SecurityTest

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

nesstar.test.functional
Class SecurityTest

java.lang.Object
  junit.framework.Assert
      junit.framework.TestCase
          nesstar.test.NesstarTestCase
              nesstar.test.functional.SecurityTest

All Implemented Interfaces:: junit.framework.Test

public class SecurityTest
extends NesstarTestCase
extends NesstarTestCase

A class for testing security holes on a Nesstar Server

Author:: J.Neuhoff

Field Summary

Fields inherited from class nesstar.test.NesstarTestCase
ALL, CATALOG_HOME, CUBE_CUBE, DATAFILE_2568_F1, DATAFILE_4176_F1, DATAFILE_4213_F1, DATAFILE_44871_F1, DATAFILE_Cube_C1, DATAFILE_Mergetest_F2, DATAFILE_UnpopulatedElementsTest_F1, emWindow, HC_VAR_HOME, ID_2568, ID_2981, ID_3690, ID_4176, ID_4213, ID_4396, ID_44871, ID_4638, ID_CAMEROON, ID_CIRCULATORY, ID_CUBE, ID_HIERARCHY, ID_LANDET, ID_MERGE, ID_NOGROUPS, ID_NSD50, ID_PUBLISH, ID_UPElements, LICENSE, localIP, NESSTAR2_SERVER_URL, NESSTAR2_URL, NONE, ROOT_CATALOG, SECTION_MERGE_VG10, SECTION_MERGE_VG7, SECTION_MERGE_VG8, SERVER, SOME, SPSS_FORMAT, STAT_ENGINE, STATEMENT_HOME, STATEMENT1, STUDY_2568, STUDY_2981, STUDY_4176, STUDY_4213, STUDY_44871, STUDY_CAMEROON, STUDY_CIRCULATORY, STUDY_CUBE, STUDY_HIERARCHY, STUDY_HOME, STUDY_LANDET, STUDY_MERGE, STUDY_NOGROUPS, STUDY_NSD50, STUDY_UPElements, STUDY2_2568, STUDY2_4638, STUDY2_UPElements, TEST_PROTOCOL, VAR_HOME, VARIABLE_2568_V1, VARIABLE_2568_V13, VARIABLE_2568_V16, VARIABLE_2568_V17, VARIABLE_2568_V18, VARIABLE_2568_V3, VARIABLE_2568_V354, VARIABLE_2568_V77, VARIABLE_44871_V1, VARIABLE_CAMEROON_V238, VARIABLE_CAMEROON_V355, VARIABLE_LANDET_V1, VARIABLE_LANDET_V2, VARIABLE_MERGE_V22, VARIABLE_MERGE_V23, VARIABLE_MERGE_V26, VARIABLE_MERGE_V41, VID_2568_V1, VID_2568_V13, VID_2568_V16, VID_2568_V17, VID_2568_V18, VID_2568_V3, VID_2568_V354, VID_2568_V77, VID_44871_V1, VID_CAMEROON_V238, VID_CAMEROON_V355, VID_LANDET_V1, VID_LANDET_V2, VID_MERGE_V22, VID_MERGE_V23, VID_MERGE_V26, VID_MERGE_V41, WebDataURL

