Example 6 with UnexpectedPage
use of com.gargoylesoftware.htmlunit.UnexpectedPage in project jenkins by jenkinsci.
the class DirectoryBrowserSupportTest method directSymlink_forTestingZip.
@Test
@Issue("SECURITY-904")
public void directSymlink_forTestingZip() throws Exception {
FreeStyleProject p = j.createFreeStyleProject();
j.buildAndAssertSuccess(p);
FilePath ws = p.getSomeWorkspace();
/*
* secrets/
* goal.txt
* workspace/
* /a1/to_secrets1
* /b1/b2/to_secrets1
* /c1/c2/c3/to_secrets1
*/
File secretsFolder = new File(j.jenkins.getRootDir(), "secrets");
FilePath a1 = ws.child("a1");
a1.mkdirs();
a1.child("to_secrets1").symlinkTo(secretsFolder.getAbsolutePath(), TaskListener.NULL);
FilePath b2 = ws.child("b1").child("b2");
b2.mkdirs();
b2.child("to_secrets2").symlinkTo(secretsFolder.getAbsolutePath(), TaskListener.NULL);
FilePath c3 = ws.child("c1").child("c2").child("c3");
c3.mkdirs();
c3.child("to_secrets3").symlinkTo(secretsFolder.getAbsolutePath(), TaskListener.NULL);
JenkinsRule.WebClient wc = j.createWebClient();
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
{
Page zipPage = wc.goTo(p.getUrl() + "ws/*zip*/ws.zip", null);
assertThat(zipPage.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_OK));
List<String> entryNames = getListOfEntriesInDownloadedZip((UnexpectedPage) zipPage);
assertThat(entryNames, hasSize(0));
}
{
Page zipPage = wc.goTo(p.getUrl() + "ws/a1/*zip*/a1.zip", null);
assertThat(zipPage.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_OK));
List<String> entryNames = getListOfEntriesInDownloadedZip((UnexpectedPage) zipPage);
assertThat(entryNames, hasSize(0));
}
{
Page zipPage = wc.goTo(p.getUrl() + "ws/b1/b2/*zip*/b2.zip", null);
assertThat(zipPage.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_OK));
List<String> entryNames = getListOfEntriesInDownloadedZip((UnexpectedPage) zipPage);
assertThat(entryNames, hasSize(0));
}
{
Page zipPage = wc.goTo(p.getUrl() + "ws/c1/c2/c3/*zip*/c3.zip", null);
assertThat(zipPage.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_OK));
List<String> entryNames = getListOfEntriesInDownloadedZip((UnexpectedPage) zipPage);
assertThat(entryNames, hasSize(0));
}
}
Also used :
FilePath(hudson.FilePath)
UnexpectedPage(com.gargoylesoftware.htmlunit.UnexpectedPage)
UnexpectedPage(com.gargoylesoftware.htmlunit.UnexpectedPage)
Page(com.gargoylesoftware.htmlunit.Page)
HtmlPage(com.gargoylesoftware.htmlunit.html.HtmlPage)
List(java.util.List)
ArrayList(java.util.ArrayList)
ExtensionList(hudson.ExtensionList)
JenkinsRule(org.jvnet.hudson.test.JenkinsRule)
ZipFile(java.util.zip.ZipFile)
VirtualFile(jenkins.util.VirtualFile)
BatchFile(hudson.tasks.BatchFile)
File(java.io.File)
Issue(org.jvnet.hudson.test.Issue)
Test(org.junit.Test)
Example 7 with UnexpectedPage
use of com.gargoylesoftware.htmlunit.UnexpectedPage in project jenkins by jenkinsci.
the class DirectoryBrowserSupportTest method zipDownload.
