Shorten error response for floods of requests; experiment with testing web components

zxingorg/pom.xml

@@ -46,6 +46,18 @@
       <artifactId>junit</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-test</artifactId>
+      <version>5.0.6.RELEASE</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>javax.servlet</groupId>
+      <artifactId>javax.servlet-api</artifactId>
+      <version>3.1.0</version>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 
   <parent>

zxingorg/src/main/java/com/google/zxing/web/DoSFilter.java

@@ -61,7 +61,9 @@ public final class DoSFilter implements Filter {
                        FilterChain chain) throws IOException, ServletException {
     if (isBanned((HttpServletRequest) request)) {
       HttpServletResponse servletResponse = (HttpServletResponse) response;
-      servletResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
+      // Send very short response as requests may be very frequent
+      servletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
+      servletResponse.getWriter().write("Forbidden");
     } else {
       chain.doFilter(request, response);
     }

zxingorg/src/test/java/com/google/zxing/web/HTTPSFilterTestCase.java

@@ -0,0 +1,66 @@
+/*
+ * Copyright 2018 ZXing authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.zxing.web;
+
+import com.google.common.net.HttpHeaders;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.mock.web.MockFilterChain;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Tests {@link HTTPSFilter}.
+ */
+public final class HTTPSFilterTestCase extends Assert {
+
+  private MockHttpServletRequest request;
+  private MockHttpServletResponse response;
+  private MockFilterChain chain;
+
+  @Before
+  public void setUp() {
+    request = new MockHttpServletRequest();
+    request.setServerName("example.org");
+    request.setRequestURI("/path");
+    response = new MockHttpServletResponse();
+    chain = new MockFilterChain();
+
+  }
+
+  @Test
+  public void testNoRedirect() throws Exception {
+    request.setSecure(true);
+    request.setScheme("https");
+    request.setServerPort(443);
+    new HTTPSFilter().doFilter(request, response, chain);
+    assertEquals(HttpServletResponse.SC_OK, response.getStatus());
+  }
+
+  @Test
+  public void testRedirect() throws Exception {
+    request.setScheme("http");
+    request.setServerPort(80);
+    new HTTPSFilter().doFilter(request, response, chain);
+    assertEquals(HttpServletResponse.SC_MOVED_PERMANENTLY, response.getStatus());
+    assertEquals("https://example.org/path", response.getHeader(HttpHeaders.LOCATION));
+  }
+
+}