SLING-10391 make use of real org.apache.sling.xss.impl.XSSAPIImpl implementation, introduce MockXSSFilter
diff --git a/core/pom.xml b/core/pom.xml
index dbc4627..40b6759 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -196,6 +196,11 @@
<artifactId>commons-lang</artifactId>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <scope>compile</scope>
+ </dependency>
<dependency>
<groupId>org.apache.sling</groupId>
diff --git a/core/src/main/java/org/apache/sling/testing/mock/sling/MockXSSAPIImpl.java b/core/src/main/java/org/apache/sling/testing/mock/sling/MockXSSAPIImpl.java
deleted file mode 100644
index db3cf16..0000000
--- a/core/src/main/java/org/apache/sling/testing/mock/sling/MockXSSAPIImpl.java
+++ /dev/null
@@ -1,163 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.sling.testing.mock.sling;
-
-import java.util.regex.Pattern;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.sling.xss.XSSAPI;
-import org.jetbrains.annotations.NotNull;
-import org.jetbrains.annotations.Nullable;
-import org.osgi.service.component.annotations.Component;
-
-/**
- * This is a very simplified mock implementation of {@link XSSAPI} which in most cases just returns
- * the value that was passed in, or does only very basic validation.
- */
-@Component(service = XSSAPI.class)
-public final class MockXSSAPIImpl implements XSSAPI {
-
- private static final Pattern PATTERN_AUTO_DIMENSION = Pattern.compile("['\"]?auto['\"]?");
-
- @Override
- public @Nullable Integer getValidInteger(@Nullable String integer, int defaultValue) {
- if (StringUtils.isNotBlank(integer)) {
- try {
- return Integer.parseInt(integer);
- }
- catch (NumberFormatException ex) {
- // ignore
- }
- }
- return defaultValue;
- }
-
- @Override
- public @Nullable Long getValidLong(@Nullable String source, long defaultValue) {
- if (StringUtils.isNotBlank(source)) {
- try {
- return Long.parseLong(source);
- }
- catch (NumberFormatException ex) {
- // ignore
- }
- }
- return defaultValue;
- }
-
- @Override
- public @Nullable Double getValidDouble(@Nullable String source, double defaultValue) {
- if (StringUtils.isNotBlank(source)) {
- try {
- return Double.parseDouble(source);
- }
- catch (NumberFormatException ex) {
- // ignore
- }
- }
- return defaultValue;
- }
-
- @Override
- public @Nullable String getValidDimension(@Nullable String dimension, @Nullable String defaultValue) {
- if (StringUtils.isNotBlank(dimension)) {
- if (PATTERN_AUTO_DIMENSION.matcher(dimension).matches()) {
- return "\"auto\"";
- }
- try {
- return Integer.toString(Integer.parseInt(dimension));
- }
- catch (NumberFormatException ex) {
- // ignore
- }
- }
- return defaultValue;
- }
-
- @Override
- public @NotNull String getValidHref(@Nullable String url) {
- return StringUtils.defaultString(url);
- }
-
- @Override
- public @Nullable String getValidJSToken(@Nullable String token, @Nullable String defaultValue) {
- return StringUtils.defaultIfBlank(token, defaultValue);
- }
-
- @Override
- public @Nullable String getValidStyleToken(@Nullable String token, @Nullable String defaultValue) {
- return StringUtils.defaultIfBlank(token, defaultValue);
- }
-
- @Override
- public @Nullable String getValidCSSColor(@Nullable String color, @Nullable String defaultColor) {
- return StringUtils.defaultIfBlank(color, defaultColor);
- }
-
- @Override
- public String getValidMultiLineComment(@Nullable String comment, @Nullable String defaultComment) {
- return StringUtils.defaultIfBlank(comment, defaultComment);
- }
-
- @Override
- public String getValidJSON(@Nullable String json, @Nullable String defaultJson) {
- return StringUtils.defaultIfBlank(json, defaultJson);
- }
-
- @Override
- public String getValidXML(@Nullable String xml, @Nullable String defaultXml) {
- return StringUtils.defaultIfBlank(xml, defaultXml);
- }
-
- @Override
- public @Nullable String encodeForHTML(@Nullable String source) {
- return source;
- }
-
- @Override
