1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package org.xwiki.rendering.macro.velocity; |
21 |
|
|
22 |
|
import java.util.Collections; |
23 |
|
|
24 |
|
import org.junit.Before; |
25 |
|
import org.junit.Rule; |
26 |
|
import org.junit.Test; |
27 |
|
import org.xwiki.observation.internal.DefaultObservationManager; |
28 |
|
import org.xwiki.properties.BeanDescriptor; |
29 |
|
import org.xwiki.properties.BeanManager; |
30 |
|
import org.xwiki.rendering.block.MacroBlock; |
31 |
|
import org.xwiki.rendering.internal.macro.script.PermissionCheckerListener; |
32 |
|
import org.xwiki.rendering.internal.macro.velocity.VelocityMacro; |
33 |
|
import org.xwiki.rendering.internal.macro.velocity.VelocityMacroPermissionPolicy; |
34 |
|
import org.xwiki.rendering.macro.Macro; |
35 |
|
import org.xwiki.rendering.macro.MacroExecutionException; |
36 |
|
import org.xwiki.rendering.macro.MacroId; |
37 |
|
import org.xwiki.rendering.macro.MacroManager; |
38 |
|
import org.xwiki.rendering.syntax.Syntax; |
39 |
|
import org.xwiki.rendering.transformation.MacroTransformationContext; |
40 |
|
import org.xwiki.security.authorization.ContextualAuthorizationManager; |
41 |
|
import org.xwiki.security.authorization.Right; |
42 |
|
import org.xwiki.test.annotation.ComponentList; |
43 |
|
import org.xwiki.test.mockito.MockitoComponentMockingRule; |
44 |
|
|
45 |
|
import static org.mockito.ArgumentMatchers.any; |
46 |
|
import static org.mockito.Mockito.mock; |
47 |
|
import static org.mockito.Mockito.verify; |
48 |
|
import static org.mockito.Mockito.when; |
49 |
|
|
50 |
|
|
51 |
|
|
52 |
|
|
53 |
|
@version |
54 |
|
@since |
55 |
|
|
56 |
|
@ComponentList({VelocityMacroPermissionPolicy.class, DefaultObservationManager.class, PermissionCheckerListener.class}) |
|
|
| 96.4% |
Uncovered Elements: 1 (28) |
Complexity: 3 |
Complexity Density: 0.12 |
|
57 |
|
public class VelocityMacroSecurityTest |
58 |
|
{ |
59 |
|
@Rule |
60 |
|
public MockitoComponentMockingRule<Macro<VelocityMacroParameters>> mocker = |
61 |
|
new MockitoComponentMockingRule<Macro<VelocityMacroParameters>>(VelocityMacro.class); |
62 |
|
|
63 |
|
ContextualAuthorizationManager authorizationManager; |
64 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (8) |
Complexity: 1 |
Complexity Density: 0.12 |
|
65 |
2 |
@Before... |
66 |
|
public void setUp() throws Exception |
67 |
|
{ |
68 |
2 |
authorizationManager = mocker.registerMockComponent(ContextualAuthorizationManager.class); |
69 |
|
|
70 |
2 |
BeanDescriptor mockBeanDescriptor = mock(BeanDescriptor.class); |
71 |
2 |
when(mockBeanDescriptor.getProperties()).thenReturn(Collections.EMPTY_LIST); |
72 |
|
|
73 |
2 |
BeanManager beanManager = mocker.getInstance(BeanManager.class); |
74 |
2 |
when(beanManager.getBeanDescriptor(any(Class.class))).thenReturn(mockBeanDescriptor); |
75 |
|
|
76 |
2 |
Macro velocityMacro = mocker.getComponentUnderTest(); |
77 |
2 |
MacroManager mockMacroManager = mocker.registerMockComponent(MacroManager.class); |
78 |
2 |
when(mockMacroManager.getMacro(any(MacroId.class))).thenReturn(velocityMacro); |
79 |
|
} |
80 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (8) |
Complexity: 1 |
Complexity Density: 0.12 |
1PASS
|
|
81 |
1 |
@Test(expected = MacroExecutionException.class)... |
82 |
|
public void testRestrictedByContext() throws Exception |
83 |
|
{ |
84 |
1 |
VelocityMacroParameters params = new VelocityMacroParameters(); |
85 |
1 |
MacroTransformationContext context = new MacroTransformationContext(); |
86 |
1 |
context.setSyntax(Syntax.XWIKI_2_0); |
87 |
1 |
context.setCurrentMacroBlock(new MacroBlock("velocity", Collections.<String, String>emptyMap(), false)); |
88 |
1 |
context.setId("page1"); |
89 |
|
|
90 |
|
|
91 |
1 |
context.getTransformationContext().setRestricted(true); |
92 |
|
|
93 |
1 |
when(authorizationManager.hasAccess(Right.SCRIPT)).thenReturn(true); |
94 |
|
|
95 |
1 |
mocker.getComponentUnderTest().execute(params, "#macro(testMacrosAreLocal)mymacro#end", context); |
96 |
|
} |
97 |
|
|
|
|
| 88.9% |
Uncovered Elements: 1 (9) |
Complexity: 1 |
Complexity Density: 0.11 |
1PASS
|
|
98 |
1 |
@Test(expected = MacroExecutionException.class)... |
99 |
|
public void testRestrictedByRights() throws Exception |
100 |
|
{ |
101 |
1 |
VelocityMacroParameters params = new VelocityMacroParameters(); |
102 |
1 |
MacroTransformationContext context = new MacroTransformationContext(); |
103 |
1 |
context.setSyntax(Syntax.XWIKI_2_0); |
104 |
1 |
context.setCurrentMacroBlock(new MacroBlock("velocity", Collections.<String, String>emptyMap(), false)); |
105 |
1 |
context.setId("page1"); |
106 |
|
|
107 |
1 |
context.getTransformationContext().setRestricted(false); |
108 |
|
|
109 |
|
|
110 |
1 |
when(authorizationManager.hasAccess(Right.SCRIPT)).thenReturn(false); |
111 |
|
|
112 |
1 |
mocker.getComponentUnderTest().execute(params, "#macro(testMacrosAreLocal)mymacro#end", context); |
113 |
|
|
114 |
0 |
verify(authorizationManager.hasAccess(Right.SCRIPT)); |
115 |
|
} |
116 |
|
} |