001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.http; 019 020import static org.junit.jupiter.api.Assertions.assertArrayEquals; 021import static org.junit.jupiter.api.Assertions.assertEquals; 022import static org.junit.jupiter.api.Assertions.assertFalse; 023import static org.junit.jupiter.api.Assertions.assertNull; 024import static org.junit.jupiter.api.Assertions.assertTrue; 025 026import javax.servlet.http.HttpServletRequest; 027import org.apache.hadoop.hbase.testclassification.MiscTests; 028import org.apache.hadoop.hbase.testclassification.SmallTests; 029import org.junit.jupiter.api.Tag; 030import org.junit.jupiter.api.Test; 031import org.mockito.Mockito; 032 033@Tag(MiscTests.TAG) 034@Tag(SmallTests.TAG) 035public class TestHtmlQuoting { 036 037 @Test 038 public void testNeedsQuoting() throws Exception { 039 assertTrue(HtmlQuoting.needsQuoting("abcde>")); 040 assertTrue(HtmlQuoting.needsQuoting("<abcde")); 041 assertTrue(HtmlQuoting.needsQuoting("abc'de")); 042 assertTrue(HtmlQuoting.needsQuoting("abcde\"")); 043 assertTrue(HtmlQuoting.needsQuoting("&")); 044 assertFalse(HtmlQuoting.needsQuoting("")); 045 assertFalse(HtmlQuoting.needsQuoting("ab\ncdef")); 046 assertFalse(HtmlQuoting.needsQuoting(null)); 047 } 048 049 @Test 050 public void testQuoting() throws Exception { 051 assertEquals("ab<cd", HtmlQuoting.quoteHtmlChars("ab<cd")); 052 assertEquals("ab>", HtmlQuoting.quoteHtmlChars("ab>")); 053 assertEquals("&&&", HtmlQuoting.quoteHtmlChars("&&&")); 054 assertEquals(" '\n", HtmlQuoting.quoteHtmlChars(" '\n")); 055 assertEquals(""", HtmlQuoting.quoteHtmlChars("\"")); 056 assertEquals(null, HtmlQuoting.quoteHtmlChars(null)); 057 } 058 059 private void runRoundTrip(String str) throws Exception { 060 assertEquals(str, HtmlQuoting.unquoteHtmlChars(HtmlQuoting.quoteHtmlChars(str))); 061 } 062 063 @Test 064 public void testRoundtrip() throws Exception { 065 runRoundTrip(""); 066 runRoundTrip("<>&'\""); 067 runRoundTrip("ab>cd<ef&ghi'\""); 068 runRoundTrip("A string\n with no quotable chars in it!"); 069 runRoundTrip(null); 070 StringBuilder buffer = new StringBuilder(); 071 for (char ch = 0; ch < 127; ++ch) { 072 buffer.append(ch); 073 } 074 runRoundTrip(buffer.toString()); 075 } 076 077 @Test 078 public void testRequestQuoting() throws Exception { 079 HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class); 080 HttpServer.QuotingInputFilter.RequestQuoter quoter = 081 new HttpServer.QuotingInputFilter.RequestQuoter(mockReq); 082 083 Mockito.doReturn("a<b").when(mockReq).getParameter("x"); 084 assertEquals("a<b", quoter.getParameter("x"), "Test simple param quoting"); 085 086 Mockito.doReturn(null).when(mockReq).getParameter("x"); 087 assertEquals(null, quoter.getParameter("x"), "Test that missing parameters dont cause NPE"); 088 089 Mockito.doReturn(new String[] { "a<b", "b" }).when(mockReq).getParameterValues("x"); 090 assertArrayEquals(new String[] { "a<b", "b" }, quoter.getParameterValues("x"), 091 "Test escaping of an array"); 092 093 Mockito.doReturn(null).when(mockReq).getParameterValues("x"); 094 assertNull(quoter.getParameterValues("x"), 095 "Test that missing parameters dont cause NPE for array"); 096 } 097}