From def8af25caa41d68476f346efab3bb5f6d109e93 Mon Sep 17 00:00:00 2001 From: Kamil Jarmusik Date: Tue, 26 Nov 2024 00:52:37 +0100 Subject: [PATCH] #2985 Prevent XSS for REST API by escape String content: - Using class XssProtectUtils (use Spring) instead of Security class from dwr; _ Rename classes: XssProtectHtmlUtils to XssProtectUtils, XssUtils to XssValidatorUtils; - Changed private on public no args constructor for class XssProtectUtils; - Added Data Point information to console log in ScriptExecutor.convertContext; --- .../view/component/ChartComparatorComponent.java | 10 +++++----- .../scadabr/view/component/LinkComponent.java | 6 +++--- .../view/component/ScriptButtonComponent.java | 6 +++--- .../vo/scripting/ContextualizedScriptVO.java | 14 +++++++------- .../mango/rt/dataSource/meta/ScriptExecutor.java | 2 +- .../vo/dataSource/meta/MetaPointLocatorVO.java | 8 ++++---- .../mango/vo/report/ReportChartCreator.java | 4 ++-- .../mango/vo/report/SeriesIdentifier.java | 4 +--- src/com/serotonin/mango/web/dwr/ViewDwr.java | 6 +++--- .../mango/web/dwr/XssDataPointBeanConverter.java | 6 +++--- .../mango/web/dwr/XssDataPointVoConverter.java | 16 ++++++++-------- .../serotonin/mango/web/taglib/Functions.java | 12 ++++++------ .../web/beans/validation/xss/XssValidator.java | 2 +- src/org/scada_lts/web/security/XssFilter.java | 2 +- .../security/XssProtectCssStyleSerializer.java | 2 +- .../web/security/XssProtectStringSerializer.java | 2 +- ...rotectHtmlUtils.java => XssProtectUtils.java} | 6 +++--- .../{XssUtils.java => XssValidatorUtils.java} | 4 ++-- ...sTest.java => BodyXssValidatorUtilsTest.java} | 6 +++--- ...mlUtilsTest.java => XssProtectUtilsTest.java} | 8 ++++---- ...UtilsTest.java => XssValidatorUtilsTest.java} | 6 +++--- ...ite.java => XssValidatorUtilsTestsSuite.java} | 6 +++--- 22 files changed, 68 insertions(+), 70 deletions(-) rename src/org/scada_lts/web/security/{XssProtectHtmlUtils.java => XssProtectUtils.java} (87%) rename src/org/scada_lts/web/security/{XssUtils.java => XssValidatorUtils.java} (97%) rename test/org/scada_lts/web/security/{BodyXssUtilsTest.java => BodyXssValidatorUtilsTest.java} (97%) rename test/org/scada_lts/web/security/{XssProtectHtmlUtilsTest.java => XssProtectUtilsTest.java} (91%) rename test/org/scada_lts/web/security/{XssUtilsTest.java => XssValidatorUtilsTest.java} (97%) rename test/org/scada_lts/web/security/{XssUtilsTestsSuite.java => XssValidatorUtilsTestsSuite.java} (55%) diff --git a/src/br/org/scadabr/view/component/ChartComparatorComponent.java b/src/br/org/scadabr/view/component/ChartComparatorComponent.java index 268dbe7144..b469631a2f 100644 --- a/src/br/org/scadabr/view/component/ChartComparatorComponent.java +++ b/src/br/org/scadabr/view/component/ChartComparatorComponent.java @@ -22,7 +22,7 @@ import org.scada_lts.dao.model.ScadaObjectIdentifier; import org.scada_lts.permissions.service.GetDataPointsWithAccess; -import static org.scada_lts.web.security.XssProtectHtmlUtils.escape; +import static org.scada_lts.web.security.XssProtectUtils.escapeHtml; @JsonRemoteEntity @@ -116,7 +116,7 @@ private String createDataPointsSelectComponent(String idPrefix, List   "); for (ScadaObjectIdentifier dp : dataPoints) { - sb.append(""); } sb.append(""); @@ -138,10 +138,10 @@ private String createDateRangeComponent(String idPrefix, String fromDateId, sb.append(""); sb.append(""); sb.append(" " - + ""); + + ""); sb.append("
De A
