01: /*
02:
03: Licensed to the Apache Software Foundation (ASF) under one or more
04: contributor license agreements. See the NOTICE file distributed with
05: this work for additional information regarding copyright ownership.
06: The ASF licenses this file to You under the Apache License, Version 2.0
07: (the "License"); you may not use this file except in compliance with
08: the License. You may obtain a copy of the License at
09:
10: http://www.apache.org/licenses/LICENSE-2.0
11:
12: Unless required by applicable law or agreed to in writing, software
13: distributed under the License is distributed on an "AS IS" BASIS,
14: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15: See the License for the specific language governing permissions and
16: limitations under the License.
17:
18: */
19: package org.apache.batik.bridge;
20:
21: import org.apache.batik.test.*;
22:
23: import org.apache.batik.test.svg.SVGOnLoadExceptionTest;
24:
25: /**
26: * Checks that JAR Scripts which should not be loaded are not
27: * loaded.
28: *
29: * @author <a href="mailto:vincent.hardy@sun.com">Vincent Hardy</a>
30: * @version $Id: JarNoLoadTest.java 475477 2006-11-15 22:44:28Z cam $
31: */
32: public class JarNoLoadTest extends DefaultTestSuite {
33: public JarNoLoadTest() {
34: String scripts = "text/ecmascript";
35: String[] scriptSource = { "bridge/jarCheckNoLoadAny",
36: "bridge/jarCheckNoLoadSameAsDocument",
37: "bridge/jarCheckNoLoadEmbed", };
38: boolean[] secure = { true, false };
39: String[] scriptOrigin = { "ANY", "DOCUMENT", "EMBEDED", "NONE" };
40:
41: //
42: // If "application/java-archive" is disallowed, scripts
43: // should not be loaded, no matter their origin or the
44: // other security settings.
45: //
46: for (int i = 0; i < scriptSource.length; i++) {
47: for (int j = 0; j < secure.length; j++) {
48: for (int k = 0; k < scriptOrigin.length; k++) {
49: SVGOnLoadExceptionTest t = buildTest(scripts,
50: scriptSource[i], scriptOrigin[k], secure[j]);
51: addTest(t);
52: }
53: }
54: }
55:
56: //
57: // If "application/java-archive" is allowed, but the accepted
58: // script origin is lower than the candidate script, then
59: // the script should not be loaded (e.g., if scriptOrigin
60: // is embeded and trying to load an external script).
61: //
62: scripts = "application/java-archive";
63: for (int j = 0; j < scriptOrigin.length; j++) {
64: for (int i = 0; i < j; i++) {
65: for (int k = 0; k < secure.length; k++) {
66: SVGOnLoadExceptionTest t = buildTest(scripts,
67: scriptSource[i], scriptOrigin[j], secure[k]);
68: addTest(t);
69: }
70: }
71: }
72: }
73:
74: SVGOnLoadExceptionTest buildTest(String scripts, String id,
75: String origin, boolean secure) {
76: SVGOnLoadExceptionTest t = new SVGOnLoadExceptionTest();
77: String desc = "(scripts=" + scripts + ")(scriptOrigin="
78: + origin + ")(secure=" + secure + ")";
79:
80: t.setId(id + desc);
81: t.setScriptOrigin(origin);
82: t.setSecure(secure);
83: t.setScripts(scripts);
84: t.setExpectedExceptionClass("java.lang.SecurityException");
85:
86: return t;
87: }
88:
89: }
|