Author: olamy
Date: Mon Sep 19 10:10:14 2011
New Revision: 1172554
URL: http://svn.apache.org/viewvc?rev=1172554&view=rev
Log:
fix more selenium tests no need to wait server response for client side
validation
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AppearanceTest.java
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArchivaTest.java
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractSeleniumTest.java
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AppearanceTest.java
URL:
http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AppearanceTest.java?rev=1172554&r1=1172553&r2=1172554&view=diff
==============================================================================
---
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AppearanceTest.java
(original)
+++
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/AppearanceTest.java
Mon Sep 19 10:10:14 2011
@@ -30,55 +30,67 @@ public class AppearanceTest
{
goToAppearancePage();
clickLinkWithText( "Edit" );
- addEditAppearance( "", "", "" );
+ addEditAppearance( "", "", "", false );
assertTextPresent( "You must enter a name" );
}
- @Test( dependsOnMethods = { "testAddAppearanceEmptyValues" })
- public void testAddAppearanceInvalidValues()
- {
- addEditAppearance( "<>~+[ ]'\"" ,
"/home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\"" ,
"/home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\"" );
- assertTextPresent( "Organisation name must only contain
alphanumeric characters, white-spaces(' '), equals(=), question-marks(?),
exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\),
underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
+ @Test( dependsOnMethods = { "testAddAppearanceEmptyValues" } )
+ public void testAddAppearanceInvalidValues()
+ {
+ addEditAppearance( "<>~+[ ]'\"", "/home/user/abcXYZ0129._/\\~:?!&=-<>
~+[ ]'\"",
+ "/home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\"",
false );
+ assertTextPresent(
+ "Organisation name must only contain alphanumeric characters,
white-spaces(' '), equals(=), question-marks(?), exclamation-points(!),
ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.),
colons(:), tildes(~), and dashes(-)." );
+ assertTextPresent( "You must enter a URL" );
+ //assertXpathCount( "//tr errorfor='saveAppearance_organisationUrl'",
1 );
+ assertXpathCount( "//span[@class='errorMessage/text()='You must enter
a URL']", 1 );
+ assertTextPresent( "You must enter a URL for your logo" );
+ assertXpathCount( "//span[@class='errorMessage/text()='You must enter
a URL for your logo']", 1 );
+
+ }
+
+ @Test( dependsOnMethods = { "testAddAppearanceInvalidValues" } )
+ public void testAddAppearanceInvalidOrganisationName()
+ {
+ addEditAppearance( "<>~+[ ]'\"", "http://www.apache.org/",
"http://www.apache.org/images/asf_logo_wide.gifs",
+ false );
+ assertTextPresent(
+ "Organisation name must only contain alphanumeric characters,
white-spaces(' '), equals(=), question-marks(?), exclamation-points(!),
ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.),
colons(:), tildes(~), and dashes(-)." );
+ }
+
+ @Test( dependsOnMethods = { "testAddAppearanceInvalidOrganisationName" } )
+ public void testAddAppearanceInvalidOrganisationUrl()
+ {
+ addEditAppearance( "The Apache Software Foundation",
"/home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\"",
+ "http://www.apache.org/images/asf_logo_wide.gifs",
false );
assertTextPresent( "You must enter a URL" );
- assertXpathCount("//span[@class='errorMessage' and text()='You must
enter a URL']", 2);
+ assertXpathCount( "//span[@class='errorMessage/text()='You must enter
a URL']", 1 );
}
- @Test( dependsOnMethods = { "testAddAppearanceInvalidValues" })
- public void testAddAppearanceInvalidOrganisationName()
- {
- addEditAppearance( "<>~+[ ]'\"" , "http://www.apache.org/" ,
"http://www.apache.org/images/asf_logo_wide.gifs" );
- assertTextPresent( "Organisation name must only contain alphanumeric
characters, white-spaces(' '), equals(=), question-marks(?),
exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\),
underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
- }
-
- @Test( dependsOnMethods = { "testAddAppearanceInvalidOrganisationName" })
- public void testAddAppearanceInvalidOrganisationUrl()
- {
- addEditAppearance( "The Apache Software Foundation" ,
"/home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\"" ,
"http://www.apache.org/images/asf_logo_wide.gifs" );
- assertTextPresent( "You must enter a URL" );
- assertXpathCount("//span[@class='errorMessage' and text()='You must
enter a URL']", 1);
- }
-
- @Test( dependsOnMethods = { "testAddAppearanceInvalidOrganisationUrl" })
- public void testAddAppearanceInvalidOrganisationLogo()
- {
- addEditAppearance( "The Apache Software Foundation" ,
"http://www.apache.org/" , "/home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\"" );
- assertTextPresent( "You must enter a URL" );
