001: /*
002:
003: Licensed to the Apache Software Foundation (ASF) under one or more
004: contributor license agreements. See the NOTICE file distributed with
005: this work for additional information regarding copyright ownership.
006: The ASF licenses this file to You under the Apache License, Version 2.0
007: (the "License"); you may not use this file except in compliance with
008: the License. You may obtain a copy of the License at
009:
010: http://www.apache.org/licenses/LICENSE-2.0
011:
012: Unless required by applicable law or agreed to in writing, software
013: distributed under the License is distributed on an "AS IS" BASIS,
014: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015: See the License for the specific language governing permissions and
016: limitations under the License.
017:
018: */
019: package org.apache.batik.bridge;
020:
021: import org.apache.batik.test.*;
022:
023: import org.apache.batik.test.svg.SVGOnLoadExceptionTest;
024:
025: /**
026: * Checks that ECMA Scripts which should not be loaded are not
027: * loaded.
028: *
029: * @author <a href="mailto:vincent.hardy@sun.com">Vincent Hardy</a>
030: * @version $Id: EcmaNoLoadTest.java 475477 2006-11-15 22:44:28Z cam $
031: */
032: public class EcmaNoLoadTest extends DefaultTestSuite {
033: public EcmaNoLoadTest() {
034: String scripts = "application/java-archive";
035: String[] scriptSource = { "bridge/ecmaCheckNoLoadAny",
036: "bridge/ecmaCheckNoLoadSameAsDocument",
037: "bridge/ecmaCheckNoLoadEmbed",
038: "bridge/ecmaCheckNoLoadEmbedAttr", };
039: boolean[] secure = { true, false };
040: String[] scriptOrigin = { "ANY", "DOCUMENT", "EMBEDED", "NONE" };
041:
042: //
043: // If "application/ecmascript" is disallowed, scripts
044: // should not be loaded, no matter their origin or the
045: // other security settings.
046: //
047: for (int i = 0; i < scriptSource.length; i++) {
048: for (int j = 0; j < secure.length; j++) {
049: for (int k = 0; k < scriptOrigin.length; k++) {
050: SVGOnLoadExceptionTest t = buildTest(scripts,
051: scriptSource[i], scriptOrigin[k],
052: secure[j], false, false);
053: addTest(t);
054: }
055: }
056: }
057:
058: //
059: // If script run in restricted mode, then there should be
060: // a security exception, no matter what the other settings are
061: // (if we are running code under a security manager, that is,
062: // i.e., secure is true).
063: scripts = "text/ecmascript";
064: for (int i = 0; i < scriptSource.length; i++) {
065: for (int k = 0; k < scriptOrigin.length; k++) {
066: boolean expectSuccess = ((i >= 2) && (k <= 2));
067: SVGOnLoadExceptionTest t = buildTest(scripts,
068: scriptSource[i], scriptOrigin[k], true, true,
069: expectSuccess);
070: addTest(t);
071: }
072: }
073:
074: //
075: // If "applicatin/ecmascript" is allowed, but the accepted
076: // script origin is lower than the candidate script, then
077: // the script should not be loaded (e.g., if scriptOrigin
078: // is embeded and trying to load an external script).
079: //
080: for (int j = 0; j < scriptOrigin.length; j++) {
081: int max = j;
082: if (j == scriptOrigin.length - 1) {
083: max = j + 1;
084: }
085: for (int i = 0; i < max; i++) {
086: for (int k = 0; k < secure.length; k++) {
087: SVGOnLoadExceptionTest t = buildTest(scripts,
088: scriptSource[i], scriptOrigin[j],
089: secure[k], false, false);
090: addTest(t);
091: }
092: }
093: }
094: }
095:
096: SVGOnLoadExceptionTest buildTest(String scripts, String id,
097: String origin, boolean secure, boolean restricted,
098: boolean successExpected) {
099: SVGOnLoadExceptionTest t = new SVGOnLoadExceptionTest();
100: String desc = "(scripts=" + scripts + ")(scriptOrigin="
101: + origin + ")(secure=" + secure + ")(restricted="
102: + restricted + ")";
103:
104: t.setId(id + desc);
105: t.setScriptOrigin(origin);
106: t.setSecure(secure);
107: t.setScripts(scripts);
108: if (successExpected)
109: t.setExpectedExceptionClass(null);
110: else
111: t.setExpectedExceptionClass("java.lang.SecurityException");
112: t.setRestricted(restricted);
113:
114: return t;
115: }
116:
117: }
|