Re: [xwiki-devs] [xwiki-notifications] r28858 - in platform/core/trunk/xwiki-core/src: main/java/com/xpn/xwiki main/java/com/xpn/xwiki/web test/java/com/xpn/xwiki/web

Fri, 14 May 2010 00:36:08 -0700 

On May 13, 2010, at 10:43 PM, sdumitriu (SVN) wrote:

> Author: sdumitriu
> Date: 2010-05-13 22:43:41 +0200 (Thu, 13 May 2010)
> New Revision: 28858
> 
> Modified:
>   platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/XWiki.java
>   
> platform/core/trunk/xwiki-core/src/main/java/com/xpn/xwiki/web/SkinAction.java
>   
> platform/core/trunk/xwiki-core/src/test/java/com/xpn/xwiki/web/SkinActionTest.java
> Log:
> XWIKI-2580: Improve file access sandboxing
> Fixed.
> Patch from Alex Busenius applied with minor changes.

[snip]
> Modified: 
> platform/core/trunk/xwiki-core/src/test/java/com/xpn/xwiki/web/SkinActionTest.java
> ===================================================================
> --- 
> platform/core/trunk/xwiki-core/src/test/java/com/xpn/xwiki/web/SkinActionTest.java
>         2010-05-13 20:24:25 UTC (rev 28857)
> +++ 
> platform/core/trunk/xwiki-core/src/test/java/com/xpn/xwiki/web/SkinActionTest.java
>         2010-05-13 20:43:41 UTC (rev 28858)
> @@ -20,6 +20,8 @@
>  */
> package com.xpn.xwiki.web;
> 
> +import java.io.IOException;
> +
> import org.jmock.cglib.MockObjectTestCase;
> 
> /**
> @@ -66,4 +68,54 @@
>     {
>         assertFalse(this.action.isJavascriptMimeType(null));
>     }
> +
> +    public void testIncorrectSkinFile()
> +    {
> +        try {
> +            this.action.getSkinFilePath("../../resources/js/xwiki/xwiki.js", 
> "colibri");
> +            assertTrue("should fail", false);

This should be fail(....)

> +        } catch (IOException e) {

This should be "exception" instead of "e"

Same below.

Note: Using junit4 this should be done using an annotation:
 @Test(expected=IOException.class)

Thanks
-Vincent

> +            // good
> +        }
> +        try {
> +            this.action.getSkinFilePath("../../../", "colibri");
> +            assertTrue("should fail", false);
> +        } catch (IOException e) {
> +            // good
> +        }
> +        try {
> +            this.action.getSkinFilePath("resources/js/xwiki/xwiki.js", "..");
> +            assertTrue("should fail", false);
> +        } catch (IOException e) {
> +            // good
> +        }
> +        try {
> +            this.action.getSkinFilePath("../resources/js/xwiki/xwiki.js", 
> ".");
> +            assertTrue("should fail", false);
> +        } catch (IOException e) {
> +            // good
> +        }
> +    }
> +
> +    public void testIncorrectResourceFile()
> +    {
> +        try {
> +            this.action.getResourceFilePath("../../skins/js/xwiki/xwiki.js");
> +            assertTrue("should fail", false);
> +        } catch (IOException e) {
> +            // good
> +        }
> +        try {
> +            this.action.getResourceFilePath("../../../");
> +            assertTrue("should fail", false);
> +        } catch (IOException e) {
> +            // good
> +        }
> +        try {
> +            this.action.getResourceFilePath("../../redirect");
> +            assertTrue("should fail", false);
> +        } catch (IOException e) {
> +            // good
> +        }
> +    }
> }

_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs

Reply via email to