diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java index 94db3f39c..b51bc0694 100644 --- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/RepositoryTest.java @@ -38,7 +38,7 @@ public class RepositoryTest assertRepositoriesPage(); } - @Test( dependsOnMethods = { "testAddManagedRepoValidValues" }, enabled = false ) + @Test( dependsOnMethods = { "testAddManagedRepoValidValues" } ) public void testAddManagedRepoInvalidValues() { getSelenium().open( "/archiva/admin/addRepository.action" ); @@ -55,8 +55,7 @@ public class RepositoryTest "Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." ); assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." ); - // FIXME: broken - assertTextPresent( "Invalid cron expression." ); + assertTextPresent( "Cron expression is required." ); } @Test @@ -123,7 +122,7 @@ public class RepositoryTest assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." ); } - @Test( enabled = false ) + @Test public void testAddManagedRepoBlankValues() { getSelenium().open( "/archiva/admin/addRepository.action" ); @@ -132,8 +131,7 @@ public class RepositoryTest assertTextPresent( "You must enter a repository identifier." ); assertTextPresent( "You must enter a repository name." ); assertTextPresent( "You must enter a directory." ); - // FIXME: broken - assertTextPresent( "Invalid cron expression." ); + assertTextPresent( "Cron expression is required." ); } @Test @@ -165,15 +163,14 @@ public class RepositoryTest assertTextPresent( "You must enter a directory." ); } - @Test( enabled = false ) + @Test public void testAddManagedRepoNoCron() { getSelenium().open( "/archiva/admin/addRepository.action" ); addManagedRepository( "identifier", "name", "/home", "/.index", "Maven 2.x Repository", "", "", "", false ); - // FIXME: broken - assertTextPresent( "Invalid cron expression." ); + assertTextPresent( "Cron expression is required." ); } @Test @@ -186,7 +183,7 @@ public class RepositoryTest assertTextPresent( "Managed Repository Sample" ); } - @Test( dependsOnMethods = { "testAddManagedRepoForEdit" }, enabled = false ) + @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } ) public void testEditManagedRepoInvalidValues() { editManagedRepository( "<>\\~+[]'\"", "<> ~+[ ]'\"", "<> ~+[ ]'\"", "Maven 2.x Repository", "", "-1", "101" ); @@ -198,8 +195,7 @@ public class RepositoryTest "Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." ); assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." ); - // FIXME: broken - assertTextPresent( "Invalid cron expression." ); + assertTextPresent( "Cron expression is required." ); } @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } ) @@ -226,11 +222,24 @@ public class RepositoryTest "Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); } - @Test( dependsOnMethods = { "testAddManagedRepoForEdit" }, enabled = false ) - public void testEditManagedRepoInvalidCron() + @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } ) + public void testEditManagedRepoInvalidCronBadText() { - editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "", "1", "1" ); - // FIXME: broken + editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "asdf", "1", "1" ); + assertTextPresent( "Invalid cron expression." ); + } + + @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } ) + public void testEditManagedRepoInvalidCronBadValue() + { + editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "60 0 * * * ?", "1", "1" ); + assertTextPresent( "Invalid cron expression." ); + } + + @Test( dependsOnMethods = { "testAddManagedRepoForEdit" } ) + public void testEditManagedRepoInvalidCronTooManyElements() + { + editManagedRepository( "name", "/home", "/.index", "Maven 2.x Repository", "* * * * * * * *", "1", "1" ); assertTextPresent( "Invalid cron expression." ); } @@ -342,4 +351,4 @@ public class RepositoryTest assertPage( "Collection: /" ); assertTextPresent( "Collection: /" ); } -} \ No newline at end of file +} diff --git a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java index fe868956a..0f05752c9 100644 --- a/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java +++ b/archiva-modules/archiva-web/archiva-webapp-test/src/test/testng/org/apache/archiva/web/test/XSSSecurityTest.java @@ -154,9 +154,10 @@ public class XSSSecurityTest assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." ); } - @Test( enabled = false ) + @Test public void testAddManagedRepositoryImmunityToInputFieldCrossSiteScripting() { + // TODO: these are evaluated client side now - we should force it to do server-side to make sure (though this could probably be tested in the webapp tests instead) getSelenium().open( "/archiva/admin/addRepository.action" ); addManagedRepository( "test\">", "test\">", "test\">", "test\">", @@ -172,7 +173,16 @@ public class XSSSecurityTest "Index directory must only contain alphanumeric characters, equals(=), question-marks(?), exclamation-points(!), ampersands(&), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), colons(:), tildes(~), and dashes(-)." ); assertTextPresent( "Repository Purge By Retention Count needs to be between 1 and 100." ); assertTextPresent( "Repository Purge By Days Older Than needs to be larger than 0." ); - // FIXME: broken + assertTextPresent( "Cron expression is required." ); + } + + @Test + public void testAddManagedRepositoryImmunityToInputFieldCrossSiteScriptingCron() + { + // separate test because cron is evaluated server side, not client side + getSelenium().open( "/archiva/admin/addRepository.action" ); + addManagedRepository( "id", "name", "/home", "/.index", "Maven 2.x Repository", + "", "1", "1", true ); assertTextPresent( "Invalid cron expression." ); } @@ -241,4 +251,4 @@ public class XSSSecurityTest assertTextPresent( "Username must only contain alphanumeric characters, at's(@), forward-slashes(/), back-slashes(\\), underscores(_), dots(.), and dashes(-)." ); } -} \ No newline at end of file +} diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java index 885079818..488db6c68 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction.java @@ -24,6 +24,7 @@ import com.opensymphony.xwork2.Validateable; import org.apache.archiva.admin.model.RepositoryAdminException; import org.apache.archiva.admin.model.beans.ManagedRepository; import org.apache.commons.lang.StringUtils; +import org.codehaus.redback.components.scheduler.CronExpressionValidator; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Controller; @@ -102,6 +103,13 @@ public class AddManagedRepositoryAction @Override public void validate() { + CronExpressionValidator validator = new CronExpressionValidator(); + + if ( !validator.validate( repository.getCronExpression() ) ) + { + addFieldError( "repository.cronExpression", "Invalid cron expression." ); + } + // trim all unecessary trailing/leading white-spaces; always put this statement before the closing braces(after all validation). trimAllRequestParameterValues(); } diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java index e4a9dbfd0..f28047afe 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction.java @@ -135,7 +135,7 @@ public class EditManagedRepositoryAction if ( !validator.validate( repository.getCronExpression() ) ) { - addFieldError( "repository.refreshCronExpression", "Invalid cron expression." ); + addFieldError( "repository.cronExpression", "Invalid cron expression." ); } trimAllRequestParameterValues(); diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml index 8c951cbd1..68ffb6cf7 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/AddManagedRepositoryAction-validation.xml @@ -73,4 +73,9 @@ Repository Purge By Days Older Than needs to be larger than ${min}. + + + Cron expression is required. + + diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml index abc9e5526..9f82c37bd 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/org/apache/archiva/web/action/admin/repositories/EditManagedRepositoryAction-validation.xml @@ -73,4 +73,9 @@ Repository Purge By Days Older Than needs to be larger than ${min}. + + + Cron expression is required. + +