Source code: org/apache/batik/bridge/EcmaNoLoadTest.java
1 /*
2
3 Copyright 2004 The Apache Software Foundation
4
5 Licensed under the Apache License, Version 2.0 (the "License");
6 you may not use this file except in compliance with the License.
7 You may obtain a copy of the License at
8
9 http://www.apache.org/licenses/LICENSE-2.0
10
11 Unless required by applicable law or agreed to in writing, software
12 distributed under the License is distributed on an "AS IS" BASIS,
13 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 See the License for the specific language governing permissions and
15 limitations under the License.
16
17 */
18 package org.apache.batik.bridge;
19
20 import org.apache.batik.test.*;
21
22 import org.apache.batik.test.svg.SVGOnLoadExceptionTest;
23
24 /**
25 * Checks that ECMA Scripts which should not be loaded are not
26 * loaded.
27 *
28 * @author <a href="mailto:vincent.hardy@sun.com">Vincent Hardy</a>
29 * @version $Id: EcmaNoLoadTest.java,v 1.4 2005/03/29 10:48:04 deweese Exp $
30 */
31 public class EcmaNoLoadTest extends DefaultTestSuite {
32 public EcmaNoLoadTest() {
33 String scripts = "application/java-archive";
34 String[] scriptSource = {"bridge/ecmaCheckNoLoadAny",
35 "bridge/ecmaCheckNoLoadSameAsDocument",
36 "bridge/ecmaCheckNoLoadEmbed",
37 "bridge/ecmaCheckNoLoadEmbedAttr",
38 };
39 boolean[] secure = {true, false};
40 String[] scriptOrigin = {"ANY", "DOCUMENT", "EMBEDED", "NONE"};
41
42 //
43 // If "application/ecmascript" is disallowed, scripts
44 // should not be loaded, no matter their origin or the
45 // other security settings.
46 //
47 for (int i=0; i<scriptSource.length; i++) {
48 for (int j=0; j<secure.length; j++) {
49 for (int k=0; k<scriptOrigin.length; k++) {
50 SVGOnLoadExceptionTest t = buildTest(scripts,
51 scriptSource[i],
52 scriptOrigin[k],
53 secure[j],
54 false,
55 false);
56 addTest(t);
57 }
58 }
59 }
60
61 //
62 // If script run in restricted mode, then there should be
63 // a security exception, no matter what the other settings are
64 // (if we are running code under a security manager, that is,
65 // i.e., secure is true).
66 scripts = "text/ecmascript";
67 for (int i=0; i<scriptSource.length; i++) {
68 for (int k=0; k<scriptOrigin.length; k++) {
69 boolean expectSuccess = ((i>=2) && (k <= 2));
70 SVGOnLoadExceptionTest t = buildTest(scripts,
71 scriptSource[i],
72 scriptOrigin[k],
73 true,
74 true,
75 expectSuccess);
76 addTest(t);
77 }
78 }
79
80 //
81 // If "applicatin/ecmascript" is allowed, but the accepted
82 // script origin is lower than the candidate script, then
83 // the script should not be loaded (e.g., if scriptOrigin
84 // is embeded and trying to load an external script).
85 //
86 for (int j=0; j<scriptOrigin.length; j++) {
87 int max = j;
88 if (j == scriptOrigin.length - 1) {
89 max = j+1;
90 }
91 for (int i=0; i<max; i++) {
92 for (int k=0; k<secure.length; k++) {
93 SVGOnLoadExceptionTest t= buildTest(scripts, scriptSource[i],
94 scriptOrigin[j],
95 secure[k],
96 false,
97 false);
98 addTest(t);
99 }
100 }
101 }
102 }
103
104 SVGOnLoadExceptionTest buildTest(String scripts, String id, String origin,
105 boolean secure, boolean restricted,
106 boolean successExpected) {
107 SVGOnLoadExceptionTest t = new SVGOnLoadExceptionTest();
108 String desc =
109 "(scripts=" + scripts +
110 ")(scriptOrigin=" + origin +
111 ")(secure=" + secure +
112 ")(restricted=" + restricted + ")";
113
114 t.setId(id + desc);
115 t.setScriptOrigin(origin);
116 t.setSecure(secure);
117 t.setScripts(scripts);
118 if (successExpected)
119 t.setExpectedExceptionClass(null);
120 else
121 t.setExpectedExceptionClass("java.lang.SecurityException");
122 t.setRestricted(restricted);
123
124 return t;
125 }
126
127 }