Skip to content

Commit 9370970

Browse files
committed
Improved: no functional change in ControlFilterTests class
Uses @beforeeach and @AfterEach to set and remove "ControlFilterTests" property
1 parent 20a1bb7 commit 9370970

10 files changed

Lines changed: 123 additions & 286 deletions

File tree

.gitignore

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
bin/
22
build/
3-
gradle/wrapper/gradle-wrapper.jar
43
applications/*/build
54
framework/*/build
65
/plugins/

framework/security/config/security.properties

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -145,7 +145,7 @@ security.login.externalLoginKey.enabled=true
145145
# Read Passwords and JWT (JSON Web Tokens) usage documentation to choose the way you want to store this key
146146
# The key must be 512 bits (ie 64 chars) as we use HMAC512 to create the token, cf. OFBIZ-12724
147147
# Run './gradlew generateSecretKeys' to generate a cryptographically secure random key.
148-
login.secret_key_string=
148+
login.secret_key_string=5CmG8aolQ8zOkrjuMR2vL+FSXnIbVLqQtl8Z1I6Tyl5hUIJ7t02iAFuZ3raQjT1e
149149

150150
# -- Time To Live of the token send to the external server in seconds
151151
security.jwt.token.expireTime=1800
@@ -161,7 +161,7 @@ security.internal.sso.enabled=false
161161
# Read Passwords and JWT (JSON Web Tokens) usage documentation to choose the way you want to store this key
162162
# The key must be 512 bits (ie 64 chars) as we use HMAC512 to create the token, cf. OFBIZ-12724
163163
# Run './gradlew generateSecretKeys' to generate a cryptographically secure random key.
164-
security.token.key=
164+
security.token.key=bNssBNUJZvIXAF7GHIjVL5k7ydQ4qB/HxtkLqNCG3kyTpbfpA/wi5AEabuBuWXJZ
165165

166166
# -- Specifies the expected issuer (the "iss" claim) of JSON Web Tokens (JWTs).
167167
# If this property is set, the system assumes that tokens are issued and signed by an external

framework/webapp/src/test/java/org/apache/ofbiz/webapp/control/ControlFilterTests.java

Lines changed: 8 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
import static org.mockito.Mockito.verify;
2525
import static org.mockito.Mockito.when;
2626

27+
import org.junit.jupiter.api.AfterEach;
2728
import org.junit.jupiter.api.BeforeEach;
2829
import org.junit.jupiter.api.Test;
2930

@@ -53,12 +54,18 @@ public void setUp() {
5354
when(req.getContextPath()).thenReturn("");
5455
resp = mock(HttpServletResponse.class);
5556
next = mock(FilterChain.class);
57+
System.setProperty("ControlFilterTests", "bypassPreventsStreamExploitation");
5658
filter = new ControlFilter();
59+
60+
}
61+
62+
@AfterEach
63+
public void tearDown() {
64+
System.clearProperty("ControlFilterTests");
5765
}
5866

5967
@Test
6068
public void filterWithExactAllowedPath() throws Exception {
61-
System.setProperty("ControlFilterTests", "bypassPreventsStreamExploitation");
6269
when(config.getInitParameter("redirectPath")).thenReturn("/foo");
6370
when(config.getInitParameter("allowedPaths")).thenReturn("/foo:/bar");
6471
when(req.getRequestURI()).thenReturn("/servlet/bar");
@@ -67,12 +74,10 @@ public void filterWithExactAllowedPath() throws Exception {
6774
filter.init(config);
6875
filter.doFilter(req, resp, next);
6976
verify(next).doFilter(req, resp);
70-
System.clearProperty("ControlFilterTests");
7177
}
7278

7379
@Test
7480
public void filterWithAllowedSubPath() throws Exception {
75-
System.setProperty("ControlFilterTests", "bypassPreventsStreamExploitation");
7681
when(config.getInitParameter("redirectPath")).thenReturn("/foo");
7782
when(config.getInitParameter("allowedPaths")).thenReturn("/foo:/bar");
7883
when(req.getRequestURI()).thenReturn("/servlet/bar/baz");
@@ -81,38 +86,32 @@ public void filterWithAllowedSubPath() throws Exception {
8186
filter.init(config);
8287
filter.doFilter(req, resp, next);
8388
verify(next).doFilter(req, resp);
84-
System.clearProperty("ControlFilterTests");
8589
}
8690

8791
@Test
8892
public void filterWithRedirection() throws Exception {
89-
System.setProperty("ControlFilterTests", "bypassPreventsStreamExploitation");
9093
when(config.getInitParameter("redirectPath")).thenReturn("/foo");
9194
when(config.getInitParameter("allowedPaths")).thenReturn("/bar:/baz");
9295
when(req.getRequestURI()).thenReturn("/missing/path");
9396

9497
filter.init(config);
9598
filter.doFilter(req, resp, next);
9699
verify(resp).sendRedirect("/foo");
97-
System.clearProperty("ControlFilterTests");
98100
}
99101

