diff options
| author | Maria Odea B. Ching <oching@apache.org> | 2011-05-17 05:38:35 +0000 |
|---|---|---|
| committer | Maria Odea B. Ching <oching@apache.org> | 2011-05-17 05:38:35 +0000 |
| commit | 037051f8c290c66acfcc4f2904dfa0e6e805d68d (patch) | |
| tree | f859f4701d099fb0c39e6ff6d53f47b7d0b3cfa1 | |
| parent | dfec0416c8cefae7b12e007f2a5eb0e5de60183e (diff) | |
| parent | 8899d59d4f0f35663a5369192f622b3d424c75b3 (diff) | |
| download | archiva-1.3.5.tar.gz archiva-1.3.5.zip | |
[maven-scm] copy for tag archiva-1.3.5archiva-1.3.5
git-svn-id: https://svn.apache.org/repos/asf/archiva/tags/archiva-1.3.5@1104003 13f79535-47bb-0310-9956-ffa450edef68
68 files changed, 2680 insertions, 311 deletions
diff --git a/archiva-docs/src/site/apt/adminguide/standalone.apt b/archiva-docs/src/site/apt/adminguide/standalone.apt index e0e2cf641..5651e4967 100644 --- a/archiva-docs/src/site/apt/adminguide/standalone.apt +++ b/archiva-docs/src/site/apt/adminguide/standalone.apt @@ -17,7 +17,9 @@ Installing Standalone Distribution of Apache Archiva interactively, or <<<start>>> to run in the background (in this case, run the script with <<<stop>>> to later stop the server). The logs are available in the <<<logs>>> directory where Archiva is installed. - [] + There is an issue with regard to the version of <<<tr>>> installed/used by default on Solaris so you might encounter a series of <<<Bad String>>> errors + when you run the Archiva binaries in Solaris. You need to use a different version of <<<tr>>> in order to get it to work. See + {{{http://jira.codehaus.org/browse/MRM-1467} MRM-1467}} for more details. * Installing as a Service on Windows diff --git a/archiva-docs/src/site/apt/release-notes.apt b/archiva-docs/src/site/apt/release-notes.apt index f4caafd62..5ce913253 100644 --- a/archiva-docs/src/site/apt/release-notes.apt +++ b/archiva-docs/src/site/apt/release-notes.apt @@ -60,11 +60,25 @@ Release Notes for Archiva 1.3.5 * Changes in Archiva 1.3.5 - Released: <<14 March 2011>> + Released: <<17 May 2011>> + +** Bug + + * [MRM-1457] - Cpu usage 100% + + * [MRM-1467] - Archiva does not start up on Solaris 64-bit. + + * [MRM-1469] - Uploading large artifacts is dreadfully slow + +** Improvement + + * [MRM-1463] - Better Layout for Artifact Download Box ** Task - * [MRM-1460] - Upgrade Archiva to Redback 1.2.7 + * [MRM-1460] - Upgrade Archiva to Redback 1.2.8 + + * [MRM-1468] - Fix cross-site scripting vulnerability in Archiva. * Changes in Archiva 1.3.4 diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AppearanceTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AppearanceTest.java index 94f8b700d..dbd140ab2 100644 --- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AppearanceTest.java +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AppearanceTest.java @@ -25,15 +25,47 @@ import org.testng.annotations.Test; @Test( groups = { "appearance" }, dependsOnMethods = { "testWithCorrectUsernamePassword" }, sequential = true ) public class AppearanceTest extends AbstractArchivaTest { - public void testAddAppearanceNullValues() + public void testAddAppearanceEmptyValues() { goToAppearancePage(); clickLinkWithText( "Edit" ); addEditAppearance( "", "", "" ); assertTextPresent( "You must enter a name" ); } - - @Test( dependsOnMethods = { "testAddAppearanceNullValues" }) + + @Test( dependsOnMethods = { "testAddAppearanceEmptyValues" }) + public void testAddAppearanceInvalidValues() + { + addEditAppearance( "<>~+[ ]'\"" , "/home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\"" , "/home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\"" ); + assertTextPresent( "Organisation name must only contain alphanumeric characters, white-spaces(' '), equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + assertTextPresent( "You must enter a URL" ); + assertXpathCount("//span[@class='errorMessage' and text()='You must enter a URL']", 2); + } + + @Test( dependsOnMethods = { "testAddAppearanceInvalidValues" }) + public void testAddAppearanceInvalidOrganisationName() + { + addEditAppearance( "<>~+[ ]'\"" , "http://www.apache.org/" , "http://www.apache.org/images/asf_logo_wide.gifs" ); + assertTextPresent( "Organisation name must only contain alphanumeric characters, white-spaces(' '), equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + } + + @Test( dependsOnMethods = { "testAddAppearanceInvalidOrganisationName" }) + public void testAddAppearanceInvalidOrganisationUrl() + { + addEditAppearance( "The Apache Software Foundation" , "/home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\"" , "http://www.apache.org/images/asf_logo_wide.gifs" ); + assertTextPresent( "You must enter a URL" ); + assertXpathCount("//span[@class='errorMessage' and text()='You must enter a URL']", 1); + } + + @Test( dependsOnMethods = { "testAddAppearanceInvalidOrganisationUrl" }) + public void testAddAppearanceInvalidOrganisationLogo() + { + addEditAppearance( "The Apache Software Foundation" , "http://www.apache.org/" , "/home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\"" ); + assertTextPresent( "You must enter a URL" ); + assertXpathCount("//span[@class='errorMessage' and text()='You must enter a URL']", 1); + } + + @Test( dependsOnMethods = { "testAddAppearanceInvalidOrganisationLogo" }) public void testAddAppearanceValidValues() { addEditAppearance( "The Apache Software Foundation" , "http://www.apache.org/" , "http://www.apache.org/images/asf_logo_wide.gifs" ); @@ -46,6 +78,6 @@ public class AppearanceTest extends AbstractArchivaTest clickLinkWithText( "Edit" ); addEditAppearance( "Apache Software Foundation" , "http://www.apache.org/" , "http://www.apache.org/images/asf_logo_wide.gifs" ); assertTextPresent( "Apache Software Foundation" ); - } - + } + }
\ No newline at end of file diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/ArtifactManagementTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/ArtifactManagementTest.java index 4eb22b172..d3f2836c3 100644 --- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/ArtifactManagementTest.java +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/ArtifactManagementTest.java @@ -82,7 +82,7 @@ public class ArtifactManagementTest addArtifact( getGroupId() , getArtifactId(), getVersion(), getPackaging() , " ", getRepositoryId() ); assertTextPresent( "Please add a file to upload." ); } - + @Test(groups = "requiresUpload") public void testAddArtifactValidValues() { @@ -139,4 +139,25 @@ public class ArtifactManagementTest deleteArtifact( "delete", "delete", "asdf", "internal"); assertTextPresent( "Invalid version." ); } + + // HTML select should have the proper value, else it will cause a selenium error: Option with label 'customValue' not found + public void testDeleteArtifactInvalidValues() + { + deleteArtifact( "<> \\/~+[ ]'\"", "<> \\/~+[ ]'\"", "<>", "internal"); + assertTextPresent( "Invalid version." ); + assertTextPresent( "Group id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Artifact id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + } + + public void testDeleteArtifactInvalidGroupId() + { + deleteArtifact( "<> \\/~+[ ]'\"", "delete", "1.0", "internal"); + assertTextPresent( "Group id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + } + + public void testDeleteArtifactInvalidArtifactId() + { + deleteArtifact( "delete", "<> \\/~+[ ]'\"", "1.0", "internal"); + assertTextPresent( "Artifact id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + } } diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/CSRFSecurityTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/CSRFSecurityTest.java new file mode 100644 index 000000000..3883605a8 --- /dev/null +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/CSRFSecurityTest.java @@ -0,0 +1,149 @@ +package org.apache.archiva.web.test; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.apache.archiva.web.test.parent.AbstractArchivaTest; +import org.testng.annotations.Test; + +/** + * Test all actions affected with CSRF security issue. + */ +@Test( groups = { "csrf" }, dependsOnMethods = { "testWithCorrectUsernamePassword" }, sequential = true ) +public class CSRFSecurityTest + extends AbstractArchivaTest +{ + public void testCSRFDeleteRepository() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/admin/deleteRepository.action?repoid=test&method%3AdeleteContents=Delete+Configuration+and+Contents" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testCSRFDeleteArtifact() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/deleteArtifact!doDelete.action?groupId=1&artifactId=1&version=1&repositoryId=snapshots" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testCSRFAddRepositoryGroup() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/admin/addRepositoryGroup.action?repositoryGroup.id=csrfgrp" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testCSRFDeleteRepositoryGroup() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/admin/deleteRepositoryGroup.action?repoGroupId=test&method%3Adelete=Confirm" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testCSRFDisableProxyConnector() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/admin/disableProxyConnector!disable.action?target=maven2-repository.dev.java.net&source=internal" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testCSRFDeleteProxyConnector() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/admin/deleteProxyConnector!delete.action?target=maven2-repository.dev.java.net&source=snapshots" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testCSRFDeleteLegacyArtifactPath() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/admin/deleteLegacyArtifactPath.action?path=jaxen%2Fjars%2Fjaxen-1.0-FCS-full.jar" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testCSRFSaveNetworkProxy() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/admin/saveNetworkProxy.action?mode=add&proxy.id=ntwrk&proxy.protocol=http&" + + "proxy.host=test&proxy.port=8080&proxy.username=&proxy.password=" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testCSRFDeleteNetworkProxy() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/admin/deleteNetworkProxy!delete.action?proxyid=myproxy" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testCSRFAddFileTypePattern() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/admin/repositoryScanning!addFiletypePattern.action?pattern=**%2F*.rum&fileTypeId=artifacts" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testCSRFRemoveFileTypePattern() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/admin/repositoryScanning!removeFiletypePattern.action?pattern=**%2F*.rum&fileTypeId=artifacts" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testCSRFUpdateKnownConsumers() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/admin/repositoryScanning!updateKnownConsumers.action?enabledKnownContentConsumers=auto-remove&" + + "enabledKnownContentConsumers=auto-rename&enabledKnownContentConsumers=create-missing-checksums&" + + "enabledKnownContentConsumers=index-content&enabledKnownContentConsumers=metadata-updater&" + + "enabledKnownContentConsumers=repository-purge&enabledKnownContentConsumers=update-db-artifact&" + + "enabledKnownContentConsumers=validate-checksums" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testCSRFUpdateUnprocessedConsumers() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/admin/database!updateUnprocessedConsumers.action?enabledUnprocessedConsumers=update-db-project" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testCSRFUpdateCleanupConsumers() + { + getSelenium().open( baseUrl ); + getSelenium().open( baseUrl + "/admin/database!updateCleanupConsumers.action?enabledCleanupConsumers=not-present-remove-db-artifact&" + + "enabledCleanupConsumers=not-present-remove-db-project&enabledCleanupConsumers=not-present-remove-indexed" ); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } +} diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/LegacySupportTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/LegacySupportTest.java index 26212a949..183c15f46 100644 --- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/LegacySupportTest.java +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/LegacySupportTest.java @@ -72,4 +72,58 @@ public class LegacySupportTest addLegacyArtifactPath( "test" , "test" , "test" , "1.0-SNAPSHOT" , "testing" , ""); assertTextPresent( "You must enter a type." ); } + + @Test( dependsOnMethods = { "testAddLegacyArtifact_NullType" }) + public void testAddLegacyArtifact_InvalidValues() + { + addLegacyArtifactPath( "<> ~+[ ]'\"" , "<> \\/~+[ ]'\"" , "<> \\/~+[ ]'\"" , "<> \\/~+[ ]'\"" , "<> \\/~+[ ]'\"" , "<> \\/~+[ ]'\""); + assertTextPresent( "Legacy path must only contain alphanumeric characters, forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Group id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Artifact id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Version must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Classifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Type must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + } + + @Test( dependsOnMethods = { "testAddLegacyArtifact_InvalidValues" }) + public void testAddLegacyArtifact_InvalidLegacyPath() + { + addLegacyArtifactPath( "<> ~+[ ]'\"" , "test" , "test" , "1.0-SNAPSHOT" , "testing" , "jar"); + assertTextPresent( "Legacy path must only contain alphanumeric characters, forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)." ); + } + + @Test( dependsOnMethods = { "testAddLegacyArtifact_InvalidLegacyPath" }) + public void testAddLegacyArtifact_InvalidGroupId() + { + addLegacyArtifactPath( "test" , "<> \\/~+[ ]'\"" , "test" , "1.0-SNAPSHOT" , "testing" , "jar"); + assertTextPresent( "Group id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + } + + @Test( dependsOnMethods = { "testAddLegacyArtifact_InvalidGroupId" }) + public void testAddLegacyArtifact_InvalidArtifactId() + { + addLegacyArtifactPath( "test" , "test" , "<> \\/~+[ ]'\"" , "1.0-SNAPSHOT" , "testing" , "jar"); + assertTextPresent( "Artifact id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + } + + @Test( dependsOnMethods = { "testAddLegacyArtifact_InvalidArtifactId" }) + public void testAddLegacyArtifact_InvalidVersion() + { + addLegacyArtifactPath( "test" , "test" , "test" , "<> \\/~+[ ]'\"" , "testing" , "jar"); + assertTextPresent( "Version must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + } + + @Test( dependsOnMethods = { "testAddLegacyArtifact_InvalidVersion" }) + public void testAddLegacyArtifact_InvalidType() + { + addLegacyArtifactPath( "test" , "test" , "test" , "1.0-SNAPSHOT" , "testing" , "<> \\/~+[ ]'\""); + assertTextPresent( "Type must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + } + + @Test( dependsOnMethods = { "testAddLegacyArtifact_InvalidType" }) + public void testAddLegacyArtifact_InvalidClassifier() + { + addLegacyArtifactPath( "test" , "test" , "test" , "1.0-SNAPSHOT" , "<> \\/~+[ ]'\"" , "jar"); + assertTextPresent( "Classifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + } } diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/NetworkProxiesTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/NetworkProxiesTest.java index b12a096b8..8224353d2 100644 --- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/NetworkProxiesTest.java +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/NetworkProxiesTest.java @@ -59,8 +59,60 @@ public class NetworkProxiesTest addNetworkProxy( "testing123", "http", "", "8080", "", ""); assertTextPresent( "You must enter a host." ); } - + @Test (dependsOnMethods = { "testAddNetworkProxiesNullHostname" } ) + public void testAddNetworkProxiesInvalidValues() + { + goToNetworkProxiesPage(); + addNetworkProxy( "<> \\/~+[ ]'\"", "<> ~+[ ]'\"", "<> ~+[ ]'\"", "0", "<> ~+[ ]'\"", ""); + assertTextPresent( "Proxy id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Protocol must only contain alphanumeric characters, forward-slashes(/), back-slashes(\\), dots(.), colons(:), and dashes(-)." ); + assertTextPresent( "Host must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + assertTextPresent( "Port needs to be larger than 1" ); + assertTextPresent( "Username must only contain alphanumeric characters, at's(@), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)." ); + } + + @Test (dependsOnMethods = { "testAddNetworkProxiesInvalidValues" } ) + public void testAddNetworkProxiesInvalidIdentifier() + { + goToNetworkProxiesPage(); + addNetworkProxy( "<> \\/~+[ ]'\"", "http", "localhost", "8080", "", ""); + assertTextPresent( "Proxy id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + } + + @Test (dependsOnMethods = { "testAddNetworkProxiesInvalidIdentifier" } ) + public void testAddNetworkProxiesInvalidProtocol() + { + goToNetworkProxiesPage(); + addNetworkProxy( "testing123", "<> ~+[ ]'\"", "localhost", "8080", "", ""); + assertTextPresent( "Protocol must only contain alphanumeric characters, forward-slashes(/), back-slashes(\\), dots(.), colons(:), and dashes(-)." ); + } + + @Test (dependsOnMethods = { "testAddNetworkProxiesInvalidProtocol" } ) + public void testAddNetworkProxiesInvalidHostname() + { + goToNetworkProxiesPage(); + addNetworkProxy( "testing123", "http", "<> ~+[ ]'\"", "8080", "", ""); + assertTextPresent( "Host must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + } + + @Test (dependsOnMethods = { "testAddNetworkProxiesInvalidHostname" } ) + public void testAddNetworkProxiesInvalidPort() + { + goToNetworkProxiesPage(); + addNetworkProxy( "testing123", "http", "localhost", "0", "", ""); + assertTextPresent( "Port needs to be larger than 1" ); + } + + @Test (dependsOnMethods = { "testAddNetworkProxiesInvalidPort" } ) + public void testAddNetworkProxiesInvalidUsername() + { + goToNetworkProxiesPage(); + addNetworkProxy( "testing123", "http", "localhost", "8080", "<> ~+[ ]'\"", ""); + assertTextPresent( "Username must only contain alphanumeric characters, at's(@), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)." ); + } + + @Test (dependsOnMethods = { "testAddNetworkProxiesInvalidUsername" } ) public void testAddNetworkProxiesValidValues() { goToNetworkProxiesPage(); @@ -68,7 +120,7 @@ public class NetworkProxiesTest assertPage( "Apache Archiva \\ Administration - Network Proxies" ); assertTextPresent( "testing123" ); } - + @Test (dependsOnMethods = { "testAddNetworkProxiesValidValues" } ) public void testEditNetworkProxy() { @@ -92,5 +144,5 @@ public class NetworkProxiesTest assertPage( "Apache Archiva \\ Administration - Network Proxies" ); assertTextPresent( "testing123" ); } - + } diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java index 0c7df55d1..8b7743253 100644 --- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java @@ -35,9 +35,66 @@ public class RepositoryTest assertTextPresent( "Managed Repository Sample 1" ); assertRepositoriesPage(); } - - @Test(dependsOnMethods = { "testAddManagedRepoValidValues" } ) - public void testAddManagedRepoInvalidValues() + + @Test(dependsOnMethods = { "testAddManagedRepoValidValues" } ) + public void testAddManagedRepoInvalidValues() + { + goToRepositoriesPage(); + getSelenium().open( "/archiva/admin/addRepository.action" ); ; + addManagedRepository( "<> \\/~+[ ]'\"", "<>\\~+[]'\"" , "<> ~+[ ]'\"" , "<> ~+[ ]'\"", "Maven 2.x Repository", "", "-1", "101" ); + assertTextPresent( "Identifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + assertTextPresent( "Repository Name must only contain alphanumeric characters, white-spaces(' '), forward-slashes(/), open-parenthesis('('), close-parenthesis(')'), underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100."); + assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0."); + assertTextPresent( "Invalid cron expression." ); + } + + @Test(dependsOnMethods = { "testAddManagedRepoInvalidValues" } ) + public void testAddManagedRepoInvalidIdentifier() + { + addManagedRepository( "<> \\/~+[ ]'\"", "name" , "/home" , "/.index", "Maven 2.x Repository", "0 0 * * * ?", "1", "1" ); + assertTextPresent( "Identifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + } + + @Test(dependsOnMethods = { "testAddManagedRepoInvalidIdentifier" } ) + public void testAddManagedRepoInvalidRepoName() + { + addManagedRepository( "identifier", "<>\\~+[]'\"" , "/home" , "/.index", "Maven 2.x Repository", "0 0 * * * ?", "1", "1" ); + assertTextPresent( "Repository Name