diff --git a/src/org/labkey/test/tests/assay/AssayTransformImportUpdateTest.java b/src/org/labkey/test/tests/assay/AssayTransformImportUpdateTest.java index 544bd9018a..0d99290cb2 100644 --- a/src/org/labkey/test/tests/assay/AssayTransformImportUpdateTest.java +++ b/src/org/labkey/test/tests/assay/AssayTransformImportUpdateTest.java @@ -188,6 +188,13 @@ public void testEnableTransformForUpdate() throws Exception " ", dataMap2.get("M2")); checker().screenShotIfNewError("unexpected update transform data"); + // re-enable protocol run-on-import and edit so we can measure their metrics + assayDesignerPage = ReactAssayDesignerPage.beginAt(this, getProjectName(), protocolResponse.getProtocolId(), + "general", getURL().toString()); + assayDesignerPage.setScriptActionCheckbox(transformFile.getName(), Edit, true); + assayDesignerPage.setScriptActionCheckbox(transformFile.getName(), Import, true); + assayDesignerPage.clickSave(); + // validate some metrics for this feature var metricsPage = UsageStatisticsPage.beginAt(this); metricsPage.setJsonPathInput("modules.Experiment.assay"); diff --git a/src/org/labkey/test/tests/assay/AssayTransformWarningTest.java b/src/org/labkey/test/tests/assay/AssayTransformWarningTest.java index 688d33085d..b42a0ad0dc 100644 --- a/src/org/labkey/test/tests/assay/AssayTransformWarningTest.java +++ b/src/org/labkey/test/tests/assay/AssayTransformWarningTest.java @@ -227,7 +227,7 @@ public void testRTransformUpdateWarning() throws Exception // note: we currently do not support warnings on update; Issue 52299 tracks this // for now, expect warning-generating script events to show up as errors - assertTextPresent("An error occurred when running the script 'assayTransformWarning.R', exit code: 1."); + assertTextPresent("An error occurred when running the script 'transformWarnUpdate.R', exit code: 1."); } @Test @@ -297,7 +297,7 @@ public void testTransformErrorOnUpdate() throws Exception .setField("comment", "commented") .submit(); - assertTextPresent("An error occurred when running the script 'assayTransformError.R', exit code: 1."); + assertTextPresent("An error occurred when running the script 'transformErrUpdate.R', exit code: 1."); } @Test diff --git a/src/org/labkey/test/tests/wiki/WikiTest.java b/src/org/labkey/test/tests/wiki/WikiTest.java index d0e322c9c3..43adddc06a 100644 --- a/src/org/labkey/test/tests/wiki/WikiTest.java +++ b/src/org/labkey/test/tests/wiki/WikiTest.java @@ -16,10 +16,14 @@ package org.labkey.test.tests.wiki; +import org.assertj.core.api.Assertions; +import org.json.JSONObject; import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; import org.junit.experimental.categories.Category; +import org.labkey.remoteapi.CommandException; +import org.labkey.remoteapi.SimplePostCommand; import org.labkey.test.BaseWebDriverTest; import org.labkey.test.Locator; import org.labkey.test.categories.Daily; @@ -223,6 +227,117 @@ public void testWikiWithComma() Assert.assertEquals("Incorrect result with comma", Arrays.asList(wikiTitle + "\n/" + getProjectName() + "\n" + wikiContent), getTexts(new SearchResultsPage(getDriver()).getResults())); } + // Issue 51382 + @Test + public void testCreateWikiWithHostileNameAndTitle() throws Exception + { + var newLine = '\u0081'; + var stringTerminator = '\u009c'; + String wikiName = "Wiki with " + stringTerminator + TRICKY_CHARACTERS + newLine; + String wikiTitle = "Title with " + stringTerminator + TRICKY_CHARACTERS + newLine; + String wikiContent = "

Content with " + stringTerminator + TRICKY_CHARACTERS + newLine + "

