Add ParameterLimitValve to enforce request parameter limits for specific URLs

test/org/apache/catalina/session/TestPersistentManager.java

@@ -108,6 +108,7 @@ public Manager getManager() {
         context.setParent(host);
 
         Connector connector = EasyMock.createNiceMock(Connector.class);
+        EasyMock.replay(connector);
         Request req = new Request(connector, null) {
             @Override
             public Context getContext() {
@@ -116,7 +117,6 @@ public Context getContext() {
         };
         req.setRequestedSessionId("invalidSession");
         HttpServletRequest request = new RequestFacade(req);
-        EasyMock.replay(connector);
         requestCachingSessionListener.request = request;
 
         manager.setContext(context);

test/org/apache/catalina/valves/TestSSLValve.java

@@ -21,7 +21,6 @@
 import java.util.logging.Level;
 
 import org.junit.Assert;
-import org.junit.Before;
 import org.junit.Test;
 
 import org.apache.catalina.Globals;
@@ -36,8 +35,21 @@ public class TestSSLValve {
 
     public static class MockRequest extends Request {
 
-        public MockRequest() {
-            super(EasyMock.createMock(Connector.class), new org.apache.coyote.Request());
+        private static MockRequest single_instance = null;
+
+        public MockRequest(Connector connector) {
+            super(connector, new org.apache.coyote.Request());
+        }
+
+        public static MockRequest getInstance()
+        {
+            if (single_instance == null) {
+                Connector connector = EasyMock.createNiceMock(Connector.class);
+                EasyMock.replay(connector);
+                single_instance = new MockRequest(connector);
+            }
+
+            return single_instance;
         }
 
         @Override
@@ -90,22 +102,30 @@ public void addHeader(String header, String value) {
             "yoTBqEpJloWksrypqp3iL4PAL5+KkB2zp66+MVAg8LcEDFJggBBJCtv4SCWV7ZOB",
             "WLu8gep+XCwSn0Wb6D3eFs4DoIiMvQ6g2rS/pk7o5eWj", "-----END CERTIFICATE-----" };
 
-    private SSLValve valve = new SSLValve();
-
-    private MockRequest mockRequest = new MockRequest();
-    private Valve mockNext = EasyMock.createMock(Valve.class);
+    private final SSLValve valve = new SSLValve();
 
+    private MockRequest mockRequest;
+    private final Valve mockNext = EasyMock.createMock(Valve.class);
 
-    @Before
     public void setUp() throws Exception {
+        setUp(null);
+    }
+
+    public void setUp(Connector connector) throws Exception {
         valve.setNext(mockNext);
+        if (connector == null) {
+            mockRequest = MockRequest.getInstance();
+        } else {
+            EasyMock.replay(connector);
+            mockRequest = new MockRequest(connector);
+        }
         mockNext.invoke(mockRequest, null);
         EasyMock.replay(mockNext);
     }
 
-
     @Test
-    public void testSslHeader() {
+    public void testSslHeader() throws Exception {
+        setUp();
         final String headerName = "myheader";
         final String headerValue = "BASE64_HEADER_VALUE";
         mockRequest.setHeader(headerName, headerValue);
@@ -115,7 +135,8 @@ public void testSslHeader() {
 
 
     @Test
-    public void testSslHeaderNull() {
+    public void testSslHeaderNull() throws Exception {
+        setUp();
         final String headerName = "myheader";
         mockRequest.setHeader(headerName, null);
 
@@ -124,7 +145,8 @@ public void testSslHeaderNull() {
 
 
     @Test
-    public void testSslHeaderNullModHeader() {
+    public void testSslHeaderNullModHeader() throws Exception {
+        setUp();
         final String headerName = "myheader";
         final String nullModHeaderValue = "(null)";
         mockRequest.setHeader(headerName, nullModHeaderValue);
@@ -135,12 +157,14 @@ public void testSslHeaderNullModHeader() {
 
     @Test
     public void testSslHeaderNullName() throws Exception {
+        setUp();
         Assert.assertNull(valve.mygetHeader(mockRequest, null));
     }
 
 
     @Test
     public void testSslHeaderMultiples() throws Exception {
+        setUp();
         final String headerName = "myheader";
         final String headerValue = "BASE64_HEADER_VALUE";
         mockRequest.addHeader(headerName, headerValue);
@@ -152,6 +176,7 @@ public void testSslHeaderMultiples() throws Exception {
 
     @Test
     public void testSslClientCertHeaderSingleSpace() throws Exception {
+        setUp();
         String singleSpaced = certificateSingleLine(" ");
         mockRequest.setHeader(valve.getSslClientCertHeader(), singleSpaced);
 
@@ -163,6 +188,7 @@ public void testSslClientCertHeaderSingleSpace() throws Exception {
 
     @Test
     public void testSslClientCertHeaderMultiSpace() throws Exception {
+        setUp();
         String singleSpaced = certificateSingleLine("    ");
         mockRequest.setHeader(valve.getSslClientCertHeader(), singleSpaced);
 
@@ -174,6 +200,7 @@ public void testSslClientCertHeaderMultiSpace() throws Exception {
 
