DWN-31929 : updated dependencies and made method void
Harry Smith
parent
28e69c377f
commit
dd92d8473e
|
|
@ -94,7 +94,7 @@
|
||||||
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.codehaus.groovy</groupId>
|
<groupId>org.codehaus.groovy</groupId>
|
||||||
<artifactId>groovy-all</artifactId>
|
<artifactId>groovy</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.spockframework</groupId>
|
<groupId>org.spockframework</groupId>
|
||||||
|
|
@ -117,7 +117,7 @@
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.codehaus.gmavenplus</groupId>
|
<groupId>org.codehaus.gmavenplus</groupId>
|
||||||
<artifactId>gmavenplus-plugin</artifactId>
|
<artifactId>gmavenplus-plugin</artifactId>
|
||||||
<version>1.7.0</version>
|
<version>1.8.1</version>
|
||||||
<executions>
|
<executions>
|
||||||
<execution>
|
<execution>
|
||||||
<goals>
|
<goals>
|
||||||
|
|
@ -135,7 +135,7 @@
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-surefire-plugin</artifactId>
|
<artifactId>maven-surefire-plugin</artifactId>
|
||||||
<version>2.18.1</version>
|
<version>2.22.2</version>
|
||||||
<configuration>
|
<configuration>
|
||||||
<excludedGroups combine.self="override"/>
|
<excludedGroups combine.self="override"/>
|
||||||
<testClassesDirectory>${project.build.testOutputDirectory}</testClassesDirectory>
|
<testClassesDirectory>${project.build.testOutputDirectory}</testClassesDirectory>
|
||||||
|
|
|
||||||
|
|
@ -83,7 +83,7 @@ public class UserInfoInterceptor extends HandlerInterceptorAdapter {
|
||||||
OIDCAuthenticationToken oidc = (OIDCAuthenticationToken) auth;
|
OIDCAuthenticationToken oidc = (OIDCAuthenticationToken) auth;
|
||||||
UserInfo userInfo = oidc.getUserInfo();
|
UserInfo userInfo = oidc.getUserInfo();
|
||||||
if (userInfo != null) {
|
if (userInfo != null) {
|
||||||
santiseUserInfo(userInfo);
|
sanitiseUserInfo(userInfo);
|
||||||
request.setAttribute("userInfo", userInfo);
|
request.setAttribute("userInfo", userInfo);
|
||||||
request.setAttribute("userInfoJson", userInfo.toJson());
|
request.setAttribute("userInfoJson", userInfo.toJson());
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -99,7 +99,7 @@ public class UserInfoInterceptor extends HandlerInterceptorAdapter {
|
||||||
|
|
||||||
// if we have one, inject it so views can use it
|
// if we have one, inject it so views can use it
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
santiseUserInfo(user);
|
sanitiseUserInfo(user);
|
||||||
request.setAttribute("userInfo", user);
|
request.setAttribute("userInfo", user);
|
||||||
request.setAttribute("userInfoJson", user.toJson());
|
request.setAttribute("userInfoJson", user.toJson());
|
||||||
}
|
}
|
||||||
|
|
@ -110,39 +110,38 @@ public class UserInfoInterceptor extends HandlerInterceptorAdapter {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
private UserInfo santiseUserInfo(final UserInfo userInfo) {
|
private void sanitiseUserInfo(final UserInfo userInfo) {
|
||||||
userInfo.setSub(nullCheckClean(userInfo.getSub()));
|
userInfo.setSub(sanitise(userInfo.getSub()));
|
||||||
userInfo.setPreferredUsername(nullCheckClean(userInfo.getPreferredUsername()));
|
userInfo.setPreferredUsername(sanitise(userInfo.getPreferredUsername()));
|
||||||
userInfo.setName(nullCheckClean(userInfo.getName()));
|
userInfo.setName(sanitise(userInfo.getName()));
|
||||||
userInfo.setGivenName(nullCheckClean(userInfo.getGivenName()));
|
userInfo.setGivenName(sanitise(userInfo.getGivenName()));
|
||||||
userInfo.setFamilyName(nullCheckClean(userInfo.getFamilyName()));
|
userInfo.setFamilyName(sanitise(userInfo.getFamilyName()));
|
||||||
userInfo.setMiddleName(nullCheckClean(userInfo.getMiddleName()));
|
userInfo.setMiddleName(sanitise(userInfo.getMiddleName()));
|
||||||
userInfo.setNickname(nullCheckClean(userInfo.getNickname()));
|
userInfo.setNickname(sanitise(userInfo.getNickname()));
|
||||||
userInfo.setProfile(nullCheckClean(userInfo.getProfile()));
|
userInfo.setProfile(sanitise(userInfo.getProfile()));
|
||||||
userInfo.setPicture(nullCheckClean(userInfo.getPicture()));
|
userInfo.setPicture(sanitise(userInfo.getPicture()));
|
||||||
userInfo.setWebsite(nullCheckClean(userInfo.getWebsite()));
|
userInfo.setWebsite(sanitise(userInfo.getWebsite()));
|
||||||
userInfo.setEmail(nullCheckClean(userInfo.getEmail()));
|
userInfo.setEmail(sanitise(userInfo.getEmail()));
|
||||||
userInfo.setGender(nullCheckClean(userInfo.getGender()));
|
userInfo.setGender(sanitise(userInfo.getGender()));
|
||||||