"); return sb.toString(); } diff --git a/src/br/org/scadabr/view/component/LinkComponent.java b/src/br/org/scadabr/view/component/LinkComponent.java index 28984e5dc4..125b611b41 100644 --- a/src/br/org/scadabr/view/component/LinkComponent.java +++ b/src/br/org/scadabr/view/component/LinkComponent.java @@ -12,7 +12,7 @@ import com.serotonin.mango.view.component.ViewComponent; import com.serotonin.util.SerializationHelper; -import static org.scada_lts.web.security.XssProtectHtmlUtils.escape; +import static org.scada_lts.web.security.XssProtectUtils.escapeHtml; @JsonRemoteEntity public class LinkComponent extends HtmlComponent { @@ -50,8 +50,8 @@ private void createLink() { public String createLinkContent() { StringBuilder sb = new StringBuilder(); - sb.append(""); - sb.append(escape(text)); + sb.append(""); + sb.append(escapeHtml(text)); sb.append(""); return sb.toString(); } diff --git a/src/br/org/scadabr/view/component/ScriptButtonComponent.java b/src/br/org/scadabr/view/component/ScriptButtonComponent.java index b0bd001ec5..16757688fa 100644 --- a/src/br/org/scadabr/view/component/ScriptButtonComponent.java +++ b/src/br/org/scadabr/view/component/ScriptButtonComponent.java @@ -12,7 +12,7 @@ import com.serotonin.mango.view.component.ViewComponent; import com.serotonin.util.SerializationHelper; -import static org.scada_lts.web.security.XssProtectHtmlUtils.escape; +import static org.scada_lts.web.security.XssProtectUtils.escapeHtml; @JsonRemoteEntity public class ScriptButtonComponent extends HtmlComponent { @@ -50,9 +50,9 @@ private void createScriptButton() { public String createScriptButtonContent() { StringBuilder sb = new StringBuilder(); - sb.append(""); return sb.toString(); } diff --git a/src/br/org/scadabr/vo/scripting/ContextualizedScriptVO.java b/src/br/org/scadabr/vo/scripting/ContextualizedScriptVO.java index 960eb86cd5..16f7723b4b 100644 --- a/src/br/org/scadabr/vo/scripting/ContextualizedScriptVO.java +++ b/src/br/org/scadabr/vo/scripting/ContextualizedScriptVO.java @@ -28,7 +28,7 @@ import com.serotonin.web.i18n.LocalizableMessage; import static org.scada_lts.utils.ValidationDwrUtils.validateVarNameScript; -import static org.scada_lts.web.security.XssProtectHtmlUtils.escape; +import static org.scada_lts.web.security.XssProtectUtils.escapeHtml; @JsonRemoteEntity public class ContextualizedScriptVO extends ScriptVO @@ -55,16 +55,16 @@ public void validate(DwrResponseI18n response) { } if (!validateVarNameScript(varName)) { - response.addContextualMessage("context", "validate.invalidVarName", escape(varName)); + response.addContextualMessage("context", "validate.invalidVarName", escapeHtml(varName)); break; } if (varNameSpace.contains(varName)) { - response.addContextualMessage("context", "validate.duplicateVarName", escape(varName)); + response.addContextualMessage("context", "validate.duplicateVarName", escapeHtml(varName)); break; } - varNameSpace.add(escape(varName)); + varNameSpace.add(escapeHtml(varName)); } for (IntValuePair point : objectsOnContext) { @@ -76,16 +76,16 @@ public void validate(DwrResponseI18n response) { } if (!validateVarNameScript(varName)) { - response.addContextualMessage("context", "validate.invalidVarName", escape(varName)); + response.addContextualMessage("context", "validate.invalidVarName", escapeHtml(varName)); break; } if (varNameSpace.contains(varName)) { - response.addContextualMessage("context", "validate.duplicateVarName", escape(varName)); + response.addContextualMessage("context", "validate.duplicateVarName", escapeHtml(varName)); break; } - varNameSpace.add(escape(varName)); + varNameSpace.add(escapeHtml(varName)); } super.validate(response); diff --git a/src/com/serotonin/mango/rt/dataSource/meta/ScriptExecutor.java