Clover icon

XWiki Enterprise - Parent POM 9.0-SNAPSHOT

  1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package org.xwiki.test.escaping

File ManualTemplateTest.java

 

Code metrics

2
112
31
1
406
279
32
0.29
3.61
31
1.03

Classes

Class Line # Actions
ManualTemplateTest 41 112 0% 32 0
1.0100%
 

Contributing tests

This file is covered by 27 tests. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20   
21    package org.xwiki.test.escaping;
22   
23    import java.io.IOException;
24    import java.util.Map;
25   
26    import org.junit.AfterClass;
27    import org.junit.BeforeClass;
28    import org.junit.Test;
29    import org.xwiki.test.escaping.framework.AbstractEscapingTest;
30    import org.xwiki.test.escaping.framework.AbstractManualTest;
31    import org.xwiki.test.escaping.framework.XMLEscapingValidator;
32   
33   
34    /**
35    * Runs additional escaping tests that need more complex manual setup. These tests are missed by the
36    * automatic test builder.
37    *
38    * @version $Id: 482ce7a0056f78c970ada8c62d7456dee149ee42 $
39    * @since 2.5M1
40    */
 
41    public class ManualTemplateTest extends AbstractManualTest
42    {
43    /**
44    * Initialize tests.
45    */
 
46  1 toggle @BeforeClass
47    public static void init()
48    {
49    // for tests using "language" parameter
50  1 AbstractEscapingTest.setMultiLanguageMode(true);
51    }
52   
53    /**
54    * Shutdown tests
55    */
 
56  1 toggle @AfterClass
57    public static void shutdown()
58    {
59    // restore single language mode
60  1 AbstractEscapingTest.setMultiLanguageMode(false);
61    }
62   
 
63  1 toggle @Test
64    public void testVersionSummary()
65    {
66  1 String space = "Test";
67  1 String page = "TestVersionSummary";
68    // create a page with test string in the edit comment
69  1 String url = createUrl("save", space, page, params(kv("title", "Test"),
70    kv("content", "Test"),
71    test("comment"),
72    kv("action_save", "Save+%26+View")));
73  1 AbstractEscapingTest.getUrlContent(url);
74    // schedule for deletion
75  1 deleteAfterwards(space, page);
76   
77    // test the history pane
78  1 checkUnderEscaping(createUrl(null, space, page, params(kv("viewer", "history"))), "Version summary");
79    }
80   
 
81  1 toggle @Test
82    public void testEditReflectedXSS()
83    {
84  1 skipIfIgnored("templates/htmlheader.vm");
85  1 checkUnderEscaping(createUrl("edit", "Main", XMLEscapingValidator.getTestString(), null), "XWIKI-4758");
86    }
87   
 
88  1 toggle @Test
89    public void testErrorTraceEscaping()
90    {
91  1 skipIfIgnored("templates/exceptioninline.vm");
92  1 checkUnderEscaping(createUrl("viewrev", "Main", "WebHome", params(test("rev"))), "XWIKI-5170 error trace");
93    }
94   
 
95  1 toggle @Test
96    public void testEditorEscaping()
97    {
98  1 skipIfIgnored("templates/edit.vm");
99    // tests for XWIKI-5164, XML symbols in editor parameter should be escaped
100  1 checkUnderEscaping(createUrl("edit", "Main", "Page", params(test("editor"))), "XWIKI-5164 editor");
101  1 checkUnderEscaping(createUrl("edit", "Main", "Page", params(kv("editor", "wysiwyg"), test("section"))),
102    "XWIKI-5164 section");
103  1 checkUnderEscaping(createUrl("edit", "Main", "Page", params(kv("editor", "wiki"), test("x-maximized"))),
104    "XWIKI-5164 x-maximized");
105    }
106   
 
107  1 toggle @Test
108    public void testAdminEditor()
109    {
110  1 skipIfIgnored("templates/admin.vm");
111  1 checkUnderEscaping(createUrl("admin", "XWiki", "AdminSheet", params(test("editor"))),
112    "XWIKI-5190 admin editor");
113    // same page after redirect
114  1 checkUnderEscaping(createUrl("view", "Main", "WebHome", params(kv("xpage", "admin"), test("editor"))),
115    "XWIKI-5190 admin editor redirect");
116    }
117   
 