- assertXpathCount("//span[@class='errorMessage' and text()='You must
enter a URL']", 1);
- }
-
- @Test( dependsOnMethods = { "testAddAppearanceInvalidOrganisationLogo"
})
- public void testAddAppearanceValidValues()
- {
- addEditAppearance( "The Apache Software Foundation" ,
"http://www.apache.org/" , "http://www.apache.org/images/asf_logo_wide.gifs" );
- assertTextPresent( "The Apache Software Foundation" );
- }
-
- @Test( dependsOnMethods = { "testAddAppearanceValidValues" })
- public void testEditAppearance()
- {
- clickLinkWithText( "Edit" );
- addEditAppearance( "Apache Software Foundation" ,
"http://www.apache.org/" , "http://www.apache.org/images/asf_logo_wide.gifs" );
- assertTextPresent( "Apache Software Foundation" );
+ @Test( dependsOnMethods = { "testAddAppearanceInvalidOrganisationUrl" } )
+ public void testAddAppearanceInvalidOrganisationLogo()
+ {
+ addEditAppearance( "The Apache Software Foundation",
"http://www.apache.org/",
+ "/home/user/abcXYZ0129._/\\~:?!&=-<> ~+[ ]'\"",
false );
+ assertTextPresent( "You must enter a URL" );
+ assertXpathCount( "//span[@class='errorMessage'/text()='You must enter
a URL']", 1 );
+ }
+
+ @Test( dependsOnMethods = { "testAddAppearanceInvalidOrganisationLogo" } )
+ public void testAddAppearanceValidValues()
+ {
+ addEditAppearance( "The Apache Software Foundation",
"http://www.apache.org/",
+ "http://www.apache.org/images/asf_logo_wide.gifs",
true );
+ assertTextPresent( "The Apache Software Foundation" );
+ }
+
+ @Test( dependsOnMethods = { "testAddAppearanceValidValues" } )
+ public void testEditAppearance()
+ {
+ clickLinkWithText( "Edit" );
+ addEditAppearance( "Apache Software Foundation",
"http://www.apache.org/",
+ "http://www.apache.org/images/asf_logo_wide.gifs",
true );
+ assertTextPresent( "Apache Software Foundation" );
}
}
\ No newline at end of file
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
URL:
http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java?rev=1172554&r1=1172553&r2=1172554&view=diff
==============================================================================
---
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
(original)
+++
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
Mon Sep 19 10:10:14 2011
@@ -19,8 +19,8 @@ package org.apache.archiva.web.test;
* under the License.
*/
-import org.testng.annotations.Test;
import org.apache.archiva.web.test.parent.AbstractArchivaTest;
+import org.testng.annotations.Test;
/**
* Test all actions affected with XSS security issue.
@@ -31,97 +31,125 @@ public class XSSSecurityTest
{
public void testDeleteArtifactImmunityToURLCrossSiteScripting()
{
- getSelenium().open(
"/archiva/deleteArtifact!doDelete.action?groupId=\"/>1<script>alert('xss')</script>&artifactId=\"/>1<script>alert('xss')</script>&version=\"/>1<script>alert('xss')</script>&repositoryId=\"/>1<script>alert('xss')</script>");
+ getSelenium().open(
+
"/archiva/deleteArtifact!doDelete.action?groupId=\"/>1<script>alert('xss')</script>&artifactId=\"/>1<script>alert('xss')</script>&version=\"/>1<script>alert('xss')</script>&repositoryId=\"/>1<script>alert('xss')</script>"
);
assertDeleteArtifactPage();
assertTextPresent( "Invalid version." );
- assertTextPresent( "User is not authorized to delete artifacts in
repository '\"/>1<script>alert('xss')</script>'." );
- assertTextPresent( "Group id must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Artifact id must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Repository id must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertElementValue("//input[@id='deleteArtifact_groupId']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='deleteArtifact_artifactId']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='deleteArtifact_version']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//select[@id='deleteArtifact_repositoryId']",
"internal");
+ assertTextPresent(
+ "User is not authorized to delete artifacts in repository
'\"/>1<script>alert('xss')</script>'." );
+ assertTextPresent(
+ "Group id must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Artifact id must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Repository id must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertElementValue( "//input[@id='deleteArtifact_groupId']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='deleteArtifact_artifactId']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='deleteArtifact_version']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//select[@id='deleteArtifact_repositoryId']",
"internal" );
}
public void testDeleteArtifactImmunityToEncodedURLCrossSiteScripting()
{
- getSelenium().open(
"/archiva/deleteArtifact!doDelete.action?groupId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&artifactId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&version=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&repositoryId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E");