b/src/com/serotonin/mango/rt/dataSource/meta/ScriptExecutor.java index 7531af6b22..572b5a8a89 100644 --- a/src/com/serotonin/mango/rt/dataSource/meta/ScriptExecutor.java +++ b/src/com/serotonin/mango/rt/dataSource/meta/ScriptExecutor.java @@ -80,7 +80,7 @@ public Map convertContext(List context, DataPo if (point == null) { LOG.error("Error DataPointRT null " + new Exception("key:" + contextEntry.getKey() - + " value:" + contextEntry.getValue())); + + " value:" + contextEntry.getValue()) + " from:" + LoggingUtils.dataPointInfo(dataPoint)); DataPointStateException dataPointStateException = createPointUnavailableException(contextEntry); if(dataPoint != null && metaDataSource != null) { metaDataSource.raiseContextError(System.currentTimeMillis(), dataPoint, dataPointStateException.getLocalizableMessage()); diff --git a/src/com/serotonin/mango/vo/dataSource/meta/MetaPointLocatorVO.java b/src/com/serotonin/mango/vo/dataSource/meta/MetaPointLocatorVO.java index b55e125efc..8cd77cdb44 100644 --- a/src/com/serotonin/mango/vo/dataSource/meta/MetaPointLocatorVO.java +++ b/src/com/serotonin/mango/vo/dataSource/meta/MetaPointLocatorVO.java @@ -54,7 +54,7 @@ import com.serotonin.web.i18n.LocalizableMessage; import static org.scada_lts.utils.ValidationDwrUtils.validateVarNameScript; -import static org.scada_lts.web.security.XssProtectHtmlUtils.escape; +import static org.scada_lts.web.security.XssProtectUtils.escapeHtml; /** * @author Matthew Lohbihler @@ -193,7 +193,7 @@ public void validate(DwrResponseI18n response, int dataPointId) { int pointId = point.getKey(); if(pointId != Common.NEW_ID && pointId == dataPointId) { - response.addContextualMessage("context", "validate.invalidVariable", escape(varName)); + response.addContextualMessage("context", "validate.invalidVariable", escapeHtml(varName)); break; } @@ -203,12 +203,12 @@ public void validate(DwrResponseI18n response, int dataPointId) { } if (!validateVarNameScript(varName)) { - response.addContextualMessage("context", "validate.invalidVarName", escape(varName)); + response.addContextualMessage("context", "validate.invalidVarName", escapeHtml(varName)); break; } if (varNameSpace.contains(varName)) { - response.addContextualMessage("context", "validate.duplicateVarName", escape(varName)); + response.addContextualMessage("context", "validate.duplicateVarName", escapeHtml(varName)); break; } diff --git a/src/com/serotonin/mango/vo/report/ReportChartCreator.java b/src/com/serotonin/mango/vo/report/ReportChartCreator.java index 025b8262a2..a9b192ed1c 100644 --- a/src/com/serotonin/mango/vo/report/ReportChartCreator.java +++ b/src/com/serotonin/mango/vo/report/ReportChartCreator.java @@ -35,11 +35,11 @@ import freemarker.template.Template; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.directwebremoting.Security; import org.jfree.data.time.TimeSeries; import org.scada_lts.mango.service.SystemSettingsService; import org.scada_lts.utils.ColorUtils; import com.serotonin.mango.util.DateUtils; +import org.scada_lts.web.security.XssProtectUtils; import java.awt.*; import java.io.