mirror
/
c9-core
kopia lustrzana https://github.com/c9/core
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

add more tests for xss

pull/467/head
nightwing 2017-10-23 16:12:51 +04:00
rodzic 69a7f555bf
commit cbd06931f5
7 zmienionych plików z 195 dodań i 16 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

2
plugins/c9.fs/fs.streams.js
Wyświetl plik

@ -7,7 +7,7 @@ return function(vfs, base, baseProc, cli) {
var resolvePath = function(path, basePath) { var resolvePath = function(path, basePath) {
if (path.charAt(0) == "~") { if (path.charAt(0) == "~") {
if (cli && typeof process != "undefined") if (cli && typeof process != "undefined" && process.env)
return process.env.HOME + "/" + path.substr(1); return process.env.HOME + "/" + path.substr(1);
return path; return path;
} }

6
plugins/c9.ide.immediate/evaluators/browserjs.js
Wyświetl plik

@ -21,6 +21,8 @@ define(function(require, exports, module) {
var Evaluator = imports.Evaluator; var Evaluator = imports.Evaluator;
var ui = imports.ui; var ui = imports.ui;
var escapeHTML = require("ace/lib/lang").escapeHTML;
/***** Initialization *****/ /***** Initialization *****/
var plugin = new Evaluator("Ajax.org", main.consumes, { var plugin = new Evaluator("Ajax.org", main.consumes, {
@ -108,7 +110,7 @@ define(function(require, exports, module) {
function insert(div, markup, name) { function insert(div, markup, name) {
if (name !== undefined) if (name !== undefined)
insert(div, "<span class='property'>" + name + ": </span>"); insert(div, "<span class='property'>" + escapeHTML(name) + ": </span>");
markup = markup.replace(/([a-z]\w{1,4}:\/\/[\w:_\-\?&\/\.\#]*)/gi, "<a>$1</a>"); markup = markup.replace(/([a-z]\w{1,4}:\/\/[\w:_\-\?&\/\.\#]*)/gi, "<a>$1</a>");
div.insertAdjacentHTML("beforeend", markup); div.insertAdjacentHTML("beforeend", markup);
@ -279,7 +281,7 @@ define(function(require, exports, module) {
var count = Math.min(Math.min(props.length, 5), var count = Math.min(Math.min(props.length, 5),
Math.max(0, 100 - object.length)); Math.max(0, 100 - object.length));
for (var i = 0; i < count; i++) { for (var i = 0; i < count; i++) {
insert(preview, (found || i !== 0 ? ", " : "") + props[i] + ": "); insert(preview, (found || i !== 0 ? ", " : "") + escapeHTML(props[i]) + ": ");
renderType(object[props[i]], preview, false, 2); renderType(object[props[i]], preview, false, 2);
} }
if (props.length > count) if (props.length > count)

4
plugins/c9.ide.immediate/evaluators/debugnode.js
Wyświetl plik

@ -113,7 +113,7 @@ define(function(require, exports, module) {
function insert(div, markup, name) { function insert(div, markup, name) {
if (name !== undefined) if (name !== undefined)
insert(div, "<span class='property'>" + name + ": </span>"); insert(div, "<span class='property'>" + escapeHTML(name) + ": </span>");
markup = markup.replace(/([a-z]\w{1,4}:\/\/[\w:_\-\?&\/\.\#]*)/gi, "<a>$1</a>"); markup = markup.replace(/([a-z]\w{1,4}:\/\/[\w:_\-\?&\/\.\#]*)/gi, "<a>$1</a>");
div.insertAdjacentHTML("beforeend", markup); div.insertAdjacentHTML("beforeend", markup);
@ -319,7 +319,7 @@ define(function(require, exports, module) {
var count = Math.min(Math.min(props.length, 5), var count = Math.min(Math.min(props.length, 5),
Math.max(0, 100 - object.length)); Math.max(0, 100 - object.length));
for (var i = 0; i < count; i++) { for (var i = 0; i < count; i++) {
insert(preview, (i !== 0 ? ", " : "") + props[i] + ": "); insert(preview, (i !== 0 ? ", " : "") + escapeHTML(props[i]) + ": ");
renderType(props[i], preview, false, 2); renderType(props[i], preview, false, 2);
} }
if (props.length > count) if (props.length > count)