must only contain alphanumeric characters, white-spaces(' '), forward-slashes(/), open-parenthesis('('), close-parenthesis(')'), underscores(_), dots(.), and dashes(-)." ); + } + + @Test(dependsOnMethods = { "testAddManagedRepoInvalidRepoName" } ) + public void testAddManagedRepoInvalidDirectory() + { + addManagedRepository( "identifier", "name" , "<> ~+[ ]'\"" , "/.index", "Maven 2.x Repository", "0 0 * * * ?", "1", "1" ); + assertTextPresent( "Directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + } + + @Test(dependsOnMethods = { "testAddManagedRepoInvalidDirectory" } ) + public void testAddManagedRepoInvalidIndexDir() + { + addManagedRepository( "identifier", "name" , "/home" , "<> ~+[ ]'\"", "Maven 2.x Repository", "0 0 * * * ?", "1", "1" ); + assertTextPresent( "Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + } + + @Test(dependsOnMethods = { "testAddManagedRepoInvalidIndexDir" } ) + public void testAddManagedRepoInvalidRetentionCount() + { + addManagedRepository( "identifier", "name" , "/home" , "/.index", "Maven 2.x Repository", "0 0 * * * ?", "1", "101" ); + assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." ); + } + + @Test(dependsOnMethods = { "testAddManagedRepoInvalidRetentionCount" } ) + public void testAddManagedRepoInvalidDaysOlder() + { + addManagedRepository( "identifier", "name" , "/home" , "/.index", "Maven 2.x Repository", "0 0 * * * ?", "-1", "1" ); + assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." ); + } + + @Test(dependsOnMethods = { "testAddManagedRepoInvalidDaysOlder" } ) + public void testAddManagedRepoBlankValues() { goToRepositoriesPage(); getSelenium().open( "/archiva/admin/addRepository.action" ); ; @@ -48,7 +105,7 @@ public class RepositoryTest assertTextPresent( "Invalid cron expression." ); } - @Test(dependsOnMethods = { "testAddManagedRepoInvalidValues" } ) + @Test(dependsOnMethods = { "testAddManagedRepoBlankValues" } ) public void testAddManagedRepoNoIdentifier() { addManagedRepository( "", "name" , "/home" , "/.index", "Maven 2.x Repository", "0 0 * * * ?", "", "" ); @@ -86,8 +143,62 @@ public class RepositoryTest assertTextPresent( "Managed Repository Sample" ); } + @Test(dependsOnMethods = { "testAddManagedRepoForEdit" } ) + public void testEditManagedRepoInvalidValues() + { + editManagedRepository("<>\\~+[]'\"" , "<> ~+[ ]'\"" , "<> ~+[ ]'\"", "Maven 2.x Repository", "", "-1", "101"); + assertTextPresent( "Directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + assertTextPresent( "Repository Name must only contain alphanumeric characters, white-spaces(' '), forward-slashes(/), open-parenthesis('('), close-parenthesis(')'), underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100."); + assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0."); + assertTextPresent( "Invalid cron expression." ); + } + + @Test(dependsOnMethods = { "testEditManagedRepoInvalidValues" } ) + public void testEditManagedRepoInvalidRepoName() + { + editManagedRepository("<>\\~+[]'\"" , "/home" , "/.index", "Maven 2.x Repository", "0 0 * * * ?", "1", "1"); + assertTextPresent( "Repository Name must only contain alphanumeric characters, white-spaces(' '), forward-slashes(/), open-parenthesis('('), close-parenthesis(')'), underscores(_), dots(.), and dashes(-)." ); + } + + @Test(dependsOnMethods = { "testEditManagedRepoInvalidRepoName" } ) + public void testEditManagedRepoInvalidDirectory() + { + editManagedRepository("name" , "<> ~+[ ]'\"" , "/.index", "Maven 2.x Repository", "0 0 * * * ?", "1", "1"); + assertTextPresent( "Directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + } + + @Test(dependsOnMethods = { "testEditManagedRepoInvalidDirectory" } ) + public void testEditManagedRepoInvalidIndexDir() + { + editManagedRepository("name" , "/home" , "<> ~+[ ]'\"", "Maven 2.x Repository", "0 0 * * * ?", "1", "1"); + assertTextPresent( "Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + } + + @Test(dependsOnMethods = { "testEditManagedRepoInvalidIndexDir" } ) + public void testEditManagedRepoInvalidCron() + { + editManagedRepository("name" , "/home" , "/.index", "Maven 2.x Repository", "", "1", "1"); + assertTextPresent( "Invalid cron expression." ); + } + + @Test(dependsOnMethods = { "testEditManagedRepoInvalidCron" } ) + public void testEditManagedRepoInvalidRetentionCount() + { + editManagedRepository("name" , "/home" , "/.index", "Maven 2.x Repository", "0 0 * * * ?", "1", "101"); + assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." ); + } + + @Test(dependsOnMethods = { "testEditManagedRepoInvalidRetentionCount" } ) + public void testEditManagedRepoInvalidDaysOlder() + { + editManagedRepository("name" , "/home" , "/.index", "Maven 2.x Repository", "0 0 * * * ?", "-1", "1"); + assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." ); + } + //TODO - @Test(dependsOnMethods = { "testAddManagedRepoForEdit" } ) + @Test(dependsOnMethods = { "testEditManagedRepoInvalidDaysOlder" } ) public void testEditManagedRepo() { editManagedRepository( "repository.name" , "Managed Repo" ); @@ -140,11 +251,11 @@ public class RepositoryTest addRemoteRepository( "remoterepo" , "Remote Repository Sample" , "http://repository.codehaus.org/org/codehaus/mojo/" , "" , "" , "" , "Maven 2.x Repository" ); assertTextPresent( "Remote Repository Sample" ); } -
+ // *** BUNDLED REPOSITORY TEST *** -
- @Test ( dependsOnMethods = { "testWithCorrectUsernamePassword" }, alwaysRun = true )
- public void testBundledRepository()
+ + @Test ( dependsOnMethods = { "testWithCorrectUsernamePassword" }, alwaysRun = true ) + public void testBundledRepository() { String repo1 = baseUrl + "repository/internal/"; String repo2 = baseUrl + "repository/snapshots/"; @@ -152,7 +263,7 @@ public class RepositoryTest assertRepositoryAccess( repo1 ); assertRepositoryAccess( repo2 ); - getSelenium().open( "/archiva" );
+ getSelenium().open( "/archiva" ); } private void assertRepositoryAccess( String repo ) diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java new file mode 100644 index 000000000..1b9cfa1d1 --- /dev/null +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java @@ -0,0 +1,190 @@ +package org.apache.archiva.web.test; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.testng.annotations.Test; +import org.apache.archiva.web.test.parent.AbstractArchivaTest; + +/** + * Test all actions affected with XSS security issue. + */ +@Test( groups = { "xss" }, dependsOnMethods = { "testWithCorrectUsernamePassword" }, sequential = true ) +public class XSSSecurityTest + extends AbstractArchivaTest +{ + public void testDeleteArtifactImmunityToURLCrossSiteScripting() + { + getSelenium().open( "/archiva/deleteArtifact!doDelete.action?groupId=\"/>1<script>alert('xss')</script>&artifactId=\"/>1<script>alert('xss')</script>&version=\"/>1<script>alert('xss')</script>&repositoryId=\"/>1<script>alert('xss')</script>"); + assertDeleteArtifactPage(); + assertTextPresent( "Invalid version." ); + assertTextPresent( "User is not authorized to delete artifacts in repository '\"/>1<script>alert('xss')</script>'." ); + assertTextPresent( "Group id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Artifact id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Repository id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertElementValue("//input[@id='deleteArtifact_groupId']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='deleteArtifact_artifactId']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='deleteArtifact_version']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//select[@id='deleteArtifact_repositoryId']", "internal"); + } + + public void testDeleteArtifactImmunityToEncodedURLCrossSiteScripting() + { + getSelenium().open( "/archiva/deleteArtifact!doDelete.action?groupId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&artifactId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&version=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&repositoryId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E"); + assertDeleteArtifactPage(); + assertTextPresent( "Invalid version." ); + assertTextPresent( "User is not authorized to delete artifacts in repository '\"/>1<script>alert('xss')</script>'." ); + assertTextPresent( "Group id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Artifact id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Repository id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertElementValue("//input[@id='deleteArtifact_groupId']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='deleteArtifact_artifactId']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='deleteArtifact_version']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//select[@id='deleteArtifact_repositoryId']", "internal"); + } + + public void testEditAppearanceImmunityToURLCrossSiteScripting() + { + getSelenium().open( "/archiva/admin/configureAppearance.action?organisationName=<script>alert('xss')</script>&organisationUrl=<script>alert('xss')</script>&organisationLogo=<script>alert('xss')</script>"); + assertAppearancePage(); + assertXpathCount("//td[text()=\"<script>alert('xss')</script>\"]", 1); + assertXpathCount("//code[text()=\"<script>alert('xss')</script>\"]", 2); + + } + + public void testEditAppearanceImmunityToEncodedURLCrossSiteScripting() + { + getSelenium().open( "/archiva/admin/configureAppearance.action?organisationName=%3Cscript%3Ealert('xss')%3C%2Fscript%3E&organisationUrl=%3Cscript%3Ealert('xss')%3C%2Fscript%3E&organisationLogo=%3Cscript%3Ealert('xss')%3C%2Fscript%3E"); + assertAppearancePage(); + assertXpathCount("//td[text()=\"<script>alert('xss')</script>\"]", 1); + assertXpathCount("//code[text()=\"<script>alert('xss')</script>\"]", 2); + } + + public void testAddLegacyArtifactImmunityToURLCrossSiteScripting() + { + getSelenium().open( "/archiva/admin/addLegacyArtifactPath!commit.action?legacyArtifactPath.path=\"/>1<script>alert('xss')</script>&groupId=\"/>1<script>alert('xss')</script>&artifactId=\"/>1<script>alert('xss')</script>&version=\"/>1<script>alert('xss')</script>&classifier=\"/>1<script>alert('xss')</script>&type=\"/>1<script>alert('xss')</script>"); + assertAddLegacyArtifactPathPage(); + assertTextPresent( "Legacy path must only contain alphanumeric characters, forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Group id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Artifact id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Version must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Classifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Type must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertElementValue("//input[@id='addLegacyArtifactPath_legacyArtifactPath_path']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='addLegacyArtifactPath_artifactId']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='addLegacyArtifactPath_version']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='addLegacyArtifactPath_groupId']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='addLegacyArtifactPath_classifier']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='addLegacyArtifactPath_type']", "\"/>1<script>alert('xss')</script>"); + } + + public void testAddLegacyArtifactImmunityToEncodedURLCrossSiteScripting() + { + getSelenium().open( "/archiva/admin/addLegacyArtifactPath!commit.action?legacyArtifactPath.path=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&groupId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&artifactId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&version=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&classifier=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&type=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E"); + assertAddLegacyArtifactPathPage(); + assertTextPresent( "Legacy path must only contain alphanumeric characters, forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Group id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Artifact id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Version must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Classifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Type must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertElementValue("//input[@id='addLegacyArtifactPath_legacyArtifactPath_path']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='addLegacyArtifactPath_artifactId']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='addLegacyArtifactPath_version']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='addLegacyArtifactPath_groupId']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='addLegacyArtifactPath_classifier']", "\"/>1<script>alert('xss')</script>"); + assertElementValue("//input[@id='addLegacyArtifactPath_type']", "\"/>1<script>alert('xss')</script>"); + } + + public void testDeleteNetworkProxyImmunityToURLCrossSiteScripting() + { + getSelenium().open( "/archiva/admin/deleteNetworkProxy!confirm.action?proxyid=\"/>1<script>alert('xss')</script>"); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testDeleteNetworkProxyImmunityToEncodedURLCrossSiteScripting() + { + getSelenium().open( "/archiva/admin/deleteNetworkProxy!confirm.action?proxyid=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E"); + assertTextPresent( "Security Alert - Invalid Token Found" ); + assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); + } + + public void testAddManagedRepositoryImmunityToInputFieldCrossSiteScripting() + { + goToRepositoriesPage(); + getSelenium().open( "/archiva/admin/addRepository.action" ); + addManagedRepository( "test\"><script>alert('xss')</script>", "test\"><script>alert('xss')</script>" , "test\"><script>alert('xss')</script>" , "test\"><script>alert('xss')</script>", "Maven 2.x Repository", "", "-1", "101" ); + // xss inputs are blocked by validation. + assertTextPresent( "Identifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + assertTextPresent( "Repository Name must only contain alphanumeric characters, white-spaces(' '), forward-slashes(/), open-parenthesis('('), close-parenthesis(')'), underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100."); + assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0."); + assertTextPresent( "Invalid cron expression." ); + } + + public void testEditAppearanceImmunityToInputFieldCrossSiteScripting() + { + goToAppearancePage(); + clickLinkWithText( "Edit" ); + addEditAppearance( "test<script>alert('xss')</script>" , "test<script>alert('xss')</script>" , "test<script>alert('xss')</script>" ); + // xss inputs are blocked by validation. + assertTextPresent( "Organisation name must only contain alphanumeric characters, white-spaces(' '), equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + assertTextPresent( "You must enter a URL" ); + assertXpathCount("//span[@class='errorMessage' and text()='You must enter a URL']", 2); + } + + public void testEditAppearanceImmunityToCrossSiteScriptingRendering() + { + goToAppearancePage(); + clickLinkWithText( "Edit" ); + addEditAppearance( "xss" , "http://\">test<script>alert(\"xss\")</script>" , "http://\">test<script>alert(\"xss\")</script>" ); + // escaped html/url prevents cross-site scripting exploits + assertXpathCount("//td[text()=\"xss\"]", 1); + assertXpathCount("//code[text()='http://\">test<script>alert(\"xss\")</script>']", 2); + } + + public void testAddLegacyArtifactPathImmunityToInputFieldCrossSiteScripting() + { + goToLegacySupportPage(); + clickLinkWithText( "Add" ); + addLegacyArtifactPath( "test<script>alert('xss')</script>" , "test<script>alert('xss')</script>" , "test<script>alert('xss')</script>" , "test<script>alert('xss')</script>" , "test<script>alert('xss')</script>" , "test<script>alert('xss')</script>"); + // xss inputs are blocked by validation. + assertTextPresent( "Legacy path must only contain alphanumeric characters, forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Group id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Artifact id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Version must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Classifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Type must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + } + + public void testAddNetworkProxyImmunityToInputFieldCrossSiteScripting() + { + goToNetworkProxiesPage(); + addNetworkProxy( "test<script>alert('xss')</script>", "test<script>alert('xss')</script>", "test<script>alert('xss')</script>", "test<script>alert('xss')</script>", "test<script>alert('xss')</script>", ""); + // xss inputs are blocked by validation. + assertTextPresent( "Proxy id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)." ); + assertTextPresent( "Protocol must only contain alphanumeric characters, forward-slashes(/), back-slashes(\\), dots(.), colons(:), and dashes(-)." ); + assertTextPresent( "Host must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); + assertTextPresent( "Invalid field value for field \"proxy.port\"." ); + assertTextPresent( "Username must only contain alphanumeric characters, at's(@), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)." ); + } +}
\ No newline at end of file diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArchivaTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArchivaTest.java index 3a2131dcb..f6b9fb373 100644 --- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArchivaTest.java +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArchivaTest.java @@ -552,6 +552,104 @@ public abstract class AbstractArchivaTest clickButtonWithValue( "Add Repository" ); } + // artifact management + public void assertDeleteArtifactPage() + { + assertPage( "Apache Archiva \\ Delete Artifact" ); + assertTextPresent( "Delete Artifact" ); + assertTextPresent( "Group Id*:" ); + assertTextPresent( "Artifact Id*:" ); + assertTextPresent( "Version*:" ); + assertTextPresent( "Repository Id:" ); + assertElementPresent( "groupId" ); + assertElementPresent( "artifactId" ); + assertElementPresent( "version" ); + assertElementPresent( "repositoryId" ); + assertButtonWithValuePresent( "Submit" ); + } + + // network proxies + public void goToNetworkProxiesPage() + { + clickLinkWithText( "Network Proxies" ); + assertNetworkProxiesPage(); + } + + public void assertNetworkProxiesPage() + { + assertPage( "Apache Archiva \\ Administration - Network Proxies" ); + assertTextPresent( "Administration - Network Proxies" ); + assertTextPresent( "Network Proxies" ); + assertLinkPresent( "Add Network Proxy" ); + } + + public void addNetworkProxy( String identifier, String protocol, String hostname, String port, String username, String password ) + { + //goToNetworkProxiesPage(); + clickLinkWithText( "Add Network Proxy" ); + assertAddNetworkProxy(); + setFieldValue( "proxy.id" , identifier ); + setFieldValue( "proxy.protocol" , protocol ); + setFieldValue( "proxy.host" , hostname ); + setFieldValue( "proxy.port" , port ); + setFieldValue( "proxy.username" , username ); + setFieldValue( "proxy.password" , password ); + clickButtonWithValue( "Save Network Proxy" ); + } + + public void assertAddNetworkProxy() + { + assertPage( "Apache Archiva \\ Admin: Add Network Proxy" ); + assertTextPresent( "Admin: Add Network Proxy" ); + assertTextPresent( "Add network proxy:" ); + assertTextPresent( "Identifier*:" ); + assertTextPresent( "Protocol*:" ); + assertTextPresent( "Hostname*:" ); + assertTextPresent( "Port*:" ); + assertTextPresent( "Username:" ); + assertTextPresent( "Password:" ); + assertButtonWithValuePresent( "Save Network Proxy" ); + } + + // Legacy Support + public void goToLegacySupportPage() + { + getSelenium().open( "/archiva/admin/legacyArtifactPath.action" ); + assertLegacySupportPage(); + } + + public void assertLegacySupportPage() + { + assertPage( "Apache Archiva \\ Administration - Legacy Support" ); + assertTextPresent( "Administration - Legacy Artifact Path Resolution" ); + assertTextPresent( "Path Mappings" ); + assertLinkPresent( "Add" ); + } + + public void addLegacyArtifactPath( String path, String groupId, String artifactId, String version, String classifier, String type) + { + assertAddLegacyArtifactPathPage(); + setFieldValue( "legacyArtifactPath.path" , path ); + setFieldValue( "groupId" , groupId ); + setFieldValue( "artifactId" , artifactId ); + setFieldValue( "version" , version ); + setFieldValue( "classifier" , classifier ); + setFieldValue( "type" , type ); + clickButtonWithValue( "Add Legacy Artifact Path" ); + } + + public void assertAddLegacyArtifactPathPage() + { + assertPage( "Apache Archiva \\ Admin: Add Legacy Artifact Path" ); + assertTextPresent( "Admin: Add Legacy Artifact Path" ); + assertTextPresent( "Enter the legacy path to map to a particular artifact reference, then adjust the fields as necessary." ); + String element = "addLegacyArtifactPath_legacyArtifactPath_path,addLegacyArtifactPath_groupId,addLegacyArtifactPath_artifactId,addLegacyArtifactPath_version,addLegacyArtifactPath_classifier,addLegacyArtifactPath_type"; + String[] arrayElement = element.split( "," ); + for ( String arrayelement : arrayElement ) + assertElementPresent( arrayelement ); + assertButtonWithValuePresent( "Add Legacy Artifact Path" ); + } + protected void logout() { clickLinkWithText("Logout"); diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArtifactManagementTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArtifactManagementTest.java index 433c04014..0847a6cc9 100644 --- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArtifactManagementTest.java +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArtifactManagementTest.java @@ -55,58 +55,4 @@ public abstract class AbstractArtifactManagementTest selectValue( "repositoryId" , repositoryId ); clickButtonWithValue( "Submit" ) ; } - - public void assertDeleteArtifactPage() - { - assertPage( "Apache Archiva \\ Delete Artifact" ); - assertTextPresent( "Delete Artifact" ); - assertTextPresent( "Group Id*:" ); - assertTextPresent( "Artifact Id*:" ); - assertTextPresent( "Version*:" ); - assertTextPresent( "Repository Id:" ); - assertElementPresent( "groupId" ); - assertElementPresent( "artifactId" ); - assertElementPresent( "version" ); - assertElementPresent( "repositoryId" ); - assertButtonWithValuePresent( "Submit" ); - } - - // Legacy Support - public void goToLegacySupportPage() - { - getSelenium().open( "/archiva/admin/legacyArtifactPath.action" ); - assertLegacySupportPage(); - } - - public void assertLegacySupportPage() - { - assertPage( "Apache Archiva \\ Administration - Legacy Support" ); - assertTextPresent( "Administration - Legacy Artifact Path Resolution" ); - assertTextPresent( "Path Mappings" ); - assertLinkPresent( "Add" ); - } - - public void addLegacyArtifactPath( String path, String groupId, String artifactId, String version, String classifier, String type) - { - assertAddLegacyArtifactPathPage(); - setFieldValue( "legacyArtifactPath.path" , path ); - setFieldValue( "groupId" , groupId ); - setFieldValue( "artifactId" , artifactId ); - setFieldValue( "version" , version ); - setFieldValue( "classifier" , classifier ); - setFieldValue( "type" , type ); - clickButtonWithValue( "Add Legacy Artifact Path" ); - } - - public void assertAddLegacyArtifactPathPage() - { - assertPage( "Apache Archiva \\ Admin: Add Legacy Artifact Path" ); - assertTextPresent( "Admin: Add Legacy Artifact Path" ); - assertTextPresent( "Enter the legacy path to map to a particular artifact reference, then adjust the fields as necessary." ); - String element = "addLegacyArtifactPath_legacyArtifactPath_path,addLegacyArtifactPath_groupId,addLegacyArtifactPath_artifactId,addLegacyArtifactPath_version,addLegacyArtifactPath_classifier,addLegacyArtifactPath_type"; - String[] arrayElement = element.split( "," ); - for ( String arrayelement : arrayElement ) - assertElementPresent( arrayelement ); - assertButtonWithValuePresent( "Add Legacy Artifact Path" ); - } } diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractRepositoryTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractRepositoryTest.java index 7595a335f..77dad4db3 100644 --- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractRepositoryTest.java +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractRepositoryTest.java @@ -177,47 +177,6 @@ public abstract class AbstractRepositoryTest /////////////////////////////// // network proxies /////////////////////////////// - public void goToNetworkProxiesPage() - { - clickLinkWithText( "Network Proxies" ); - assertNetworkProxiesPage(); - } - - public void assertNetworkProxiesPage() - { - assertPage( "Apache Archiva \\ Administration - Network Proxies" ); - assertTextPresent( "Administration - Network Proxies" ); - assertTextPresent( "Network Proxies" ); - assertLinkPresent( "Add Network Proxy" ); - } - - public void assertAddNetworkProxy() - { - assertPage( "Apache Archiva \\ Admin: Add Network Proxy" ); - assertTextPresent( "Admin: Add Network Proxy" ); - assertTextPresent( "Add network proxy:" ); - assertTextPresent( "Identifier*:" ); - assertTextPresent( "Protocol*:" ); - assertTextPresent( "Hostname*:" ); - assertTextPresent( "Port*:" ); - assertTextPresent( "Username:" ); - assertTextPresent( "Password:" ); - assertButtonWithValuePresent( "Save Network Proxy" ); - } - - public void addNetworkProxy( String identifier, String protocol, String hostname, String port, String username, String password ) - { - //goToNetworkProxiesPage(); - clickLinkWithText( "Add Network Proxy" ); - assertAddNetworkProxy(); - setFieldValue( "proxy.id" , identifier ); - setFieldValue( "proxy.protocol" , protocol ); - setFieldValue( "proxy.host" , hostname ); - setFieldValue( "proxy.port" , port ); - setFieldValue( "proxy.username" , username ); - setFieldValue( "proxy.password" , password ); - clickButtonWithValue( "Save Network Proxy" ); - } public void editNetworkProxies( String fieldName, String value) { @@ -299,6 +258,21 @@ public abstract class AbstractRepositoryTest //TODO clickButtonWithValue( "Update Repository" ); } + + public void editManagedRepository(String name, String directory, String indexDirectory, String type, String cron, String daysOlder, String retentionCount) + { + goToRepositoriesPage(); + clickLinkWithXPath( "//div[@id='contentArea']/div/div[5]/div[1]/a[1]/img" ); + assertPage( "Apache Archiva \\ Admin: Edit Managed Repository" ); + setFieldValue( "repository.name" , name ); + setFieldValue( "repository.location" , directory ); + setFieldValue( "repository.indexDir" , indexDirectory ); + selectValue( "repository.layout", type ); + setFieldValue( "repository.refreshCronExpression" , cron ); + setFieldValue( "repository.daysOlder" , daysOlder ); + setFieldValue( "repository.retentionCount" , retentionCount ); + clickButtonWithValue( "Update Repository" ); + } public void deleteManagedRepository() { diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractSeleniumTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractSeleniumTest.java index 888e89c41..98d4b6f8d 100644 --- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractSeleniumTest.java +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractSeleniumTest.java @@ -399,5 +399,14 @@ public abstract class AbstractSeleniumTest { { Assert.assertFalse( getSelenium().isChecked( locator ) ); } - + + public void assertXpathCount(String locator, int expectedCount) + { + Assert.assertEquals( getSelenium().getXpathCount(locator).intValue(), expectedCount ); + } + + public void assertElementValue(String locator, String expectedValue) + { + Assert.assertEquals(getSelenium().getValue(locator), expectedValue); + } } diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/DeleteArtifactAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/DeleteArtifactAction.java index 7d2d62b25..ecb14aeb9 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/DeleteArtifactAction.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/DeleteArtifactAction.java @@ -60,6 +60,7 @@ import org.apache.maven.archiva.security.UserRepositories; import com.opensymphony.xwork2.Preparable; import com.opensymphony.xwork2.Validateable; +import org.apache.commons.lang.StringUtils; /** * Delete an artifact. Metadata will be updated if one exists, otherwise it would be created. @@ -381,6 +382,9 @@ public class DeleteArtifactAction { addActionError( e.getMessage() ); } + + // trims all request parameter values, since the trailing/leading white-spaces are ignored during validation. + trimAllRequestParameterValues(); } private List<String> getManagableRepos() @@ -404,4 +408,27 @@ public class DeleteArtifactAction } return Collections.emptyList(); } + + private void trimAllRequestParameterValues() + { + if(StringUtils.isNotEmpty(groupId)) + { + groupId = groupId.trim(); + } + + if(StringUtils.isNotEmpty(artifactId)) + { + artifactId = artifactId.trim(); + } + + if(StringUtils.isNotEmpty(version)) + { + version = version.trim(); + } + + if(StringUtils.isNotEmpty(repositoryId)) + { + repositoryId = repositoryId.trim(); + } + } } diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java index fcf3d54fe..0049e8436 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java @@ -35,6 +35,7 @@ import java.util.TimeZone; import org.apache.archiva.checksum.ChecksumAlgorithm; import org.apache.archiva.checksum.ChecksummedFile; import org.apache.commons.io.FilenameUtils; +import org.apache.commons.io.IOUtils; import org.apache.commons.lang.StringUtils; import org.apache.maven.archiva.common.utils.VersionComparator; import org.apache.maven.archiva.common.utils.VersionUtil; @@ -461,12 +462,7 @@ public class UploadAction try { - int i; - while ( ( i = input.read() ) != -1 ) - { - out.write( i ); - } - out.flush(); + IOUtils.copy( input, out ); } finally { diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/appearance/EditOrganisationInfoAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/appearance/EditOrganisationInfoAction.java index a6b65f8d3..c32b8233a 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/appearance/EditOrganisationInfoAction.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/appearance/EditOrganisationInfoAction.java @@ -19,6 +19,8 @@ package org.apache.maven.archiva.web.action.admin.appearance; * under the License. */ +import com.opensymphony.xwork2.Validateable; +import org.apache.commons.lang.StringUtils; import org.apache.maven.archiva.configuration.Configuration; import org.apache.maven.archiva.configuration.IndeterminateConfigurationException; import org.apache.maven.archiva.configuration.OrganisationInformation; @@ -38,7 +40,7 @@ import org.codehaus.redback.integration.interceptor.SecureActionException; */ public class EditOrganisationInfoAction extends AbstractAppearanceAction - implements SecureAction + implements SecureAction, Validateable { @Override public String execute() @@ -70,4 +72,28 @@ public class EditOrganisationInfoAction bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL ); return bundle; } + + public void validate() + { + // trim all unecessary trailing/leading white-spaces; always put this statement before the closing braces(after all validation). + trimAllRequestParameterValues(); + } + + private void trimAllRequestParameterValues() + { + if(StringUtils.isNotEmpty(super.getOrganisationName())) + { + super.setOrganisationName(super.getOrganisationName().trim()); + } + + if(StringUtils.isNotEmpty(super.getOrganisationUrl())) + { + super.setOrganisationUrl(super.getOrganisationUrl().trim()); + } + + if(StringUtils.isNotEmpty(super.getOrganisationLogo())) + { + super.setOrganisationLogo(super.getOrganisationLogo().trim()); + } + } } diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathAction.java index f3d4a36a2..18a266ccd 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathAction.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathAction.java @@ -28,6 +28,8 @@ import org.apache.maven.archiva.repository.ManagedRepositoryContent; import org.codehaus.plexus.registry.RegistryException; import com.opensymphony.xwork2.Preparable; +import com.opensymphony.xwork2.Validateable; +import org.apache.commons.lang.StringUtils; import org.apache.maven.archiva.web.action.PlexusActionSupport; /** @@ -38,7 +40,7 @@ import org.apache.maven.archiva.web.action.PlexusActionSupport; */ public class AddLegacyArtifactPathAction extends PlexusActionSupport - implements Preparable + implements Preparable, Validateable { /** * @plexus.requirement @@ -110,6 +112,12 @@ public class AddLegacyArtifactPathAction this.legacyArtifactPath = legacyArtifactPath; } + public void validate() + { + // trim all unecessary trailing/leading white-spaces; always put this statement before the closing braces(after all validation). + trimAllRequestParameterValues(); + } + protected String saveConfiguration( Configuration configuration ) { try @@ -131,6 +139,39 @@ public class AddLegacyArtifactPathAction return SUCCESS; } + private void trimAllRequestParameterValues() + { + if(StringUtils.isNotEmpty(legacyArtifactPath.getPath())) + { + legacyArtifactPath.setPath(legacyArtifactPath.getPath().trim()); + } + + if(StringUtils.isNotEmpty(groupId)) + { + groupId = groupId.trim(); + } + + if(StringUtils.isNotEmpty(artifactId)) + { + artifactId = artifactId.trim(); + } + + if(StringUtils.isNotEmpty(version)) + { + version = version.trim(); + } + + if(StringUtils.isNotEmpty(classifier)) + { + classifier = classifier.trim(); + } + + if(StringUtils.isNotEmpty(type)) + { + type = type.trim(); + } + } + public String getGroupId() { return groupId; diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyAction.java index ec408deab..3299bc3b7 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyAction.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyAction.java @@ -20,6 +20,7 @@ package org.apache.maven.archiva.web.action.admin.networkproxies; */ import com.opensymphony.xwork2.Preparable; +import com.opensymphony.xwork2.Validateable; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.functors.NotPredicate; import org.apache.commons.lang.StringUtils; @@ -44,7 +45,7 @@ import org.codehaus.redback.integration.interceptor.SecureActionException; */ public class ConfigureNetworkProxyAction extends PlexusActionSupport - implements SecureAction, Preparable + implements SecureAction, Preparable, Validateable { /** * @plexus.requirement @@ -169,6 +170,12 @@ public class ConfigureNetworkProxyAction return saveConfiguration(); } + public void validate() + { + // trim all unecessary trailing/leading white-spaces; always put this statement before the closing braces(after all validation). + trimAllRequestParameterValues(); + } + public void setMode( String mode ) { this.mode = mode; @@ -225,4 +232,32 @@ public class ConfigureNetworkProxyAction return SUCCESS; } + + private void trimAllRequestParameterValues() + { + if(StringUtils.isNotEmpty(proxy.getId())) + { + proxy.setId(proxy.getId().trim()); + } + + if(StringUtils.isNotEmpty(proxy.getHost())) + { + proxy.setHost(proxy.getHost().trim()); + } + + if(StringUtils.isNotEmpty(proxy.getPassword())) + { + proxy.setPassword(proxy.getPassword().trim()); + } + + if(StringUtils.isNotEmpty(proxy.getProtocol())) + { + proxy.setProtocol(proxy.getProtocol().trim()); + } + + if(StringUtils.isNotEmpty(proxy.getUsername())) + { + proxy.setUsername(proxy.getUsername().trim()); + } + } } diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java index 97151c816..e7f211ae1 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java @@ -29,6 +29,7 @@ import org.codehaus.plexus.redback.role.RoleManagerException; import org.codehaus.plexus.scheduler.CronExpressionValidator; import java.io.File; import java.io.IOException; +import org.apache.commons.lang.StringUtils; /** * AddManagedRepositoryAction @@ -135,6 +136,32 @@ public class AddManagedRepositoryAction { addFieldError( "repository.refreshCronExpression", "Invalid cron expression." ); } + + // trim all unecessary trailing/leading white-spaces; always put this statement before the closing braces(after all validation). + trimAllRequestParameterValues(); + } + + private void trimAllRequestParameterValues() + { + if(StringUtils.isNotEmpty(repository.getId())) + { + repository.setId(repository.getId().trim()); + } + + if(StringUtils.isNotEmpty(repository.getName())) + { + repository.setName(repository.getName().trim()); + } + + if(StringUtils.isNotEmpty(repository.getLocation())) + { + repository.setLocation(repository.getLocation().trim()); + } + + if(StringUtils.isNotEmpty(repository.getIndexDir())) + { + repository.setIndexDir(repository.getIndexDir().trim()); + } } public ManagedRepositoryConfiguration getRepository() diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java index f128ba152..9e78dbbea 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java @@ -167,6 +167,8 @@ public class EditManagedRepositoryAction { addFieldError( "repository.refreshCronExpression", "Invalid cron expression." ); } + + trimAllRequestParameterValues(); } private void resetStatistics( boolean reset ) @@ -189,7 +191,30 @@ public class EditManagedRepositoryAction repoContentStatsDao.deleteRepositoryContentStatistics( stats ); } } - } + } + + private void trimAllRequestParameterValues() + { + if(StringUtils.isNotEmpty(repository.getId())) + { + repository.setId(repository.getId().trim()); + } + + if(StringUtils.isNotEmpty(repository.getName())) + { + repository.setName(repository.getName().trim()); + } + + if(StringUtils.isNotEmpty(repository.getLocation())) + { + repository.setLocation(repository.getLocation().trim()); + } + + if(StringUtils.isNotEmpty(repository.getIndexDir())) + { + repository.setIndexDir(repository.getIndexDir().trim()); + } + } public String getRepoid() { diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/tags/DownloadArtifact.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/tags/DownloadArtifact.java index 23dcadd84..4a0cbe24d 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/tags/DownloadArtifact.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/tags/DownloadArtifact.java @@ -59,6 +59,10 @@ public class DownloadArtifact extends Component { private static final String DEFAULT_DOWNLOAD_IMAGE = "download-type-other.png"; + + private static final double KILO_BYTE = 1024.0; + private static final double MEGA_BYTE = 1048576.0; + private static final double GIGA_BYTE = 1073741824.0; /** * @plexus.requirement role-hint="jdo" @@ -100,7 +104,7 @@ public class DownloadArtifact public DownloadArtifact( ValueStack stack, PageContext pageContext ) { super( stack ); - decimalFormat = new DecimalFormat( "#,#00" ); + decimalFormat = new DecimalFormat( "#,##0.00" ); this.req = (HttpServletRequest) pageContext.getRequest(); this.res = (HttpServletResponse) pageContext.getResponse(); try @@ -290,13 +294,34 @@ public class DownloadArtifact { String type = artifact.getType(); String linkText = StringUtils.capitalize( type ); + + if( artifact.getModel().getClassifier() != null && !artifact.getModel().getClassifier().trim().equals( "" ) ) + { + linkText = new StringBuilder(linkText).append(" (").append(artifact.getModel().getClassifier()).append(")").toString(); + } appendLink( sb, prefix, repo, artifact, linkText ); } private void appendFilesize( StringBuffer sb, ArchivaArtifact artifact ) { - sb.append( decimalFormat.format( artifact.getModel().getSize() ) ); + long size = artifact.getModel().getSize(); + if( size > GIGA_BYTE ) + { + sb.append( decimalFormat.format( artifact.getModel().getSize() / GIGA_BYTE ) ).append(" GB"); + } + else if( size > MEGA_BYTE ) + { + sb.append( decimalFormat.format( artifact.getModel().getSize() / MEGA_BYTE ) ).append(" MB"); + } + else if( size > KILO_BYTE ) + { + sb.append( decimalFormat.format( artifact.getModel().getSize() / KILO_BYTE ) ).append(" KB"); + } + else + { + sb.append( decimalFormat.format( artifact.getModel().getSize() ) ).append(" B"); + } } public void setArtifactId( String artifactId ) diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/DeleteArtifactAction-validation.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/DeleteArtifactAction-validation.xml index dcef342d0..bfe08fa1f 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/DeleteArtifactAction-validation.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/DeleteArtifactAction-validation.xml @@ -21,20 +21,40 @@ <!DOCTYPE validators PUBLIC "-//OpenSymphony Group//XWork Validator 1.0.2//EN" "http://www.opensymphony.com/xwork/xwork-validator-1.0.2.dtd"> +<!-- validate temporarily-trimmed inputs, actual values are then carried over to the action class to be trimmed once more. --> <validators> <field name="groupId"> <field-validator type="requiredstring"> <message>You must enter a groupId.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[a-zA-Z0-9._-]+$</param> + <message>Group id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-).</message> + </field-validator> </field> <field name="artifactId"> <field-validator type="requiredstring"> <message>You must enter an artifactId.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[a-zA-Z0-9._-]+$</param> + <message>Artifact id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-).</message> + </field-validator> </field> + <!-- version's validation is inside the validate() method of the action class --> <field name="version"> <field-validator type="requiredstring"> <message>You must enter a version.</message> </field-validator> - </field> + </field> + <field name="repositoryId"> + <!-- no requiredstring validation, because there was none before(being consistent). --> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[a-zA-Z0-9._-]*$</param> + <message>Repository id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-).</message> + </field-validator> + </field> </validators>