userInfo.setLocale(nullCheckClean(userInfo.getLocale()));
|
userInfo.setLocale(sanitise(userInfo.getLocale()));
|
||||||
userInfo.setPhoneNumber(nullCheckClean(userInfo.getPhoneNumber()));
|
userInfo.setPhoneNumber(sanitise(userInfo.getPhoneNumber()));
|
||||||
userInfo.setUpdatedTime(nullCheckClean(userInfo.getUpdatedTime()));
|
userInfo.setUpdatedTime(sanitise(userInfo.getUpdatedTime()));
|
||||||
userInfo.setBirthdate(nullCheckClean(userInfo.getBirthdate()));
|
userInfo.setBirthdate(sanitise(userInfo.getBirthdate()));
|
||||||
|
|
||||||
Address userInfoAddress = userInfo.getAddress();
|
Address userInfoAddress = userInfo.getAddress();
|
||||||
if (userInfoAddress != null) {
|
if (userInfoAddress != null) {
|
||||||
userInfoAddress.setFormatted(nullCheckClean(userInfoAddress.getFormatted()));
|
userInfoAddress.setFormatted(sanitise(userInfoAddress.getFormatted()));
|
||||||
userInfoAddress.setStreetAddress(nullCheckClean(userInfoAddress.getStreetAddress()));
|
userInfoAddress.setStreetAddress(sanitise(userInfoAddress.getStreetAddress()));
|
||||||
userInfoAddress.setLocality(nullCheckClean(userInfoAddress.getLocality()));
|
userInfoAddress.setLocality(sanitise(userInfoAddress.getLocality()));
|
||||||
userInfoAddress.setRegion(nullCheckClean(userInfoAddress.getRegion()));
|
userInfoAddress.setRegion(sanitise(userInfoAddress.getRegion()));
|
||||||
userInfoAddress.setPostalCode(nullCheckClean(userInfoAddress.getPostalCode()));
|
userInfoAddress.setPostalCode(sanitise(userInfoAddress.getPostalCode()));
|
||||||
userInfoAddress.setCountry(nullCheckClean(userInfoAddress.getCountry()));
|
userInfoAddress.setCountry(sanitise(userInfoAddress.getCountry()));
|
||||||
userInfo.setAddress(userInfoAddress);
|
userInfo.setAddress(userInfoAddress);
|
||||||
}
|
}
|
||||||
|
|
||||||
return userInfo;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private String nullCheckClean(String elementToClean) {
|
private String sanitise(String elementToClean) {
|
||||||
final Whitelist whitelist = Whitelist.relaxed()
|
final Whitelist whitelist = Whitelist.relaxed()
|
||||||
.removeTags("a")
|
.removeTags("a")
|
||||||
.removeProtocols("img", "src", "http", "https");
|
.removeProtocols("img", "src", "http", "https");
|
||||||
|
|
|
||||||
|
|
@ -23,19 +23,19 @@ class UserInfoInterceptorSpec extends Specification {
|
||||||
|
|
||||||
when: 'The user info object is passed through the sanitise method'
|
when: 'The user info object is passed through the sanitise method'
|
||||||
|
|
||||||
UserInfo sanitisedUserInfo = userInfoInterceptor.santiseUserInfo(userInfo)
|
userInfoInterceptor.sanitiseUserInfo(userInfo)
|
||||||
|
|
||||||
then: 'The malicious names have been sanitised'
|
then: 'The malicious names have been sanitised'
|
||||||
|
|
||||||
sanitisedUserInfo.getName() == 'Test Test'
|
userInfo.getName() == 'Test Test'
|
||||||
sanitisedUserInfo.getGivenName() == 'Test'
|
userInfo.getGivenName() == 'Test'
|
||||||
|
|
||||||
and: 'The non malicious elements have been unaffected'
|
and: 'The non malicious elements have been unaffected'
|
||||||
|
|
||||||
sanitisedUserInfo.getSub() == '12318767'
|
userInfo.getSub() == '12318767'
|
||||||
sanitisedUserInfo.getPreferredUsername() == 'Test'
|
userInfo.getPreferredUsername() == 'Test'
|
||||||
sanitisedUserInfo.getFamilyName() == 'Test'
|
userInfo.getFamilyName() == 'Test'
|
||||||
sanitisedUserInfo.getEmail() == 'test@test.com'
|
userInfo.getEmail() == 'test@test.com'
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
8
pom.xml
8
pom.xml
|
|
@ -522,19 +522,19 @@
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.codehaus.groovy</groupId>
|
<groupId>org.codehaus.groovy</groupId>
|
||||||
<artifactId>groovy-all</artifactId>
|
<artifactId>groovy</artifactId>
|
||||||
<version>2.4.13</version>
|
<version>2.5.9</version>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.spockframework</groupId>
|
<groupId>org.spockframework</groupId>
|
||||||
<artifactId>spock-core</artifactId>
|
<artifactId>spock-core</artifactId>
|
||||||
<version>1.1-groovy-2.4</version>
|
<version>1.3-groovy-2.5</version>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
<exclusions>
|
<exclusions>
|
||||||
<exclusion>
|
<exclusion>
|
||||||
<groupId>org.codehaus.groovy</groupId>
|
<groupId>org.codehaus.groovy</groupId>
|
||||||
<artifactId>groovy-all</artifactId>
|
<artifactId>*</artifactId>
|
||||||
</exclusion>
|
</exclusion>
|
||||||
</exclusions>
|
</exclusions>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue