[OWASP-ESAPI] Help needed building OWASP ESAPI from source using Eclipse
Kevin W. Wall
kevin.w.wall at gmail.com
Sun Nov 8 19:05:35 EST 2009
Pawan Singh wrote:
> I 100% agree with fixing the tests so they succeed out of the box and
> removing the "Skip Tests" part from the build instructions completely.
>
> Initially, I thought there is some problem with my environment which is
> causing those tests to fail but I cross checked with Jim and he confirmed
> the same problem.
>
> I think it will be a good idea to first check if there are
> no environmental/OS specific issues which is causing these tests to fail.
> If there are then we can document the instructions on fixing those issues
> accordingly in the build and Install docs.
>
> Otherwise, we can decide upon fixing or using @ignore annotation as Kevin
> suggested for those specific tests.
>
> If there is anyone on the list for whom all 429 tests are passing then we
> can probably take his/her help in configuring and documenting
> those environment specific settings.
>
>
> My Test Results :
>
> Failed tests:
> testEncodeForSQL(org.owasp.esapi.reference.EncoderTest)
> testUnicodeString(org.owasp.esapi.PlainTextTest)
> testOverwrite(org.owasp.esapi.PlainTextTest)
> testGetRequestAttribute(org.owasp.esapi.reference.HTTPUtilitiesTest)
> testCreateSafeFile(org.owasp.esapi.reference.SafeFileTest)
> testAddDirectReference(org.owasp.esapi.reference.IntegerAccessReferenceMapTest)
> testNewEncryptDecrypt(org.owasp.esapi.reference.EncryptorTest)
>
> Tests in error:
> testShouldReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
> testShouldNotReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
> testGoodExtension(org.owasp.esapi.waf.RestrictExtensionTest)
> testBadExtension(org.owasp.esapi.waf.RestrictExtensionTest)
> enforceAuthorizationRuleNotFoundNullKey(org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoaderTest)
> testSetup(org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoaderTest)
> isAuthorizedEchoPolicyParameter(org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoaderTest)
> testRedirectBeanShellRule(org.owasp.esapi.waf.BeanShellTest)
> testShouldAddHeader(org.owasp.esapi.waf.AddHeaderTest)
> testShouldNotAddHeader(org.owasp.esapi.waf.AddHeaderTest)
> testMatchRule(org.owasp.esapi.reference.AccessControllerTest)
> testIsAuthorizedForURL(org.owasp.esapi.reference.AccessControllerTest)
> testIsAuthorizedForFunction(org.owasp.esapi.reference.AccessControllerTest)
> testIsAuthorizedForData(org.owasp.esapi.reference.AccessControllerTest)
> testIsAuthorizedForFile(org.owasp.esapi.reference.AccessControllerTest)
> testIsAuthorizedForService(org.owasp.esapi.reference.AccessControllerTest)
> testGoodRequest(org.owasp.esapi.waf.GoodRequestTest)
> testGetValidDirectoryPath(org.owasp.esapi.reference.ValidatorTest)
> testConfigurationCanBeRead(org.owasp.esapi.waf.WAFFilterTest)
> testShouldAddHeader(org.owasp.esapi.waf.AddHeaderTest)
> testShouldNotAddHeader(org.owasp.esapi.waf.AddHeaderTest)
> testRedirectBeanShellRule(org.owasp.esapi.waf.BeanShellTest)
> testBadDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
> testGoodDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
> testAuthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
> testUnauthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
> testGoodSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
> testBadSchemeSSLNotRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
> testBadSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
> testGoodRequest(org.owasp.esapi.waf.GoodRequestTest)
> testAddHttpOnlyOnSessionCookie(org.owasp.esapi.waf.HttpOnlyTest)
> testAddHttpOnlyOnCustomCookie(org.owasp.esapi.waf.HttpOnlyTest)
> testUnauthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
> testAuthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
> testShouldReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
> testShouldNotReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
> testNoContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
> testGoodContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
> testBadContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
> testGoodExtension(org.owasp.esapi.waf.RestrictExtensionTest)
> testBadExtension(org.owasp.esapi.waf.RestrictExtensionTest)
> testGoodMethod(org.owasp.esapi.waf.RestrictMethodTest)
> testBadMethod(org.owasp.esapi.waf.RestrictMethodTest)
> testBadUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
> testGoodUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
> testNonAttacktAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
> testAttackAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
> testNoContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
> testGoodContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
> testBadContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
> testAddHttpOnlyOnSessionCookie(org.owasp.esapi.waf.HttpOnlyTest)
> testAddHttpOnlyOnCustomCookie(org.owasp.esapi.waf.HttpOnlyTest)
> testSetters(org.owasp.esapi.ESAPITest)
> testNonAttacktAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
> testAttackAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
> testGoodMethod(org.owasp.esapi.waf.RestrictMethodTest)
> testBadMethod(org.owasp.esapi.waf.RestrictMethodTest)
> testBadDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
> testGoodDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
> testGoodSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
> testBadSchemeSSLNotRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
> testBadSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
> testBadUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
> testGoodUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
> testAuthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
> testUnauthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
> testUnauthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
> testAuthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
> testSeal(org.owasp.esapi.reference.EncryptorTest)
> testVerifySeal(org.owasp.esapi.reference.EncryptorTest)
>
> Tests run: 429, Failures: 7, Errors: 70, Skipped: 0
I'm running on OpenSuSE 11.1. My tests faired a little better.
