Author: brett
Date: Mon Oct 3 02:54:45 2011
New Revision: 1178288
URL: http://svn.apache.org/viewvc?rev=1178288&view=rev
Log:
fix tests that check cron expression. Do javascript-based validation of an
empty value, then server size validation of valid cron expression
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java
URL:
http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java?rev=1178288&r1=1178287&r2=1178288&view=diff
==============================================================================
---
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java
(original)
+++
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java
Mon Oct 3 02:54:45 2011
@@ -38,7 +38,7 @@ public class RepositoryTest
assertRepositoriesPage();
}
- @Test( dependsOnMethods = { "testAddManagedRepoValidValues" }, enabled =
false )
+ @Test( dependsOnMethods = { "testAddManagedRepoValidValues" } )
public void testAddManagedRepoInvalidValues()
{
getSelenium().open( "/archiva/admin/addRepository.action" );
@@ -55,8 +55,7 @@ public class RepositoryTest
"Index directory must only contain alphanumeric characters,
equals(=), question-marks(?), exclamation-points(!), ampersands(&),
forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:),
tildes(~), and dashes(-)." );
assertTextPresent( "Repository Purge By Retention Count needs to be
between 1 and 100." );
assertTextPresent( "Repository Purge By Days Older Than needs to be
larger than 0." );
- // FIXME: broken
- assertTextPresent( "Invalid cron expression." );
+ assertTextPresent( "Cron expression is required." );
}
@Test
@@ -123,7 +122,7 @@ public class RepositoryTest
assertTextPresent( "Repository Purge By Days Older Than needs to be
larger than 0." );
}
- @Test( enabled = false )
+ @Test
public void testAddManagedRepoBlankValues()
{
getSelenium().open( "/archiva/admin/addRepository.action" );
@@ -132,8 +131,7 @@ public class RepositoryTest
assertTextPresent( "You must enter a repository identifier." );
assertTextPresent( "You must enter a repository name." );
assertTextPresent( "You must enter a directory." );
- // FIXME: broken
- assertTextPresent( "Invalid cron expression." );
+ assertTextPresent( "Cron expression is required." );
}
@Test
@@ -165,15 +163,14 @@ public class RepositoryTest
assertTextPresent( "You must enter a directory." );
}
- @Test( enabled = false )
+ @Test
public void testAddManagedRepoNoCron()
{
getSelenium().open( "/archiva/admin/addRepository.action" );
addManagedRepository( "identifier", "name", "/home", "/.index", "Maven
2.x Repository", "", "", "", false );
- // FIXME: broken
- assertTextPresent( "Invalid cron expression." );
+ assertTextPresent( "Cron expression is required." );
}
@Test
@@ -186,7 +183,7 @@ public class RepositoryTest
assertTextPresent( "Managed Repository Sample" );
}
- @Test( dependsOnMethods = { "testAddManagedRepoForEdit" }, enabled = false
)
+ @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
public void testEditManagedRepoInvalidValues()
{
editManagedRepository( "<>\\~+[]'\"", "<> ~+[ ]'\"", "<> ~+[ ]'\"",
"Maven 2.x Repository", "", "-1", "101" );
@@ -198,8 +195,7 @@ public class RepositoryTest
"Index directory must only contain alphanumeric characters,
equals(=), question-marks(?), exclamation-points(!), ampersands(&),
forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:),
tildes(~), and dashes(-)." );
assertTextPresent( "Repository Purge By Retention Count needs to be
between 1 and 100." );
assertTextPresent( "Repository Purge By Days Older Than needs to be
larger than 0." );
- // FIXME: broken
- assertTextPresent( "Invalid cron expression." );
+ assertTextPresent( "Cron expression is required." );
}
@Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
@@ -226,11 +222,24 @@ public class RepositoryTest
"Index directory must only contain alphanumeric characters,
equals(=), question-marks(?), exclamation-points(!), ampersands(&),
forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:),
tildes(~), and dashes(-)." );
}
- @Test( dependsOnMethods = { "testAddManagedRepoForEdit" }, enabled = false
)
- public void testEditManagedRepoInvalidCron()
+ @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
+ public void testEditManagedRepoInvalidCronBadText()
+ {
+ editManagedRepository( "name", "/home", "/.index", "Maven 2.x
Repository", "asdf", "1", "1" );
+ assertTextPresent( "Invalid cron expression." );
+ }
+
+ @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
+ public void testEditManagedRepoInvalidCronBadValue()
+ {
+ editManagedRepository( "name", "/home", "/.index", "Maven 2.x
Repository", "60 0 * * * ?", "1", "1" );
+ assertTextPresent( "Invalid cron expression." );
+ }
+
+ @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } )
+ public void testEditManagedRepoInvalidCronTooManyElements()
{
- editManagedRepository( "name", "/home", "/.index", "Maven 2.x
Repository", "", "1", "1" );
- // FIXME: broken
+ editManagedRepository( "name", "/home", "/.index", "Maven 2.x
Repository", "* * * * * * * *", "1", "1" );
assertTextPresent( "Invalid cron expression." );
}
@@ -342,4 +351,4 @@ public class RepositoryTest
assertPage( "Collection: /" );
assertTextPresent( "Collection: /" );
}
-}
\ No newline at end of file
+}
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
URL:
http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java?rev=1178288&r1=1178287&r2=1178288&view=diff
==============================================================================