+ getSelenium().open(
+
"/archiva/deleteArtifact!doDelete.action?groupId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&artifactId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&version=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&repositoryId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E"
);
assertDeleteArtifactPage();
assertTextPresent( "Invalid version." );
- assertTextPresent( "User is not authorized to delete artifacts in
repository '\"/>1<script>alert('xss')</script>'." );
- assertTextPresent( "Group id must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Artifact id must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Repository id must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertElementValue("//input[@id='deleteArtifact_groupId']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='deleteArtifact_artifactId']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='deleteArtifact_version']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//select[@id='deleteArtifact_repositoryId']",
"internal");
+ assertTextPresent(
+ "User is not authorized to delete artifacts in repository
'\"/>1<script>alert('xss')</script>'." );
+ assertTextPresent(
+ "Group id must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Artifact id must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Repository id must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertElementValue( "//input[@id='deleteArtifact_groupId']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='deleteArtifact_artifactId']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='deleteArtifact_version']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//select[@id='deleteArtifact_repositoryId']",
"internal" );
}
public void testEditAppearanceImmunityToURLCrossSiteScripting()
{
- getSelenium().open(
"/archiva/admin/configureAppearance.action?organisationName=<script>alert('xss')</script>&organisationUrl=<script>alert('xss')</script>&organisationLogo=<script>alert('xss')</script>");
+ getSelenium().open(
+
"/archiva/admin/configureAppearance.action?organisationName=<script>alert('xss')</script>&organisationUrl=<script>alert('xss')</script>&organisationLogo=<script>alert('xss')</script>"
);
assertAppearancePage();
- assertXpathCount("//td[text()=\"<script>alert('xss')</script>\"]", 1);
- assertXpathCount("//code[text()=\"<script>alert('xss')</script>\"]",
2);
+ assertXpathCount( "//td[text()=\"<script>alert('xss')</script>\"]", 1
);
+ assertXpathCount( "//code[text()=\"<script>alert('xss')</script>\"]",
2 );
}
public void testEditAppearanceImmunityToEncodedURLCrossSiteScripting()
{
- getSelenium().open(
"/archiva/admin/configureAppearance.action?organisationName=%3Cscript%3Ealert('xss')%3C%2Fscript%3E&organisationUrl=%3Cscript%3Ealert('xss')%3C%2Fscript%3E&organisationLogo=%3Cscript%3Ealert('xss')%3C%2Fscript%3E");
+ getSelenium().open(
+
"/archiva/admin/configureAppearance.action?organisationName=%3Cscript%3Ealert('xss')%3C%2Fscript%3E&organisationUrl=%3Cscript%3Ealert('xss')%3C%2Fscript%3E&organisationLogo=%3Cscript%3Ealert('xss')%3C%2Fscript%3E"
);
assertAppearancePage();
- assertXpathCount("//td[text()=\"<script>alert('xss')</script>\"]", 1);
- assertXpathCount("//code[text()=\"<script>alert('xss')</script>\"]",
2);
+ assertXpathCount( "//td[text()=\"<script>alert('xss')</script>\"]", 1
);
+ assertXpathCount( "//code[text()=\"<script>alert('xss')</script>\"]",
2 );
}
public void testAddLegacyArtifactImmunityToURLCrossSiteScripting()
{
- getSelenium().open(
"/archiva/admin/addLegacyArtifactPath!commit.action?legacyArtifactPath.path=\"/>1<script>alert('xss')</script>&groupId=\"/>1<script>alert('xss')</script>&artifactId=\"/>1<script>alert('xss')</script>&version=\"/>1<script>alert('xss')</script>&classifier=\"/>1<script>alert('xss')</script>&type=\"/>1<script>alert('xss')</script>");
+ getSelenium().open(
+
"/archiva/admin/addLegacyArtifactPath!commit.action?legacyArtifactPath.path=\"/>1<script>alert('xss')</script>&groupId=\"/>1<script>alert('xss')</script>&artifactId=\"/>1<script>alert('xss')</script>&version=\"/>1<script>alert('xss')</script>&classifier=\"/>1<script>alert('xss')</script>&type=\"/>1<script>alert('xss')</script>"
);
assertAddLegacyArtifactPathPage();
- assertTextPresent( "Legacy path must only contain alphanumeric
characters, forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and
dashes(-)." );
- assertTextPresent( "Group id must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Artifact id must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Version must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Classifier must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Legacy path must only contain alphanumeric characters,
forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)."
