|
1 | | -/** |
2 | | - * OWASP Enterprise Security API (ESAPI) |
3 | | - * |
4 | | - * This file is part of the Open Web Application Security Project (OWASP) |
5 | | - * Enterprise Security API (ESAPI) project. For details, please see |
6 | | - * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>. |
7 | | - * |
8 | | - * Copyright (c) 2009 - The OWASP Foundation |
9 | | - * |
10 | | - * The ESAPI is published by OWASP under the BSD license. You should read and accept the |
11 | | - * LICENSE before you use, modify, and/or redistribute this software. |
12 | | - * |
13 | | - * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a> |
14 | | - * @created 2009 |
15 | | - */ |
16 | | -package org.owasp.esapi.waf; |
17 | | - |
18 | | -import java.net.URL; |
19 | | - |
20 | | -import javax.servlet.http.HttpServletResponse; |
21 | | -import javax.servlet.http.HttpSession; |
22 | | - |
23 | | -import org.owasp.esapi.http.MockFilterChain; |
24 | | -import org.owasp.esapi.http.MockHttpServletRequest; |
25 | | - |
26 | | -import junit.framework.TestSuite; |
27 | | - |
28 | | -public class BeanShellTest extends WAFTestCase { |
29 | | - |
30 | | - public static TestSuite suite() { |
31 | | - return new TestSuite(BeanShellTest.class); |
32 | | - } |
33 | | - |
34 | | - public void testRedirectBeanShellRule() throws Exception { |
35 | | - |
36 | | - request = new MockHttpServletRequest( new URL( "http://www.example.com/beanshelltest" ) ); |
37 | | - |
38 | | - WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/bean-shell-policy.xml", request, response, new MockFilterChain() ); |
39 | | - |
40 | | - HttpSession session = request.getSession(); |
41 | | - |
42 | | - assert(session.getAttribute("simple_waf_test") != null); |
43 | | - assert(response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY); |
44 | | - |
45 | | - } |
46 | | - |
47 | | -} |
| 1 | +/** |
| 2 | + * OWASP Enterprise Security API (ESAPI) |
| 3 | + * |
| 4 | + * This file is part of the Open Web Application Security Project (OWASP) |
| 5 | + * Enterprise Security API (ESAPI) project. For details, please see |
| 6 | + * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>. |
| 7 | + * |
| 8 | + * Copyright (c) 2009 - The OWASP Foundation |
| 9 | + * |
| 10 | + * The ESAPI is published by OWASP under the BSD license. You should read and accept the |
| 11 | + * LICENSE before you use, modify, and/or redistribute this software. |
| 12 | + * |
| 13 | + * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a> |
| 14 | + * @created 2009 |
| 15 | + */ |
| 16 | +package org.owasp.esapi.waf; |
| 17 | + |
| 18 | +import java.net.URL; |
| 19 | + |
| 20 | +import javax.servlet.http.HttpServletResponse; |
| 21 | +import javax.servlet.http.HttpSession; |
| 22 | + |
| 23 | +import org.owasp.esapi.http.MockFilterChain; |
| 24 | +import org.owasp.esapi.http.MockHttpServletRequest; |
| 25 | + |
| 26 | +import junit.framework.TestSuite; |
| 27 | + |
| 28 | +public class BeanShellTest extends WAFTestCase { |
| 29 | + |
| 30 | + public static TestSuite suite() { |
| 31 | + return new TestSuite(BeanShellTest.class); |
| 32 | + } |
| 33 | + |
| 34 | + public void testRedirectBeanShellRule() throws Exception { |
| 35 | + |
| 36 | + request = new MockHttpServletRequest( new URL( "http://www.example.com/beanshelltest" ) ); |
| 37 | + |
| 38 | + WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/bean-shell-policy.xml", request, response, new MockFilterChain() ); |
| 39 | + |
| 40 | + HttpSession session = request.getSession(); |
| 41 | + |
| 42 | + assert(session.getAttribute("simple_waf_test") != null); |
| 43 | + assert(response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY); |
| 44 | + |
| 45 | + } |
| 46 | + |
| 47 | +} |
0 commit comments