Fields inherited from class nesstar.test.NesstarTestCase

ALL, CATALOG_HOME, CUBE_CUBE, DATAFILE_2568_F1, DATAFILE_4176_F1, DATAFILE_4213_F1, DATAFILE_44871_F1, DATAFILE_Cube_C1, DATAFILE_Mergetest_F2, DATAFILE_UnpopulatedElementsTest_F1, emWindow, HC_VAR_HOME, ID_2568, ID_2981, ID_3690, ID_4176, ID_4213, ID_4396, ID_44871, ID_4638, ID_CAMEROON, ID_CIRCULATORY, ID_CUBE, ID_HIERARCHY, ID_LANDET, ID_MERGE, ID_NOGROUPS, ID_NSD50, ID_PUBLISH, ID_UPElements, LICENSE, localIP, NESSTAR2_SERVER_URL, NESSTAR2_URL, NONE, ROOT_CATALOG, SECTION_MERGE_VG10, SECTION_MERGE_VG7, SECTION_MERGE_VG8, SERVER, SOME, SPSS_FORMAT, STAT_ENGINE, STATEMENT_HOME, STATEMENT1, STUDY_2568, STUDY_2981, STUDY_4176, STUDY_4213, STUDY_44871, STUDY_CAMEROON, STUDY_CIRCULATORY, STUDY_CUBE, STUDY_HIERARCHY, STUDY_HOME, STUDY_LANDET, STUDY_MERGE, STUDY_NOGROUPS, STUDY_NSD50, STUDY_UPElements, STUDY2_2568, STUDY2_4638, STUDY2_UPElements, TEST_PROTOCOL, VAR_HOME, VARIABLE_2568_V1, VARIABLE_2568_V13, VARIABLE_2568_V16, VARIABLE_2568_V17, VARIABLE_2568_V18, VARIABLE_2568_V3, VARIABLE_2568_V354, VARIABLE_2568_V77, VARIABLE_44871_V1, VARIABLE_CAMEROON_V238, VARIABLE_CAMEROON_V355, VARIABLE_LANDET_V1, VARIABLE_LANDET_V2, VARIABLE_MERGE_V22, VARIABLE_MERGE_V23, VARIABLE_MERGE_V26, VARIABLE_MERGE_V41, VID_2568_V1, VID_2568_V13, VID_2568_V16, VID_2568_V17, VID_2568_V18, VID_2568_V3, VID_2568_V354, VID_2568_V77, VID_44871_V1, VID_CAMEROON_V238, VID_CAMEROON_V355, VID_LANDET_V1, VID_LANDET_V2, VID_MERGE_V22, VID_MERGE_V23, VID_MERGE_V26, VID_MERGE_V41, WebDataURL

Constructor Summary
`SecurityTest(String testName)` Constructor for the SecurityTest object

Method Summary
`static void`	`main(String[] args)` The main program for the SecurityTest class
`static junit.framework.Test`	`suite()` Return the suite of all tests of this class *
`void`	`testCrossSiteScripting()` Tests Object browser is possibly vulnerable to Cross Site Scripting (XSS) attacks (#3923)
`void`	`testCrossSiteScripting(URL server)` Tests Object browser is possibly vulnerable to Cross Site Scripting (XSS) attacks (#3923)
`void`	`testJBossWebServiceSecurity()` Test the security of the JBoss Web Service component of a Nesstar Server.
`void`	`testJBossWebServiceSecurity2()` Test the security of the JBoss Web Service component of a Nesstar Server.
`void`	`testJBossWebServiceSecurity3()` Test the security of the JBoss Web Service component of a Nesstar Server.

