Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[s7Ob7Zm7] Test that all load and import procedures respect security (#360) #377

Merged
merged 5 commits into from
Jun 7, 2023
Merged

[s7Ob7Zm7] Test that all load and import procedures respect security (#360) #377

merged 5 commits into from
Jun 7, 2023

Conversation

vga91
Copy link
Collaborator

@vga91 vga91 commented Apr 17, 2023
edited
Loading

Differences with the failing pr: #360

In ExportCoreSecurityTest.java (line 233), from:

	    if (casesAllowed.contains(fileName)) {
                assertPathTraversalWithoutErrors();
            } else {
                assertPathTraversalError(db, apocProcedure, Map.of("fileName", fileName), EXCEPTION_NOT_FOUND_CONSUMER);
            }

to :

            if (fileName.equals(case07)) {	
                return;	
            }	
            try {	
                assertPathTraversalWithoutErrors();	
            } catch (QueryExecutionException e) {	
                EXCEPTION_NOT_FOUND_CONSUMER.accept(	
                        Util.map(ERROR_KEY, e, PROCEDURE_KEY, apocProcedure)	
                );	
            }

In ImportAndLoadCoreSecurityTest.java (line 302), from:

 assertEquals(ALLOWED_EXCEPTIONS.get(importMethod), ExceptionUtils.getRootCause(e).getClass());

to:

                Class<?> rootCause = ExceptionUtils.getRootCause(e).getClass();
                Class<?> classException = ALLOWED_EXCEPTIONS.get(importMethod);
                assertTrue("The procedure throws an exception with class " + rootCause + " instead of " + classException,
                        classException.isAssignableFrom(rootCause)
                );

@vga91 vga91 marked this pull request as draft April 17, 2023 15:23
@vga91 vga91 force-pushed the test-loads-and-imports-configs-dev branch 10 times, most recently from e58635c to 0daca0c Compare April 20, 2023 21:43
@vga91 vga91 force-pushed the test-loads-and-imports-configs-dev branch 2 times, most recently from 6b1e19c to 4ac869c Compare May 8, 2023 08:29
vga91 added 2 commits May 10, 2023 09:28
@vga91
[s7Ob7Zm7] Test that all load and import procedures respect security (#…
08cf68d 
…360)

* [s7Ob7Zm7] Test that all load and import procedures respect security

* [3QAbWQds] changed ExportCoreSecurityTest consistent with LoadImport one
@vga91
[s7Ob7Zm7] changed tests
cf9f74c
@vga91 vga91 force-pushed the test-loads-and-imports-configs-dev branch 3 times, most recently from 89f2100 to b06758b Compare May 12, 2023 08:09
@vga91 vga91 force-pushed the test-loads-and-imports-configs-dev branch from b06758b to f2a227b Compare May 12, 2023 08:14
@vga91 vga91 changed the title [s7Ob7Zm7] [WIP] Test that all load and import procedures respect security (#360) [s7Ob7Zm7] Test that all load and import procedures respect security (#360) May 24, 2023
@vga91 vga91 marked this pull request as ready for review May 31, 2023 07:35
gem-neo4j
gem-neo4j approved these changes Jun 7, 2023
View reviewed changes
Copy link
Contributor

@gem-neo4j gem-neo4j left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM :)

@vga91 vga91 merged commit e9e874e into dev Jun 7, 2023
15 checks passed
@vga91 vga91 deleted the test-loads-and-imports-configs-dev branch June 7, 2023 08:25
vga91 added a commit to neo4j-contrib/neo4j-apoc-procedures that referenced this pull request Jun 7, 2023
@vga91
[s7Ob7Zm7] Test that all load and import procedures respect security (n…
db60b22 
…eo4j/apoc#360) (neo4j/apoc#377)

* [s7Ob7Zm7] Test that all load and import procedures respect security (#360)

* [s7Ob7Zm7] Test that all load and import procedures respect security

* [3QAbWQds] changed ExportCoreSecurityTest consistent with LoadImport one

* [s7Ob7Zm7] changed tests

* [s7Ob7Zm7] Update ImportAndLoadCoreSecurityTest.java

* [s7Ob7Zm7] reduce logs

* [s7Ob7Zm7] reduce logs in export tests
vga91 added a commit to neo4j-contrib/neo4j-apoc-procedures that referenced this pull request Jun 7, 2023
@vga91
[s7Ob7Zm7] Test that all load and import procedures respect security (n…
84232c9 
…eo4j/apoc#360) (neo4j/apoc#377)

* [s7Ob7Zm7] Test that all load and import procedures respect security (#360)

* [s7Ob7Zm7] Test that all load and import procedures respect security

* [3QAbWQds] changed ExportCoreSecurityTest consistent with LoadImport one

* [s7Ob7Zm7] changed tests

* [s7Ob7Zm7] Update ImportAndLoadCoreSecurityTest.java

* [s7Ob7Zm7] reduce logs

* [s7Ob7Zm7] reduce logs in export tests
vga91 added a commit to neo4j-contrib/neo4j-apoc-procedures that referenced this pull request Jun 16, 2023
@vga91
[s7Ob7Zm7] Test that all load and import procedures respect security (n…
bc69efc 
…eo4j/apoc#360) (neo4j/apoc#377)

* [s7Ob7Zm7] Test that all load and import procedures respect security (#360)

* [s7Ob7Zm7] Test that all load and import procedures respect security

* [3QAbWQds] changed ExportCoreSecurityTest consistent with LoadImport one

* [s7Ob7Zm7] changed tests

* [s7Ob7Zm7] Update ImportAndLoadCoreSecurityTest.java

* [s7Ob7Zm7] reduce logs

* [s7Ob7Zm7] reduce logs in export tests
vga91 added a commit to neo4j-contrib/neo4j-apoc-procedures that referenced this pull request Jun 19, 2023
@vga91
[s7Ob7Zm7] Test that all load and import procedures respect security (n…
012d603 
…eo4j/apoc#360) (neo4j/apoc#377)

* [s7Ob7Zm7] Test that all load and import procedures respect security (#360)

* [s7Ob7Zm7] Test that all load and import procedures respect security

* [3QAbWQds] changed ExportCoreSecurityTest consistent with LoadImport one

* [s7Ob7Zm7] changed tests

* [s7Ob7Zm7] Update ImportAndLoadCoreSecurityTest.java

* [s7Ob7Zm7] reduce logs

* [s7Ob7Zm7] reduce logs in export tests
vga91 added a commit to neo4j-contrib/neo4j-apoc-procedures that referenced this pull request Jun 21, 2023
@vga91
[s7Ob7Zm7] Test that all load and import procedures respect security (n…
34a382b 
…eo4j/apoc#360) (neo4j/apoc#377) (#3617)

* [s7Ob7Zm7] Test that all load and import procedures respect security (neo4j/apoc#360) (neo4j/apoc#377)

* [s7Ob7Zm7] Test that all load and import procedures respect security (#360)

* [s7Ob7Zm7] Test that all load and import procedures respect security

* [3QAbWQds] changed ExportCoreSecurityTest consistent with LoadImport one

* [s7Ob7Zm7] changed tests

* [s7Ob7Zm7] Update ImportAndLoadCoreSecurityTest.java

* [s7Ob7Zm7] reduce logs

* [s7Ob7Zm7] reduce logs in export tests

* [s7Ob7Zm7] 4.x changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gem-neo4j gem-neo4j gem-neo4j approved these changes

Assignees

@gem-neo4j gem-neo4j

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vga91 @gem-neo4j