\ No newline at end of file diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/appearance/EditOrganisationInfoAction-validation.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/appearance/EditOrganisationInfoAction-validation.xml index 38b3bcfa8..df93a3bbc 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/appearance/EditOrganisationInfoAction-validation.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/appearance/EditOrganisationInfoAction-validation.xml @@ -26,6 +26,11 @@ <field-validator type="requiredstring"> <message>You must enter a name</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^([-a-zA-Z0-9._/~:?!&=\\]|\s)+$</param> + <message>Organisation name must only contain alphanumeric characters, white-spaces(' '), equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-).</message> + </field-validator> </field> <field name="organisationUrl"> <field-validator type="url"> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathAction-validation.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathAction-validation.xml index 1725a33ec..bbf09dd9d 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathAction-validation.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathAction-validation.xml @@ -21,30 +21,64 @@ <!DOCTYPE validators PUBLIC "-//OpenSymphony Group//XWork Validator 1.0.2//EN" "http://www.opensymphony.com/xwork/xwork-validator-1.0.2.dtd"> +<!-- validate temporarily-trimmed inputs, actual values are then carried over to the action class to be trimmed once more. --> <validators> <field name="legacyArtifactPath.path"> <field-validator type="requiredstring"> <message>You must enter a legacy path.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[-a-zA-Z0-9._/\\]+$</param> + <message>Legacy path must only contain alphanumeric characters, forward-slashes(/), back-slashes(\), underscores(_), dots(.), and dashes(-).</message> + </field-validator> </field> <field name="groupId"> <field-validator type="requiredstring"> <message>You must enter a groupId.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[a-zA-Z0-9._-]+$</param> + <message>Group id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-).</message> + </field-validator> </field> <field name="artifactId"> <field-validator type="requiredstring"> <message>You must enter an artifactId.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[a-zA-Z0-9._-]+$</param> + <message>Artifact id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-).</message> + </field-validator> </field> <field name="version"> <field-validator type="requiredstring"> <message>You must enter a version.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[a-zA-Z0-9._-]+$</param> + <message>Version must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-).</message> + </field-validator> + </field> + <field name="classifier"> + <!-- no requiredstring validation, because there was none before(being consistent). --> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[a-zA-Z0-9._-]*$</param> + <message>Classifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-).</message> + </field-validator> </field> <field name="type"> <field-validator type="requiredstring"> <message>You must enter a type.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[a-zA-Z0-9._-]+$</param> + <message>Type must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-).</message> + </field-validator> </field> </validators>
\ No newline at end of file diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyAction-saveNetworkProxy-validation.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyAction-saveNetworkProxy-validation.xml index 5e39f8d7e..669b3b102 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyAction-saveNetworkProxy-validation.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyAction-saveNetworkProxy-validation.xml @@ -35,18 +35,33 @@ <param name="trim">true</param> <message>You must enter an identifier of 4 or more than 4 characters.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[a-zA-Z0-9._-]+$</param> + <message>Proxy id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-).</message> + </field-validator> </field> <field name="proxy.protocol"> <field-validator type="requiredstring"> <param name="trim">true</param> <message>You must enter a protocol.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[-a-zA-Z0-9./:\\]+$</param> + <message>Protocol must only contain alphanumeric characters, forward-slashes(/), back-slashes(\), dots(.), colons(:), and dashes(-).</message> + </field-validator> </field> <field name="proxy.host"> <field-validator type="requiredstring"> <param name="trim">true</param> <message>You must enter a host.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[-a-zA-Z0-9._/~:?!&=\\]+$</param> + <message>Host must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-).</message> + </field-validator> </field> <field name="proxy.port"> <field-validator type="required"> @@ -60,5 +75,18 @@ --> <message>Port needs to be larger than ${min}</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[0-9]+$</param> + <message>Port must only contain numeric characters.</message> + </field-validator> + </field> + <field name="proxy.username"> + <!-- no requiredstring validation, because there was none before(being consistent). --> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[-a-zA-Z0-9.@/_\\]*$</param> + <message>Username must only contain alphanumeric characters, at's(@), forward-slashes(/), back-slashes(\), underscores(_), dots(.), and dashes(-).</message> + </field-validator> </field> </validators> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml index 23f4cb495..8e7790759 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml @@ -26,16 +26,39 @@ <field-validator type="requiredstring"> <message>You must enter a repository identifier.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[a-zA-Z0-9._-]+$</param> + <message>Identifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-).</message> + </field-validator> </field> <field name="repository.location"> <field-validator type="requiredstring"> <message>You must enter a directory.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[-a-zA-Z0-9._/~:?!&=\\]+$</param> + <message>Directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-).</message> + </field-validator> + </field> + <field name="repository.indexDir"> + <!-- no requiredstring validation, because there was none before(being consistent). --> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[-a-zA-Z0-9._/~:?!&=\\]*$</param> + <message>Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-).</message> + </field-validator> </field> <field name="repository.name"> <field-validator type="requiredstring"> <message>You must enter a repository name.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^([a-zA-Z0-9.)/_(-]|\s)+$</param> + <message>Repository Name must only contain alphanumeric characters, white-spaces(' '), forward-slashes(/), open-parenthesis('('), close-parenthesis(')'), underscores(_), dots(.), and dashes(-).</message> + </field-validator> </field> <field name="repository.retentionCount"> <field-validator type="int"> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml index 4ce434a43..b00981f06 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml @@ -26,28 +26,51 @@ <field-validator type="requiredstring"> <message>You must enter a repository identifier.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[a-zA-Z0-9._-]+$</param> + <message>Identifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-).</message> + </field-validator> </field> <field name="repository.location"> <field-validator type="requiredstring"> <message>You must enter a directory.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[-a-zA-Z0-9._/~:?!&=\\]+$</param> + <message>Directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-).</message> + </field-validator> + </field> + <field name="repository.indexDir"> + <!-- no requiredstring validation, because there was none before(being consistent). --> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^[-a-zA-Z0-9._/~:?!&=\\]*$</param> + <message>Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-).</message> + </field-validator> </field> <field name="repository.name"> <field-validator type="requiredstring"> <message>You must enter a repository name.</message> </field-validator> + <field-validator type="regex"> + <param name="trim">true</param> + <param name="expression">^([a-zA-Z0-9.)/_(-]|\s)+$</param> + <message>Repository Name must only contain alphanumeric characters, white-spaces(' '), forward-slashes(/), open-parenthesis('('), close-parenthesis(')'), underscores(_), dots(.), and dashes(-).</message> + </field-validator> </field> <field name="repository.retentionCount"> <field-validator type="int"> <param name="min">1</param> <param name="max">100</param> <message>Repository Purge By Retention Count needs to be between ${min} and ${max}.</message> - </field-validator> + </field-validator> </field> <field name="repository.daysOlder"> <field-validator type="int"> <param name="min">0</param> <message>Repository Purge By Days Older Than needs to be larger than ${min}.</message> - </field-validator> + </field-validator> </field> </validators> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml index fb2db2159..88dc1f312 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/struts.xml @@ -33,13 +33,11 @@ <interceptor name="redbackAutoLogin" class="redbackAutoLoginInterceptor"/> <interceptor name="redbackPolicyEnforcement" class="redbackPolicyEnforcementInterceptor"/> <interceptor name="paramFilter" class="com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor"/> - <interceptor name="redbackXssParameterCheck" class="redbackXSSParameterCheckInterceptor"/> <interceptor-stack name="configuredArchivaStack"> <interceptor-ref name="redbackForceAdminUser"/> <interceptor-ref name="redbackAutoLogin"/> <interceptor-ref name="defaultStack"/> - <interceptor-ref name="redbackXssParameterCheck"/> <interceptor-ref name="paramFilter"> <param name="blocked">externalResult</param> </interceptor-ref> @@ -47,6 +45,9 @@ <param name="enableReferrerCheck">false</param> </interceptor-ref> <interceptor-ref name="redbackPolicyEnforcement"/> + <interceptor-ref name="tokenSession"> + <param name="excludeMethods">*</param> + </interceptor-ref> <interceptor-ref name="configuration"/> <interceptor-ref name="validation"> <param name="excludeMethods">input,back,cancel,browse</param> @@ -60,11 +61,13 @@ <interceptor-ref name="redbackForceAdminUser"/> <interceptor-ref name="redbackAutoLogin"/> <interceptor-ref name="defaultStack"/> - <interceptor-ref name="redbackXssParameterCheck"/> <interceptor-ref name="redbackPolicyEnforcement"/> <interceptor-ref name="redbackSecureActions"> <param name="enableReferrerCheck">false</param> </interceptor-ref> + <interceptor-ref name="tokenSession"> + <param name="excludeMethods">*</param> + </interceptor-ref> <interceptor-ref name="validation"> <param name="excludeMethods">input,back,cancel,browse</param> </interceptor-ref> @@ -127,12 +130,11 @@ <param name="namespace">/security</param> </result> - <result name="possible-xss-attack">/WEB-INF/jsp/redback/possibleXssAttack.jsp</result> - <!-- Generic Catchall for those action configurations that forget to include a result for 'error' --> <result name="error">/WEB-INF/jsp/generalError.jsp</result> <result name="access_to_no_repos">/WEB-INF/jsp/accessToNoRepos.jsp</result> + <result name="invalid.token">/WEB-INF/jsp/redback/invalidToken.jsp</result> </global-results> </package> @@ -179,6 +181,9 @@ <result name="input">/WEB-INF/jsp/deleteArtifact.jsp</result> <result name="error">/WEB-INF/jsp/deleteArtifact.jsp</result> <result name="success">/WEB-INF/jsp/deleteArtifact.jsp</result> + <interceptor-ref name="configuredArchivaStack"> + <param name="tokenSession.includeMethods">doDelete</param> + </interceptor-ref> </action> <action name="checksumSearch" class="searchAction" method="findArtifact"> @@ -223,9 +228,11 @@ <result>/WEB-INF/jsp/showArtifact.jsp</result> </action> + <!-- disabled for now to avoid too much cpu usage (see MRM-1457) <action name="showArtifactDependencyTree" class="showArtifactAction" method="dependencyTree"> <result>/WEB-INF/jsp/artifact/dependencyTree.jsp</result> </action> + --> </package> @@ -253,19 +260,25 @@ <result name="input">/WEB-INF/jsp/admin/repositoryGroups.jsp</result> <result name="error">/WEB-INF/jsp/admin/repositoryGroups.jsp</result> <result name="success" type="redirect-action">repositoryGroups</result> - <interceptor-ref name="configuredPrepareParamsStack"/> + <interceptor-ref name="configuredPrepareParamsStack"> + <param name="tokenSession.includeMethods">*</param> + </interceptor-ref> </action> <action name="confirmDeleteRepositoryGroup" class="deleteRepositoryGroupAction" method="confirmDelete"> <result name="input">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result> - <interceptor-ref name="configuredPrepareParamsStack"/> + <interceptor-ref name="configuredPrepareParamsStack"> + <param name="tokenSession.includeMethods">*</param> + </interceptor-ref> </action> <action name="deleteRepositoryGroup" class="deleteRepositoryGroupAction" method="delete"> <result name="input">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result> <result name="error">/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp</result> <result name="success" type="redirect-action">repositoryGroups</result> - <interceptor-ref name="configuredPrepareParamsStack"/> + <interceptor-ref name="configuredPrepareParamsStack"> + <param name="tokenSession.includeMethods">*</param> + </interceptor-ref> </action> <action name="addRepositoryToGroup" class="repositoryGroupsAction" method="addRepositoryToGroup"> @@ -325,14 +338,18 @@ <action name="confirmDeleteRepository" class="deleteManagedRepositoryAction" method="confirmDelete"> <result name="input">/WEB-INF/jsp/admin/deleteRepository.jsp</result> - <interceptor-ref name="configuredPrepareParamsStack"/> + <interceptor-ref name="configuredPrepareParamsStack"> + <param name="tokenSession.includeMethods">*</param> + </interceptor-ref> </action> <action name="deleteRepository" class="deleteManagedRepositoryAction" method="delete"> <result name="input">/WEB-INF/jsp/admin/deleteRepository.jsp</result> <result name="error">/WEB-INF/jsp/admin/deleteRepository.jsp</result> <result name="success" type="redirect-action">repositories</result> - <interceptor-ref name="configuredPrepareParamsStack"/> + <interceptor-ref name="configuredPrepareParamsStack"> + <param name="tokenSession.includeMethods">*</param> + </interceptor-ref> </action> <action name="addRemoteRepository" class="addRemoteRepositoryAction" method="input"> @@ -394,7 +411,9 @@ <action name="deleteProxyConnector" class="deleteProxyConnectorAction" method="confirm"> <result name="input">/WEB-INF/jsp/admin/deleteProxyConnector.jsp</result> <result name="success" type="redirect-action">proxyConnectors</result> - <interceptor-ref name="configuredPrepareParamsStack"/> + <interceptor-ref name="configuredPrepareParamsStack"> + <param name="tokenSession.includeMethods">*</param> + </interceptor-ref> </action> <action name="enableProxyConnector" class="enableProxyConnectorAction" method="confirm"> @@ -406,7 +425,9 @@ <action name="disableProxyConnector" class="disableProxyConnectorAction" method="confirm"> <result name="input">/WEB-INF/jsp/admin/disableProxyConnector.jsp</result> <result name="success" type="redirect-action">proxyConnectors</result> - <interceptor-ref name="configuredPrepareParamsStack"/> + <interceptor-ref name="configuredPrepareParamsStack"> + <param name="tokenSession.includeMethods">*</param> + </interceptor-ref> </action> @@ -431,13 +452,17 @@ <action name="saveNetworkProxy" class="configureNetworkProxyAction" method="save"> <result name="input">/WEB-INF/jsp/admin/editNetworkProxy.jsp</result> <result name="success" type="redirect-action">networkProxies</result> - <interceptor-ref name="configuredPrepareParamsStack"/> + <interceptor-ref name="configuredPrepareParamsStack"> + <param name="tokenSession.includeMethods">*</param> + </interceptor-ref> </action> <action name="deleteNetworkProxy" class="configureNetworkProxyAction" method="confirm"> <result name="input">/WEB-INF/jsp/admin/deleteNetworkProxy.jsp</result> <result name="success" type="redirect-action">networkProxies</result> - <interceptor-ref name="configuredPrepareParamsStack"/> + <interceptor-ref name="configuredPrepareParamsStack"> + <param name="tokenSession.includeMethods">*</param> + </interceptor-ref> </action> <!-- .\ REPOSITORY SCANNING \._____________________________________ --> @@ -447,6 +472,9 @@ <result name="success" type="redirect-action"> <param name="actionName">repositoryScanning</param> </result> + <interceptor-ref name="configuredArchivaStack"> + <param name="tokenSession.includeMethods">removeFiletypePattern,addFiletypePattern,updateKnownConsumers,updateInvalidConsumers</param> + </interceptor-ref> </action> <!-- .\ DATABASE \.________________________________________________ --> @@ -456,6 +484,9 @@ <result name="success" type="redirect-action"> <param name="actionName">database</param> </result> + <interceptor-ref name="configuredArchivaStack"> + <param name="tokenSession.includeMethods">updateSchedule,updateUnprocessedConsumers,updateCleanupConsumers</param> + </interceptor-ref> </action> <action name="updateDatabase" class="schedulerAction" method="updateDatabase"> @@ -504,7 +535,9 @@ <result name="input">/WEB-INF/jsp/admin/legacyArtifactPath.jsp</result> <result name="error">/WEB-INF/jsp/admin/legacyArtifactPath.jsp</result> <result name="success" type="redirect-action">legacyArtifactPath</result> - <interceptor-ref name="configuredPrepareParamsStack"/> + <interceptor-ref name="configuredPrepareParamsStack"> + <param name="tokenSession.includeMethods">*</param> + </interceptor-ref> </action> </package> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/addLegacyArtifactPath.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/addLegacyArtifactPath.jsp index f10a3acfd..1e2f4e213 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/addLegacyArtifactPath.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/addLegacyArtifactPath.jsp @@ -66,8 +66,22 @@ }
</script>
- <s:actionmessage/>
- <s:actionerror/>
+ <%-- changed the structure of displaying errorMessages & actionMessages in order for them to be escaped. --%>
+ <s:if test="hasActionErrors()">
+ <ul>
+ <s:iterator value="actionErrors">
+ <li><span class="errorMessage"><s:property escape="true" /></span></li>
+ </s:iterator>
+ </ul>
+ </s:if>
+ <s:if test="hasActionMessages()">
+ <ul>
+ <s:iterator value="actionMessages">
+ <li><span class="actionMessage"><s:property escape="true" /></span></li>
+ </s:iterator>
+ </ul>
+ </s:if>
+
<s:form method="post" action="addLegacyArtifactPath!commit" namespace="/admin" validate="true">
<s:textfield name="legacyArtifactPath.path" label="Path" size="50" required="true" onchange="parse( this.value )"/>
