Example 6 with XMLConfig
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig in project carbon-apimgt by wso2.
the class XMLAnalyzerTestCase method testMaxAttributeLength.
@Test(expectedExceptions = APIMThreatAnalyzerException.class)
public void testMaxAttributeLength() throws Exception {
init();
String xmlString = "<root attribute1111111111='someValue111111111' attribute2='1'></root>";
XMLAnalyzer analyzer = new XMLAnalyzer();
xmlConfig.setMaxAttributeLength(1);
xmlConfig.setMaxAttributeCount(1);
analyzer.configure(xmlConfig);
analyzer.analyze(xmlString, "/foo");
}
Also used :
XMLAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.XMLAnalyzer)
BeforeTest(org.testng.annotations.BeforeTest)
Test(org.testng.annotations.Test)
Example 7 with XMLConfig
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig in project carbon-apimgt by wso2.
the class XMLSchemaValidatorTest method testConfigureSchemaProperties.
/**
* Test XML configure schema properties
*/
@Test
public void testConfigureSchemaProperties() {
log.info("Running the test case to Configure the schema properties.");
XMLConfig xmlConfig = new XMLConfig();
xmlConfig.setDtdEnabled(false);
xmlConfig.setExternalEntitiesEnabled(true);
xmlConfig.setMaxAttributeLength(5);
xmlConfig.setMaxAttributeCount(5);
xmlConfig.setMaxChildrenPerElement(5);
xmlConfig.setMaxDepth(5);
xmlConfig.setMaxElementCount(5);
xmlConfig.setMaxChildrenPerElement(5);
xmlConfig.setMaxElementCount(5);
xmlConfig.setMaxDepth(5);
xmlConfig.setEntityExpansionLimit(5);
XMLConfig testConfig;
Mockito.when(messageContext.getProperty(ThreatProtectorConstants.DTD_ENABLED)).thenReturn("false");
Mockito.when(messageContext.getProperty(ThreatProtectorConstants.EXTERNAL_ENTITIES_ENABLED)).thenReturn("true");
Mockito.when(messageContext.getProperty(ThreatProtectorConstants.MAX_ELEMENT_COUNT)).thenReturn("5");
Mockito.when(messageContext.getProperty(ThreatProtectorConstants.MAX_ATTRIBUTE_LENGTH)).thenReturn("5");
Mockito.when(messageContext.getProperty(ThreatProtectorConstants.MAX_XML_DEPTH)).thenReturn("5");
Mockito.when(messageContext.getProperty(ThreatProtectorConstants.MAX_ATTRIBUTE_COUNT)).thenReturn("5");
Mockito.when(messageContext.getProperty(ThreatProtectorConstants.CHILDREN_PER_ELEMENT)).thenReturn("5");
Mockito.when(messageContext.getProperty(ThreatProtectorConstants.ENTITY_EXPANSION_LIMIT)).thenReturn("5");
Mockito.when((messageContext).getAxis2MessageContext()).thenReturn(axis2MsgCntxt);
XMLSchemaValidator xmlSchemaValidator = new XMLSchemaValidator();
testConfig = xmlSchemaValidator.configureSchemaProperties(messageContext);
assertEquals(xmlConfig.getEntityExpansionLimit(), testConfig.getEntityExpansionLimit());
assertEquals(xmlConfig.getMaxAttributeCount(), testConfig.getMaxAttributeCount());
assertEquals(xmlConfig.getMaxAttributeLength(), testConfig.getMaxAttributeLength());
assertEquals(xmlConfig.getMaxChildrenPerElement(), testConfig.getMaxChildrenPerElement());
assertEquals(xmlConfig.getMaxDepth(), testConfig.getMaxDepth());
assertEquals(xmlConfig.isDtdEnabled(), testConfig.isDtdEnabled());
assertEquals(xmlConfig.isExternalEntitiesEnabled(), testConfig.isExternalEntitiesEnabled());
assertEquals(xmlConfig.getMaxElementCount(), testConfig.getMaxElementCount());
log.info("Successfully completed testConfigureSchemaProperties test case.");
}
Also used :
XMLConfig(org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig)
Test(org.junit.Test)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 8 with XMLConfig
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig in project carbon-apimgt by wso2.
the class XMLSchemaValidator method mediate.
/**
* This mediate method validates the xml request message.
*
* @param messageContext This message context contains the request message properties of the relevant
* API which was enabled the XML_Validator message mediation in flow.
* @return A boolean value.True if successful and false if not.
*/
public boolean mediate(MessageContext messageContext) {
if (logger.isDebugEnabled()) {
logger.debug("XML validation mediator is activated...");
}
InputStream inputStreamSchema;
InputStream inputStreamXml;
Map<String, InputStream> inputStreams = null;
Boolean xmlValidationStatus;
Boolean schemaValidationStatus;
APIMThreatAnalyzer apimThreatAnalyzer = null;
String apiContext;
String requestMethod;
String contentType;
boolean validRequest = true;
org.apache.axis2.context.MessageContext axis2MC = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
requestMethod = axis2MC.getProperty(ThreatProtectorConstants.HTTP_REQUEST_METHOD).toString();
Object contentTypeObject = axis2MC.getProperty(ThreatProtectorConstants.CONTENT_TYPE);
if (contentTypeObject != null) {
contentType = contentTypeObject.toString();
} else {
contentType = axis2MC.getProperty(ThreatProtectorConstants.SOAP_CONTENT_TYPE).toString();
}
apiContext = messageContext.getProperty(ThreatProtectorConstants.API_CONTEXT).toString();
if (!APIConstants.SupportedHTTPVerbs.GET.name().equalsIgnoreCase(requestMethod) && (ThreatProtectorConstants.APPLICATION_XML.equals(contentType) || ThreatProtectorConstants.TEXT_XML.equals(contentType))) {
try {
inputStreams = GatewayUtils.cloneRequestMessage(messageContext);
if (inputStreams != null) {
Object messageProperty = messageContext.getProperty(APIMgtGatewayConstants.XML_VALIDATION);
if (messageProperty != null) {
xmlValidationStatus = Boolean.valueOf(messageProperty.toString());
if (xmlValidationStatus.equals(true)) {
XMLConfig xmlConfig = configureSchemaProperties(messageContext);
ConfigurationHolder.addXmlConfig(xmlConfig);
apimThreatAnalyzer = AnalyzerHolder.getAnalyzer(contentType);
inputStreamXml = inputStreams.get(ThreatProtectorConstants.XML);
apimThreatAnalyzer.analyze(inputStreamXml, apiContext);
}
}
messageProperty = messageContext.getProperty(APIMgtGatewayConstants.SCHEMA_VALIDATION);
if (messageProperty != null) {
schemaValidationStatus = Boolean.valueOf(messageProperty.toString());
if (schemaValidationStatus.equals(true)) {
inputStreamSchema = inputStreams.get(ThreatProtectorConstants.SCHEMA);
BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStreamSchema);
validateSchema(messageContext, bufferedInputStream);
}
}
}
} catch (APIMThreatAnalyzerException e) {
validRequest = false;
logger.error(APIMgtGatewayConstants.BAD_REQUEST, e);
GatewayUtils.handleThreat(messageContext, ThreatProtectorConstants.HTTP_SC_CODE, e.getMessage());
} catch (IOException e) {
logger.error(APIMgtGatewayConstants.BAD_REQUEST, e);
GatewayUtils.handleThreat(messageContext, ThreatProtectorConstants.HTTP_SC_CODE, e.getMessage());
}
// return analyzer to the pool
AnalyzerHolder.returnObject(apimThreatAnalyzer);
} else {
if (log.isDebugEnabled()) {
log.debug("XML Schema Validator: " + APIMgtGatewayConstants.REQUEST_TYPE_FAIL_MSG);
}
}
GatewayUtils.setOriginalInputStream(inputStreams, axis2MC);
if (validRequest) {
try {
RelayUtils.buildMessage(axis2MC);
} catch (IOException | XMLStreamException e) {
logger.error("Error occurred while parsing the payload.", e);
GatewayUtils.handleThreat(messageContext, APIMgtGatewayConstants.HTTP_SC_CODE, e.getMessage());
}
}
return true;
}
Also used :
BufferedInputStream(java.io.BufferedInputStream)
InputStream(java.io.InputStream)
XMLConfig(org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig)
IOException(java.io.IOException)
XMLStreamException(javax.xml.stream.XMLStreamException)
BufferedInputStream(java.io.BufferedInputStream)
APIMThreatAnalyzer(org.wso2.carbon.apimgt.gateway.threatprotection.analyzer.APIMThreatAnalyzer)
APIMThreatAnalyzerException(org.wso2.carbon.apimgt.gateway.threatprotection.APIMThreatAnalyzerException)
Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext)
Example 9 with XMLConfig
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig in project carbon-apimgt by wso2.
