• last updated 13 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
file json-test-procs.tcl was initially added on branch oacs-5-10.

fixed test server_startup_ok

Previously, the test was returning different results depending on the order of

tests.

While it is in general better to avoid error entries in the log file during

regression test, since these testing expected behavior, while error entries

in the log file should indicated unexpected behavior. However, it is still

a long way to let the regression test run cleanly.

  1. … 1 more file in changeset.
Skip test, when the optional parameter DiskCache is not defined.

Otherwise, the attempt to set the parameter will fail and will output

an error message to the log file.

Spelling changes

Claim additional coverage

Extend test suite to check URL protocol validation

Extend test suite to check behavior validating external URLs

Fixes for regression test: util_http_json_encoding

This change corrects 2 bugs, causing the regression test to fail under certain circumstances:

1) use for test location [::acs::test::url] instead of [ad_url]

The call [::acs::test::url] should be used for all tests in the regression tests and avoids

problems with wrong URLs when running e.g. in a container

2) When running on a setup with self-signed certificates, the curl requests require a "-k"

flag to be passed. Otherwise, the regression test fails.

  1. … 1 more file in changeset.
Fix test case

Extend test suite

provide a better domain name for temporal accounts in regression test

Reflect api changes in the test suite

In the end we do phase out the util_expand_entities* procs for being too lame

Good riddance

  1. … 1 more file in changeset.
a protocol relative URL is not complete, but it can be understood as external

  1. … 1 more file in changeset.
Extend the test cases for util_complete_url_p with a case of protocol-relative URL

Test util_expand_entities and util_expand_entities_ie_style

This test will show that since the long broken parenthesys in util_expand_entities_ie_style were fixed in a recent commit, this proc will just not work.

After further consideration, ns_absoluteurl is actually sufficient to preform location header completion on its own and does not need a wrapper utility

  1. … 3 more files in changeset.
Streamline terminology with other occurrences in OpenACS and NaviServer/AOLserver

- the term "location" is usually used in OpenACS/NaviServer/AOLserver for the

part of a URL before the path (i.e. SCHEME+HOST+PORT)

- the new function util::absolute_url is a value-added version of NaviServer's "ns_absoluteurl".

This is now documented with its differences, and aligned with its terminology

  1. … 2 more files in changeset.
Introduce util::complete_location

This utility is meant to require the value of the Location header in an HTTP response to be completed vith the host coming from a reference complete URL, which is normally that of the redirected request.

It is intended for use in the context of HTTP client APIs, where we want to handle server responses affected by https://www.rfc-editor.org/rfc/rfc7231#section-7.1.2

  1. … 3 more files in changeset.
Make test more robust in setups where we cache permissions

Expand permission test suite to include definition of custom privileges in a couple of setups

Provide an automated test of "advanced" permission features: permission inheritance via group, or via the permission context

Test further improvement of injection attempt by penetration tests

Replicate a smarter attempt by a penetration tool to disguise the javascript: protocol

Remove duplicated entry

Rework of util::which

The new version deals now correctly with absolute paths,

where just the extensions are added, and it is checked

whether the program is executable.

Extended regression test to deal with optional and required

external dependencies. Missing optional external programs

produce warnings.

  1. … 1 more file in changeset.
Cleanup of external binaries: always use "util::which" to resolve binaries

Background: it is important to always use the same binaries of some

programs. This is important for security reasons, consistency, and

configurability (some operating systems have read-only file systems,

which might be on the path and should be avoided for some operations).

Improve test:

whether the html filter will accept or not a script tag is configuration-dependent. We now enforce that the outcome is consistent with the security check for HTML used in the filter itself.

Replicate injection attempt by penetration tools

bugfix: fixed test test_ad_register_proc when running in a container

When runnig in a container, one cannot use util_current_localtion, which refers

to the URL to reach the server from the container host. To address the server

inside the container, acs::test::url should be used.

This change does not matter for non-containerized applications