unit tests coverage

Coverage report

%line %branch

org.apache.jetspeed.engine.servlet.XXSUrlAttackFilter
0%

0%

1
/*

2
* Licensed to the Apache Software Foundation (ASF) under one or more

3
* contributor license agreements. See the NOTICE file distributed with

4
* this work for additional information regarding copyright ownership.

5
* The ASF licenses this file to You under the Apache License, Version 2.0

6
* (the "License"); you may not use this file except in compliance with

7
* the License. You may obtain a copy of the License at

8
*

9
* http://www.apache.org/licenses/LICENSE-2.0

10
*

11
* Unless required by applicable law or agreed to in writing, software

12
* distributed under the License is distributed on an "AS IS"

13
* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

14
* See the License for the specific language governing permissions and

15
* limitations under the License.

16
*/

17
package org.apache.jetspeed.engine.servlet;

18

19
import java.io.IOException;

20

21
import javax.servlet.Filter;

22
import javax.servlet.FilterChain;

23
import javax.servlet.FilterConfig;

24
import javax.servlet.ServletException;

25
import javax.servlet.ServletRequest;

26
import javax.servlet.ServletResponse;

27
import javax.servlet.http.HttpServletRequest;

28
import javax.servlet.http.HttpServletResponse;

29

30
/**

31
* Simple XXS Url attack protection blocking access whenever the request url contains a < or > character.

32
* @version $Id: XXSUrlAttackFilter.java 516448 2007-03-09 16:25:47Z ate $

33
*

34
*/

35 0
public class XXSUrlAttackFilter implements Filter

36
{

37
public void init(FilterConfig config) throws ServletException

38
{

39 0
}

40

41
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,

42
ServletException

43
{

44 0
if (request instanceof HttpServletRequest)

45
{

46 0
HttpServletRequest hreq = (HttpServletRequest) request;

47 0
if (isInvalid(hreq.getQueryString()) || isInvalid(hreq.getRequestURI()))

48
{

49 0
((HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST);

50
}

51
}

52 0
chain.doFilter(request, response);

53 0
}

54

55
private boolean isInvalid(String value)

56
{

57 0
return (value != null && (value.indexOf('<') != -1 || value.indexOf('>') != -1 || value.indexOf("%3e") != -1

58
|| value.indexOf("%3c") != -1 || value.indexOf("%3E") != -1 || value.indexOf("%3E") != -1));

59
}

60

61
public void destroy()

62
{

63 0
}

64
}

This report is generated by jcoverage, Maven and Maven JCoverage Plugin.

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one or more
3		* contributor license agreements. See the NOTICE file distributed with
4		* this work for additional information regarding copyright ownership.
5		* The ASF licenses this file to You under the Apache License, Version 2.0
6		* (the "License"); you may not use this file except in compliance with
7		* the License. You may obtain a copy of the License at
8		*
9		* http://www.apache.org/licenses/LICENSE-2.0
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS"
13		* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		package org.apache.jetspeed.engine.servlet;
18
19		import java.io.IOException;
20
21		import javax.servlet.Filter;
22		import javax.servlet.FilterChain;
23		import javax.servlet.FilterConfig;
24		import javax.servlet.ServletException;
25		import javax.servlet.ServletRequest;
26		import javax.servlet.ServletResponse;
27		import javax.servlet.http.HttpServletRequest;
28		import javax.servlet.http.HttpServletResponse;
29
30		/**
31		* Simple XXS Url attack protection blocking access whenever the request url contains a < or > character.
32		* @version $Id: XXSUrlAttackFilter.java 516448 2007-03-09 16:25:47Z ate $
33		*
34		*/
35	0	public class XXSUrlAttackFilter implements Filter
36		{
37		public void init(FilterConfig config) throws ServletException
38		{
39	0	}
40
41		public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
42		ServletException
43		{
44	0	if (request instanceof HttpServletRequest)
45		{
46	0	HttpServletRequest hreq = (HttpServletRequest) request;
47	0	if (isInvalid(hreq.getQueryString()) \|\| isInvalid(hreq.getRequestURI()))
48		{
49	0	((HttpServletResponse) response).sendError(HttpServletResponse.SC_BAD_REQUEST);
50		}
51		}
52	0	chain.doFilter(request, response);
53	0	}
54
55		private boolean isInvalid(String value)
56		{
57	0	return (value != null && (value.indexOf('<') != -1 \|\| value.indexOf('>') != -1 \|\| value.indexOf("%3e") != -1
58		\|\| value.indexOf("%3c") != -1 \|\| value.indexOf("%3E") != -1 \|\| value.indexOf("%3E") != -1));
59		}
60
61		public void destroy()
62		{
63	0	}
64		}