com.denimgroup.threadfix.selenium.tests.BaseTest.java Source code

Java tutorial

Introduction

Here is the source code for com.denimgroup.threadfix.selenium.tests.BaseTest.java

Source

////////////////////////////////////////////////////////////////////////
//
//     Copyright (c) 2009-2013 Denim Group, Ltd.
//
//     The contents of this file are subject to the Mozilla Public License
//     Version 2.0 (the "License"); you may not use this file except in
//     compliance with the License. You may obtain a copy of the License at
//     http://www.mozilla.org/MPL/
//
//     Software distributed under the License is distributed on an "AS IS"
//     basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
//     License for the specific language governing rights and limitations
//     under the License.
//
//     The Original Code is ThreadFix.
//
//     The Initial Developer of the Original Code is Denim Group, Ltd.
//     Portions created by Denim Group, Ltd. are Copyright (C)
//     Denim Group, Ltd. All Rights Reserved.
//
//     Contributor(s): Denim Group, Ltd.
//
////////////////////////////////////////////////////////////////////////
package com.denimgroup.threadfix.selenium.tests;

import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;

import java.util.Set;

import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.junit.After;
import org.junit.Before;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.chrome.ChromeDriverService;
import org.openqa.selenium.firefox.FirefoxDriver;
import org.openqa.selenium.ie.InternetExplorerDriver;
import org.openqa.selenium.remote.CapabilityType;
import org.openqa.selenium.remote.DesiredCapabilities;
import org.openqa.selenium.remote.RemoteWebDriver;

import com.denimgroup.threadfix.data.entities.GenericVulnerability;

@RunWith(Parameterized.class)
public abstract class BaseTest {

    protected final Log log = LogFactory.getLog(this.getClass());

    private WebDriver driver;
    private static ChromeDriverService service;

    public BaseTest(String browser) {
        if (browser.equals("chrome")) {
            String location = BaseTest.class.getClassLoader().getResource("Drivers").getFile();
            String log = "";
            if (System.getProperty("os.name").startsWith("Windows")) {
                location = location + "/chromedriver.exe";
                log = "NUL";
            } else {
                location = location + "/chromedriver";
                log = "/dev/null";
            }
            service = new ChromeDriverService.Builder().usingDriverExecutable(new File(location)).usingAnyFreePort()
                    .withLogFile(new File(log)).build();
            try {
                service.start();
            } catch (IOException e) {
                e.printStackTrace();
            }
            driver = new RemoteWebDriver(service.getUrl(), DesiredCapabilities.chrome());
        }

        if (browser.equals("firefox")) {
            driver = new FirefoxDriver();
        }

        if (browser.equals("IE")) {
            String location = BaseTest.class.getClassLoader().getResource("Drivers").getFile();
            location = location + "/IEDriverServer.exe";
            DesiredCapabilities capabilities = new DesiredCapabilities();
            capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);
            driver = new InternetExplorerDriver(capabilities);
        }
    }

    @Parameterized.Parameters
    public static Collection<String[]> drivers() {
        Collection<String[]> params = new ArrayList<String[]>();
        String ff = System.getProperty("FIREFOX");
        String chrome = System.getProperty("CHROME");
        String ie = System.getProperty("IE");
        if (!(ff == null) && ff.equals("true")) {
            String[] f = { "firefox" };
            params.add(f);
        }

        if (!(chrome == null) && chrome.equals("true")) {
            String[] f = { "chrome" };
            params.add(f);
        }

        if (!(ie == null) && ie.equals("true")) {
            String[] f = { "IE" };
            params.add(f);
        }
        return params;
    }

    @Before
    public void init() {
    }

    @After
    public void shutDown() {
        if (driver instanceof InternetExplorerDriver || driver instanceof FirefoxDriver) {
            driver.quit();
        } else {
            service.stop();
        }
    }

    public WebDriver getDriver() {
        log.debug("Getting Driver");
        return driver;
    }

    /**
     * This method is a wrapper for RandomStringUtils.random with a preset character set.
     * @return random string
     */
    protected String getRandomString(int length) {
        return RandomStringUtils.random(length, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
    }

    protected <T> Set<Set<T>> powerSet(T[] items) {
        int count = 1 << items.length;

