Skip to content
Permalink
Browse files Browse the repository at this point in the history
Improve escaping on legacy Freemarker templates
  • Loading branch information
chadlwilson committed Dec 4, 2022
1 parent c6aa644 commit 95f7582
Show file tree
Hide file tree
Showing 27 changed files with 138 additions and 73 deletions.
Expand Up @@ -33,10 +33,10 @@
import static java.lang.String.valueOf;

public class MaterialRevisionsJsonBuilder extends ModificationVisitorAdapter {
private List materials = new ArrayList();
private final List<Object> materials = new ArrayList<>();
private Map<String, Object> materialJson;
private List modificationsJson;
private List modifiedFilesJson;
private List<Object> modificationsJson;
private List<Object> modifiedFilesJson;
private boolean includeModifiedFiles = true;
private final CommentRenderer commentRenderer;
private MaterialRevision revision;
Expand All @@ -48,9 +48,9 @@ public MaterialRevisionsJsonBuilder(CommentRenderer commentRenderer) {
@Override
public void visit(MaterialRevision revision) {
this.revision = revision;
modificationsJson = new ArrayList();
modificationsJson = new ArrayList<>();

materialJson = new LinkedHashMap();
materialJson = new LinkedHashMap<>();
materialJson.put("revision", revision.getRevision().getRevision());
materialJson.put("revision_href", revision.getRevision().getRevisionUrl());
materialJson.put("user", revision.buildCausedBy());
Expand All @@ -68,7 +68,7 @@ public void visit(Material material, Revision revision) {

@Override
public void visit(Modification modification) {
modifiedFilesJson = new ArrayList();
modifiedFilesJson = new ArrayList<>();

Map<String, Object> jsonMap = new LinkedHashMap<>();
jsonMap.put("user", modification.getUserDisplayName());
Expand Down Expand Up @@ -97,7 +97,7 @@ public void visit(ModifiedFile file) {
modifiedFilesJson.add(jsonMap);
}

public List json() {
public List<Object> json() {
return materials;
}

Expand Down
7 changes: 6 additions & 1 deletion server/src/main/resources/freemarker-config.xml
Expand Up @@ -25,12 +25,17 @@
</list>
</property>
<property name="defaultEncoding" value="utf-8"/>
<property name="freemarkerSettings">
<props>
<prop key="recognizeStandardFileExtensions">true</prop>
</props>
</property>
</bean>

<bean id="freeMarkerViewResolver" class="org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
<property name="cache" value="true"/>
<property name="prefix" value=""/>
<property name="suffix" value=".ftl"/>
<property name="suffix" value=".ftlh"/>
<property name="exposeSessionAttributes" value="true"/>
<property name="exposeSpringMacroHelpers" value="true"/>
<property name="requestContextAttribute" value="req"/>
Expand Down
Expand Up @@ -19,7 +19,7 @@
//= link application.js
//= link lib/d3-3.1.5.min.js

// Used by legacy templates `_header.ftl`
// Used by legacy templates `_header.ftlh`
//= link application.css
//= link patterns/application.css
//= link css/application.css
Expand Down
Expand Up @@ -23,6 +23,6 @@
</#if>
</#if>
<div class="files">
<#include "../shared/_artifacts.ftl">
<#include "../shared/_artifacts.ftlh">
</div>
</div>
Expand Up @@ -33,7 +33,7 @@
</#if>
</li>
<li><span class="header">Completed on: </span><span id="build_completed_date">${r'${% build.build_completed_date %}'}</span></li>
<li><span class="header">Build cause: </span><span id="stage-${r'${% build.id %}'}-buildCause">${presenter.buildCauseMessage?html?html}</span></li>
<li><span class="header">Build cause: </span><span id="stage-${r'${% build.id %}'}-buildCause"><#noautoesc>${presenter.buildCauseMessage?html?html}</#noautoesc></span></li>
{if build.current_status.toLowerCase() == 'passed' || build.current_status.toLowerCase() == 'failed'}
<li><span class="header">Duration: </span><span>${r"${% moment.duration(parseInt(build.current_build_duration), 's').humanizeForGoCD() %}"}</span></li>
{/if}
Expand Down
Expand Up @@ -15,5 +15,5 @@
-->
<#-- @ftlvariable name="buildoutput_extra_attrs" type="java.lang.String" -->
<div id="tab-content-of-console" class="ansi-color-toggle" ${buildoutput_extra_attrs}>
<#include "_build_output_raw.ftl">
<#include "_build_output_raw.ftlh">
</div>
Expand Up @@ -46,7 +46,7 @@
<span title="Comment" class="comment">

