Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
xxadev
jenkins
提交
cbb6a8ac
J
jenkins
项目概览
xxadev
/
jenkins
与 Fork 源项目一致
从无法访问的项目Fork
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
cbb6a8ac
编写于
4月 30, 2014
作者:
J
Jesse Glick
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
JUnit 4.
上级
3f295879
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
38 addition
and
34 deletion
+38
-34
test/src/test/java/hudson/security/csrf/DefaultCrumbIssuerTest.java
...est/java/hudson/security/csrf/DefaultCrumbIssuerTest.java
+38
-34
未找到文件。
test/src/test/java/hudson/security/csrf/DefaultCrumbIssuerTest.java
浏览文件 @
cbb6a8ac
...
...
@@ -9,21 +9,25 @@ package hudson.security.csrf;
import
com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException
;
import
com.gargoylesoftware.htmlunit.html.HtmlPage
;
import
java.net.HttpURLConnection
;
import
static
org
.
junit
.
Assert
.*;
import
org.junit.Before
;
import
org.junit.Rule
;
import
org.junit.Test
;
import
org.jvnet.hudson.test.Bug
;
import
org.jvnet.hudson.test.HudsonTestCase
;
import
org.jvnet.hudson.test.JenkinsRule
;
import
org.jvnet.hudson.test.JenkinsRule.WebClient
;
import
org.jvnet.hudson.test.recipes.PresetData
;
/**
*
* @author dty
*/
public
class
DefaultCrumbIssuerTest
extends
HudsonTestCase
{
protected
void
setUp
()
throws
Exception
{
super
.
setUp
();
assertNotNull
(
jenkins
);
CrumbIssuer
issuer
=
new
DefaultCrumbIssuer
(
false
);
assertNotNull
(
issuer
);
jenkins
.
setCrumbIssuer
(
issuer
);
public
class
DefaultCrumbIssuerTest
{
@Rule
public
JenkinsRule
r
=
new
JenkinsRule
();
@Before
public
void
setIssuer
()
{
r
.
jenkins
.
setCrumbIssuer
(
new
DefaultCrumbIssuer
(
false
));
}
private
static
final
String
[]
testData
=
{
...
...
@@ -35,17 +39,17 @@ public class DefaultCrumbIssuerTest extends HudsonTestCase {
private
static
final
String
HEADER_NAME
=
"X-Forwarded-For"
;
@Bug
(
3854
)
public
void
testC
lientIPFromHeader
()
throws
Exception
{
WebClient
wc
=
new
WebClient
();
@Test
public
void
c
lientIPFromHeader
()
throws
Exception
{
WebClient
wc
=
r
.
create
WebClient
();
wc
.
addRequestHeader
(
HEADER_NAME
,
testData
[
0
]);
HtmlPage
p
=
wc
.
goTo
(
"configure"
);
submit
(
p
.
getFormByName
(
"config"
));
r
.
submit
(
p
.
getFormByName
(
"config"
));
}
@Bug
(
3854
)
public
void
testH
eaderChange
()
throws
Exception
{
WebClient
wc
=
new
WebClient
();
@Test
public
void
h
eaderChange
()
throws
Exception
{
WebClient
wc
=
r
.
create
WebClient
();
wc
.
addRequestHeader
(
HEADER_NAME
,
testData
[
0
]);
HtmlPage
p
=
wc
.
goTo
(
"configure"
);
...
...
@@ -53,7 +57,7 @@ public class DefaultCrumbIssuerTest extends HudsonTestCase {
wc
.
removeRequestHeader
(
HEADER_NAME
);
try
{
// The crumb should no longer match if we remove the proxy info
submit
(
p
.
getFormByName
(
"config"
));
r
.
submit
(
p
.
getFormByName
(
"config"
));
}
catch
(
FailingHttpStatusCodeException
e
)
{
assertEquals
(
403
,
e
.
getStatusCode
());
...
