Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue 51749: Site validator fails on some wikis #2156

Merged
merged 8 commits into from
Dec 2, 2024
Merged

Issue 51749: Site validator fails on some wikis #2156

merged 8 commits into from
Dec 2, 2024

Conversation

labkey-jeckels
Copy link
Contributor

Rationale

Add some test coverage for site validation of wikis.

Related Pull Requests

Changes

  • Create a wiki with CSP problems (inline script)
  • Improve WikiHelper
  • Eliminate need for casting when calling getCurrentTest()

@labkey-jeckels labkey-jeckels requested review from a team, labkey-chrisj and labkey-adam and removed request for a team November 25, 2024 23:59
labkey-chrisj
labkey-chrisj approved these changes Nov 26, 2024
View reviewed changes
Copy link
Contributor

@labkey-chrisj labkey-chrisj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this

labkey-tchad
labkey-tchad requested changes Nov 26, 2024
View reviewed changes
Copy link
Member

@labkey-tchad labkey-tchad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The wiki module isn't in the base distribution anymore.
DatabaseDiagnosticsTest gets run in a lot of suites, possibly ones where the wiki module isn't present. If not now, possibly in the future. It is also intended to be run at the end of suites to do some extra validation, without adding much extra overhead.
I would put this check into a separate test (or maybe one of the existing wiki tests) to avoid the overhead of creating an extra project and wiki in suites that aren't wiki-focused.

labkey-tchad
labkey-tchad reviewed Nov 26, 2024
View reviewed changes
src/org/labkey/test/tests/DatabaseDiagnosticsTest.java Outdated
Comment on lines 96 to 97
PortalHelper portalHelper = new PortalHelper(this);
portalHelper.addBodyWebPart("Wiki");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding the wiki webpart makes the setup longer and makes the test likely to trigger the CSP just by navigating through the project home page. Better to goToModule("Wiki") to create the wiki.

@labkey-jeckels
Copy link
Contributor Author

@labkey-tchad I moved my new coverage into a new test, WikiCspTest. It's passing for me locally but failing on TeamCity. I eventually added enough logging to discover that there are multiple CspCheckPageLoadListener objects. I'm turning off the check for _cspCheckPageLoadListener but another one is still failing.

I don't have a good handle on the life cycle here, and can't repro locally. Any suggestions?

@labkey-tchad
Copy link
Member

@labkey-tchad I moved my new coverage into a new test, WikiCspTest. It's passing for me locally but failing on TeamCity. I eventually added enough logging to discover that there are multiple CspCheckPageLoadListener objects. I'm turning off the check for _cspCheckPageLoadListener but another one is still failing.

I don't have a good handle on the life cycle here, and can't repro locally. Any suggestions?

Yeah, the JUnit lifecycle makes these tricky. Now that I look at it again, what you're seeing makes sense. Each @Test is run in a separate thread with a separate instance of the test class. Thus, a new CspCheckPageLoadListener instance is registered with each test that is run. Without a serious redesign, it isn't really safe to make the page load listeners stateful like this (even having the ArtifactCollector and DeferredErrorCollector baked in probably isn't a great idea).

Instead of having an off/on switch, a better option might be to call CspLogUtil.checkNewCspWarnings(getArtifactCollector()); immediately after saving the wiki and catch the CspWarningDetectedException that it should throw. This is how CrawlerTest#testCspWarning handles an expected CSP warning without triggering the CspCheckPageLoadListener.

Also, WikiCspTest should override checkLinks to no-op so that the crawler doesn't accidentally trigger the CSP.

@labkey-jeckels
Copy link
Contributor Author

@labkey-tchad I moved my new coverage into a new test, WikiCspTest. It's passing for me locally but failing on TeamCity. I eventually added enough logging to discover that there are multiple CspCheckPageLoadListener objects. I'm turning off the check for _cspCheckPageLoadListener but another one is still failing.
I don't have a good handle on the life cycle here, and can't repro locally. Any suggestions?

Yeah, the JUnit lifecycle makes these tricky. Now that I look at it again, what you're seeing makes sense. Each @Test is run in a separate thread with a separate instance of the test class. Thus, a new CspCheckPageLoadListener instance is registered with each test that is run. Without a serious redesign, it isn't really safe to make the page load listeners stateful like this (even having the ArtifactCollector and DeferredErrorCollector baked in probably isn't a great idea).

Instead of having an off/on switch, a better option might be to call CspLogUtil.checkNewCspWarnings(getArtifactCollector()); immediately after saving the wiki and catch the CspWarningDetectedException that it should throw. This is how CrawlerTest#testCspWarning handles an expected CSP warning without triggering the CspCheckPageLoadListener.

Also, WikiCspTest should override checkLinks to no-op so that the crawler doesn't accidentally trigger the CSP.

Thanks for the guidance. The test just passed on TeamCity.

As a separate followup, should we avoid figure out how to avoid registering multiple CspCheckPageLoadListener? Maybe remove any existing ones before adding the new one? Maybe they're fast enough to not matter but we're presumably doing many redundant checks for tests that have a lot of @Test methods

labkey-tchad
labkey-tchad approved these changes Dec 2, 2024
View reviewed changes
Copy link
Member

@labkey-tchad labkey-tchad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can deal with the duplicate CspCheckPageLoadListeners later. Hopefully the fact that the page load listeners are stored in a WeakHashMap means we don't build up too many at once.

@labkey-jeckels labkey-jeckels merged commit a3e32db into release24.11-SNAPSHOT Dec 2, 2024
3 checks passed
@labkey-jeckels labkey-jeckels deleted the 24.11_fb_51749_siteValidationOfWikis branch December 2, 2024 20:36
This was referenced Dec 5, 2024
Merged
Merged
@labkey-tchad labkey-tchad mentioned this pull request Jan 8, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@labkey-tchad labkey-tchad labkey-tchad approved these changes

@labkey-chrisj labkey-chrisj labkey-chrisj approved these changes

@labkey-adam labkey-adam Awaiting requested review from labkey-adam

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@labkey-jeckels @labkey-tchad @labkey-chrisj