Examples with ATTest - org.jboss.eap.additional.testsuite.annotations.ATTest

Example 1 with ATTest

use of org.jboss.eap.additional.testsuite.annotations.ATTest in project eap-additional-testsuite by jboss-set.

the class JaxbProviderDeserializationSecurityCheckTestCase method testOpenjpaService.

@ATTest({ "modules/testcases/jdkAll/Wildfly/jaxrs/src/main/java#16.0.0.Beta1", "modules/testcases/jdkAll/WildflyRelease-17.0.0.Final/jaxrs/src/main/java", "modules/testcases/jdkAll/Eap72x/jaxrs/src/main/java#7.2.1", "modules/testcases/jdkAll/Eap72x-Proposed/jaxrs/src/main/java#7.2.1", "modules/testcases/jdkAll/Eap71x/jaxrs/src/main/java#7.1.6", "modules/testcases/jdkAll/Eap71x-Proposed/jaxrs/src/main/java#7.1.6" })
@Test
public void testOpenjpaService() throws Exception {
    String result = performCall("rest/jaxb/openjpa");
    try {
        JNDIManagedRuntime jaxbModel = new ObjectMapper().configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false).readValue(result, JNDIManagedRuntime.class);
        Assert.fail("Should prevente json deserialization because of security reasons.");
    } catch (JsonMappingException e) {
        Assert.assertTrue("Should prevente json deserialization because of security reasons.", e.getMessage().contains("Illegal type"));
    }
}

Also used : JNDIManagedRuntime(org.apache.openjpa.ee.JNDIManagedRuntime) JsonMappingException(com.fasterxml.jackson.databind.JsonMappingException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) ATTest(org.jboss.eap.additional.testsuite.annotations.ATTest) Test(org.junit.Test) ATTest(org.jboss.eap.additional.testsuite.annotations.ATTest)

Example 2 with ATTest

use of org.jboss.eap.additional.testsuite.annotations.ATTest in project eap-additional-testsuite by jboss-set.

the class SecurityDeserializationTestCase method testSecuirtyDatabind3.

@ATTest({ "modules/testcases/jdkAll/Wildfly/security/src/main/java", "modules/testcases/jdkAll/WildflyRelease-17.0.0.Final/security/src/main/java", "modules/testcases/jdkAll/Eap72x/security/src/main/java", "modules/testcases/jdkAll/Eap72x-Proposed/security/src/main/java", "modules/testcases/jdkAll/Eap7/security/src/main/java", "modules/testcases/jdkAll/Eap72x-Proposed/security/src/main/java", "modules/testcases/jdkAll/Eap72x/security/src/main/java", "modules/testcases/jdkAll/Eap71x-Proposed/security/src/main/java", "modules/testcases/jdkAll/Eap71x/security/src/main/java" })
@Test
public void testSecuirtyDatabind3() throws Exception {
    final String JSON = aposToQuotes("{'v':['java.rmi.server.UnicastRemoteObject','/tmp/foobar.txt']}");
    ObjectMapper mapper = new ObjectMapper();
    mapper.enableDefaultTyping();
    try {
        PolyWrapper sc = mapper.readValue(JSON, PolyWrapper.class);
        fail("Should not be able to deserialize because of security prevention.");
    } catch (JsonMappingException e) {
        assertTrue("Fail because of security issues...", e.getMessage().contains("prevented for security reasons"));
    }
}

Also used : JsonMappingException(com.fasterxml.jackson.databind.JsonMappingException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) ATTest(org.jboss.eap.additional.testsuite.annotations.ATTest) Test(org.junit.Test) ATTest(org.jboss.eap.additional.testsuite.annotations.ATTest)

Example 3 with ATTest

use of org.jboss.eap.additional.testsuite.annotations.ATTest in project eap-additional-testsuite by jboss-set.

the class SecurityDeserializationTestCase method testSecuirtyDatabind7.

