001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.rest.client;
019
020import static org.junit.Assert.assertEquals;
021import static org.junit.Assert.assertTrue;
022import static org.junit.Assert.fail;
023import static org.mockito.Mockito.mock;
024import static org.mockito.Mockito.when;
025
026import java.io.IOException;
027import javax.xml.bind.UnmarshalException;
028import org.apache.hadoop.hbase.HBaseClassTestRule;
029import org.apache.hadoop.hbase.HBaseConfiguration;
030import org.apache.hadoop.hbase.rest.Constants;
031import org.apache.hadoop.hbase.rest.model.StorageClusterVersionModel;
032import org.apache.hadoop.hbase.testclassification.SmallTests;
033import org.apache.hadoop.hbase.util.Bytes;
034import org.apache.hadoop.util.StringUtils;
035import org.junit.ClassRule;
036import org.junit.Test;
037import org.junit.experimental.categories.Category;
038import org.slf4j.Logger;
039import org.slf4j.LoggerFactory;
040
041/**
042 * Test class for {@link RemoteAdmin} to verify XML is parsed in a certain manner.
043 */
044@Category(SmallTests.class)
045public class TestXmlParsing {
046
047  @ClassRule
048  public static final HBaseClassTestRule CLASS_RULE =
049      HBaseClassTestRule.forClass(TestXmlParsing.class);
050
051  private static final Logger LOG = LoggerFactory.getLogger(TestXmlParsing.class);
052
053  @Test
054  public void testParsingClusterVersion() throws Exception {
055    final String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>"
056        + "<ClusterVersion Version=\"2.0.0\"/>";
057    Client client = mock(Client.class);
058    RemoteAdmin admin = new RemoteAdmin(client, HBaseConfiguration.create(), null);
059    Response resp = new Response(200, null, Bytes.toBytes(xml));
060
061    when(client.get("/version/cluster", Constants.MIMETYPE_XML)).thenReturn(resp);
062
063    StorageClusterVersionModel cv = admin.getClusterVersion();
064    assertEquals("2.0.0", cv.getVersion());
065  }
066
067  @Test
068  public void testFailOnExternalEntities() throws Exception {
069    final String externalEntitiesXml =
070        "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
071        + " <!DOCTYPE foo [ <!ENTITY xxe SYSTEM \"/tmp/foo\"> ] >"
072        + " <ClusterVersion>&xee;</ClusterVersion>";
073    Client client = mock(Client.class);
074    RemoteAdmin admin = new RemoteAdmin(client, HBaseConfiguration.create(), null);
075    Response resp = new Response(200, null, Bytes.toBytes(externalEntitiesXml));
076
077    when(client.get("/version/cluster", Constants.MIMETYPE_XML)).thenReturn(resp);
078
079    try {
080      admin.getClusterVersion();
081      fail("Expected getClusterVersion() to throw an exception");
082    } catch (IOException e) {
083      assertEquals("Cause of exception ought to be a failure to parse the stream due to our " +
084          "invalid external entity. Make sure this isn't just a false positive due to " +
085          "implementation. see HBASE-19020.", UnmarshalException.class, e.getCause().getClass());
086      final String exceptionText = StringUtils.stringifyException(e);
087      final String expectedText = "\"xee\"";
088      LOG.debug("exception text: '" + exceptionText + "'", e);
089      assertTrue("Exception does not contain expected text", exceptionText.contains(expectedText));
090    }
091  }
092}