aboutsummaryrefslogtreecommitdiffstats
path: root/archiva-modules/archiva-web
diff options
context:
space:
mode:
authorBrett Porter <brett@apache.org>2011-10-03 02:54:45 +0000
committerBrett Porter <brett@apache.org>2011-10-03 02:54:45 +0000
commit6907587afb8f9bb587faa56621c6abd1d669bf99 (patch)
tree7663401111e973ca622b6bd2ba35a082c665becb /archiva-modules/archiva-web
parent242cfa1f9a54d92f025cf688b95761895603acf2 (diff)
downloadarchiva-6907587afb8f9bb587faa56621c6abd1d669bf99.tar.gz
archiva-6907587afb8f9bb587faa56621c6abd1d669bf99.zip
fix tests that check cron expression. Do javascript-based validation of an empty value, then server size validation of valid cron expression
git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1178288 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'archiva-modules/archiva-web')
-rw-r--r--archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java43
-rw-r--r--archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java16
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java8
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java2
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml5
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml5
6 files changed, 58 insertions, 21 deletions
diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java
index 94db3f39c..b51bc0694 100644
--- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java
+++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java
@@ -38,7 +38,7 @@ public class RepositoryTest
assertRepositoriesPage();
}
- @Test( dependsOnMethods = { "testAddManagedRepoValidValues" }, enabled = false )
+ @Test( dependsOnMethods = { "testAddManagedRepoValidValues" } )
public void testAddManagedRepoInvalidValues()
{
getSelenium().open( "/archiva/admin/addRepository.action" );
@@ -55,8 +55,7 @@ public class RepositoryTest
"Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." );
assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." );
- // FIXME: broken
- assertTextPresent( "Invalid cron expression." );
+ assertTextPresent( "Cron expression is required." );
}
@Test
@@ -123,7 +122,7 @@ public class RepositoryTest
assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." );
}
- @Test( enabled = false )
+ @Test
public void testAddManagedRepoBlankValues()
{
getSelenium().open( "/archiva/admin/addRepository.action" );
@@ -132,8 +131,7 @@ public class RepositoryTest
assertTextPresent( "You must enter a repository identifier." );
assertTextPresent( "You must enter a repository name." );
assertTextPresent( "You must enter a directory." );
- // FIXME: broken
- assertTextPresent( "Invalid cron expression." );
+ assertTextPresent( "Cron expression is required." );
}
@Test
@@ -165,15 +163,14 @@ public class RepositoryTest
assertTextPresent( "You must enter a directory." );
}
- @Test( enabled = false )
+ @Test
public void testAddManagedRepoNoCron()
{
getSelenium().open( "/archiva/admin/addRepository.action" );
addManagedRepository( "identifier", "name", "/home", "/.index", "Maven 2.x Repository", "", "", "", false );
- // FIXME: broken
- assertTextPresent( "Invalid cron expression." );
+ assertTextPresent( "Cron expression is required." );
}
@Test
@@ -186,7 +183,7 @@ public class RepositoryTest
assertTextPresent( "Managed Repository Sample" );
}
- @Test( dependsOnMethods = { "testAddManagedRepoForEdit" }, enabled = false )
+ @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
public void testEditManagedRepoInvalidValues()
{
editManagedRepository( "<>\\~+[]'\"", "<> ~+[ ]'\"", "<> ~+[ ]'\"", "Maven 2.x Repository", "", "-1", "101" );
@@ -198,8 +195,7 @@ public class RepositoryTest
"Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." );
assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." );
- // FIXME: broken
- assertTextPresent( "Invalid cron expression." );
+ assertTextPresent( "Cron expression is required." );
}
@Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
@@ -226,11 +222,24 @@ public class RepositoryTest
"Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
}
- @Test( dependsOnMethods = { "testAddManagedRepoForEdit" }, enabled = false )
- public void testEditManagedRepoInvalidCron()
+ @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
+ public void testEditManagedRepoInvalidCronBadText()
+ {
+ editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "asdf", "1", "1" );
+ assertTextPresent( "Invalid cron expression." );
+ }
+
+ @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
+ public void testEditManagedRepoInvalidCronBadValue()
+ {
+ editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "60 0 * * * ?", "1", "1" );
+ assertTextPresent( "Invalid cron expression." );