the class JSONAnalyzerTestCase method testConfigureAnalyzerException.
@Test(expectedExceptions = UnsupportedOperationException.class)
public void testConfigureAnalyzerException() throws Exception {
JSONAnalyzer analyzer = new JSONAnalyzer();
XMLConfig config = new XMLConfig();
analyzer.configure(config);
}
Also used :
JSONAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.JSONAnalyzer)
XMLConfig(org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.XMLConfig)
Test(org.testng.annotations.Test)
Example 10 with XMLConfig
use of org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig in project carbon-apimgt by wso2.
the class XMLAnalyzerTestCase method testAnalyzerDTDDisabled.
@Test(expectedExceptions = APIMThreatAnalyzerException.class)
public void testAnalyzerDTDDisabled() throws Exception {
init();
XMLAnalyzer analyzer = new XMLAnalyzer();
analyzer.configure(xmlConfig);
String xmlString = "<?xml version=\"1.0\"?>\n" + "<!DOCTYPE lolz [\n" + " <!ENTITY lol \"lol\">\n" + " <!ELEMENT lolz (#PCDATA)>\n" + " <!ENTITY lol1 \"&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;\">\n" + " <!ENTITY lol2 \"&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;\">\n" + " <!ENTITY lol3 \"&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;\">\n" + " <!ENTITY lol4 \"&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;\">\n" + " <!ENTITY lol5 \"&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;\">\n" + " <!ENTITY lol6 \"&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;\">\n" + " <!ENTITY lol7 \"&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;\">\n" + " <!ENTITY lol8 \"&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;\">\n" + " <!ENTITY lol9 \"&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;\">\n" + "]>\n" + "<lolz>&lol9;</lolz>";
analyzer.analyze(xmlString, "/foo");
}
Also used :
XMLAnalyzer(org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.XMLAnalyzer)
BeforeTest(org.testng.annotations.BeforeTest)
Test(org.testng.annotations.Test)
Aggregations
BeforeTest (org.testng.annotations.BeforeTest)7
Test (org.testng.annotations.Test)7
XMLAnalyzer (org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.XMLAnalyzer)6
XMLConfig (org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig)5
XMLConfig (org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.XMLConfig)4
APIMThreatAnalyzer (org.wso2.carbon.apimgt.gateway.threatprotection.analyzer.APIMThreatAnalyzer)2
BufferedInputStream (java.io.BufferedInputStream)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
XMLStreamException (javax.xml.stream.XMLStreamException)1
Axis2MessageContext (org.apache.synapse.core.axis2.Axis2MessageContext)1
BBoolean (org.ballerinalang.model.values.BBoolean)1
BStruct (org.ballerinalang.model.values.BStruct)1
Before (org.junit.Before)1
Test (org.junit.Test)1
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)1
APIMThreatAnalyzer (org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer)1
JSONAnalyzer (org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.JSONAnalyzer)1
JSONConfig (org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig)1
APIMThreatAnalyzerException (org.wso2.carbon.apimgt.gateway.threatprotection.APIMThreatAnalyzerException)1
