/
XMLChangeLogSAXParserTest.groovy
103 lines (83 loc) · 4.61 KB
/
XMLChangeLogSAXParserTest.groovy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package liquibase.parser.core.xml
import liquibase.Contexts
import liquibase.GlobalConfiguration
import liquibase.LabelExpression
import liquibase.RuntimeEnvironment
import liquibase.Scope
import liquibase.changelog.ChangeLogIterator
import liquibase.changelog.ChangeLogParameters
import liquibase.changelog.ChangeSet
import liquibase.changelog.DatabaseChangeLog
import liquibase.changelog.filter.ChangeSetFilterResult
import liquibase.changelog.visitor.ChangeSetVisitor
import liquibase.database.Database
import liquibase.database.core.MockDatabase
import liquibase.exception.ChangeLogParseException
import liquibase.exception.LiquibaseException
import liquibase.sdk.resource.MockResourceAccessor
import liquibase.test.JUnitResourceAccessor
import spock.lang.Specification
class XMLChangeLogSAXParserTest extends Specification {
def INSECURE_XML = """
<!DOCTYPE databaseChangeLog [
<!ENTITY insecure SYSTEM "file://invalid.txt">
]>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.6.xsd">
<changeSet id="1" author="example">
<output>&insecure;</output>
</changeSet>
</databaseChangeLog>
"""
def testIgnoreDuplicateChangeSets() throws ChangeLogParseException, Exception {
when:
def xmlParser = new XMLChangeLogSAXParser()
def changeLog = xmlParser.parse("liquibase/parser/core/xml/ignoreDuplicatedChangeLogs/master.changelog.xml",
new ChangeLogParameters(), new JUnitResourceAccessor())
final List<ChangeSet> changeSets = new ArrayList<ChangeSet>()
new ChangeLogIterator(changeLog).run(new ChangeSetVisitor() {
@Override
ChangeSetVisitor.Direction getDirection() {
return ChangeSetVisitor.Direction.FORWARD
}
@Override
void visit(ChangeSet changeSet, DatabaseChangeLog databaseChangeLog, Database database, Set<ChangeSetFilterResult> filterResults) throws LiquibaseException {
changeSets.add(changeSet)
}
}, new RuntimeEnvironment(new MockDatabase(), new Contexts(), new LabelExpression()))
then:
changeSets.size() == 8
changeSets.get(0).toString() == "liquibase/parser/core/xml/ignoreDuplicatedChangeLogs/included.changelog4.xml::1::testuser"
changeSets.get(1).toString() == "liquibase/parser/core/xml/ignoreDuplicatedChangeLogs/included.changelog4.xml::1::testuser"
changeSets.get(1).getContexts().getContexts().size() == 1
changeSets.get(2).toString() == "liquibase/parser/core/xml/ignoreDuplicatedChangeLogs/included.changelog4.xml::1::testuser"
changeSets.get(2).getLabels().getLabels().size() == 1
changeSets.get(3).toString() == "liquibase/parser/core/xml/ignoreDuplicatedChangeLogs/included.changelog4.xml::1::testuser"
changeSets.get(3).getLabels().getLabels().size() == 2
changeSets.get(4).toString() == "liquibase/parser/core/xml/ignoreDuplicatedChangeLogs/included.changelog4.xml::1::testuser"
changeSets.get(4).getDbmsSet().size() == 1
changeSets.get(5).toString() == "liquibase/parser/core/xml/ignoreDuplicatedChangeLogs/included.changelog1.xml::1::testuser"
changeSets.get(6).toString() == "liquibase/parser/core/xml/ignoreDuplicatedChangeLogs/included.changelog3.xml::1::testuser"
changeSets.get(7).toString() == "liquibase/parser/core/xml/ignoreDuplicatedChangeLogs/included.changelog2.xml::1::testuser"
}
def "uses liquibase.secureParsing by default"() {
when:
def resourceAccessor = new MockResourceAccessor(["com/example/insecure.xml": INSECURE_XML])
new XMLChangeLogSAXParser().parse("com/example/insecure.xml", new ChangeLogParameters(), resourceAccessor)
then:
def e = thrown(ChangeLogParseException)
e.message.contains("access is not allowed due to restriction set by the accessExternalDTD property")
}
def "allows liquibase.secureParsing=false to disable secure parsing"() {
when:
def resourceAccessor = new MockResourceAccessor(["com/example/insecure.xml": INSECURE_XML])
Scope.child(GlobalConfiguration.SECURE_PARSING.key, "false", { ->
new XMLChangeLogSAXParser().parse("com/example/insecure.xml", new ChangeLogParameters(), resourceAccessor)
})
then:
def e = thrown(ChangeLogParseException)
e.message.contains("Error Reading Changelog File: invalid.txt")
}
}