-
-
Notifications
You must be signed in to change notification settings - Fork 179
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
LDEV-5085 test case for preside antisamy service
- Loading branch information
Showing
15 changed files
with
10,783 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
component extends="org.lucee.cfml.test.LuceeTestCase" { | ||
|
||
function run( testResults , testBox ) { | ||
describe( title='LDEV-5085', body=function(){ | ||
|
||
it( title='test preside anti samy service (full path)', body=function() { | ||
var path = getDirectoryFromPath( getCurrentTemplatePath() ); | ||
var antisamy = new LDEV5085.AntiSamyService( path & "LDEV5085\antisamylib" ); | ||
var str = "<div onclick='xss()'>xss</div>"; | ||
var result = antisamy.clean( str ); | ||
expect( result ).toBe( "<div>xss</div>" ); | ||
}); | ||
|
||
}); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
/** | ||
* @singleton | ||
* | ||
*/ | ||
component { | ||
|
||
// CONSTRUCTOR | ||
public any function init( path ) { | ||
_setLibPath( arguments.path ); | ||
_setupPolicyFiles(); | ||
_setupAntiSamy(); | ||
|
||
return this; | ||
} | ||
|
||
// PUBLIC API | ||
public any function clean( required string input, string policy="preside" ) { | ||
var dirtyHtml = ReplaceNoCase( arguments.input, """, "&~~~quot;", "all" ); | ||
var antiSamyResult = _getAntiSamy().scan( dirtyHtml, _getPolicy( arguments.policy ) ); | ||
var cleanHtml = antiSamyResult.getCleanHtml(); | ||
|
||
return _removeUnwantedCleanses( cleanHtml, arguments.policy ); | ||
} | ||
|
||
// PRIVATE HELPERS | ||
private void function _setupPolicyFiles() { | ||
var libPath = _getLibPath(); | ||
|
||
_setPolicyFiles ( { | ||
antisamy = libPath & '/antisamy-anythinggoes-1.4.4.xml' | ||
, ebay = libPath & '/antisamy-ebay-1.4.4.xml' | ||
, myspace = libPath & '/antisamy-myspace-1.4.4.xml' | ||
, slashdot = libPath & '/antisamy-slashdot-1.4.4.xml' | ||
, tinymce = libPath & '/antisamy-tinymce-1.4.4.xml' | ||
, preside = libPath & '/antisamy-preside-1.4.4.xml' | ||
} ); | ||
} | ||
|
||
private void function _setupAntiSamy() { | ||
_setAntiSamy( CreateObject( "java", "org.owasp.validator.html.AntiSamy", _listJars() ) ); | ||
} | ||
|
||
private any function _getPolicy( required string policy ) { | ||
_policies = _policies ?: {}; | ||
|
||
if ( !StructKeyExists( _policies, arguments.policy ) ) { | ||
var policyFile = _getPolicyFile( arguments.policy ); | ||
var policyFactory = CreateObject( "java", "org.owasp.validator.html.Policy", _listJars() ); | ||
|
||
_policies[ arguments.policy ] = policyFactory.getInstance( policyFile ); | ||
} | ||
|
||
return _policies[ arguments.policy ]; | ||
} | ||
|
||
private array function _listJars() { | ||
return DirectoryList( _getLibPath(), false, "path", "*.jar" ); | ||
} | ||
|
||
private any function _getPolicyFile( required string policy ) { | ||
var policies = _getPolicyFiles(); | ||
var filePath = policies[ arguments.policy ] ?: throw( type="preside.antisamyservice.policy.not.found", message="The policy [#arguments.policy#] was not found. Existing policies: '#SerializeJson( policies.keyArray() )#" ); | ||
|
||
return CreateObject( "java", "java.io.File" ).init( filePath ); | ||
} | ||
|
||
private string function _removeUnwantedCleanses( required string tooCleanString, required string policy ) { | ||
var antiSamyResult = _getAntiSamy().scan( "&", _getPolicy( arguments.policy ) ); | ||
var cleanedAmpersand = antiSamyResult.getCleanHtml(); | ||
var uncleaned = arguments.tooCleanString; | ||
|
||
if ( cleanedAmpersand != "&" ) { | ||
uncleaned = uncleaned.replace( cleanedAmpersand, "&", "all" ); | ||
} | ||
|
||
uncleaned = ReplaceNoCase( uncleaned, """, """", "all" ); | ||
uncleaned = ReplaceNoCase( uncleaned, "&~~~quot;", """, "all" ); | ||
|
||
return uncleaned; | ||
} | ||
|
||
// GETTERS AND SETTERS | ||
private string function _getLibPath() { | ||
return _libPath; | ||
} | ||
private void function _setLibPath( required string libPath ) { | ||
_libPath = arguments.libPath; | ||
} | ||
|
||
private struct function _getPolicyFiles() { | ||
return _policyFiles; | ||
} | ||
private void function _setPolicyFiles( required struct policyFiles ) { | ||
_policyFiles = arguments.policyFiles; | ||
} | ||
|
||
private any function _getAntiSamy() { | ||
return _antiSamy; | ||
} | ||
private void function _setAntiSamy( required any antiSamy ) { | ||
_antiSamy = arguments.antiSamy; | ||
} | ||
} |
Binary file not shown.
Oops, something went wrong.