);
+ assertTextPresent(
+ "Group id must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Artifact id must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Version must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Classifier must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
assertTextPresent( "Type must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
-
assertElementValue("//input[@id='addLegacyArtifactPath_legacyArtifactPath_path']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='addLegacyArtifactPath_artifactId']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='addLegacyArtifactPath_version']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='addLegacyArtifactPath_groupId']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='addLegacyArtifactPath_classifier']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='addLegacyArtifactPath_type']",
"\"/>1<script>alert('xss')</script>");
+ assertElementValue(
"//input[@id='addLegacyArtifactPath_legacyArtifactPath_path']",
+ "\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='addLegacyArtifactPath_artifactId']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='addLegacyArtifactPath_version']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='addLegacyArtifactPath_groupId']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='addLegacyArtifactPath_classifier']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='addLegacyArtifactPath_type']",
"\"/>1<script>alert('xss')</script>" );
}
public void testAddLegacyArtifactImmunityToEncodedURLCrossSiteScripting()
{
- getSelenium().open(
"/archiva/admin/addLegacyArtifactPath!commit.action?legacyArtifactPath.path=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&groupId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&artifactId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&version=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&classifier=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&type=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E");
+ getSelenium().open(
+
"/archiva/admin/addLegacyArtifactPath!commit.action?legacyArtifactPath.path=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&groupId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&artifactId=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&version=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&classifier=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E&type=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E"
);
assertAddLegacyArtifactPathPage();
- assertTextPresent( "Legacy path must only contain alphanumeric
characters, forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and
dashes(-)." );
- assertTextPresent( "Group id must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Artifact id must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Version must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Classifier must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Legacy path must only contain alphanumeric characters,
forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)."
);
+ assertTextPresent(
+ "Group id must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Artifact id must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Version must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Classifier must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
assertTextPresent( "Type must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
-
assertElementValue("//input[@id='addLegacyArtifactPath_legacyArtifactPath_path']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='addLegacyArtifactPath_artifactId']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='addLegacyArtifactPath_version']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='addLegacyArtifactPath_groupId']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='addLegacyArtifactPath_classifier']",
"\"/>1<script>alert('xss')</script>");
- assertElementValue("//input[@id='addLegacyArtifactPath_type']",
"\"/>1<script>alert('xss')</script>");
+ assertElementValue(
"//input[@id='addLegacyArtifactPath_legacyArtifactPath_path']",
+ "\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='addLegacyArtifactPath_artifactId']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='addLegacyArtifactPath_version']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='addLegacyArtifactPath_groupId']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='addLegacyArtifactPath_classifier']",
"\"/>1<script>alert('xss')</script>" );
+ assertElementValue( "//input[@id='addLegacyArtifactPath_type']",
"\"/>1<script>alert('xss')</script>" );
}
public void testDeleteNetworkProxyImmunityToURLCrossSiteScripting()
{
- getSelenium().open(
"/archiva/admin/deleteNetworkProxy!confirm.action?proxyid=\"/>1<script>alert('xss')</script>");
+ getSelenium().open(
+
"/archiva/admin/deleteNetworkProxy!confirm.action?proxyid=\"/>1<script>alert('xss')</script>"
);
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found
in the request." );
}
public void testDeleteNetworkProxyImmunityToEncodedURLCrossSiteScripting()
{
- getSelenium().open(
"/archiva/admin/deleteNetworkProxy!confirm.action?proxyid=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E");
+ getSelenium().open(
+
"/archiva/admin/deleteNetworkProxy!confirm.action?proxyid=%22%2F%3E1%3Cscript%3Ealert('xss')%3C%2Fscript%3E"
);
assertTextPresent( "Security Alert - Invalid Token Found" );
assertTextPresent( "Possible CSRF attack detected! Invalid token found
in the request." );
}
@@ -130,61 +158,83 @@ public class XSSSecurityTest
{
goToRepositoriesPage();
getSelenium().open( "/archiva/admin/addRepository.action" );
- addManagedRepository( "test\"><script>alert('xss')</script>",
"test\"><script>alert('xss')</script>" , "test\"><script>alert('xss')</script>"
, "test\"><script>alert('xss')</script>", "Maven 2.x Repository", "", "-1",
"101" );
+ addManagedRepository( "test\"><script>alert('xss')</script>",
"test\"><script>alert('xss')</script>",
+ "test\"><script>alert('xss')</script>",
"test\"><script>alert('xss')</script>",
+ "Maven 2.x Repository", "", "-1", "101" );
// xss inputs are blocked by validation.