Methods inherited from class nesstar.test.NesstarTestCase
addAllTests, addAllTests, addDatafile, addPath, adminLogin, assertBinary, assertContains, assertContains, assertDoesNotContain, assertDoesNotContain, assertDuration, assertEqualIgnoreOrder, assertEquals, assertMatches, assertMatches, assertNoAccess, assertNoAccess, assertNoAccess, assertNotEquals, assertNotEquals, assertObjDoesNotExists, assertObjDoesNotExists, assertObjExists, assertObjExists, assertWebAuthorisationRequired, assertWebAuthorisationRequired, basicSetup, cannotRun, catalogSetup, checkIllegalArgument, checkPaths, checkPathsTo, checkPathsTo, checkPerformance, compareWithFile, compareWithReferenceFile, compareWithTestFile, compareWithTestFile, createDerivedVariable, createDerivedVariable, createDerivedVariableUnprotected, cubeSetup, cvsAbstractName, cvsClientSetup, cvsCompare, cvsCompare, cvsFailIfDifferent, cvsFailIfDifferent, cvsFileRevision, cvsFileRevisions, cvsRootDir, dependsOn, dependsOn, equalToFile, equalToTestFile, equalToTestFile, executeRangeQuery, executeRangeQuery, executeRangeQuery, executeRangeQueryAdditivity, expectFalse, expectTrue, extractZipFile, factsheetSetup, findPosition, flirtWithTestFile, getBrowserPage, getBrowserPage, getCatalog, getCategoryStatistic, getCategoryStatisticFromVariable, getConcept, getCurrentBrowserPage, getCvsPropertiesFile, getDatafile, getDDITestFile, getDDITestFileContents, getDerivedVariableByName, getDimension, getDimensionFromCube, getEGMSResource, getEGMSResource2, getEvent, getExisting, getFailedDir, getFailedFile, getFilenames, getFilteredTestFile, getGeographicalUnit, getLocalFile, getMaxConcurrentOps, getMeasure, getNumberCompletedOps, getNumberHTTPConnections, getNumberStartedOps, getObj, getObjectsFrom, getObjURL, getOrganisation, getPage, getPage, getPartsOf, getPartsOf, getPartsOf, getPerson, getRawPage, getRDF, getReport, getResultDir, getResultFile, getSecureObjURL, getSecureServerURL, getServerDataDir, getServerDatafile, getServerIP, getServerLog, getServerName, getServerObjURL, getServerPage, getServerPageURL, getServerPassword, getServerPort, getServerSecurePort, getServerURL, getServerUsername, getStatementsOn, getStatementsOn, getTableFromStudy, getTerm, getTestDir, getTestFile, getTestFile, getVariable, getVariableFromStudy, getWebFile, getZipFile, hasWebData, HCSetup, isLocalServer, isNTService, isOnline, isQuickie, isReleaseTest, isWaitForSQLServerIndexer, loadCube, loadDDI, loadHashFromFile, loadStudy, loadStudy3, loadVariable, msg, msg, noDirectAccess, objExists, objsExists, openEMWindow, performRangeQuery, querySetup, read, rebootServer, rebootServer, reloadObj, removeAllVars, removeCreationDate, removeProperties, removeServerURL, repeatCheck, saveToTestFile, setNTService, setQuickie, setReleaseTest, setWaitForSQLServerIndexer, statementSetup, studyCleanup, studySetup, tableSetup, toMsg, toString, untested, updateChildren, variableSetup, waitForSQLServerIndexer, waitServer, warn, webclientSetup, write, xthesaurusSetup

Methods inherited from class nesstar.test.NesstarTestCase

addAllTests, addAllTests, addDatafile, addPath, adminLogin, assertBinary, assertContains, assertContains, assertDoesNotContain, assertDoesNotContain, assertDuration, assertEqualIgnoreOrder, assertEquals, assertMatches, assertMatches, assertNoAccess, assertNoAccess, assertNoAccess, assertNotEquals, assertNotEquals, assertObjDoesNotExists, assertObjDoesNotExists, assertObjExists, assertObjExists, assertWebAuthorisationRequired, assertWebAuthorisationRequired, basicSetup, cannotRun, catalogSetup, checkIllegalArgument, checkPaths, checkPathsTo, checkPathsTo, checkPerformance, compareWithFile, compareWithReferenceFile, compareWithTestFile, compareWithTestFile, createDerivedVariable, createDerivedVariable, createDerivedVariableUnprotected, cubeSetup, cvsAbstractName, cvsClientSetup, cvsCompare, cvsCompare, cvsFailIfDifferent, cvsFailIfDifferent, cvsFileRevision, cvsFileRevisions, cvsRootDir, dependsOn, dependsOn, equalToFile, equalToTestFile, equalToTestFile, executeRangeQuery, executeRangeQuery, executeRangeQuery, executeRangeQueryAdditivity, expectFalse, expectTrue, extractZipFile, factsheetSetup, findPosition, flirtWithTestFile, getBrowserPage, getBrowserPage, getCatalog, getCategoryStatistic, getCategoryStatisticFromVariable, getConcept, getCurrentBrowserPage, getCvsPropertiesFile, getDatafile, getDDITestFile, getDDITestFileContents, getDerivedVariableByName, getDimension, getDimensionFromCube, getEGMSResource, getEGMSResource2, getEvent, getExisting, getFailedDir, getFailedFile, getFilenames, getFilteredTestFile, getGeographicalUnit, getLocalFile, getMaxConcurrentOps, getMeasure, getNumberCompletedOps, getNumberHTTPConnections, getNumberStartedOps, getObj, getObjectsFrom, getObjURL, getOrganisation, getPage, getPage, getPartsOf, getPartsOf, getPartsOf, getPerson, getRawPage, getRDF, getReport, getResultDir, getResultFile, getSecureObjURL, getSecureServerURL, getServerDataDir, getServerDatafile, getServerIP, getServerLog, getServerName, getServerObjURL, getServerPage, getServerPageURL, getServerPassword, getServerPort, getServerSecurePort, getServerURL, getServerUsername, getStatementsOn, getStatementsOn, getTableFromStudy, getTerm, getTestDir, getTestFile, getTestFile, getVariable, getVariableFromStudy, getWebFile, getZipFile, hasWebData, HCSetup, isLocalServer, isNTService, isOnline, isQuickie, isReleaseTest, isWaitForSQLServerIndexer, loadCube, loadDDI, loadHashFromFile, loadStudy, loadStudy3, loadVariable, msg, msg, noDirectAccess, objExists, objsExists, openEMWindow, performRangeQuery, querySetup, read, rebootServer, rebootServer, reloadObj, removeAllVars, removeCreationDate, removeProperties, removeServerURL, repeatCheck, saveToTestFile, setNTService, setQuickie, setReleaseTest, setWaitForSQLServerIndexer, statementSetup, studyCleanup, studySetup, tableSetup, toMsg, toString, untested, updateChildren, variableSetup, waitForSQLServerIndexer, waitServer, warn, webclientSetup, write, xthesaurusSetup

