Add Unit tests for route detection for Servlet Framework

Author: IshikaDawda

instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/HttpServletTest.java

@@ -32,6 +32,8 @@ public void testPost() throws Exception {
         AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData();
         Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered());
         Assert.assertNotNull(metaData.getServiceTrace());
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
+
     }
     @Test
     public void testDelete() throws Exception {
@@ -41,6 +43,8 @@ public void testDelete() throws Exception {
         AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData();
         Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered());
         Assert.assertNotNull(metaData.getServiceTrace());
+
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
     @Test
     public void testPUT() throws Exception {
@@ -50,6 +54,8 @@ public void testPUT() throws Exception {
         AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData();
         Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered());
         Assert.assertNotNull(metaData.getServiceTrace());
+
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -60,6 +66,8 @@ public void testHEAD() throws Exception {
         AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData();
         Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered());
         Assert.assertNotNull(metaData.getServiceTrace());
+
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
     @Test
     public void testGET() throws Exception {
@@ -69,6 +77,8 @@ public void testGET() throws Exception {
         AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData();
         Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered());
         Assert.assertNotNull(metaData.getServiceTrace());
+
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Trace(dispatcher = true)

instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/HttpSessionTest.java

@@ -57,6 +57,7 @@ else if(i==1){
                 i++;
             }
         }
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -79,6 +80,7 @@ public void testSessionPutValue() throws IOException, URISyntaxException {
             Assert.assertEquals("Wrong key detected", "key1", targetOperation.getKey());
             Assert.assertEquals("Wrong value detected", "value1", targetOperation.getValue());
         }
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -99,6 +101,7 @@ public void testAddCookie() throws IOException, URISyntaxException {
         Assert.assertNotNull("No target operation detected", targetOperation);
         Assert.assertEquals("Wrong case-type detected", VulnerabilityCaseType.SECURE_COOKIE, targetOperation.getCaseType());
         Assert.assertEquals("Wrong key detected", "false", targetOperation.getValue());
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -119,6 +122,7 @@ public void testAddCookie1() throws IOException, URISyntaxException {
         Assert.assertNotNull("No target operation detected", targetOperation);
         Assert.assertEquals("Wrong case-type detected", VulnerabilityCaseType.SECURE_COOKIE, targetOperation.getCaseType());
         Assert.assertEquals("Wrong key detected", "true", targetOperation.getValue());
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     private void makeRequest( String Method, final String POST_PARAMS, String path) throws URISyntaxException, IOException{

instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletInputStreamTest.java

@@ -47,6 +47,7 @@ public void testRead() throws Exception {
         Assert.assertEquals("Wrong Content-type detected", "multipart/form-data", targetOperation.getRequest().getContentType());
 
         Assert.assertEquals("Wrong data detected", expected, targetOperation.getRequest().getBody().toString());
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
 
@@ -67,6 +68,7 @@ public void testReadLine() throws Exception {
         Assert.assertEquals("Wrong Content-type detected", "multipart/form-data", targetOperation.getRequest().getContentType());
 
         Assert.assertEquals("Wrong data detected", expected, targetOperation.getRequest().getBody().toString());
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -86,6 +88,7 @@ public void testReadLineWithOff() throws Exception {
         Assert.assertEquals("Wrong Content-type detected", "multipart/form-data", targetOperation.getRequest().getContentType());
 
         Assert.assertEquals("Wrong data detected", expected, targetOperation.getRequest().getBody().toString());
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Trace(dispatcher = true)

instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletOutputStreamTest.java

@@ -54,6 +54,7 @@ public void testWrite() throws URISyntaxException, IOException {
         Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody()));
         Assert.assertEquals("Wrong Response Content-type detected", "multipart/form-data", targetOperation.getResponse().getResponseContentType());
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -76,6 +77,7 @@ public void testPrintString() throws URISyntaxException, IOException {
 
         Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody()));
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -95,10 +97,11 @@ public void testPrintBoolean() throws URISyntaxException, IOException {
         Assert.assertEquals("Wrong port detected", servlet.getEndPoint("outputStream/print").getPort(), targetOperation.getRequest().getServerPort());
         Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName());
         Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType());
-        
 
         boolean resBody = Boolean.parseBoolean(String.valueOf(targetOperation.getResponse().getResponseBody()));
         Assert.assertEquals("Wrong response detected", expected, resBody);
+
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -118,11 +121,11 @@ public void testPrintChar() throws URISyntaxException, IOException {
         Assert.assertEquals("Wrong port detected", servlet.getEndPoint("outputStream/print").getPort(), targetOperation.getRequest().getServerPort());
         Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName());
         Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType());
-        
 
         char resBody = String.valueOf(targetOperation.getResponse().getResponseBody()).charAt(0);
         Assert.assertEquals("Wrong response detected", expected, resBody);
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -146,6 +149,8 @@ public void testPrintInt() throws URISyntaxException, IOException {
 
         int resBody = Integer.parseInt(String.valueOf(targetOperation.getResponse().getResponseBody()));
         Assert.assertEquals("Wrong response detected", expected, resBody);
+
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -169,6 +174,8 @@ public void testPrintLong() throws URISyntaxException, IOException {
 
         long resBody = Long.parseLong(String.valueOf(targetOperation.getResponse().getResponseBody()));
         Assert.assertEquals("Wrong response detected", expected, resBody);
+
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -192,6 +199,8 @@ public void testPrintFloat() throws URISyntaxException, IOException {
 
         float resBody = Float.parseFloat(String.valueOf(targetOperation.getResponse().getResponseBody()));
         Assert.assertEquals("Wrong response detected",expected, resBody, 0.0f);
+
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -215,6 +224,7 @@ public void testPrintDouble() throws URISyntaxException, IOException {
 
         double resBody = Double.parseDouble(String.valueOf(targetOperation.getResponse().getResponseBody()));
         Assert.assertEquals("Wrong response detected", expected, resBody, 0.0d);
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -237,6 +247,7 @@ public void testPrintln() throws URISyntaxException, IOException {
 
         Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody()));
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -259,6 +270,7 @@ public void testPrintlnString() throws URISyntaxException, IOException {
 
         Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody()));
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -281,6 +293,7 @@ public void testPrintlnBoolean() throws URISyntaxException, IOException {
 
         Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody()));
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -303,6 +316,7 @@ public void testPrintlnChar() throws URISyntaxException, IOException {
 
         Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody()));
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -325,6 +339,7 @@ public void testPrintlnInt() throws URISyntaxException, IOException {
 
         Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody()));
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -346,6 +361,7 @@ public void testPrintlnLong() throws URISyntaxException, IOException {
         Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType());
 
         Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody()));
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -367,6 +383,7 @@ public void testPrintlnFloat() throws URISyntaxException, IOException {
         Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType());
 
         Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody()));
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -388,6 +405,7 @@ public void testPrintlnDouble() throws URISyntaxException, IOException {
         Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType());
 
         Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody()));
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
     @Trace(dispatcher = true)
     private String write() throws URISyntaxException, IOException {

instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletRequestTest.java

@@ -59,6 +59,7 @@ public void testGetInputStream() throws Exception {
 
         Assert.assertEquals("Wrong hashcode detected", Collections.singleton(expectedHash), introspector.getRequestInStreamHash());
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -80,6 +81,7 @@ public void testGetReader() throws Exception {
 
         Assert.assertEquals("Wrong hashcode detected", Collections.singleton(expectedHash), introspector.getRequestReaderHash());
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -100,8 +102,8 @@ public void testGetParameter() throws Exception {
         Assert.assertEquals("Wrong Param detected", expectedParam, new ObjectMapper().writeValueAsString(targetOperation.getRequest().getParameterMap()));
         Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName());
         Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType());
-        
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -122,8 +124,8 @@ public void testGetParameterValues() throws Exception {
         Assert.assertEquals("Wrong Param detected", expectedParam, new ObjectMapper().writeValueAsString(targetOperation.getRequest().getParameterMap()));
         Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName());
         Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType());
-        
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -144,8 +146,8 @@ public void testGetParameterMap() throws Exception {
         Assert.assertEquals("Wrong Param detected", expectedParam, new ObjectMapper().writeValueAsString(targetOperation.getRequest().getParameterMap()));
         Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName());
         Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType());
-        
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Trace(dispatcher = true)

instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletResponseTest.java

@@ -51,6 +51,7 @@ public void testGetOutputStream() throws Exception {
 
         Assert.assertEquals("Wrong hashcode detected", Collections.singleton(expectedHash), introspector.getResponseOutStreamHash());
 
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -71,6 +72,7 @@ public void testGetWriter() throws Exception {
         Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType());
 
         Assert.assertEquals("Wrong hashcode detected", Collections.singleton(expectedHash), introspector.getResponseWriterHash());
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Trace(dispatcher = true)

instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletTest.java

@@ -46,6 +46,7 @@ public void testService() throws Exception {
         Assert.assertEquals("Wrong port detected", server.getEndPoint("").getPort(), targetOperation.getRequest().getServerPort());
         Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName());
         Assert.assertEquals("Wrong Content-type detected", "text/plain", targetOperation.getRequest().getContentType());
+        Assert.assertEquals("Incorrect route detected", "/test", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Trace(dispatcher = true)

instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/WebServletTest.java

@@ -30,6 +30,7 @@ public void testAnnotation() throws Exception {
         AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData();
         Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered());
         Assert.assertNotNull(metaData.getServiceTrace());
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Trace(dispatcher = true)

instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/HttpServletTest.java

@@ -32,6 +32,7 @@ public void testPost() throws Exception {
         AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData();
         Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered());
         Assert.assertNotNull(metaData.getServiceTrace());
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
     @Test
     public void testDelete() throws Exception {
@@ -41,6 +42,7 @@ public void testDelete() throws Exception {
         AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData();
         Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered());
         Assert.assertNotNull(metaData.getServiceTrace());
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
     @Test
     public void testPUT() throws Exception {
@@ -50,6 +52,7 @@ public void testPUT() throws Exception {
         AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData();
         Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered());
         Assert.assertNotNull(metaData.getServiceTrace());
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Test
@@ -60,6 +63,7 @@ public void testHEAD() throws Exception {
         AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData();
         Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered());
         Assert.assertNotNull(metaData.getServiceTrace());
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
     @Test
     public void testGET() throws Exception {
@@ -69,6 +73,7 @@ public void testGET() throws Exception {
         AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData();
         Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered());
         Assert.assertNotNull(metaData.getServiceTrace());
+        Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute());
     }
 
     @Trace(dispatcher = true)