public void testPrivileged() throws Exception {
// setting up
String namespace_Priv = "previlege";
String namespace_UnPriv = "unprevilege";
String name1 = "one";
String name2 = "two";
String name3 = "three";
String name4 = "four";
Mockito.when(mci.isPrivilegedNamespace(namespace_Priv)).thenReturn(true);
Mockito.when(mci.isPrivilegedNamespace(namespace_UnPriv)).thenReturn(false);
// create empty stack, sanity check
InstanceStack iStack = new InstanceStack();
iStack.setConfigAdapter(mci);
assertFalse("stack should has topUnprivileged=null at the beginning", iStack.isUnprivileged());
// start pushing
TestInstance one = new TestInstance(namespace_Priv, name1);
iStack.pushInstance(one, one.getDescriptor());
assertFalse(
"topUnprivileged is still null after pushing in one previleged instance:instance1",
iStack.isUnprivileged());
TestInstance two = new TestInstance(namespace_UnPriv, name2);
iStack.pushInstance(two, two.getDescriptor());
assertTrue(
"topUnprivileged should become first unprivilege instance:instance2",
iStack.isUnprivileged());
TestInstance three = new TestInstance(namespace_Priv, name3);
iStack.pushInstance(three, three.getDescriptor());
assertTrue(
"topUnprivileged should remain unchanged after pushing in a new privilege instance:instance3",
iStack.isUnprivileged());
TestInstance four = new TestInstance(namespace_UnPriv, name4);
iStack.pushInstance(four, four.getDescriptor());
assertTrue(
"topUnprivileged should be unchanged after pushing in a new unprivilege instance:instance4",
iStack.isUnprivileged());
// start poping
iStack.popInstance(four);
assertTrue(
"topUnprivileged should be unchanged after poping out unprivilege instance:instance4",
iStack.isUnprivileged());
iStack.popInstance(three);
assertTrue(
"topUnprivileged should be unchanged after poping out privilege instance:instance3",
iStack.isUnprivileged());
iStack.popInstance(two);
assertFalse(
"topUnprivileged should become null after poping out first unprivilege instance:instance2",
iStack.isUnprivileged());
iStack.popInstance(one);
assertFalse(
"topUnprivileged should be unchanged(null) after poping out instance1",
iStack.isUnprivileged());
}
@Override
public List<String> getFrameworkFallbackScripts(
AuraContext context, boolean safeInlineJs, Map<String, Object> attributes)
throws QuickFixException {
List<String> ret = Lists.newArrayList();
// appcache fallback can only use for items NOT listed in the CACHE section of the manifest
ret.add(
getBootstrapUrl(context, attributes) + " " + getBootstrapFallbackUrl(context, attributes));
ret.add(
configAdapter.getEncryptionKeyURL(true)
+ " "
+ configAdapter.getEncryptionKeyFallbackURL(true));
return ret;
}
/** Get the set of base scripts for a context. */
@Override
public List<String> getBaseScripts(AuraContext context) throws QuickFixException {
ConfigAdapter config = Aura.getConfigAdapter();
Set<String> ret = Sets.newLinkedHashSet();
String html5ShivURL = config.getHTML5ShivURL();
if (html5ShivURL != null) {
ret.add(html5ShivURL);
}
ret.add(config.getJSLibsURL());
ret.addAll(getClientLibraryUrls(context, ClientLibraryDef.Type.JS));
// framework js should be after other client libraries
ret.add(config.getAuraJSURL());
return new ArrayList<>(ret);
}
/** Sets mandatory headers, notably for anti-clickjacking. */
@Override
public void setCSPHeaders(DefDescriptor<?> top, HttpServletRequest req, HttpServletResponse rsp) {
if (canSkipCSPHeader(top, req)) {
return;
}
ContentSecurityPolicy csp =
configAdapter.getContentSecurityPolicy(top == null ? null : top.getQualifiedName(), req);
if (csp != null) {
rsp.setHeader(CSP.Header.SECURE, csp.getCspHeaderValue());
Collection<String> terms = csp.getFrameAncestors();
if (terms != null) {
// not open to the world; figure whether we can express an X-FRAME-OPTIONS header:
if (terms.size() == 0) {
// closed to any framing at all
rsp.setHeader(HDR_FRAME_OPTIONS, HDR_FRAME_DENY);
} else if (terms.size() == 1) {
// With one ancestor term, we're either SAMEORIGIN or ALLOWFROM
for (String site : terms) {
if (site == null) {
// Add same-origin headers and policy terms
rsp.addHeader(HDR_FRAME_OPTIONS, HDR_FRAME_SAMEORIGIN);
} else if (!site.contains("*") && !site.matches("^[a-z]+:$")) {
// XFO can't express wildcards or protocol-only, so set only for a specific site:
rsp.addHeader(HDR_FRAME_OPTIONS, HDR_FRAME_ALLOWFROM + site);
} else {
// When XFO can't express it, still set an ALLOWALL so filters don't jump in
rsp.addHeader(HDR_FRAME_OPTIONS, HDR_FRAME_ALLOWALL);
}
}
}
}
}
}
/** Check to see if we are in production mode. */
@Override
public boolean isProductionMode(Mode mode) {
return mode == Mode.PROD || configAdapter.isProduction();
}
@Override
public String getFrameworkUrl() {
return configAdapter.getAuraJSURL();
}
public InstanceStackTest(String name) {
super(name);
mci = Mockito.mock(ConfigAdapter.class);
Mockito.when(mci.isPrivilegedNamespace((String) Mockito.any())).thenReturn(true);
}