...
@@ -61,8 +65,8 @@ public class DefaultCrumbIssuerTest extends HudsonTestCase {
}
@Bug
(
3854
)
public
void
testP
roxyIPChanged
()
throws
Exception
{
WebClient
wc
=
new
WebClient
();
@Test
public
void
p
roxyIPChanged
()
throws
Exception
{
WebClient
wc
=
r
.
create
WebClient
();
wc
.
addRequestHeader
(
HEADER_NAME
,
testData
[
1
]);
HtmlPage
p
=
wc
.
goTo
(
"configure"
);
...
...
@@ -71,58 +75,58 @@ public class DefaultCrumbIssuerTest extends HudsonTestCase {
wc
.
addRequestHeader
(
HEADER_NAME
,
testData
[
2
]);
// The crumb should be the same even if the proxy IP changes
submit
(
p
.
getFormByName
(
"config"
));
r
.
submit
(
p
.
getFormByName
(
"config"
));
}
@Bug
(
3854
)
public
void
testP
roxyIPChain
()
throws
Exception
{
WebClient
wc
=
new
WebClient
();
@Test
public
void
p
roxyIPChain
()
throws
Exception
{
WebClient
wc
=
r
.
create
WebClient
();
wc
.
addRequestHeader
(
HEADER_NAME
,
testData
[
3
]);
HtmlPage
p
=
wc
.
goTo
(
"configure"
);
submit
(
p
.
getFormByName
(
"config"
));
r
.
submit
(
p
.
getFormByName
(
"config"
));
}
@Bug
(
7518
)
public
void
testP
roxyCompatibilityMode
()
throws
Exception
{
@Test
public
void
p
roxyCompatibilityMode
()
throws
Exception
{
CrumbIssuer
issuer
=
new
DefaultCrumbIssuer
(
true
);
assertNotNull
(
issuer
);
jenkins
.
setCrumbIssuer
(
issuer
);
r
.
jenkins
.
setCrumbIssuer
(
issuer
);
WebClient
wc
=
new
WebClient
();
WebClient
wc
=
r
.
create
WebClient
();
wc
.
addRequestHeader
(
HEADER_NAME
,
testData
[
0
]);
HtmlPage
p
=
wc
.
goTo
(
"configure"
);
wc
.
removeRequestHeader
(
HEADER_NAME
);
// The crumb should still match if we remove the proxy info
submit
(
p
.
getFormByName
(
"config"
));
r
.
submit
(
p
.
getFormByName
(
"config"
));
}
@PresetData
(
PresetData
.
DataSet
.
ANONYMOUS_READONLY
)
public
void
testA
piXml
()
throws
Exception
{
WebClient
wc
=
new
WebClient
();
assertXPathValue
(
wc
.
goToXml
(
"crumbIssuer/api/xml"
),
"//crumbRequestField"
,
jenkins
.
getCrumbIssuer
().
getCrumbRequestField
());
@Test
public
void
a
piXml
()
throws
Exception
{
WebClient
wc
=
r
.
create
WebClient
();
r
.
assertXPathValue
(
wc
.
goToXml
(
"crumbIssuer/api/xml"
),
"//crumbRequestField"
,
r
.
jenkins
.
getCrumbIssuer
().
getCrumbRequestField
());
String
text
=
wc
.
goTo
(
"crumbIssuer/api/xml?xpath=concat(//crumbRequestField,'=',//crumb)"
,
"text/plain"
).
getWebResponse
().
getContentAsString
();
assertTrue
(
text
,
text
.
matches
(
"\\Q"
+
jenkins
.
getCrumbIssuer
().
getCrumbRequestField
()
+
"\\E=[0-9a-f]+"
));
assertTrue
(
text
,
text
.
matches
(
"\\Q"
+
r
.
jenkins
.
getCrumbIssuer
().
