8000 add logging for url cleanup and more tests with links · github-cloud/github-plugin@12aaa78 · GitHub
[go: up one dir, main page]
Skip to content

Commit 12aaa78

Browse files
lanwenlanwen
committed
add logging for url cleanup and more tests with links
1 parent 159934f commit 12aaa78

File tree

2 files changed

+22
-2
lines changed

2 files changed

+22
-2
lines changed

src/main/java/org/jenkinsci/plugins/github/util/XSSApi.java

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,20 @@
11
package org.jenkinsci.plugins.github.util;
22

3+
import org.kohsuke.accmod.Restricted;
4+
import org.kohsuke.accmod.restrictions.NoExternalUse;
5+
import org.slf4j.Logger;
6+
import org.slf4j.LoggerFactory;
7+
38
import java.net.MalformedURLException;
49
import java.net.URL;
510

611
/**
712
* @author lanwen (Merkushev Kirill)
813
*/
14+
@Restricted(NoExternalUse.class)
915
public final class XSSApi {
16+
private static final Logger LOG = LoggerFactory.getLogger(XSSApi.class);
17+
1018
private XSSApi() {
1119
}
1220

@@ -21,6 +29,7 @@ public static String asValidHref(String urlString) {
2129
try {
2230
return new URL(urlString).toExternalForm();
2331
} catch (MalformedURLException e) {
32+
LOG.debug("Malformed url - {}, empty string will be returned", urlString);
2433
return "";
2534
}
2635
}

src/test/java/org/jenkinsci/plugins/github/util/XSSApiTest.java

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
import org.junit.Test;
77
import org.junit.runner.RunWith;
88

9+
import static java.lang.String.format;
910
import static org.hamcrest.MatcherAssert.assertThat;
1011
import static org.hamcrest.Matchers.is;
1112

@@ -19,16 +20,26 @@ public class XSSApiTest {
1920
public static Object[][] links() {
2021
return new Object[][]{
2122
new Object[]{"javascript:alert(1);//", ""},
23+
new Object[]{"javascript:alert(1)://", ""},
2224
new Object[]{"http://abcxyz.com?a=b&c=d';alert(1);//", "http://abcxyz.com?a=b&c=d';alert(1);//"},
2325
new Object[]{"http://github.com/bla/bla", "http://github.com/bla/bla"},
2426
new Object[]{"https://github.com/bla/bla", "https://github.com/bla/bla"},
25-
new Object[]{"https://company.com/bla", "https://company.com/bla"}
27+
new Object[]{"https://company.com/bla", "https://company.com/bla"},
28+
new Object[]{"/company.com/bla", ""},
29+
new Object[]{"//", ""},
30+
new Object[]{"//text", ""},
31+
new Object[]{"//text/", ""},
32+
new Object[]{"ftp://", "ftp:"},
33+
new Object[]{"ftp://a", "ftp://a"},
34+
new Object[]{"text", ""},
35+
new Object[]{"github.com/bla/bla", ""},
36+
new Object[]{"http://127.0.0.1/", "http://127.0.0.1/"},
2637
};
2738
}
2839

2940
@Test
3041
@UseDataProvider("links")
3142
public void shouldSanitizeUrl(String url, String expected) throws Exception {
32-
assertThat(XSSApi.asValidHref(url), is(expected));
43+
assertThat(format("For %s", url), XSSApi.asValidHref(url), is(expected));
3344
}
3445
}

0 commit comments

Comments
 (0)
0