1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package org.xwiki.velocity.internal

File DefaultVelocityConfiguration.java

 

Coverage histogram

../../../../img/srcFileCovDistChart10.png
0% of files have more coverage

Code metrics

0
30
3
1
136
81
3
0.1
10
3
1

Classes

Class Line # Actions
DefaultVelocityConfiguration 58 30 0% 3 0
1.0100%
 

Contributing tests

This file is covered by 62 tests. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package org.xwiki.velocity.internal;
21   
22    import java.util.Properties;
23   
24    import javax.inject.Inject;
25    import javax.inject.Singleton;
26   
27    import org.apache.commons.lang3.exception.ExceptionUtils;
28    import org.apache.velocity.tools.generic.ListTool;
29    import org.apache.velocity.tools.generic.MathTool;
30    import org.apache.velocity.tools.generic.NumberTool;
31    import org.apache.velocity.tools.generic.SortTool;
32    import org.xwiki.component.annotation.Component;
33    import org.xwiki.component.phase.Initializable;
34    import org.xwiki.component.phase.InitializationException;
35    import org.xwiki.configuration.ConfigurationSource;
36    import org.xwiki.text.StringUtils;
37    import org.xwiki.velocity.VelocityConfiguration;
38    import org.xwiki.velocity.internal.util.RestrictParseLocationEventHandler;
39    import org.xwiki.velocity.introspection.DeprecatedCheckUberspector;
40    import org.xwiki.velocity.introspection.MethodArgumentsUberspector;
41    import org.xwiki.velocity.introspection.SecureUberspector;
42    import org.xwiki.velocity.tools.CollectionsTool;
43    import org.xwiki.velocity.tools.ComparisonDateTool;
44    import org.xwiki.velocity.tools.EscapeTool;
45    import org.xwiki.velocity.tools.JSONTool;
46    import org.xwiki.velocity.tools.RegexTool;
47    import org.xwiki.velocity.tools.URLTool;
48    import org.xwiki.velocity.tools.nio.NIOTool;
49   
50    /**
51    * All configuration options for the Velocity subsystem.
52    *
53    * @version $Id: 5c4314134a1ff1e4fd9c359c8f448206910a9f95 $
54    * @since 2.0M1
55    */
56    @Component
57    @Singleton
 
58    public class DefaultVelocityConfiguration implements Initializable, VelocityConfiguration
59    {
60    /**
61    * Prefix for configuration keys for the Velocity module.
62    */
63    private static final String PREFIX = "velocity.";
64   
65    /**
66    * Default Tools.
67    */
68    protected Properties defaultTools = new Properties();
69   
70    /**
71    * Defines from where to read the rendering configuration data.
72    */
73    @Inject
74    private ConfigurationSource configuration;
75   
76    /**
77    * Default properties.
78    */
79    private Properties defaultProperties = new Properties();
80   
 
81  1392 toggle @Override
82    public void initialize() throws InitializationException
83    {
84    // Default Velocity tools.
85  1392 this.defaultTools.setProperty("listtool", ListTool.class.getName());
86  1392 this.defaultTools.setProperty("numbertool", NumberTool.class.getName());
87  1392 this.defaultTools.setProperty("datetool", ComparisonDateTool.class.getName());
88  1392 this.defaultTools.setProperty("mathtool", MathTool.class.getName());
89  1392 this.defaultTools.setProperty("sorttool", SortTool.class.getName());
90  1392 this.defaultTools.setProperty("escapetool", EscapeTool.class.getName());
91  1392 this.defaultTools.setProperty("regextool", RegexTool.class.getName());
92  1392 this.defaultTools.setProperty("collectionstool", CollectionsTool.class.getName());
93  1392 this.defaultTools.setProperty("stringtool", StringUtils.class.getName());
94  1392 this.defaultTools.setProperty("jsontool", JSONTool.class.getName());
95  1392 this.defaultTools.setProperty("urltool", URLTool.class.getName());
96  1392 this.defaultTools.setProperty("exceptiontool", ExceptionUtils.class.getName());
97  1392 this.defaultTools.setProperty("niotool", NIOTool.class.getName());
98   
99    // Default Velocity properties
100  1392 this.defaultProperties.setProperty("directive.set.null.allowed", Boolean.TRUE.toString());
101  1392 this.defaultProperties.setProperty("velocimacro.messages.on", Boolean.FALSE.toString());
102  1392 this.defaultProperties.setProperty("velocimacro.max.depth", "100");
103  1392 this.defaultProperties.setProperty("resource.manager.logwhenfound", Boolean.FALSE.toString());
104  1392 this.defaultProperties.setProperty("velocimacro.permissions.allow.inline.local.scope", Boolean.TRUE.toString());
105    // Prevents users from calling #parse on files outside the /templates/ directory
106  1392 this.defaultProperties.setProperty("eventhandler.include.class",
107    RestrictParseLocationEventHandler.class.getName());
108    // Prevents users from writing dangerous Velocity code like using Class.forName or Java threading APIs.
109  1392 this.defaultProperties.setProperty("runtime.introspector.uberspect", StringUtils.join(
110    new String[] { SecureUberspector.class.getName(), DeprecatedCheckUberspector.class.getName(),
111    MethodArgumentsUberspector.class.getName() }, ','));
112    // Enable the extra scope variables $template and $macro, similar to $foreach
113  1392 this.defaultProperties.setProperty("template.provide.scope.control", Boolean.TRUE.toString());
114  1392 this.defaultProperties.setProperty("macro.provide.scope.control", Boolean.TRUE.toString());
115    }
116   
 
117  318 toggle @Override
118    public Properties getProperties()
119    {
120    // Merge default properties and properties defined in the configuration
121  318 Properties props = new Properties();
122  318 props.putAll(this.defaultProperties);
123  318 props.putAll(this.configuration.getProperty(PREFIX + "properties", Properties.class));
124  318 return props;
125    }
126   
 
127  1362 toggle @Override
128    public Properties getTools()
129    {
130    // Merge default tools and tools defined in the configuration
131  1362 Properties props = new Properties();
132  1362 props.putAll(this.defaultTools);
133  1362 props.putAll(this.configuration.getProperty(PREFIX + "tools", Properties.class));
134  1362 return props;
135    }
136    }