/** * Generate a remote content request based on the parameters sent from the client. */ private HttpRequest buildHttpRequest( ProxyUriManager.ProxyUri uriCtx, Uri tgt) throws GadgetException { ServletUtil.validateUrl(tgt); HttpRequest req = uriCtx.makeHttpRequest(tgt); req.setRewriteMimeType(uriCtx.getRewriteMimeType()); return req; }
@Test public void validProxiedImageAccepted() throws Exception { HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("image/*"); HttpResponse response = new HttpResponseBuilder().setResponse( IOUtils.toByteArray(getClass().getClassLoader().getResourceAsStream( "org/apache/shindig/gadgets/rewrite/image/inefficient.png"))).create(); assertNull(rewrite(req, response)); }
@Test public void validProxiedImageAccepted() throws Exception { Gadget gadget = mockGadget(); control.replay(); HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("image/*"); HttpResponse response = new HttpResponseBuilder().setResponse( IOUtils.toByteArray(getClass().getClassLoader().getResourceAsStream( "org/apache/shindig/gadgets/rewrite/image/inefficient.png"))).create(); assertNull(rewrite(req, response)); assertNull(rewrite(req, response, gadget)); }
@Test public void validProxiedImageAccepted() throws Exception { Gadget gadget = mockGadget(); control.replay(); HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("image/*"); HttpResponse response = new HttpResponseBuilder().setResponse( IOUtils.toByteArray(getClass().getClassLoader().getResourceAsStream( "org/apache/shindig/gadgets/rewrite/image/inefficient.png"))).create(); assertNull(rewrite(req, response)); assertNull(rewrite(req, response, gadget)); }
@Test public void enforceInvalidProxedImageRejected() throws Exception { HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("image/*"); HttpResponse response = new HttpResponseBuilder().setResponse("NOTIMAGE".getBytes()).create(); String sanitized = ""; assertEquals(sanitized, rewrite(req, response)); }
@Test public void testJsWithoutCaja() throws Exception { HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("text/javascript"); req.setCajaRequested(false); HttpResponse response = new HttpResponseBuilder().setResponseString("var a;").create(); String sanitized = "var a;"; assertTrue(rewrite(req, response).contains(sanitized)); }
@Test public void testJs() throws Exception { HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("text/javascript"); req.setCajaRequested(true); HttpResponse response = new HttpResponseBuilder().setResponseString("var a;").create(); String sanitized = "$v.initOuter('a');"; assertTrue(rewrite(req, response).contains(sanitized)); }
@Test public void testJs() throws Exception { Gadget gadget = mockGadget(); control.replay(); HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("text/javascript"); req.setCajaRequested(true); HttpResponse response = new HttpResponseBuilder().setResponseString("var a;").create(); String sanitized = "___.di(IMPORTS___,'a');"; assertTrue(rewrite(req, response).contains(sanitized)); assertTrue(rewrite(req, response, gadget).contains(sanitized)); }
@Test public void testJsWithoutCaja() throws Exception { Gadget gadget = mockGadget(); control.replay(); HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("text/javascript"); req.setCajaRequested(false); HttpResponse response = new HttpResponseBuilder().setResponseString("var a;").create(); String sanitized = "var a;"; assertTrue(rewrite(req, response).contains(sanitized)); assertTrue(rewrite(req, response, gadget).contains(sanitized)); }
@Test public void testJs() throws Exception { Gadget gadget = mockGadget(); control.replay(); HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("text/javascript"); req.setCajaRequested(true); HttpResponse response = new HttpResponseBuilder().setResponseString("var a;").create(); String sanitized = "___.di(IMPORTS___,'a');"; assertTrue(rewrite(req, response).contains(sanitized)); assertTrue(rewrite(req, response, gadget).contains(sanitized)); }
@Test public void testJsWithoutCaja() throws Exception { Gadget gadget = mockGadget(); control.replay(); HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("text/javascript"); req.setCajaRequested(false); HttpResponse response = new HttpResponseBuilder().setResponseString("var a;").create(); String sanitized = "var a;"; assertTrue(rewrite(req, response).contains(sanitized)); assertTrue(rewrite(req, response, gadget).contains(sanitized)); }
private void verifyMime(String requestMime, String responseMime, String expectedMime) throws Exception { String url = "http://example.org/foo"; HttpRequest req = new HttpRequest(Uri.parse(url)) .setRewriteMimeType(requestMime); HttpResponseBuilder builder = new HttpResponseBuilder() .setHeader("Content-Type", responseMime); UriUtils.maybeRewriteContentType(req, builder); assertEquals(expectedMime, builder.getHeader("Content-Type")); }
@Test public void enforceUnknownMimeTypeRejected() throws Exception { HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("text/foo"); HttpResponse response = new HttpResponseBuilder().setResponseString("doEvil()").create(); String sanitized = ""; assertEquals(sanitized, rewrite(req, response)); }
@Test public void enforceInvalidProxedCssRejected() throws Exception { HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("text/css"); HttpResponse response = new HttpResponseBuilder().setResponseString("doEvil()").create(); String sanitized = ""; assertEquals(sanitized, rewrite(req, response)); }
@Test public void enforceInvalidProxedImageRejected() throws Exception { Gadget gadget = mockGadget(); control.replay(); HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("image/*"); HttpResponse response = new HttpResponseBuilder().setResponse("NOTIMAGE".getBytes()).create(); String sanitized = ""; assertEquals(sanitized, rewrite(req, response)); assertEquals(sanitized, rewrite(req, response, gadget)); }
@Test public void testNonJs() throws Exception { HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("text/html"); req.setCajaRequested(true); HttpResponse response = new HttpResponseBuilder().setResponseString("<html></html>").create(); assertEquals("", rewrite(req, response)); } }
@Test public void enforceUnknownMimeTypeRejected() throws Exception { Gadget gadget = mockGadget(); control.replay(); HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("text/foo"); HttpResponse response = new HttpResponseBuilder().setResponseString("doEvil()").create(); String sanitized = ""; assertEquals(sanitized, rewrite(req, response)); assertEquals(sanitized, rewrite(req, response, gadget)); }
@Test public void enforceInvalidProxedCssRejected() throws Exception { Gadget gadget = mockGadget(); control.replay(); HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("text/css"); HttpResponse response = new HttpResponseBuilder().setResponseString("doEvil()").create(); String sanitized = ""; assertEquals(sanitized, rewrite(req, response)); assertEquals(sanitized, rewrite(req, response, gadget)); }
@Test public void testNonJs() throws Exception { Gadget gadget = mockGadget(); control.replay(); HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("text/html"); req.setCajaRequested(true); HttpResponse response = new HttpResponseBuilder().setResponseString("<html></html>").create(); assertEquals("", rewrite(req, response)); assertEquals("", rewrite(req, response, gadget)); } }
@Test public void testNonJs() throws Exception { Gadget gadget = mockGadget(); control.replay(); HttpRequest req = new HttpRequest(CONTENT_URI); req.setRewriteMimeType("text/html"); req.setCajaRequested(true); HttpResponse response = new HttpResponseBuilder().setResponseString("<html></html>").create(); assertEquals("", rewrite(req, response)); assertEquals("", rewrite(req, response, gadget)); } }