<s:textfield name="groupId" label="GroupId" size="20" required="true"/>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/addRepository.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/addRepository.jsp index 158159490..d084f4dd2 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/addRepository.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/addRepository.jsp @@ -31,8 +31,21 @@ <h1>Admin: Add Managed Repository</h1> <div id="contentArea"> - <s:actionerror/> - <s:actionmessage/> + <%-- changed the structure of displaying errorMessages & actionMessages in order for them to be escaped. --%> + <s:if test="hasActionErrors()"> + <ul> + <s:iterator value="actionErrors"> + <li><span class="errorMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> + </s:if> + <s:if test="hasActionMessages()"> + <ul> + <s:iterator value="actionMessages"> + <li><span class="actionMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> + </s:if> <s:form method="post" action="addRepository!commit" namespace="/admin" validate="true"> <s:textfield name="repository.id" label="Identifier" size="10" required="true"/> <%@ include file="/WEB-INF/jsp/admin/include/repositoryForm.jspf" %> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp index 55d360d88..cd5438c10 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp @@ -40,29 +40,30 @@ <a href="<s:url action='editAppearance' />">Change your appearance</a> </p> +<%-- used c:out in displaying EL's so that they are escaped --%> <h3>Organization Information</h3> <table> <tr> <th>Name</th> - <td>${organisationName}</td> + <td><c:out value="${organisationName}" /></td> </tr> <tr> <th>URL</th> - <td><a href="${organisationUrl}"> - <code>${organisationUrl}</code> + <td><a href='<c:out value="${organisationUrl}" />'> + <code><c:out value="${organisationUrl}" /></code> </a></td> </tr> <tr> <th>Logo URL</th> <td> - <code>${organisationLogo}</code> + <code><c:out value="${organisationLogo}" /></code> </td> </tr> <c:if test="${!empty (organisationLogo)}"> <tr> <th> </th> - <td><img src="${organisationLogo}" - title="${organisationName}" border="0" alt="" /></td> + <td><img src='<c:out value="${organisationLogo}" />' + title='<c:out value="${organisationName}" />' border="0" alt="" /></td> </tr> </c:if> </table> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmAddRepository.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmAddRepository.jsp index e30b19f81..09ca17e0a 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmAddRepository.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmAddRepository.jsp @@ -46,23 +46,24 @@ the following managed repository? </p> + <%-- used c:out in displaying EL's so that they are escaped --%> <div class="infobox"> <table class="infotable"> <tr> <td>ID:</td> - <td><code>${repository.id}</code></td> + <td><code><c:out value="${repository.id}" /></code></td> </tr> <tr> <td>Name:</td> - <td>${repository.name}</td> + <td><c:out value="${repository.name}" /></td> </tr> <tr> <td>Directory:</td> - <td>${repository.location}</td> + <td><c:out value="${repository.location}" /></td> </tr> <tr> <td>Index Directory:</td> - <td>${repository.indexDir}</td> + <td><c:out value="${repository.indexDir}" /></td> </tr> <tr> <td>Type:</td> @@ -80,15 +81,15 @@ </tr> <tr> <td>Cron:</td> - <td>${repository.refreshCronExpression}</td> + <td><c:out value="${repository.refreshCronExpression}" /></td> </tr> <tr> <td>Repository Purge By Days Older Than:</td> - <td>${repository.daysOlder}</td> + <td><c:out value="${repository.daysOlder}" /></td> </tr> <tr> <td>Repository Purge By Retention Count:</td> - <td>${repository.retentionCount}</td> + <td><c:out value="${repository.retentionCount}" /></td> </tr> <tr> <td>Releases Included:</td> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/database.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/database.jsp index 23dfa4155..8122764bb 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/database.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/database.jsp @@ -48,6 +48,7 @@ <s:form method="post" action="database!updateSchedule" namespace="/admin" validate="false" theme="simple"> + <s:token/> <table> <s:textfield name="cron" label="Cron" size="40" theme="xhtml" /> <tr> @@ -74,6 +75,7 @@ <s:form method="post" action="database!updateUnprocessedConsumers" namespace="/admin" validate="false" theme="simple"> + <s:token/> <table class="consumers"> <tr> <th> </th> @@ -129,6 +131,7 @@ <s:form method="post" action="database!updateCleanupConsumers" namespace="/admin" validate="false" theme="simple"> + <s:token/> <table class="consumers"> <tr> <th> </th> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteNetworkProxy.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteNetworkProxy.jsp index cdd817d9d..49f1d8458 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteNetworkProxy.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteNetworkProxy.jsp @@ -19,6 +19,7 @@ <%@ page contentType="text/html; charset=UTF-8" %> <%@ taglib prefix="s" uri="/struts-tags" %> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <html> <head> @@ -30,7 +31,14 @@ <h1>Admin: Delete Network Proxy</h1> -<s:actionerror/> + <%-- changed the structure of displaying errorMessages in order for them to be escaped. --%> + <s:if test="hasActionErrors()"> + <ul> + <s:iterator value="actionErrors"> + <li><span class="errorMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> + </s:if> <div id="contentArea"> @@ -39,13 +47,14 @@ <blockquote> <strong><span class="statusFailed">WARNING:</span> This operation can not be undone.</strong> </blockquote> - + <%-- used c:out in displaying EL's for them to be escaped. --%> <p> - Are you sure you want to delete network proxy <code>${proxyid}</code> ? + Are you sure you want to delete network proxy <code><c:out value="${proxyid}" /></code> ? </p> <s:form method="post" action="deleteNetworkProxy!delete" namespace="/admin" validate="true"> <s:hidden name="proxyid"/> + <s:token/> <s:submit value="Delete"/> </s:form> </div> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteProxyConnector.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteProxyConnector.jsp index 3a12af02f..fb56d264e 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteProxyConnector.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteProxyConnector.jsp @@ -47,6 +47,7 @@ <s:form method="post" action="deleteProxyConnector!delete" namespace="/admin" validate="true"> <s:hidden name="target"/> <s:hidden name="source"/> + <s:token/> <s:submit value="Delete"/> </s:form> </div> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepository.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepository.jsp index 9c6b42db1..def8b68f6 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepository.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepository.jsp @@ -19,6 +19,7 @@ <%@ page contentType="text/html; charset=UTF-8" %> <%@ taglib prefix="s" uri="/struts-tags" %> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <html> <head> @@ -30,7 +31,14 @@ <h1>Admin: Delete Managed Repository</h1> -<s:actionerror/> +<%-- changed the structure of displaying errorMessages in order for them to be escaped. --%> +<s:if test="hasActionErrors()"> + <ul> + <s:iterator value="actionErrors"> + <li><span class="errorMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> +</s:if> <div id="contentArea"> @@ -44,25 +52,27 @@ Are you sure you want to delete the following managed repository? </p> + <%-- used c:out in displaying EL's so that they are escaped --%> <div class="infobox"> <table class="infotable"> <tr> <td>ID:</td> - <td><code>${repository.id}</code></td> + <td><code><c:out value="${repository.id}" /></code></td> </tr> <tr> <td>Name:</td> - <td>${repository.name}</td> + <td><c:out value="${repository.name}" /></td> </tr> <tr> <td>Directory:</td> - <td>${repository.location}</td> + <td><c:out value="${repository.location}" /></td> </tr> </table> </div> <s:form method="post" action="deleteRepository" namespace="/admin" validate="true" theme="simple"> <s:hidden name="repoid"/> + <s:token/> <div class="buttons"> <s:submit value="Delete Configuration Only" method="deleteEntry" /> <s:submit value="Delete Configuration and Contents" method="deleteContents" /> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp index 83d130f25..69bbd0db4 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/deleteRepositoryGroup.jsp @@ -56,6 +56,7 @@ <s:form method="post" action="deleteRepositoryGroup" namespace="/admin" validate="true" theme="simple"> <s:hidden name="repoGroupId"/> <div class="buttons"> + <s:token/> <s:submit value="Confirm" method="delete"/> <s:submit value="Cancel" method="execute"/> </div> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/disableProxyConnector.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/disableProxyConnector.jsp index b496b4122..52c69ba8c 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/disableProxyConnector.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/disableProxyConnector.jsp @@ -43,6 +43,7 @@ <s:form method="post" action="disableProxyConnector!disable" namespace="/admin" validate="true"> <s:hidden name="target"/> <s:hidden name="source"/> + <s:token/> <s:submit value="Disable"/> </s:form> </div> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editAppearance.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editAppearance.jsp index 9ec3859fc..8df7a210d 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editAppearance.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editAppearance.jsp @@ -35,7 +35,14 @@ </p> <s:set name="editOrganisationInfo" value="editOrganisationInfo"/> -<s:actionmessage/> +<%-- changed the structure of displaying actionMessages in order for them to be escaped. --%> +<s:if test="hasActionMessages()"> + <ul> + <s:iterator value="actionMessages"> + <li><span class="actionMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> +</s:if> <s:form method="post" action="saveAppearance" namespace="/admin" validate="true" theme="xhtml"> <s:textfield name="organisationName" value="%{#attr.organisationName}" label="Name" size="50" /> <s:textfield name="organisationUrl" value="%{#attr.organisationUrl}" label="URL" size="50"/> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editNetworkProxy.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editNetworkProxy.jsp index 29f8ffef6..56af90dad 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editNetworkProxy.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editNetworkProxy.jsp @@ -43,13 +43,27 @@ <div id="contentArea"> - <h2>${addedit} network proxy: ${networkProxyName}</h2> + <h2>${addedit} network proxy: <c:out value="${networkProxyName}" /></h2> - <s:actionerror/> - <s:actionmessage/> + <%-- changed the structure of displaying errorMessages & actionMessages in order for them to be escaped. --%> + <s:if test="hasActionErrors()"> + <ul> + <s:iterator value="actionErrors"> + <li><span class="errorMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> + </s:if> + <s:if test="hasActionMessages()"> + <ul> + <s:iterator value="actionMessages"> + <li><span class="actionMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> + </s:if> <s:form method="post" action="saveNetworkProxy" namespace="/admin"> <s:hidden name="mode"/> + <s:token/> <c:choose> <c:when test="${mode == 'edit'}"> @@ -65,7 +79,7 @@ </s:form> <script type="text/javascript"> - document.getElementById("saveNetworkProxy_host").focus(); + document.getElementById("saveNetworkProxy_host").focus(); </script> </div> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editRepository.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editRepository.jsp index 5a0b482a0..2d3e95646 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editRepository.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/editRepository.jsp @@ -30,11 +30,24 @@ <h1>Admin: Edit Managed Repository</h1> -<s:actionerror/> +<%-- changed the structure of displaying errorMessages & actionMessages in order for them to be escaped. --%> +<s:if test="hasActionErrors()"> + <ul> + <s:iterator value="actionErrors"> + <li><span class="errorMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> +</s:if> <div id="contentArea"> - <s:actionmessage/> + <s:if test="hasActionMessages()"> + <ul> + <s:iterator value="actionMessages"> + <li><span class="actionMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> + </s:if> <s:form method="post" action="editRepository!commit" namespace="/admin" validate="false"> <s:hidden name="repository.id"/> <s:label label="ID" name="repository.id" /> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/legacyArtifactPath.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/legacyArtifactPath.jsp index 0a0167c62..8ad83c259 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/legacyArtifactPath.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/legacyArtifactPath.jsp @@ -35,8 +35,21 @@ <div id="contentArea">
-<s:actionerror/>
-<s:actionmessage/>
+<%-- changed the structure of displaying errorMessages & actionMessages in order for them to be escaped. --%>
+<s:if test="hasActionErrors()">
+ <ul>
+ <s:iterator value="actionErrors">
+ <li><span class="errorMessage"><s:property escape="true" /></span></li>
+ </s:iterator>
+ </ul>
+ </s:if>
+ <s:if test="hasActionMessages()">
+ <ul>
+ <s:iterator value="actionMessages">
+ <li><span class="actionMessage"><s:property escape="true" /></span></li>
+ </s:iterator>
+ </ul>
+ </s:if>
<div class="admin">
<div class="controls">
@@ -69,12 +82,15 @@ </c:choose>
<div class="legacyArtifactPath ${rowColor}">
-
+
<div class="controls">
<%-- TODO: make some icons --%>
<redback:ifAnyAuthorized permissions="archiva-manage-configuration">
- <s:url id="deleteLegacyArtifactPath" action="deleteLegacyArtifactPath">
+ <s:token/>
+ <s:url id="deleteLegacyArtifactPath" encode="true" action="deleteLegacyArtifactPath">
<s:param name="path" value="%{#attr.legacyArtifactPath.path}"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{deleteLegacyArtifactPath}">
<img src="<c:url value="/images/icons/delete.gif" />" alt="" width="16" height="16"/>
@@ -83,17 +99,18 @@ </redback:ifAnyAuthorized>
</div>
+<%-- used c:out in displaying EL's so that they would be escaped --%>
<table class="infoTable">
<tr>
<th>Path</th>
<td>
- <code>${legacyArtifactPath.path}</code>
+ <code><c:out value="${legacyArtifactPath.path}" /></code>
</td>
</tr>
<tr>
<th>Artifact</th>
<td>
- <code>${legacyArtifactPath.artifact}</code>
+ <code><c:out value="${legacyArtifactPath.artifact}" /></code>
</td>
</tr>
</table>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/networkProxies.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/networkProxies.jsp index 44eb18a04..1f0b9b658 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/networkProxies.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/networkProxies.jsp @@ -35,7 +35,21 @@ <div id="contentArea"> -<s:actionerror /> <s:actionmessage /> + <%-- changed the structure of displaying errorMessages & actionMessages in order for them to be escaped. --%> + <s:if test="hasActionErrors()"> + <ul> + <s:iterator value="actionErrors"> + <li><span class="errorMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> + </s:if> + <s:if test="hasActionMessages()"> + <ul> + <s:iterator value="actionMessages"> + <li><span class="actionMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> + </s:if> <div class="admin"> <div class="controls"> @@ -71,11 +85,14 @@ <div class="controls"> <redback:ifAnyAuthorized permissions="archiva-manage-configuration"> - <s:url id="editNetworkProxyUrl" action="editNetworkProxy"> + <s:token/> + <s:url id="editNetworkProxyUrl" encode="true" action="editNetworkProxy"> <s:param name="proxyid" value="%{#attr.proxy.id}" /> </s:url> - <s:url id="deleteNetworkProxyUrl" action="deleteNetworkProxy" method="confirm"> + <s:url id="deleteNetworkProxyUrl" encode="true" action="deleteNetworkProxy" method="confirm"> <s:param name="proxyid" value="%{#attr.proxy.id}" /> + <s:param name="struts.token.name">struts.token</s:param> + <s:param name="struts.token"><s:property value="struts.token"/></s:param> </s:url> <s:a href="%{editNetworkProxyUrl}"> <img src="<c:url value="/images/icons/edit.png" />" /> @@ -85,27 +102,28 @@ Delete Network Proxy</s:a> </redback:ifAnyAuthorized></div> + <%-- used c:out in displaying EL's for them to be escaped. --%> <table class="infoTable"> <tr> <th>Identifier</th> - <td><code>${proxy.id}</code></td> + <td><code><c:out value="${proxy.id}" /></code></td> </tr> <tr> <th>Protocol</th> - <td>${proxy.protocol}</td> + <td><c:out value="${proxy.protocol}" /></td> </tr> <tr> <th>Host</th> - <td>${proxy.host}</td> + <td><c:out value="${proxy.host}" /></td> </tr> <tr> <th>Port</th> - <td>${proxy.port}</td> + <td><c:out value="${proxy.port}" /></td> </tr> <c:if test="${not empty (proxy.username)}"> <tr> <th>Username</th> - <td>${proxy.username}</td> + <td><c:out value="${proxy.username}" /></td> </tr> <c:if test="${not empty (proxy.password)}"> <tr> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxyConnectors.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxyConnectors.jsp index 83a915c86..c42ba4f54 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxyConnectors.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxyConnectors.jsp @@ -113,6 +113,7 @@ <div class="connector ${rowColor}"> <div class="controls"> <redback:ifAnyAuthorized permissions="archiva-manage-configuration"> + <s:token/> <s:url id="sortDownProxyConnectorUrl" action="sortDownProxyConnector"> <s:param name="source" value="%{#attr.connector.sourceRepoId}"/> <s:param name="target" value="%{#attr.connector.targetRepoId}"/> @@ -128,6 +129,8 @@ <s:url id="deleteProxyConnectorUrl" action="deleteProxyConnector" method="confirmDelete"> <s:param name="source" value="%{#attr.connector.sourceRepoId}"/> <s:param name="target" value="%{#attr.connector.targetRepoId}"/> + <s:param name="struts.token.name">struts.token</s:param> + <s:param name="struts.token"><s:property value="struts.token"/></s:param> </s:url> <s:url id="enableProxyConnectorUrl" action="enableProxyConnector" method="confirmEnable"> <s:param name="source" value="%{#attr.connector.sourceRepoId}"/> @@ -136,6 +139,8 @@ <s:url id="disableProxyConnectorUrl" action="disableProxyConnector" method="confirmDisable"> <s:param name="source" value="%{#attr.connector.sourceRepoId}"/> <s:param name="target" value="%{#attr.connector.targetRepoId}"/> + <s:param name="struts.token.name">struts.token</s:param> + <s:param name="struts.token"><s:property value="struts.token"/></s:param> </s:url> <c:if test="${connector.disabled}"> <s:a href="%{enableProxyConnectorUrl}" title="Enable Proxy Connector"> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositories.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositories.jsp index 21e584e0f..dd34ffb80 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositories.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositories.jsp @@ -47,8 +47,22 @@ <div id="contentArea"> -<s:actionerror/> -<s:actionmessage/> + <%-- changed the structure of displaying errorMessages & actionMessages in order for them to be escaped. --%> + <s:if test="hasActionErrors()"> + <ul> + <s:iterator value="actionErrors"> + <li><span class="errorMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> + </s:if> + <s:actionmessage /> + <s:if test="hasActionMessages()"> + <ul> + <s:iterator value="actionMessages"> + <li><span class="actionMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> + </s:if> <div class="admin"> <div class="controls"> @@ -85,11 +99,14 @@ <div class="controls"> <%-- TODO: make some icons --%> <redback:ifAnyAuthorized permissions="archiva-manage-configuration"> - <s:url id="editRepositoryUrl" action="editRepository"> + <s:url id="editRepositoryUrl" encode="true" action="editRepository"> <s:param name="repoid" value="%{#attr.repository.id}"/> </s:url> - <s:url id="deleteRepositoryUrl" action="confirmDeleteRepository"> + <s:token/> + <s:url id="deleteRepositoryUrl" encode="true" action="confirmDeleteRepository"> <s:param name="repoid" value="%{#attr.repository.id}"/> + <s:param name="struts.token.name">struts.token</s:param> + <s:param name="struts.token"><s:property value="struts.token"/></s:param> </s:url> <s:a href="%{editRepositoryUrl}"> <img src="<c:url value="/images/icons/edit.png" />" alt="" width="16" height="16"/> @@ -101,43 +118,44 @@ </s:a> </redback:ifAnyAuthorized> <c:url var="rssFeedIconUrl" value="/images/icons/rss-feed.png"/> - <a href="/archiva/feeds/${repository.id}"> + <a href='/archiva/feeds/<c:out value="${repository.id}" />'> <img src="${rssFeedIconUrl}" /> </a> </div> +<%-- used c:out in displaying EL's for them to be escaped. --%> <div style="float: left"> <img src="<c:url value="/images/archiva-splat-32.gif"/>" alt="" width="32" height="32"/> </div> -<h3 class="repository">${repository.name}</h3> +<h3 class="repository"><c:out value="${repository.name}" /></h3> <table class="infoTable"> <tr> <th>Identifier</th> <td> - <code>${repository.id}</code> + <code><c:out value="${repository.id}" /></code> </td> </tr> <tr> <th>Name</th> <td> - <code>${repository.name}</code> + <code><c:out value="${repository.name}" /></code> </td> </tr> <tr> <th>Directory</th> - <td>${repository.location}</td> + <td><c:out value="${repository.location}" /></td> </tr> <c:if test="${!empty (repository.indexDir)}"> <tr> <th>Index Directory</th> - <td>${repository.indexDir}</td> + <td><c:out value="${repository.indexDir}" /></td> </tr> </c:if> <tr> <th>WebDAV URL</th> - <td><a href="${baseUrl}/${repository.id}/">${baseUrl}/${repository.id}/</a></td> + <td><a href='<c:out value="${baseUrl}" />/<c:out value="${repository.id}" />/' ><c:out value="${baseUrl}" />/<c:out value="${repository.id}" />/</a></td> </tr> <tr> <th>Type</th> @@ -158,7 +176,7 @@ <th>Groups</th> <td> <c:forEach items="${repositoryToGroupMap[repository.id]}" varStatus="i" var="group"> - ${group}<c:if test="${!i.last}">,</c:if> + <c:out value="${group}" /><c:if test="${!i.last}">,</c:if> </c:forEach> </td> </tr> @@ -178,11 +196,11 @@ </tr> <tr> <th>Repository Purge By Days Older Than</th> - <td>${repository.daysOlder}</td> + <td><c:out value="${repository.daysOlder}" /></td> </tr> <tr> <th>Repository Purge By Retention Count</th> - <td>${repository.retentionCount}</td> + <td><c:out value="${repository.retentionCount}" /></td> </tr> </c:if> <tr> @@ -192,7 +210,7 @@ <c:if test="${repository.scanned}"> <tr> <th>Scanning Cron</th> - <td>${repository.refreshCronExpression}</td> + <td><c:out value="${repository.refreshCronExpression}" /></td> </tr> <tr> <th> @@ -226,19 +244,19 @@ <table> <tr> <th>Last Scanned</th> - <td>${stats.whenGathered}</td> + <td><c:out value="${stats.whenGathered}" /></td> </tr> <tr> <th>Duration</th> - <td>${stats.duration} ms</td> + <td><c:out value="${stats.duration}" /> ms</td> </tr> <tr> <th>Total File Count</th> - <td>${stats.totalFileCount} + <td><c:out value="${stats.totalFileCount}" /> </tr> <tr> <th>New Files Found</th> - <td>${stats.newFileCount} + <td><c:out value="${stats.newFileCount}" /> </tr> </table> </c:otherwise> @@ -292,15 +310,18 @@ <div class="controls"> <redback:ifAnyAuthorized permissions="archiva-manage-configuration"> - <s:url id="editRepositoryUrl" action="editRemoteRepository"> - <s:param name="repoid" value="%{#attr.repository.id}"/> + <s:url id="editRepositoryUrl" encode="true" action="editRemoteRepository"> + <s:param name="repoid" value="%{#attr.repository.id}"/> </s:url> <s:a href="%{editRepositoryUrl}"> <img src="<c:url value="/images/icons/edit.png" />" alt="" width="16" height="16"/> Edit </s:a> - <s:url id="deleteRepositoryUrl" action="confirmDeleteRemoteRepository"> + <s:token/> + <s:url id="deleteRepositoryUrl" encode="true" action="confirmDeleteRemoteRepository"> <s:param name="repoid" value="%{#attr.repository.id}"/> + <s:param name="struts.token.name">struts.token</s:param> + <s:param name="struts.token"><s:property value="struts.token"/></s:param> </s:url> <s:a href="%{deleteRepositoryUrl}"> <img src="<c:url value="/images/icons/delete.gif" />" alt="" width="16" height="16"/> @@ -313,24 +334,24 @@ <img src="<c:url value="/images/archiva-world.png"/>" alt="" width="32" height="32"/> </div> - <h3 class="repository">${repository.name}</h3> + <h3 class="repository"><c:out value="${repository.name}" /></h3> <table class="infoTable"> <tr> <th>Identifier</th> <td> - <code>${repository.id}</code> + <code><c:out value="${repository.id}" /></code> </td> </tr> <tr> <th>Name</th> <td> - <code>${repository.name}</code> + <code><c:out value="${repository.name}" /></code> </td> </tr> <tr> <th>URL</th> - <td>${repository.url}</td> + <td><c:out value="${repository.url}" /></td> </tr> <tr> <th>Type</th> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryGroups.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryGroups.jsp index 5804cbb95..ec7c8c2dd 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryGroups.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryGroups.jsp @@ -50,6 +50,7 @@ <s:form action="addRepositoryGroup" namespace="/admin"> <span class="label">Identifier<span style="color:red">*</span>:</span> <s:textfield size="10" label="Identifier" theme="simple" name="repositoryGroup.id"/> + <s:token/> <s:submit value="Add Group" theme="simple" cssClass="button"/> </s:form> </redback:ifAnyAuthorized> @@ -71,8 +72,11 @@ <div class="managedRepo"> <div style="float:right"> + <s:token/> <s:url id="deleteRepositoryGroupUrl" action="confirmDeleteRepositoryGroup"> <s:param name="repoGroupId" value="%{#attr.repositoryGroup.key}" /> + <s:param name="struts.token.name">struts.token</s:param> + <s:param name="struts.token"><s:property value="struts.token"/></s:param> </s:url> <s:a href="%{deleteRepositoryGroupUrl}" cssClass="delete"> <img src="${iconDeleteUrl}"/> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryScanning.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryScanning.jsp index 60b59c7f6..ff768c6f6 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryScanning.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/repositoryScanning.jsp @@ -40,9 +40,9 @@ <s:actionmessage /> <c:url var="iconDeleteUrl" value="/images/icons/delete.gif" /> -<c:url var="iconCreateUrl" value="/images/icons/create.png" /> -<s:url id="removeFiletypePatternUrl" action="repositoryScanning" method="removeFiletypePattern" /> -<s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern" /> +<c:url var="iconCreateUrl" value="/images/icons/create.png" /> +<s:url id="removeFiletypePatternUrl" action="repositoryScanning" method="removeFiletypePattern"/> +<s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern"/> <script type="text/javascript"> <!-- @@ -82,12 +82,11 @@ <s:form method="post" action="repositoryScanning" namespace="/admin" validate="false" id="filetypeForm" theme="simple"> + <s:token/> <input type="hidden" name="pattern" /> <input type="hidden" name="fileTypeId" /> </s:form> - - <s:url id="addFiletypePatternUrl" action="repositoryScanning" method="addFiletypePattern" /> - + <c:forEach items="${fileTypeIds}" var="filetypeId" varStatus="j"> <div class="filetype"> @@ -115,7 +114,7 @@ </td> <td class="controls ${bgcolor}"> <s:a href="#" title="Remove [%{#attr.escapedPattern}] Pattern from [%{#attr.filetypeId}]" - onclick="removeFiletypePattern( '%{#attr.filetypeId}', '%{#attr.escapedPattern}' )" + onclick="removeFiletypePattern( '%{#attr.filetypeId}', '%{#attr.escapedPattern}' )" theme="simple"> <img src="${iconDeleteUrl}" /> </s:a> @@ -157,6 +156,7 @@ <s:form method="post" action="repositoryScanning!updateKnownConsumers" namespace="/admin" validate="false" theme="simple"> + <s:token/> <table class="consumers"> <tr> <th> </th> @@ -213,6 +213,7 @@ <s:form method="post" action="repositoryScanning!updateInvalidConsumers" namespace="/admin" validate="false" theme="simple"> + <s:token/> <table class="consumers"> <tr> <th> </th> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp index 23fae758a..ec1b77e3c 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/components/companyLogo.jsp @@ -29,12 +29,12 @@ <s:set name="organisationUrl" value="organisationUrl"/> <c:choose> <c:when test="${!empty (organisationUrl)}"> - <a href="${organisationUrl}"> - <img src="${organisationLogo}" title="${organisationName}"/> + <a href='<c:out value="${organisationUrl}" />'> + <img src='<c:out value="${organisationLogo}" />' title='<c:out value="${organisationName}" />'/> </a> </c:when> <c:otherwise> - <img src="${organisationLogo}" title="${organisationName}"/> + <img src='<c:out value="${organisationLogo}" />' title='<c:out value="${organisationName}" />'/> </c:otherwise> </c:choose> </c:when> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/artifactDecorator.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/artifactDecorator.jsp index 218c5ab53..bd737cd41 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/artifactDecorator.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/artifactDecorator.jsp @@ -97,6 +97,8 @@ </s:url> </c:set> <my:currentWWUrl url="${url}">Dependencies</my:currentWWUrl> + + <%-- disabled for now to avoid too much cpu usage (see MRM-1457) <c:set var="url"> <s:url action="showArtifactDependencyTree"> <s:param name="groupId" value="%{groupId}"/> @@ -105,6 +107,8 @@ </s:url> </c:set> <my:currentWWUrl url="${url}">Dependency Tree</my:currentWWUrl> + --%> + <c:set var="url"> <s:url action="showArtifactDependees"> <s:param name="groupId" value="%{groupId}"/> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp index 191af1d71..89195fae6 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp @@ -80,7 +80,7 @@ <div id="topSearchBox"> - <s:form method="post" action="quickSearch" namespace="/" validate="true"> + <s:form method="get" action="quickSearch" namespace="/" validate="true"> <s:textfield label="Search for" size="30" name="q"/> </s:form> </div> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/deleteArtifact.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/deleteArtifact.jsp index af8993a0a..a742928f5 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/deleteArtifact.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/deleteArtifact.jsp @@ -30,12 +30,26 @@ <body> <h1>Delete Artifact</h1> - <s:actionerror/> - <s:actionmessage/> + <%-- changed the structure of displaying errorMessages & actionMessages in order for them to be escaped. --%> + <s:if test="hasActionErrors()"> + <ul> + <s:iterator value="actionErrors"> + <li><span class="errorMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> + </s:if> + <s:if test="hasActionMessages()"> + <ul> + <s:iterator value="actionMessages"> + <li><span class="actionMessage"><s:property escape="true" /></span></li> + </s:iterator> + </ul> + </s:if> <div id="contentArea"> <s:form action="deleteArtifact!doDelete" namespace="/" method="post" validate="true"> <%@ include file="/WEB-INF/jsp/include/deleteArtifactForm.jspf" %> + <s:token/> <s:submit/> </s:form> </div> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/quickSearch.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/quickSearch.jsp index 7b0c39c56..8dbf9b438 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/quickSearch.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/quickSearch.jsp @@ -94,7 +94,7 @@ <c:url var="iconCreateUrl" value="/images/icons/create.png" /> - <s:form method="post" id="quickSearch" action="quickSearch" validate="true"> + <s:form method="get" id="quickSearch" action="quickSearch" validate="true"> <s:textfield label="Search for" size="50" name="q"/> <s:hidden name="completeQueryString" value="%{completeQueryString}"/> <s:submit value="Search"/> @@ -111,7 +111,7 @@ </tr> <tr> <td> - <s:form id="filteredSearch" method="post" action="filteredSearch" validate="true"> + <s:form id="filteredSearch" method="get" action="filteredSearch" validate="true"> <label><strong>Advanced Search Fields: </strong></label><s:select name="searchField" list="searchFields" theme="simple"/> <s:a href="#" title="Add Search Field" onclick="addSearchField( document.filteredSearch.searchField.options[document.filteredSearch.searchField.selectedIndex].text, document.filteredSearch.searchField.value, 'dynamicFields' )" theme="simple"> <img src="${iconCreateUrl}" /> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/results.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/results.jsp index ae8e5f8a2..bc6c4a5f2 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/results.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/results.jsp @@ -85,7 +85,7 @@ </tr> <tr> <td> - <s:form id="filteredSearch" method="post" action="filteredSearch" validate="true"> + <s:form id="filteredSearch" method="get" action="filteredSearch" validate="true"> <s:hidden name="fromFilterSearch" value="%{#attr.fromFilterSearch}" theme="simple"/> <label><strong>Advanced Search Fields: </strong></label><s:select name="searchField" list="searchFields" theme="simple"/> <s:a href="#" title="Add Search Field" onclick="addSearchField( document.filteredSearch.searchField.options[document.filteredSearch.searchField.selectedIndex].text, document.filteredSearch.searchField.value, 'dynamicFields' )" theme="simple"> @@ -108,7 +108,7 @@ </table> </c:if> <c:if test="${fromFilterSearch == false}"> - <s:form method="post" action="quickSearch" validate="true"> + <s:form method="get" action="quickSearch" validate="true"> <s:textfield label="Search for" size="50" name="q"/> <s:checkbox label="Search within results" name="searchResultsOnly"/> <s:hidden name="completeQueryString" value="%{#attr.completeQueryString}"/> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/showArtifact.jsp b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/showArtifact.jsp index cce8069f4..b912092bf 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/showArtifact.jsp +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/showArtifact.jsp @@ -93,6 +93,8 @@ </s:url> </c:set> <my:currentWWUrl url="${url}">Dependencies</my:currentWWUrl> + + <%-- disabled for now to avoid too much cpu usage (see MRM-1457) <c:set var="url"> <s:url action="showArtifactDependencyTree"> <s:param name="groupId" value="%{groupId}"/> @@ -101,6 +103,8 @@ </s:url> </c:set> <my:currentWWUrl url="${url}">Dependency Tree</my:currentWWUrl> + --%> + <c:set var="url"> <s:url action="showArtifactDependees"> <s:param name="groupId" value="%{groupId}"/> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml index cad63b21e..b4fb373d0 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml @@ -29,21 +29,6 @@ <filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class> </filter> - <!-- To enable this filter, uncomment the corresponding filter-mapping --> - <filter> - <filter-name>redback-csrf</filter-name> - <filter-class>org.codehaus.plexus.redback.struts2.filter.RedbackCSRFFilter</filter-class> - <init-param> - <param-name>nonceCacheSize</param-name> - <param-value>20</param-value> - </init-param> - <init-param> - <param-name>excludedPaths</param-name> - <param-value>/css/**,/images/**,/struts/**,/favicon.ico,/js/**,//repository/**,//xmlrpc/**,//feeds/**</param-value> - </init-param> - </filter> - - <filter> <filter-name>sitemesh</filter-name> <filter-class> @@ -67,25 +52,18 @@ <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> - </filter> - - <!-- Uncomment this to apply the CSRF filter mapping in Archiva - <filter-mapping> - <filter-name>redback-csrf</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> - --> - + </filter> + <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> - <!-- this must be before the sitemesh filter --> - <filter-mapping> - <filter-name>webwork-cleanup</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> + <!-- this must be before the sitemesh filter --> + <filter-mapping> + <filter-name>webwork-cleanup</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> <filter-mapping> <filter-name>sitemesh</filter-name> diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/css/site.css b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/css/site.css index 996614608..8b24948db 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/css/site.css +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/css/site.css @@ -45,7 +45,7 @@ font-weight: bold; margin: 15px auto 0px auto; height: auto; - width: 150px; + width: 280px; min-width: 120px; display: block; } @@ -113,7 +113,7 @@ .download table { margin-left: 2px; - width: 140px; + width: 270px; } .download .icon { @@ -122,7 +122,7 @@ .download .type { font-size: 0.9em; - text-align: center; + text-align: left; } .download .size { diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/images/download.bl.gif b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/images/download.bl.gif Binary files differindex c59ba0062..849bd582e 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/images/download.bl.gif +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/images/download.bl.gif diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/images/download.ml.gif b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/images/download.ml.gif Binary files differindex 8fcfa4220..7f193e405 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/images/download.ml.gif +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/images/download.ml.gif diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/images/download.tl.gif b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/images/download.tl.gif Binary files differindex b4a8e97d3..06ace5d45 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/images/download.tl.gif +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/images/download.tl.gif diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/DeleteArtifactActionTest.java b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/DeleteArtifactActionTest.java new file mode 100644 index 000000000..9e5a3ae0f --- /dev/null +++ b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/DeleteArtifactActionTest.java @@ -0,0 +1,188 @@ +package org.apache.maven.archiva.web.action; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import com.opensymphony.xwork2.ObjectFactory; +import com.opensymphony.xwork2.validator.ActionValidatorManager; +import com.opensymphony.xwork2.validator.ActionValidatorManagerFactory; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import junit.framework.TestCase; +import org.apache.maven.archiva.web.validator.utils.ValidatorUtil; + +public class DeleteArtifactActionTest extends TestCase +{ + private static final String EMPTY_STRING = ""; + + // valid inputs + private static final String GROUP_ID_VALID_INPUT = "abcXYZ0129._-"; + + private static final String ARTIFACT_ID_VALID_INPUT = "abcXYZ0129._-"; + + private static final String VERSION_VALID_INPUT = "1.2.3"; + + private static final String REPOSITORY_ID_VALID_INPUT = "abcXYZ0129._-"; + + // invalid inputs + private static final String GROUP_ID_INVALID_INPUT = "<> \\/~+[ ]'\""; + + private static final String ARTIFACT_ID_INVALID_INPUT = "<> \\/~+[ ]'\""; + + private static final String VERSION_INVALID_INPUT = "<>"; + + private static final String REPOSITORY_ID_INVALID_INPUT = "<> \\/~+[ ]'\""; + + // testing requisite + private DeleteArtifactAction deleteArtifactAction; + + private ActionValidatorManager actionValidatorManager; + + @Override + public void setUp() throws Exception + { + deleteArtifactAction = new DeleteArtifactAction(); + ObjectFactory.setObjectFactory(new ObjectFactory()); + actionValidatorManager = ActionValidatorManagerFactory.getInstance(); + } + + public void testStruts2ValidationFrameworkWithNullInputs() throws Exception + { + // prep + populateDeleteArtifactActionFields(deleteArtifactAction, null, null, null, null); + + // test + actionValidatorManager.validate(deleteArtifactAction, EMPTY_STRING); + + // verify + assertTrue(deleteArtifactAction.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = deleteArtifactAction.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a groupId."); + expectedFieldErrors.put("groupId", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter an artifactId."); + expectedFieldErrors.put("artifactId", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a version."); + expectedFieldErrors.put("version", expectedErrorMessages); + + // repositoryId is not required. + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithBlankInputs() throws Exception + { + // prep + populateDeleteArtifactActionFields(deleteArtifactAction, EMPTY_STRING, EMPTY_STRING, EMPTY_STRING, EMPTY_STRING); + + // test + actionValidatorManager.validate(deleteArtifactAction, EMPTY_STRING); + + // verify + assertTrue(deleteArtifactAction.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = deleteArtifactAction.