Mercurial > hg > release > icedtea-web-1.5
changeset 971:0b2c5e69cb55
RequestedPermissionLevel - used instead of hardcoded strings, aded tests for it, added DEFAULT, fixed J2EE
author | Jiri Vanek <jvanek@redhat.com> |
---|---|
date | Tue, 01 Apr 2014 17:45:43 +0200 |
parents | fc9ab70d0b32 |
children | c310c9e44597 |
files | ChangeLog netx/net/sourceforge/jnlp/JNLPFile.java netx/net/sourceforge/jnlp/PluginBridge.java netx/net/sourceforge/jnlp/SecurityDesc.java tests/netx/unit/net/sourceforge/jnlp/JNLPFileTest.java tests/netx/unit/net/sourceforge/jnlp/PluginBridgeTest.java tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPFileTest.java |
diffstat | 7 files changed, 140 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Apr 01 10:27:16 2014 -0400 +++ b/ChangeLog Tue Apr 01 17:45:43 2014 +0200 @@ -1,4 +1,18 @@ -2014-04-01 Andrew Azores <aazores@redhat.com +2014-04-01 Jiri Vanek <jvanek@redhat.com> + + * netx/net/sourceforge/jnlp/JNLPFile.java: hardcoded strings replaced by + SecurityDesc.RequestedPermissionLevel values. + * netx/net/sourceforge/jnlp/PluginBridge.java: likewise + * tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPFileTest.java: likewise + * tests/netx/unit/net/sourceforge/jnlp/JNLPFileTest.java: added new tests + (testGetRequestedPermissionLevel1) - (testGetRequestedPermissionLevel7). + Added (minimalJnlp) field. + * tests/netx/unit/net/sourceforge/jnlp/PluginBridgeTest.java: added new + (testGetRequestedPermissionLevel) test. + * netx/net/sourceforge/jnlp/SecurityDesc.java: added (DEFAULT) into + (RequestedPermissionLevel) and fixed typo in (J2EE) jnlpValue + +2014-04-01 Andrew Azores <aazores@redhat.com> * netx/net/sourceforge/jnlp/SecurityDesc.java: (RequestedPermissionLevel) new enum to describe the permission level requested in an applet's
--- a/netx/net/sourceforge/jnlp/JNLPFile.java Tue Apr 01 10:27:16 2014 -0400 +++ b/netx/net/sourceforge/jnlp/JNLPFile.java Tue Apr 01 17:45:43 2014 +0200 @@ -965,12 +965,12 @@ String s = getAttribute(PERMISSIONS); if (s == null) { return ManifestBoolean.UNDEFINED; - } else if (s.trim().equalsIgnoreCase("sandbox")) { + } else if (s.trim().equalsIgnoreCase(SecurityDesc.RequestedPermissionLevel.SANDBOX.toHtmlString())) { return ManifestBoolean.TRUE; - } else if (s.trim().equalsIgnoreCase("all-permissions")) { + } else if (s.trim().equalsIgnoreCase(SecurityDesc.RequestedPermissionLevel.ALL.toHtmlString())) { return ManifestBoolean.FALSE; } else { - throw new IllegalArgumentException("Unknown value of " + PERMISSIONS + " attribute " + s + ". Expected sandbox or all-permissions"); + throw new IllegalArgumentException("Unknown value of " + PERMISSIONS + " attribute " + s + ". Expected "+SecurityDesc.RequestedPermissionLevel.SANDBOX.toHtmlString()+" or "+SecurityDesc.RequestedPermissionLevel.ALL.toHtmlString()); } @@ -982,9 +982,9 @@ String s = getAttribute(PERMISSIONS); if (s == null) { return "Not defined"; - } else if (s.trim().equalsIgnoreCase("sandbox")) { + } else if (s.trim().equalsIgnoreCase(SecurityDesc.RequestedPermissionLevel.SANDBOX.toHtmlString())) { return s.trim(); - } else if (s.trim().equalsIgnoreCase("all-permissions")) { + } else if (s.trim().equalsIgnoreCase(SecurityDesc.RequestedPermissionLevel.ALL.toHtmlString())) { return s.trim(); } else { return "illegal";