- assertTextPresent( "Identifier must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Directory must only contain alphanumeric
characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&),
forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:),
tildes(~), and dashes(-)." );
- assertTextPresent( "Repository Name must only contain alphanumeric
characters, white-spaces(' '), forward-slashes(/), open-parenthesis('('),
close-parenthesis(')'), underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Index directory must only contain alphanumeric
characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&),
forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:),
tildes(~), and dashes(-)." );
- assertTextPresent( "Repository Purge By Retention Count needs to be
between 1 and 100.");
- assertTextPresent( "Repository Purge By Days Older Than needs to be
larger than 0.");
- assertTextPresent( "Invalid cron expression." );
+ assertTextPresent(
+ "Identifier must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Directory must only contain alphanumeric characters, equals(=),
question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/),
back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and
dashes(-)." );
+ assertTextPresent(
+ "Repository Name must only contain alphanumeric characters,
white-spaces(' '), forward-slashes(/), open-parenthesis('('),
close-parenthesis(')'), underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Index directory must only contain alphanumeric characters,
equals(=), question-marks(?), exclamation-points(!), ampersands(&),
forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:),
tildes(~), and dashes(-)." );
+ assertTextPresent( "Repository Purge By Retention Count needs to be
between 1 and 100." );
+ assertTextPresent( "Repository Purge By Days Older Than needs to be
larger than 0." );
+ assertTextPresent( "Invalid cron expression." );
}
public void testEditAppearanceImmunityToInputFieldCrossSiteScripting()
{
goToAppearancePage();
clickLinkWithText( "Edit" );
- addEditAppearance( "test<script>alert('xss')</script>" ,
"test<script>alert('xss')</script>" , "test<script>alert('xss')</script>" );
+ addEditAppearance( "test<script>alert('xss')</script>",
"test<script>alert('xss')</script>",
+ "test<script>alert('xss')</script>", false );
// xss inputs are blocked by validation.
- assertTextPresent( "Organisation name must only contain alphanumeric
characters, white-spaces(' '), equals(=), question-marks(?),
exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\),
underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." );
+ assertTextPresent(
+ "Organisation name must only contain alphanumeric characters,
white-spaces(' '), equals(=), question-marks(?), exclamation-points(!),
ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.),
colons(:), tildes(~), and dashes(-)." );
assertTextPresent( "You must enter a URL" );
- assertXpathCount("//span[@class='errorMessage' and text()='You must
enter a URL']", 2);
+ assertXpathCount( "//span[@class='errorMessage' and text()='You must
enter a URL']", 2 );
}
public void testEditAppearanceImmunityToCrossSiteScriptingRendering()
{
goToAppearancePage();
clickLinkWithText( "Edit" );
- addEditAppearance( "xss" ,
"http://\">test<script>alert(\"xss\")</script>" ,
"http://\">test<script>alert(\"xss\")</script>" );
+ addEditAppearance( "xss",
"http://\">test<script>alert(\"xss\")</script>",
+ "http://\">test<script>alert(\"xss\")</script>",
false );
// escaped html/url prevents cross-site scripting exploits
- assertXpathCount("//td[text()=\"xss\"]", 1);
-
assertXpathCount("//code[text()='http://\">test<script>alert(\"xss\")</script>']",
2);
+ assertXpathCount( "//td[text()=\"xss\"]", 1 );
+ assertXpathCount(
"//code[text()='http://\">test<script>alert(\"xss\")</script>']", 2 );
}
public void
testAddLegacyArtifactPathImmunityToInputFieldCrossSiteScripting()
{
goToLegacySupportPage();
- clickLinkWithText( "Add" );
- addLegacyArtifactPath( "test<script>alert('xss')</script>" ,
"test<script>alert('xss')</script>" , "test<script>alert('xss')</script>" ,
"test<script>alert('xss')</script>" , "test<script>alert('xss')</script>" ,
"test<script>alert('xss')</script>");
- // xss inputs are blocked by validation.
