Example 31 with Analyzer
use of org.wso2.carbon.apimgt.core.api.Analyzer in project carbon-apimgt by wso2.
the class JSONAnalyzerTestCase method testJsonDepthAnalyzePass.
@Test
public void testJsonDepthAnalyzePass() throws Exception {
JSONConfig config = Mockito.mock(JSONConfig.class);
Mockito.when(config.getMaxJsonDepth()).thenReturn(4);
JSONAnalyzer analyzer = new JSONAnalyzer();
analyzer.configure(config);
String jsonString = "{\"a\": {\"b\": {\"c\": {\"d\": 1}}}}";
analyzer.analyze(jsonString, "/foo");
}
Also used :
JSONAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.JSONAnalyzer)
JSONConfig(org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig)
Test(org.testng.annotations.Test)
Example 32 with Analyzer
use of org.wso2.carbon.apimgt.core.api.Analyzer in project carbon-apimgt by wso2.
the class JSONAnalyzerTestCase method testJsonDepthAnalyzeFail.
@Test(expectedExceptions = APIMThreatAnalyzerException.class)
public void testJsonDepthAnalyzeFail() throws Exception {
JSONConfig config = Mockito.mock(JSONConfig.class);
Mockito.when(config.getMaxJsonDepth()).thenReturn(3);
JSONAnalyzer analyzer = new JSONAnalyzer();
analyzer.configure(config);
String jsonString = "{\"a\": {\"b\": {\"c\": {\"d\": 1}}}}";
analyzer.analyze(jsonString, "/foo");
}
Also used :
JSONAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.JSONAnalyzer)
JSONConfig(org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig)
Test(org.testng.annotations.Test)
Example 33 with Analyzer
use of org.wso2.carbon.apimgt.core.api.Analyzer in project carbon-apimgt by wso2.
the class JSONAnalyzerTestCase method testCheckMaxStringLengthPass.
@Test
public void testCheckMaxStringLengthPass() throws Exception {
JSONConfig config = Mockito.mock(JSONConfig.class);
Mockito.when(config.getMaxStringLength()).thenReturn(10);
JSONAnalyzer analyzer = new JSONAnalyzer();
analyzer.configure(config);
String jsonString = "{\"a\": \"abcdef1234\"}";
analyzer.analyze(jsonString, "/foo");
}
Also used :
JSONAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.JSONAnalyzer)
JSONConfig(org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig)
Test(org.testng.annotations.Test)
Example 34 with Analyzer
use of org.wso2.carbon.apimgt.core.api.Analyzer in project carbon-apimgt by wso2.
the class JSONAnalyzerTestCase method testMaxFieldLengthFail.
@Test(expectedExceptions = APIMThreatAnalyzerException.class)
public void testMaxFieldLengthFail() throws Exception {
JSONConfig config = Mockito.mock(JSONConfig.class);
Mockito.when(config.getMaxKeyLength()).thenReturn(5);
JSONAnalyzer analyzer = new JSONAnalyzer();
analyzer.configure(config);
String jsonString = "{\"abcdef\": [1, 2, 3, 4, 5, 6]}";
analyzer.analyze(jsonString, "/foo");
}
Also used :
JSONAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.JSONAnalyzer)
JSONConfig(org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig)
Test(org.testng.annotations.Test)
Example 35 with Analyzer
use of org.wso2.carbon.apimgt.core.api.Analyzer in project carbon-apimgt by wso2.
the class XMLAnalyzerTestCase method testAnalyzerDTDDisabled.
@Test(expectedExceptions = APIMThreatAnalyzerException.class)
public void testAnalyzerDTDDisabled() throws Exception {
init();
XMLAnalyzer analyzer = new XMLAnalyzer();
analyzer.configure(xmlConfig);
String xmlString = "<?xml version=\"1.0\"?>\n" + "<!DOCTYPE lolz [\n" + " <!ENTITY lol \"lol\">\n" + " <!ELEMENT lolz (#PCDATA)>\n" + " <!ENTITY lol1 \"&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;\">\n" + " <!ENTITY lol2 \"&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;\">\n" + " <!ENTITY lol3 \"&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;\">\n" + " <!ENTITY lol4 \"&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;\">\n" + " <!ENTITY lol5 \"&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;\">\n" + " <!ENTITY lol6 \"&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;\">\n" + " <!ENTITY lol7 \"&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;\">\n" + " <!ENTITY lol8 \"&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;\">\n" + " <!ENTITY lol9 \"&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;\">\n" + "]>\n" + "<lolz>&lol9;</lolz>";
analyzer.analyze(xmlString, "/foo");
}
Also used :
XMLAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.XMLAnalyzer)
BeforeTest(org.testng.annotations.BeforeTest)
Test(org.testng.annotations.Test)
Aggregations
Test (org.testng.annotations.Test)27
JSONConfig (org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig)15
JSONAnalyzer (org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.JSONAnalyzer)14
Analyzer (org.wso2.carbon.apimgt.core.api.Analyzer)13
APIManagementException (org.wso2.carbon.apimgt.core.exception.APIManagementException)12
BeforeTest (org.testng.annotations.BeforeTest)7
XMLAnalyzer (org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.XMLAnalyzer)7
ArrayList (java.util.ArrayList)6
AnalyticsDAO (org.wso2.carbon.apimgt.core.dao.AnalyticsDAO)6
ErrorDTO (org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO)6
ZoneId (java.time.ZoneId)5
APISubscriptionCount (org.wso2.carbon.apimgt.core.models.analytics.APISubscriptionCount)3
BBoolean (org.ballerinalang.model.values.BBoolean)2
APIMThreatAnalyzer (org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer)2
XMLConfig (org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.XMLConfig)2
APICount (org.wso2.carbon.apimgt.core.models.analytics.APICount)2
APIInfo (org.wso2.carbon.apimgt.core.models.analytics.APIInfo)2
ApplicationCount (org.wso2.carbon.apimgt.core.models.analytics.ApplicationCount)2
SubscriptionCount (org.wso2.carbon.apimgt.core.models.analytics.SubscriptionCount)2
SubscriptionInfo (org.wso2.carbon.apimgt.core.models.analytics.SubscriptionInfo)2
