SHIBUI-2094

REGEX engine to match browser JS issue
TIER · Sep 15, 2021 · 284748a · 284748a
1 parent 580b0cf
commit 284748a
Show file tree

Hide file tree

Showing 7 changed files with 60 additions and 8 deletions.
diff --git a/...c/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java b/...c/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java
@@ -22,8 +22,8 @@
 @NoArgsConstructor
 public class GroupServiceImpl implements IGroupService {
     private static final String CHECK_REGEX = "function isValid(exp){try{new RegExp(exp);return true;}catch(e){return false;}};isValid(rgx);";
-    private static final String REGEX_MATCHER = "function validate(r, s){ return (r).test(s);};validate(rgx, str);";
-    private final ScriptEngine engine = new ScriptEngineManager().getEngineByName("js");
+    private static final String REGEX_MATCHER = "function validate(r, s){ return RegExp(r).test(s);};validate(rgx, str);";
+    private final ScriptEngine engine = new ScriptEngineManager().getEngineByName("JavaScript");
 
     @Autowired
     protected GroupsRepository groupRepository;
@@ -80,7 +80,7 @@ public boolean doesStringMatchGroupPattern(String groupId, String uri) {
 
         engine.put("str", uri);
         try {
-            engine.eval("var rgx=" + regExp);
+            engine.put("rgx", regExp );
             Object value = engine.eval(REGEX_MATCHER);
             return Boolean.valueOf(value.toString());
         }
@@ -134,7 +134,7 @@ private void validateGroupRegex(Group group) throws InvalidGroupRegexException {
             return;
         }
         try {
-            engine.eval("var rgx=" + group.getValidationRegex());
+            engine.put("rgx", group.getValidationRegex());
             Object value = engine.eval(CHECK_REGEX);
             if (!Boolean.valueOf(value.toString())) {
                 throw new InvalidGroupRegexException("Invalid Regular Expression [ " + group.getValidationRegex() + " ]");

diff --git a/.../edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy b/.../edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy
@@ -82,7 +82,7 @@ class EntityDescriptorControllerTests extends AbstractBaseDataJpaTest {
         Group gb = new Group()
         gb.setResourceId("testingGroupBBB")
         gb.setName("Group BBB")
-        gb.setValidationRegex("/^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$/")
+        gb.setValidationRegex("^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$")
         gb = groupService.createGroup(gb)
 
         randomGenerator = new RandomGenerator()

diff --git a/...leth/admin/ui/domain/resolvers/validator/DynamicHttpMetadataResolverValidatorTests.groovy b/...leth/admin/ui/domain/resolvers/validator/DynamicHttpMetadataResolverValidatorTests.groovy
@@ -27,7 +27,7 @@ class DynamicHttpMetadataResolverValidatorTests extends AbstractBaseDataJpaTest
         g.setResourceId("shib")
         g.setName("shib")
         // This is valid for a url with "shib.org" in it
-        g.setValidationRegex("/^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$/")
+        g.setValidationRegex("^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$")
         g = groupServiceForTesting.createGroup(g)
 
         Optional<Role> userRole = roleRepository.findByName("ROLE_USER")

diff --git a/...h/admin/ui/domain/resolvers/validator/FileBackedHttpMetadataResolverValidatorTests.groovy b/...h/admin/ui/domain/resolvers/validator/FileBackedHttpMetadataResolverValidatorTests.groovy
@@ -22,7 +22,7 @@ class FileBackedHttpMetadataResolverValidatorTests extends AbstractBaseDataJpaTe
         g.setResourceId("shib")
         g.setName("shib")
         // This is valid for a url with "shib.org" in it
-        g.setValidationRegex("/^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$/")
+        g.setValidationRegex("^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$")
         g = groupService.createGroup(g)
 
         Optional<Role> userRole = roleRepository.findByName("ROLE_USER")

diff --git a/...net2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy b/...net2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy
@@ -8,6 +8,7 @@ import edu.internet2.tier.shibboleth.admin.ui.security.model.Group
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Role
 import edu.internet2.tier.shibboleth.admin.ui.security.model.User
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository
+import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService
 import edu.internet2.tier.shibboleth.admin.ui.util.WithMockAdmin
 import groovy.json.JsonOutput
 import org.springframework.beans.factory.annotation.Autowired
@@ -191,4 +192,32 @@ class GroupsControllerIntegrationTests extends AbstractBaseDataJpaTest {
         then:
         mockMvc.perform(delete("$RESOURCE_URI/someUser"))
     }
+
+    def 'group regex checks'() {
+        given:
+        groupsRepository.deleteByResourceId("AAA")
+        Group groupAAA = new Group().with({
+            it.name = "AAA"
+            it.description = "AAA"
+            it.resourceId = "AAA"
+            it.validationRegex = "/foo.*/"
+            it
+        })
+
+        when:
+        def result = mockMvc.perform(post(RESOURCE_URI).contentType(MediaType.APPLICATION_JSON)
+                                          .content(JsonOutput.toJson(groupAAA)).accept(MediaType.APPLICATION_JSON))
+
+        then:
+        result.andExpect(status().isCreated())
+                .andExpect(content().contentType(MediaType.APPLICATION_JSON))
+                .andExpect(jsonPath("\$.name").value("AAA"))
+                .andExpect(jsonPath("\$.resourceId").value("AAA"))
+                .andExpect(jsonPath("\$.description").value("AAA"))
+                .andExpect(jsonPath("\$.validationRegex").value("/foo.*/"))
+
+        !groupService.doesStringMatchGroupPattern("AAA", "foobar")
+        !groupService.doesStringMatchGroupPattern("AAA", "something")
+        groupService.doesStringMatchGroupPattern("AAA", "/foobar/")
+    }
 }
diff --git a/...t/groovy/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceTests.groovy b/...t/groovy/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceTests.groovy
@@ -57,4 +57,27 @@ class GroupServiceTests extends AbstractBaseDataJpaTest {
             true
         }
     }
+
+    def "Group regex evaluates properly" () {
+        when:
+        Group g = new Group()
+        g.setResourceId("AAA")
+        g.setName("AAA")
+        g.setValidationRegex("/foo.*/")
+        groupRepository.saveAndFlush(g)
+
+        then:
+        !groupService.doesStringMatchGroupPattern("AAA", "foobar")
+        !groupService.doesStringMatchGroupPattern("AAA", "something")
+        groupService.doesStringMatchGroupPattern("AAA", "/foobar/")
+
+        when:
+        g.setValidationRegex("foo.*")
+        groupRepository.saveAndFlush(g)
+
+        then:
+        groupService.doesStringMatchGroupPattern("AAA", "foobar")
+        !groupService.doesStringMatchGroupPattern("AAA", "something")
+        groupService.doesStringMatchGroupPattern("AAA", "/foobar/")
+    }
 }
diff --git a/...du/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImplTests2.groovy b/...du/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImplTests2.groovy
@@ -23,7 +23,7 @@ class JPAEntityDescriptorServiceImplTests2 extends AbstractBaseDataJpaTest {
         Group gb = new Group()
         gb.setResourceId("testingGroupBBB")
         gb.setName("Group BBB")
-        gb.setValidationRegex("/^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$/")
+        gb.setValidationRegex("^(?:https?:\\/\\/)?(?:[^.]+\\.)?shib\\.org(\\/.*)?\$")
         gb = groupService.createGroup(gb)
 
         Optional<Role> userRole = roleRepository.findByName("ROLE_USER")