You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by ni...@apache.org on 2006/02/22 03:59:21 UTC
svn commit: r379660 - in
/struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts:
mock/MockHttpServletRequest.java mock/MockMultipartRequestHandler.java
util/TestRequestUtilsPopulate.java
Author: niallp
Date: Tue Feb 21 18:59:19 2006
New Revision: 379660
URL: http://svn.apache.org/viewcvs?rev=379660&view=rev
Log:
Test case for Bug 38534 - DOS attack, application hack - patch submitted by Henri Yandell
(includes new mock MultipartRequestHandler implementation)
Added:
struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/mock/MockMultipartRequestHandler.java (with props)
struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/util/TestRequestUtilsPopulate.java (with props)
Modified:
struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/mock/MockHttpServletRequest.java
Modified: struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/mock/MockHttpServletRequest.java
URL: http://svn.apache.org/viewcvs/struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/mock/MockHttpServletRequest.java?rev=379660&r1=379659&r2=379660&view=diff
==============================================================================
--- struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/mock/MockHttpServletRequest.java (original)
+++ struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/mock/MockHttpServletRequest.java Tue Feb 21 18:59:19 2006
@@ -1,7 +1,7 @@
/*
* $Id$
*
- * Copyright 1999-2004 The Apache Software Foundation.
+ * Copyright 1999-2006 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -144,6 +144,15 @@
*/
protected HttpSession session = null;
+ /**
+ * <p> The HTTP request method. </p>
+ */
+ protected String method = null;
+
+ /**
+ * <p> The Content Type for this request. </p>
+ */
+ protected String contentType = null;
// --------------------------------------------------------- Public Methods
@@ -171,6 +180,13 @@
this.locale = locale;
}
+ public void setMethod(String method) {
+ this.method = method;
+ }
+
+ public void setContentType(String contentType) {
+ this.contentType = contentType;
+ }
public void setPathElements(String contextPath, String servletPath,
String pathInfo, String queryString) {
@@ -233,7 +249,7 @@
public String getMethod() {
- throw new UnsupportedOperationException();
+ return (method);
}
@@ -365,7 +381,7 @@
public String getContentType() {
- throw new UnsupportedOperationException();
+ return (contentType);
}
Added: struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/mock/MockMultipartRequestHandler.java
URL: http://svn.apache.org/viewcvs/struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/mock/MockMultipartRequestHandler.java?rev=379660&view=auto
==============================================================================
--- struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/mock/MockMultipartRequestHandler.java (added)
+++ struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/mock/MockMultipartRequestHandler.java Tue Feb 21 18:59:19 2006
@@ -0,0 +1,133 @@
+/*
+ * $Id$
+ *
+ * Copyright 2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.struts.mock;
+
+import java.util.Enumeration;
+import java.util.Hashtable;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.struts.action.ActionServlet;
+import org.apache.struts.action.ActionMapping;
+import org.apache.struts.upload.MultipartRequestHandler;
+
+/**
+ * <p>Mock <strong>MultipartRequestHandler</strong> object for unit tests.</p>
+ *
+ * @version $Rev$
+ */
+public class MockMultipartRequestHandler implements MultipartRequestHandler {
+
+ private ActionServlet servlet;
+ private ActionMapping mapping = new ActionMapping();
+ private Hashtable elements;
+
+ /**
+ * Convienience method to set a reference to a mock
+ * ActionServlet instance.
+ */
+ public void setServlet(ActionServlet servlet) {
+ this.servlet = servlet;
+ }
+
+ /**
+ * Convienience method to set a reference to a mock
+ * ActionMapping instance.
+ */
+ public void setMapping(ActionMapping mapping) {
+ this.mapping = mapping;
+ }
+
+ /**
+ * Get the mock ActionServlet instance
+ */
+ public ActionServlet getServlet() {
+ return this.servlet;
+ }
+
+ /**
+ * Get the ActionMapping instance for this mock request
+ */
+ public ActionMapping getMapping() {
+ return this.mapping;
+ }
+
+ /**
+ * <p>Mock parsing of the ServletInputStream.</p>
+ *
+ * <p>Constructs a <code>Hashtable</code> of elements
+ * from the HttpServletRequest's parameters - no
+ * <code>FormFile</code> elements are created.</p>
+ */
+ public void handleRequest(HttpServletRequest request) throws ServletException {
+ elements = new Hashtable();
+ Enumeration enum = request.getParameterNames();
+ while(enum.hasMoreElements()) {
+ String key = enum.nextElement().toString();
+ elements.put(key, request.getParameter(key));
+ }
+ }
+
+ /**
+ * This method is called on to retrieve all the text
+ * input elements of the request.
