From a2277c85158ed563675996488873eb573dc43101 Mon Sep 17 00:00:00 2001 From: Dominik Hanak Date: Wed, 28 Jun 2023 17:52:13 +0200 Subject: [PATCH] Increase coverage and remove code smells --- .../structure/backend/InputEscapeUtils.java | 23 +++++++++++++ .../OrganizationalUnitServiceImpl.java | 1 - .../backend/InputEscapeUtilsTest.java | 33 +++++++++++++++++++ 3 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 uberfire-structure/uberfire-structure-backend/src/test/java/org/guvnor/structure/backend/InputEscapeUtilsTest.java diff --git a/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/InputEscapeUtils.java b/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/InputEscapeUtils.java index b8f466d9e4..2a441a2090 100644 --- a/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/InputEscapeUtils.java +++ b/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/InputEscapeUtils.java @@ -1,3 +1,18 @@ +/* + * Copyright 2023 Red Hat, Inc. and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.guvnor.structure.backend; import java.util.ArrayList; @@ -6,8 +21,16 @@ import org.apache.commons.text.StringEscapeUtils; import org.uberfire.security.Contributor; +/** + * Utility class to provide input escaping or other + * functionality needed by backend services to sanitize inputs. + */ public class InputEscapeUtils { + private InputEscapeUtils() { + // non-instantiable class + } + public static Collection escapeContributorsNames(Collection contributors) { Collection escapedContributors = new ArrayList<>(); contributors.forEach((contributor -> { diff --git a/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/organizationalunit/OrganizationalUnitServiceImpl.java b/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/organizationalunit/OrganizationalUnitServiceImpl.java index f094dee557..439b1d26fd 100644 --- a/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/organizationalunit/OrganizationalUnitServiceImpl.java +++ b/uberfire-structure/uberfire-structure-backend/src/main/java/org/guvnor/structure/backend/organizationalunit/OrganizationalUnitServiceImpl.java @@ -33,7 +33,6 @@ import javax.inject.Inject; import javax.inject.Named; -import org.apache.commons.text.StringEscapeUtils; import org.uberfire.security.Contributor; import org.guvnor.structure.contributors.SpaceContributorsUpdatedEvent; import org.guvnor.structure.organizationalunit.NewOrganizationalUnitEvent; diff --git a/uberfire-structure/uberfire-structure-backend/src/test/java/org/guvnor/structure/backend/InputEscapeUtilsTest.java b/uberfire-structure/uberfire-structure-backend/src/test/java/org/guvnor/structure/backend/InputEscapeUtilsTest.java new file mode 100644 index 0000000000..5f428c8878 --- /dev/null +++ b/uberfire-structure/uberfire-structure-backend/src/test/java/org/guvnor/structure/backend/InputEscapeUtilsTest.java @@ -0,0 +1,33 @@ +package org.guvnor.structure.backend; + +import org.apache.commons.text.StringEscapeUtils; +import org.assertj.core.api.Assertions; +import org.junit.Test; + +import static org.guvnor.structure.backend.InputEscapeUtils.escapeHtmlInput; + +public class InputEscapeUtilsTest { + + @Test + public void testEscapeHtmlInput() { + final String xssString = ""; + final String expectedResult = StringEscapeUtils.escapeHtml4(xssString).replace("'", ""); + final String result = escapeHtmlInput(xssString); + Assertions.assertThat(result).isEqualTo(expectedResult); + } + + @Test + public void testEscapeHtmlInputWithSingleQoutes() { + final String xssString = ""; + final String expectedResult = StringEscapeUtils.escapeHtml4(xssString).replace("'", ""); + final String result = escapeHtmlInput(xssString); + Assertions.assertThat(result).isEqualTo(expectedResult); + } + + @Test + public void testEscapeHtmlInputNull() { + final String xssString = null; + final String result = escapeHtmlInput(xssString); + Assertions.assertThat(result).isNull(); + } +}