nesstar.test.functional
Class SecurityTest

java.lang.Object
  extended by junit.framework.Assert
      extended by junit.framework.TestCase
          extended by nesstar.test.NesstarTestCase
              extended by nesstar.test.functional.SecurityTest
All Implemented Interfaces:
junit.framework.Test

public class SecurityTest
extends NesstarTestCase

A class for testing security holes on a Nesstar Server

Author:
J.Neuhoff

Field Summary
 
Fields inherited from class nesstar.test.NesstarTestCase
ALL, CATALOG_HOME, CUBE_CUBE, DATAFILE_2568_F1, DATAFILE_4176_F1, DATAFILE_4213_F1, DATAFILE_44871_F1, DATAFILE_Cube_C1, DATAFILE_Mergetest_F2, DATAFILE_UnpopulatedElementsTest_F1, emWindow, HC_VAR_HOME, ID_2568, ID_2981, ID_3690, ID_4176, ID_4213, ID_4396, ID_44871, ID_4638, ID_CAMEROON, ID_CIRCULATORY, ID_CUBE, ID_HIERARCHY, ID_LANDET, ID_MERGE, ID_NOGROUPS, ID_NSD50, ID_PUBLISH, ID_UPElements, LICENSE, localIP, NESSTAR2_SERVER_URL, NESSTAR2_URL, NONE, ROOT_CATALOG, SECTION_MERGE_VG10, SECTION_MERGE_VG7, SECTION_MERGE_VG8, SERVER, SOME, SPSS_FORMAT, STAT_ENGINE, STATEMENT_HOME, STATEMENT1, STUDY_2568, STUDY_2981, STUDY_4176, STUDY_4213, STUDY_44871, STUDY_CAMEROON, STUDY_CIRCULATORY, STUDY_CUBE, STUDY_HIERARCHY, STUDY_HOME, STUDY_LANDET, STUDY_MERGE, STUDY_NOGROUPS, STUDY_NSD50, STUDY_UPElements, STUDY2_2568, STUDY2_4638, STUDY2_UPElements, TEST_PROTOCOL, VAR_HOME, VARIABLE_2568_V1, VARIABLE_2568_V13, VARIABLE_2568_V16, VARIABLE_2568_V17, VARIABLE_2568_V18, VARIABLE_2568_V3, VARIABLE_2568_V354, VARIABLE_2568_V77, VARIABLE_44871_V1, VARIABLE_CAMEROON_V238, VARIABLE_CAMEROON_V355, VARIABLE_LANDET_V1, VARIABLE_LANDET_V2, VARIABLE_MERGE_V22, VARIABLE_MERGE_V23, VARIABLE_MERGE_V26, VARIABLE_MERGE_V41, VID_2568_V1, VID_2568_V13, VID_2568_V16, VID_2568_V17, VID_2568_V18, VID_2568_V3, VID_2568_V354, VID_2568_V77, VID_44871_V1, VID_CAMEROON_V238, VID_CAMEROON_V355, VID_LANDET_V1, VID_LANDET_V2, VID_MERGE_V22, VID_MERGE_V23, VID_MERGE_V26, VID_MERGE_V41, WebDataURL
 
Constructor Summary
SecurityTest(String testName)
          Constructor for the SecurityTest object
 
Method Summary
static void main(String[] args)
          The main program for the SecurityTest class
static junit.framework.Test suite()
          Return the suite of all tests of this class *
 void testCrossSiteScripting()
          Tests Object browser is possibly vulnerable to Cross Site Scripting (XSS) attacks (#3923)
 void testCrossSiteScripting(URL server)
          Tests Object browser is possibly vulnerable to Cross Site Scripting (XSS) attacks (#3923)
 void testJBossWebServiceSecurity()
          Test the security of the JBoss Web Service component of a Nesstar Server.
 void testJBossWebServiceSecurity2()
          Test the security of the JBoss Web Service component of a Nesstar Server.
 void testJBossWebServiceSecurity3()
          Test the security of the JBoss Web Service component of a Nesstar Server.
 