--- a/netx/net/sourceforge/jnlp/PluginBridge.java Tue Apr 01 10:27:16 2014 -0400 +++ b/netx/net/sourceforge/jnlp/PluginBridge.java Tue Apr 01 17:45:43 2014 +0200 @@ -232,11 +232,11 @@ final String level = params.getPermissions(); if (level == null) { return RequestedPermissionLevel.NONE; - } else if (level.equals("default")) { + } else if (level.equals(SecurityDesc.RequestedPermissionLevel.DEFAULT.toHtmlString())) { return RequestedPermissionLevel.NONE; - } else if (level.equals("sandbox")) { + } else if (level.equals(SecurityDesc.RequestedPermissionLevel.SANDBOX.toHtmlString())) { return RequestedPermissionLevel.SANDBOX; - } else if (level.equals("all-permissions")) { + } else if (level.equals(SecurityDesc.RequestedPermissionLevel.ALL.toHtmlString())) { return RequestedPermissionLevel.ALL; } else { return RequestedPermissionLevel.NONE;
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java Tue Apr 01 10:27:16 2014 -0400 +++ b/netx/net/sourceforge/jnlp/SecurityDesc.java Tue Apr 01 17:45:43 2014 +0200 @@ -39,10 +39,12 @@ */ public enum RequestedPermissionLevel { NONE(null, null), + DEFAULT(null, "default"), SANDBOX(null, "sandbox"), - J2EE("j2ee-applitcation-client-permissions", null), + J2EE("j2ee-application-client-permissions", null), ALL("all-permissions", "all-permissions"); + public static final String PERMISSIONS_NAME = "permissions"; private final String jnlpString, htmlString; private RequestedPermissionLevel(final String jnlpString, final String htmlString) {
--- a/tests/netx/unit/net/sourceforge/jnlp/JNLPFileTest.java Tue Apr 01 10:27:16 2014 -0400 +++ b/tests/netx/unit/net/sourceforge/jnlp/JNLPFileTest.java Tue Apr 01 17:45:43 2014 +0200 @@ -277,4 +277,87 @@ Assert.assertFalse(downloadOptions.useExplicitPack()); Assert.assertFalse(downloadOptions.useExplicitVersion()); } + + + public static final String minimalJnlp = "<?xml version='1.0'?>\n" + + "<jnlp spec='1.5' href='foo' codebase='.'>\n" + + " <information>\n" + + " <title>Parsing Test</title>\n" + + " <vendor>IcedTea</vendor>\n" + + " </information>\n" + + "<resources>\n" + + " </resources>\n" + + "SECURITY" + + "</jnlp>"; + + @Test + public void testGetRequestedPermissionLevel1() throws MalformedURLException, ParseException { + String jnlpContents = minimalJnlp.replace("SECURITY", ""); + URL codeBase = new URL("http://icedtea.classpath.org"); + InputStream is = new ByteArrayInputStream(jnlpContents.getBytes()); + JNLPFile jnlpFile = new JNLPFile(is, codeBase, new ParserSettings(false, false, false)); + Assert.assertEquals(SecurityDesc.RequestedPermissionLevel.NONE, jnlpFile.getRequestedPermissionLevel()); + } + + @Test + public void testGetRequestedPermissionLevel2() throws MalformedURLException, ParseException { + String jnlpContents = minimalJnlp.replace("SECURITY", "<security><"+SecurityDesc.RequestedPermissionLevel.ALL.toJnlpString()+"/></security>"); + + URL codeBase = new URL("http://icedtea.classpath.org"); + InputStream is = new ByteArrayInputStream(jnlpContents.getBytes()); + JNLPFile jnlpFile = new JNLPFile(is, codeBase, new ParserSettings(false, false, false)); + Assert.assertEquals(SecurityDesc.RequestedPermissionLevel.ALL, jnlpFile.getRequestedPermissionLevel()); + } + + @Test + public void testGetRequestedPermissionLevel3() throws MalformedURLException, ParseException { + String jnlpContents = minimalJnlp.replace("SECURITY", "<security></security>"); + + URL codeBase = new URL("http://icedtea.classpath.org"); + InputStream is = new ByteArrayInputStream(jnlpContents.getBytes()); + JNLPFile jnlpFile = new JNLPFile(is, codeBase, new ParserSettings(false, false, false)); + Assert.assertEquals(SecurityDesc.RequestedPermissionLevel.NONE, jnlpFile.getRequestedPermissionLevel()); + } + + @Test + public void testGetRequestedPermissionLevel4() throws MalformedURLException, ParseException { + String jnlpContents = minimalJnlp.replace("SECURITY", "<security>whatever</security>"); + + URL codeBase = new URL("http://icedtea.classpath.org"); + InputStream is = new ByteArrayInputStream(jnlpContents.getBytes()); + JNLPFile jnlpFile = new JNLPFile(is, codeBase, new ParserSettings(false, false, false)); + Assert.assertEquals(SecurityDesc.RequestedPermissionLevel.NONE, jnlpFile.getRequestedPermissionLevel()); + } + + @Test + public void testGetRequestedPermissionLevel5() throws MalformedURLException, ParseException { + String jnlpContents = minimalJnlp.replace("SECURITY", "<security><"+SecurityDesc.RequestedPermissionLevel.J2EE.toJnlpString()+"/></security>"); + + URL codeBase = new URL("http://icedtea.classpath.org"); + InputStream is = new ByteArrayInputStream(jnlpContents.getBytes()); + JNLPFile jnlpFile = new JNLPFile(is, codeBase, new ParserSettings(false, false, false)); + Assert.assertEquals(SecurityDesc.RequestedPermissionLevel.J2EE, jnlpFile.getRequestedPermissionLevel()); + } + + @Test + //unknown for jnlp + public void testGetRequestedPermissionLevel6() throws MalformedURLException, ParseException { + String jnlpContents = minimalJnlp.replace("SECURITY", "<security><" + SecurityDesc.RequestedPermissionLevel.SANDBOX.toHtmlString() + "/></security>"); + + URL codeBase = new URL("http://icedtea.classpath.org"); + InputStream is = new ByteArrayInputStream(jnlpContents.getBytes()); + JNLPFile jnlpFile = new JNLPFile(is, codeBase, new ParserSettings(false, false, false)); + Assert.assertEquals(SecurityDesc.RequestedPermissionLevel.NONE, jnlpFile.getRequestedPermissionLevel()); + } + + @Test + //unknown for jnlp + public void testGetRequestedPermissionLevel7() throws MalformedURLException, ParseException { + String jnlpContents = minimalJnlp.replace("SECURITY", "<security><" + SecurityDesc.RequestedPermissionLevel.DEFAULT.toHtmlString() + "/></security>"); + + URL codeBase = new URL("http://icedtea.classpath.org"); + InputStream is = new ByteArrayInputStream(jnlpContents.getBytes()); + JNLPFile jnlpFile = new JNLPFile(is, codeBase, new ParserSettings(false, false, false)); + Assert.assertEquals(SecurityDesc.RequestedPermissionLevel.NONE, jnlpFile.getRequestedPermissionLevel()); + } }
--- a/tests/netx/unit/net/sourceforge/jnlp/PluginBridgeTest.java Tue Apr 01 10:27:16 2014 -0400 +++ b/tests/netx/unit/net/sourceforge/jnlp/PluginBridgeTest.java Tue Apr 01 17:45:43 2014 +0200 @@ -107,6 +107,35 @@ assertEquals(desiredDomain + relativeLocation, mockCreator.getJNLPHref().toExternalForm()); } + + @Test + public void testGetRequestedPermissionLevel() throws MalformedURLException, Exception { + String desiredDomain = "http://desired.absolute.codebase.com"; + URL codeBase = new URL(desiredDomain + "/undesired/sub/dir"); + String relativeLocation = "/app/test/test.jnlp"; + PluginParameters