*; @@ -124,7 +124,7 @@ public void createContent(ReportInstance reportInstance, ReportDao reportDao, St model.put("instance", reportInstance); model.put("points", pointStatistics); model.put("inline", inlinePrefix == null ? "" : "cid:"); - model.put("security", new Security()); + model.put("security", new XssProtectUtils()); model.put("ALPHANUMERIC", DataTypes.ALPHANUMERIC); model.put("BINARY", DataTypes.BINARY); diff --git a/src/com/serotonin/mango/vo/report/SeriesIdentifier.java b/src/com/serotonin/mango/vo/report/SeriesIdentifier.java index a624b69350..48ee55021b 100644 --- a/src/com/serotonin/mango/vo/report/SeriesIdentifier.java +++ b/src/com/serotonin/mango/vo/report/SeriesIdentifier.java @@ -1,7 +1,5 @@ package com.serotonin.mango.vo.report; -import org.scada_lts.web.security.XssProtectHtmlUtils; - import java.util.Objects; public class SeriesIdentifier implements Comparable { @@ -38,6 +36,6 @@ public int hashCode() { @Override public String toString() { - return XssProtectHtmlUtils.escape(name); + return name; } } diff --git a/src/com/serotonin/mango/web/dwr/ViewDwr.java b/src/com/serotonin/mango/web/dwr/ViewDwr.java index b27cdb3fee..3d25a2256c 100644 --- a/src/com/serotonin/mango/web/dwr/ViewDwr.java +++ b/src/com/serotonin/mango/web/dwr/ViewDwr.java @@ -104,7 +104,7 @@ import static com.serotonin.mango.web.dwr.util.AnonymousUserUtils.getRequest; import static com.serotonin.mango.web.dwr.util.AnonymousUserUtils.getResponse; import static com.serotonin.mango.web.dwr.util.AnonymousUserUtils.authenticateAnonymousUser; -import static org.scada_lts.web.security.XssProtectHtmlUtils.escape; +import static org.scada_lts.web.security.XssProtectUtils.escapeHtml; /** * This class is so not threadsafe. Do not use class fields except for the @@ -212,9 +212,9 @@ public List getViewPointData(User user, View view, boolean e if (point != null) { Map map = new HashMap(); if (imageChart) - map.put("name", escape(point.getName())); + map.put("name", escapeHtml(point.getName())); else - map.put("name", escape(getMessage(child.getDescription()))); + map.put("name", escapeHtml(getMessage(child.getDescription()))); map.put("point", point); map.put("pointValue", point.lastValue()); childData.add(map); diff --git a/src/com/serotonin/mango/web/dwr/XssDataPointBeanConverter.java b/src/com/serotonin/mango/web/dwr/XssDataPointBeanConverter.java index 6ae74e7791..19a6c90697 100644 --- a/src/com/serotonin/mango/web/dwr/XssDataPointBeanConverter.java +++ b/src/com/serotonin/mango/web/dwr/XssDataPointBeanConverter.java @@ -6,15 +6,15 @@ import org.directwebremoting.extend.OutboundContext; import org.directwebremoting.extend.OutboundVariable; -import static org.scada_lts.web.security.XssProtectHtmlUtils.escape; +import static org.scada_lts.web.security.XssProtectUtils.escapeHtml; public class XssDataPointBeanConverter extends BeanConverter { @Override public OutboundVariable convertOutbound(Object data, OutboundContext outctx) throws MarshallException { DataPointBean dataPointBean = (DataPointBean)data; - dataPointBean.setName(escape(dataPointBean.getName())); - dataPointBean.setXid(escape(dataPointBean.getXid())); + dataPointBean.setName(escapeHtml(dataPointBean.getName())); + dataPointBean.setXid(escapeHtml(dataPointBean.getXid())); return super.convertOutbound(dataPointBean, outctx); } } diff --git a/src/com/serotonin/mango/web/dwr/XssDataPointVoConverter.java b/src/com/serotonin/mango/web/dwr/XssDataPointVoConverter.java index 3ee8c3f10c..629b9e4a92 100644 --- a/src/com/serotonin/mango/web/dwr/XssDataPointVoConverter.java +++ b/src/com/serotonin/mango/web/dwr/XssDataPointVoConverter.java @@ -4,20 +4,20 @@ import org.directwebremoting.convert.BeanConverter; import org.directwebremoting.extend.