Skip to content

Commit

Permalink
[SECURITY-3061]
Browse files Browse the repository at this point in the history 
(cherry picked from commit d208953)
  • Loading branch information
@centic9
centic9 committed Mar 13, 2023
1 parent 79b76d3 commit 96386f9
Show file tree
Hide file tree
Showing 12 changed files with 109 additions and 59 deletions.
15 changes: 13 additions & 2 deletions src/main/java/hudson/plugins/jacoco/report/AbstractReport.java
View file
Expand Up @@ -31,7 +31,18 @@ public String getName() {
}

public void setName(String name) {
this.name = name;
this.name = sanitizeName(name);
}

protected static String sanitizeName(String name) {
// sanitize names contained in .class files
return name
.replace(':', '_')
.replace(';', '_')
.replace('&', '_')
.replace('%', '_')
.replace('<', '_')
.replace('>', '_');
}

public String getDisplayName() {
Expand Down Expand Up @@ -72,5 +83,5 @@ public SELF getPreviousResult() {
public Run<?,?> getBuild() {
return parent.getBuild();
}

}
3 changes: 2 additions & 1 deletion src/main/java/hudson/plugins/jacoco/report/ClassReport.java
View file
Expand Up @@ -15,9 +15,10 @@ public final class ClassReport extends AggregatedReport<PackageReport,ClassRepor

@Override
public void setName(String name) {
super.setName(name.replaceAll("/", "."));
super.setName(name.replace('/', '.'));
//logger.log(Level.INFO, "ClassReport");
}

@Override
public void add(MethodReport child) {
String newChildName = child.getName();
Expand Down
12 changes: 6 additions & 6 deletions src/main/java/hudson/plugins/jacoco/report/MethodReport.java
View file
Expand Up @@ -13,9 +13,9 @@
*/
//AggregatedReport<PackageReport,ClassReport,MethodReport> - AbstractReport<ClassReport,MethodReport>
public final class MethodReport extends AggregatedReport<ClassReport,MethodReport, SourceFileReport> {

private IMethodCoverage methodCov;

@Override
public String printFourCoverageColumns() {
StringBuilder buf = new StringBuilder();
Expand All @@ -32,10 +32,10 @@ public String printFourCoverageColumns() {
//logger.log(Level.INFO, "Printing Ratio cells within MethodReport.");
return buf.toString();
}

@Override
public void add(SourceFileReport child) {
String newChildName = child.getName().replaceAll(this.getName() + ".", "");
String newChildName = child.getName().replace(this.getName() + ".", "");
child.setName(newChildName);
getChildren().put(child.getName(), child);
//logger.log(Level.INFO, "SourceFileReport");
Expand All @@ -45,11 +45,11 @@ public void add(SourceFileReport child) {
public boolean hasClassCoverage() {
return false;
}

public void setSrcFileInfo(IMethodCoverage methodCov) {
this.methodCov = methodCov;
}

public void printHighlightedSrcFile(Writer output) {
new SourceAnnotator(getParent().getSourceFilePath()).printHighlightedSrcFile(methodCov,output);
}
Expand Down
10 changes: 5 additions & 5 deletions src/main/java/hudson/plugins/jacoco/report/PackageReport.java
View file
Expand Up @@ -18,17 +18,17 @@ public String getName() {

@Override
public void setName(String name) {
super.setName(name.replaceAll("/", "."));
super.setName(name.replace('/', '.'));
}

@Override
public void add(ClassReport child) {
String newChildName = child.getName().replaceAll(this.getName() + ".", "");
String newChildName = child.getName().replace(this.getName() + ".", "");
child.setName(newChildName);
this.getChildren().put(child.getName(), child);
//logger.log(Level.INFO, "PackageReport");
}

//private static final Logger logger = Logger.getLogger(CoverageObject.class.getName());

}
8 changes: 4 additions & 4 deletions src/main/java/hudson/plugins/jacoco/report/SourceFileReport.java
View file
Expand Up @@ -5,12 +5,12 @@
* @author Kohsuke Kawaguchi
*/
public final class SourceFileReport extends AbstractReport<MethodReport,SourceFileReport> {

