Examples with ServletTester org.eclipse.jetty.servlet.ServletTester used on opensource projects

Example 6 with ServletTester

use of org.eclipse.jetty.servlet.ServletTester in project jetty.project by eclipse.

the class MultipartFilterTest method setUp.

@Before
public void setUp() throws Exception {
    _dir = File.createTempFile("testmultupart", null);
    assertTrue(_dir.delete());
    assertTrue(_dir.mkdir());
    _dir.deleteOnExit();
    assertTrue(_dir.isDirectory());
    tester = new ServletTester("/context");
    tester.getContext().setResourceBase(_dir.getCanonicalPath());
    tester.getContext().addServlet(TestServlet.class, "/");
    tester.getContext().setAttribute("javax.servlet.context.tempdir", _dir);
    multipartFilter = tester.getContext().addFilter(MultiPartFilter.class, "/*", EnumSet.of(DispatcherType.REQUEST));
    multipartFilter.setInitParameter("deleteFiles", "true");
    //write a file if  there's more than 1 byte content
    multipartFilter.setInitParameter("fileOutputBuffer", "1");
    tester.start();
}

Example 7 with ServletTester

use of org.eclipse.jetty.servlet.ServletTester in project jetty.project by eclipse.

the class DispatchServletTest method testSelfRefDeep.

@Test
public void testSelfRefDeep() throws Exception {
    ServletTester tester = new ServletTester();
    tester.setContextPath("/tests");
    tester.addServlet(DispatchServlet.class, "/dispatch/*");
    tester.addServlet(DefaultServlet.class, "/");
    tester.start();
    String[] selfRefs = { "/dispatch/forward", "/dispatch/includeS", "/dispatch/includeW", "/dispatch/includeN" };
    /*
         * Number of nested dispatch requests. 220 is a good value, as it won't
         * trigger an Error 413 response (Entity too large). Anything larger
         * than 220 will trigger a 413 response.
         */
    int nestedDepth = 220;
    for (String selfRef : selfRefs) {
        StringBuilder req1 = new StringBuilder();
        req1.append("GET /tests");
        for (int i = 0; i < nestedDepth; i++) {
            req1.append(selfRef);
        }
        req1.append("/ HTTP/1.1\n");
        req1.append("Host: tester\n");
        req1.append("Connection: close\n");
        req1.append("\n");
        String response = tester.getResponses(req1.toString());
        StringBuilder msg = new StringBuilder();
        msg.append("Response code on nested \"").append(selfRef).append("\"");
        msg.append(" (depth:").append(nestedDepth).append(")");
        assertFalse(msg + " should not be code 413 (Request Entity Too Large)," + "the nestedDepth in the TestCase is too large (reduce it)", response.startsWith("HTTP/1.1 413 "));
        assertFalse(msg + " should not be code 500.", response.startsWith("HTTP/1.1 500 "));
        assertThat(response, Matchers.startsWith("HTTP/1.1 403 "));
    }
}

Example 8 with ServletTester

use of org.eclipse.jetty.servlet.ServletTester in project jetty.project by eclipse.

the class DispatchServletTest method testSelfRefForwardDenialOfService.

/**
     * As filed in JETTY-978.
     *
     * Security problems in demo dispatch servlet.
     *
     * <blockquote>
     * <p>
     * The dispatcher servlet (com.acme.DispatchServlet) is prone to a Denial of
     * Service vulnerability.
     * </p>
     * <p>
     * This example servlet is meant to be used as a resources dispatcher,
     * however a malicious aggressor may abuse this functionality in order to
     * cause a recursive inclusion. In details, it is possible to abuse the
     * method com.acme.DispatchServlet.doGet(DispatchServlet.java:203) forcing
     * the application to recursively include the "Dispatch" servlet.
     * </p>
     * <p>
     * Dispatch com.acme.DispatchServlet 1 Dispatch /dispatch/* As a result, it
     * is possible to trigger a "java.lang.StackOverflowError" and consequently
     * an internal server error (500).
     * </p>
     * <p>
     * Multiple requests may easily affect the availability of the servlet
     * container. Since this attack can cause the server to consume resources in
     * a non-linear relationship to the size of inputs, it should be considered
     * as a server flaw.
     * </p>
     * <p>
     * The vulnerability seems confined to the example servlet and it does not
     * afflict the Jetty's core."
     * </p>
     * </blockquote>
     *
     * @throws Exception
     */
@Test
public void testSelfRefForwardDenialOfService() throws Exception {
    ServletTester tester = new ServletTester();
    tester.setContextPath("/tests");
    ServletHolder dispatch = tester.addServlet(DispatchServlet.class, "/dispatch/*");
    tester.addServlet(DefaultServlet.class, "/");
    tester.start();
    StringBuilder req1 = new StringBuilder();
    req1.append("GET /tests/dispatch/includeN/").append(dispatch.getName()).append(" HTTP/1.1\n");
    req1.append("Host: tester\n");
    req1.append("Connection: close\n");
    req1.append("\n");
    String response = tester.getResponses(req1.toString());
    String msg = "Response code on SelfRefDoS";
    assertFalse(msg + " should not be code 500.", response.startsWith("HTTP/1.1 500 "));
    assertTrue(msg + " should return error code 403 (Forbidden)", response.startsWith("HTTP/1.1 403 "));
}

Example 9 with ServletTester

use of org.eclipse.jetty.servlet.ServletTester in project jetty.project by eclipse.

the class QoSFilterTest method setUp.

@Before
public void setUp() throws Exception {
    _tester = new ServletTester();
    _tester.setContextPath("/context");
    _tester.addServlet(TestServlet.class, "/test");
    TestServlet.__maxSleepers = 0;
    TestServlet.__sleepers = 0;
    _connectors = new LocalConnector[NUM_CONNECTIONS];
    for (int i = 0; i < _connectors.length; ++i) _connectors[i] = _tester.createLocalConnector();
    _tester.start();
}