Methods inherited from class nesstar.test.NesstarTestCase
addAllTests, addAllTests, addDatafile, addPath, adminLogin, assertBinary, assertContains, assertContains, assertDoesNotContain, assertDoesNotContain, assertDuration, assertEqualIgnoreOrder, assertEquals, assertMatches, assertMatches, assertNoAccess, assertNoAccess, assertNoAccess, assertNotEquals, assertNotEquals, assertObjDoesNotExists, assertObjDoesNotExists, assertObjExists, assertObjExists, assertWebAuthorisationRequired, assertWebAuthorisationRequired, basicSetup, cannotRun, catalogSetup, checkIllegalArgument, checkPaths, checkPathsTo, checkPathsTo, checkPerformance, compareWithFile, compareWithReferenceFile, compareWithTestFile, compareWithTestFile, createDerivedVariable, createDerivedVariable, createDerivedVariableUnprotected, cubeSetup, cvsAbstractName, cvsClientSetup, cvsCompare, cvsCompare, cvsFailIfDifferent, cvsFailIfDifferent, cvsFileRevision, cvsFileRevisions, cvsRootDir, dependsOn, dependsOn, equalToFile, equalToTestFile, equalToTestFile, executeRangeQuery, executeRangeQuery, executeRangeQuery, executeRangeQueryAdditivity, expectFalse, expectTrue, extractZipFile, factsheetSetup, findPosition, flirtWithTestFile, getBrowserPage, getBrowserPage, getCatalog, getCategoryStatistic, getCategoryStatisticFromVariable, getConcept, getCurrentBrowserPage, getCvsPropertiesFile, getDatafile, getDDITestFile, getDDITestFileContents, getDerivedVariableByName, getDimension, getDimensionFromCube, getEGMSResource, getEGMSResource2, getEvent, getExisting, getFailedDir, getFailedFile, getFilenames, getFilteredTestFile, getGeographicalUnit, getLocalFile, getMaxConcurrentOps, getMeasure, getNumberCompletedOps, getNumberHTTPConnections, getNumberStartedOps, getObj, getObjectsFrom, getObjURL, getOrganisation, getPage, getPage, getPartsOf, getPartsOf, getPartsOf, getPerson, getRawPage, getRDF, getReport, getResultDir, getResultFile, getSecureObjURL, getSecureServerURL, getServerDataDir, getServerDatafile, getServerIP, getServerLog, getServerName, getServerObjURL, getServerPage, getServerPageURL, getServerPassword, getServerPort, getServerSecurePort, getServerURL, getServerUsername, getStatementsOn, getStatementsOn, getTableFromStudy, getTerm, getTestDir, getTestFile, getTestFile, getVariable, getVariableFromStudy, getWebFile, getZipFile, hasWebData, HCSetup, isLocalServer, isNTService, isOnline, isQuickie, isReleaseTest, isWaitForSQLServerIndexer, loadCube, loadDDI, loadHashFromFile, loadStudy, loadStudy3, loadVariable, msg, msg, noDirectAccess, objExists, objsExists, openEMWindow, performRangeQuery, querySetup, read, rebootServer, rebootServer, reloadObj, removeAllVars, removeCreationDate, removeProperties, removeServerURL, repeatCheck, saveToTestFile, setNTService, setQuickie, setReleaseTest, setWaitForSQLServerIndexer, statementSetup, studyCleanup, studySetup, tableSetup, toMsg, toString, untested, updateChildren, variableSetup, waitForSQLServerIndexer, waitServer, warn, webclientSetup, write, xthesaurusSetup
 
Methods inherited from class junit.framework.TestCase
countTestCases, getName, run, run, runBare, setName, toString
 
Methods inherited from class junit.framework.Assert
assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertFalse, assertFalse, assertNotNull, assertNotNull, assertNotSame, assertNotSame, assertNull, assertNull, assertSame, assertSame, assertTrue, assertTrue, fail, fail
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

SecurityTest

public SecurityTest(String testName)
Constructor for the SecurityTest object

Parameters:
testName -
Method Detail

main

public static void main(String[] args)
The main program for the SecurityTest class

Parameters:
args - The command line arguments

suite

public static junit.framework.Test suite()
Return the suite of all tests of this class *

Returns:
The test suite

testJBossWebServiceSecurity

public void testJBossWebServiceSecurity()
                                 throws Exception
Test the security of the JBoss Web Service component of a Nesstar Server. For further details see Nessus ID 11037

Throws:
Exception

testJBossWebServiceSecurity2

public void testJBossWebServiceSecurity2()
                                  throws Exception
Test the security of the JBoss Web Service component of a Nesstar Server. For further details see Nessus ID 11183

Throws:
Exception

testJBossWebServiceSecurity3

public void testJBossWebServiceSecurity3()
                                  throws Exception
Test the security of the JBoss Web Service component of a Nesstar Server. For further details see Nessus ID 10445 and Nessus ID 10320 This test seems to slow down the server considerably for a while.

Throws:
Exception

testCrossSiteScripting

public void testCrossSiteScripting()
                            throws Exception
Tests Object browser is possibly vulnerable to Cross Site Scripting (XSS) attacks (#3923)

Throws:
Exception

testCrossSiteScripting

public void testCrossSiteScripting(URL server)
                            throws Exception
Tests Object browser is possibly vulnerable to Cross Site Scripting (XSS) attacks (#3923)

Throws:
Exception

Nesstar SDK

Copyright©2003 NSD - All Rights Reserved