*; -import static org.scada_lts.web.security.XssProtectHtmlUtils.escape; +import static org.scada_lts.web.security.XssProtectUtils.escapeHtml; public class XssDataPointVoConverter extends BeanConverter { @Override public OutboundVariable convertOutbound(Object data, OutboundContext outctx) throws MarshallException { DataPointVO dataPointVo = (DataPointVO)data; - dataPointVo.setName(escape(dataPointVo.getName())); - dataPointVo.setXid(escape(dataPointVo.getXid())); - dataPointVo.setDataSourceXid(escape(dataPointVo.getDataSourceXid())); - dataPointVo.setChartColour(escape(dataPointVo.getChartColour())); - dataPointVo.setDataSourceName(escape(dataPointVo.getDataSourceName())); - dataPointVo.setDescription(escape(dataPointVo.getDescription())); - dataPointVo.setDeviceName(escape(dataPointVo.getDeviceName())); + dataPointVo.setName(escapeHtml(dataPointVo.getName())); + dataPointVo.setXid(escapeHtml(dataPointVo.getXid())); + dataPointVo.setDataSourceXid(escapeHtml(dataPointVo.getDataSourceXid())); + dataPointVo.setChartColour(escapeHtml(dataPointVo.getChartColour())); + dataPointVo.setDataSourceName(escapeHtml(dataPointVo.getDataSourceName())); + dataPointVo.setDescription(escapeHtml(dataPointVo.getDescription())); + dataPointVo.setDeviceName(escapeHtml(dataPointVo.getDeviceName())); return super.convertOutbound(dataPointVo, outctx); } } diff --git a/src/com/serotonin/mango/web/taglib/Functions.java b/src/com/serotonin/mango/web/taglib/Functions.java index 3540031fc2..57c417b361 100644 --- a/src/com/serotonin/mango/web/taglib/Functions.java +++ b/src/com/serotonin/mango/web/taglib/Functions.java @@ -30,7 +30,7 @@ import com.serotonin.util.StringUtils; import com.serotonin.web.taglib.DateFunctions; -import static org.scada_lts.web.security.XssProtectHtmlUtils.escape; +import static org.scada_lts.web.security.XssProtectUtils.escapeHtml; public class Functions { public static String getHtmlText(DataPointVO point, PointValueTime pointValue) { @@ -81,16 +81,16 @@ private static String getHtml(String colour, String text, boolean detectOverflow if (text != null && detectOverflow && text.length() > 30) { if (StringUtils.isEmpty(colour)) - result = ""; + result = ""; else - result = ""; + result = ""; } else { if (StringUtils.isEmpty(colour)) - result = "" + escape(text) + ""; + result = "" + escapeHtml(text) + ""; else - result = "" + escape(text) + ""; + result = "" + escapeHtml(text) + ""; } return result; diff --git a/src/org/scada_lts/web/beans/validation/xss/XssValidator.java b/src/org/scada_lts/web/beans/validation/xss/XssValidator.java index 9ab196479c..fafc800b9d 100644 --- a/src/org/scada_lts/web/beans/validation/xss/XssValidator.java +++ b/src/org/scada_lts/web/beans/validation/xss/XssValidator.java @@ -2,7 +2,7 @@ import org.scada_lts.web.beans.validation.ScadaValidator; -import static org.scada_lts.web.security.XssUtils.validateHttpBody; +import static org.scada_lts.web.security.XssValidatorUtils.validateHttpBody; public class XssValidator implements ScadaValidator { diff --git a/src/org/scada_lts/web/security/XssFilter.java b/src/org/scada_lts/web/security/XssFilter.java index b150236f2f..fa56872db5 100644 --- a/src/org/scada_lts/web/security/XssFilter.java +++ b/src/org/scada_lts/web/security/XssFilter.java @@ -17,7 +17,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse throws ServletException, IOException { String queryString = request.getQueryString(); - if (queryString != null && !XssUtils.validateHttpQuery(queryString)) { + if (queryString != null && !XssValidatorUtils.validateHttpQuery(queryString)) { LOG.warn("Potential XSS detected in request. Request URI: {}, Query: {}", request.getRequestURI(), queryString); diff --git a/src/org/scada_lts/web/security/XssProtectCssStyleSerializer.java b/src/org/scada_lts/web/security/XssProtectCssStyleSerializer.java index a9499794a2..5e2f4904e3 100644 --- a/src/org/scada_lts/web/security/XssProtectCssStyleSerializer.java +++ b/src/org/scada_lts/web/security/XssProtectCssStyleSerializer.java @@ -16,7 +16,7 @@ public XssProtectCssStyleSerializer() { @Override public void serialize(CssStyle value, JsonGenerator jgen, SerializerProvider provider) throws IOException { - String content = XssProtectHtmlUtils.escape(value.getContent()); + String content = XssProtectUtils.escapeHtml(value.getContent()); jgen.writeStartObject(); jgen.writeStringField("content", content); jgen.writeEndObject(); diff --git a/src/org/scada_lts/web/security/XssProtectStringSerializer.java b/src/org/scada_lts/web/security/XssProtectStringSerializer.java index 147403077b..04ac03caf1 100644 --- a/src/org/scada_lts/web/security/XssProtectStringSerializer.java +++ b/src/org/scada_lts/web/security/XssProtectStringSerializer.java @@ -14,7 +14,7 @@ public XssProtectStringSerializer() { @Override public void serialize(String value, JsonGenerator jgen, SerializerProvider provider) throws IOException { - String content = XssProtectHtmlUtils.escape(value); + String content = XssProtectUtils.escapeHtml(value); jgen.writeString(content); } } \ No newline at end of file diff --git a/src/org/scada_lts/web/security/XssProtectHtmlUtils.java b/src/org/scada_lts/web/security/XssProtectUtils.java similarity index 87% rename from src/org/scada_lts/web/security/XssProtectHtmlUtils.java rename to src/org/scada_lts/web/security/XssProtectUtils.java index fcc86f42ae..de9e5e9544 100644 --- a/src/org/scada_lts/web/security/XssProtectHtmlUtils.java +++ b/src/org/scada_lts/web/security/XssProtectUtils.java @@ -2,11 +2,11 @@ import org.springframework.web.util.HtmlUtils; -public final class XssProtectHtmlUtils { +public final class XssProtectUtils { - private XssProtectHtmlUtils() {} + public XssProtectUtils() {} - public static String escape(String value) { + public static String escapeHtml(String value) { if(value == null) return ""; String content = HtmlUtils.htmlEscape(value); diff --git a/src/org/scada_lts/web/security/XssUtils.java b/src/org/scada_lts/web/security/XssValidatorUtils.java similarity index 97% rename from src/org/scada_lts/web/security/XssUtils.java rename to src/org/scada_lts/web/security/XssValidatorUtils.java index 8ef414e3ee..16654e6a86 100644 --- a/src/org/scada_lts/web/security/XssUtils.java +++ b/src/org/scada_lts/web/security/XssValidatorUtils.java @@ -6,9 +6,9 @@ import java.util.function.Predicate; import java.util.regex.Pattern; -public final class XssUtils { +public final class XssValidatorUtils { - private XssUtils() {} + private XssValidatorUtils() {} private static final Pattern SECURITY_HTTP_ACCESS_DENIED_QUERY_REGEX = init(SystemSettingsUtils.getSecurityHttpQueryAccessDeniedRegex()); private static final Pattern SECURITY_HTTP_ACCESS_GRANTED_QUERY_REGEX = init(SystemSettingsUtils.getSecurityHttpQueryAccessGrantedRegex()); diff --git a/test/org/scada_lts/web/security/BodyXssUtilsTest.java b/test/org/scada_lts/web/security/BodyXssValidatorUtilsTest.java similarity index 97% rename from test/org/scada_lts/web/security/BodyXssUtilsTest.java rename to test/org/scada_lts/web/security/BodyXssValidatorUtilsTest.java index fc9b960b72..c4852dfd5d 100644 --- a/test/org/scada_lts/web/security/BodyXssUtilsTest.java +++ b/test/org/scada_lts/web/security/BodyXssValidatorUtilsTest.java @@ -11,12 +11,12 @@ import static org.junit.Assert.assertEquals; @RunWith(Parameterized.class) -public class BodyXssUtilsTest { +public class BodyXssValidatorUtilsTest { private final String input; private final boolean expectedResult; - public