     @Test
     public void testSslClientCertHeaderTab() throws Exception {
+        setUp();
         String singleSpaced = certificateSingleLine("\t");
         mockRequest.setHeader(valve.getSslClientCertHeader(), singleSpaced);
 
@@ -185,6 +212,7 @@ public void testSslClientCertHeaderTab() throws Exception {
 
     @Test
     public void testSslClientCertHeaderEscaped() throws Exception {
+        setUp();
         String cert = certificateEscaped();
         mockRequest.setHeader(valve.getSslClientEscapedCertHeader(), cert);
 
@@ -196,6 +224,7 @@ public void testSslClientCertHeaderEscaped() throws Exception {
 
     @Test
     public void testSslClientCertNull() throws Exception {
+        setUp();
         TesterLogValidationFilter f = TesterLogValidationFilter.add(null, "", null,
                 "org.apache.catalina.valves.SSLValve");
 
@@ -209,6 +238,7 @@ public void testSslClientCertNull() throws Exception {
 
     @Test
     public void testSslClientCertShorter() throws Exception {
+        setUp();
         mockRequest.setHeader(valve.getSslClientCertHeader(), "shorter than hell");
 
         TesterLogValidationFilter f = TesterLogValidationFilter.add(null, "", null,
@@ -224,6 +254,7 @@ public void testSslClientCertShorter() throws Exception {
 
     @Test
     public void testSslClientCertIgnoredBegin() throws Exception {
+        setUp();
         String[] linesBegin = Arrays.copyOf(CERTIFICATE_LINES, CERTIFICATE_LINES.length);
         linesBegin[0] = "3fisjcme3kdsakasdfsadkafsd3";
         String begin = certificateSingleLine(linesBegin, " ");
@@ -237,6 +268,7 @@ public void testSslClientCertIgnoredBegin() throws Exception {
 
     @Test
     public void testSslClientCertBadFormat() throws Exception {
+        setUp();
         String[] linesDeleted = Arrays.copyOf(CERTIFICATE_LINES, CERTIFICATE_LINES.length / 2);
         String deleted = certificateSingleLine(linesDeleted, " ");
         mockRequest.setHeader(valve.getSslClientCertHeader(), deleted);
@@ -254,8 +286,10 @@ public void testSslClientCertBadFormat() throws Exception {
 
     @Test
     public void testClientCertProviderNotFound() throws Exception {
-        EasyMock.expect(mockRequest.getConnector().getProperty("clientCertProvider")).andStubReturn("wontBeFound");
-        EasyMock.replay(mockRequest.getConnector());
+        Connector connector = EasyMock.createNiceMock(Connector.class);
+        EasyMock.expect(connector.getProperty("clientCertProvider")).andStubReturn("wontBeFound");
+        setUp(connector);
+
         mockRequest.setHeader(valve.getSslClientCertHeader(), certificateSingleLine(" "));
 
         TesterLogValidationFilter f = TesterLogValidationFilter.add(Level.SEVERE, null,
@@ -270,6 +304,7 @@ public void testClientCertProviderNotFound() throws Exception {
 
     @Test
     public void testSslSecureProtocolHeaderPresent() throws Exception {
+        setUp();
         String protocol = "secured-with";
         mockRequest.setHeader(valve.getSslSecureProtocolHeader(), protocol);
 
@@ -281,6 +316,7 @@ public void testSslSecureProtocolHeaderPresent() throws Exception {
 
     @Test
     public void testSslCipherHeaderPresent() throws Exception {
+        setUp();
         String cipher = "ciphered-with";
         mockRequest.setHeader(valve.getSslCipherHeader(), cipher);
 
@@ -292,6 +328,7 @@ public void testSslCipherHeaderPresent() throws Exception {
 
     @Test
     public void testSslSessionIdHeaderPresent() throws Exception {
+        setUp();
         String session = "ssl-session";
         mockRequest.setHeader(valve.getSslSessionIdHeader(), session);
 
@@ -303,6 +340,7 @@ public void testSslSessionIdHeaderPresent() throws Exception {
 
     @Test
     public void testSslCipherUserKeySizeHeaderPresent() throws Exception {
+        setUp();
         Integer keySize = Integer.valueOf(452);
         mockRequest.setHeader(valve.getSslCipherUserKeySizeHeader(), String.valueOf(keySize));
 
@@ -314,12 +352,14 @@ public void testSslCipherUserKeySizeHeaderPresent() throws Exception {
 
     @Test(expected = NumberFormatException.class)
     public void testSslCipherUserKeySizeHeaderBadFormat() throws Exception {
+        setUp();
         mockRequest.setHeader(valve.getSslCipherUserKeySizeHeader(), "not-an-integer");
 
         try {
             valve.invoke(mockRequest, null);
         } catch (NumberFormatException e) {
             Assert.assertNull(mockRequest.getAttribute(Globals.KEY_SIZE_ATTR));
+            mockRequest.setHeader(valve.getSslCipherUserKeySizeHeader(), null);
             throw e;
         }
     }
@@ -363,4 +403,4 @@ private void assertCertificateParsed() throws Exception {
         Assert.assertNotNull(certificates[0]);
         Assert.assertEquals(0, f.getMessageCount());
     }
-}
+}