getCrumbRequestField
()
+
"\\E=[0-9a-f]+"
));
text
=
wc
.
goTo
(
"crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\":\",//crumb)"
,
"text/plain"
).
getWebResponse
().
getContentAsString
();
assertTrue
(
text
,
text
.
matches
(
"\\Q"
+
jenkins
.
getCrumbIssuer
().
getCrumbRequestField
()
+
"\\E:[0-9a-f]+"
));
assertTrue
(
text
,
text
.
matches
(
"\\Q"
+
r
.
jenkins
.
getCrumbIssuer
().
getCrumbRequestField
()
+
"\\E:[0-9a-f]+"
));
text
=
wc
.
goTo
(
"crumbIssuer/api/xml?xpath=/*/crumbRequestField/text()"
,
"text/plain"
).
getWebResponse
().
getContentAsString
();
assertEquals
(
jenkins
.
getCrumbIssuer
().
getCrumbRequestField
(),
text
);
assertEquals
(
r
.
jenkins
.
getCrumbIssuer
().
getCrumbRequestField
(),
text
);
text
=
wc
.
goTo
(
"crumbIssuer/api/xml?xpath=/*/crumb/text()"
,
"text/plain"
).
getWebResponse
().
getContentAsString
();
assertTrue
(
text
,
text
.
matches
(
"[0-9a-f]+"
));
wc
.
assertFails
(
"crumbIssuer/api/xml?xpath=concat('hack=\"',//crumb,'\"')"
,
HttpURLConnection
.
HTTP_FORBIDDEN
);
wc
.
assertFails
(
"crumbIssuer/api/xml?xpath=concat(\"hack='\",//crumb,\"'\")"
,
HttpURLConnection
.
HTTP_FORBIDDEN
);
wc
.
assertFails
(
"crumbIssuer/api/xml?xpath=concat('{',//crumb,':1}')"
,
HttpURLConnection
.
HTTP_FORBIDDEN
);
// 37.5% chance that crumb ~ /[a-f].+/
wc
.
assertFails
(
"crumbIssuer/api/xml?xpath=concat('hack.',//crumb,'=1')"
,
HttpURLConnection
.
HTTP_FORBIDDEN
);
// ditto
jenkins
.
getCrumbIssuer
().
getDescriptor
().
setCrumbRequestField
(
"_crumb"
);
r
.
jenkins
.
getCrumbIssuer
().
getDescriptor
().
setCrumbRequestField
(
"_crumb"
);
wc
.
assertFails
(
"crumbIssuer/api/xml?xpath=concat(//crumbRequestField,'=',//crumb)"
,
HttpURLConnection
.
HTTP_FORBIDDEN
);
// perhaps interpretable as JS number
}
@PresetData
(
PresetData
.
DataSet
.
ANONYMOUS_READONLY
)
public
void
testA
piJson
()
throws
Exception
{
WebClient
wc
=
new
WebClient
();
@Test
public
void
a
piJson
()
throws
Exception
{
WebClient
wc
=
r
.
create
WebClient
();
String
json
=
wc
.
goTo
(
"crumbIssuer/api/json"
,
"application/json"
).
getWebResponse
().
getContentAsString
();
assertTrue
(
json
,
json
.
matches
(
"\\Q{\"crumb\":\"\\E[0-9a-f]+\\Q\",\"crumbRequestField\":\""
+
jenkins
.
getCrumbIssuer
().
getCrumbRequestField
()
+
"\"}\\E"
));
assertTrue
(
json
,
json
.
matches
(
"\\Q{\"crumb\":\"\\E[0-9a-f]+\\Q\",\"crumbRequestField\":\""
+
r
.
jenkins
.
getCrumbIssuer
().
getCrumbRequestField
()
+
"\"}\\E"
));
wc
.
assertFails
(
"crumbIssuer/api/json?jsonp=hack"
,
HttpURLConnection
.
HTTP_FORBIDDEN
);
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录