+ }
+
+ @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
+ public void testEditManagedRepoInvalidCronTooManyElements()
{
- editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "", "1", "1" );
- // FIXME: broken
+ editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "* * * * * * * *", "1", "1" );
assertTextPresent( "Invalid cron expression." );
}
@@ -342,4 +351,4 @@ public class RepositoryTest
assertPage( "Collection: /" );
assertTextPresent( "Collection: /" );
}
-} \ No newline at end of file
+}
diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
index fe868956a..0f05752c9 100644
--- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
+++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
@@ -154,9 +154,10 @@ public class XSSSecurityTest
assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
}
- @Test( enabled = false )
+ @Test
public void testAddManagedRepositoryImmunityToInputFieldCrossSiteScripting()
{
+ // TODO: these are evaluated client side now - we should force it to do server-side to make sure (though this could probably be tested in the webapp tests instead)
getSelenium().open( "/archiva/admin/addRepository.action" );
addManagedRepository( "test\"><script>alert('xss')</script>", "test\"><script>alert('xss')</script>",
"test\"><script>alert('xss')</script>", "test\"><script>alert('xss')</script>",
@@ -172,7 +173,16 @@ public class XSSSecurityTest
"Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." );
assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." );
- // FIXME: broken
+ assertTextPresent( "Cron expression is required." );
+ }
+
+ @Test
+ public void testAddManagedRepositoryImmunityToInputFieldCrossSiteScriptingCron()
+ {
+ // separate test because cron is evaluated server side, not client side
+ getSelenium().open( "/archiva/admin/addRepository.action" );
+ addManagedRepository( "id", "name", "/home", "/.index", "Maven 2.x Repository",
+ "<test\"><script>alert('xss')</script>", "1", "1", true );
assertTextPresent( "Invalid cron expression." );
}
@@ -241,4 +251,4 @@ public class XSSSecurityTest
assertTextPresent(
"Username must only contain alphanumeric characters, at's(@), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)." );
}
-} \ No newline at end of file
+}
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java
index 885079818..488db6c68 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java
@@ -24,6 +24,7 @@ import com.opensymphony.xwork2.Validateable;
import org.apache.archiva.admin.model.RepositoryAdminException;
import org.apache.archiva.admin.model.beans.ManagedRepository;
import org.apache.commons.lang.StringUtils;
+import org.codehaus.redback.components.scheduler.CronExpressionValidator;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Controller;
@@ -102,6 +103,13 @@ public class AddManagedRepositoryAction
@Override
public void validate()
{
+ CronExpressionValidator validator = new CronExpressionValidator();
+
+ if ( !validator.validate( repository.getCronExpression() ) )
+ {
+ addFieldError( "repository.cronExpression", "Invalid cron expression." );
+ }
+
// trim all unecessary trailing/leading white-spaces; always put this statement before the closing braces(after all validation).
trimAllRequestParameterValues();
}
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java
index e4a9dbfd0..f28047afe 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java
@@ -135,7 +135,7 @@ public class EditManagedRepositoryAction
if ( !validator.validate( repository.getCronExpression() ) )
{
- addFieldError( "repository.refreshCronExpression", "Invalid cron expression." );
+ addFieldError( "repository.cronExpression", "Invalid cron expression." );
}
trimAllRequestParameterValues();
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml
index 8c951cbd1..68ffb6cf7 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml
@@ -73,4 +73,9 @@
<message>Repository Purge By Days Older Than needs to be larger than ${min}.</message>
</field-validator>
</field>
+ <field name="repository.cronExpression">
+ <field-validator type="requiredstring">
+ <message>Cron expression is required.</message>
+ </field-validator>
+ </field>
</validators>
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml
index abc9e5526..9f82c37bd 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml
@@ -73,4 +73,9 @@
<message>Repository Purge By Days Older Than needs to be larger than ${min}.</message>
</field-validator>
</field>
+ <field name="repository.cronExpression">
+ <field-validator type="requiredstring">
+ <message>Cron expression is required.</message>
+ </field-validator>
+ </field>
</validators>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-29 14:17:49 +0000