Skip to content

Commit

Permalink
Merge pull request #7222 from IQSS/security18-hibernate-validator-vul…
Browse files Browse the repository at this point in the history
…nerability

Security18 hibernate validator vulnerability
  • Loading branch information
kcondon authored Aug 26, 2020
2 parents 1d13880 + 5e3b6ac commit 796e612
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 4 deletions.
8 changes: 6 additions & 2 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -294,9 +294,13 @@
<version>1.7</version> <!-- Or 1.8-SNAPSHOT -->
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<groupId>org.hibernate.validator</groupId>
<artifactId>hibernate-validator</artifactId>
<version>5.0.3.Final</version>
</dependency>
<dependency>
<groupId>org.glassfish</groupId>
<artifactId>jakarta.el</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
Expand Down
8 changes: 6 additions & 2 deletions src/test/java/edu/harvard/iq/dataverse/URLValidatorTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,17 @@

import org.hibernate.validator.internal.engine.constraintvalidation.ConstraintValidatorContextImpl;
import org.hibernate.validator.internal.engine.path.PathImpl;
import javax.validation.Validation;
import javax.validation.ValidatorFactory;
import org.junit.Test;

/**
*
* @author skraffmi
*/
public class URLValidatorTest {
ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory();


@Test
public void testIsURLValid() {
Expand All @@ -35,15 +39,15 @@ public void testIsValidWithUnspecifiedContext() {
@Test
public void testIsValidWithContextAndValidURL() {
String value = "https://twitter.com/";
ConstraintValidatorContext context = new ConstraintValidatorContextImpl(null, PathImpl.createPathFromString(""), null);
ConstraintValidatorContext context = new ConstraintValidatorContextImpl(validatorFactory.getClockProvider(), PathImpl.createPathFromString(""),null, null);

assertEquals(true, new URLValidator().isValid(value, context));
}

@Test
public void testIsValidWithContextButInvalidURL() {
String value = "cnn.com";
ConstraintValidatorContext context = new ConstraintValidatorContextImpl(null, PathImpl.createPathFromString(""), null);
ConstraintValidatorContext context = new ConstraintValidatorContextImpl(validatorFactory.getClockProvider(), PathImpl.createPathFromString(""),null, null);

assertEquals(false, new URLValidator().isValid(value, context));
}
Expand Down

0 comments on commit 796e612

Please sign in to comment.