- public @Nullable String encodeForHTMLAttr(@Nullable String source) {
- return source;
- }
-
- @Override
- public @Nullable String encodeForXML(@Nullable String source) {
- return source;
- }
-
- @Override
- public @Nullable String encodeForXMLAttr(@Nullable String source) {
- return source;
- }
-
- @Override
- public @Nullable String encodeForJSString(@Nullable String source) {
- return source;
- }
-
- @Override
- public @Nullable String encodeForCSSString(@Nullable String source) {
- return source;
- }
-
- @Override
- public @NotNull String filterHTML(@Nullable String source) {
- return StringUtils.defaultString(source);
- }
-
-}
diff --git a/core/src/main/java/org/apache/sling/testing/mock/sling/MockXSSFilter.java b/core/src/main/java/org/apache/sling/testing/mock/sling/MockXSSFilter.java
new file mode 100644
index 0000000..8928507
--- /dev/null
+++ b/core/src/main/java/org/apache/sling/testing/mock/sling/MockXSSFilter.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.testing.mock.sling;
+
+import org.apache.sling.xss.ProtectionContext;
+import org.apache.sling.xss.XSSFilter;
+import org.osgi.service.component.annotations.Component;
+
+/**
+ * Mock implementation of {@link XSSFilter} that just accepts anything.
+ */
+@Component(service = XSSFilter.class)
+public final class MockXSSFilter implements XSSFilter {
+
+ @Override
+ public boolean check(ProtectionContext context, String src) {
+ return true;
+ }
+
+ @Override
+ public String filter(String src) {
+ return src != null ? src : "";
+ }
+
+ @Override
+ public String filter(ProtectionContext context, String src) {
+ return src != null ? src : "";
+ }
+
+ @Override
+ public boolean isValidHref(String url) {
+ return true;
+ }
+
+}
diff --git a/core/src/main/java/org/apache/sling/testing/mock/sling/context/SlingContextImpl.java b/core/src/main/java/org/apache/sling/testing/mock/sling/context/SlingContextImpl.java
index 029d84a..91a7b2e 100644
--- a/core/src/main/java/org/apache/sling/testing/mock/sling/context/SlingContextImpl.java
+++ b/core/src/main/java/org/apache/sling/testing/mock/sling/context/SlingContextImpl.java
@@ -53,7 +53,7 @@
import org.apache.sling.testing.mock.osgi.context.OsgiContextImpl;
import org.apache.sling.testing.mock.sling.MockResourceBundleProvider;
import org.apache.sling.testing.mock.sling.MockSling;
-import org.apache.sling.testing.mock.sling.MockXSSAPIImpl;
+import org.apache.sling.testing.mock.sling.MockXSSFilter;
import org.apache.sling.testing.mock.sling.ResourceResolverType;
import org.apache.sling.testing.mock.sling.builder.ContentBuilder;
import org.apache.sling.testing.mock.sling.loader.ContentLoader;
@@ -62,6 +62,7 @@
import org.apache.sling.testing.mock.sling.servlet.MockRequestPathInfo;
import org.apache.sling.testing.mock.sling.servlet.MockSlingHttpServletRequest;
import org.apache.sling.testing.mock.sling.servlet.MockSlingHttpServletResponse;
+import org.apache.sling.xss.impl.XSSAPIImpl;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.osgi.annotation.versioning.ConsumerType;
@@ -189,7 +190,8 @@
registerInjectActivateService(new JcrObjectsBindingsValuesProvider(),
SERVICE_PROPERTY_MOCK_SLING_BINDINGS_IGNORE, true);
registerInjectActivateService(new MockResourceBundleProvider());
- registerInjectActivateService(new MockXSSAPIImpl());
+ registerInjectActivateService(MockXSSFilter.class);
+ registerInjectActivateService(XSSAPIImpl.class);
registerInjectActivateService(new FeatureManager());
// scan for models defined via bundle headers in classpath
diff --git a/core/src/main/java/org/apache/sling/testing/mock/sling/package-info.java b/core/src/main/java/org/apache/sling/testing/mock/sling/package-info.java
index 6ed7c8f..95061d9 100644
--- a/core/src/main/java/org/apache/sling/testing/mock/sling/package-info.java
+++ b/core/src/main/java/org/apache/sling/testing/mock/sling/package-info.java
@@ -19,5 +19,5 @@
/**
* Mock implementation of selected Sling APIs.