Methods inherited from class junit.framework.TestCase
`countTestCases, getName, run, run, runBare, setName, toString`

Methods inherited from class junit.framework.Assert
`assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertFalse, assertFalse, assertNotNull, assertNotNull, assertNotSame, assertNotSame, assertNull, assertNull, assertSame, assertSame, assertTrue, assertTrue, fail, fail`

Methods inherited from class junit.framework.Assert

assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertFalse, assertFalse, assertNotNull, assertNotNull, assertNotSame, assertNotSame, assertNull, assertNull, assertSame, assertSame, assertTrue, assertTrue, fail, fail

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Constructor Detail

SecurityTest

public SecurityTest(String testName)

Constructor for the SecurityTest object

Parameters:: testName -

Method Detail

main

public static void main(String[] args)

The main program for the SecurityTest class

Parameters:: args - The command line arguments

suite

public static junit.framework.Test suite()

Return the suite of all tests of this class *

Returns:: The test suite

testJBossWebServiceSecurity

public void testJBossWebServiceSecurity()
                                 throws Exception

Test the security of the JBoss Web Service component of a Nesstar Server. For further details see Nessus ID 11037

Throws:: Exception

testJBossWebServiceSecurity2

public void testJBossWebServiceSecurity2()
                                  throws Exception

Test the security of the JBoss Web Service component of a Nesstar Server. For further details see Nessus ID 11183

Throws:: Exception

testJBossWebServiceSecurity3

public void testJBossWebServiceSecurity3()
                                  throws Exception

Test the security of the JBoss Web Service component of a Nesstar Server. For further details see Nessus ID 10445 and Nessus ID 10320 This test seems to slow down the server considerably for a while.

Throws:: Exception

testCrossSiteScripting

public void testCrossSiteScripting()
                            throws Exception

Tests Object browser is possibly vulnerable to Cross Site Scripting (XSS) attacks (#3923)

Throws:: Exception

testCrossSiteScripting

public void testCrossSiteScripting(URL server)
                            throws Exception

Tests Object browser is possibly vulnerable to Cross Site Scripting (XSS) attacks (#3923)

Throws:: Exception

Overview

Package

Class

Tree

Deprecated

Index

Help

Nesstar SDK

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

nesstar.test.functional Class SecurityTest

SecurityTest

main

suite

testJBossWebServiceSecurity

testJBossWebServiceSecurity2

testJBossWebServiceSecurity3

testCrossSiteScripting

testCrossSiteScripting

nesstar.test.functional
Class SecurityTest