Skip to content

Commit

Permalink
squashed tests into a single paramter type test.
Browse files Browse the repository at this point in the history
  • Loading branch information
@hr2904
hr2904 committed Jun 14, 2024
1 parent 5d91514 commit 33aa9c2
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 132 deletions.
70 changes: 24 additions & 46 deletions repository/src/test/java/org/apache/atlas/repository/util/FilterUtilTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,51 +7,29 @@

public class FilterUtilTest {
@Test
public void testValidateFilePath_ValidPath() {
assertTrue("Should return true for a valid path within the allowed directory.",
validateFilePath("/var/app/allowed/file.txt"));
}

@Test
public void testValidateFilePath_RelativeTraversal() {
assertFalse("Should return false for a path attempting directory traversal.",
validateFilePath("/var/app/allowed/../notallowed/file.txt"));
}

@Test
public void testValidateFilePath_DotSlash() {
assertFalse("Should return false for a path with relative current directory notation.",
validateFilePath("/var/app/allowed/./file.txt"));
}

@Test
public void testValidateFilePath_BackSlash() {
assertFalse("Should return false for a path with mixed slash types potentially bypassing checks.",
validateFilePath("/var/app/allowed/.\\file.txt"));
}

@Test
public void testValidateFilePath_NotAbsolute() {
assertFalse("Should return false for non-absolute paths.",
validateFilePath("var/app/allowed/file.txt"));
}


@Test
public void testValidateFilePath_WithUnusualCharacters() {
assertFalse("Should return false for paths with unusual characters aiming to navigate directories.",
validateFilePath("/var/app/allowed/..\\file.txt"));
}

@Test
public void testValidateFilePath_WithEncodedTraversal() {
assertFalse("Should return false for paths with URL-encoded traversal sequences.",
validateFilePath("/var/app/allowed/%2e%2e/notallowed/file.txt"));
}

@Test
public void testValidateFilePath_CatchException() {
assertFalse("Should return false for paths that cause exceptions, like those containing null bytes.",
validateFilePath("/var/app/allowed/\0file.txt"));
public void testValidateFilePath() {
// Array of test cases, each containing the file path and the expected boolean result
Object[][] testCases = {
{"/var/app/allowed/file.txt", true, "Should return true for a valid path within the allowed directory."},
{"/var/app/allowed/../notallowed/file.txt", false, "Should return false for a path attempting directory traversal."},
{"/var/app/allowed/./file.txt", false, "Should return false for a path with relative current directory notation."},
{"/var/app/allowed/.\\file.txt", false, "Should return false for a path with mixed slash types potentially bypassing checks."},
{"var/app/allowed/file.txt", false, "Should return false for non-absolute paths."},
{"/var/app/allowed/..\\file.txt", false, "Should return false for paths with unusual characters aiming to navigate directories."},
{"/var/app/allowed/%2e%2e/notallowed/file.txt", false, "Should return false for paths with URL-encoded traversal sequences."},
{"/var/app/allowed/\0file.txt", false, "Should return false for paths that cause exceptions, like those containing null bytes."}
};

for (Object[] testCase : testCases) {
String path = (String) testCase[0];
boolean expected = (Boolean) testCase[1];
String message = (String) testCase[2];

if (expected) {
assertTrue(message, validateFilePath(path));
} else {
assertFalse(message, validateFilePath(path));
}
}
}
}
110 changes: 24 additions & 86 deletions webapp/src/test/java/org/apache/atlas/web/filters/MetaStoreActiveServerFilterTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,92 +10,30 @@
public class MetaStoreActiveServerFilterTest {

@Test
public void testSanitizeRedirectLocation_WithValidUr1() {
String testUrl = "https://dom-sub-uat.atlan.com/api/meta/entity/guid/fd7a69c9-738b-4b35-a0db-1da00cbd86cd";
String expected = "https%3A%2F%2Fdom-sub-uat.atlan.com%2Fapi%2Fmeta%2Fentity%2Fguid%2Ffd7a69c9-738b-4b35-a0db-1da00cbd86cd";
String actual = sanitizeRedirectLocation(testUrl);
assertEquals("The URLs do match.",expected, actual);
}

@Test
public void testSanitizeRedirectLocation_WithValidUrl2() {
String testUrl = "https://datamesh.atlan.com/api/meta/entity/bulk?replaceBusinessAttributes=true&replaceClassifications=true";
String expected = "https%3A%2F%2Fdatamesh.atlan.com%2Fapi%2Fmeta%2Fentity%2Fbulk%3FreplaceBusinessAttributes%3Dtrue%26replaceClassifications%3Dtrue";
String actual = sanitizeRedirectLocation(testUrl);
assertEquals("The URLs do match.",expected, actual);
}

@Test
public void testSanitizeRedirectLocation_WithValidUrl3() {
String testUrl = "https://datamesh.atlan.com/api/meta/entity/guid/fd7a69c9-738b-4b35-a0db-1da00cbd86cd";
String expected = "https%3A%2F%2Fdatamesh.atlan.com%2Fapi%2Fmeta%2Fentity%2Fguid%2Ffd7a69c9-738b-4b35-a0db-1da00cbd86cd";
String actual = sanitizeRedirectLocation(testUrl);
assertEquals("The URLs do match.",expected, actual);
}

@Test
public void testSanitizeRedirectLocation_WithNull() {
assertNull("Output should be null for null input.",sanitizeRedirectLocation(null));
}




