1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package org.xwiki.groovy.internal; |
21 |
|
|
22 |
|
import java.util.Arrays; |
23 |
|
import java.util.Collections; |
24 |
|
|
25 |
|
import javax.script.ScriptEngine; |
26 |
|
import javax.script.ScriptEngineFactory; |
27 |
|
import javax.script.ScriptEngineManager; |
28 |
|
import javax.script.ScriptException; |
29 |
|
|
30 |
|
import org.jmock.Expectations; |
31 |
|
import org.junit.Assert; |
32 |
|
import org.junit.Test; |
33 |
|
import org.xwiki.configuration.ConfigurationSource; |
34 |
|
import org.xwiki.security.authorization.ContextualAuthorizationManager; |
35 |
|
import org.xwiki.security.authorization.Right; |
36 |
|
import org.xwiki.test.jmock.AbstractComponentTestCase; |
37 |
|
|
38 |
|
|
39 |
|
@link |
40 |
|
|
41 |
|
@version |
42 |
|
@since |
43 |
|
|
|
|
| 97.4% |
Uncovered Elements: 1 (39) |
Complexity: 8 |
Complexity Density: 0.25 |
|
44 |
|
public class SecureGroovyCompilationCustomizerTest extends AbstractComponentTestCase |
45 |
|
{ |
46 |
|
private ScriptEngine engine; |
47 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (5) |
Complexity: 1 |
Complexity Density: 0.2 |
1PASS
|
|
48 |
1 |
@Test... |
49 |
|
public void executeWithSecureCustomizerWhenNoProgrammingRights() throws Exception |
50 |
|
{ |
51 |
1 |
setUpWhenNoProgrammingRights(); |
52 |
|
|
53 |
|
|
54 |
1 |
assertProtectedScript("synchronized(this) { }"); |
55 |
|
|
56 |
1 |
assertProtectedScript("System.exit(0)"); |
57 |
|
|
58 |
1 |
assertProtectedScript("\"Hello World\".value[0]"); |
59 |
|
|
60 |
|
|
61 |
1 |
assertSafeScript("new Integer(6)"); |
62 |
|
} |
63 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (8) |
Complexity: 1 |
Complexity Density: 0.12 |
1PASS
|
|
64 |
1 |
@Test... |
65 |
|
public void executeWithSecureCustomizerWhenProgrammingRights() throws Exception |
66 |
|
{ |
67 |
1 |
final ConfigurationSource source = registerMockComponent(ConfigurationSource.class); |
68 |
1 |
final ContextualAuthorizationManager cam = registerMockComponent(ContextualAuthorizationManager.class); |
69 |
|
|
70 |
1 |
getMockery().checking(new Expectations() |
|
|
| 100% |
Uncovered Elements: 0 (4) |
Complexity: 1 |
Complexity Density: 0.25 |
|
71 |
1 |
{{... |
72 |
1 |
oneOf(source).getProperty("groovy.compilationCustomizers", Collections.emptyList()); |
73 |
1 |
will(returnValue(Arrays.asList("secure"))); |
74 |
1 |
oneOf(cam).hasAccess(Right.PROGRAM); |
75 |
1 |
will(returnValue(true)); |
76 |
|
}}); |
77 |
|
|
78 |
1 |
ScriptEngineManager manager = new ScriptEngineManager(); |
79 |
1 |
ScriptEngineFactory groovyScriptEngineFactory = |
80 |
|
getComponentManager().getInstance(ScriptEngineFactory.class, "groovy"); |
81 |
1 |
manager.registerEngineName("groovy", groovyScriptEngineFactory); |
82 |
|
|
83 |
1 |
final ScriptEngine engine = manager.getEngineByName("groovy"); |
84 |
|
|
85 |
|
|
86 |
|
|
87 |
1 |
engine.eval("synchronized(this) { }"); |
88 |
|
} |
89 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (7) |
Complexity: 1 |
Complexity Density: 0.14 |
|
90 |
1 |
private void setUpWhenNoProgrammingRights() throws Exception... |
91 |
|
{ |
92 |
1 |
final ConfigurationSource source = registerMockComponent(ConfigurationSource.class); |
93 |
1 |
final ContextualAuthorizationManager cam = registerMockComponent(ContextualAuthorizationManager.class); |
94 |
|
|
95 |
1 |
getMockery().checking(new Expectations() |
|
|
| 100% |
Uncovered Elements: 0 (4) |
Complexity: 1 |
Complexity Density: 0.25 |
|
96 |
1 |
{{... |
97 |
1 |
oneOf(source).getProperty("groovy.compilationCustomizers", Collections.emptyList()); |
98 |
1 |
will(returnValue(Arrays.asList("secure"))); |
99 |
1 |
oneOf(cam).hasAccess(Right.PROGRAM); |
100 |
1 |
will(returnValue(false)); |
101 |
|
}}); |
102 |
|
|
103 |
1 |
ScriptEngineManager manager = new ScriptEngineManager(); |
104 |
1 |
ScriptEngineFactory groovyScriptEngineFactory = |
105 |
|
getComponentManager().getInstance(ScriptEngineFactory.class, "groovy"); |
106 |
1 |
manager.registerEngineName("groovy", groovyScriptEngineFactory); |
107 |
|
|
108 |
1 |
this.engine = manager.getEngineByName("groovy"); |
109 |
|
} |
110 |
|
|
|
|
| 66.7% |
Uncovered Elements: 1 (3) |
Complexity: 2 |
Complexity Density: 0.67 |
|
111 |
3 |
private void assertProtectedScript(String script)... |
112 |
|
{ |
113 |
3 |
try { |
114 |
3 |
engine.eval(script); |
115 |
0 |
Assert.fail("Should have thrown an exception here"); |
116 |
|
} catch (ScriptException e) { |
117 |
|
|
118 |
|
} |
119 |
|
} |
120 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
121 |
1 |
private void assertSafeScript(String script) throws Exception... |
122 |
|
{ |
123 |
1 |
engine.eval(script); |
124 |
|
} |
125 |
|
} |