Example #1
0
 public void testPrivileged() throws Exception {
   // setting up
   String namespace_Priv = "previlege";
   String namespace_UnPriv = "unprevilege";
   String name1 = "one";
   String name2 = "two";
   String name3 = "three";
   String name4 = "four";
   Mockito.when(mci.isPrivilegedNamespace(namespace_Priv)).thenReturn(true);
   Mockito.when(mci.isPrivilegedNamespace(namespace_UnPriv)).thenReturn(false);
   // create empty stack, sanity check
   InstanceStack iStack = new InstanceStack();
   iStack.setConfigAdapter(mci);
   assertFalse("stack should has topUnprivileged=null at the beginning", iStack.isUnprivileged());
   // start pushing
   TestInstance one = new TestInstance(namespace_Priv, name1);
   iStack.pushInstance(one, one.getDescriptor());
   assertFalse(
       "topUnprivileged is still null after pushing in one previleged instance:instance1",
       iStack.isUnprivileged());
   TestInstance two = new TestInstance(namespace_UnPriv, name2);
   iStack.pushInstance(two, two.getDescriptor());
   assertTrue(
       "topUnprivileged should become first unprivilege instance:instance2",
       iStack.isUnprivileged());
   TestInstance three = new TestInstance(namespace_Priv, name3);
   iStack.pushInstance(three, three.getDescriptor());
   assertTrue(
       "topUnprivileged should remain unchanged after pushing in a new privilege instance:instance3",
       iStack.isUnprivileged());
   TestInstance four = new TestInstance(namespace_UnPriv, name4);
   iStack.pushInstance(four, four.getDescriptor());
   assertTrue(
       "topUnprivileged should be unchanged after pushing in a new unprivilege instance:instance4",
       iStack.isUnprivileged());
   // start poping
   iStack.popInstance(four);
   assertTrue(
       "topUnprivileged should be unchanged after poping out unprivilege instance:instance4",
       iStack.isUnprivileged());
   iStack.popInstance(three);
   assertTrue(
       "topUnprivileged should be unchanged after poping out privilege instance:instance3",
       iStack.isUnprivileged());
   iStack.popInstance(two);
   assertFalse(
       "topUnprivileged should become null after poping out first unprivilege instance:instance2",
       iStack.isUnprivileged());
   iStack.popInstance(one);
   assertFalse(
       "topUnprivileged should be unchanged(null) after poping out instance1",
       iStack.isUnprivileged());
 }
 @Override
 public List<String> getFrameworkFallbackScripts(
     AuraContext context, boolean safeInlineJs, Map<String, Object> attributes)
     throws QuickFixException {
   List<String> ret = Lists.newArrayList();
   // appcache fallback can only use for items NOT listed in the CACHE section of the manifest
   ret.add(
       getBootstrapUrl(context, attributes) + " " + getBootstrapFallbackUrl(context, attributes));
   ret.add(
       configAdapter.getEncryptionKeyURL(true)
           + " "
           + configAdapter.getEncryptionKeyFallbackURL(true));
   return ret;
 }
  /** Get the set of base scripts for a context. */
  @Override
  public List<String> getBaseScripts(AuraContext context) throws QuickFixException {
    ConfigAdapter config = Aura.getConfigAdapter();
    Set<String> ret = Sets.newLinkedHashSet();

    String html5ShivURL = config.getHTML5ShivURL();
    if (html5ShivURL != null) {
      ret.add(html5ShivURL);
    }

    ret.add(config.getJSLibsURL());

    ret.addAll(getClientLibraryUrls(context, ClientLibraryDef.Type.JS));
    // framework js should be after other client libraries
    ret.add(config.getAuraJSURL());

    return new ArrayList<>(ret);
  }
  /** Sets mandatory headers, notably for anti-clickjacking. */
  @Override
  public void setCSPHeaders(DefDescriptor<?> top, HttpServletRequest req, HttpServletResponse rsp) {

    if (canSkipCSPHeader(top, req)) {
      return;
    }

    ContentSecurityPolicy csp =
        configAdapter.getContentSecurityPolicy(top == null ? null : top.getQualifiedName(), req);

    if (csp != null) {
      rsp.setHeader(CSP.Header.SECURE, csp.getCspHeaderValue());
      Collection<String> terms = csp.getFrameAncestors();
      if (terms != null) {
        // not open to the world; figure whether we can express an X-FRAME-OPTIONS header:
        if (terms.size() == 0) {
          // closed to any framing at all
          rsp.setHeader(HDR_FRAME_OPTIONS, HDR_FRAME_DENY);
        } else if (terms.size() == 1) {
          // With one ancestor term, we're either SAMEORIGIN or ALLOWFROM
          for (String site : terms) {
            if (site == null) {
              // Add same-origin headers and policy terms
              rsp.addHeader(HDR_FRAME_OPTIONS, HDR_FRAME_SAMEORIGIN);
            } else if (!site.contains("*") && !site.matches("^[a-z]+:$")) {
              // XFO can't express wildcards or protocol-only, so set only for a specific site:
              rsp.addHeader(HDR_FRAME_OPTIONS, HDR_FRAME_ALLOWFROM + site);
            } else {
              // When XFO can't express it, still set an ALLOWALL so filters don't jump in
              rsp.addHeader(HDR_FRAME_OPTIONS, HDR_FRAME_ALLOWALL);
            }
          }
        }
      }
    }
  }
 /** Check to see if we are in production mode. */
 @Override
 public boolean isProductionMode(Mode mode) {
   return mode == Mode.PROD || configAdapter.isProduction();
 }
 @Override
 public String getFrameworkUrl() {
   return configAdapter.getAuraJSURL();
 }
Example #7
0
 public InstanceStackTest(String name) {
   super(name);
   mci = Mockito.mock(ConfigAdapter.class);
   Mockito.when(mci.isPrivilegedNamespace((String) Mockito.any())).thenReturn(true);
 }