta Systems</a>
14+
* @created 2015
15+
*/
16+
package org.owasp.esapi.reference.validation;
17+
18+
import junit.framework.Test;
19+
import junit.framework.TestCase;
20+
import junit.framework.TestSuite;
21+
22+
import org.owasp.esapi.Encoder;
23+
import org.owasp.esapi.errors.ValidationException;
24+
25+
public class BaseValidationRuleTest extends TestCase {
26+
27+
/**
28+
* Instantiates a new base validation rule test.
29+
*
30+
* @param testName
31+
* the test name
32+
*/
33+
public BaseValidationRuleTest(String testName) {
34+
super(testName);
35+
}
36+
37+
/**
38+
* {@inheritDoc}
39+
*
40+
* @throws Exception
41+
*/
42+
protected void setUp() throws Exception {
43+
// none
44+
}
45+
46+
/**
47+
* {@inheritDoc}
48+
*
49+
* @throws Exception
50+
*/
51+
protected void tearDown() throws Exception {
52+
// none
53+
}
54+
55+
/**
56+
* Suite.
57+
*
58+
* @return the test
59+
*/
60+
public static Test suite() {
61+
TestSuite suite = new TestSuite(BaseValidationRuleTest.class);
62+
return suite;
63+
}
64+
65+
/**
66+
* Verifies assertValid throws ValidationException on invalid input
67+
* Validates fix for Google issue #195
68+
*
69+
* @throws ValidationException
70+
*/
71+
public void testAssertValid() throws ValidationException {
72+
SampleValidationRule rule = new SampleValidationRule("UnitTest");
73+
try {
74+
rule.assertValid("testcontext", "badinput");
75+
fail();
76+
} catch (ValidationException e) {
77+
// success
78+
}
79+
}
80+
81+
public class SampleValidationRule extends BaseValidationRule {
82+
83+
public SampleValidationRule(String typeName, Encoder encoder) {
84+
super(typeName, encoder);
85+
}
86+
87+
public SampleValidationRule(String typeName) {
88+
super(typeName);
89+
}
90+
91+
@Override
92+
protected Object sanitize(String context, String input) {
93+
return null;
94+
}
95+
96+
public Object getValid(String context, String input) throws ValidationException {
97+
throw new ValidationException("Demonstration Exception", "Demonstration Exception");
98+
}
99+
100+
}
101+
}

0 commit comments

Comments
 (0)