@Override
public void setName(String name) {
super.setName(name.replaceAll("/", "."));
super.setName(name.replace('/', '.'));
//logger.log(Level.INFO, "SourceFileReport");
}

//private static final Logger logger = Logger.getLogger(SourceFileReport.class.getName());
}
}
8 changes: 6 additions & 2 deletions src/test/java/hudson/plugins/jacoco/report/AbstractReportTest.java
View file
Expand Up @@ -17,7 +17,7 @@ public void test() throws Exception {
// abstract class but not abstract method to override
};
assertNotNull(report);

report.setParent(new ClassReport());
report.getParent().setParent(new PackageReport());

Expand All @@ -33,7 +33,11 @@ public void test() throws Exception {
report.setName("testname");
assertEquals("testname", report.getName());
assertEquals("testname", report.getDisplayName());


report.setName("myname/&:<>2%;");
assertEquals("myname/____2__", report.getName());
assertEquals("myname/____2__", report.getDisplayName());

// TODO: cause NPEs, did not find out how to test this without a full jenkins-test
//assertNull(report.getPreviousResult());
//CoverageElement cv = new CoverageElement();
Expand Down
27 changes: 18 additions & 9 deletions src/test/java/hudson/plugins/jacoco/report/AggregatedReportTest.java
View file
Expand Up @@ -11,36 +11,40 @@ public class AggregatedReportTest {
public void testSetFailed() throws Exception {
AggregatedReport<PackageReport,ClassReport,MethodReport> report = new AggregatedReport<PackageReport,ClassReport,MethodReport>() {
};

assertEquals(0, report.getChildren().size());
assertFalse(report.hasChildren());

MethodReport child = new MethodReport();
child.setName("testmethod");
report.add(child);
assertEquals(1, report.getChildren().size());
assertTrue(report.hasChildren());
assertFalse(report.hasChildrenClassCoverage());
assertFalse(report.hasChildrenLineCoverage());

report.setParent(new PackageReport());
assertNotNull(report.getParent());

assertNull(report.getDynamic("test", null, null));
assertNotNull(report.getDynamic("testmethod", null, null));

report.setFailed();

child.getLineCoverage().accumulate(0, 3);
assertTrue(report.hasChildrenLineCoverage());

child.getClassCoverage().accumulate(0, 3);
assertFalse("For method children it's always false", report.hasChildrenClassCoverage());

report.setName("myname/&:<>2%;");
assertEquals("myname/____2__", report.getName());
assertEquals("myname/____2__", report.getDisplayName());
}

@Test
public void testClassCoverage() {
AggregatedReport<CoverageReport,PackageReport,ClassReport> packageReport =
AggregatedReport<CoverageReport,PackageReport,ClassReport> packageReport =
new AggregatedReport<CoverageReport, PackageReport, ClassReport>() {
};

Expand All @@ -52,8 +56,13 @@ public void testClassCoverage() {
assertFalse(packageReport.hasChildrenLineCoverage());

classChild.getClassCoverage().accumulate(0, 3);

assertTrue(packageReport.hasChildrenClassCoverage());
assertFalse(packageReport.hasChildrenLineCoverage());

classChild = new ClassReport();
classChild.setName("testclass/pkg");
packageReport.add(classChild);
assertEquals("testclass.pkg", classChild.getName());
}
}
28 changes: 16 additions & 12 deletions src/test/java/hudson/plugins/jacoco/report/ClassReportTest.java
View file
Expand Up @@ -11,46 +11,50 @@
public class ClassReportTest {

@Test
public void testName() throws Exception {
public void testName() {
ClassReport report = new ClassReport();
report.setName("testname");
assertEquals("testname", report.getName());
report.setName("test/name/1");
assertEquals("test.name.1", report.getName());

report.setName("myname/&:<>2%;");
assertEquals("myname.____2__", report.getName());
assertEquals("myname.____2__", report.getDisplayName());
}

@Test
public void testChildren() throws Exception {
public void testChildren() {
ClassReport report = new ClassReport();

assertEquals(0, report.getChildren().size());
MethodReport child = new MethodReport();
child.setName("testname");
report.add(child);
assertEquals(1, report.getChildren().size());
}

