Skip to content

Commit

Permalink
Increase coverage and remove code smells
Browse files Browse the repository at this point in the history
  • Loading branch information
domhanak committed Jun 28, 2023
1 parent d760042 commit b6e17b6
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 1 deletion.
Original file line number Diff line number Diff line change
@@ -1,3 +1,18 @@
/*
* Copyright 2023 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package org.guvnor.structure.backend;

import java.util.ArrayList;
Expand All @@ -6,8 +21,16 @@
import org.apache.commons.text.StringEscapeUtils;
import org.uberfire.security.Contributor;

/**
* Utility class to provide input escaping or other
* functionality needed by backend services to sanitize inputs.
*/
public class InputEscapeUtils {

private InputEscapeUtils() {
// non-instantiable class
}

public static Collection<Contributor> escapeContributorsNames(Collection<Contributor> contributors) {
Collection<Contributor> escapedContributors = new ArrayList<>();
contributors.forEach((contributor -> {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@
import javax.inject.Inject;
import javax.inject.Named;

import org.apache.commons.text.StringEscapeUtils;
import org.uberfire.security.Contributor;
import org.guvnor.structure.contributors.SpaceContributorsUpdatedEvent;
import org.guvnor.structure.organizationalunit.NewOrganizationalUnitEvent;
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
package org.guvnor.structure.backend;

import org.apache.commons.text.StringEscapeUtils;
import org.assertj.core.api.Assertions;
import org.junit.Test;

import static org.guvnor.structure.backend.InputEscapeUtils.escapeHtmlInput;

public class InputEscapeUtilsTest {

@Test
public void testEscapeHtmlInput() {
final String xssString = "<img/src/onerror=alert(\"XSS\")>";
final String expectedResult = StringEscapeUtils.escapeHtml4(xssString).replace("'", "");
final String result = escapeHtmlInput(xssString);
Assertions.assertThat(result).isEqualTo(expectedResult);
}

@Test
public void testEscapeHtmlInputWithSingleQoutes() {
final String xssString = "<img/src/onerror=alert('XSS')>";
final String expectedResult = StringEscapeUtils.escapeHtml4(xssString).replace("'", "");
final String result = escapeHtmlInput(xssString);
Assertions.assertThat(result).isEqualTo(expectedResult);
}

@Test
public void testEscapeHtmlInputNull() {
final String xssString = null;
final String result = escapeHtmlInput(xssString);
Assertions.assertThat(result).isNull();
}
}

0 comments on commit b6e17b6

Please sign in to comment.