public void testPrivileged() throws Exception { // setting up String namespace_Priv = "previlege"; String namespace_UnPriv = "unprevilege"; String name1 = "one"; String name2 = "two"; String name3 = "three"; String name4 = "four"; Mockito.when(mci.isPrivilegedNamespace(namespace_Priv)).thenReturn(true); Mockito.when(mci.isPrivilegedNamespace(namespace_UnPriv)).thenReturn(false); // create empty stack, sanity check InstanceStack iStack = new InstanceStack(); iStack.setConfigAdapter(mci); assertFalse("stack should has topUnprivileged=null at the beginning", iStack.isUnprivileged()); // start pushing TestInstance one = new TestInstance(namespace_Priv, name1); iStack.pushInstance(one, one.getDescriptor()); assertFalse( "topUnprivileged is still null after pushing in one previleged instance:instance1", iStack.isUnprivileged()); TestInstance two = new TestInstance(namespace_UnPriv, name2); iStack.pushInstance(two, two.getDescriptor()); assertTrue( "topUnprivileged should become first unprivilege instance:instance2", iStack.isUnprivileged()); TestInstance three = new TestInstance(namespace_Priv, name3); iStack.pushInstance(three, three.getDescriptor()); assertTrue( "topUnprivileged should remain unchanged after pushing in a new privilege instance:instance3", iStack.isUnprivileged()); TestInstance four = new TestInstance(namespace_UnPriv, name4); iStack.pushInstance(four, four.getDescriptor()); assertTrue( "topUnprivileged should be unchanged after pushing in a new unprivilege instance:instance4", iStack.isUnprivileged()); // start poping iStack.popInstance(four); assertTrue( "topUnprivileged should be unchanged after poping out unprivilege instance:instance4", iStack.isUnprivileged()); iStack.popInstance(three); assertTrue( "topUnprivileged should be unchanged after poping out privilege instance:instance3", iStack.isUnprivileged()); iStack.popInstance(two); assertFalse( "topUnprivileged should become null after poping out first unprivilege instance:instance2", iStack.isUnprivileged()); iStack.popInstance(one); assertFalse( "topUnprivileged should be unchanged(null) after poping out instance1", iStack.isUnprivileged()); }
@Override public List<String> getFrameworkFallbackScripts( AuraContext context, boolean safeInlineJs, Map<String, Object> attributes) throws QuickFixException { List<String> ret = Lists.newArrayList(); // appcache fallback can only use for items NOT listed in the CACHE section of the manifest ret.add( getBootstrapUrl(context, attributes) + " " + getBootstrapFallbackUrl(context, attributes)); ret.add( configAdapter.getEncryptionKeyURL(true) + " " + configAdapter.getEncryptionKeyFallbackURL(true)); return ret; }
/** Get the set of base scripts for a context. */ @Override public List<String> getBaseScripts(AuraContext context) throws QuickFixException { ConfigAdapter config = Aura.getConfigAdapter(); Set<String> ret = Sets.newLinkedHashSet(); String html5ShivURL = config.getHTML5ShivURL(); if (html5ShivURL != null) { ret.add(html5ShivURL); } ret.add(config.getJSLibsURL()); ret.addAll(getClientLibraryUrls(context, ClientLibraryDef.Type.JS)); // framework js should be after other client libraries ret.add(config.getAuraJSURL()); return new ArrayList<>(ret); }
/** Sets mandatory headers, notably for anti-clickjacking. */ @Override public void setCSPHeaders(DefDescriptor<?> top, HttpServletRequest req, HttpServletResponse rsp) { if (canSkipCSPHeader(top, req)) { return; } ContentSecurityPolicy csp = configAdapter.getContentSecurityPolicy(top == null ? null : top.getQualifiedName(), req); if (csp != null) { rsp.setHeader(CSP.Header.SECURE, csp.getCspHeaderValue()); Collection<String> terms = csp.getFrameAncestors(); if (terms != null) { // not open to the world; figure whether we can express an X-FRAME-OPTIONS header: if (terms.size() == 0) { // closed to any framing at all rsp.setHeader(HDR_FRAME_OPTIONS, HDR_FRAME_DENY); } else if (terms.size() == 1) { // With one ancestor term, we're either SAMEORIGIN or ALLOWFROM for (String site : terms) { if (site == null) { // Add same-origin headers and policy terms rsp.addHeader(HDR_FRAME_OPTIONS, HDR_FRAME_SAMEORIGIN); } else if (!site.contains("*") && !site.matches("^[a-z]+:$")) { // XFO can't express wildcards or protocol-only, so set only for a specific site: rsp.addHeader(HDR_FRAME_OPTIONS, HDR_FRAME_ALLOWFROM + site); } else { // When XFO can't express it, still set an ALLOWALL so filters don't jump in rsp.addHeader(HDR_FRAME_OPTIONS, HDR_FRAME_ALLOWALL); } } } } } }
/** Check to see if we are in production mode. */ @Override public boolean isProductionMode(Mode mode) { return mode == Mode.PROD || configAdapter.isProduction(); }
@Override public String getFrameworkUrl() { return configAdapter.getAuraJSURL(); }
public InstanceStackTest(String name) { super(name); mci = Mockito.mock(ConfigAdapter.class); Mockito.when(mci.isPrivilegedNamespace((String) Mockito.any())).thenReturn(true); }