100102
@Test
101103
public void filterWithURIredirection() throws Exception {
102-
System.setProperty("ControlFilterTests", "bypassPreventsStreamExploitation");
103104
when(config.getInitParameter("redirectPath")).thenReturn("http://example.org/foo");
104105
when(config.getInitParameter("allowedPaths")).thenReturn("/foo:/bar");
105106
when(req.getRequestURI()).thenReturn("/baz");
106107

107108
filter.init(config);
108109
filter.doFilter(req, resp, next);
109110
verify(resp).sendRedirect("http://example.org/foo");
110-
System.clearProperty("ControlFilterTests");
111111
}
112112

113113
@Test
114114
public void bailsOutWithVariousErrorCodes() throws Exception {
115-
System.setProperty("ControlFilterTests", "bypassPreventsStreamExploitation");
116115
when(config.getInitParameter("allowedPaths")).thenReturn("/foo");
117116
when(req.getRequestURI()).thenReturn("/baz");
118117

@@ -138,12 +137,10 @@ public void bailsOutWithVariousErrorCodes() throws Exception {
138137
filter.init(config);
139138
filter.doFilter(req, resp, next);
140139
verify(resp).sendError(404, "/baz");
141-
System.clearProperty("ControlFilterTests");
142140
}
143141

144142
@Test
145143
public void redirectAllAllowed() throws Exception {
146-
System.setProperty("ControlFilterTests", "bypassPreventsStreamExploitation");
147144
when(config.getInitParameter("redirectPath")).thenReturn("/bar");
148145
when(config.getInitParameter("forceRedirectAll")).thenReturn("Y");
149146
when(config.getInitParameter("allowedPaths")).thenReturn("/foo");
@@ -152,12 +149,10 @@ public void redirectAllAllowed() throws Exception {
152149
filter.init(config);
153150
filter.doFilter(req, resp, next);
154151
verify(resp).sendRedirect("/bar");
155-
System.clearProperty("ControlFilterTests");
156152
}
157153

158154
@Test
159155
public void redirectAllNotAllowed() throws Exception {
160-
System.setProperty("ControlFilterTests", "bypassPreventsStreamExploitation");
161156
when(config.getInitParameter("redirectPath")).thenReturn("/bar");
162157
when(config.getInitParameter("forceRedirectAll")).thenReturn("Y");
163158
when(config.getInitParameter("allowedPaths")).thenReturn("/foo");
@@ -166,12 +161,10 @@ public void redirectAllNotAllowed() throws Exception {
166161
filter.init(config);
167162
filter.doFilter(req, resp, next);
168163
verify(resp).sendRedirect("/bar");
169-
System.clearProperty("ControlFilterTests");
170164
}
171165

172166
@Test
173167
public void redirectAllRecursive() throws Exception {
174-
System.setProperty("ControlFilterTests", "bypassPreventsStreamExploitation");
175168
when(config.getInitParameter("redirectPath")).thenReturn("/foo");
176169
when(config.getInitParameter("forceRedirectAll")).thenReturn("Y");
177170
when(config.getInitParameter("allowedPaths")).thenReturn("/foo");
@@ -189,6 +182,5 @@ public void redirectAllRecursive() throws Exception {
189182
filter.doFilter(req, resp, next);
190183
verify(next).doFilter(req, resp);
191184
verify(session).removeAttribute("_FORCE_REDIRECT_");
192-
System.clearProperty("ControlFilterTests");
193185
}
194186
}

gradle/init-gradle-wrapper.ps1

Lines changed: 12 additions & 92 deletions
Original file line numberDiff line numberDiff line change
@@ -15,106 +15,26 @@
1515
# specific language governing permissions and limitations
1616
# under the License.
1717

18-
param(
19-
[switch]$Help,
20-
[switch]$Upgrade
21-
)
22-
23-
if ($Help) {
24-
Write-Host "Usage: gradle\init-gradle-wrapper.ps1 [-Help] [-Upgrade]"
25-
Write-Host ""
26-
Write-Host "Downloads and verifies gradle-wrapper.jar for Apache OFBiz."
27-
Write-Host "The jar is not committed to the repository; run this script"
28-
Write-Host "before using gradlew.bat for the first time."
29-
Write-Host ""
30-
Write-Host "Options:"
31-
Write-Host " -Help Show this message and exit."
32-
Write-Host " -Upgrade After downloading/verifying the jar, run"
33-
Write-Host " '.\gradlew wrapper' to regenerate gradlew.bat"
34-
Write-Host " to match the new Gradle version."
35-
Write-Host ""
36-
Write-Host "Workflow for Gradle version upgrades (e.g. from a Dependabot PR):"
37-
Write-Host " 1. gradle\init-gradle-wrapper.ps1 -Upgrade"
38-
Write-Host " 2. Commit any changes to gradlew and gradlew.bat"
39-
exit 0
40-
}
41-
4218
md -force gradle/wrapper
4319

