@Test public void shouldFilterInjectedCodeWithSpace() { Mockito.when(request.getParameterMap()).thenReturn(injectionMap); wrapper = new InjectionAttackWrapper(request); Map<String, String[]> output = wrapper.getParameterMap(); assertEquals("", ((String[]) output.get("param3"))[0]); }
@Test public void shouldNotFilterMessageWithAnOnInItLaterInTheString() { Mockito.when(request.getParameterMap()).thenReturn(innocuousMap); wrapper = new InjectionAttackWrapper(request); Map<String, String[]> output = wrapper.getParameterMap(); assertEquals("Then ona winter day", output.get("param4")[0]); }
@Test public void shouldNotFilterMessageStartingWithOn() { Mockito.when(request.getParameterMap()).thenReturn(innocuousMap); wrapper = new InjectionAttackWrapper(request); Map<String, String[]> output = wrapper.getParameterMap(); assertEquals("%20on a rainy day", output.get("param3")[0]); }
@Test public void shouldNotFilterMessageWithAnOnInAName() { Mockito.when(request.getParameterMap()).thenReturn(innocuousMap); wrapper = new InjectionAttackWrapper(request); Map<String, String[]> output = wrapper.getParameterMap(); assertEquals("%20Christina Zhong", output.get("param1")[0]); }