@ATTest({ "modules/testcases/jdkAll/Wildfly/security/src/main/java#16.0.0.Beta1", "modules/testcases/jdkAll/WildflyRelease-17.0.0.Final/security/src/main/java", "modules/testcases/jdkAll/Eap71x-Proposed/security/src/main/java#7.1.6", "modules/testcases/jdkAll/Eap71x/security/src/main/java#7.1.6", "modules/testcases/jdkAll/Eap72x-Proposed/security/src/main/java#7.2.1", "modules/testcases/jdkAll/Eap72x/security/src/main/java#7.2.1" })
@Test
public void testSecuirtyDatabind7() throws Exception {
    final String JSON = aposToQuotes("{'v':['org.apache.axis2.transport.jms.JMSOutTransportInfo','/tmp/foobar.txt']}");
    ObjectMapper mapper = new ObjectMapper();
    mapper.enableDefaultTyping();
    try {
        PolyWrapper sc = mapper.readValue(JSON, PolyWrapper.class);
        fail("Should not be able to deserialize because of security prevention.");
    } catch (JsonMappingException e) {
        assertTrue("Fail because of security issues...", e.getMessage().contains("prevented for security reasons"));
    }
}

Example 4 with ATTest

use of org.jboss.eap.additional.testsuite.annotations.ATTest in project eap-additional-testsuite by jboss-set.

the class SecurityDeserializationTestCase method testSecuirtyDatabind13.

@ATTest({ "modules/testcases/jdkAll/Wildfly/security/src/main/java#19.0.0.Beta1", "modules/testcases/jdkAll/Eap72x-Proposed/security/src/main/java#7.2.6", "modules/testcases/jdkAll/Eap72x/security/src/main/java#7.2.6", "modules/testcases/jdkAll/Eap7/security/src/main/java#7.3.0.GA" })
public void testSecuirtyDatabind13() throws Exception {
    final String JSON = aposToQuotes("{'v':['com.zaxxer.hikari.HikariDataSource']}");
    ObjectMapper mapper = new ObjectMapper();
    mapper.enableDefaultTyping();
    try {
        PolyWrapper sc = mapper.readValue(JSON, PolyWrapper.class);
        fail("Should not be able to deserialize because of security prevention.");
    } catch (JsonMappingException e) {
        assertTrue("Fail because of security issues...", e.getMessage().contains("prevented for security reasons"));
    }
}

Example 5 with ATTest

use of org.jboss.eap.additional.testsuite.annotations.ATTest in project eap-additional-testsuite by jboss-set.

the class SecurityDeserializationTestCase method testSecuirtyDatabind9.

@ATTest({ "modules/testcases/jdkAll/Wildfly/security/src/main/java#17.0.0.Final", "modules/testcases/jdkAll/Eap72x-Proposed/security/src/main/java#7.2.4", "modules/testcases/jdkAll/Eap72x/security/src/main/java#7.2.4", "modules/testcases/jdkAll/Eap7/security/src/main/java#7.3.0.CD17" })
public void testSecuirtyDatabind9() throws Exception {
    final String JSON = aposToQuotes("{'v':['com.mysql.cj.jdbc.admin.MiniAdmin']}");
    ObjectMapper mapper = new ObjectMapper();
    mapper.enableDefaultTyping();
    try {
        PolyWrapper sc = mapper.readValue(JSON, PolyWrapper.class);
        fail("Should not be able to deserialize because of security prevention.");
    } catch (JsonMappingException e) {
        assertTrue("Fail because of security issues...", e.getMessage().contains("prevented for security reasons"));
    }
}

Aggregations

ATTest (org.jboss.eap.additional.testsuite.annotations.ATTest)33 JsonMappingException (com.fasterxml.jackson.databind.JsonMappingException)23 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)23 Test (org.junit.Test)14 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)6 URI (java.net.URI)4 URL (java.net.URL)2 Calendar (java.util.Calendar)2 GregorianCalendar (java.util.GregorianCalendar)2 ScheduleExpression (javax.ejb.ScheduleExpression)2 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)2 HttpGet (org.apache.http.client.methods.HttpGet)2 CalendarBasedTimeout (org.jboss.as.ejb3.timerservice.schedule.CalendarBasedTimeout)2 ComboPooledDataSource (com.mchange.v2.c3p0.jacksonTest.ComboPooledDataSource)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 Date (java.util.Date)1 LinkedList (java.util.LinkedList)1 ActiveMQException (org.apache.activemq.artemis.api.core.ActiveMQException)1 ClientSession (org.apache.activemq.artemis.api.core.client.ClientSession)1