Source Code of com.denimgroup.threadfix.framework.impl.dotNetWebForm.AutoGeneratedParameterNameTests

////////////////////////////////////////////////////////////////////////
//
//     Copyright (c) 2009-2014 Denim Group, Ltd.
//
//     The contents of this file are subject to the Mozilla Public License
//     Version 2.0 (the "License"); you may not use this file except in
//     compliance with the License. You may obtain a copy of the License at
//     http://www.mozilla.org/MPL/
//
//     Software distributed under the License is distributed on an "AS IS"
//     basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
//     License for the specific language governing rights and limitations
//     under the License.
//
//     The Original Code is ThreadFix.
//
//     The Initial Developer of the Original Code is Denim Group, Ltd.
//     Portions created by Denim Group, Ltd. are Copyright (C)
//     Denim Group, Ltd. All Rights Reserved.
//
//     Contributor(s): Denim Group, Ltd.
//
////////////////////////////////////////////////////////////////////////
package com.denimgroup.threadfix.framework.impl.dotNetWebForm;

import com.denimgroup.threadfix.data.interfaces.Endpoint;
import com.denimgroup.threadfix.framework.TestConstants;
import com.denimgroup.threadfix.framework.engine.full.EndpointDatabase;
import com.denimgroup.threadfix.framework.engine.full.EndpointDatabaseFactory;
import com.denimgroup.threadfix.framework.engine.full.EndpointQuery;
import com.denimgroup.threadfix.framework.engine.full.EndpointQueryBuilder;
import org.junit.Test;

import java.util.Set;

/**
 * Created by mac on 10/20/14.
 */
public class AutoGeneratedParameterNameTests {

    @Test
    public void testContosoGeneratedProperties() {
        String[] params = {
                "ctl00$MainContent$StudentsDetailsView$ctl01",
                "ctl00$MainContent$StudentsDetailsView$ctl02",
                "ctl00$MainContent$StudentsDetailsView$ctl03"
        };

        checkParameters(TestConstants.WEB_FORMS_CONTOSO, "/StudentsAdd.aspx", params);
    }

    @Test
    public void testFullIntegration() {
        String[] params = {
                "ctl00$masterpage$ctl01",
                "ctl00$masterpage$ctl02",
                "ctl00$masterpage$ctl03",
                "ctl00$masterpage$ctl04",
                "ctl00$MainContent$ctl00$ctl01",
                "ctl00$MainContent$ctl00$ctl02",
                "ctl00$MainContent$ctl00$ctl03",
                "ctl00$MainContent$ctl00$ctl04",
                "ctl00$MainContent$WebUserControl1$textColor",
                "ctl00$MainContent$WebUserControl1$DetailsView1$ctl01",
                "ctl00$MainContent$WebUserControl1$DetailsView1$ctl02",
                "ctl00$MainContent$WebUserControl1$DetailsView1$ctl03",
                "ctl00$MainContent$WebUserControl1$DetailsView1$ctl04"
        };

        checkParameters(TestConstants.WEB_FORMS_MODIFIED, "/StudentsAdd.aspx", params);
    }

    @Test
    public void testRiskEParameters() {
        EndpointDatabase database = EndpointDatabaseFactory.getDatabase(TestConstants.RISK_E_UTILITY);

        checkParameters(database, "/ViewStatement.aspx", "StatementID");
        checkParameters(database, "/LoginPage.aspx", "txtPassword", "txtUsername");
        checkParameters(database, "/Message.aspx", "Msg");
        checkParameters(database, "/MakePayment.aspx", "txtCardNumber");
    }

    @Test
    public void testWebGoatDotNetParameters() {
        EndpointDatabase database = EndpointDatabaseFactory.getDatabase(TestConstants.WEBGOAT_DOT_NET);

        checkParameters(database, "/WebGoatCoins/ChangePassword.aspx", "txtPassword1", "txtPassword2");
        checkParameters(database, "/WebGoatCoins/CustomerLogin.aspx", "txtUserName", "txtPassword");
        checkParameters(database, "/WebGoatCoins/ForgotPassword.aspx", "txtAnswer", "txtEmail");
        checkParameters(database, "/WebGoatCoins/ProductDetails.aspx", "productNumber", "txtEmail", "txtComment", "hiddenFieldProductID");
        checkParameters(database, "/AddNewUser.aspx", "Username", "Password", "Email", "SecurityAnswer");
        checkParameters(database, "/ProxySetup.aspx", "txtName");
    }

    private void checkParameters(String databaseLocation, String endpointUrl, String... params) {
        EndpointDatabase database = EndpointDatabaseFactory.getDatabase(databaseLocation);

        assert database != null : "Database was null for " + databaseLocation;

        checkParameters(database, endpointUrl, params);
    }

    // having this separate enables us to reuse a database between test calls to save parsing time
    private void checkParameters(EndpointDatabase database, String endpointUrl, String... params) {
        EndpointQuery query =
                EndpointQueryBuilder
                        .start()
                        .setDynamicPath(endpointUrl)
                        .generateQuery();

        Set<Endpoint> allMatches = database.findAllMatches(query);

        assert allMatches.size() == 1 :
                "Got " + allMatches.size() + " endpoints for " + endpointUrl + ": " + allMatches;

        Endpoint endpoint = allMatches.iterator().next();

        for (String param : params) {
            assert endpoint.getParameters().contains(param) :
                    "Parameters for " + endpointUrl + " didn't contain " + param + " : " + endpoint.getParameters();
        }
    }
}