public ValidationErrorException() { this(null, null, new ValidatorHelperResult(false)); }
/** * This method check if hasNonConfidentialIncorrectValues method can receive repeated values of received array values. */ public void testHasNonConfidentialIncorrectValues_RepeatedValuesInAnyPosition_2() { String parameter = "param1"; String[] values = new String[] { "20", "0", "20", "10" }; List<String> tempStateValues = new ArrayList<String>(); tempStateValues.add("0"); tempStateValues.add("10"); tempStateValues.add("20"); ValidatorHelperResult actualResult = ((ValidatorHelperRequest) helper).hasNonConfidentialIncorrectValues(targetName, parameter, values, tempStateValues); assertFalse(actualResult.isValid()); assertEquals(HDIVErrorCodes.REPEATED_VALUES_FOR_PARAMETER, actualResult.getErrors().get(0).getType()); }
if (result.isValid()) { if (log.isDebugEnabled()) { log.debug("The target [" + target + "] is an start page and parameters are valid."); if (!result.isValid()) { if (log.isDebugEnabled()) { log.debug("Invalid cookies found."); if (!result.isValid()) { if (log.isDebugEnabled()) { log.debug("Error restoring the state: " + result); IState state = result.getValue(); if (!result.isValid()) { return result; if (!result.isValid()) { return result; if (!result.isValid()) { return result; return new ValidatorHelperResult(unauthorizedEditableParameters);
public ValidationErrorException(final String message, final Throwable e) { this(message, e, new ValidatorHelperResult(new ValidatorError(message))); result.getErrors().get(0).setException(e); }
if (!result.isValid()) { return result; ValidatorError error = new ValidatorError(HDIVErrorCodes.REPEATED_VALUES_FOR_PARAMETER, target, parameter, values[i], originalValue); return new ValidatorHelperResult(error);
/** * Test for cookies integrity. */ public void testValidateClientAndServerCookies() { MockHttpServletRequest request = getMockRequest(); responseWrapper.addCookie(new Cookie("name", "value")); dataComposer.beginRequest(Method.GET, targetName); dataComposer.compose("param1", "value1", false); String pageState = dataComposer.endRequest(); assertNotNull(pageState); addParameter(pageState); dataComposer.endPage(); // Add new cookie request.setCookies(new Cookie[] { new Cookie("name2", "value2") }); boolean result = helper.validate(context).isValid(); assertTrue(result); // modify cookie value request.setCookies(new Cookie[] { new Cookie("name", "changedValue") }); result = helper.validate(context).isValid(); assertFalse(result); }
/** * Validation test with the HDIV parameter only. Validation should be correct. */ public void testValidateHasOnlyHDIVParameter() { dataComposer.beginRequest(Method.GET, targetName); String pageState = dataComposer.endRequest(); dataComposer.endPage(); addParameter(pageState); boolean result = helper.validate(context).isValid(); assertTrue(result); }
return new ValidatorHelperResult(error); if (!result.isValid()) { return result;
private void processPenTesting(final ValidationContext context) { ValidatorHelperResult ptresult = restoreState(context); if (ptresult.isValid()) { List<String> editable = new ArrayList<String>(); context.getRequestContext().getResponse().setContentType("text/html"); if (ptresult.getValue().getParameters() != null) { for (IParameter parameter : ptresult.getValue().getParameters()) { if (parameter.isEditable()) { editable.add(parameter.getName()); } } } for (int i = 0; i < editable.size(); i++) { try { PrintWriter out = context.getRequestContext().getResponse().getWriter(); if (i != 0) { out.write(','); } out.write(editable.get(i)); out.flush(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } } throw new ValidationErrorException(ValidatorHelperResult.PEN_TESTING); } }
public void testValidateNotRequiredButtonAndHiddenParameter() { MockHttpServletRequest request = getMockRequest(); dataComposer.beginRequest(Method.GET, targetName); String buttonValue = dataComposer.compose("button", "buttonValue", false, "button"); String hiddenValue = dataComposer.compose("hidden", "value1", false, "hidden", true, Method.POST, "UTF-8"); System.out.println("HIDDENVALUE:" + hiddenValue + " BUTTON:" + buttonValue); String pageState = dataComposer.endRequest(); dataComposer.endPage(); addParameter(pageState); assertTrue(!helper.validate(context).isValid()); }
/** * This method check if hasNonConfidentialIncorrectValues method can receive repeated values at first positions of received array * values. */ public void testHasNonConfidentialIncorrectValues_RepeatedValuesAtFirstPositions() { String parameter = "param1"; String[] values = new String[] { "20", "20", "0", "10" }; List<String> tempStateValues = new ArrayList<String>(); tempStateValues.add("0"); tempStateValues.add("10"); tempStateValues.add("20"); ValidatorHelperResult actualResult = ((ValidatorHelperRequest) helper).hasNonConfidentialIncorrectValues(targetName, parameter, values, tempStateValues); assertFalse(actualResult.isValid()); assertEquals(HDIVErrorCodes.REPEATED_VALUES_FOR_PARAMETER, actualResult.getErrors().get(0).getType()); }
/** * Checks if the confidential value received in <code>value</code> is a value lower than the number or values received for the parameter * <code>parameter</code>. * * @param target Part of the url that represents the target action * @param parameter parameter * @param value value * @param stateValues real values for <code>parameter</code> * @return ValidatorHelperResult with the result of the validation. * @since HDIV 2.0 */ protected ValidatorHelperResult isInRange(final String target, final String parameter, final String value, final List<String> stateValues) { Matcher m = numberPattern.matcher(value); try { if (!m.matches() || Integer.parseInt(value) >= stateValues.size()) { String originalValue = stateValues.size() > 1 ? stateValues.toString() : stateValues.get(0); ValidatorError error = new ValidatorError(HDIVErrorCodes.INVALID_CONFIDENTIAL_VALUE, target, parameter, value, originalValue); return new ValidatorHelperResult(error); } } catch (final NumberFormatException e) { // value is not a number or is greater than the length of Integer.MAX_VALUE String originalValue = stateValues.size() > 1 ? stateValues.toString() : stateValues.get(0); ValidatorError error = new ValidatorError(HDIVErrorCodes.INVALID_CONFIDENTIAL_VALUE, target, parameter, value, originalValue); return new ValidatorHelperResult(error); } return ValidatorHelperResult.VALID; }