{if revision.scmType == 'Package' }
<#include '../shared/_package_material_revision_comment.ftl'>
<#include '../shared/_package_material_revision_comment.ftlh'>
{else}
<#noparse>"${%comment.replace(/\n/g,"<br>")%}"</#noparse>
{/if}
Expand Down
Expand Up @@ -16,7 +16,7 @@
<#-- @ftlvariable name="modification_extra_attrs" type="java.lang.String" -->
<div id="tab-content-of-materials" class="widget" ${modification_extra_attrs}>
<script type="text/javascript">
var json = ${presenter.getMaterialRevisionsJson()};
var json = ${presenter.getMaterialRevisionsJson()?no_esc};
</script>
<script type="text/javascript">
Event.observe(window, 'load', function(){
Expand Down
Expand Up @@ -17,17 +17,19 @@
<p>No test output found. Make sure your job configuration includes a test artifact.</p><br/>
<p>For example:</p><br/>
<pre>
<#noautoesc>
&lt;job name="example"&gt;
${tab} &lt;resources&gt;
${tab}${tab} &lt;resource&gt;java&lt;/resource&gt;
${tab} &lt;/resources&gt;
<strong class='code'>${tab} &lt;artifacts&gt;
${tab}${tab} &lt;test src="target/reports" /&gt;
${tab} &lt;/artifacts&gt;</strong>
${tab} &lt;tasks&gt;
${tab}${tab} &lt;ant target="unit_tests" /&gt;
${tab} &lt;/tasks&gt;
${tab}&lt;resources&gt;
${tab}${tab}&lt;resource&gt;java&lt;/resource&gt;
${tab}&lt;/resources&gt;
<strong class='code'>${tab}&lt;artifacts&gt;
${tab}${tab}&lt;test src="target/reports" /&gt;
${tab}&lt;/artifacts&gt;</strong>
${tab}&lt;tasks&gt;
${tab}${tab}&lt;ant target="unit_tests" /&gt;
${tab}&lt;/tasks&gt;
&lt;/job&gt;
</#noautoesc>
</pre>
<br/>
<p><a href="${currentGoCDVersion.docsUrl('/configuration/managing_artifacts_and_reports.html')}" target='_blank' class="obvious_link">Help Topic: Managing Artifacts and Reports</a></p>
Expand Up @@ -19,7 +19,7 @@
<#if presenter.hasTests()>
<iframe sandbox="allow-scripts" src="${req.getContextPath()}/${presenter.indexPageURL}" width="95%" height="500" frameborder="0"></iframe>
<#else>
<#include "_test_output_config.ftl">
<#include "_test_output_config.ftlh">
</#if>
</div>
</div>
Expand Up @@ -16,33 +16,33 @@
<#assign title = "${presenter.buildName} Job Details - Go">
<#assign _page_title = "Job Details for ${presenter.buildLocatorForDisplay}">
<#assign current_tab = "build">
<#include "../shared/_header.ftl">
<#include "../shared/_header.ftlh">

<#include "_build_detail_summary_jstemplate.ftl">
<#include "_build_detail_summary_jstemplate.ftlh">
<div id="yui-main">
<div class="yui-b">
<!-- breadcrumbs -->
<#assign current_page="build_detail">
<#assign pipelineName="${presenter.pipelineName}">
<#assign stageLocator="${presenter.stageLocator}">

<#include "../shared/_job_details_breadcrumbs.ftl">
<#include "../shared/_job_details_breadcrumbs.ftlh">
<!-- /breadcrumbs -->

<div class="content_wrapper_outer">
<div class="row">
<div class="content_wrapper_inner">
<div id="build-status-panel" class="bd-container rounded-corner-for-pipeline">
<div class="maincol build_detail">
<#include "../shared/_flash_message.ftl">
<#include "../shared/_flash_message.ftlh">
<#assign jobConfigName = "${presenter.buildName}">
<div id="build_detail_summary_container" class="build_detail_summary">
<ul id="build-detail-summary" class="summary">
<li><span class="header">Scheduled on: </span><span id="build_scheduled_date">Loading...</span></li>
<li><span class="header">Agent: </span><span id="agent_name">Loading...</span></li>
<li><span class="header">Completed on: </span><span id="build_completed_date">Loading...</span></li>
<li><span class="header">Build cause: </span><span
id="stage-${presenter.id?c}-buildCause">${presenter.buildCauseMessage?html}</span></li>
id="stage-${presenter.id?c}-buildCause">${presenter.buildCauseMessage}</span></li>
<li class="timer_area">
<div class="progress-info">
<div id="${presenter.buildName}_progress_bar" class="progress-bar" style="display: none;">
Expand Down Expand Up @@ -93,7 +93,7 @@
</div>

<div class="sidebar_history">
<#include "../sidebar/_sidebar_build_list.ftl">
<#include "../sidebar/_sidebar_build_list.ftlh">
</div>
<div class="build_detail_container sub_tab_container rounded-corner-for-tab-container">

Expand All @@ -102,20 +102,20 @@
<div class="clear"></div>

<#assign buildoutput_extra_attrs="">
<#include "_buildoutput.ftl">
<#include "_buildoutput.ftlh">

