refactoring sanitizer and "unit" test

leocwolter · leocwolter · commit df8058bff376 · 2014-09-10T17:54:09.000-03:00
diff --git a/src/main/java/org/mamute/sanitizer/HtmlAttributesBuilder.java b/src/main/java/org/mamute/sanitizer/HtmlAttributesBuilder.java
@@ -1,29 +1,44 @@
 package org.mamute.sanitizer;
 
+import static org.mamute.sanitizer.HtmlElementsBuilder.COMMA;
 import static org.mamute.sanitizer.HtmlSanitizer.ALLOWED_ATTRIBUTES_KEY_PREFIX;
 import static org.mamute.sanitizer.HtmlSanitizer.ALLOWED_ATTRIBUTES_WHITELIST_KEY_SUFIX;
 
 import java.util.HashMap;
 import java.util.Map;
 
+import javax.inject.Inject;
+
 import br.com.caelum.vraptor.environment.Environment;
 
+public class HtmlAttributesBuilder {
+	private Environment env;
 
-public class HtmlAttribute {
+	/**
+	 * @deprecated CDI eyes only
+	 */
+	public HtmlAttributesBuilder() {
+	}
+	
+	@Inject
+	public HtmlAttributesBuilder(Environment env) {
+		this.env = env;
+	}
 
-	public static Map<String, String> using(String element, Environment environment){
+	public Map<String, String> build(String element) {
 		Map<String, String> attributesAndWhitelist = new HashMap<>();
 		String allowedAttributesKey = ALLOWED_ATTRIBUTES_KEY_PREFIX+element;
-		if(environment.has(allowedAttributesKey)){
-			String allowedString = environment.get(allowedAttributesKey);
-			String[] allowedAttributes = allowedString.split(HtmlElement.COMMA);
+		if(env.has(allowedAttributesKey)){
+			String allowedString = env.get(allowedAttributesKey);
+			String[] allowedAttributes = allowedString.split(COMMA);
 			for (String attribute : allowedAttributes) {
 				String whitelistKey = allowedAttributesKey+ALLOWED_ATTRIBUTES_WHITELIST_KEY_SUFIX+attribute;
-				String whitelist = environment.get(whitelistKey, null);
+				String whitelist = env.get(whitelistKey, null);
 				attributesAndWhitelist.put(attribute, whitelist);
 			}
 		}
 		return attributesAndWhitelist;
 	}
-
+	
+	
 }
diff --git a/src/main/java/org/mamute/sanitizer/HtmlElement.java b/src/main/java/org/mamute/sanitizer/HtmlElement.java
@@ -1,43 +1,47 @@
 package org.mamute.sanitizer;
 
-import static org.mamute.sanitizer.HtmlSanitizer.ALLOWED_ELEMENTS_KEY;
+import static java.util.regex.Pattern.compile;
 
-import java.util.ArrayList;
-import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import javax.enterprise.inject.Vetoed;
 
-import br.com.caelum.vraptor.environment.Environment;
+import org.owasp.html.HtmlPolicyBuilder;
+import org.owasp.html.HtmlPolicyBuilder.AttributeBuilder;
 
 @Vetoed
 public class HtmlElement {
 
-	static final String COMMA = "(\\s)?+,(\\s)?+";
 	private String element;
 	private Map<String, String> attributesAndWhitelist;
 
-	public static List<HtmlElement> using(Environment environment) {
-		String[] allowed = environment.get(ALLOWED_ELEMENTS_KEY).split(COMMA);
-		List<HtmlElement> elements = new ArrayList<>();
-		for (String element: allowed) {
-			elements.add(new HtmlElement(element, HtmlAttribute.using(element, environment)));
-		}
-		return elements;
-	}
-
-	private HtmlElement(String element, Map<String, String> attributesAndWhitelist) {
+	HtmlElement(String element, Map<String, String> attributesAndWhitelist) {
 		this.element = element;
 		this.attributesAndWhitelist = attributesAndWhitelist;
 	}
 
-	
 	public String getElement() {
 		return element;
 	}
 
-	public Map<String, String> getAttributesAndWhitelist() {
-		return attributesAndWhitelist;
+	public void configure(HtmlPolicyBuilder policyBuilder) {
+		String elementName = getElement();
+		policyBuilder.allowElements(elementName);
+		
+		Set<String> allowedAttributes = attributesAndWhitelist.keySet();
+		AttributeBuilder attributesBuilder = policyBuilder.allowAttributes(allowedAttributes.toArray(new String[]{}));
+
+		for (String attribute : allowedAttributes) {
+			String regex = attributesAndWhitelist.get(attribute);
+			if(regex != null){
+				attributesBuilder.matching(compile(regex));
+				continue;
+			}
+		}
+		attributesBuilder.onElements(elementName);
+
+		
 	}
 