@Test
public void testSourceFile() throws Exception {
public void testSourceFile() {
ClassReport report = new ClassReport();
report.setSrcFileInfo(null, "some/path");
assertEquals(new File("some/path"), report.getSourceFilePath());
}

@Test
public void testPrint() throws Exception {
public void testPrint() {
ClassReport report = new ClassReport();
report.setSrcFileInfo(null, "some/path");

StringWriter writer = new StringWriter();
report.printHighlightedSrcFile(writer);

String string = writer.toString();
assertEquals("ERROR: Error while reading the sourcefile!", string);
}

@Test
public void testToString() throws Exception {
public void testToString() {
ClassReport report = new ClassReport();
assertNotNull(report.toString());
}
Expand Down
12 changes: 8 additions & 4 deletions src/test/java/hudson/plugins/jacoco/report/CoverageReportTest.java
View file
Expand Up @@ -11,27 +11,31 @@

public class CoverageReportTest {
@Test
public void testGetBuild() throws Exception {
public void testGetBuild() {
CoverageReport report = new CoverageReport(action, new ExecutionFileLoader());
assertNull(report.getBuild());
}

@Test
public void testName() throws Exception {
public void testName() {
CoverageReport report = new CoverageReport(action, new ExecutionFileLoader());
assertEquals("Jacoco", report.getName());

report.setName("myname/&:<>2%;");
assertEquals("myname/____2__", report.getName());
assertEquals("myname/____2__", report.getDisplayName());
}

@Test
public void testDoJaCoCoExec() throws Exception {
public void testDoJaCoCoExec() {
CoverageReport report = new CoverageReport(action, new ExecutionFileLoader());
assertNotNull(report);
// TODO: how to simulate JaCoCoBuildAction without full Jenkins test-framework?
// report.doJacocoExec();
}

@Test
public void testThresholds() throws Exception {
public void testThresholds() {
CoverageReport report = new CoverageReport(action, new ExecutionFileLoader());
report.setThresholds(new JacocoHealthReportThresholds());
}
Expand Down
22 changes: 14 additions & 8 deletions src/test/java/hudson/plugins/jacoco/report/MethodReportTest.java
View file
Expand Up @@ -12,47 +12,53 @@ public class MethodReportTest {
public void testMissingFile() {
MethodReport report = new MethodReport();
assertFalse(report.hasClassCoverage());

report.setSrcFileInfo(null);

ClassReport p = new ClassReport();
p.setSrcFileInfo(null, "some/path");
report.setParent(p);

StringWriter writer = new StringWriter();
report.printHighlightedSrcFile(writer);
String string = writer.toString();
assertEquals("ERROR: Error while reading the sourcefile!", string);

report.setName("myname/&:<>2%;");
assertEquals("myname/____2__", report.getName());
assertEquals("myname/____2__", report.getDisplayName());
}

@Test
public void testPrint() throws Exception {
public void testPrint() {
MethodReport report = new MethodReport();
assertNotNull(report.printFourCoverageColumns());
}

@Test
public void testChildren() throws Exception {
public void testChildren() {
MethodReport report = new MethodReport();
report.setName("pkg");

assertEquals(0, report.getChildren().size());
SourceFileReport child = new SourceFileReport();
child.setName("testname");
report.add(child);
assertEquals("testname", child.getName());
assertEquals(1, report.getChildren().size());
assertEquals("testname", report.getChildren().values().iterator().next().getName());
}

@Test
public void testChildrenRemovePkgName() throws Exception {
public void testChildrenRemovePkgName() {
MethodReport report = new MethodReport();
report.setName("pkg");

assertEquals(0, report.getChildren().size());
SourceFileReport child = new SourceFileReport();
child.setName("pkg.testname");
report.add(child);
assertEquals("testname", child.getName());
assertEquals(1, report.getChildren().size());
assertEquals("testname", report.getChildren().values().iterator().next().getName());
}
Expand Down

0 comments on commit 96386f9

Please sign in to comment.