BodyXssUtilsTest(String input, boolean expectedResult) { + public BodyXssValidatorUtilsTest(String input, boolean expectedResult) { this.input = input; this.expectedResult = expectedResult; } @@ -152,7 +152,7 @@ public static Collection data() { public void testValidate() { //when: - boolean result = XssUtils.validateHttpBody(input); + boolean result = XssValidatorUtils.validateHttpBody(input); //then: assertEquals("Validation Body failed for input: " + input, expectedResult, result); diff --git a/test/org/scada_lts/web/security/XssProtectHtmlUtilsTest.java b/test/org/scada_lts/web/security/XssProtectUtilsTest.java similarity index 91% rename from test/org/scada_lts/web/security/XssProtectHtmlUtilsTest.java rename to test/org/scada_lts/web/security/XssProtectUtilsTest.java index ec881735fe..217aecc30e 100644 --- a/test/org/scada_lts/web/security/XssProtectHtmlUtilsTest.java +++ b/test/org/scada_lts/web/security/XssProtectUtilsTest.java @@ -10,7 +10,7 @@ @RunWith(Parameterized.class) -public class XssProtectHtmlUtilsTest { +public class XssProtectUtilsTest { @Parameterized.Parameters(name = "{index}: content: {0}, expected: {1}") public static List data() { @@ -45,16 +45,16 @@ public static List data() { private final String content; private final String expected; - public XssProtectHtmlUtilsTest(String content, String expected) { + public XssProtectUtilsTest(String content, String expected) { this.content = content; this.expected = expected; } @Test - public void escape() { + public void escapeHtml() { //when - String result = XssProtectHtmlUtils.escape(content); + String result = XssProtectUtils.escapeHtml(content); //then: Assert.assertEquals(expected, result); diff --git a/test/org/scada_lts/web/security/XssUtilsTest.java b/test/org/scada_lts/web/security/XssValidatorUtilsTest.java similarity index 97% rename from test/org/scada_lts/web/security/XssUtilsTest.java rename to test/org/scada_lts/web/security/XssValidatorUtilsTest.java index c0114900a0..93b2eb2703 100644 --- a/test/org/scada_lts/web/security/XssUtilsTest.java +++ b/test/org/scada_lts/web/security/XssValidatorUtilsTest.java @@ -11,12 +11,12 @@ import java.util.Collection; @RunWith(Parameterized.class) -public class XssUtilsTest { +public class XssValidatorUtilsTest { private final String input; private final boolean expectedResult; - public XssUtilsTest(String input, boolean expectedResult) { + public XssValidatorUtilsTest(String input, boolean expectedResult) { this.input = input; this.expectedResult = expectedResult; } @@ -152,7 +152,7 @@ public static Collection data() { public void testValidate() { //when: - boolean result = XssUtils.validateHttpQuery(input); + boolean result = XssValidatorUtils.validateHttpQuery(input); //then: assertEquals("Validation failed for input: " + input, expectedResult, result); diff --git a/test/org/scada_lts/web/security/XssUtilsTestsSuite.java b/test/org/scada_lts/web/security/XssValidatorUtilsTestsSuite.java similarity index 55% rename from test/org/scada_lts/web/security/XssUtilsTestsSuite.java rename to test/org/scada_lts/web/security/XssValidatorUtilsTestsSuite.java index aba3d12ed0..126ae625c6 100644 --- a/test/org/scada_lts/web/security/XssUtilsTestsSuite.java +++ b/test/org/scada_lts/web/security/XssValidatorUtilsTestsSuite.java @@ -5,8 +5,8 @@ @RunWith(Suite.class) @Suite.SuiteClasses({ - XssUtilsTest.class, - BodyXssUtilsTest.class + XssValidatorUtilsTest.class, + BodyXssValidatorUtilsTest.class }) -public class XssUtilsTestsSuite { +public class XssValidatorUtilsTestsSuite { } \ No newline at end of file