Tests run: 429, Failures: 6, Errors: 57, Skipped: 0
Here are my results:
Results :
Failed tests:
testSetup(org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoaderTest)
testEncodeForSQL(org.owasp.esapi.reference.EncoderTest)
testIsInvalidFilename(org.owasp.esapi.reference.ValidatorTest)
testGetRequestAttribute(org.owasp.esapi.reference.HTTPUtilitiesTest)
testCreateSafeFileURIConstructor(org.owasp.esapi.reference.SafeFileTest)
testAddDirectReference(org.owasp.esapi.reference.IntegerAccessReferenceMapTest)
Tests in error:
testShouldReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
testShouldNotReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
testGoodExtension(org.owasp.esapi.waf.RestrictExtensionTest)
testBadExtension(org.owasp.esapi.waf.RestrictExtensionTest)
testRedirectBeanShellRule(org.owasp.esapi.waf.BeanShellTest)
testShouldAddHeader(org.owasp.esapi.waf.AddHeaderTest)
testShouldNotAddHeader(org.owasp.esapi.waf.AddHeaderTest)
testGoodRequest(org.owasp.esapi.waf.GoodRequestTest)
testConfigurationCanBeRead(org.owasp.esapi.waf.WAFFilterTest)
testShouldAddHeader(org.owasp.esapi.waf.AddHeaderTest)
testShouldNotAddHeader(org.owasp.esapi.waf.AddHeaderTest)
testRedirectBeanShellRule(org.owasp.esapi.waf.BeanShellTest)
testBadDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
testGoodDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
testAuthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
testUnauthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
testGoodSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
testBadSchemeSSLNotRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
testBadSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
testGoodRequest(org.owasp.esapi.waf.GoodRequestTest)
testAddHttpOnlyOnSessionCookie(org.owasp.esapi.waf.HttpOnlyTest)
testAddHttpOnlyOnCustomCookie(org.owasp.esapi.waf.HttpOnlyTest)
testUnauthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
testAuthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
testShouldReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
testShouldNotReplaceContent(org.owasp.esapi.waf.DynamicInsertionTest)
testNoContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
testGoodContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
testBadContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
testGoodExtension(org.owasp.esapi.waf.RestrictExtensionTest)
testBadExtension(org.owasp.esapi.waf.RestrictExtensionTest)
testGoodMethod(org.owasp.esapi.waf.RestrictMethodTest)
testBadMethod(org.owasp.esapi.waf.RestrictMethodTest)
testBadUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
testGoodUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
testNonAttacktAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
testAttackAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
testNoContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
testGoodContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
testBadContentType(org.owasp.esapi.waf.RestrictContentTypeTest)
testAddHttpOnlyOnSessionCookie(org.owasp.esapi.waf.HttpOnlyTest)
testAddHttpOnlyOnCustomCookie(org.owasp.esapi.waf.HttpOnlyTest)
testNonAttacktAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
testAttackAfterVirtualPatch(org.owasp.esapi.waf.VirtualPatchTest)
testGoodMethod(org.owasp.esapi.waf.RestrictMethodTest)
testBadMethod(org.owasp.esapi.waf.RestrictMethodTest)
testBadDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
testGoodDetectOutbound(org.owasp.esapi.waf.DetectOutboundTest)
testGoodSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
testBadSchemeSSLNotRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
testBadSchemeSSLRequired(org.owasp.esapi.waf.EnforceHTTPSTest)
testBadUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
testGoodUserAgent(org.owasp.esapi.waf.RestrictUserAgentTest)
testAuthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
testUnauthenticatedRequest(org.owasp.esapi.waf.EnforceAuthenticationTest)
testUnauthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
testAuthorizedRequest(org.owasp.esapi.waf.MustMatchTest)
Tests run: 429, Failures: 6, Errors: 57, Skipped: 0
-kevin
--
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents." -- Nathaniel Borenstein, co-creator of MIME
More information about the OWASP-ESAPI
mailing list