"; + + var createCmd = new SimplePostCommand("wiki", "saveWiki"); + JSONObject json = new JSONObject(); + json.put("title", wikiTitle); + json.put("content", wikiContent); + json.put("body", wikiContent); + json.put("pageVersionId", -1); + json.put("name", wikiName); + createCmd.setJsonObject(json); + try + { + createCmd.execute(createDefaultConnection(), getProjectName()); + Assert.fail("Create command should have failed"); + } + catch (CommandException success) + { + log("Error creating wiki page: " + success.getMessage()); + checker().wrapAssertion(() -> Assertions.assertThat(success.getMessage()) + .as("expect error") + .contains("Wiki name contains invalid characters")); + checker().verifyEquals("expect 400 for bad request", 400, success.getStatusCode()); + var jsonProps = new JSONObject(success.getProperties()); + var errors = jsonProps.getJSONArray("errors"); + + checker().wrapAssertion(() -> Assertions.assertThat(List.of(errors.getJSONObject(0), errors.getJSONObject(1))) + .extracting(a -> a.get("msg")) + .as("expect warnings for wiki name and title") + .containsOnly("Wiki name contains invalid characters.", "Wiki title contains invalid characters.")); + checker().wrapAssertion(() -> Assertions.assertThat(List.of(errors.getJSONObject(0), errors.getJSONObject(1))) + .extracting(a -> a.get("severity")) + .as("expect error severity") + .containsOnly("Error")); + checker().wrapAssertion(() -> Assertions.assertThat(List.of(errors.getJSONObject(0), errors.getJSONObject(1))) + .extracting(a -> a.get("field")) + .as("expect errors for name, title") + .containsOnly("name", "title")); + } + } + + // Issue 51382 + @Test + public void testUpdateWikiWithHostileNameAndTitle() throws Exception + { + var newLine = '\u0081'; + var stringTerminator = '\u009c'; + String wikiTitle = "Title with " + stringTerminator + TRICKY_CHARACTERS + newLine; + String wikiContent = "

This is my content " + stringTerminator + TRICKY_CHARACTERS + newLine + "

"; + String wikiName = "hostileWiki"; + String wikiTitleSafe = "wikiHostile"; + var cn = createDefaultConnection(); + + // first, create a straightforward wiki + var createCmd = new SimplePostCommand("wiki", "saveWiki"); + JSONObject createJson = new JSONObject(); + createJson.put("name", wikiName); + createJson.put("title", wikiTitleSafe); + createJson.put("rendererType", "HTML"); + createJson.put("body", "

content

"); + createJson.put("pageVersionId", -1); + createCmd.setJsonObject(createJson); + + var createResponse = createCmd.execute(cn, getProjectName()); + var createResponseJson = new JSONObject(createResponse.getParsedData()); + var wikiProps = createResponseJson.getJSONObject("wikiProps"); + SearchAdminAPIHelper.waitForIndexer(); + + // now, update the wiki with hostile inputs, expecting error/failure + var updateJson = new JSONObject(); + updateJson.put("name", wikiProps.getString("name")); + updateJson.put("title", wikiTitle); + updateJson.put("entityId", wikiProps.getString("entityId")); + updateJson.put("rendererType", wikiProps.getString("rendererType")); + updateJson.put("body", wikiContent); + updateJson.put("pageVersionId", wikiProps.getInt("pageVersionId")); + createCmd.setJsonObject(updateJson); + try { + createCmd.execute(cn, getProjectName()); + Assert.fail("Update command should have failed with hostile input"); + } catch (CommandException success) + { + checker().wrapAssertion(()-> Assertions.assertThat(success.getMessage()) + .as("expect error") + .contains("Wiki title contains invalid characters")); + checker().verifyEquals("expect 400 for bad request", 400, success.getStatusCode()); + var jsonProps =new JSONObject(success.getProperties()); + var error = jsonProps.getJSONArray("errors").getJSONObject(0); + + checker().wrapAssertion(()-> Assertions.assertThat(error) + .extracting(a-> a.get("msg")) + .as("expect warning for wiki title") + .isEqualTo("Wiki title contains invalid characters.")); + checker().wrapAssertion(()-> Assertions.assertThat(error) + .extracting(a-> a.get("severity")) + .as("expect error severity") + .isEqualTo("Error")); + checker().wrapAssertion(()-> Assertions.assertThat(error) + .extracting(a-> a.get("field")) + .as("expect title field to be the source of the error") + .isEqualTo("title")); + } +} + protected void verifyWikiPagePresent() { waitForText(WIKI_CHECK_CONTENT);