@Issue("JENKINS-19752")
@Test
public void zipDownload() throws Exception {
FreeStyleProject p = j.createFreeStyleProject();
p.setScm(new SingleFileSCM("artifact.out", "Hello world!"));
p.getPublishersList().add(new ArtifactArchiver("*", "", true));
j.buildAndAssertSuccess(p);
HtmlPage page = j.createWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/artifact/");
Page download = page.getAnchorByHref("./*zip*/archive.zip").click();
File zipfile = download((UnexpectedPage) download);
ZipFile readzip = new ZipFile(zipfile);
InputStream is = readzip.getInputStream(readzip.getEntry("archive/artifact.out"));
// ZipException in case of JENKINS-19752
assertNotEquals("Downloaded zip file must not be empty", is.read(), -1);
is.close();
readzip.close();
zipfile.delete();
}
Also used :
ArtifactArchiver(hudson.tasks.ArtifactArchiver)
ZipFile(java.util.zip.ZipFile)
HtmlPage(com.gargoylesoftware.htmlunit.html.HtmlPage)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
SingleFileSCM(org.jvnet.hudson.test.SingleFileSCM)
UnexpectedPage(com.gargoylesoftware.htmlunit.UnexpectedPage)
Page(com.gargoylesoftware.htmlunit.Page)
HtmlPage(com.gargoylesoftware.htmlunit.html.HtmlPage)
ZipFile(java.util.zip.ZipFile)
VirtualFile(jenkins.util.VirtualFile)
BatchFile(hudson.tasks.BatchFile)
File(java.io.File)
Issue(org.jvnet.hudson.test.Issue)
Test(org.junit.Test)
Example 8 with UnexpectedPage
use of com.gargoylesoftware.htmlunit.UnexpectedPage in project jenkins by jenkinsci.
the class DirectoryBrowserSupportTest method symlink_outsideWorkspace_areNotAllowed.
@Test
@Issue("SECURITY-904")
public void symlink_outsideWorkspace_areNotAllowed() throws Exception {
FreeStyleProject p = j.createFreeStyleProject();
File secretsFolder = new File(j.jenkins.getRootDir(), "secrets");
File secretTarget = new File(secretsFolder, "goal.txt");
String secretContent = "secret";
FileUtils.write(secretTarget, secretContent, StandardCharsets.UTF_8);
/*
* secrets/
* goal.txt
* workspace/
* intermediateFolder/
* public2.key
* otherFolder/
* to_secret3 -> ../../../../secrets/
* to_secret2 -> ../../../secrets/
* to_secret_goal2 -> ../../../secrets/goal.txt
* public1.key
* to_secret1 -> ../../secrets/
* to_secret_goal1 -> ../../secrets/goal.txt
*
*/
if (Functions.isWindows()) {
// no need to test mklink /H since we cannot create an hard link to a non-existing file
// and so you need to have access to the master file system directly which is already a problem
String script = loadContentFromResource("outsideWorkspaceStructure.bat");
p.getBuildersList().add(new BatchFile(script));
} else {
String script = loadContentFromResource("outsideWorkspaceStructure.sh");
p.getBuildersList().add(new Shell(script));
}
j.buildAndAssertSuccess(p);
JenkinsRule.WebClient wc = j.createWebClient();
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
{
// workspace root must be reachable (regular case)
Page page = wc.goTo(p.getUrl() + "ws/", null);
assertThat(page.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_OK));
String workspaceContent = page.getWebResponse().getContentAsString();
assertThat(workspaceContent, allOf(containsString("public1.key"), containsString("intermediateFolder"), not(containsString("to_secrets1")), not(containsString("to_secrets_goal1")), not(containsString("to_secrets2")), not(containsString("to_secrets_goal2"))));
}
{
// to_secrets1 not reachable
Page page = wc.goTo(p.getUrl() + "ws/to_secrets1/", null);
assertThat(page.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_NOT_FOUND));
}
{
// to_secrets_goal1 not reachable
Page page = wc.goTo(p.getUrl() + "ws/to_secrets_goal1/", null);
assertThat(page.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_NOT_FOUND));
}
{
// intermediateFolder must be reachable (regular case)
Page page = wc.goTo(p.getUrl() + "ws/intermediateFolder/", null);
assertThat(page.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_OK));
String workspaceContent = page.getWebResponse().getContentAsString();
