javax.servlet-api 3.1.0 update

Updating classes with new API configurations.

Added configuration in versionRuleset.xml to prevent displays of
anything newer than 3.x versions.

Author: jeremiahjstacey

pom.xml

@@ -149,15 +149,20 @@
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>javax.servlet-api</artifactId>
-            <!-- Note: v3.1.0+ causes compilation errors. So would have to fix to upgrade. -->
-            <version>3.0.1</version>
+            <version>3.1.0</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>javax.servlet.jsp</groupId>
             <artifactId>javax.servlet.jsp-api</artifactId>
             <version>2.3.3</version>
             <scope>provided</scope>
+              <exclusions>
+                <exclusion>
+                    <groupId>javax.servlet</groupId>
+                    <artifactId>javax.servlet-api</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>com.io7m.xom</groupId>

src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java

@@ -24,6 +24,7 @@
 import java.util.Enumeration;
 import java.util.Vector;
 
+import javax.servlet.ReadListener;
 import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
@@ -171,18 +172,37 @@ public Enumeration getDictionaryParameterNames() {
 	private class RAFInputStream extends ServletInputStream {
 
 		RandomAccessFile raf;
+		boolean isDone = false;
 
 		public RAFInputStream(RandomAccessFile raf) throws IOException {
 			this.raf = raf;
 			this.raf.seek(0);
 		}
 
 		public int read() throws IOException {
-			return raf.read();
+			int rval = raf.read();
+			isDone = rval == -1;
+			return rval;
 		}
 
 		public synchronized void reset() throws IOException {
 			raf.seek(0);
+			isDone=false;
+		}
+
+		@Override
+		public boolean isFinished() {
+			return isDone;
+		}
+
+		@Override
+		public boolean isReady() {
+			return false;
+		}
+
+		@Override
+		public void setReadListener(ReadListener readListener) {
+			//NO-OP.  Unused in this scope
 		}
 	}
 

src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java

@@ -21,6 +21,7 @@
 import java.io.RandomAccessFile;
 
 import javax.servlet.ServletOutputStream;
+import javax.servlet.WriteListener;
 
 /**
  * This class was inspired by ModSecurity for Java by Ivan Ristic. We hook
@@ -161,4 +162,14 @@ public void close() throws IOException {
 
     }
 
+	@Override
+	public boolean isReady() {
+		return os.isReady();
+	}
+
+	@Override
+	public void setWriteListener(WriteListener writeListener) {
+		os.setWriteListener(writeListener);
+	}
+
 }

src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java

@@ -46,6 +46,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpUpgradeHandler;
 import javax.servlet.http.Part;
 
 /**
@@ -737,4 +738,19 @@ public DispatcherType getDispatcherType() {
         throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
     }
 
+	@Override
+	public long getContentLengthLong() {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
+
+	@Override
+	public String changeSessionId() {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
+
+	@Override
+	public <T extends HttpUpgradeHandler> T upgrade(Class<T> handlerClass) throws IOException, ServletException {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
+
 }

src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java

@@ -24,6 +24,7 @@
 import java.util.Locale;
 
 import javax.servlet.ServletOutputStream;
+import javax.servlet.WriteListener;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 
@@ -279,6 +280,16 @@ public ServletOutputStream getOutputStream() throws IOException {
 			public void write(int b) throws IOException {
 				body.append((char)b);
 			}
+
+			@Override
+			public boolean isReady() {
+				return false;
+			}
+
+			@Override
+			public void setWriteListener(WriteListener writeListener) {
+				//NO-OP
+			}
 		};
 	}
 
@@ -369,5 +380,10 @@ public void dump() {
     public Collection<String> getHeaders(String string) {
         throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
     }
+
+	@Override
+	public void setContentLengthLong(long len) {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
 
 }

src/test/java/org/owasp/esapi/http/MockServletContext.java

@@ -693,4 +693,9 @@ public ClassLoader getClassLoader() {
     public void declareRoles(String... strings) {
         throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
     }
+
+	@Override
+	public String getVirtualServerName() {
+		throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+	}
 }

src/test/java/org/owasp/esapi/http/MockServletInputStream.java

@@ -15,6 +15,7 @@
  */
 package org.owasp.esapi.http;
 
+import javax.servlet.ReadListener;
 import javax.servlet.ServletInputStream;
 import java.io.IOException;
 
@@ -28,6 +29,7 @@ public class MockServletInputStream extends ServletInputStream {
 
     private int next;
 
+    private boolean isDone = false;
     /**
      * constructor
      * @param body
@@ -45,7 +47,23 @@ public int read() throws IOException {
         if (next < body.length) {
             return body[next++];
         } else {
+        	isDone = true;
             return -1;
         }
     }
+
+	@Override
+	public boolean isFinished() {
+		return isDone;
+	}
+
+	@Override
+	public boolean isReady() {
+		return false;
+	}
+
+	@Override
+	public void setReadListener(ReadListener readListener) {
+		//NO_OP
+	}
 }

versionRuleset.xml

@@ -33,6 +33,11 @@
           <ignoreVersion type="regex">^0{0,1}[4-9].*</ignoreVersion>
        </ignoreVersions>
     </rule>
+    <rule groupId="javax.servlet" artifactId="javax.servlet-api" comparisonMethod="maven">
+       <ignoreVersions>
+          <ignoreVersion type="regex">^0{0,1}[4-9].*</ignoreVersion>
+       </ignoreVersions>
+    </rule>
   </rules>
 </ruleset>
 <!--