knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject git commit: KNOX-198 - fixed and enabled functional tests for PUT and GET behavior
Date Wed, 27 Nov 2013 20:37:22 GMT
Updated Branches:
  refs/heads/master 6fac4afab -> c9b2e5514


KNOX-198 - fixed and enabled functional tests for PUT and GET behavior

Project: http://git-wip-us.apache.org/repos/asf/incubator-knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-knox/commit/c9b2e551
Tree: http://git-wip-us.apache.org/repos/asf/incubator-knox/tree/c9b2e551
Diff: http://git-wip-us.apache.org/repos/asf/incubator-knox/diff/c9b2e551

Branch: refs/heads/master
Commit: c9b2e5514c36e7540080ae47b4c9d1e1cecfd645
Parents: 6fac4af
Author: Larry McCay <lmccay@hortonworks.com>
Authored: Wed Nov 27 15:37:08 2013 -0500
Committer: Larry McCay <lmccay@hortonworks.com>
Committed: Wed Nov 27 15:37:08 2013 -0500

----------------------------------------------------------------------
 .../webappsec/filter/CSRFPreventionFilter.java  | 13 ++++--
 .../hadoop/gateway/GatewayBasicFuncTest.java    | 45 ++++++++++++++------
 2 files changed, 41 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/c9b2e551/gateway-provider-security-webappsec/src/main/java/org/apache/hadoop/gateway/webappsec/filter/CSRFPreventionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-webappsec/src/main/java/org/apache/hadoop/gateway/webappsec/filter/CSRFPreventionFilter.java
b/gateway-provider-security-webappsec/src/main/java/org/apache/hadoop/gateway/webappsec/filter/CSRFPreventionFilter.java
index eb98b8c..6d40252 100644
--- a/gateway-provider-security-webappsec/src/main/java/org/apache/hadoop/gateway/webappsec/filter/CSRFPreventionFilter.java
+++ b/gateway-provider-security-webappsec/src/main/java/org/apache/hadoop/gateway/webappsec/filter/CSRFPreventionFilter.java
@@ -48,16 +48,23 @@ public class CSRFPreventionFilter implements Filter {
     if (customMTI != null) {
       mti = customMTI;
     }
-    methodsToIgnore = new HashSet<String>(Arrays.asList(mti));
+    String[] methods = mti.split(",");
+    methodsToIgnore = new HashSet<String>();
+    for (int i = 0; i < methods.length; i++) {
+      methodsToIgnore.add(methods[i]);
+    }
+    
   }
   
   @Override
   public void doFilter(ServletRequest request, ServletResponse response,
       FilterChain chain) throws IOException, ServletException {
-    if (!methodsToIgnore.contains(((HttpServletRequest) request).getMethod()) &&
!(((HttpServletRequest) request).getHeader(headerName) != null)) {
+    HttpServletRequest httpRequest = (HttpServletRequest)request;
+    if ( methodsToIgnore.contains( httpRequest.getMethod() ) || httpRequest.getHeader(headerName)
!= null ) {
+      chain.doFilter(request, response);
+    } else {
       ((HttpServletResponse)response).sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing
Required Header for Vulnerability Protection");
     }
-    chain.doFilter(request, response);
   }
 
   /* (non-Javadoc)

http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/c9b2e551/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayBasicFuncTest.java
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayBasicFuncTest.java
b/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayBasicFuncTest.java
index 130e479..0c7c486 100644
--- a/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayBasicFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/GatewayBasicFuncTest.java
@@ -1934,31 +1934,48 @@ public class GatewayBasicFuncTest {
     driver.assertComplete();
   }
 
-  @Ignore
-  public void testCrossSiteRequestForgeryPrevention() throws IOException {
+  @Test
+  public void testCrossSiteRequestForgeryPreventionPUT() throws IOException {
     String root = "/tmp/GatewayWebHdfsFuncTest/testCrossSiteRequestForgeryPrevention";
     String username = "hdfs";
     String password = "hdfs-password";
 
-//    driver.getMock( "WEBHDFS" )
-//        .expect()
-//        .method( "PUT" )
-//        .pathInfo( "/v1" + root + "/dir" )
-//        .queryParam( "op", "MKDIRS" )
-//        .queryParam( "user.name", username )
-//        .respond()
-//        .status( HttpStatus.SC_BAD_REQUEST );
     given()
-        .log().all()
+//        .log().all()
         .auth().preemptive().basic( username, password )
 //        .header("X-XSRF-Header", "jksdhfkhdsf")
         .queryParam( "op", "MKDIRS" )
         .expect()
-            .log().all()
+//            .log().all()
         .statusCode( HttpStatus.SC_BAD_REQUEST )
         .when().put( driver.getUrl( "WEBHDFS" ) + "/v1" + root + "/dir" );
-//    driver.reset();
-//    driver.assertComplete();
+    driver.assertComplete();
   }
 
+  @Test
+  public void testCrossSiteRequestForgeryPreventionGET() throws IOException {
+    String root = "/tmp/GatewayWebHdfsFuncTest/testCrossSiteRequestForgeryPrevention";
+    String username = "hdfs";
+    String password = "hdfs-password";
+
+    driver.getMock( "WEBHDFS" )
+        .expect()
+        .method( "GET" )
+        .pathInfo( "/v1" + root + "/dir" )
+        .queryParam( "op", "LISTSTATUS" )
+        .queryParam( "user.name", username )
+        .respond()
+        .status( HttpStatus.SC_OK );
+    given()
+//        .log().all()
+        .auth().preemptive().basic( username, password )
+//        .header("X-XSRF-Header", "jksdhfkhdsf")
+        .queryParam( "op", "LISTSTATUS" )
+        .expect()
+//            .log().all()
+        .statusCode( HttpStatus.SC_OK )
+        .when().get( driver.getUrl( "WEBHDFS" ) + "/v1" + root + "/dir" );
+//    driver.reset();
+    driver.assertComplete();
+  }
 }
\ No newline at end of file


Mime
View raw message