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a groupId."); + expectedFieldErrors.put("groupId", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter an artifactId."); + expectedFieldErrors.put("artifactId", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a version."); + expectedFieldErrors.put("version", expectedErrorMessages); + + // repositoryId is not required. + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithInvalidInputs() throws Exception + { + // prep + populateDeleteArtifactActionFields(deleteArtifactAction, GROUP_ID_INVALID_INPUT, ARTIFACT_ID_INVALID_INPUT, VERSION_INVALID_INPUT, REPOSITORY_ID_INVALID_INPUT); + + // test + actionValidatorManager.validate(deleteArtifactAction, EMPTY_STRING); + + // verify + assertTrue(deleteArtifactAction.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = deleteArtifactAction.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Group id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("groupId", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Artifact id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("artifactId", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Repository id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("repositoryId", expectedErrorMessages); + + // version has its validation in the validate() method of the action class. + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithValidInputs() throws Exception + { + // prep + populateDeleteArtifactActionFields(deleteArtifactAction, GROUP_ID_VALID_INPUT, ARTIFACT_ID_VALID_INPUT, VERSION_VALID_INPUT, REPOSITORY_ID_VALID_INPUT); + + // test + actionValidatorManager.validate(deleteArtifactAction, EMPTY_STRING); + + // verify + assertFalse(deleteArtifactAction.hasFieldErrors()); + } + + private void populateDeleteArtifactActionFields(DeleteArtifactAction deleteArtifactAction, String groupId, String artifactId, String version, String repositoryId) + { + deleteArtifactAction.setGroupId(groupId); + deleteArtifactAction.setArtifactId(artifactId); + deleteArtifactAction.setVersion(version); + deleteArtifactAction.setRepositoryId(repositoryId); + } +} diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/appearance/EditOrganizationInfoActionTest.java b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/appearance/EditOrganizationInfoActionTest.java index e076261a8..2b054a000 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/appearance/EditOrganizationInfoActionTest.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/appearance/EditOrganizationInfoActionTest.java @@ -20,12 +20,47 @@ package org.apache.maven.archiva.web.action.admin.appearance; */ import com.opensymphony.xwork2.Action; +import com.opensymphony.xwork2.ObjectFactory; +import com.opensymphony.xwork2.validator.ActionValidatorManager; +import com.opensymphony.xwork2.validator.ActionValidatorManagerFactory; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; import org.apache.maven.archiva.configuration.OrganisationInformation; +import org.apache.maven.archiva.web.validator.utils.ValidatorUtil; /** */ public class EditOrganizationInfoActionTest extends AbstractOrganizationInfoActionTest { + private static final String EMPTY_STRING = ""; + + // valid inputs + private static final String ORGANISATION_NAME_VALID_INPUT = "abcXYZ0129. _/\\~ :?!&=-"; + + private static final String ORGANISATION_URL_VALID_INPUT = "file://home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\""; + + private static final String ORGANISATION_LOGO_VALID_INPUT = "file://home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\""; + + // invalid inputs + private static final String ORGANISATION_NAME_INVALID_INPUT = "<>~+[ ]'\""; + + private static final String ORGANISATION_URL_INVALID_INPUT = "/home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\""; + + private static final String ORGANISATION_LOGO_INVALID_INPUT = "/home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\""; + + // testing requisite + private ActionValidatorManager actionValidatorManager; + + @Override + public void setUp() throws Exception + { + super.setUp(); + ObjectFactory.setObjectFactory(new ObjectFactory()); + actionValidatorManager = ActionValidatorManagerFactory.getInstance(); + } + public void testOrganisationInfoSaves() throws Exception { @@ -56,6 +91,109 @@ public class EditOrganizationInfoActionTest extends AbstractOrganizationInfoActi assertEquals("URL1", orginfo.getUrl()); } + public void testStruts2ValidationFrameworkWithNullInputs() throws Exception + { + // prep + action = getAction(); + populateOrganisationValues(action, null, null, null); + + // test + actionValidatorManager.validate(action, EMPTY_STRING); + + // verify + assertTrue(action.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = action.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a name"); + expectedFieldErrors.put("organisationName", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithBlankInputs() throws Exception + { + // prep + action = getAction(); + populateOrganisationValues(action, EMPTY_STRING, EMPTY_STRING, EMPTY_STRING); + + // test + actionValidatorManager.validate(action, EMPTY_STRING); + + // verify + assertTrue(action.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = action.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a name"); + expectedFieldErrors.put("organisationName", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithInvalidInputs() throws Exception + { + // prep + action = getAction(); + populateOrganisationValues(action, ORGANISATION_NAME_INVALID_INPUT, ORGANISATION_URL_INVALID_INPUT, ORGANISATION_LOGO_INVALID_INPUT); + + // test + actionValidatorManager.validate(action, EMPTY_STRING); + + // verify + assertTrue(action.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = action.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Organisation name must only contain alphanumeric characters, white-spaces(' '), equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)."); + expectedFieldErrors.put("organisationName", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a URL"); + expectedFieldErrors.put("organisationUrl", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a URL"); + expectedFieldErrors.put("organisationLogo", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithValidInputs() throws Exception + { + // prep + action = getAction(); + populateOrganisationValues(action, ORGANISATION_NAME_VALID_INPUT, ORGANISATION_URL_VALID_INPUT, ORGANISATION_LOGO_VALID_INPUT); + + // test + actionValidatorManager.validate(action, EMPTY_STRING); + + // verify + assertFalse(action.hasFieldErrors()); + } + + private void populateOrganisationValues(AbstractAppearanceAction abstractAppearanceAction , String name, String url, String logo) + { + abstractAppearanceAction.setOrganisationName(name); + abstractAppearanceAction.setOrganisationUrl(url); + abstractAppearanceAction.setOrganisationLogo(logo); + } + @Override protected AbstractAppearanceAction getAction() { diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathActionTest.java b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathActionTest.java new file mode 100644 index 000000000..0a10f1546 --- /dev/null +++ b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/legacy/AddLegacyArtifactPathActionTest.java @@ -0,0 +1,232 @@ +package org.apache.maven.archiva.web.action.admin.legacy; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import com.opensymphony.xwork2.ObjectFactory; +import com.opensymphony.xwork2.validator.ActionValidatorManager; +import com.opensymphony.xwork2.validator.ActionValidatorManagerFactory; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import junit.framework.TestCase; +import org.apache.maven.archiva.configuration.LegacyArtifactPath; +import org.apache.maven.archiva.web.validator.utils.ValidatorUtil; + +public class AddLegacyArtifactPathActionTest extends TestCase +{ + private static final String EMPTY_STRING = ""; + + // valid inputs + private static final String LEGACY_ARTIFACT_PATH_PATH_VALID_INPUT = "-abcXYZ0129._/\\"; + + private static final String GROUP_ID_VALID_INPUT = "abcXYZ0129._-"; + + private static final String ARTIFACT_ID_VALID_INPUT = "abcXYZ0129._-"; + + private static final String VERSION_VALID_INPUT = "abcXYZ0129._-"; + + private static final String CLASSIFIER_VALID_INPUT = "abcXYZ0129._-"; + + private static final String TYPE_VALID_INPUT = "abcXYZ0129._-"; + + // invalid inputs + private static final String LEGACY_ARTIFACT_PATH_PATH_INVALID_INPUT = "<> ~+[ ]'\""; + + private static final String GROUP_ID_INVALID_INPUT = "<> \\/~+[ ]'\""; + + private static final String ARTIFACT_ID_INVALID_INPUT = "<> \\/~+[ ]'\""; + + private static final String VERSION_INVALID_INPUT = "<> \\/~+[ ]'\""; + + private static final String CLASSIFIER_INVALID_INPUT = "<> \\/~+[ ]'\""; + + private static final String TYPE_INVALID_INPUT = "<> \\/~+[ ]'\""; + + // testing requisite + private AddLegacyArtifactPathAction addLegacyArtifactPathAction; + + private ActionValidatorManager actionValidatorManager; + + @Override + public void setUp() throws Exception + { + addLegacyArtifactPathAction = new AddLegacyArtifactPathAction(); + ObjectFactory.setObjectFactory(new ObjectFactory()); + actionValidatorManager = ActionValidatorManagerFactory.getInstance(); + } + + public void testStruts2ValidationFrameworkWithNullInputs() throws Exception + { + // prep + LegacyArtifactPath legacyArtifactPath = createLegacyArtifactPath(null); + populateAddLegacyArtifactPathActionFields(addLegacyArtifactPathAction, legacyArtifactPath, null, null, null, null, null); + + // test + actionValidatorManager.validate(addLegacyArtifactPathAction, EMPTY_STRING); + + // verify + assertTrue(addLegacyArtifactPathAction.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = addLegacyArtifactPathAction.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a legacy path."); + expectedFieldErrors.put("legacyArtifactPath.path", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a groupId."); + expectedFieldErrors.put("groupId", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter an artifactId."); + expectedFieldErrors.put("artifactId", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a version."); + expectedFieldErrors.put("version", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a type."); + expectedFieldErrors.put("type", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithBlankInputs() throws Exception + { + // prep + LegacyArtifactPath legacyArtifactPath = createLegacyArtifactPath(EMPTY_STRING); + populateAddLegacyArtifactPathActionFields(addLegacyArtifactPathAction, legacyArtifactPath, EMPTY_STRING, EMPTY_STRING, EMPTY_STRING, EMPTY_STRING, EMPTY_STRING); + + // test + actionValidatorManager.validate(addLegacyArtifactPathAction, EMPTY_STRING); + + // verify + assertTrue(addLegacyArtifactPathAction.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = addLegacyArtifactPathAction.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a legacy path."); + expectedFieldErrors.put("legacyArtifactPath.path", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a groupId."); + expectedFieldErrors.put("groupId", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter an artifactId."); + expectedFieldErrors.put("artifactId", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a version."); + expectedFieldErrors.put("version", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a type."); + expectedFieldErrors.put("type", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithInvalidInputs() throws Exception + { + // prep + LegacyArtifactPath legacyArtifactPath = createLegacyArtifactPath(LEGACY_ARTIFACT_PATH_PATH_INVALID_INPUT); + populateAddLegacyArtifactPathActionFields(addLegacyArtifactPathAction, legacyArtifactPath, GROUP_ID_INVALID_INPUT, ARTIFACT_ID_INVALID_INPUT, VERSION_INVALID_INPUT, CLASSIFIER_INVALID_INPUT, TYPE_INVALID_INPUT); + + // test + actionValidatorManager.validate(addLegacyArtifactPathAction, EMPTY_STRING); + + // verify + assertTrue(addLegacyArtifactPathAction.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = addLegacyArtifactPathAction.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Legacy path must only contain alphanumeric characters, forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("legacyArtifactPath.path", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Group id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("groupId", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Artifact id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("artifactId", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Version must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("version", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Classifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("classifier", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Type must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("type", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithValidInputs() throws Exception + { + // prep + LegacyArtifactPath legacyArtifactPath = createLegacyArtifactPath(LEGACY_ARTIFACT_PATH_PATH_VALID_INPUT); + populateAddLegacyArtifactPathActionFields(addLegacyArtifactPathAction, legacyArtifactPath, GROUP_ID_VALID_INPUT, ARTIFACT_ID_VALID_INPUT, VERSION_VALID_INPUT, CLASSIFIER_VALID_INPUT, TYPE_VALID_INPUT); + + // test + actionValidatorManager.validate(addLegacyArtifactPathAction, EMPTY_STRING); + + // verify + assertFalse(addLegacyArtifactPathAction.hasFieldErrors()); + } + + private LegacyArtifactPath createLegacyArtifactPath(String path) + { + LegacyArtifactPath legacyArtifactPath = new LegacyArtifactPath(); + legacyArtifactPath.setPath(path); + return legacyArtifactPath; + } + + private void populateAddLegacyArtifactPathActionFields(AddLegacyArtifactPathAction addLegacyArtifactPathAction, LegacyArtifactPath legacyArtifactPath, String groupId, String artifactId, String version, String classifier, String type) + { + addLegacyArtifactPathAction.setLegacyArtifactPath(legacyArtifactPath); + addLegacyArtifactPathAction.setGroupId(groupId); + addLegacyArtifactPathAction.setArtifactId(artifactId); + addLegacyArtifactPathAction.setVersion(version); + addLegacyArtifactPathAction.setClassifier(classifier); + addLegacyArtifactPathAction.setType(type); + } +} diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyActionTest.java b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyActionTest.java new file mode 100644 index 000000000..071373963 --- /dev/null +++ b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/networkproxies/ConfigureNetworkProxyActionTest.java @@ -0,0 +1,216 @@ +package org.apache.maven.archiva.web.action.admin.networkproxies; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import com.opensymphony.xwork2.ObjectFactory; +import com.opensymphony.xwork2.validator.ActionValidatorManager; +import com.opensymphony.xwork2.validator.ActionValidatorManagerFactory; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import junit.framework.TestCase; +import org.apache.maven.archiva.configuration.NetworkProxyConfiguration; +import org.apache.maven.archiva.web.validator.utils.ValidatorUtil; + +public class ConfigureNetworkProxyActionTest extends TestCase +{ + private static final String EMPTY_STRING = ""; + + private static final String VALIDATION_CONTEXT = "saveNetworkProxy"; + + // valid inputs + private static final String PROXY_ID_VALID_INPUT = "abcXYZ0129._-"; + + private static final String PROXY_PROTOCOL_VALID_INPUT = "-abcXYZ0129./:\\"; + + private static final String PROXY_HOST_VALID_INPUT = "abcXYZ0129._/\\~:?!&=-"; + + private static final int PROXY_PORT_VALID_INPUT = 8080; + + private static final String PROXY_USERNAME_VALID_INPUT = "abcXYZ0129.@/_-\\"; + + // invalid inputs + private static final String PROXY_ID_INVALID_INPUT = "<> \\/~+[ ]'\""; + + private static final String PROXY_PROTOCOL_INVALID_INPUT = "<> ~+[ ]'\""; + + private static final String PROXY_HOST_INVALID_INPUT = "<> ~+[ ]'\""; + + private static final int PROXY_PORT_INVALID_INPUT = 0; + + private static final String PROXY_USERNAME_INVALID_INPUT = "<> ~+[ ]'\""; + + // testing requisite + private ConfigureNetworkProxyAction configureNetworkProxyAction; + + private ActionValidatorManager actionValidatorManager; + + @Override + public void setUp() + { + configureNetworkProxyAction = new ConfigureNetworkProxyAction(); + ObjectFactory.setObjectFactory(new ObjectFactory()); + actionValidatorManager = ActionValidatorManagerFactory.getInstance(); + } + + public void testStruts2ValidationFrameworkWithNullInputs() throws Exception + { + // prep + NetworkProxyConfiguration networkProxyConfiguration = createNetworkProxyConfiguration(null, null, null, null); + configureNetworkProxyAction.setProxy(networkProxyConfiguration); + + // test + actionValidatorManager.validate(configureNetworkProxyAction, VALIDATION_CONTEXT); + + // verify + assertTrue(configureNetworkProxyAction.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = configureNetworkProxyAction.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter an identifier."); + expectedFieldErrors.put("proxy.id", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a protocol."); + expectedFieldErrors.put("proxy.protocol", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a host."); + expectedFieldErrors.put("proxy.host", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithBlankInputs() throws Exception + { + // prep + NetworkProxyConfiguration networkProxyConfiguration = createNetworkProxyConfiguration(EMPTY_STRING, EMPTY_STRING, EMPTY_STRING, EMPTY_STRING); + configureNetworkProxyAction.setProxy(networkProxyConfiguration); + + // test + actionValidatorManager.validate(configureNetworkProxyAction, VALIDATION_CONTEXT); + + // verify + assertTrue(configureNetworkProxyAction.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = configureNetworkProxyAction.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter an identifier."); + expectedFieldErrors.put("proxy.id", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a protocol."); + expectedFieldErrors.put("proxy.protocol", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a host."); + expectedFieldErrors.put("proxy.host", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithInvalidInputs() throws Exception + { + // prep + NetworkProxyConfiguration networkProxyConfiguration = createNetworkProxyConfiguration(PROXY_ID_INVALID_INPUT, PROXY_HOST_INVALID_INPUT, PROXY_PORT_INVALID_INPUT, PROXY_PROTOCOL_INVALID_INPUT, PROXY_USERNAME_INVALID_INPUT); + configureNetworkProxyAction.setProxy(networkProxyConfiguration); + + // test + actionValidatorManager.validate(configureNetworkProxyAction, VALIDATION_CONTEXT); + + // verify + assertTrue(configureNetworkProxyAction.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = configureNetworkProxyAction.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Proxy id must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("proxy.id", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Protocol must only contain alphanumeric characters, forward-slashes(/), back-slashes(\\), dots(.), colons(:), and dashes(-)."); + expectedFieldErrors.put("proxy.protocol", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Host must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)."); + expectedFieldErrors.put("proxy.host", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Port needs to be larger than 1"); + expectedFieldErrors.put("proxy.port", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Username must only contain alphanumeric characters, at's(@), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("proxy.username", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithValidInputs() throws Exception + { + // prep + NetworkProxyConfiguration networkProxyConfiguration = createNetworkProxyConfiguration(PROXY_ID_VALID_INPUT, PROXY_HOST_VALID_INPUT, PROXY_PORT_VALID_INPUT, PROXY_PROTOCOL_VALID_INPUT, PROXY_USERNAME_VALID_INPUT); + configureNetworkProxyAction.setProxy(networkProxyConfiguration); + + // test + actionValidatorManager.validate(configureNetworkProxyAction, VALIDATION_CONTEXT); + + // verify + assertFalse(configureNetworkProxyAction.hasFieldErrors()); + } + + private NetworkProxyConfiguration createNetworkProxyConfiguration(String id, String host, int port, String protocol, String username) + { + NetworkProxyConfiguration networkProxyConfiguration = new NetworkProxyConfiguration(); + networkProxyConfiguration.setId(id); + networkProxyConfiguration.setHost(host); + networkProxyConfiguration.setPort(port); + networkProxyConfiguration.setProtocol(protocol); + networkProxyConfiguration.setUsername(username); + return networkProxyConfiguration; + } + + // over-loaded + // for simulating empty/null form purposes; excluding primitive data-typed values + private NetworkProxyConfiguration createNetworkProxyConfiguration(String id, String host, String protocol, String username) + { + NetworkProxyConfiguration networkProxyConfiguration = new NetworkProxyConfiguration(); + networkProxyConfiguration.setId(id); + networkProxyConfiguration.setHost(host); + networkProxyConfiguration.setProtocol(protocol); + networkProxyConfiguration.setUsername(username); + return networkProxyConfiguration; + } +} diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoryActionTest.java b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoryActionTest.java new file mode 100644 index 000000000..8e2085d22 --- /dev/null +++ b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoryActionTest.java @@ -0,0 +1,117 @@ +package org.apache.maven.archiva.web.action.admin.repositories; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import com.opensymphony.xwork2.ObjectFactory; +import com.opensymphony.xwork2.validator.ActionValidatorManager; +import com.opensymphony.xwork2.validator.ActionValidatorManagerFactory; +import java.io.File; +import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; +import org.codehaus.plexus.spring.PlexusInSpringTestCase; + +public abstract class AbstractManagedRepositoryActionTest extends PlexusInSpringTestCase +{ + protected static final String EMPTY_STRING = ""; + + // valid inputs; validation testing + protected static final String REPOSITORY_ID_VALID_INPUT = "abcXYZ0129._-"; + + protected static final String REPOSITORY_LOCATION_VALID_INPUT = "abcXYZ0129._/\\~:?!&=-"; + + protected static final String REPOSITORY_INDEX_DIR_VALID_INPUT = "abcXYZ0129._/\\~:?!&=-"; + + protected static final String REPOSITORY_NAME_VALID_INPUT = "abcXYZ 0129.)/ _(-"; + + protected static final int REPOSITORY_RETENTION_COUNT_VALID_INPUT = 1; + + protected static final int REPOSITORY_DAYS_OLDER_VALID_INPUT = 1; + + // invalid inputs; validation testing + protected static final String REPOSITORY_ID_INVALID_INPUT = "<> \\/~+[ ]'\""; + + protected static final String REPOSITORY_LOCATION_INVALID_INPUT = "<> ~+[ ]'\""; + + protected static final String REPOSITORY_INDEX_DIR_INVALID_INPUT = "<> ~+[ ]'\""; + + protected static final String REPOSITORY_NAME_INVALID_INPUT = "<>\\~+[]'\""; + + protected static final int REPOSITORY_RETENTION_COUNT_INVALID_INPUT = 101; + + protected static final int REPOSITORY_DAYS_OLDER_INVALID_INPUT = -1; + + // testing requisite; validation testing + protected ActionValidatorManager actionValidatorManager; + + protected static final String REPO_ID = "repo-ident"; + + protected File location; + + @Override + protected void setUp() throws Exception + { + super.setUp(); + + ObjectFactory.setObjectFactory(new ObjectFactory()); + actionValidatorManager = ActionValidatorManagerFactory.getInstance(); + } + + protected void populateRepository( ManagedRepositoryConfiguration repository ) + { + repository.setId( REPO_ID ); + repository.setName( "repo name" ); + repository.setLocation( location.getAbsolutePath() ); + repository.setLayout( "default" ); + repository.setRefreshCronExpression( "* 0/5 * * * ?" ); + repository.setDaysOlder( 31 ); + repository.setRetentionCount( 20 ); + repository.setReleases( true ); + repository.setSnapshots( true ); + repository.setScanned( false ); + repository.setDeleteReleasedSnapshots( true ); + } + + protected ManagedRepositoryConfiguration createManagedRepositoryConfiguration(String id, String name, String location, String indexDir, int daysOlder, int retentionCount) + { + ManagedRepositoryConfiguration managedRepositoryConfiguration = new ManagedRepositoryConfiguration(); + + managedRepositoryConfiguration.setId(id); + managedRepositoryConfiguration.setName(name); + managedRepositoryConfiguration.setLocation(location); + managedRepositoryConfiguration.setIndexDir(indexDir); + managedRepositoryConfiguration.setDaysOlder(daysOlder); + managedRepositoryConfiguration.setRetentionCount(retentionCount); + + return managedRepositoryConfiguration; + } + + // over-loaded + // for simulating empty/null form purposes; excluding primitive data-typed values + protected ManagedRepositoryConfiguration createManagedRepositoryConfiguration(String id, String name, String location, String indexDir) + { + ManagedRepositoryConfiguration managedRepositoryConfiguration = new ManagedRepositoryConfiguration(); + + managedRepositoryConfiguration.setId(id); + managedRepositoryConfiguration.setName(name); + managedRepositoryConfiguration.setLocation(location); + managedRepositoryConfiguration.setIndexDir(indexDir); + + return managedRepositoryConfiguration; + } +} diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java index 7accb4b7c..e6b613a4a 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java @@ -30,11 +30,14 @@ import org.apache.maven.archiva.security.ArchivaRoleConstants; import org.codehaus.plexus.redback.role.RoleManager; import org.codehaus.redback.integration.interceptor.SecureActionBundle; import org.codehaus.redback.integration.interceptor.SecureActionException; -import org.codehaus.plexus.spring.PlexusInSpringTestCase; import org.easymock.MockControl; -import java.io.File; +import java.util.ArrayList; import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import org.apache.maven.archiva.web.validator.utils.ValidatorUtil; /** * AddManagedRepositoryActionTest @@ -42,7 +45,7 @@ import java.util.Collections; * @version $Id$ */ public class AddManagedRepositoryActionTest - extends PlexusInSpringTestCase + extends AbstractManagedRepositoryActionTest { private AddManagedRepositoryAction action; @@ -57,10 +60,6 @@ public class AddManagedRepositoryActionTest private ArchivaAuditLogsDao auditLogsDao; private MockControl auditLogsDaoControl; - - private static final String REPO_ID = "repo-ident"; - - private File location; @Override protected String getPlexusConfigLocation() @@ -190,20 +189,131 @@ public class AddManagedRepositoryActionTest String status = action.commit(); assertEquals( AddManagedRepositoryAction.CONFIRM, status ); } - - private void populateRepository( ManagedRepositoryConfiguration repository ) + + public void testStruts2ValidationFrameworkWithNullInputs() throws Exception + { + // prep + // 0 is the default value for primitive int; null for objects + ManagedRepositoryConfiguration managedRepositoryConfiguration = createManagedRepositoryConfiguration(null, null, null, null); + action.setRepository(managedRepositoryConfiguration); + + // test + actionValidatorManager.validate(action, EMPTY_STRING); + + // verify + assertTrue(action.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = action.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a repository identifier."); + expectedFieldErrors.put("repository.id", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a directory."); + expectedFieldErrors.put("repository.location", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a repository name."); + expectedFieldErrors.put("repository.name", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithBlankInputs() throws Exception + { + // prep + // 0 is the default value for primitive int + ManagedRepositoryConfiguration managedRepositoryConfiguration = createManagedRepositoryConfiguration(EMPTY_STRING, EMPTY_STRING, EMPTY_STRING, EMPTY_STRING); + action.setRepository(managedRepositoryConfiguration); + + // test + actionValidatorManager.validate(action, EMPTY_STRING); + + // verify + assertTrue(action.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = action.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a repository identifier."); + expectedFieldErrors.put("repository.id", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a directory."); + expectedFieldErrors.put("repository.location", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a repository name."); + expectedFieldErrors.put("repository.name", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithInvalidInputs() throws Exception { - repository.setId( REPO_ID ); - repository.setName( "repo name" ); - repository.setLocation( location.getAbsolutePath() ); - repository.setLayout( "default" ); - repository.setRefreshCronExpression( "* 0/5 * * * ?" ); - repository.setDaysOlder( 31 ); - repository.setRetentionCount( 20 ); - repository.setReleases( true ); - repository.setSnapshots( true ); - repository.setScanned( false ); - repository.setDeleteReleasedSnapshots( true ); + // prep + ManagedRepositoryConfiguration managedRepositoryConfiguration = createManagedRepositoryConfiguration(REPOSITORY_ID_INVALID_INPUT, REPOSITORY_NAME_INVALID_INPUT, REPOSITORY_LOCATION_INVALID_INPUT, REPOSITORY_INDEX_DIR_INVALID_INPUT, REPOSITORY_DAYS_OLDER_INVALID_INPUT, REPOSITORY_RETENTION_COUNT_INVALID_INPUT); + action.setRepository(managedRepositoryConfiguration); + + // test + actionValidatorManager.validate(action, EMPTY_STRING); + + // verify + assertTrue(action.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = action.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Identifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("repository.id", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)."); + expectedFieldErrors.put("repository.location", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Repository Name must only contain alphanumeric characters, white-spaces(' '), forward-slashes(/), open-parenthesis('('), close-parenthesis(')'), underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("repository.name", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)."); + expectedFieldErrors.put("repository.indexDir", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Repository Purge By Retention Count needs to be between 1 and 100."); + expectedFieldErrors.put("repository.retentionCount", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Repository Purge By Days Older Than needs to be larger than 0."); + expectedFieldErrors.put("repository.daysOlder", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithValidInputs() throws Exception + { + // prep + ManagedRepositoryConfiguration managedRepositoryConfiguration = createManagedRepositoryConfiguration(REPOSITORY_ID_VALID_INPUT, REPOSITORY_NAME_VALID_INPUT, REPOSITORY_LOCATION_VALID_INPUT, REPOSITORY_INDEX_DIR_VALID_INPUT, REPOSITORY_DAYS_OLDER_VALID_INPUT, REPOSITORY_RETENTION_COUNT_VALID_INPUT); + action.setRepository(managedRepositoryConfiguration); + + // test + actionValidatorManager.validate(action, EMPTY_STRING); + + // verify + assertFalse(action.hasFieldErrors()); } // TODO: test errors during add, other actions diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java index 6f9bdf162..89b8ee57c 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java @@ -20,6 +20,9 @@ package org.apache.maven.archiva.web.action.admin.repositories; */ import com.opensymphony.xwork2.Action; +import com.opensymphony.xwork2.ObjectFactory; +import com.opensymphony.xwork2.validator.ActionValidatorManager; +import com.opensymphony.xwork2.validator.ActionValidatorManagerFactory; import org.apache.maven.archiva.configuration.ArchivaConfiguration; import org.apache.maven.archiva.configuration.Configuration; import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; @@ -41,7 +44,10 @@ import java.io.IOException; import java.util.ArrayList; import java.util.Collections; import java.util.Date; +import java.util.HashMap; import java.util.List; +import java.util.Map; +import org.apache.maven.archiva.web.validator.utils.ValidatorUtil; /** * EditManagedRepositoryActionTest @@ -49,7 +55,7 @@ import java.util.List; * @version $Id$ */ public class EditManagedRepositoryActionTest - extends PlexusInSpringTestCase + extends AbstractManagedRepositoryActionTest { private EditManagedRepositoryAction action; @@ -73,16 +79,13 @@ public class EditManagedRepositoryActionTest private MockControl auditLogsDaoControl; - private static final String REPO_ID = "repo-ident"; - - private File location; - @Override protected String getPlexusConfigLocation() { return AbstractManagedRepositoriesAction.class.getName().replace( '.', '/' ) + "Test.xml"; } - + + @Override protected void setUp() throws Exception { @@ -258,6 +261,132 @@ public class EditManagedRepositoryActionTest repoContentStatsDaoControl.verify(); auditLogsDaoControl.verify(); } + + public void testStruts2ValidationFrameworkWithNullInputs() throws Exception + { + // prep + // 0 is the default value for primitive int; null for objects + ManagedRepositoryConfiguration managedRepositoryConfiguration = createManagedRepositoryConfiguration(null, null, null, null); + action.setRepository(managedRepositoryConfiguration); + + // test + actionValidatorManager.validate(action, EMPTY_STRING); + + // verify + assertTrue(action.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = action.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a repository identifier."); + expectedFieldErrors.put("repository.id", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a directory."); + expectedFieldErrors.put("repository.location", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a repository name."); + expectedFieldErrors.put("repository.name", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithBlankInputs() throws Exception + { + // prep + // 0 is the default value for primitive int + ManagedRepositoryConfiguration managedRepositoryConfiguration = createManagedRepositoryConfiguration(EMPTY_STRING, EMPTY_STRING, EMPTY_STRING, EMPTY_STRING); + action.setRepository(managedRepositoryConfiguration); + + // test + actionValidatorManager.validate(action, EMPTY_STRING); + + // verify + assertTrue(action.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = action.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a repository identifier."); + expectedFieldErrors.put("repository.id", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a directory."); + expectedFieldErrors.put("repository.location", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("You must enter a repository name."); + expectedFieldErrors.put("repository.name", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithInvalidInputs() throws Exception + { + // prep + ManagedRepositoryConfiguration managedRepositoryConfiguration = createManagedRepositoryConfiguration(REPOSITORY_ID_INVALID_INPUT, REPOSITORY_NAME_INVALID_INPUT, REPOSITORY_LOCATION_INVALID_INPUT, REPOSITORY_INDEX_DIR_INVALID_INPUT, REPOSITORY_DAYS_OLDER_INVALID_INPUT, REPOSITORY_RETENTION_COUNT_INVALID_INPUT); + action.setRepository(managedRepositoryConfiguration); + + // test + actionValidatorManager.validate(action, EMPTY_STRING); + + // verify + assertTrue(action.hasFieldErrors()); + + Map<String, List<String>> fieldErrors = action.getFieldErrors(); + + // make an expected field error object + Map<String, List<String>> expectedFieldErrors = new HashMap<String, List<String>>(); + + // populate + List<String> expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Identifier must only contain alphanumeric characters, underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("repository.id", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)."); + expectedFieldErrors.put("repository.location", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Repository Name must only contain alphanumeric characters, white-spaces(' '), forward-slashes(/), open-parenthesis('('), close-parenthesis(')'), underscores(_), dots(.), and dashes(-)."); + expectedFieldErrors.put("repository.name", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)."); + expectedFieldErrors.put("repository.indexDir", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Repository Purge By Retention Count needs to be between 1 and 100."); + expectedFieldErrors.put("repository.retentionCount", expectedErrorMessages); + + expectedErrorMessages = new ArrayList<String>(); + expectedErrorMessages.add("Repository Purge By Days Older Than needs to be larger than 0."); + expectedFieldErrors.put("repository.daysOlder", expectedErrorMessages); + + ValidatorUtil.assertFieldErrors(expectedFieldErrors, fieldErrors); + } + + public void testStruts2ValidationFrameworkWithValidInputs() throws Exception + { + // prep + ManagedRepositoryConfiguration managedRepositoryConfiguration = createManagedRepositoryConfiguration(REPOSITORY_ID_VALID_INPUT, REPOSITORY_NAME_VALID_INPUT, REPOSITORY_LOCATION_VALID_INPUT, REPOSITORY_INDEX_DIR_VALID_INPUT, REPOSITORY_DAYS_OLDER_VALID_INPUT, REPOSITORY_RETENTION_COUNT_VALID_INPUT); + action.setRepository(managedRepositoryConfiguration); + + // test + actionValidatorManager.validate(action, EMPTY_STRING); + + // verify + assertFalse(action.hasFieldErrors()); + } private void assertRepositoryEquals( ManagedRepositoryConfiguration expectedRepository, ManagedRepositoryConfiguration actualRepository ) @@ -292,22 +421,6 @@ public class EditManagedRepositoryActionTest return r; } - private void populateRepository( ManagedRepositoryConfiguration repository ) - throws IOException - { - repository.setId( REPO_ID ); - repository.setName( "repo name" ); - repository.setLocation( location.getCanonicalPath() ); - repository.setLayout( "default" ); - repository.setRefreshCronExpression( "* 0/5 * * * ?" ); - repository.setDaysOlder( 31 ); - repository.setRetentionCount( 20 ); - repository.setReleases( true ); - repository.setSnapshots( true ); - repository.setScanned( false ); - repository.setDeleteReleasedSnapshots( true ); - } - private List<RepositoryContentStatistics> createRepositoryContentStatisticsList() { List<RepositoryContentStatistics> repoStatsList = new ArrayList<RepositoryContentStatistics>(); diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/validator/utils/ValidatorUtil.java b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/validator/utils/ValidatorUtil.java new file mode 100644 index 000000000..a02301eeb --- /dev/null +++ b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/validator/utils/ValidatorUtil.java @@ -0,0 +1,62 @@ +package org.apache.maven.archiva.web.validator.utils; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import java.util.List; +import java.util.Map; +import junit.framework.Assert; + +public class ValidatorUtil +{ + public static void assertFieldErrors(Map<String, List<String>> expectedFieldErrors, Map<String, List<String>> actualFieldErrors) + { + if(expectedFieldErrors != null) + { + Assert.assertNotNull(actualFieldErrors); + // checks the number of field errors + Assert.assertEquals(expectedFieldErrors.size(), actualFieldErrors.size()); + + // check every content of the field error + for(Map.Entry<String, List<String>> expectedEntry : expectedFieldErrors.entrySet()) + { + if(expectedEntry.getValue() != null) + { + Assert.assertNotNull(actualFieldErrors.get(expectedEntry.getKey())); + // checks the error message count per error field + Assert.assertEquals(expectedEntry.getValue().size(), actualFieldErrors.get(expectedEntry.getKey()).size()); + + // check the contents of error messages per field error + for(int i = 0; i < expectedEntry.getValue().size(); i++) + { + Assert.assertEquals(expectedEntry.getValue().get(i), actualFieldErrors.get(expectedEntry.getKey()).get(i)); + } + } + else + { + Assert.assertNull(actualFieldErrors.get(expectedEntry.getKey())); + } + } + } + else + { + Assert.assertNull(actualFieldErrors); + } + } +} @@ -1102,7 +1102,7 @@ <properties> <maven.version>2.0.8</maven.version> <wagon.version>1.0-beta-5</wagon.version> - <redback.version>1.2.7</redback.version> + <redback.version>1.2.8</redback.version> <jetty.version>6.1.19</jetty.version> <slf4j.version>1.5.8</slf4j.version> <binder.version>0.9</binder.version> @@ -1188,6 +1188,25 @@ </plugins> </build> </profile> + <profile> + <id>snapshots-build</id> + <activation> + <activeByDefault>true</activeByDefault> + </activation> + <repositories> + <repository> + <id>redback.snapshots</id> + <name>Codehaus Redback Snapshots Repository</name> + <url>http://snapshots.repository.codehaus.org/</url> + <releases> + <enabled>false</enabled> + </releases> + <snapshots> + <enabled>true</enabled> + </snapshots> + </repository> + </repositories> + </profile> </profiles> <!-- TODO: we need to push this into the parent, and also upgrade to the latest ASF parent POM --> <distributionManagement> |
