Skip to content

Commit

Permalink
Added name allowed character validation #1314
Browse files Browse the repository at this point in the history 
- changed model validation, inspect now for illegal characters
  accepted only now: `a-z`,`0-9`,`-` or `_`
- refactored existing parts from model validation: moved
  parts from  abstract simple string validation into
  simple string utils and reused implementation
- added some missing SPDX headers to sources
- added test scases
  • Loading branch information
@de-jcup
de-jcup committed May 6, 2022
1 parent f453048 commit 33c5e55
Show file tree
Hide file tree
Showing 10 changed files with 142 additions and 30 deletions.
39 changes: 39 additions & 0 deletions ...mmons-core/src/main/java/com/mercedesbenz/sechub/commons/core/util/SimpleStringUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,4 +101,43 @@ public static String truncateWhenTooLong(String string, int maxLength) {
}
return string.substring(0, maxLength - 3) + "...";
}

/**
* Will test if given string does contain only alphabetic characters (a-z,A-Z),
* digits (0-9) or additionally allowed characters.
*
* @param string the content to inspect.
* @param additionalAllowed
* @return <code>true</code> when only allowed characters are contained, or
* given string is <code>null</code> or empty. <code>false</code>
* otherwise.
*/
public static boolean hasOnlyAlphabeticDigitOrAdditionalAllowedCharacters(String string, char... additionalAllowed) {
if (string == null) {
return true;
}
if (string.isEmpty()) {
return true;
}
for (char c : string.toCharArray()) {
if (Character.isDigit(c)) {
continue;
}
if (Character.isAlphabetic(c)) {
continue;
}
boolean ok = false;
for (char allowed : additionalAllowed) {
if (c == allowed) {
ok = true;
continue;
}
}
if (ok) {
continue;
}
return false;
}
return true;
}
}
26 changes: 26 additions & 0 deletions ...s-core/src/test/java/com/mercedesbenz/sechub/commons/core/util/SimpleStringUtilsTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,35 @@
import static org.hamcrest.MatcherAssert.*;

import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.CsvSource;

public class SimpleStringUtilsTest {

@ParameterizedTest
@CsvSource({ "name", "age", "test" })
void validNames_hasOnlyAlphabeticDigitOrAdditionalAllowedCharacters_no_additional_is_true(String string) {
assertThat(SimpleStringUtils.hasOnlyAlphabeticDigitOrAdditionalAllowedCharacters(string), is(true));
}

@ParameterizedTest
@CsvSource({ "name-", "age_", "test-1" })
void invalidNames_hasOnlyAlphabeticDigitOrAdditionalAllowedCharacters_no_additional_is_false(String string) {
assertThat(SimpleStringUtils.hasOnlyAlphabeticDigitOrAdditionalAllowedCharacters(string), is(false));
}

@ParameterizedTest
@CsvSource({ "name-", "age_", "test-1" })
void validNames_hasOnlyAlphabeticDigitOrAdditionalAllowedCharacters_with_additional_is_true(String string) {
assertThat(SimpleStringUtils.hasOnlyAlphabeticDigitOrAdditionalAllowedCharacters(string, '-', '_'), is(true));
}

@ParameterizedTest
@CsvSource({ "n$me-", "a@e_", "t§st-1" })
void invalidNames_hasOnlyAlphabeticDigitOrAdditionalAllowedCharacters_with_additional_is_false(String string) {
assertThat(SimpleStringUtils.hasOnlyAlphabeticDigitOrAdditionalAllowedCharacters(string, '-', '_'), is(false));
}

@Test
void isTrimmedEquals_null_null_is_true() {
assertThat(SimpleStringUtils.isTrimmedEqual(null, null), is(true));
Expand Down
2 changes: 2 additions & 0 deletions ...n/java/com/mercedesbenz/sechub/commons/model/SecHubConfigurationModelValidationError.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ public enum SecHubConfigurationModelValidationError {

REFERENCED_DATA_CONFIG_OBJECT_NAME_NOT_EXISTING("The referenced config object name was not found in object!"),

