Adding test for DefaultCountriesDataLoaderImpl.java

Security test
tomaytotomato · Aug 13, 2024 · 25c2249 · 25c2249
1 parent cd66608
commit 25c2249
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 5 deletions.
diff --git a/location4j/pom.xml b/location4j/pom.xml
@@ -160,6 +160,12 @@
       <scope>test</scope>
       <version>${assertj-core.version}</version>
     </dependency>
+    <dependency>
+      <groupId>org.mockito</groupId>
+      <artifactId>mockito-core</artifactId>
+      <version>5.7.0</version>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
   <description>${parent.description}</description>
   <developers>

diff --git a/location4j/src/main/java/com/tomaytotomato/loader/DefaultCountriesDataLoaderImpl.java b/location4j/src/main/java/com/tomaytotomato/loader/DefaultCountriesDataLoaderImpl.java
@@ -1,11 +1,13 @@
 package com.tomaytotomato.loader;
 
 import com.tomaytotomato.model.Country;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.ObjectInputStream;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Objects;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -23,18 +25,17 @@ public class DefaultCountriesDataLoaderImpl implements CountriesDataLoader {
   public DefaultCountriesDataLoaderImpl() {
     var logger = Logger.getLogger(this.getClass().getName());
 
-    String urlToFile = getClass().getResource(DEFAULT_FILE).toString();
-    String urlToThis =
-        this.getClass().getResource(this.getClass().getSimpleName() + ".class").toString();
+    String urlToFile = getResource(DEFAULT_FILE).toString();
+    String urlToThis = getResource(this.getClass().getSimpleName() + ".class").toString();
     String trimmed = urlToFile.substring(0, urlToFile.indexOf(DEFAULT_FILE));
     if (!urlToThis.startsWith(trimmed)) {
       throw new SecurityException(
           DEFAULT_FILE + " is not in the same artifact as the loader: security issue");
     }
 
-    try (InputStream inputStream = getClass().getResourceAsStream(DEFAULT_FILE)) {
+    try (InputStream inputStream = getResourceAsStream(DEFAULT_FILE)) {
       logger.info("Attempting to load countries from " + DEFAULT_FILE);
-      if (inputStream == null) {
+      if (Objects.isNull(inputStream)) {
         throw new IllegalArgumentException("File not found: " + DEFAULT_FILE);
       }
 
@@ -45,6 +46,14 @@ public DefaultCountriesDataLoaderImpl() {
     }
   }
 
+  protected InputStream getResourceAsStream(String resource) {
+    return getClass().getResourceAsStream(resource);
+  }
+
+  protected java.net.URL getResource(String resource) {
+    return getClass().getResource(resource);
+  }
+
   private void loadLocationsFromBinary(InputStream inputStream, Logger logger)
       throws IOException, ClassNotFoundException {
     try (var objectInputStream = new ObjectInputStream(inputStream)) {

diff --git a/location4j/src/test/java/com/tomaytotomato/loader/DefaultCountriesDataLoaderImplTest.java b/location4j/src/test/java/com/tomaytotomato/loader/DefaultCountriesDataLoaderImplTest.java
@@ -0,0 +1,49 @@
+package com.tomaytotomato.loader;
+
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+
+class DefaultCountriesDataLoaderImplTest {
+
+  /**
+   * Verifies that the constructor throws a SecurityException if resource paths do not match.
+   */
+  @DisplayName("Constructor should throw SecurityException for mismatched resource paths")
+  @Test
+  void testSecurityExceptionThrownWhenFilePathIsInvalid() {
+
+    // Given
+    class TestCountriesDataLoader extends DefaultCountriesDataLoaderImpl {
+      @Override
+      protected URL getResource(String resource) {
+        try {
+          if (resource.equals("/location4j.bin")) {
+            return new URI("file:///mock-path/location4j.bin").toURL();
+          } else if (resource.equals("TestCountriesDataLoader.class")) {
+            return new URI("file:///hacked/DefaultCountriesDataLoaderImpl.class").toURL();
+          }
+        } catch (MalformedURLException | URISyntaxException e) {
+          throw new RuntimeException("Failed to create mock URL for resource: " + resource, e);
+        }
+        return null;
+      }
+
+      @Override
+      protected InputStream getResourceAsStream(String resource) {
+        return this.getClass().getResourceAsStream("/hacked-location4j.bin");
+      }
+    }
+
+    // When Then
+    assertThatThrownBy(TestCountriesDataLoader::new)
+        .isInstanceOf(SecurityException.class)
+        .hasMessageContaining("/location4j.bin is not in the same artifact as the loader: security issue");
+  }
+}
diff --git a/location4j/src/test/resources/hacked-location4j.bin b/location4j/src/test/resources/hacked-location4j.bin
@@ -0,0 +1 @@
+fl;kdsa;'flsdakjfdsal;kfjds;klj2309rjfsdkl;jfsd;lkfjdsa;lkfdsaja;sldkj
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		fl;kdsa;'flsdakjfdsal;kfjds;klj2309rjfsdkl;jfsd;lkfjdsa;lkfdsaja;sldkj