aspose file tools*
The moose likes Testing and the fly likes Unit testing filters Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Testing
Bookmark "Unit testing filters" Watch "Unit testing filters" New topic
Author

Unit testing filters

Lee Horner
Greenhorn

Joined: Apr 28, 2011
Posts: 2

Hello all,

I have come in midway into a project, and I am trying to retrofit a sanitization filter into an existing spring project.

My understanding is that to sanitize a request before moving down the chain, I have to wrap the request in a wrapper, as it is normally read only.

So I found the following article about XSS sanitization and decided this would be a good starting point....

http://greatwebguy.com/programming/java/simple-cross-site-scripting-xss-servlet-filter/

The project already has a security filter, so I was either going to daisychain the sanitization filter onto the end, or edit the security filter to also do the sanitiation.

All I want to do is to have a JUnit test that creates a series of requests with a payload similar to those found at

http://ha.ckers.org/xss.html

So that I can check that the filter is indeed filtering malicious code attacks.

I originally tried cactus, but that has a bunch of dependancies that break the project when I copy the Jars into the lib folder.

Could anyone recommend an alternative approach to testing the filter?

Many thanks.
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30751
    
156

Lee,
Can you use a mock objects framework like jMock or mockito and just test the logic without everything else? If not, I would refactor the code to test the logic independent of the filter.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Lee Horner
Greenhorn

Joined: Apr 28, 2011
Posts: 2

Hi Jeanne,

Thanks for the answer. My colleagues had come to the same conclusion as youself; to refactor the code to allow the important methods to be called via JUnit.

I'm glad we came to the same conclusion as you.

Thanks again.
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30751
    
156

Great minds think alike . Thanks for sharing your conclusion.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Unit testing filters