[bugfix] Block creation of collection by guest #3505

[dizzzz]

fixes #3505
added tests @joewiz

[adamretter]

@dizzzz I think the fix looks good and is certainly on the right path. Would you be able to contribute a test for this please?

[dizzzz]

Would a Xquery based test be able to do the test?

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

0.0% Coverage
0.0% Duplication

[adamretter]

@dizzzz I am not certain, all the security tests so far are in Java.

[joewiz]

In my testing, the guest:create-collection test in this PR shows that the PR prevents guest from performing the xmldb:create-collection operation. In develop (before this PR), the test fails (well, the first try passes since the exception is thrown, but the 2nd and subsequent executions of the same test fail because the collection was actually created in the 1st pass). The other tests included in this PR just exercise the other xmldb functions that guest should be prevented from using. They all passed before this PR and still pass with this PR.

[joewiz]

17 successful and 3 failing - looking good!

Appveyor says:

[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ exist-index-range ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 2 source files to C:\projects\exist\extensions\indexes\range\target\test-classes
[INFO] 
[INFO] Results:
[INFO] 
[ERROR] Errors: 
[ERROR] org.exist.xquery.modules.file.XmldbBinariesTest.readAndWriteBinary[remote]
[ERROR]   Run 1: XmldbBinariesTest>AbstractBinariesTest.setup:58->storeBinaryFile:74 � XMLDB Fa...
[ERROR]   Run 2: XmldbBinariesTest>AbstractBinariesTest.cleanup:63->removeCollection:121 � XMLDB
[INFO] 
[ERROR] org.exist.xquery.modules.file.XmldbBinariesTest.readBinary[remote]
[ERROR]   Run 1: XmldbBinariesTest>AbstractBinariesTest.setup:58->storeBinaryFile:74 � XMLDB Fa...
[ERROR]   Run 2: XmldbBinariesTest>AbstractBinariesTest.cleanup:63->removeCollection:121 � XMLDB

The other 2 failures were Java 11 (macOS latest) and 15 (ubuntu latest). The macOS failure looks like the dependency check random rate limit issue we discussed on community calls:

Error:  Failed to execute goal org.owasp:dependency-check-maven:6.1.6:check (default) on project exist-restxq: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during analysis:
Error:  	AnalysisException: Failed to request component-reports
Error:  		caused by TransportException: Unexpected response; status: 429
Error:  -> [Help 1]
Error:  
Error:  To see the full stack trace of the errors, re-run Maven with the -e switch.
Error:  Re-run Maven using the -X switch to enable full debug logging.
Error:  
Error:  For more information about the errors and possible solutions, please read the following articles:
Error:  [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
Error:  
Error:  After correcting the problems, you can resume the build with the command
Error:    mvn <args> -rf :exist-restxq
Error: Process completed with exit code 1.

As to the ubuntu issue, I can't really tell where the real error appears, so I won't paste anything in.

As to all 3, I can't judge their significance, I'm afraid...

[dizzzz]

rerunning Appveyor

[joewiz]

@dizzzz AppVeyor is green! We just need an approval from a member of @eXist-db/core.

[line-o]

Very cool! Great work @dizzzz