@Test
public void shouldFilterInjectedCodeWithSpace() {
Mockito.when(request.getParameterMap()).thenReturn(injectionMap);
wrapper = new InjectionAttackWrapper(request);
Map<String, String[]> output = wrapper.getParameterMap();
assertEquals("", ((String[]) output.get("param3"))[0]);
}
@Test
public void shouldNotFilterMessageWithAnOnInItLaterInTheString() {
Mockito.when(request.getParameterMap()).thenReturn(innocuousMap);
wrapper = new InjectionAttackWrapper(request);
Map<String, String[]> output = wrapper.getParameterMap();
assertEquals("Then ona winter day", output.get("param4")[0]);
}
@Test
public void shouldNotFilterMessageStartingWithOn() {
Mockito.when(request.getParameterMap()).thenReturn(innocuousMap);
wrapper = new InjectionAttackWrapper(request);
Map<String, String[]> output = wrapper.getParameterMap();
assertEquals("%20on a rainy day", output.get("param3")[0]);
}
@Test
public void shouldNotFilterMessageWithAnOnInAName() {
Mockito.when(request.getParameterMap()).thenReturn(innocuousMap);
wrapper = new InjectionAttackWrapper(request);
Map<String, String[]> output = wrapper.getParameterMap();
assertEquals("%20Christina Zhong", output.get("param1")[0]);
}