Google Git
Sign in
apache / wicket / 85cd143c7fcf2609100c24612131f68991d38915 / . / wicket-core / src / test / java / org / apache / wicket / ParentResourceEscapePathTest.java
blob: 4cb7d34479cf12e14346c56eb5a23b8bbfe848af [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.wicket;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.InputStream;
import org.apache.wicket.markup.html.PackageResourceGuard;
import org.apache.wicket.request.Url;
import org.apache.wicket.request.resource.PackageResourceReference;
import org.apache.wicket.request.resource.ResourceReference;
import org.apache.wicket.util.tester.WicketTestCase;
import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
*/
class ParentResourceEscapePathTest extends WicketTestCase
{
private static final Logger log = LoggerFactory.getLogger(ParentResourceEscapePathTest.class);
/**
* @throws Exception
*/
@Test
void parentEscapeSequenceInRenderedHtmlTest() throws Exception
{
tester.getApplication().getResourceSettings().setParentFolderPlaceholder("-updir-");
parentEscapeSequenceInRenderedHtml();
tester.getApplication().getResourceSettings().setParentFolderPlaceholder("$up$");
parentEscapeSequenceInRenderedHtml();
}
private void parentEscapeSequenceInRenderedHtml()
{
tester.startPage(ParentResourceEscapePathTestPage.class);
tester.assertRenderedPage(ParentResourceEscapePathTestPage.class);
tester.assertNoErrorMessage();
log.error(tester.getLastResponseAsString());
String html = tester.getLastResponseAsString();
assertContains(html, "<html><head><wicket:link><script ");
assertContains(html, " type=\"text/javascript\"");
assertContains(html, expectedResourceUrl() + "\"");
assertContains(html, "\"></script></wicket:link></head></html>");
}
private void assertContains(String html, String expected)
{
assertTrue(html.contains(expected), "Expected to find \"" + expected + "\" in \"" + html + "\"");
}
/**
* testResourceUrlGeneratedByResourceReference()
*/
@Test
void resourceUrlGeneratedByResourceReferenceTest()
{
tester.getApplication().getResourceSettings().setParentFolderPlaceholder("-updir-");
resourceUrlGeneratedByResourceReference();
tester.getApplication().getResourceSettings().setParentFolderPlaceholder("$up$");
resourceUrlGeneratedByResourceReference();
}
private void resourceUrlGeneratedByResourceReference()
{
final ResourceReference ref = new PackageResourceReference(
ParentResourceEscapePathTestPage.class, "../../../ParentResourceTest.js");
assertContains(tester.getRequestCycle().mapUrlFor(ref, null).toString(),
expectedResourceUrl());
}
/**
* testRequestHandlingOfResourceUrlWithEscapeStringInside()
*/
@Test
void requestHandlingOfResourceUrlWithEscapeStringInsideTest()
{
((PackageResourceGuard)tester.getApplication()
.getResourceSettings()
.getPackageResourceGuard()).setAllowAccessToRootResources(true);
tester.getApplication().getResourceSettings().setParentFolderPlaceholder("-updir-");
requestHandlingOfResourceUrlWithEscapeStringInside();
tester.getApplication().getResourceSettings().setParentFolderPlaceholder("$up$");
requestHandlingOfResourceUrlWithEscapeStringInside();
}
private void requestHandlingOfResourceUrlWithEscapeStringInside()
{
tester.getRequest().setUrl(Url.parse("wicket/" + expectedResourceUrl()));
InputStream i = getClass().getClassLoader().getResourceAsStream("ParentResourceTest.js");
i = getClass().getClassLoader().getResourceAsStream("/ParentResourceTest.js");
tester.processRequest();
tester.assertNoErrorMessage();
String res = tester.getLastResponse().getBinaryResponse();
assertEquals("// ParentResourceTest.js", res);
}
private String expectedResourceUrl()
{
final CharSequence escapeSequence = tester.getApplication()
.getResourceSettings()
.getParentFolderPlaceholder();
final StringBuilder url = new StringBuilder();
url.append("resource/org.apache.wicket.ParentResourceEscapePathTestPage/");
for (int i = 0; i < 3; i++)
{
url.append(escapeSequence);
url.append('/');
}
url.append("ParentResourceTest.js");
return url.toString();
}
}