|
Java example source code file (SecurityTest.java)
The SecurityTest.java Java example source code/* * Copyright (C) 2008 Google Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.google.gson.functional; import com.google.gson.Gson; import com.google.gson.GsonBuilder; import com.google.gson.common.TestTypes.BagOfPrimitives; import junit.framework.TestCase; /** * Tests for security-related aspects of Gson * * @author Inderjeet Singh */ public class SecurityTest extends TestCase { /** * Keep this in sync with Gson.JSON_NON_EXECUTABLE_PREFIX */ private static final String JSON_NON_EXECUTABLE_PREFIX = ")]}'\n"; private GsonBuilder gsonBuilder; @Override protected void setUp() throws Exception { super.setUp(); gsonBuilder = new GsonBuilder(); } public void testNonExecutableJsonSerialization() { Gson gson = gsonBuilder.generateNonExecutableJson().create(); String json = gson.toJson(new BagOfPrimitives()); assertTrue(json.startsWith(JSON_NON_EXECUTABLE_PREFIX)); } public void testNonExecutableJsonDeserialization() { String json = JSON_NON_EXECUTABLE_PREFIX + "{longValue:1}"; Gson gson = gsonBuilder.create(); BagOfPrimitives target = gson.fromJson(json, BagOfPrimitives.class); assertEquals(1, target.longValue); } public void testJsonWithNonExectuableTokenSerialization() { Gson gson = gsonBuilder.generateNonExecutableJson().create(); String json = gson.toJson(JSON_NON_EXECUTABLE_PREFIX); assertTrue(json.contains(")]}'\n")); } /** * Gson should be able to deserialize a stream with non-exectuable token even if it is created * without {@link GsonBuilder#generateNonExecutableJson()}. */ public void testJsonWithNonExectuableTokenWithRegularGsonDeserialization() { Gson gson = gsonBuilder.create(); String json = JSON_NON_EXECUTABLE_PREFIX + "{stringValue:')]}\\u0027\\n'}"; BagOfPrimitives target = gson.fromJson(json, BagOfPrimitives.class); assertEquals(")]}'\n", target.stringValue); } /** * Gson should be able to deserialize a stream with non-exectuable token if it is created * with {@link GsonBuilder#generateNonExecutableJson()}. */ public void testJsonWithNonExectuableTokenWithConfiguredGsonDeserialization() { // Gson should be able to deserialize a stream with non-exectuable token even if it is created Gson gson = gsonBuilder.generateNonExecutableJson().create(); String json = JSON_NON_EXECUTABLE_PREFIX + "{intValue:2,stringValue:')]}\\u0027\\n'}"; BagOfPrimitives target = gson.fromJson(json, BagOfPrimitives.class); assertEquals(")]}'\n", target.stringValue); assertEquals(2, target.intValue); } } Other Java examples (source code examples)Here is a short list of links related to this Java SecurityTest.java source code file: |
... this post is sponsored by my books ... | |
![]() #1 New Release! |
![]() FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.