feat: add integration test for jakarta JSP

Author: jeremylong

.github/workflows/build.yaml

@@ -21,6 +21,6 @@ jobs:
         distribution: 'temurin'
     - name: Run build
       run: |
-        mvn install
+        mvn install -PtestJakarta
 
 

.gitignore

@@ -19,3 +19,4 @@ nb-configuration.xml
 /esapi/target/
 /target/
 /jakarta/target/
+/jakarta-test/target/

README.md

@@ -78,15 +78,26 @@ Java 9+ Module Names
 | encoder-jsp         | owasp.encoder.jsp     |
 | encoder-espai       | owasp.encoder.esapi   |
 
+
+TagLib
+--------------------
+
+| Lib                 | TagLib                                                                                        |
+|---------------------|-----------------------------------------------------------------------------------------------|
+| encoder-jakarta-jsp | <%@taglib prefix="e" uri="owasp.encoder.jakarta"%>                                      |
+| encoder-jsp         | <%@taglib prefix="e" uri="https://www.owasp.org/index.php/OWASP_Java_Encoder_Project"%> |
+
+
 News
 ----
-### 2024-08-01 - 1.2.3 Release
+### 2024-08-02 - 1.3.0 Release
 The team is happy to announce that version 1.3.0 has been released!
-* Minimum JDK Requirement are now Java 8
+* Minimum JDK Requirement is now Java 8
   - Requires Java 17 to build due to test case dependencies.
 * Adds Java 9 Module name via Multi-Release Jars (#77).
 * Fixed compilation errors with the ESAPI Thunk (#76).
 * Adds support for Servlet Spec 5 using the `jakarta.servlet.*` (#75).
+  - taglib : <%@taglib prefix="e" uri="owasp.encoder.jakarta"%>
 
 ### 2020-11-08 - 1.2.3 Release
 The team is happy to announce that version 1.2.3 has been released! 

jakarta-test/pom.xml

@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>3.3.2</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+    <groupId>org.owasp.encoder.testing</groupId>
+    <artifactId>jakarta-test</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <packaging>war</packaging>
+    <name>jakarta-test</name>
+    <description>Test for OWASP encoder jakarta JSP</description>
+    <properties>
+        <java.version>17</java.version>
+    </properties>
+    <dependencies>
+        <dependency>
+            <groupId>org.owasp.encoder</groupId>
+            <artifactId>encoder-jakarta-jsp</artifactId>
+            <version>1.3.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-jasper</artifactId>
+            <version>10.1.18</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-tomcat</artifactId>
+            <version>3.2.2</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>jakarta.servlet</groupId>
+            <artifactId>jakarta.servlet-api</artifactId>
+            <version>6.0.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>jakarta.servlet.jsp</groupId>
+            <artifactId>jakarta.servlet.jsp-api</artifactId>
+            <version>3.1.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>jakarta.servlet.jsp.jstl</groupId>
+            <artifactId>jakarta.servlet.jsp.jstl-api</artifactId>
+            <version>3.0.0</version>
+        </dependency>
+        <dependency>
+            <groupId>jakarta.el</groupId>
+            <artifactId>jakarta.el-api</artifactId>
+            <version>5.0.1</version>
+        </dependency>
+        <dependency>
+            <groupId>org.glassfish.web</groupId>
+            <artifactId>jakarta.servlet.jsp.jstl</artifactId>
+            <version>3.0.1</version>
+        </dependency>
+        
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-testcontainers</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.testcontainers</groupId>
+            <artifactId>selenium</artifactId>
+            <version>1.20.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.seleniumhq.selenium</groupId>
+            <artifactId>selenium-remote-driver</artifactId>
+            <version>4.23.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.seleniumhq.selenium</groupId>
+            <artifactId>selenium-chrome-driver</artifactId>
+            <version>4.23.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.testcontainers</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <version>1.20.0</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <finalName>jakarta-test</finalName>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <configuration>
+                    <mainClass>org.owasp.encoder.testing.jakarta_test.JakartaTestApplication</mainClass>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>repackage</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

jakarta-test/src/main/java/org/owasp/encoder/testing/jakarta_test/JakartaTestApplication.java

@@ -0,0 +1,20 @@
+package org.owasp.encoder.testing.jakarta_test;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+
+@SpringBootApplication(scanBasePackages = "org.owasp.encoder.testing.jakarta_test")
+public class JakartaTestApplication extends SpringBootServletInitializer {
+
+    @Override
+    protected SpringApplicationBuilder configure(SpringApplicationBuilder builder) {
+        return builder.sources(JakartaTestApplication.class);
+    }
+
+    public static void main(String[] args) {
+        SpringApplication.run(JakartaTestApplication.class, args);
+    }
+
+}

jakarta-test/src/main/java/org/owasp/encoder/testing/jakarta_test/controller/HomeController.java