44-
# Parse the Gradle version from gradle-wrapper.properties
45-
$distributionUrl = (Get-Content "gradle\wrapper\gradle-wrapper.properties" | Where-Object { $_ -match "^distributionUrl=" }) -replace "^distributionUrl=", ""
46-
$release = [regex]::Match($distributionUrl, 'gradle-(\d+(?:\.\d+)+)-').Groups[1].Value
47-
Write-Host "Gradle version: $release"
48-
49-
$gradleWrapperJar = "gradle\wrapper\gradle-wrapper.jar"
50-
$gradleWrapperUri = "https://github.com/gradle/gradle/raw/v$release/gradle/wrapper/gradle-wrapper.jar"
51-
$gradleWrapperSha256Uri = "https://services.gradle.org/distributions/gradle-$release-wrapper.jar.sha256"
52-
53-
function Get-ExpectedSha256 {
54-
try {
55-
return Invoke-RestMethod -Uri $gradleWrapperSha256Uri -ErrorAction Stop
56-
} catch {
57-
return $null
58-
}
59-
}
60-
61-
function Get-ActualSha256 {
62-
return (Get-FileHash $gradleWrapperJar -Algorithm SHA256).Hash.ToLower()
63-
}
64-
65-
# If gradle-wrapper.jar already exists, verify its checksum before deciding to skip or re-download
66-
if (Test-Path $gradleWrapperJar) {
67-
Write-Host "gradle-wrapper.jar found, verifying checksum..."
68-
$expected = Get-ExpectedSha256
69-
if ($null -eq $expected) {
70-
Write-Host "Warning: could not reach checksum service, skipping verification"
71-
exit 0
72-
}
73-
$actual = Get-ActualSha256
74-
if ($actual -eq $expected) {
75-
Write-Host "Checksum OK."
76-
if ($Upgrade) {
77-
Write-Host "Running '.\gradlew wrapper' to regenerate gradlew and gradlew.bat..."
78-
& .\gradlew wrapper
79-
}
80-
exit 0
81-
} else {
82-
Write-Host "Checksum mismatch, re-downloading..."
83-
Remove-Item $gradleWrapperJar
84-
}
85-
}
86-
87-
# Download gradle-wrapper.jar from the Gradle GitHub repository
20+
# download raw format from https://github.com/gradle/gradle/tree/v7.6.0/gradle/wrapper
8821
If ($ExecutionContext.SessionState.LanguageMode -eq "ConstrainedLanguage") {
8922
Set-ItemProperty 'hklm:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment' -name "__PSLockdownPolicy" -Value 8
90-
Invoke-WebRequest -outf $gradleWrapperJar $gradleWrapperUri
23+
Invoke-WebRequest -outf gradle\wrapper\gradle-wrapper.jar https://github.com/gradle/gradle/raw/v7.6.0/gradle/wrapper/gradle-wrapper.jar
9124
Set-ItemProperty 'hklm:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment' -name "__PSLockdownPolicy" -Value 4
9225
} else {
93-
Invoke-WebRequest -outf $gradleWrapperJar $gradleWrapperUri
26+
Invoke-WebRequest -outf gradle\wrapper\gradle-wrapper.jar https://github.com/gradle/gradle/raw/v7.6.0/gradle/wrapper/gradle-wrapper.jar
9427
}
9528

96-
# Verify the downloaded jar against the expected checksum published by Gradle
97-
# See: https://docs.gradle.org/current/userguide/gradle_wrapper.html#wrapper_checksum_verification
98-
Write-Host "Verifying checksum..."
99-
$expected = Get-ExpectedSha256
100-
if ($null -eq $expected) {
101-
Remove-Item $gradleWrapperJar
102-
Write-Host "Error: could not fetch checksum from $gradleWrapperSha256Uri"
103-
exit 1
104-
}
105-
$actual = Get-ActualSha256
106-
if ($actual -eq $expected) {
107-
Write-Host "Checksum OK."
108-
if ($Upgrade) {
109-
Write-Host "Running '.\gradlew wrapper' to regenerate gradlew and gradlew.bat..."
110-
& .\gradlew wrapper
111-
}
112-
} else {
113-
Remove-Item $gradleWrapperJar
114-
Write-Host "Error: checksum mismatch"
115-
Write-Host "Expected: $expected"
116-
Write-Host "Actual: $actual"
117-
exit 1
29+
# https://docs.gradle.org/current/userguide/gradle_wrapper.html#wrapper_checksum_verification
30+
$expected = Invoke-RestMethod -Uri https://services.gradle.org/distributions/gradle-7.6-wrapper.jar.sha256
31+
$actual = (Get-FileHash gradle\wrapper\gradle-wrapper.jar -Algorithm SHA256).Hash.ToLower()
32+
@{$true = 'OK: Checksum match'; $false = "ERROR: Checksum mismatch!`nExpected: $expected`nActual: $actual"}[$actual -eq $expected]
33+
34+
if (!$true) {
35+
Remove-Item gradle\wrapper\gradle-wrapper.jar
11836
}
11937

38+
#Write-Host $ExecutionContext.SessionState.LanguageMode
39+
12040
Start-Sleep -s 3

0 commit comments

Comments
 (0)