        Set<Set<T>> setOfSets = new HashSet<Set<T>>();

        for (int i = 0; i < count; i++) {

            Set<T> set = new HashSet<T>();
            int j = 0;
            for (T item : items) {
                if ((i >> j++) % 2 == 1)
                    set.add(item);
            }

            setOfSets.add(set);
        }

        return setOfSets;
    }

    // TODO move to a less fragile method of checking names
    final static String ACCESS_CONTROL = "Improper Access Control";
    final static String ARGUMENT_INJECTION = "Argument Injection or Modification";
    final static String ASP_NET_CUSTOM_ERROR = "ASP.NET Misconfiguration: Missing Custom Error Page";
    final static String ASP_NET_DEBUG = "ASP.NET Misconfiguration: Creating Debug Binary";
    final static String ASP_NET_VALIDATION_MISSING = "ASP.NET Misconfiguration: Not Using Input Validation Framework";
    final static String CLEARTEXT_SENSITIVE_INFO = "Cleartext Transmission of Sensitive Information";
    final static String CODE_INJECTION = "Improper Control of Generation of Code ('Code Injection')";
    final static String COMMAND_INJECTION = "Improper Neutralization of Special Elements used in a Command ('Command Injection')";
    final static String CONFIGURATION = "Configuration";
    final static String CSRF = "Cross-Site Request Forgery (CSRF)";
    final static String DIRECTORY_LISTING = "Information Exposure Through Directory Listing";
    final static String EVAL_INJECTION = GenericVulnerability.CWE_EVAL_INJECTION;
    final static String EXTERNAL_CONTROL_OF_PARAM = "External Control of Assumed-Immutable Web Parameter";
    final static String EXTERNAL_FILEPATH_CONTROL = "External Control of File Name or Path";
    final static String FAILURE_TO_HANDLE_ENCODING = "Improper Handling of Alternate Encoding";
    final static String FILES_ACCESSIBLE = "Files or Directories Accessible to External Parties";
    final static String FORCED_BROWSING = "Direct Request ('Forced Browsing')";
    final static String FORMAT_STRING_INJECTION = GenericVulnerability.CWE_FORMAT_STRING_INJECTION;
    final static String GENERIC_INJECTION = "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')";
    final static String IMPROPER_CROSS_BOUNDARY_REMOVAL_OF_DATA = "Improper Cross-boundary Removal of Sensitive Data";
    final static String IMPROPER_HANDLING_OF_MISSING_VALUES = "Improper Handling of Missing Values";
    final static String IMPROPER_INPUT_VALIDATION = "Improper Input Validation";
    final static String IMPROPER_RESOURCE_SHUTDOWN = "Improper Resource Shutdown or Release";
    final static String IMPROPER_RESTRICTION_AUTH = "Improper Restriction of Excessive Authentication Attempts";
    final static String INFORMATION_EXPOSURE = "Information Exposure";
    final static String INFO_EXPOSURE_ERROR_MESSAGE = "Information Exposure Through an Error Message";
    final static String INFO_LEAK_BROWSER_CACHE = "Information Exposure Through Browser Caching";
    final static String INFO_LEAK_COMMENTS = "Information Exposure Through Comments";
    final static String INFO_LEAK_DIRECTORIES = "File and Directory Information Exposure";
    final static String INFO_LEAK_SERVER_ERROR = "Information Exposure Through Server Error Message";
    final static String INFO_LEAK_TEST_CODE = "Information Exposure Through Test Code";
    final static String LDAP_INJECTION = GenericVulnerability.CWE_LDAP_INJECTION;
    final static String NON_SECURE_COOKIE = "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute";
    final static String NON_SERIALIZABLE_OBJECT = "J2EE Bad Practices: Non-serializable Object Stored in Session";
    final static String NULL_POINTER = "Unchecked Return Value to NULL Pointer Dereference";
    final static String OPEN_REDIRECT = "URL Redirection to Untrusted Site ('Open Redirect')";
    final static String OS_INJECTION = GenericVulnerability.CWE_OS_COMMAND_INJECTION;
    final static String PATH_TRAVERSAL = GenericVulnerability.CWE_PATH_TRAVERSAL;
    final static String REFLECTION_ATTACK = "Reflection Attack in an Authentication Protocol";
    final static String RESOURCE_INJECTION = "Improper Control of Resource Identifiers ('Resource Injection')";
    final static String SESSION_FIXATION = "Session Fixation";
    final static String SOURCE_CODE_INCLUDE = "Information Exposure Through Include Source Code";
    final static String SQLI = GenericVulnerability.CWE_SQL_INJECTION;
    final static String TRUST_BOUNDARY_VIOLATION = "Trust Boundary Violation";
    final static String UNCHECKED_ERROR = "Unchecked Error Condition";
    final static String XML_INJECTION = "XML Injection (aka Blind XPath Injection)";
    final static String XPATH_INJECTION = GenericVulnerability.CWE_XPATH_INJECTION;
    final static String XSS = GenericVulnerability.CWE_CROSS_SITE_SCRIPTING;
}