*/
-@org.osgi.annotation.versioning.Version("3.4.0")
+@org.osgi.annotation.versioning.Version("4.0.0")
package org.apache.sling.testing.mock.sling;
diff --git a/core/src/test/java/org/apache/sling/testing/mock/sling/MockXSSAPIImplTest.java b/core/src/test/java/org/apache/sling/testing/mock/sling/XSSAPIImplTest.java
similarity index 89%
rename from core/src/test/java/org/apache/sling/testing/mock/sling/MockXSSAPIImplTest.java
rename to core/src/test/java/org/apache/sling/testing/mock/sling/XSSAPIImplTest.java
index 6c2b3e3..55e7dd8 100644
--- a/core/src/test/java/org/apache/sling/testing/mock/sling/MockXSSAPIImplTest.java
+++ b/core/src/test/java/org/apache/sling/testing/mock/sling/XSSAPIImplTest.java
@@ -27,7 +27,7 @@
import org.junit.Rule;
import org.junit.Test;
-public class MockXSSAPIImplTest {
+public class XSSAPIImplTest {
@Rule
public SlingContext context = new SlingContext();
@@ -60,7 +60,6 @@
@Test
public void testGetValidDouble() throws Exception {
assertEquals((Double)1.23d, underTest.getValidDouble("1.23", -1d));
- assertEquals((Double)(-1.23d), underTest.getValidDouble("-1.23", -1d));
assertEquals((Double)(-1d), underTest.getValidDouble("invalid", -1d));
assertEquals((Double)(-1.5d), underTest.getValidDouble("", -1.5d));
assertEquals((Double)(-1d), underTest.getValidDouble(null, -1d));
@@ -107,22 +106,24 @@
@Test
public void testGetValidMultiLineComment() throws Exception {
assertEquals("val", underTest.getValidMultiLineComment("val", "def"));
- assertEquals("def", underTest.getValidMultiLineComment("", "def"));
+ assertEquals("", underTest.getValidMultiLineComment("", "def"));
assertEquals("def", underTest.getValidMultiLineComment(null, "def"));
}
@Test
public void testGetValidJSON() throws Exception {
- assertEquals("val", underTest.getValidJSON("val", "def"));
- assertEquals("def", underTest.getValidJSON("", "def"));
- assertEquals("def", underTest.getValidJSON(null, "def"));
+ assertEquals("{\"valid\":true}", underTest.getValidJSON("{\"valid\":true}", "{}"));
+ assertEquals("", underTest.getValidJSON("", "{}"));
+ assertEquals("{}", underTest.getValidJSON("{invalid", "{}"));
+ assertEquals("{}", underTest.getValidJSON(null, "{}"));
}
@Test
public void testGetValidXML() throws Exception {
- assertEquals("val", underTest.getValidXML("val", "def"));
- assertEquals("def", underTest.getValidXML("", "def"));
- assertEquals("def", underTest.getValidXML(null, "def"));
+ assertEquals("<valid/>", underTest.getValidXML("<valid/>", "<default/>"));
+ assertEquals("", underTest.getValidXML("", "<default/>"));
+ assertEquals("<default/>", underTest.getValidXML("<invalid", "<default/>"));
+ assertEquals("<default/>", underTest.getValidXML(null, "<default/>"));
}
@Test
diff --git a/parent/pom.xml b/parent/pom.xml
index 6a24282..3e269a1 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -239,6 +239,11 @@
<artifactId>commons-lang</artifactId>
<version>2.6</version>
</dependency>
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>1.3.3</version>
+ </dependency>
<dependency>
<groupId>org.apache.sling</groupId>