params = createValidParamObject(); + params.put("jnlp_href", relativeLocation); + MockJNLPCreator mockCreator = new MockJNLPCreator(); + PluginBridge pb = new PluginBridge(codeBase, null, "", "", 0, 0, params, mockCreator); + assertEquals(pb.getRequestedPermissionLevel(), SecurityDesc.RequestedPermissionLevel.NONE); + + params.put(SecurityDesc.RequestedPermissionLevel.PERMISSIONS_NAME,SecurityDesc.RequestedPermissionLevel.ALL.toHtmlString()); + pb = new PluginBridge(codeBase, null, "", "", 0, 0, params, mockCreator); + assertEquals(pb.getRequestedPermissionLevel(), SecurityDesc.RequestedPermissionLevel.ALL); + + //unknown for applets! + params.put(SecurityDesc.RequestedPermissionLevel.PERMISSIONS_NAME, SecurityDesc.RequestedPermissionLevel.J2EE.toJnlpString()); + pb = new PluginBridge(codeBase, null, "", "", 0, 0, params, mockCreator); + assertEquals(pb.getRequestedPermissionLevel(), SecurityDesc.RequestedPermissionLevel.NONE); + + params.put(SecurityDesc.RequestedPermissionLevel.PERMISSIONS_NAME, SecurityDesc.RequestedPermissionLevel.SANDBOX.toHtmlString()); + pb = new PluginBridge(codeBase, null, "", "", 0, 0, params, mockCreator); + assertEquals(pb.getRequestedPermissionLevel(), SecurityDesc.RequestedPermissionLevel.SANDBOX); + + params.put(SecurityDesc.RequestedPermissionLevel.PERMISSIONS_NAME, SecurityDesc.RequestedPermissionLevel.DEFAULT.toHtmlString()); + pb = new PluginBridge(codeBase, null, "", "", 0, 0, params, mockCreator); + assertEquals(pb.getRequestedPermissionLevel(), SecurityDesc.RequestedPermissionLevel.NONE); + } @Test public void testBase64StringDecoding() throws Exception {
--- a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPFileTest.java Tue Apr 01 10:27:16 2014 -0400 +++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPFileTest.java Tue Apr 01 17:45:43 2014 +0200 @@ -44,6 +44,7 @@ import java.util.jar.Manifest; import net.sourceforge.jnlp.InformationDesc; import net.sourceforge.jnlp.JNLPFile; +import net.sourceforge.jnlp.SecurityDesc; import net.sourceforge.jnlp.cache.UpdatePolicy; import net.sourceforge.jnlp.config.DeploymentConfiguration; import net.sourceforge.jnlp.mock.DummyJNLPFileWithJar; @@ -175,7 +176,7 @@ Assert.assertEquals("*.com https://*.cz", jnlpFile.getManifestsAttributes().getAttribute(new Attributes.Name(JNLPFile.ManifestsAttributes.APP_LIBRARY_ALLOWABLE))); Assert.assertEquals("*.net ftp://*uu.co.uk", jnlpFile.getManifestsAttributes().getAttribute(new Attributes.Name(JNLPFile.ManifestsAttributes.CALLER_ALLOWABLE))); Assert.assertEquals("*.com *.net *.cz *.co.uk", jnlpFile.getManifestsAttributes().getAttribute(new Attributes.Name(JNLPFile.ManifestsAttributes.CODEBASE))); - Assert.assertEquals("sandbox", jnlpFile.getManifestsAttributes().getAttribute(new Attributes.Name(JNLPFile.ManifestsAttributes.PERMISSIONS))); + Assert.assertEquals(SecurityDesc.RequestedPermissionLevel.SANDBOX.toHtmlString(), jnlpFile.getManifestsAttributes().getAttribute(new Attributes.Name(JNLPFile.ManifestsAttributes.PERMISSIONS))); Assert.assertEquals("false", jnlpFile.getManifestsAttributes().getAttribute(new Attributes.Name(JNLPFile.ManifestsAttributes.TRUSTED_LIBRARY))); Assert.assertEquals("false", jnlpFile.getManifestsAttributes().getAttribute(new Attributes.Name(JNLPFile.ManifestsAttributes.TRUSTED_ONLY)));