Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Unit testing filters

 
Lee Horner
Greenhorn
Posts: 2
Android Eclipse IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,

I have come in midway into a project, and I am trying to retrofit a sanitization filter into an existing spring project.

My understanding is that to sanitize a request before moving down the chain, I have to wrap the request in a wrapper, as it is normally read only.

So I found the following article about XSS sanitization and decided this would be a good starting point....

http://greatwebguy.com/programming/java/simple-cross-site-scripting-xss-servlet-filter/

The project already has a security filter, so I was either going to daisychain the sanitization filter onto the end, or edit the security filter to also do the sanitiation.

All I want to do is to have a JUnit test that creates a series of requests with a payload similar to those found at

http://ha.ckers.org/xss.html

So that I can check that the filter is indeed filtering malicious code attacks.

I originally tried cactus, but that has a bunch of dependancies that break the project when I copy the Jars into the lib folder.

Could anyone recommend an alternative approach to testing the filter?

Many thanks.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34095
337
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Lee,
Can you use a mock objects framework like jMock or mockito and just test the logic without everything else? If not, I would refactor the code to test the logic independent of the filter.
 
Lee Horner
Greenhorn
Posts: 2
Android Eclipse IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jeanne,

Thanks for the answer. My colleagues had come to the same conclusion as youself; to refactor the code to allow the important methods to be called via JUnit.

I'm glad we came to the same conclusion as you.

Thanks again.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34095
337
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Great minds think alike . Thanks for sharing your conclusion.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic