From f1721147446ebca384995c6ca2a903dd764abd7c Mon Sep 17 00:00:00 2001
From: cramakri <cramakri>
Date: Tue, 9 Nov 2010 09:24:07 +0000
Subject: [PATCH] LMS-1767 Added tests that check escaping of strings.
SVN: 18593
---
.../web/server/CommonClientServiceTest.java | 23 +++++++++++--------
.../generic/server/CommonServerTest.java | 11 ++++++++-
.../generic/server/ETLServiceTest.java | 19 +++++++--------
.../shared/AbstractServerTestCase.java | 4 ++--
.../api/v1/GeneralInformationServiceTest.java | 5 +++-
.../generic/ExperimentRegistrationTest.java | 14 ++++++-----
.../generic/SampleRegistrationTest.java | 9 ++++----
7 files changed, 53 insertions(+), 32 deletions(-)
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/server/CommonClientServiceTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/server/CommonClientServiceTest.java
index 56dad4d68aa..83f5fd8f9f4 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/server/CommonClientServiceTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/client/web/server/CommonClientServiceTest.java
@@ -152,7 +152,7 @@ public final class CommonClientServiceTest extends AbstractClientServiceTest
commonClientService.setCifexURL(CIFEX_URL);
commonClientService.setCifexRecipient(CIFEX_RECIPIENT);
}
-
+
@Test
public void testGetExperimentInfoByIdentifier()
{
@@ -164,16 +164,20 @@ public final class CommonClientServiceTest extends AbstractClientServiceTest
one(commonServer).getExperimentInfo(SESSION_TOKEN,
new ExperimentIdentifier("p1", "exp1"));
Experiment experiment = new Experiment();
+ // Check that escaping is performed
+ experiment.setPermId("<b>permId</b>");
experiment.setProperties(Arrays.asList(createXmlProperty()));
will(returnValue(experiment));
}
});
-
+
Experiment info = commonClientService.getExperimentInfo("p1/exp1");
-
+
IEntityProperty transformedXMLProperty = info.getProperties().get(0);
- assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?><b>hello</b>", transformedXMLProperty.tryGetAsString());
+ assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?><b>hello</b>",
+ transformedXMLProperty.tryGetAsString());
assertEquals("<root>hello</root>", transformedXMLProperty.tryGetOriginalValue());
+ assertEquals("<b>permId</b>", info.getPermId());
context.assertIsSatisfied();
}
@@ -192,15 +196,16 @@ public final class CommonClientServiceTest extends AbstractClientServiceTest
will(returnValue(experiment));
}
});
-
+
Experiment info = commonClientService.getExperimentInfo(id);
-
+
IEntityProperty transformedXMLProperty = info.getProperties().get(0);
- assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?><b>hello</b>", transformedXMLProperty.tryGetAsString());
+ assertEquals("<?xml version=\"1.0\" encoding=\"UTF-8\"?><b>hello</b>",
+ transformedXMLProperty.tryGetAsString());
assertEquals("<root>hello</root>", transformedXMLProperty.tryGetOriginalValue());
context.assertIsSatisfied();
}
-
+
private IEntityProperty createXmlProperty()
{
GenericValueEntityProperty property = new GenericValueEntityProperty();
@@ -214,7 +219,7 @@ public final class CommonClientServiceTest extends AbstractClientServiceTest
property.setValue("<root>hello</root>");
return property;
}
-
+
@SuppressWarnings("unchecked")
@Test
public final void testListSamples()
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/CommonServerTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/CommonServerTest.java
index 8afad3caa59..6a5d25da5fb 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/CommonServerTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/CommonServerTest.java
@@ -22,6 +22,7 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.List;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.builder.EqualsBuilder;
import org.hamcrest.core.IsEqual;
import org.jmock.Expectations;
@@ -365,6 +366,12 @@ public final class CommonServerTest extends AbstractServerTestCase
assertEquals(person.getDatabaseInstance(), persons.get(0).getDatabaseInstance());
assertEquals(1, persons.size());
+ // Check that strings are being escaped
+ assertEquals(StringEscapeUtils.escapeHtml(personPE.getFirstName()), person.getFirstName());
+ assertEquals(StringEscapeUtils.escapeHtml(personPE.getLastName()), person.getLastName());
+ assertEquals(StringEscapeUtils.escapeHtml(personPE.getEmail()), person.getEmail());
+ assertEquals(StringEscapeUtils.escapeHtml(personPE.getUserId()), person.getUserId());
+
context.assertIsSatisfied();
}
@@ -872,7 +879,7 @@ public final class CommonServerTest extends AbstractServerTestCase
@Test
public void testAddVocabularyTerms()
{
- final List<String> terms = Arrays.asList("a", "b");
+ final List<String> terms = Arrays.asList("ašŽ", "bŸ");
final TechId vocabularyId = CommonTestUtils.TECH_ID;
final Long previousTermOrdinal = 0L;
prepareGetSession();
@@ -1444,6 +1451,7 @@ public final class CommonServerTest extends AbstractServerTestCase
final ExperimentIdentifier experimentIdentifier =
CommonTestUtils.createExperimentIdentifier();
final ExperimentPE experimentPE = CommonTestUtils.createExperiment(experimentIdentifier);
+ experimentPE.setPermId("<b>permId</b>");
context.checking(new Expectations()
{
{
@@ -1463,6 +1471,7 @@ public final class CommonServerTest extends AbstractServerTestCase
assertEquals(experimentPE.getCode(), experiment.getCode());
assertEquals(experimentPE.getExperimentType().getCode(), experiment.getExperimentType()
.getCode());
+ assertEquals(StringEscapeUtils.escapeHtml(experimentPE.getPermId()), experiment.getPermId());
context.assertIsSatisfied();
}
}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/ETLServiceTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/ETLServiceTest.java
index 6cfc51d8654..ad0cee6b92f 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/ETLServiceTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/server/ETLServiceTest.java
@@ -22,6 +22,7 @@ import java.util.Arrays;
import java.util.LinkedHashSet;
import java.util.List;
+import org.apache.commons.lang.StringEscapeUtils;
import org.hamcrest.BaseMatcher;
import org.hamcrest.Description;
import org.jmock.Expectations;
@@ -214,8 +215,8 @@ public class ETLServiceTest extends AbstractServerTestCase
} catch (ConfigurationFailureException e)
{
assertEquals(
- "Data Store Server version is " + (VERSION + 1) + " instead of " + VERSION, e
- .getMessage());
+ "Data Store Server version is " + (VERSION + 1) + " instead of " + VERSION,
+ e.getMessage());
}
context.assertIsSatisfied();
@@ -386,7 +387,7 @@ public class ETLServiceTest extends AbstractServerTestCase
sampleIdentifier);
assertEquals(1, properties.length);
- assertEquals(property.getValue(), properties[0].getValue());
+ assertEquals(StringEscapeUtils.escapeHtml(property.getValue()), properties[0].getValue());
context.assertIsSatisfied();
}
@@ -433,7 +434,7 @@ public class ETLServiceTest extends AbstractServerTestCase
sampleIdentifier);
assertEquals(1, properties.length);
- assertEquals(property.getValue(), properties[0].getValue());
+ assertEquals(StringEscapeUtils.escapeHtml(property.getValue()), properties[0].getValue());
context.assertIsSatisfied();
}
@@ -454,7 +455,7 @@ public class ETLServiceTest extends AbstractServerTestCase
private SamplePropertyPE setAnyProperty(SamplePE top)
{
SamplePropertyPE property =
- createSamplePropertyPE("type code", DataTypeCode.VARCHAR, "The Value");
+ createSamplePropertyPE("type code", DataTypeCode.VARCHAR, "The ValŸe");
top.setProperties(new LinkedHashSet<SamplePropertyPE>(Arrays.asList(property)));
return property;
@@ -535,8 +536,8 @@ public class ETLServiceTest extends AbstractServerTestCase
}
});
- assertEquals(id, createService().registerSample(SESSION_TOKEN, sample,
- CommonTestUtils.USER_ID));
+ assertEquals(id,
+ createService().registerSample(SESSION_TOKEN, sample, CommonTestUtils.USER_ID));
context.assertIsSatisfied();
}
@@ -566,8 +567,8 @@ public class ETLServiceTest extends AbstractServerTestCase
}
});
- assertEquals(id, createService().registerSample(SESSION_TOKEN, sample,
- CommonTestUtils.USER_ID));
+ assertEquals(id,
+ createService().registerSample(SESSION_TOKEN, sample, CommonTestUtils.USER_ID));
context.assertIsSatisfied();
}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/AbstractServerTestCase.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/AbstractServerTestCase.java
index 816719b3ad0..10450272371 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/AbstractServerTestCase.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/generic/shared/AbstractServerTestCase.java
@@ -85,8 +85,8 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
*/
public abstract class AbstractServerTestCase extends AssertJUnit
{
- protected static final Principal PRINCIPAL = new Principal(CommonTestUtils.USER_ID, "john",
- "doe", "j@d");
+ protected static final Principal PRINCIPAL = new Principal(CommonTestUtils.USER_ID, "jšhn<>",
+ "doŽ", "j@d");
protected static final String SESSION_TOKEN = "session-token";
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/api/v1/GeneralInformationServiceTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/api/v1/GeneralInformationServiceTest.java
index 1fdd4310a9d..de879fbbc07 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/api/v1/GeneralInformationServiceTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/api/v1/GeneralInformationServiceTest.java
@@ -191,6 +191,9 @@ public class GeneralInformationServiceTest extends SystemTestCase
generalInformationService.listExperiments(sessionToken, projects, "SIRNA_HCS");
assertEquals(true, result.size() > 0);