public void testValidateLongLiving() { dataComposer.startScope(StateScopeType.APP); dataComposer.beginRequest(Method.GET, targetName); String pageState = dataComposer.endRequest(); dataComposer.endScope(); dataComposer.endPage(); assertTrue(pageState.startsWith("A-")); addParameter(pageState); boolean result = helper.validate(context).isValid(); assertTrue(result); }
/** * This method check if hasNonConfidentialIncorrectValues method can receive repeated values in the middle of received array values. */ public void testHasNonConfidentialIncorrectValues_RepeatedValuesInTheMiddle() { String parameter = "param1"; String[] values = new String[] { "0", "20", "20", "10" }; List<String> tempStateValues = new ArrayList<String>(); tempStateValues.add("0"); tempStateValues.add("10"); tempStateValues.add("20"); ValidatorHelperResult actualResult = ((ValidatorHelperRequest) helper).hasNonConfidentialIncorrectValues(targetName, parameter, values, tempStateValues); assertFalse(actualResult.isValid()); assertEquals(HDIVErrorCodes.REPEATED_VALUES_FOR_PARAMETER, actualResult.getErrors().get(0).getType()); }
/** * Checks if the action received in the request is the same as the one stored in the HDIV state. * * @param context Request context * @param target Part of the url that represents the target action * @param stateAction The restored state for this url * @return valid result if the actions are the same. False otherwise. */ protected ValidatorHelperResult isTheSameAction(final RequestContextHolder context, final String target, String stateAction) { // Remove HTML escaped content from the action, for example, HTML entities like Ñ stateAction = HtmlUtils.htmlUnescape(stateAction); if (stateAction.equalsIgnoreCase(target)) { return ValidatorHelperResult.VALID; } if (target.endsWith("/")) { String actionSlash = stateAction + "/"; if (actionSlash.equalsIgnoreCase(target)) { return ValidatorHelperResult.VALID; } } if (log.isDebugEnabled()) { log.debug("Validation error in the action. Action in state [" + stateAction + "], action in the request [" + target + "]"); } ValidatorError error = new ValidatorError(HDIVErrorCodes.INVALID_ACTION, target); return new ValidatorHelperResult(error); }
/** * Test for cookies integrity. */ public void testValidateCookiesIntegrityCorrectWithDomain() { MockHttpServletRequest request = getMockRequest(); Cookie localCookie = new Cookie("name", "value"); localCookie.setDomain("localhost"); responseWrapper.addCookie(localCookie); dataComposer.beginRequest(Method.GET, targetName); dataComposer.compose("param1", "value1", false); String pageState = dataComposer.endRequest(); assertNotNull(pageState); request.addParameter(hdivParameter, pageState); dataComposer.endPage(); // Modify cookie value on client request.setCookies(new Cookie[] { new Cookie("name", "0") }); boolean result = helper.validate(context).isValid(); assertTrue(result); }
/** * This method check if hasNonConfidentialIncorrectValues method can receive repeated values of received array values. */ public void testHasNonConfidentialIncorrectValues_RepeatedValuesInAnyPosition_1() { String parameter = "param1"; String[] values = new String[] { "20", "0", "10", "20" }; List<String> tempStateValues = new ArrayList<String>(); tempStateValues.add("0"); tempStateValues.add("10"); tempStateValues.add("20"); ValidatorHelperResult actualResult = ((ValidatorHelperRequest) helper).hasNonConfidentialIncorrectValues(targetName, parameter, values, tempStateValues); assertFalse(actualResult.isValid()); assertEquals(HDIVErrorCodes.REPEATED_VALUES_FOR_PARAMETER, actualResult.getErrors().get(0).getType()); }
/** * Validate required parameters but not received in the request. * * @param request HttpServletRequest to validate * @param state IState The restored state for this url * @param target Part of the url that represents the target action * @param stateParams Url params from State * @param missingParameters Required parameters not received in the request. * @return result with the error */ protected ValidatorHelperResult validateMissingParameters(final RequestContextHolder request, final IState state, final String target, final Map<String, String[]> stateParams, final List<String> missingParameters) { for (Iterator<String> i = missingParameters.iterator(); i.hasNext();) { String param = i.next(); if (hdivConfig.isStartParameter(param) || hdivConfig.isParameterWithoutValidation(target, param)) { i.remove(); } } if (missingParameters.isEmpty()) { return ValidatorHelperResult.VALID; } if (log.isDebugEnabled()) { log.debug("Missing some required parameters: " + missingParameters.toString()); } ValidatorError error = new ValidatorError(HDIVErrorCodes.NOT_RECEIVED_ALL_REQUIRED_PARAMETERS, target, missingParameters.toString()); return new ValidatorHelperResult(error); }
/** * Test validation with a link without parameters */ public void testIfAllParametersAreReceivedLinkWithoutParameters() { MockHttpServletRequest request = getMockRequest(); dataComposer.beginRequest(Method.GET, targetName); String pageState = dataComposer.endRequest(); dataComposer.endPage(); request.addParameter(hdivParameter, pageState); boolean result = helper.validate(context).isValid(); assertTrue(result); }