aspose file tools*
The moose likes Testing and the fly likes Unit testing filters Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Testing
Bookmark "Unit testing filters" Watch "Unit testing filters" New topic
Author

Unit testing filters

Lee Horner
Greenhorn

Joined: Apr 28, 2011
Posts: 2

Hello all,

I have come in midway into a project, and I am trying to retrofit a sanitization filter into an existing spring project.

My understanding is that to sanitize a request before moving down the chain, I have to wrap the request in a wrapper, as it is normally read only.

So I found the following article about XSS sanitization and decided this would be a good starting point....

http://greatwebguy.com/programming/java/simple-cross-site-scripting-xss-servlet-filter/

The project already has a security filter, so I was either going to daisychain the sanitization filter onto the end, or edit the security filter to also do the sanitiation.

All I want to do is to have a JUnit test that creates a series of requests with a payload similar to those found at

http://ha.ckers.org/xss.html

So that I can check that the filter is indeed filtering malicious code attacks.

I originally tried cactus, but that has a bunch of dependancies that break the project when I copy the Jars into the lib folder.

Could anyone recommend an alternative approach to testing the filter?

Many thanks.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 29259
    
140

Lee,
Can you use a mock objects framework like jMock or mockito and just test the logic without everything else? If not, I would refactor the code to test the logic independent of the filter.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Lee Horner
Greenhorn

Joined: Apr 28, 2011
Posts: 2

Hi Jeanne,

Thanks for the answer. My colleagues had come to the same conclusion as youself; to refactor the code to allow the important methods to be called via JUnit.

I'm glad we came to the same conclusion as you.

Thanks again.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 29259
    
140

Great minds think alike . Thanks for sharing your conclusion.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Unit testing filters
 
Similar Threads
Sanitization routines for HTML input
Another Exception in thread "Thread-209" java.lang.StackOverflowError from a valid regex
security and other aspects
richfaces and problems with navigation
HTML sanitization