118  1 toggle @Test
119    public void testAdminSection()
120    {
121  1 skipIfIgnored("templates/admin.vm");
122    // kind of covered (only the redirect version)
123  1 checkUnderEscaping(createUrl("admin", "XWiki", "AdminSheet", params(test("section"))),
124    "XWIKI-5190 admin section");
125    // same page after redirect
126  1 checkUnderEscaping(createUrl("view", "Main", "WebHome", params(kv("xpage", "admin"), test("section"))),
127    "XWIKI-5190 admin section redirect");
128    }
129   
 
130  1 toggle @Test
131    public void testAttachmentsInline()
132    {
133  1 skipIfIgnored("templates/attachments*.vm");
134    // need a page with attachments, Sandbox has an image attached by default
135  1 checkUnderEscaping(createUrl("view", "Sandbox", "WebHome", params(kv("viewer", "attachments"), test("xredirect"))),
136    "XWIKI-5191 attachments inline");
137    }
138   
 
139  1 toggle @Test
140    public void testBrowseWysiwygSQL() throws IOException
141    {
142  1 skipIfIgnored("templates/browsewysiwyg.vm");
143    // TODO check for SQL escaping (i.e. additionally put \ and ;)
144  1 String url = createUrl("view", "Sandbox", "WebHome", params(kv("xpage", "browsewysiwyg"), test("text")));
145  1 checkUnderEscaping(url, "XWIKI-5193 sql");
146  1 checkForErrorTrace(url);
147    }
148   
 
149  1 toggle @Test
150    public void testBrowseWysiwygPage()
151    {
152    // also covers former testBrowseWysiwygPageLink()
153  1 skipIfIgnored("templates/browsewysiwyg.vm");
154    // need an existing page with name = title = test string
155  1 createPage("Main", XMLEscapingValidator.getTestString(), XMLEscapingValidator.getTestString(), "Bla bla");
156  1 checkUnderEscaping(createUrl("view", "Main", "Test", params(template("browsewysiwyg"))),
157    "XWIKI-5193 page");
158    }
159   
 
160  1 toggle @Test
161    public void testWysiwygRecentViewsPage()
162    {
163  1 skipIfIgnored("templates/recentdocwysiwyg.vm");
164    // need an existing page with name = title = test string
165  1 createPage("Main", XMLEscapingValidator.getTestString(), XMLEscapingValidator.getTestString(), "Bla bla");
166  1 checkUnderEscaping(createUrl("view", "Main", "Test", params(template("recentdocwysiwyg"))),
167    "XWIKI-5193 recent docs");
168    }
169   
 
170  1 toggle @Test
171    public void testSearchWysiwygSQL() throws IOException
172    {
173  1 skipIfIgnored("templates/searchwysiwyg.vm");
174    // TODO check for SQL escaping (i.e. additionally put \ and ;)
175  1 String spaceUrl = createUrl("view", "Main", "Test", params(kv("xpage", "searchwysiwyg"), test("space")));
176  1 checkUnderEscaping(spaceUrl, "XWIKI-5344 sql space");
177  1 checkForErrorTrace(spaceUrl);
178   
179  1 String pageUrl = createUrl("view", "Main", "Test", params(kv("xpage", "searchwysiwyg"), test("page")));
180  1 checkUnderEscaping(pageUrl, "XWIKI-5344 sql page");
181  1 checkForErrorTrace(pageUrl);
182    }
183   
 
184  1 toggle @Test
185    public void testSearchWysiwygPageLink()
186    {
187  1 skipIfIgnored("templates/searchwysiwyg.vm");
188    // need an existing page with name = title = test string
189  1 createPage("Main", XMLEscapingValidator.getTestString(), XMLEscapingValidator.getTestString(), "Bla bla");
190  1 checkUnderEscaping(createUrl("view", "Main", "Test", params(template("searchwysiwyg"))),
191    "XWIKI-5344 page link");
192    }
193   
 
194  1 toggle @Test
195    public void testLoginRedirect()
196    {
197  1 skipIfIgnored("templates/login.vm");
198    // need to be logged off
199  1 setLoggedIn(false);
200  1 try {
201  1 checkUnderEscaping(createUrl("login", "XWiki", "XWikiLogin", params(test("xredirect"))),
202    "XWIKI-5246 xredirect");
203    } finally {
204  1 setLoggedIn(true);
205    }
206    }
207   
 