- assertTextPresent( "Legacy path must only contain alphanumeric
characters, forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and
dashes(-)." );
- assertTextPresent( "Group id must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Artifact id must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Version must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Classifier must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
+ clickLinkWithText( "Add" );
+ addLegacyArtifactPath( "test<script>alert('xss')</script>",
"test<script>alert('xss')</script>",
+ "test<script>alert('xss')</script>",
"test<script>alert('xss')</script>",
+ "test<script>alert('xss')</script>",
"test<script>alert('xss')</script>" );
+ // xss inputs are blocked by validation.
+ assertTextPresent(
+ "Legacy path must only contain alphanumeric characters,
forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)."
);
+ assertTextPresent(
+ "Group id must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Artifact id must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Version must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Classifier must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
assertTextPresent( "Type must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
}
public void testAddNetworkProxyImmunityToInputFieldCrossSiteScripting()
{
goToNetworkProxiesPage();
- addNetworkProxy( "test<script>alert('xss')</script>",
"test<script>alert('xss')</script>", "test<script>alert('xss')</script>",
"test<script>alert('xss')</script>", "test<script>alert('xss')</script>", "");
- // xss inputs are blocked by validation.
- assertTextPresent( "Proxy id must only contain alphanumeric
characters, underscores(_), dots(.), and dashes(-)." );
- assertTextPresent( "Protocol must only contain alphanumeric
characters, forward-slashes(/), back-slashes(\\), dots(.), colons(:), and
dashes(-)." );
- assertTextPresent( "Host must only contain alphanumeric characters,
equals(=), question-marks(?), exclamation-points(!), ampersands(&),
forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:),
tildes(~), and dashes(-)." );
+ addNetworkProxy( "test<script>alert('xss')</script>",
"test<script>alert('xss')</script>",
+ "test<script>alert('xss')</script>",
"test<script>alert('xss')</script>",
+ "test<script>alert('xss')</script>", "" );
+ // xss inputs are blocked by validation.
+ assertTextPresent(
+ "Proxy id must only contain alphanumeric characters,
underscores(_), dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Protocol must only contain alphanumeric characters,
forward-slashes(/), back-slashes(\\), dots(.), colons(:), and dashes(-)." );
+ assertTextPresent(
+ "Host must only contain alphanumeric characters, equals(=),
question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/),
back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and
dashes(-)." );
assertTextPresent( "Invalid field value for field \"proxy.port\"." );
- assertTextPresent( "Username must only contain alphanumeric
characters, at's(@), forward-slashes(/), back-slashes(\\), underscores(_),
dots(.), and dashes(-)." );
+ assertTextPresent(
+ "Username must only contain alphanumeric characters, at's(@),
forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)."
);
}
}
\ No newline at end of file
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArchivaTest.java
URL:
http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArchivaTest.java?rev=1172554&r1=1172553&r2=1172554&view=diff
==============================================================================
---
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArchivaTest.java
(original)
+++
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractArchivaTest.java
Mon Sep 19 10:10:14 2011
@@ -480,12 +480,12 @@ public abstract class AbstractArchivaTes
assertLinkPresent( "Change your appearance" );
}
- public void addEditAppearance( String name, String url, String logoUrl )
+ public void addEditAppearance( String name, String url, String logoUrl,
boolean wait)
{
setFieldValue( "organisationName", name );
setFieldValue( "organisationUrl", url );
setFieldValue( "organisationLogo", logoUrl );
- clickButtonWithValue( "Save" );
+ clickButtonWithValue( "Save", wait );
}
public void goToHomePage()
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractSeleniumTest.java
URL:
http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractSeleniumTest.java?rev=1172554&r1=1172553&r2=1172554&view=diff
==============================================================================
---
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractSeleniumTest.java
(original)
+++
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/parent/AbstractSeleniumTest.java
Mon Sep 19 10:10:14 2011
@@ -431,7 +431,8 @@ public abstract class AbstractSeleniumTe
public void assertXpathCount( String locator, int expectedCount )
{
- Assert.assertEquals( getSelenium().getXpathCount( locator
).intValue(), expectedCount );
+ int count = getSelenium().getXpathCount( locator ).intValue();
+ Assert.assertEquals( count, expectedCount );
}
public void assertElementValue( String locator, String expectedValue )