blob: a143d2e1a1da100192b701481e0ad0f6e2fd72c2 [file] [log] [blame]
/*
* Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* This Source Code may also be made available under the following Secondary
* Licenses when the conditions for such availability set forth in the
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
* version 2 with the GNU Classpath Exception, which is available at
* https://www.gnu.org/software/classpath/license.html.
*
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
*/
import java.io.*;
import java.net.*;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import com.sun.ejte.ccl.reporter.*;
/**
* Unit test for:
*
* ("XSS for HttpServletResponse.sendError()")
*
*/
public class WebTest {
private static SimpleReporterAdapter stat
= new SimpleReporterAdapter("appserv-tests");
private static final String TEST_NAME
= "http-response-error-message";
private static final Pattern PATTERN = Pattern.compile("http/\\d\\.\\d 403 .*Hi, there.*", Pattern.CASE_INSENSITIVE);
private String host;
private String port;
private String contextRoot;
private Socket sock = null;
public WebTest(String[] args) {
host = args[0];
port = args[1];
contextRoot = args[2];
}
public static void main(String[] args) {
stat.addDescription("Unit test for XSS HttpServletResponse.sendError");
WebTest webTest = new WebTest(args);
webTest.doTest();
stat.printSummary(TEST_NAME);
}
public void doTest() {
try {
invoke();
} catch (Exception ex) {
stat.addStatus(TEST_NAME, stat.FAIL);
ex.printStackTrace();
} finally {
try {
if (sock != null) {
sock.close();
}
} catch (IOException ioe) {
// ignore
}
}
}
private void invoke() throws Exception {
System.out.println("Host=" + host + ", port=" + port);
sock = new Socket(host, new Integer(port).intValue());
OutputStream os = sock.getOutputStream();
String get = "GET " + contextRoot + "/index.jsp HTTP/1.1\n";
System.out.println(get);
os.write(get.getBytes());
os.write("Host: localhost\n".getBytes());
os.write("Connection: close\n".getBytes());
os.write("\n".getBytes());
InputStream is = null;
BufferedReader bis = null;
boolean isExpected = false;
try {
is = sock.getInputStream();
bis = new BufferedReader(new InputStreamReader(is));
String line = null;
while ((line = bis.readLine()) != null) {
System.out.println(line);
Matcher m = PATTERN.matcher(line);
if (m.matches()) {
isExpected = true;
break;
}
}
} finally {
try {
if (is != null) {
is.close();
}
} catch (IOException ioe) {
// ignore
}
try {
if (bis != null) {
bis.close();
}
} catch (IOException ioe) {
// ignore
}
}
if (isExpected) {
stat.addStatus(TEST_NAME, stat.PASS);
} else {
stat.addStatus(TEST_NAME, stat.FAIL);
System.err.println("Missing expected response: " + PATTERN.toString());
}
}
}