assertThat(workspaceContent, allOf(not(containsString("to_secrets1")), not(containsString("to_secrets_goal1")), not(containsString("to_secrets2")), not(containsString("to_secrets_goal2"))));
}
{
// to_secrets2 not reachable
Page page = wc.goTo(p.getUrl() + "ws/intermediateFolder/to_secrets2/", null);
assertThat(page.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_NOT_FOUND));
}
{
// using symbolic in the intermediate path
Page page = wc.goTo(p.getUrl() + "ws/intermediateFolder/to_secrets2/master.key", null);
assertThat(page.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_NOT_FOUND));
}
{
// to_secrets_goal2 not reachable
Page page = wc.goTo(p.getUrl() + "ws/intermediateFolder/to_secrets_goal2/", null);
assertThat(page.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_NOT_FOUND));
}
// pattern search feature
{
// the pattern allow us to search inside the files / folders,
// without the patch the master.key from inside the outside symlinks would have been linked
Page page = wc.goTo(p.getUrl() + "ws/**/*.key", null);
assertThat(page.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_OK));
String workspaceContent = page.getWebResponse().getContentAsString();
assertThat(workspaceContent, allOf(not(containsString("master.key")), containsString("public1.key"), containsString("public2.key")));
}
// zip feature
{
// all the outside folders / files are not included in the zip, also the parent folder is included
Page zipPage = wc.goTo(p.getUrl() + "ws/*zip*/ws.zip", null);
assertThat(zipPage.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_OK));
List<String> entryNames = getListOfEntriesInDownloadedZip((UnexpectedPage) zipPage);
assertThat(entryNames, containsInAnyOrder(p.getName() + "/intermediateFolder/public2.key", p.getName() + "/public1.key"));
}
{
// workaround for JENKINS-19947 is still supported, i.e. no parent folder
Page zipPage = wc.goTo(p.getUrl() + "ws/**/*zip*/ws.zip", null);
assertThat(zipPage.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_OK));
List<String> entryNames = getListOfEntriesInDownloadedZip((UnexpectedPage) zipPage);
assertThat(entryNames, containsInAnyOrder("intermediateFolder/public2.key", "public1.key"));
}
{
// all the outside folders / files are not included in the zip
Page zipPage = wc.goTo(p.getUrl() + "ws/intermediateFolder/*zip*/intermediateFolder.zip", null);
assertThat(zipPage.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_OK));
List<String> entryNames = getListOfEntriesInDownloadedZip((UnexpectedPage) zipPage);
assertThat(entryNames, contains("intermediateFolder/public2.key"));
}
{
// workaround for JENKINS-19947 is still supported, i.e. no parent folder, even inside a sub-folder
Page zipPage = wc.goTo(p.getUrl() + "ws/intermediateFolder/**/*zip*/intermediateFolder.zip", null);
assertThat(zipPage.getWebResponse().getStatusCode(), equalTo(HttpURLConnection.HTTP_OK));
List<String> entryNames = getListOfEntriesInDownloadedZip((UnexpectedPage) zipPage);
assertThat(entryNames, contains("public2.key"));
}
}
Also used :
BatchFile(hudson.tasks.BatchFile)
Shell(hudson.tasks.Shell)
UnexpectedPage(com.gargoylesoftware.htmlunit.UnexpectedPage)
UnexpectedPage(com.gargoylesoftware.htmlunit.UnexpectedPage)
Page(com.gargoylesoftware.htmlunit.Page)
HtmlPage(com.gargoylesoftware.htmlunit.html.HtmlPage)
List(java.util.List)
ArrayList(java.util.ArrayList)
ExtensionList(hudson.ExtensionList)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
JenkinsRule(org.jvnet.hudson.test.JenkinsRule)
ZipFile(java.util.zip.ZipFile)
VirtualFile(jenkins.util.VirtualFile)
BatchFile(hudson.tasks.BatchFile)
File(java.io.File)
Issue(org.jvnet.hudson.test.Issue)
Test(org.junit.Test)
Example 9 with UnexpectedPage
use of com.gargoylesoftware.htmlunit.UnexpectedPage in project htmlunit by HtmlUnit.
the class HtmlAnchor2Test method click_unexpectedPageAttachmentHandlerHandleResponseDoesNotHandleContentType.