DATA_CONFIG_OBJECT_NAME_CONTAINS_ILLEGAL_CHARACTERS("Data configuration object contains illegal characters!"),

;

private String defaultMessage;
Expand Down
7 changes: 7 additions & 0 deletions ...rc/main/java/com/mercedesbenz/sechub/commons/model/SecHubConfigurationModelValidator.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: MIT
package com.mercedesbenz.sechub.commons.model;

import static com.mercedesbenz.sechub.commons.core.util.SimpleStringUtils.*;
import static com.mercedesbenz.sechub.commons.model.SecHubConfigurationModelValidationError.*;

import java.net.URI;
Expand Down Expand Up @@ -161,6 +162,12 @@ private void validateNameUniqueAndNotNull(InternalValidationContext context, Col
result.addError(DATA_CONFIG_OBJECT_NAME_IS_NULL);
continue;
}
if (!hasOnlyAlphabeticDigitOrAdditionalAllowedCharacters(uniqueName, '-', '_')) {
result.addError(DATA_CONFIG_OBJECT_NAME_CONTAINS_ILLEGAL_CHARACTERS,
"Name '" + uniqueName + "' may only contain 'a-z','0-9', '-' or '_' characters");
continue;
}

if (uniqueName.length() < MIN_NAME_LENGTH) {
result.addError(DATA_CONFIG_OBJECT_NAME_LENGTH_TOO_SHORT, "Name '" + uniqueName + "' lengh < " + MIN_NAME_LENGTH + " characters");
}
Expand Down
9 changes: 4 additions & 5 deletions ...el/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubWebScanApiConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,19 @@

public class SecHubWebScanApiConfiguration implements SecHubDataConfigurationUsageByName {


public static final String PROPERTY_TYPE = "type";
public static final String PROPERTY_LOGIN = "use";

private SecHubWebScanApiType type;

public SecHubWebScanApiType getType() {
return type;
}

public void setType(SecHubWebScanApiType type) {
this.type = type;
}

private Set<String> namesOfUsedDataConfigurationObjects = new LinkedHashSet<>();

@Override
Expand Down
3 changes: 2 additions & 1 deletion ...mmons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubWebScanApiType.java
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
// SPDX-License-Identifier: MIT
package com.mercedesbenz.sechub.commons.model;

import com.fasterxml.jackson.annotation.JsonAlias;

public enum SecHubWebScanApiType {

@JsonAlias({ "openApi"})
@JsonAlias({ "openApi" })
OPEN_API;

}
6 changes: 3 additions & 3 deletions ...model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubWebScanConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ public class SecHubWebScanConfiguration {
Optional<WebScanDurationConfiguration> maxScanDuration = Optional.empty();

Optional<SecHubWebScanApiConfiguration> api = Optional.empty();

URI uri;

Optional<List<String>> includes = Optional.empty();
Expand All @@ -28,8 +28,8 @@ public class SecHubWebScanConfiguration {
public URI getUri() {
return uri;
}
public Optional<SecHubWebScanApiConfiguration> getApi(){

public Optional<SecHubWebScanApiConfiguration> getApi() {
return api;
}

Expand Down
43 changes: 43 additions & 0 deletions ...est/java/com/mercedesbenz/sechub/commons/model/SecHubConfigurationModelValidatorTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,16 @@

import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.CsvSource;

import com.mercedesbenz.sechub.commons.model.SecHubConfigurationModelValidationResult.SecHubConfigurationModelValidationErrorData;
import com.mercedesbenz.sechub.commons.model.SecHubConfigurationModelValidator.SecHubConfigurationModelValidationException;

class SecHubConfigurationModelValidatorTest {

private static final String VALID_NAME_WITH_MAX_LENGTH = "---------1---------2---------3---------4---------5---------6---------7---------8";
private static final String VALID_NAME_BUT_ONE_CHAR_TOO_LONG = VALID_NAME_WITH_MAX_LENGTH + "-";
private SecHubConfigurationModelValidator validatorToTest;