@Test
public void testSanitizeRedirectLocation_WithSpecialCharacters() {
String testUrl = "http://example.com/page?param=value&another=one";
String expected = "http%3A%2F%2Fexample.com%2Fpage%3Fparam%3Dvalue%26another%3Done";
String actual = sanitizeRedirectLocation(testUrl);
assertEquals("Special characters should be URL encoded.", expected, actual);
}

@Test
public void testSanitizeRedirectLocation_CorruptingCharactersForHttpSplitting() {
String testUrl = "http://example.com/page?param=value%Set-Cookie: test=evil";
String expected = "http%3A%2F%2Fexample.com%2Fpage%3Fparam%3Dvalue%25Set-Cookie%3A+test%3Devil";
String actual = sanitizeRedirectLocation(testUrl);
assertEquals("HTTP response splitting characters and other specials should be properly encoded.", expected, actual);
}

@Test
public void testSanitizeRedirectLocation_MultiLineQueryParameter() {
String testUrl = "http://example.com/search?query=value\n<script>alert('xss')</script>";
String expected = "http%3A%2F%2Fexample.com%2Fsearch%3Fquery%3Dvalue%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E";
String actual = sanitizeRedirectLocation(testUrl);
assertEquals("Multi-line and script injection attempts should be encoded.", expected, actual);
}


@Test
public void testSanitizeRedirectLocation_CRLFInjectionToSplitResponse() {
String testUrl = "http://example.com/update?action=edit%HTTP/1.1 200 OKContent-Type: text/html";
String expected = "http%3A%2F%2Fexample.com%2Fupdate%3Faction%3Dedit%25HTTP%2F1.1+200+OKContent-Type%3A+text%2Fhtml";
String actual = sanitizeRedirectLocation(testUrl);
assertEquals("CRLF characters used to split HTTP responses should be properly encoded.", expected, actual);
}

@Test
public void testSanitizeRedirectLocation_HeaderInjectionViaNewline() {
String testUrl = "http://example.com/login?redirect=success%Set-Cookie: sessionId=12345";
String expected = "http%3A%2F%2Fexample.com%2Flogin%3Fredirect%3Dsuccess%25Set-Cookie%3A+sessionId%3D12345";
String actual = sanitizeRedirectLocation(testUrl);
assertEquals("Characters potentially harmful for HTTP response splitting should be encoded.", expected, actual);
}

@Test
public void testSanitizeRedirectLocation_CRLFRemoved() {
String testUrl = "http://example.com/page\r";
String expected = "http%3A%2F%2Fexample.com%2Fpage";
String actual = sanitizeRedirectLocation(testUrl);
assertEquals("Carriage return characters should be removed.", expected, actual);
}

@Test
public void testSanitizeRedirectLocation_EncodedLineBreaks() {
String testUrl = "http://example.com/page?next=url%0D%0AContent-Length: %300";
String expected = "http%3A%2F%2Fexample.com%2Fpage%3Fnext%3Durl%0D%0AContent-Length%3A+%300";
String actual = sanitizeRedirectLocation(testUrl);
assertEquals("Encoded line breaks and attempts to continue headers should be removed.", expected, actual);
public void testSanitizeRedirectLocation() {
Object[][] testCases = {
{"https://dom-sub-uat.atlan.com/api/meta/entity/guid/fd7a69c9-738b-4b35-a0db-1da00cbd86cd", "https%3A%2F%2Fdom-sub-uat.atlan.com%2Fapi%2Fmeta%2Fentity%2Fguid%2Ffd7a69c9-738b-4b35-a0db-1da00cbd86cd"},
{"https://datamesh.atlan.com/api/meta/entity/bulk?replaceBusinessAttributes=true&replaceClassifications=true", "https%3A%2F%2Fdatamesh.atlan.com%2Fapi%2Fmeta%2Fentity%2Fbulk%3FreplaceBusinessAttributes%3Dtrue%26replaceClassifications%3Dtrue"},
{"http://example.com/page?param=value&another=one", "http%3A%2F%2Fexample.com%2Fpage%3Fparam%3Dvalue%26another%3Done"},
{"http://example.com/page?param=value%Set-Cookie: test=evil", "http%3A%2F%2Fexample.com%2Fpage%3Fparam%3Dvalue%25Set-Cookie%3A+test%3Devil"},
{"http://example.com/search?query=value\n<script>alert('xss')</script>", "http%3A%2F%2Fexample.com%2Fsearch%3Fquery%3Dvalue%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E"},
{"http://example.com/update?action=edit%HTTP/1.1 200 OKContent-Type: text/html", "http%3A%2F%2Fexample.com%2Fupdate%3Faction%3Dedit%25HTTP%2F1.1+200+OKContent-Type%3A+text%2Fhtml"},
{"http://example.com/login?redirect=success%Set-Cookie: sessionId=12345", "http%3A%2F%2Fexample.com%2Flogin%3Fredirect%3Dsuccess%25Set-Cookie%3A+sessionId%3D12345"},
{"http://example.com/page\r", "http%3A%2F%2Fexample.com%2Fpage"},
{"http://example.com/page?next=url%0D%0AContent-Length: %300", "http%3A%2F%2Fexample.com%2Fpage%3Fnext%3Durl%0D%0AContent-Length%3A+%300"},
{null, null} // Testing for null input
};

for (Object[] testCase : testCases) {
String input = (String) testCase[0];
String expected = (String) testCase[1];

if (input == null) {
assertNull("Output should be null for null input.", sanitizeRedirectLocation(input));
} else {
assertEquals("URLs should be correctly sanitized.", expected, sanitizeRedirectLocation(input));
}
}
}

}

0 comments on commit 33aa9c2

Please sign in to comment.