PowerMock, Testing Private Methods

December 18, 2014

Explore why and how to use PowerMock to test private methods in Java, focusing on scenarios where refactoring isn't feasible and the benefits for continuous delivery.

TL;DR: PowerMock allows testing private methods, useful for existing codebases and optimizing test run times in continuous delivery. Example shows using @RunWith(PowerMockRunner.class) and Whitebox.invokeMethod.

Programming LanguagesDevelopment Best PracticesJavaPowerMock

Secure APIs against XEE Attacks (XML Injection Attacks)

November 1, 2014

Learn how to secure your APIs against XML External Entity (XEE) attacks, including XML Injection and XML Expansion attacks, with practical mitigation steps for Java and RestEasy.

TL;DR: Prevent XEE attacks in Java/RestEasy by configuring SAXParserFactory to disable external entities and disallow DTDs, and enabling secure processing.

Software ArchitectureDevelopment Best PracticesProgramming LanguagessecurityAPIXMLJava

Apache Tomcat Valves, Custom Valve

October 1, 2014

Learn how to implement and configure custom Apache Tomcat Valves to insert logic into the request processing pipeline.

TL;DR: Custom Tomcat Valves extend ValveBase and override invoke method. Register them in deployment descriptors like jboss-web.xml for server-level request processing.

DevOpsCloudJavaProgramming Languages

Input Sanitization: Invalid XML Data, Validation

September 1, 2014

Learn how to handle invalid XML characters in input data, especially when converting JSON to XML, and how to resolve issues with curl requests.

TL;DR: Sanitize XML input by using a regex to remove invalid characters. Unescape characters from curl requests before validation using Apache Commons Lang's `StringEscapeUtils.unescapeJava`.

Programming LanguagesDevelopment Best PracticesXMLJava