Experiment resultExperiment = result.get(0);
- assertEquals("/CISD/DEFAULT/EXP-REUSE", resultExperiment.getIdentifier());
+ boolean identifierIsOk = "/CISD/DEFAULT/EXP-REUSE".equals(resultExperiment.getIdentifier());
+ identifierIsOk |= "/CISD/NEMO/EXP-TEST-2".equals(resultExperiment.getIdentifier());
+ assertEquals("Experiment should be: " + resultExperiment.getIdentifier(), true,
+ identifierIsOk);
}
}
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/plugin/generic/ExperimentRegistrationTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/plugin/generic/ExperimentRegistrationTest.java
index d89b13f6e34..bea54293854 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/plugin/generic/ExperimentRegistrationTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/plugin/generic/ExperimentRegistrationTest.java
@@ -25,6 +25,7 @@ import java.util.Collections;
import java.util.Comparator;
import java.util.List;
+import org.apache.commons.lang.StringEscapeUtils;
import org.testng.annotations.Test;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.ListSampleDisplayCriteria;
@@ -69,8 +70,8 @@ public class ExperimentRegistrationTest extends GenericSystemTestCase
fail("UserFailureException expected");
} catch (UserFailureException ex)
{
- assertEquals("Value of mandatory property 'DESCRIPTION' not specified.", ex
- .getMessage());
+ assertEquals("Value of mandatory property 'DESCRIPTION' not specified.",
+ ex.getMessage());
}
}
@@ -82,7 +83,7 @@ public class ExperimentRegistrationTest extends GenericSystemTestCase
String experimentIdentifier = "/cisd/default/" + experimentCode;
NewExperiment newExperiment = new NewExperiment(experimentIdentifier, "SIRNA_HCS");
newExperiment.setProperties(new IEntityProperty[]
- { property("DESCRIPTION", "my experiment") });
+ { property("DESCRIPTION", "my ŽxpŽriment") });
genericClientService.registerExperiment(ATTACHMENTS_SESSION_KEY, SAMPLES_SESSION_KEY,
newExperiment);
@@ -92,7 +93,8 @@ public class ExperimentRegistrationTest extends GenericSystemTestCase
assertEquals("SIRNA_HCS", experiment.getExperimentType().getCode());
List<IEntityProperty> properties = experiment.getProperties();
assertEquals("DESCRIPTION", properties.get(0).getPropertyType().getCode());
- assertEquals("my experiment", properties.get(0).tryGetAsString());
+ assertEquals(StringEscapeUtils.escapeHtml("my ŽxpŽriment"), properties.get(0)
+ .tryGetAsString());
assertEquals(1, properties.size());
}
@@ -155,8 +157,8 @@ public class ExperimentRegistrationTest extends GenericSystemTestCase
{
public int compare(GridRowModel<Sample> o1, GridRowModel<Sample> o2)
{
- return o1.getOriginalObject().getCode().compareTo(
- o2.getOriginalObject().getCode());
+ return o1.getOriginalObject().getCode()
+ .compareTo(o2.getOriginalObject().getCode());
}
});
Sample sample = list.get(0).getOriginalObject();
diff --git a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/plugin/generic/SampleRegistrationTest.java b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/plugin/generic/SampleRegistrationTest.java
index 4f0253fa4f3..a1a56f27070 100644
--- a/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/plugin/generic/SampleRegistrationTest.java
+++ b/openbis/sourceTest/java/ch/systemsx/cisd/openbis/systemtest/plugin/generic/SampleRegistrationTest.java
@@ -22,6 +22,7 @@ import static org.testng.AssertJUnit.fail;
import java.util.Arrays;
import java.util.List;
+import org.apache.commons.lang.StringEscapeUtils;
import org.testng.annotations.Test;
import ch.systemsx.cisd.openbis.generic.client.web.client.dto.GridRowModels;
@@ -65,7 +66,7 @@ public class SampleRegistrationTest extends GenericSystemTestCase
sampleType.setCode(CELL_PLATE);
sample.setSampleType(sampleType);
sample.setProperties(new IEntityProperty[]
- { property("COMMENT", "test sample") });
+ { property("COMMENT", "test samplŽ") });
// tested:
// - ignore case
// - support for both code and identifiers (with and without db instance)
@@ -79,11 +80,11 @@ public class SampleRegistrationTest extends GenericSystemTestCase
assertEquals(CELL_PLATE, s.getSampleType().getCode());
List<IEntityProperty> properties = s.getProperties();
assertEquals("COMMENT", properties.get(0).getPropertyType().getCode());
- assertEquals("test sample", properties.get(0).getValue());
+ assertEquals(StringEscapeUtils.escapeHtml("test samplŽ"), properties.get(0).getValue());
assertEquals(1, properties.size());
assertEquals(3, s.getParents().size());
- assertEquals("[CISD:/CISD/C1, CISD:/CISD/C2, CISD:/CISD/C3]", Arrays
- .toString(IdentifierExtractor.extract(s.getParents()).toArray()));
+ assertEquals("[CISD:/CISD/C1, CISD:/CISD/C2, CISD:/CISD/C3]",
+ Arrays.toString(IdentifierExtractor.extract(s.getParents()).toArray()));
}
@Test
--
GitLab