diff options
author | Tor Brede Vekterli <vekterli@oath.com> | 2018-04-10 14:17:59 +0200 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@oath.com> | 2018-04-10 14:17:59 +0200 |
commit | 22ed89fdcab1a4f01eb3c6641784d151b84b44d1 (patch) | |
tree | 0a73b6076a9922ffaee82ca0d1fd67bfb641c41b /vespaclient-container-plugin/src/test/java/com/yahoo/document/restapi/resource/RestApiTest.java | |
parent | 77099bae5bcddf36acf2bad25d01bba74e7eccb2 (diff) |
Improve validation and escaping of number/group visiting parameters
Also use explicit `==` equality operator instead of `=` in generated expression.
Diffstat (limited to 'vespaclient-container-plugin/src/test/java/com/yahoo/document/restapi/resource/RestApiTest.java')
-rw-r--r-- | vespaclient-container-plugin/src/test/java/com/yahoo/document/restapi/resource/RestApiTest.java | 53 |
1 files changed, 52 insertions, 1 deletions
diff --git a/vespaclient-container-plugin/src/test/java/com/yahoo/document/restapi/resource/RestApiTest.java b/vespaclient-container-plugin/src/test/java/com/yahoo/document/restapi/resource/RestApiTest.java index eb06af41348..be8915496ac 100644 --- a/vespaclient-container-plugin/src/test/java/com/yahoo/document/restapi/resource/RestApiTest.java +++ b/vespaclient-container-plugin/src/test/java/com/yahoo/document/restapi/resource/RestApiTest.java @@ -24,6 +24,9 @@ import org.junit.Ignore; import org.junit.Test; import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.net.URLEncoder; +import java.nio.charset.StandardCharsets; import java.nio.file.Paths; import static org.hamcrest.core.Is.is; @@ -291,7 +294,7 @@ public class RestApiTest { } String visit_test_uri_selection_rewrite = "/document/v1/namespace/document-type/group/abc?continuation=abc"; - String visit_test_response_selection_rewrite = "doc selection: 'id.group='abc''"; + String visit_test_response_selection_rewrite = "doc selection: 'id.group=='abc''"; @Test @@ -302,6 +305,54 @@ public class RestApiTest { assertThat(rest, containsString(visit_test_response_selection_rewrite)); } + private static String encoded(String original) { + try { + return URLEncoder.encode(original, StandardCharsets.UTF_8.name()); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + } + + private String performV1RestCall(String pathSuffix) { + try { + Request request = new Request(String.format("http://localhost:%s/document/v1/namespace/document-type/%s", + getFirstListenPort(), pathSuffix)); + HttpGet get = new HttpGet(request.getUri()); + return doRest(get); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + private void assertResultingDocumentSelection(String suffix, String expected) { + String output = performV1RestCall(suffix); + assertThat(output, containsString(String.format("doc selection: '%s'", expected))); + } + + private void assertGroupDocumentSelection(String group, String expected) { + assertResultingDocumentSelection("group/" + encoded(group), expected); + } + + @Test + public void group_strings_are_escaped() { + assertGroupDocumentSelection("'", "id.group=='\\''"); + assertGroupDocumentSelection("hello 'world'", "id.group=='hello \\'world\\''"); + assertGroupDocumentSelection("' goodbye moon", "id.group=='\\' goodbye moon'"); + } + + private void assertNumericIdFailsParsing(String id) { + String output = performV1RestCall(String.format("number/%s", encoded(id))); + assertThat(output, containsString("Failed to parse numeric part of selection URI")); + } + + @Test + public void invalid_numeric_id_returns_error() { + assertNumericIdFailsParsing("123a"); + assertNumericIdFailsParsing("a123"); + assertNumericIdFailsParsing("0x1234"); + assertNumericIdFailsParsing("\u0000"); + } + @Test public void wanted_document_count_returned_parameter_is_propagated() throws IOException { Request request = new Request(String.format("http://localhost:%s/document/v1/namespace/document-type/docid/?wantedDocumentCount=321", getFirstListenPort())); |