blob: 25e02fb498fbf6bd1ed805cad26c1028d560d005 [file] [log] [blame]
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
package org.apache.ofbiz.base.util.test;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.ofbiz.base.test.GenericTestCaseBase;
import org.apache.ofbiz.base.util.UtilCodec;
public class UtilCodecTests extends GenericTestCaseBase {
public UtilCodecTests(String name) {
private static void encoderTest(String label, UtilCodec.SimpleEncoder encoder, String wanted, String toEncode) {
assertNull(label + "(encoder):null", encoder.encode(null));
assertEquals(label + "(encoder):encode", wanted, encoder.encode(toEncode));
public void testGetEncoder() {
encoderTest("string", UtilCodec.getEncoder("string"), "abc\\\"def", "abc\"def");
encoderTest("xml", UtilCodec.getEncoder("xml"), "&#x3c;&#x3e;&#x27;&#x22;", "<>'\"");
encoderTest("html", UtilCodec.getEncoder("html"), "&lt;&gt;&#x27;&quot;", "<>'\"");
assertNull("invalid encoder", UtilCodec.getEncoder("foobar"));
private static void checkStringForHtmlStrictNone_test(String label, String fixed, String input, String... wantedMessages) {
List<String> gottenMessages = new ArrayList<String>();
assertEquals(label, fixed, UtilCodec.checkStringForHtmlStrictNone(label, input, gottenMessages));
assertEquals(label, Arrays.asList(wantedMessages), gottenMessages);
public void testCheckStringForHtmlStrictNone() {
checkStringForHtmlStrictNone_test("null pass-thru", null, null);
checkStringForHtmlStrictNone_test("empty pass-thru", "", "");
checkStringForHtmlStrictNone_test("o-numeric-encode", "foo", "f&#111;o");
checkStringForHtmlStrictNone_test("o-hex-encode", "foo", "f%6fo");
// jacopoc: temporarily commented because this test is failing after the upgrade of owasp-esapi (still investigating)
//checkStringForHtmlStrictNone_test("o-double-hex-encode", "foo", "f%256fo");
checkStringForHtmlStrictNone_test("<-not-allowed", "f<oo", "f<oo", "In field [<-not-allowed] less-than (<) and greater-than (>) symbols are not allowed.");
checkStringForHtmlStrictNone_test(">-not-allowed", "f>oo", "f>oo", "In field [>-not-allowed] less-than (<) and greater-than (>) symbols are not allowed.");
// jleroux: temporarily comments because this test is failing on BuildBot (only) when switching to Gradle
//checkStringForHtmlStrictNone_test("high-ascii", "fÀ®", "f%C0%AE");
// this looks like a bug, namely the extra trailing ;
// jacopoc: temporarily commented because this test is failing after the upgrade of owasp-esapi (still investigating)
//checkStringForHtmlStrictNone_test("double-ampersand", "f\";oo", "f%26quot%3boo");
checkStringForHtmlStrictNone_test("double-encoding", "%2%353Cscript", "%2%353Cscript", "In field [double-encoding] found character escaping (mixed or double) that is not allowed or other format consistency error: org.apache.ofbiz.base.util.UtilCodec$IntrusionException: Input validation failure");