208  1 toggle @Test
209    public void testLoginSrid()
210    {
211  1 skipIfIgnored("templates/login.vm");
212    // need to be logged off
213  1 setLoggedIn(false);
214  1 try {
215  1 checkUnderEscaping(createUrl("login", "XWiki", "XWikiLogin", params(test("srid"))),
216    "XWIKI-5246 srid");
217    } finally {
218  1 setLoggedIn(true);
219    }
220    }
221   
 
222  1 toggle @Test
223    public void testEditActions()
224    {
225  1 skipIfIgnored("edit comment");
226    // need an existing page with name = title = test string
227  1 createPage("Main", XMLEscapingValidator.getTestString(), XMLEscapingValidator.getTestString(), "Bla bla");
228  1 checkUnderEscaping(createUrl("edit", "Main", "WebHome", params(kv("editor", "wiki"), test("comment"))),
229    "edit comment");
230    }
231   
 
232  1 toggle @Test
233    public void testCreateEditMode()
234    {
235  1 skipIfIgnored("templates/create.vm");
236  1 checkUnderEscaping(createUrl("edit", "Main", XMLEscapingValidator.getTestString(),
237    params(template("createinline"))), "XWIKI-5207 create inline");
238  1 checkUnderEscaping(createUrl("edit", "Main", XMLEscapingValidator.getTestString(),
239    params(template("create"), kv("ajax", "1"))), "XWIKI-5207 create ajax");
240    }
241   
 
242  1 toggle @Test
243    public void testCopySourcedoc()
244    {
245  1 testCopy("sourcedoc");
246    }
247   
 
248  1 toggle @Test
249    public void testCopyLanguage()
250    {
251  1 testCopy("language");
252    }
253   
 
254  1 toggle @Test
255    public void testCopyExistingPage()
256    {
257  1 skipIfIgnored("templates/copy.vm");
258    // need an existing page with name = test string
259  1 createPage("Main", XMLEscapingValidator.getTestString(), "", "Bla bla");
260  1 checkUnderEscaping(createUrl("view", "Main", XMLEscapingValidator.getTestString(),
261    params(kv("xpage", "copy"))), "XWIKI-5206 copy existing page");
262    }
263   
264    /**
265    * Run escaping tests for copy.vm.
266    *
267    * @param parameter parameter to test
268    */
 
269  2 toggle private void testCopy(String parameter)
270    {
271  2 skipIfIgnored("templates/copy.vm");
272    // XWIKI-5206
273    // copy.vm does not display the form if targetdoc is not set
274  2 String url = createUrl(null, null, null, params(template("copy"), test("targetdoc"), test(parameter)));
275    // delete the copy afterwards
276  2 deleteAfterwards(null, XMLEscapingValidator.getTestString());
277  2 checkUnderEscaping(url, "\"" + parameter + "\"");
278    }
279   
 
280  1 toggle @Test
281    public void testRename()
282    {
283  1 skipIfIgnored("templates/rename.vm");
284    // rename.vm is only used with step=2, otherwise renameStep1.vm is used
285  1 String[] tested = new String[] {"language", "sourcedoc", "targetdoc",
286    "newPageName", "newSpaceName", "parameterNames"};
287    // test page will probably be created
288  1 deleteAfterwards(null, XMLEscapingValidator.getTestString());
289  1 for (String parameter : tested) {
290    // make sure the target page exists (cannot use WebHome, since it might be renamed)
291  6 createPage(null, "testRenameSource" + System.nanoTime(), "test", "test");
292  6 Map<String, String> params = params(template("rename"), kv("step", "2"), test(parameter));
293    // HTTP 400 is returned if newPageName is empty, 409 if the new page exist
294  6 if (!params.containsKey("newPageName")) {
295  5 String page = "testRename" + System.nanoTime();
296  5 params.put("newPageName", page);
297    // the test may create a page, schedule for deletion
298  5 deleteAfterwards(null, page);
299    }
300  6 String url = createUrl(null, null, null, params);
301  6 checkUnderEscaping(url, "\"" + parameter + "\"");
302    }
303    }
304   
 