<#assign tests_extra_attrs="style='display:none'">
<#include "_tests.ftl">
<#include "_tests.ftlh">

<#assign artifacts_extra_attrs="style='display:none'">
<#include "_artifacts.ftl">
<#include "_artifacts.ftlh">

<#assign modification_extra_attrs="style='display:none'">
<#include "_materials.ftl">
<#include "_materials.ftlh">
<#list presenter.customizedTabs as tab>
<#assign customized_name="${tab.name}">
<#assign customized_path="${tab.path}">
<#include "_customized.ftl">
<#include "_customized.ftlh">
</#list>
</div>
</div>
Expand All @@ -128,4 +128,4 @@
</div>
</div>
</div>
<#include "../shared/_footer.ftl">
<#include "../shared/_footer.ftlh">
Expand Up @@ -15,15 +15,14 @@
-->
<#-- @ftlvariable name="errorMessage" type="java.lang.String" -->
<#assign title = 'Exception Detail - GoCD'>
<#include "shared/_header.ftl">
<#include "shared/_flash_message.ftl">
<#include "shared/_header.ftlh">
<#include "shared/_flash_message.ftlh">
<div id="yui-main">
<div class="yui-b"></div>
</div>
<script type="text/javascript">
$('trans_content').update("Sorry, an unexpected error occurred<#if errorMessage??> [${errorMessage?js_string?html}]</#if>. :( Please check the server logs for more information.");
var transMessage = new TransMessage('trans_message', document.body,
{type: TransMessage.TYPE_ERROR, offsetTop: 200, autoHide: false});
$('trans_content').update("Sorry, an unexpected error occurred<#if errorMessage??> [${errorMessage?js_string?no_esc}]</#if>. :( Please check the server logs for more information.");
var transMessage = new TransMessage('trans_message', document.body, {type: TransMessage.TYPE_ERROR, offsetTop: 200, autoHide: false});
</script>

</body>
Expand Down
Expand Up @@ -16,7 +16,7 @@
-->
<#-- @ftlvariable name="jobIdentifier" type="com.thoughtworks.go.domain.JobIdentifier" -->
<#assign title = "Artifacts for ${jobIdentifier.pipelineName} > ${jobIdentifier.pipelineLabel} > ${jobIdentifier.stageName} > ${jobIdentifier.stageCounter} > ${jobIdentifier.buildName}">
<#include "../shared/_header.ftl">
<#include "../shared/_header.ftlh">

<div id="yui-main">
<div class="yui-b">
Expand All @@ -26,10 +26,10 @@
<h2>${title}</h2>

<div id="artifacts" class="container-in-body">
<#include "../shared/_artifacts.ftl">
<#include "../shared/_artifacts.ftlh">
</div>
</div>
</div>

<#include "../shared/_footer.ftl">
<#include "../shared/_footer.ftlh">

Expand Up @@ -13,4 +13,4 @@
* See the License for the specific language governing permissions and
* limitations under the License.
-->
${presenter.renderArtifactFiles(req.getContextPath())}
${presenter.renderArtifactFiles(req.getContextPath())?no_esc}
Expand Up @@ -13,7 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
-->
<#include '_artifact_entry.ftl'>
<#include '_artifact_entry.ftlh'>

<script type="text/javascript">
try{
Expand Down
Expand Up @@ -37,7 +37,7 @@
</div>
<script type="text/javascript">
<#list presenter.recent25 as listPresenter>
json_to_css.update_build_list(eval(${listPresenter.toJsonString()}), ${listPresenter?counter}, "${req.getContextPath()}/${concatenatedStageBarCancelledIconFilePath}");
json_to_css.update_build_list(eval(${listPresenter.toJsonString()?no_esc}), ${listPresenter?counter}, "${req.getContextPath()}/${concatenatedStageBarCancelledIconFilePath}");
</#list>

jQuery(function() {
Expand Down
Expand Up @@ -14,19 +14,24 @@
* limitations under the License.
*/

package com.thoughtworks.go.server.view.velocity;
package com.thoughtworks.go.server.view.freemarker;

import com.thoughtworks.go.server.service.*;
import org.jsoup.parser.Parser;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.AdditionalAnswers;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;

import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.*;

@ExtendWith(MockitoExtension.class)
public class AbstractFreemarkerTemplateTest {
protected TestFreeMarkerView view;
protected final Parser parser = Parser.htmlParser().setTrackErrors(100);

@Mock
private RailsAssetsService railsAssetsService;
@Mock
Expand All @@ -51,4 +56,10 @@ public void setUp(String template) throws Exception {
lenient().doReturn(securityService).when(view).getSecurityService();
lenient().doReturn(maintenanceModeService).when(view).getMaintenanceModeService();
}

@AfterEach
public void checkParseErrors() {
assertThat(parser.isTrackErrors()).isTrue();
assertThat(parser.getErrors()).isEmpty();
}
}

0 comments on commit 95f7582

Please sign in to comment.