Test Coverage

jeremiahjstacey · jeremiahjstacey · commit 2474d44e6e18 · 2025-06-16T20:23:21.000-05:00
using the SecurityConfigurationWrapper to verify remaining test case
when a ConfigurationException is thrown when the new property is
missing or undefined.
diff --git a/src/test/java/org/owasp/esapi/ESAPIVerifyAllowedMethods.java b/src/test/java/org/owasp/esapi/ESAPIVerifyAllowedMethods.java
@@ -1,7 +1,10 @@
 package org.owasp.esapi;
 
+import org.bouncycastle.crypto.modes.CBCModeCipher;
 import org.junit.Assert;
 import org.junit.Test;
+import org.mockito.Mockito;
+import org.owasp.esapi.errors.ConfigurationException;
 
 
 public class ESAPIVerifyAllowedMethods {
@@ -47,4 +50,19 @@ public void verifyDefinedRestrictionIsCaught() {
 		Assert.assertTrue(ESAPI.isMethodExplicityEnabled("org.owasp.esapi.reference.DefaultEncoder.encodeForSQL"));
 	}
 	
+	@Test 
+	public void testMissingPropertyReturnsFalse() {
+		try {
+		SecurityConfiguration mockConfig = Mockito.mock(SecurityConfiguration.class);
+		Mockito.when(mockConfig.getStringProp("ESAPI.dangerouslyAllowUnsafeMethods.methodNames")).thenThrow(ConfigurationException.class);
+		ESAPI.override(mockConfig);
+		
+		Assert.assertFalse(ESAPI.isMethodExplicityEnabled("org.owasp.esapi.thisValueDoesNotMatter"));
+		Mockito.verify(mockConfig, Mockito.times(1)).getStringProp("ESAPI.dangerouslyAllowUnsafeMethods.methodNames");
+		} finally {
+			ESAPI.override(null);
+		}
+		
+	}
+	
 }