305  1 toggle @Test
306    public void testRenameExistingTarget()
307    {
308  1 skipIfIgnored("templates/rename.vm");
309   
310    // create the source and the target
311  1 String space = "Test";
312  1 String page = "RenameTest";
313  1 createPage(space, page, "Title", "Content");
314  1 createPage(XMLEscapingValidator.getTestString(), XMLEscapingValidator.getTestString(), "Title", "Content");
315   
316  1 String url = createUrl(null, space, page, params(template("rename"), kv("step", "2"), test("newSpaceName"),
317    test("newPageName")));
318  1 checkUnderEscaping(url, "XWIKI-5442");
319    }
320   
 
321  1 toggle @Test
322    public void testRenameSuccess()
323    {
324  1 skipIfIgnored("templates/rename.vm");
325   
326    // create the source
327  1 String space = "Test";
328  1 String page = "RenameTest";
329  1 createPage(space, page, "Title", "Content");
330   
331  1 String testTarget = "Target" + XMLEscapingValidator.getTestString();
332    // FIXME workaround for a bug in link parser, XWIKI-5443
333  1 testTarget = testTarget.replaceAll(">", "");
334   
335    // schedule target for deletion
336  1 deleteAfterwards(testTarget, testTarget);
337   
338  1 String url = createUrl(null, space, page, params(template("rename"), kv("step", "2"),
339    kv("newSpaceName", testTarget), kv("newPageName", testTarget)));
340  1 checkUnderEscaping(url, "XWIKI-5442");
341    }
342   
 
343  1 toggle @Test
344    public void testDelete()
345    {
346  1 skipIfIgnored("templates/delete.vm");
347    // xredirect is only used if id is set
348    // doesn't actually delete anything (confirmation dialog is shown)
349  1 checkUnderEscaping(createUrl("view", null, null, params(template("delete"), kv("id", "bla"), test("xredirect"))),
350    "XWIKI-5239");
351    }
352   
 
353  1 toggle @Test
354    public void testDeleteVersionsConfirm()
355    {
356  1 skipIfIgnored("templates/deleteversionsconfirm.vm");
357    // needs both revisions
358  1 checkUnderEscaping(createUrl("view", null, null, params(template("deleteversionsconfirm"), test("rev1"),
359    test("rev2"))), "XWIKI-5238");
360    }
361   
 
362  1 toggle @Test
363    public void testSuggestHibquery() throws IOException
364    {
365  1 skipIfIgnored("templates/suggest.vm");
366    // tests the first if-case, needs an object with a custom sql query
367  1 testSuggest("AnnotationCode.AnnotationConfig", "annotationClass", "Hibquery");
368    }
369   
 
370  1 toggle @Test
371    public void testSuggestDBTree() throws IOException
372    {
373  1 skipIfIgnored("templates/suggest.vm");
374    // tests properties of DBList type
375  1 testSuggest("Blog.BlogPostClass", "category", "DBTree");
376    }
377   
 
378  1 toggle @Test
379    public void testSuggestStaticList() throws IOException
380    {
381  1 skipIfIgnored("templates/suggest.vm");
382    // tests properties of StringList type
383  1 testSuggest("XWiki.ConfigurableClass", "propertiesToShow", "StaticList");
384    }
385   
386    /**
387    * Test suggest template.
388    *
389    * @param classname class name to use
390    * @param fieldname field name to use
391    * @param description test description
392    * @throws IOException can be thrown when the test fails
393    */
 
394  3 toggle private void testSuggest(String classname, String fieldname, String description) throws IOException
395    {
396  3 String[] tested = new String[] {"firCol", "input"};
397  3 for (String parameter : tested) {
398  6 String url = createUrl("view", "Main", null, params(template("suggest"),
399    kv("classname", classname), kv("fieldname", fieldname),
400    kv("secCol", "doc.fullName';"), test(parameter)));
401  6 checkUnderEscaping(url, "XWIKI-5450: " + description + " (\"" + parameter + "\")");
402  6 checkForErrorTrace(url);
403    }
404    }
405    }
406   
  • Report generated by Atlassian Clover v 4.1.2 on Tue Dec 20 2016 21:29:03 CET using coverage data from Tue Dec 20 2016 21:25:02 CET.
  • Clover: Open Source License registered to XWiki.