@@ -0,0 +1,19 @@
+package org.owasp.encoder.testing.jakarta_test.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+/**
+ *
+ * @author jeremy
+ */
+@Controller
+@RequestMapping("/")
+public class HomeController {
+
+    @GetMapping("")
+    public String index() {
+        return "index";
+    }
+}

jakarta-test/src/main/java/org/owasp/encoder/testing/jakarta_test/controller/ItemController.java

@@ -0,0 +1,32 @@
+/*
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
+ */
+package org.owasp.encoder.testing.jakarta_test.controller;
+
+import org.owasp.encoder.testing.jakarta_test.service.ItemService;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+/**
+ *
+ * @author jeremy
+ */
+@Controller
+@RequestMapping("/item")
+public class ItemController {
+
+    private final ItemService itemService;
+
+    public ItemController(ItemService itemService) {
+        this.itemService = itemService;
+    }
+
+    @GetMapping("/viewItems")
+    public String viewItems(Model model) {
+        model.addAttribute("items", itemService.getItems());
+        return "view-items";
+    }
+}

jakarta-test/src/main/java/org/owasp/encoder/testing/jakarta_test/dto/Item.java

@@ -0,0 +1,77 @@
+package org.owasp.encoder.testing.jakarta_test.dto;
+
+/**
+ *
+ * @author jeremy
+ */
+public class Item {
+
+    private int id;
+
+    private String name;
+    
+    private String description;
+
+    public Item() {
+    }
+
+    public Item(int id, String name, String description) {
+        this.id = id;
+        this.name = name;
+        this.description = description;
+    }
+
+    /**
+     * Get the value of id
+     *
+     * @return the value of id
+     */
+    public int getId() {
+        return id;
+    }
+
+    /**
+     * Set the value of id
+     *
+     * @param id new value of id
+     */
+    public void setId(int id) {
+        this.id = id;
+    }
+
+    /**
+     * Get the value of name
+     *
+     * @return the value of name
+     */
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * Set the value of name
+     *
+     * @param name new value of name
+     */
+    public void setName(String name) {
+        this.name = name;
+    }
+
+        /**
+     * Get the value of description
+     *
+     * @return the value of description
+     */
+    public String getDescription() {
+        return description;
+    }
+
+    /**
+     * Set the value of description
+     *
+     * @param description new value of description
+     */
+    public void setDescription(String description) {
+        this.description = description;
+    }
+}

jakarta-test/src/main/java/org/owasp/encoder/testing/jakarta_test/service/ItemService.java

@@ -0,0 +1,14 @@
+package org.owasp.encoder.testing.jakarta_test.service;
+
+import java.util.Collection;
+import org.owasp.encoder.testing.jakarta_test.dto.Item;
+
+/**
+ *
+ * @author jeremy
+ */
+public interface ItemService {
+    Collection<Item> getItems();
+
+    Item addItem(Item item);
+}

jakarta-test/src/main/java/org/owasp/encoder/testing/jakarta_test/service/impl/ItemServiceImpl.java

@@ -0,0 +1,29 @@
+package org.owasp.encoder.testing.jakarta_test.service.impl;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import org.owasp.encoder.testing.jakarta_test.dto.Item;
+import org.owasp.encoder.testing.jakarta_test.service.ItemService;
+import org.springframework.stereotype.Service;
+
+/**
+ *
+ * @author jeremy
+ */
+@Service
+public class ItemServiceImpl implements ItemService {
+
+    @Override
+    public Collection<Item> getItems() {
+        Collection<Item> items = new ArrayList<>();
+        items.add(new Item(1, "menu", "blob"));
+        items.add(new Item(2, "top<script>alert(1)</script>", "fancy <script>alert(1)</script>"));
+        return items;
+    }
+
+    @Override
+    public Item addItem(Item item) {
+        throw new UnsupportedOperationException("Not supported yet."); // Generated from nbfs://nbhost/SystemFileSystem/Templates/Classes/Code/GeneratedMethodBody
+    }
+
+}

jakarta-test/src/main/resources/application.properties

@@ -0,0 +1,4 @@
+spring.application.name=jakarta-test
+server.servlet.context-path=/jakarta-test
+spring.mvc.view.prefix=/WEB-INF/jsp/
+spring.mvc.view.suffix=.jsp

jakarta-test/src/main/resources/static/css/common.css

@@ -0,0 +1,10 @@
+table {
+    font-family: arial, sans-serif;
+    border-collapse: collapse;
+}
+
+td, th {
+    border: 1px solid #dddddd;
+    text-align: left;
+    padding: 8px;
+}

jakarta-test/src/main/resources/static/error/4xx.html

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Error</title>
+</head>
+<body>
+Apparently you don't know what you are looking for?<br/><br/>4xx Error Occurred
+</body>
+</html>