---
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
(original)
+++
archiva/trunk/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java
Mon Oct 3 02:54:45 2011
@@ -154,9 +154,10 @@ public class XSSSecurityTest
assertTextPresent( "Possible CSRF attack detected! Invalid token found
in the request." );
}
- @Test( enabled = false )
+ @Test
public void
testAddManagedRepositoryImmunityToInputFieldCrossSiteScripting()
{
+ // TODO: these are evaluated client side now - we should force it to
do server-side to make sure (though this could probably be tested in the webapp
tests instead)
getSelenium().open( "/archiva/admin/addRepository.action" );
addManagedRepository( "test\"><script>alert('xss')</script>",
"test\"><script>alert('xss')</script>",
"test\"><script>alert('xss')</script>",
"test\"><script>alert('xss')</script>",
@@ -172,7 +173,16 @@ public class XSSSecurityTest
"Index directory must only contain alphanumeric characters,
equals(=), question-marks(?), exclamation-points(!), ampersands(&),
forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:),
tildes(~), and dashes(-)." );
assertTextPresent( "Repository Purge By Retention Count needs to be
between 1 and 100." );
assertTextPresent( "Repository Purge By Days Older Than needs to be
larger than 0." );
- // FIXME: broken
+ assertTextPresent( "Cron expression is required." );
+ }
+
+ @Test
+ public void
testAddManagedRepositoryImmunityToInputFieldCrossSiteScriptingCron()
+ {
+ // separate test because cron is evaluated server side, not client side
+ getSelenium().open( "/archiva/admin/addRepository.action" );
+ addManagedRepository( "id", "name", "/home", "/.index", "Maven 2.x
Repository",
+ "<test\"><script>alert('xss')</script>", "1",
"1", true );
assertTextPresent( "Invalid cron expression." );
}
@@ -241,4 +251,4 @@ public class XSSSecurityTest
assertTextPresent(
"Username must only contain alphanumeric characters, at's(@),
forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)."
);
}
-}
\ No newline at end of file
+}
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java
URL:
http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java?rev=1178288&r1=1178287&r2=1178288&view=diff
==============================================================================
---
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java
(original)
+++
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java
Mon Oct 3 02:54:45 2011
@@ -24,6 +24,7 @@ import com.opensymphony.xwork2.Validatea
import org.apache.archiva.admin.model.RepositoryAdminException;
import org.apache.archiva.admin.model.beans.ManagedRepository;
import org.apache.commons.lang.StringUtils;
+import org.codehaus.redback.components.scheduler.CronExpressionValidator;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Controller;
@@ -102,6 +103,13 @@ public class AddManagedRepositoryAction
@Override
public void validate()
{
+ CronExpressionValidator validator = new CronExpressionValidator();
+
+ if ( !validator.validate( repository.getCronExpression() ) )
+ {
+ addFieldError( "repository.cronExpression", "Invalid cron
expression." );
+ }
+
// trim all unecessary trailing/leading white-spaces; always put this
statement before the closing braces(after all validation).
trimAllRequestParameterValues();
}
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java
URL:
http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java?rev=1178288&r1=1178287&r2=1178288&view=diff
==============================================================================
---
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java
(original)
+++
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java
Mon Oct 3 02:54:45 2011
@@ -135,7 +135,7 @@ public class EditManagedRepositoryAction
if ( !validator.validate( repository.getCronExpression() ) )
{
- addFieldError( "repository.refreshCronExpression", "Invalid cron
expression." );
+ addFieldError( "repository.cronExpression", "Invalid cron
expression." );
}
trimAllRequestParameterValues();
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml
URL:
http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml?rev=1178288&r1=1178287&r2=1178288&view=diff
==============================================================================
---
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml
(original)
+++
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml
Mon Oct 3 02:54:45 2011
@@ -73,4 +73,9 @@
<message>Repository Purge By Days Older Than needs to be larger than
${min}.</message>
</field-validator>
</field>
+ <field name="repository.cronExpression">
+ <field-validator type="requiredstring">
+ <message>Cron expression is required.</message>
+ </field-validator>
+ </field>
</validators>
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml
URL:
http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml?rev=1178288&r1=1178287&r2=1178288&view=diff
==============================================================================
---
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml
(original)
+++
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml
Mon Oct 3 02:54:45 2011
@@ -73,4 +73,9 @@
<message>Repository Purge By Days Older Than needs to be larger than
${min}.</message>
</field-validator>
</field>
+ <field name="repository.cronExpression">
+ <field-validator type="requiredstring">
+ <message>Cron expression is required.</message>
+ </field-validator>
+ </field>
</validators>