@BeforeEach
Expand Down Expand Up @@ -184,6 +188,45 @@ void api_version_unsupported_results_in_one_error() {

}

@ParameterizedTest
@CsvSource({ "n", "_", "-", "1", "name1", "referenced-name_", "the_name_with_slashes", VALID_NAME_WITH_MAX_LENGTH })
void model_having_a_data_configuration_with_valid_name_has_no_error(String name) {
/* prepare */
/* prepare */
SecHubConfigurationModel model = createDefaultValidModel();
SecHubDataConfiguration data = new SecHubDataConfiguration();

SecHubSourceDataConfiguration config1 = new SecHubSourceDataConfiguration();
config1.setUniqueName(name);
data.getSources().add(config1);
model.setData(data);

/* execute + test */
SecHubConfigurationModelValidationResult result = validatorToTest.validate(model);

/* test */
assertFalse(result.hasErrors());
}

@ParameterizedTest
@CsvSource({ "$", "n$me-", "a@e_", "t§st-1", "config-object-name$1", VALID_NAME_BUT_ONE_CHAR_TOO_LONG })
void model_having_a_data_configuration_with_invalid_name_has_error(String name) {
/* prepare */
SecHubConfigurationModel model = createDefaultValidModel();
SecHubDataConfiguration data = new SecHubDataConfiguration();

SecHubSourceDataConfiguration config1 = new SecHubSourceDataConfiguration();
config1.setUniqueName(name);
data.getSources().add(config1);
model.setData(data);

/* execute + test */
SecHubConfigurationModelValidationResult result = validatorToTest.validate(model);

/* test */
assertTrue(result.hasErrors());
}

@Test
void model_having_a_code_scan_configuration_which_references_a_wellknown_data_object_results_in_no_error() {
/* prepare */
Expand Down
1 change: 1 addition & 0 deletions ...mercedesbenz/sechub/integrationtest/api/AbstractHttpStatusCodeExceptionTestValidator.java
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
// SPDX-License-Identifier: MIT
package com.mercedesbenz.sechub.integrationtest.api;

import static org.junit.Assert.*;
Expand Down
36 changes: 15 additions & 21 deletions .../java/com/mercedesbenz/sechub/sharedkernel/validation/AbstractSimpleStringValidation.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
// SPDX-License-Identifier: MIT
package com.mercedesbenz.sechub.sharedkernel.validation;

import static com.mercedesbenz.sechub.commons.core.util.SimpleStringUtils.*;

public abstract class AbstractSimpleStringValidation extends AbstractValidation<String> {

protected void validateNoUpperCaseCharacters(ValidationContext<String> context) {
Expand Down Expand Up @@ -37,32 +39,24 @@ final protected void validateWithoutWhitespaces(ValidationContext<String> contex

protected void validateOnlyAlphabeticDigitOrAllowedParts(ValidationContext<String> context, char... alsoAllowed) {
String string = context.objectToValidate;
if (string == null) {
return;
}
if (string.isEmpty()) {
if (hasOnlyAlphabeticDigitOrAdditionalAllowedCharacters(string, alsoAllowed)) {
return;
}
for (char c : string.toCharArray()) {
if (Character.isDigit(c)) {
continue;
}
if (Character.isAlphabetic(c)) {
continue;
}
boolean ok = false;
for (char allowed : alsoAllowed) {
if (c == allowed) {
ok = true;
continue;
StringBuilder sb = new StringBuilder();
sb.append("The string '");
sb.append(string);
sb.append("' contains at least one character being neither a digit, alphebtical");
if (alsoAllowed.length > 0) {
sb.append("or ");
for (int i = 0; i < alsoAllowed.length; i++) {
if (i != 0) {
sb.append(',');
}
sb.append(alsoAllowed[i]);
}
if (ok) {
continue;
}
addErrorMessage(context, "Character must be one of alloweds, but found '" + c + "'.");
return;
sb.append("]");
}
addErrorMessage(context, sb.toString());
}

protected void validateNotContainingCharackters(ValidationContext<String> context, char... chars) {
Expand Down

0 comments on commit 33c5e55

Please sign in to comment.