+ *
+ * @return A Hashtable where the keys and values are the names and
+ * values of the request input parameters
+ */
+ public Hashtable getTextElements() {
+ return this.elements;
+ }
+
+ /**
+ * <p>This method is called on to retrieve all the FormFile
+ * input elements of the request.</p>
+ *
+ * @return This mock implementation returns an empty
+ * <code>Hashtable</code>
+ */
+ public Hashtable getFileElements() {
+ return new Hashtable();
+ }
+
+ /**
+ * This method returns all elements of a multipart request.
+ * @return This mock implementation returns a Hashtable where
+ * the keys are input names and values are either Strings
+ * (no FormFile elements)
+ */
+ public Hashtable getAllElements() {
+ return this.elements;
+ }
+
+ /**
+ * Mock <code>rollback()</code> method does nothing.
+ */
+ public void rollback() {
+ // ignore
+ }
+
+ /**
+ * Mock <code>finish()</code> method does nothing.
+ */
+ public void finish() {
+ // ignore
+ }
+
+}
+
Propchange: struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/mock/MockMultipartRequestHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/mock/MockMultipartRequestHandler.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision HeadURL
Added: struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/util/TestRequestUtilsPopulate.java
URL: http://svn.apache.org/viewcvs/struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/util/TestRequestUtilsPopulate.java?rev=379660&view=auto
==============================================================================
--- struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/util/TestRequestUtilsPopulate.java (added)
+++ struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/util/TestRequestUtilsPopulate.java Tue Feb 21 18:59:19 2006
@@ -0,0 +1,121 @@
+/*
+ * $Id$
+ *
+ * Copyright 2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.struts.util;
+
+import javax.servlet.ServletException;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.struts.action.ActionMapping;
+import org.apache.struts.util.RequestUtils;
+import org.apache.struts.Globals;
+import org.apache.struts.mock.TestMockBase;
+import org.apache.struts.mock.MockFormBean;
+import org.apache.struts.mock.MockMultipartRequestHandler;
+
+/**
+ * Unit tests for the RequestUtil's <code>populate</code> method.
+ *
+ * @version $Rev$
+ */
+public class TestRequestUtilsPopulate extends TestMockBase {
+
+ /**
+ * Defines the testcase name for JUnit.
+ *
+ * @param theName the testcase's name.
+ */
+ public TestRequestUtilsPopulate(String theName) {
+ super(theName);
+ }
+
+ /**
+ * Start the tests.
+ *
+ * @param theArgs the arguments. Not used
+ */
+ public static void main(String[] theArgs) {
+ junit.awtui.TestRunner.main(
+ new String[] { TestRequestUtilsPopulate.class.getName()});
+ }
+
+ /**
+ * @return a test suite (<code>TestSuite</code>) that includes all methods
+ * starting with "test"
+ */
+ public static Test suite() {
+ // All methods starting with "test" will be executed in the test suite.
+ return new TestSuite(TestRequestUtilsPopulate.class);
+ }
+
+ public void setUp() {
+ super.setUp();
+ }
+
+ public void tearDown() {
+ super.tearDown();
+ }
+
+ /**
+ * Ensure that the getMultipartRequestHandler cannot be seen in
+ * a subclass of ActionForm.
+ *
+ * The purpose of this test is to ensure that Bug #38534 is fixed.
+ *
+ */
+ public void testMultipartVisibility() throws Exception {
+
+ String mockMappingName = "mockMapping";
+ String stringValue = "Test";
+
+ MockFormBean mockForm = new MockFormBean();
+ ActionMapping mapping = new ActionMapping();
+ mapping.setName(mockMappingName);
+
+ // Set up the mock HttpServletRequest
+ request.setMethod("POST");
+ request.setContentType("multipart/form-data");
+ request.setAttribute(Globals.MULTIPART_KEY, MockMultipartRequestHandler.class.getName());
+ request.setAttribute(Globals.MAPPING_KEY, mapping);
+
+ request.addParameter("stringProperty", stringValue);
+ request.addParameter("multipartRequestHandler.mapping.name", "Bad");
+
+ // Check the Mapping/ActionForm before
+ assertNull("Multipart Handler already set", mockForm.getMultipartRequestHandler());
+ assertEquals("Mapping name not set correctly", mockMappingName, mapping.getName());
+
+ // Try to populate
+ try {
+ RequestUtils.populate(mockForm, request);
+ } catch(ServletException se) {
+ // Expected BeanUtils.populate() to throw a NestedNullException
+ // which gets wrapped in RequestUtils in a ServletException
+ assertEquals("Unexpected type of Exception thrown", "BeanUtils.populate", se.getMessage());
+ }
+
+ // Check the Mapping/ActionForm after
+ assertNotNull("Multipart Handler Missing", mockForm.getMultipartRequestHandler());
+ assertEquals("Mapping name has been modified", mockMappingName, mapping.getName());
+
+ }
+
+}
+
Propchange: struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/util/TestRequestUtilsPopulate.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: struts/action/branches/STRUTS_1_2_BRANCH/src/test/org/apache/struts/util/TestRequestUtilsPopulate.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision HeadURL
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org