You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tapestry.apache.org by hl...@apache.org on 2010/04/19 15:56:59 UTC

svn commit: r935571 - in /tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets: ./ ContextAssetRequestHandlerTest.java

Author: hlship
Date: Mon Apr 19 13:56:59 2010
New Revision: 935571

URL: http://svn.apache.org/viewvc?rev=935571&view=rev
Log:
Add tests to validate that ContextAssetRequestHandler screens out access to WEB-INF, META-INF and .tml files.

Added:
    tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/
    tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java   (with props)

Added: tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java?rev=935571&view=auto
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java (added)
+++ tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java Mon Apr 19 13:56:59 2010
@@ -0,0 +1,43 @@
+// Copyright 2010 The Apache Software Foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package org.apache.tapestry5.internal.services.assets;
+
+import java.io.IOException;
+
+import org.apache.tapestry5.ioc.test.TestBase;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+public class ContextAssetRequestHandlerTest extends TestBase
+{
+    @DataProvider
+    public Object[][] invalid_paths()
+    {
+        return new Object[][]
+        {
+        { "web-Inf/classes/hibernate.cfg.xml" },
+        { "Meta-Inf/MANIFEST.mf" },
+        { "Index.tml" },
+        { "folder/FolderIndex.TML" } };
+    }
+
+    @Test(dataProvider = "invalid_paths")
+    public void ensure_assets_are_rejected(String path) throws IOException
+    {
+        ContextAssetRequestHandler handler = new ContextAssetRequestHandler(null, null);
+
+        assertFalse(handler.handleAssetRequest(null, null, path), "Handler should return false for invalid path.");
+    }
+}

Propchange: tapestry/tapestry5/trunk/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java
------------------------------------------------------------------------------
    svn:eol-style = native