You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@continuum.apache.org by ct...@apache.org on 2011/04/15 09:51:57 UTC
svn commit: r1092617 - in /continuum/trunk:
continuum-webapp-test/src/test/resources/
continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/
continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/parent/
continuum-webapp/src/...
Author: ctan
Date: Fri Apr 15 07:51:56 2011
New Revision: 1092617
URL: http://svn.apache.org/viewvc?rev=1092617&view=rev
Log:
[CONTINUUM-2620] fixed validator and added selenium scripts
Modified:
continuum/trunk/continuum-webapp-test/src/test/resources/testng.properties
continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/BuildAgentsTest.java
continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/ConfigurationTest.java
continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/parent/AbstractConfigurationTest.java
continuum/trunk/continuum-webapp/src/main/resources/org/apache/continuum/web/action/admin/BuildAgentAction-saveBuildAgent-validation.xml
continuum/trunk/continuum-webapp/src/main/resources/org/apache/maven/continuum/web/action/admin/InstallationAction-saveInstallation-validation.xml
Modified: continuum/trunk/continuum-webapp-test/src/test/resources/testng.properties
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp-test/src/test/resources/testng.properties?rev=1092617&r1=1092616&r2=1092617&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp-test/src/test/resources/testng.properties (original)
+++ continuum/trunk/continuum-webapp-test/src/test/resources/testng.properties Fri Apr 15 07:51:56 2011
@@ -238,8 +238,8 @@ INSTALL_TOOL_MAVEN_NAME=M9_HOME
INSTALL_TOOL_MAVEN_PATH=${maven.home}
# Not neccesary correct location
INSTALL_VAR_NAME=JDK5
-INSTALL_VAR_VARIABLE_NAME=/usr/lib/jvm/java-5-sun-1.5.0.12
-INSTALL_VAR_PATH=JAVA5_HOME
+INSTALL_VAR_VARIABLE_NAME=JAVA5_HOME
+INSTALL_VAR_PATH=/usr/lib/jvm/java-5-sun-1.5.0.12
########################
# buildEnvironment group
@@ -319,8 +319,8 @@ PROJECTUSER_DEFAULTPROJECTGROUP_FULLNAME
########################
BUILD_AGENT_NAME2=http://localhost:9595/continuum-buildagent/xmlrpc
BUILD_AGENT_DESCRIPTION2=Agent_description2
-BUILD_AGENT_NAME=First_Agent
+BUILD_AGENT_NAME=http://localhost:9595
BUILD_AGENT_DESCRIPTION=Agent_description
-BUILD_AGENT_NAME3=Third_Agent
+BUILD_AGENT_NAME3=http://localhost:9595/xmlrpc
BUILD_AGENT_DESCRIPTION3=Agent_description3
BUILD_AGENT_GROUPNAME=agent_groupname
Modified: continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/BuildAgentsTest.java
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/BuildAgentsTest.java?rev=1092617&r1=1092616&r2=1092617&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/BuildAgentsTest.java (original)
+++ continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/BuildAgentsTest.java Fri Apr 15 07:51:56 2011
@@ -22,6 +22,7 @@ package org.apache.continuum.web.test;
//import org.apache.continuum.web.test.parent.AbstractBuildQueueTest;
import org.testng.annotations.Test;
import org.apache.continuum.web.test.parent.AbstractBuildAgentsTest;
+import org.testng.Assert;
@Test( groups = { "agent" }, dependsOnMethods = { "testWithCorrectUsernamePassword" } )
public class BuildAgentsTest
@@ -74,15 +75,14 @@ public class BuildAgentsTest
public void testViewBuildAgentInstallationXSS()
{
getSelenium().open( baseUrl + "/security/viewBuildAgent.action?buildAgent.url=test%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E" );
- assertFalse( getSelenium().isAlertPresent() );
+ Assert.assertFalse( getSelenium().isAlertPresent() );
assertTextPresent( "<script>alert('xss')</script>" );
}
public void testEditBuildAgentXSS()
{
- getSelenium().open( baseUrl + "/security/editBuildAgent.action?buildAgent.url=test<script>alert('xss')</script>" );
- assertFalse( getSelenium().isAlertPresent() );
- assertTextPresent( "test<script>alert('xss')</script>" );
