VulnerabilityTest.java

/*
 * Copyright 1998-2017 Linux.org.ru
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */

package ru.org.linux.util.bbcode;

import org.apache.commons.httpclient.URI;
import org.junit.Before;
import org.junit.Test;
import ru.org.linux.spring.SiteConfig;
import ru.org.linux.user.UserService;
import ru.org.linux.util.formatter.ToHtmlFormatter;

import static org.junit.Assert.assertEquals;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import static ru.org.linux.util.bbcode.tags.QuoteTag.citeFooter;
import static ru.org.linux.util.bbcode.tags.QuoteTag.citeHeader;

public class VulnerabilityTest {
  private LorCodeService lorCodeService;

  @Before
  public void initTest() throws Exception {
    String mainUrl = "http://127.0.0.1:8080/";
    URI mainURI = new URI(mainUrl, true, "UTF-8");

    SiteConfig siteConfig = mock(SiteConfig.class);
    when(siteConfig.getMainURI()).thenReturn(mainURI);

    ToHtmlFormatter toHtmlFormatter = new ToHtmlFormatter();
    toHtmlFormatter.setSiteConfig(siteConfig);

    lorCodeService = new LorCodeService();
    lorCodeService.setUserService(mock(UserService.class));
    lorCodeService.setToHtmlFormatter(toHtmlFormatter);
  }


  @Test
  public void urlTest0() {
    assertEquals("<p><a href=\"http://linux.org.ru\"><p>linux.org.ru</p></a></p>",
            lorCodeService.parseComment("[url=http://linux.org.ru]\n\nlinux.org.ru[/url]", false));
    assertEquals("<p><a href=\"http://linux.org.ru\">http://linux.org.ru</a></p>",
            lorCodeService.parseComment("[url]\n\nhttp://linux.org.ru[/url]", false));
  }

  @Test
  public void urlTest1() {
    assertEquals("<p><a href=\"http://linux.org.ru\">http://linux.org.ru</a></p>",
            lorCodeService.parseComment("[url=http://linux.org.ru][/url]", false));
  }

  @Test
  public void paragraphLogicTest() {
    // list
    assertEquals("<p>some1 text</p><p>some2 text\n</p><ul><li>one\n</li><li>two</li></ul><p><a href=\"http://www.example.com\">http://www.example.com</a> - some3 text</p>",
            lorCodeService.parseComment("some1 text\n\nsome2 text\n[list]\n\n[*]one\n[*]two\n\n[/list]\n\n[url]http://www.example.com[/url] - some3 text", false));
    // b
    assertEquals("<p><b><p>te</p><p>xt</p></b></p>",
            lorCodeService.parseComment("\n\n[b]\n\nte\n\nxt\n\n[/b]\n\n", false));
    // i
    assertEquals("<p><i><p>te</p><p>xt</p></i></p>",
            lorCodeService.parseComment("\n\n[i]\n\nte\n\nxt\n\n[/i]\n\n", false));
    // u
    assertEquals("<p><u><p>te</p><p>xt</p></u></p>",
            lorCodeService.parseComment("\n\n[u]\n\nte\n\nxt\n\n[/u]\n\n", false));
    // s
    assertEquals("<p><s><p>te</p><p>xt</p></s></p>",
            lorCodeService.parseComment("\n\n[s]\n\nte\n\nxt\n\n[/s]\n\n", false));
    // em
    assertEquals("<p><em><p>te</p><p>xt</p></em></p>",
            lorCodeService.parseComment("\n\n[em]\n\nte\n\nxt\n\n[/em]\n\n", false));
    // strong
    assertEquals("<p><strong><p>te</p><p>xt</p></strong></p>",
            lorCodeService.parseComment("\n\n[strong]\n\nte\n\nxt\n\n[/strong]\n\n", false));
    // p
    assertEquals("<p>te</p><p>xt</p>",
            lorCodeService.parseComment("\n\n[p]\n\nte\n\nxt\n\n[/p]\n\n", false));
    // div
    assertEquals("<p>te</p><p>xt</p>",
            lorCodeService.parseComment("\n\n[div]\n\nte\n\nxt\n\n[/div]\n\n", false));
    // quote
    assertEquals(citeHeader + "<p>te</p><p>xt</p>" + citeFooter,
            lorCodeService.parseComment("\n\n[quote]\n\nte\n\nxt\n\n[/quote]\n\n", false));

    // cut
    assertEquals("<p>te</p><p>xt</p>",
            lorCodeService.parseComment("\n\n[cut]\n\nte\n\nxt\n\n[/cut]\n\n", false));
  }

  @Test
  public void testHighlightURL() {
    assertEquals("<p><a href=\"http://ya.ru/?a=f%3Cscript%3Ealert('i%20have%20cookies!')%3C/script%3E\">http://ya.ru/?a=f<script>alert('i have cookies!')</script></a></p>", lorCodeService.parseComment("http://ya.ru/?a=f%3Cscript%3Ealert('i%20have%20cookies!')%3C/script%3E", false));
  }
}