ESAPI methodEnabled Tests

jeremiahjstacey · jeremiahjstacey · commit 717d9f150350 · 2025-06-16T17:59:03.000-05:00
Adding branch testing for ESAPI.isMethodExplicitlyEnabled behavior to
account for parameter cases.

Only case not covered is providing an ESAPI.properties that does not
contain the new key.
diff --git a/src/test/java/org/owasp/esapi/ESAPIVerifyAllowedMethods.java b/src/test/java/org/owasp/esapi/ESAPIVerifyAllowedMethods.java
@@ -0,0 +1,50 @@
+package org.owasp.esapi;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+
+public class ESAPIVerifyAllowedMethods {
+
+	@Test (expected = IllegalArgumentException.class)
+	public void verifyNulParamThrows() {
+		ESAPI.isMethodExplicityEnabled(null);
+	}
+	
+	@Test (expected = IllegalArgumentException.class)
+	public void verifyEmptyNoWhitespaceParameterThrows() {
+		ESAPI.isMethodExplicityEnabled("");
+	}
+	
+	@Test (expected = IllegalArgumentException.class)
+	public void verifyEmptyOnlyWhitespaceParameterThrows() {
+		ESAPI.isMethodExplicityEnabled("   ");
+	}
+	
+	@Test (expected = IllegalArgumentException.class)
+	public void verifyEmptyOnlyTabWhitespaceParameterThrows() {
+		ESAPI.isMethodExplicityEnabled("\t");
+	}
+	
+	@Test (expected = IllegalArgumentException.class)
+	public void verifyEmptyOnlyNewlineWhitespaceParameterThrows() {
+		ESAPI.isMethodExplicityEnabled("\n");
+	}
+	
+	
+	
+	@Test (expected = IllegalArgumentException.class)
+	public void verifyNonEsapiPackageParameterThrows() {
+		ESAPI.isMethodExplicityEnabled("com.myPackage.myScope.method");
+	}
+	@Test 
+	public void verifyUnknownMethodFailsEnableCheck() {
+		Assert.assertFalse(ESAPI.isMethodExplicityEnabled("org.owasp.esapi.reference.DefaultEncoder.encodeForSQ"));
+	}
+	
+	@Test 
+	public void verifyDefinedRestrictionIsCaught() {
+		Assert.assertTrue(ESAPI.isMethodExplicityEnabled("org.owasp.esapi.reference.DefaultEncoder.encodeForSQL"));
+	}
+	
+}