+ getSelenium().open( baseUrl + "/security/editBuildAgent.action?buildAgent.url=test%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E" );
+ Assert.assertFalse( getSelenium().isAlertPresent() );
}
@Test( dependsOnMethods = { "testEditBuildAgent" } )
@@ -204,7 +204,9 @@ public class BuildAgentsTest
//TESTS FOR BUILD AGENT GROUPS
+ @Test( dependsOnMethods = { "testAddBuildAgent" } )
public void testAddBuildAgentGroupXSS()
+ throws Exception
{
try
{
@@ -222,8 +224,7 @@ public class BuildAgentsTest
public void testEditBuildAgentGroupXSS()
{
getSelenium().open( baseUrl + "/security/editBuildAgentGroup.action?buildAgentGroup.name=test%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E" );
- assertFalse( getSelenium().isAlertPresent() );
- assertTextPresent( "test<script>alert('xss')</script>" );
+ Assert.assertFalse( getSelenium().isAlertPresent() );
}
@Test( dependsOnMethods = { "testAddBuildAgent", "testDeleteBuildAgent" } )
Modified: continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/ConfigurationTest.java
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/ConfigurationTest.java?rev=1092617&r1=1092616&r2=1092617&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/ConfigurationTest.java (original)
+++ continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/ConfigurationTest.java Fri Apr 15 07:51:56 2011
@@ -21,6 +21,7 @@ package org.apache.continuum.web.test;
import org.apache.continuum.web.test.parent.AbstractConfigurationTest;
import org.testng.annotations.Test;
+import org.testng.Assert;
/**
* @author José Morales MartÃnez
@@ -97,4 +98,66 @@ public class ConfigurationTest
assertTextPresent( "Deployment repository directory contains invalid characters." );
assertTextPresent( "You must define a valid URL." );
}
+
+ public void testSetFooterXSS()
+ {
+ goToAppearancePage();
+ setFieldValue( "saveFooter_footer", "Copyright <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> 2005-2011 The Apache Software Foundation" );
+ submit();
+ Assert.assertFalse( getSelenium().isAlertPresent() );
+ assertTextPresent( "Copyright 2005-2011 The Apache Software Foundation" );
+
+ setFieldValue( "saveFooter_footer", "Copyright <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> 2005-2011 The Apache Software Foundation" );
+ submit();
+ Assert.assertFalse( getSelenium().isAlertPresent() );
+ assertTextPresent( "Copyright 2005-2011 The Apache Software Foundation" );
+
+ setFieldValue( "saveFooter_footer", "Copyright <IMG SRC=\"javascript:alert('XSS');\"> 2005-2011 The Apache Software Foundation" );
+ submit();
+ Assert.assertFalse( getSelenium().isAlertPresent() );
+ assertTextPresent( "Copyright 2005-2011 The Apache Software Foundation" );
+
+ setFieldValue( "saveFooter_footer", "Copyright <IMG SRC=JaVaScRiPt:alert('XSS')> 2005-2011 The Apache Software Foundation" );
+ submit();
+ Assert.assertFalse( getSelenium().isAlertPresent() );
+ assertTextPresent( "Copyright 2005-2011 The Apache Software Foundation" );
+
+ setFieldValue( "saveFooter_footer", "Copyright <IMG SRC=javascript:alert("XSS")> 2005-2011 The Apache Software Foundation" );
+ submit();
+ Assert.assertFalse( getSelenium().isAlertPresent() );
+ assertTextPresent( "Copyright 2005-2011 The Apache Software Foundation" );
+
+ // unicode
+ setFieldValue( "saveFooter_footer", "Copyright <IMG SRC=javascript:alert('XSS')> 2005-2011 The Apache Software Foundation" );
+ submit();
+ Assert.assertFalse( getSelenium().isAlertPresent() );
+ assertTextPresent( "Copyright 2005-2011 The Apache Software Foundation" );
+
+ // utf-8
+ setFieldValue( "saveFooter_footer", "Copyright <IMG SRC=javascript:alert('XSS')> 2005-2011 The Apache Software Foundation" );
+ submit();
+ Assert.assertFalse( getSelenium().isAlertPresent() );
+ assertTextPresent( "Copyright 2005-2011 The Apache Software Foundation" );
+
+ // hex encoding
+ setFieldValue( "saveFooter_footer", "Copyright <IMG SRC=javascript:alert('XSS')> 2005-2011 The Apache Software Foundation" );
+ submit();
+ Assert.assertFalse( getSelenium().isAlertPresent() );
+ assertTextPresent( "Copyright 2005-2011 The Apache Software Foundation" );
+
+ setFieldValue( "saveFooter_footer", "Copyright <IMG SRC=\"jav ascript:alert('XSS');\"> 2005-2011 The Apache Software Foundation" );
+ submit();
+ Assert.assertFalse( getSelenium().isAlertPresent() );
+ assertTextPresent( "Copyright 2005-2011 The Apache Software Foundation" );
+
+ setFieldValue( "saveFooter_footer", "Copyright <IMG SRC=\"jav	ascript:alert('XSS');\"> 2005-2011 The Apache Software Foundation" );
+ submit();
+ Assert.assertFalse( getSelenium().isAlertPresent() );
+ assertTextPresent( "Copyright 2005-2011 The Apache Software Foundation" );
+
+ setFieldValue( "saveFooter_footer", "Copyright <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> 2005-2011 The Apache Software Foundation" );
+ submit();
+ Assert.assertFalse( getSelenium().isAlertPresent() );
+ assertTextPresent( "Copyright 2005-2011 The Apache Software Foundation" );
+ }
}
Modified: continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/parent/AbstractConfigurationTest.java
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/parent/AbstractConfigurationTest.java?rev=1092617&r1=1092616&r2=1092617&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/parent/AbstractConfigurationTest.java (original)
+++ continuum/trunk/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/parent/AbstractConfigurationTest.java Fri Apr 15 07:51:56 2011
@@ -90,4 +90,17 @@ public abstract class AbstractConfigurat
assertEditConfigurationPage();
}
}
+
+ protected void goToAppearancePage()
+ {
+ clickLinkWithText( "Appearance" );
+ assertAppearancePage();
+ }
+
+ protected void assertAppearancePage()
+ {
+ assertPage( "Configure Appearance" );
+ assertTextPresent( "Company Details" );
+ assertTextPresent( "Footer Content" );
+ }
}
Modified: continuum/trunk/continuum-webapp/src/main/resources/org/apache/continuum/web/action/admin/BuildAgentAction-saveBuildAgent-validation.xml
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/resources/org/apache/continuum/web/action/admin/BuildAgentAction-saveBuildAgent-validation.xml?rev=1092617&r1=1092616&r2=1092617&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/resources/org/apache/continuum/web/action/admin/BuildAgentAction-saveBuildAgent-validation.xml (original)
+++ continuum/trunk/continuum-webapp/src/main/resources/org/apache/continuum/web/action/admin/BuildAgentAction-saveBuildAgent-validation.xml Fri Apr 15 07:51:56 2011
@@ -26,7 +26,8 @@
<field-validator type="requiredstring">
<message key="buildAgent.url.required"/>
</field-validator>
- <field-validator type="url">
+ <field-validator type="regex">
+ <param name="expression"><![CDATA[[A-Za-z0-9_.@:/-]*]]></param>
<message key="buildAgent.url.invalid"/>
</field-validator>
</field>
Modified: continuum/trunk/continuum-webapp/src/main/resources/org/apache/maven/continuum/web/action/admin/InstallationAction-saveInstallation-validation.xml
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/resources/org/apache/maven/continuum/web/action/admin/InstallationAction-saveInstallation-validation.xml?rev=1092617&r1=1092616&r2=1092617&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/resources/org/apache/maven/continuum/web/action/admin/InstallationAction-saveInstallation-validation.xml (original)
+++ continuum/trunk/continuum-webapp/src/main/resources/org/apache/maven/continuum/web/action/admin/InstallationAction-saveInstallation-validation.xml Fri Apr 15 07:51:56 2011
@@ -42,7 +42,7 @@
<message key="installation.varValue.required"/>
</field-validator>
<field-validator type="regex">
- <param name="expression"><![CDATA[[A-Za-z0-9_.:=\\/\s\-]*]]></param>
+ <param name="expression"><![CDATA[[A-Za-z0-9_.:=${}\\/\s\-]*]]></param>
<message key="installation.varValue.invalid"/>
</field-validator>
<field-validator type="installationValidator">