6
plugins/c9.ide.language.core/outline.js
Wyświetl plik

@ -653,7 +653,11 @@ define(function(require, exports, module) {
/** /**
* *
*/ */
addOutlinePlugin: addOutlinePlugin addOutlinePlugin: addOutlinePlugin,
/**
* @ignore
*/
get tree() { return tree },
}); });
register(null, { register(null, {

23
plugins/c9.ide.terminal/terminal_test.js
Wyświetl plik

@ -1,4 +1,4 @@
/*global describe it before after bar =*/ /*global describe it before after bar*/
"use client"; "use client";
@ -69,9 +69,6 @@ require(["lib/architect/architect", "lib/chai/chai", "/vfs-root"], function (arc
describe('terminal', function() { describe('terminal', function() {
before(function(done) { before(function(done) {
apf.config.setProperty("allow-select", false);
apf.config.setProperty("allow-blur", false);
bar.$ext.style.background = "rgba(220, 220, 220, 0.93)"; bar.$ext.style.background = "rgba(220, 220, 220, 0.93)";
bar.$ext.style.position = "fixed"; bar.$ext.style.position = "fixed";
bar.$ext.style.left = "20px"; bar.$ext.style.left = "20px";
@ -153,16 +150,24 @@ require(["lib/architect/architect", "lib/chai/chai", "/vfs-root"], function (arc
it('should handle multiple terminals in the same pane', function(done) { it('should handle multiple terminals in the same pane', function(done) {
tabs.openEditor("terminal", function(err, tab) { tabs.openEditor("terminal", function(err, tab) {
expect(err).to.not.ok;
expect(tabs.getTabs()).length(2); expect(tabs.getTabs()).length(2);
tab.activate(); tab.activate();
var doc = tab.document; var doc = tab.document;
doc.on("setTitle", function c1() { doc.once("setTitle", function() {
// expect(doc.title).match(new RegExp("^bash - ")); var terminal = tab.editor.ace.session.term;
terminal.once("afterWrite", function() {
doc.off("setTitle", c1); expect(window.xss).to.not.ok;
done(); terminal.write("echo \"<img onerror='window.xss=1' src=':error'>\"");
tab.editor.ace.resize(true);
expect(tab.editor.ace.container.textContent.indexOf("<img")).to.not.equal(-1);
setTimeout(function() {
expect(window.xss).to.not.ok;
done();
});
});
}); });
}); });
}); });

1
plugins/c9.vfs.client/vfs_client_mock.js
Wyświetl plik

@ -93,7 +93,6 @@ define(function(require, exports, module) {
plugin.freezePublicAPI({ plugin.freezePublicAPI({
on: function() {}, on: function() {},
once: function() {}, once: function() {},
connected: true,
get connection() { return connection; }, get connection() { return connection; },
get connecting() { return false; }, get connecting() { return false; },