/**
* @throws Exception if the test fails
*/
@Test
public void click_unexpectedPageAttachmentHandlerHandleResponseDoesNotHandleContentType() throws Exception {
final String html = "<html><head></head>\n" + "<body>\n" + " <a href='" + URL_SECOND + "' id='link'>link</a>\n" + "</body>\n" + "</html>";
getMockWebConnection().setResponse(URL_SECOND, "{name: \"Test\"};", MimeType.APPLICATION_JSON);
final LinkedList<WebResponse> pages = new LinkedList<WebResponse>();
getWebClient().setAttachmentHandler(new AttachmentHandler() {
@Override
public boolean handleAttachment(final WebResponse response) {
pages.add(response);
return true;
}
@Override
public void handleAttachment(final Page page) {
throw new IllegalAccessError("handleAttachment(Page) called");
}
});
try {
final HtmlPage page = loadPage(html);
assertEquals(1, getWebClient().getWebWindows().size());
page.getElementById("link").click();
assertEquals(1, getWebClient().getWebWindows().size());
assertTrue(page.getEnclosingWindow().getEnclosedPage() instanceof UnexpectedPage);
assertEquals(0, pages.size());
} finally {
getWebClient().setAttachmentHandler(null);
}
}
Also used :
WebResponse(com.gargoylesoftware.htmlunit.WebResponse)
UnexpectedPage(com.gargoylesoftware.htmlunit.UnexpectedPage)
AttachmentHandler(com.gargoylesoftware.htmlunit.attachment.AttachmentHandler)
UnexpectedPage(com.gargoylesoftware.htmlunit.UnexpectedPage)
Page(com.gargoylesoftware.htmlunit.Page)
LinkedList(java.util.LinkedList)
Test(org.junit.Test)
Example 10 with UnexpectedPage
use of com.gargoylesoftware.htmlunit.UnexpectedPage in project htmlunit by HtmlUnit.
the class HtmlAnchor2Test method click_unexpectedPageDownloadAttribute.
/**
* @throws Exception if the test fails
*/
@Test
public void click_unexpectedPageDownloadAttribute() throws Exception {
final String html = "<html><head></head>\n" + "<body>\n" + " <a href='" + URL_SECOND + "' id='link' download='test.json'>link</a>\n" + "</body>\n" + "</html>";
getMockWebConnection().setResponse(URL_SECOND, "{name: \"Test\"};", MimeType.APPLICATION_JSON);
final HtmlPage page = loadPage(html);
assertEquals(1, getWebClient().getWebWindows().size());
page.getElementById("link").click();
assertEquals(2, getWebClient().getWebWindows().size());
final WebWindow newWindow = getWebClient().getWebWindows().get(getWebClient().getWebWindows().size() - 1);
assertTrue(newWindow.getEnclosedPage() instanceof UnexpectedPage);
}
Also used :
UnexpectedPage(com.gargoylesoftware.htmlunit.UnexpectedPage)
WebWindow(com.gargoylesoftware.htmlunit.WebWindow)
Test(org.junit.Test)
Aggregations
UnexpectedPage (com.gargoylesoftware.htmlunit.UnexpectedPage)11
Test (org.junit.Test)10
Page (com.gargoylesoftware.htmlunit.Page)9
WebWindow (com.gargoylesoftware.htmlunit.WebWindow)4
AttachmentHandler (com.gargoylesoftware.htmlunit.attachment.AttachmentHandler)4
HtmlPage (com.gargoylesoftware.htmlunit.html.HtmlPage)4
BatchFile (hudson.tasks.BatchFile)4
File (java.io.File)4
LinkedList (java.util.LinkedList)4
ZipFile (java.util.zip.ZipFile)4
VirtualFile (jenkins.util.VirtualFile)4
Issue (org.jvnet.hudson.test.Issue)4
WebResponse (com.gargoylesoftware.htmlunit.WebResponse)3
ExtensionList (hudson.ExtensionList)3
ArrayList (java.util.ArrayList)3
List (java.util.List)3
JenkinsRule (org.jvnet.hudson.test.JenkinsRule)3
InputStream (java.io.InputStream)2
CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)2
WebRequest (com.gargoylesoftware.htmlunit.WebRequest)1