169
plugins/c9.vfs.client/vfs_client_mock_test.js 100644
Wyświetl plik

@ -0,0 +1,169 @@
/*global describe it before after bar*/
"use client";
require(["lib/architect/architect", "lib/chai/chai", "configs/ide/default"], function(architect, chai) {
var expect = chai.expect;
function offlineConfig() {
var plugins = require("configs/ide/default")({
staticPrefix: "/static",
workspaceDir: "/",
workspaceId: "/",
workspaceName: "/",
home: "/",
platform: "linux",
installPath: "/",
manifest: {},
project: {},
user: {},
standalone: true,
previewUrl: "",
dashboardUrl: "",
themePrefix: "/static/standalone/skin/default",
});
var excludes = [
"plugins/c9.ide.immediate/evaluators/debugnode",
"plugins/c9.ide.test.mocha/mocha",
"plugins/c9.ide.find/find.nak",
"plugins/c9.ide.terminal/terminal",
"plugins/c9.ide.test/all",
"plugins/c9.ide.find/find",
"plugins/c9.ide.terminal/link_handler",
"plugins/c9.ide.test/coverage",
"plugins/c9.ide.test/coverage",
"plugins/c9.ide.test/results",
"plugins/c9.ide.test/testrunner",
"plugins/c9.ide.find.infiles/findinfiles",
"plugins/c9.ide.language.codeintel/codeintel",
"plugins/c9.ide.language.go/go",
"plugins/c9.ide.language.python/python",
"plugins/c9.ide.test/coverageview",
"plugins/c9.cli.bridge/bridge_commands",
"plugins/c9.ide.ace.keymaps/cli",
"plugins/c9.ide.configuration/configure",
"plugins/c9.ide.plugins/manager",
"plugins/c9.ide.ace.keymaps/keymaps",
"plugins/c9.ide.ace/themes",
];
plugins = plugins.filter(function(p) {
var packagePath = typeof p == "string" ? p : p.packagePath;
if (/\/c9.ide.run/.test(packagePath)) return false;
if (/\/c9.ide.collab/.test(packagePath)) return false;
if (/\/c9.ide.installer/.test(packagePath)) return false;
if (/\/c9.vfs.client/.test(packagePath)) return false;
if (/\/c9.ide.plugins/.test(packagePath)) return false;
if (/\/c9.ide.scm/.test(packagePath)) return false;
if (/\/c9.ide.welcome/.test(packagePath)) return false;
if (excludes.indexOf(packagePath) != -1) return false;
if (packagePath == "plugins/c9.fs/fs")
p.cli = true;
if (packagePath == "plugins/c9.core/settings")
p.testing = 1;
if (packagePath == "plugins/c9.ide.console/console")
p.defaultState = { type: "pane", nodes: [] }; // prevent console from opening terminal
return true;
});
plugins.push({
packagePath: "plugins/c9.vfs.client/vfs_client_mock",
storage: false
});
plugins.push({
provides: ["find", "installer"],
consumes: [],
setup: function(options, imports, register) {
function noop() {}
register(null, {
find: { on: noop, once: noop, getFileList: noop },
installer: {},
});
}
});
window.plugins = plugins;
return plugins;
}
expect.setupArchitectTest(offlineConfig().concat([
{
consumes: ["tabManager", "ace", "commands", "outline", "language", "ui", "menus"],
provides: [],
setup: main
}
]), architect);
function main(options, imports, register) {
var tabs = imports.tabManager;
var commands = imports.commands;
var outline = imports.outline;
var language = imports.language;
var menus = imports.menus;
var ui = imports.ui;
var img = "<img onerror='window.xss=1' src=':error'>";
describe("xss", function() {
this.timeout(10000);
it("should open a markdown file with outline", function(done) {
tabs.openFile("/README.md", function(err, tab) {
expect(err).to.not.ok;
expect(tabs.getTabs()).length(1);
expect(window.xss).to.not.ok;
tab.editor.ace.setValue("# " + img);
tab.editor.ace.resize(true);
expect(tab.editor.ace.renderer.scroller.textContent).to.equal("# " + img);
language.getWorker(function(err, worker) {
expect(err).to.not.ok;
worker.once("outline", function() {
setTimeout(function() {
outline.tree.resize(true);
expect(outline.tree.container.textContent.trim()).to.equal(img);
expect(window.xss).to.not.ok;
setTimeout(function() {
expect(window.xss).to.not.ok;
done();
});
});
});
outline.show();
});
});
});
it("should open immediate window", function(done) {
tabs.open({ focus: true, editorType: "immediate" }, function(err, tab) {
expect(err).to.not.ok;
expect(window.xss).to.not.ok;
tab.editor.ace.insert("top.a = {" + JSON.stringify(img) + ":" + JSON.stringify(img) + "};");
tab.editor.ace.repl.eval(true);
setTimeout(function() {
expect(window.xss).to.not.ok;
done();
});
});
});
it("should add menu item", function(done) {
commands.addCommand({
name: img,
bindKey: img
}, menus);
menus.setRootMenu(img, 16000, menus);
menus.addItemByPath(img + "/" + img, new ui.item({
command: img
}), 16, menus);
setTimeout(function() {
expect(window.xss).to.not.ok;
done();
});
});
});
register();
}
});