 }
diff --git a/src/main/java/org/mamute/sanitizer/HtmlElementsBuilder.java b/src/main/java/org/mamute/sanitizer/HtmlElementsBuilder.java
@@ -0,0 +1,39 @@
+package org.mamute.sanitizer;
+
+import static org.mamute.sanitizer.HtmlSanitizer.ALLOWED_ELEMENTS_KEY;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import br.com.caelum.vraptor.environment.Environment;
+
+public class HtmlElementsBuilder {
+	static final String COMMA = "(\\s)?+,(\\s)?+";
+	private Environment env;
+	private HtmlAttributesBuilder builder;
+
+	/**
+	 * @deprecated CDI eyes only
+	 */
+	public HtmlElementsBuilder() {
+	}
+	
+	@Inject
+	public HtmlElementsBuilder(Environment env, HtmlAttributesBuilder builder) {
+		this.env = env;
+		this.builder = builder;
+	}
+	
+	public List<HtmlElement> build() {
+		String[] allowed = env.get(ALLOWED_ELEMENTS_KEY).split(COMMA);
+		List<HtmlElement> elements = new ArrayList<>();
+		for (String element: allowed) {
+			elements.add(new HtmlElement(element, builder.build(element)));
+		}
+		return elements;
+	}
+
+	
+}
diff --git a/src/main/java/org/mamute/sanitizer/HtmlSanitizer.java b/src/main/java/org/mamute/sanitizer/HtmlSanitizer.java
@@ -1,31 +1,20 @@
 package org.mamute.sanitizer;
 
-import static java.util.regex.Pattern.compile;
 import static org.mamute.model.SanitizedText.fromTrustedText;
 
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import javax.annotation.PostConstruct;
 import javax.enterprise.context.ApplicationScoped;
 import javax.inject.Inject;
 
 import org.mamute.model.SanitizedText;
-import org.owasp.html.HtmlPolicyBuilder;
-import org.owasp.html.HtmlPolicyBuilder.AttributeBuilder;
 import org.owasp.html.PolicyFactory;
 
-import br.com.caelum.vraptor.environment.Environment;
-
 @ApplicationScoped
 public class HtmlSanitizer {
 
 	static final String ALLOWED_ELEMENTS_KEY = "sanitizer.allowed_elements";
 	static final String ALLOWED_ATTRIBUTES_KEY_PREFIX = "sanitizer.allowed_attributes.";
 	static final String ALLOWED_ATTRIBUTES_WHITELIST_KEY_SUFIX = ".whitelist.";
 	
-	private Environment env;
 	private PolicyFactory policy;
 
 	/**
@@ -35,40 +24,11 @@ protected HtmlSanitizer() {
 	}
 
 	@Inject
-	public HtmlSanitizer(Environment env) {
-		this.env = env;
+	public HtmlSanitizer(PolicyFactory policy) {
+		this.policy = policy;
 	}
 	
-	@PostConstruct
-	public void setUp(){
-		List<HtmlElement> allowedElements = HtmlElement.using(env);
-		HtmlPolicyBuilder builder = new HtmlPolicyBuilder();
-		for (HtmlElement htmlElement : allowedElements) {
-			String elementName = htmlElement.getElement();
-			builder.allowElements(elementName);
-			
-			Map<String, String> attributesAndWhitelist = htmlElement.getAttributesAndWhitelist();
-			Set<String> allowedAttributes = attributesAndWhitelist.keySet();
-			
-			AttributeBuilder attributesBuilder = builder.allowAttributes(allowedAttributes.toArray(new String[]{}));
-
-			for (String attribute : allowedAttributes) {
-				String regex = attributesAndWhitelist.get(attribute);
-				if(regex != null){
-					attributesBuilder.matching(compile(regex));
-					continue;
-				}
-			}
-			attributesBuilder.onElements(elementName);
-			
-		}
-		policy = builder
-			.allowUrlProtocols("https", "http")
-		    .requireRelNofollowOnLinks()
-		    .toFactory();
-	}
-
 	public SanitizedText sanitize(String html){
-		return html == null ? null: fromTrustedText(policy.sanitize(html));
+		return html == null ? null : fromTrustedText(policy.sanitize(html));
 	}
 }
diff --git a/src/main/java/org/mamute/sanitizer/MamutePolicyProducer.java b/src/main/java/org/mamute/sanitizer/MamutePolicyProducer.java
@@ -0,0 +1,48 @@
+package org.mamute.sanitizer;
+
+import java.util.List;
+
+import javax.annotation.PostConstruct;
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Produces;
+import javax.inject.Inject;
+
+import org.owasp.html.HtmlPolicyBuilder;
+import org.owasp.html.PolicyFactory;
+
+@ApplicationScoped
+public class MamutePolicyProducer {
+
+	private HtmlElementsBuilder builder;
+	private PolicyFactory policy;
+
+	/**
+	 * @deprecated CDI eyes only
+	 */
+	public MamutePolicyProducer() {
+	}
+	
+	@Inject
+	public MamutePolicyProducer(HtmlElementsBuilder builder) {
+		this.builder = builder;
+	}
+
+	@PostConstruct
+	public void setUp(){
+		List<HtmlElement> allowedElements = builder.build();
+		HtmlPolicyBuilder policyBuilder = new HtmlPolicyBuilder();
+		for (HtmlElement htmlElement : allowedElements) {
+			htmlElement.configure(policyBuilder);
+		}
+		policy = policyBuilder
+			.allowUrlProtocols("https", "http")
+		    .requireRelNofollowOnLinks()
+		    .toFactory();
+	
+	}
+
+	@Produces
+	public PolicyFactory getInstance(){
+		return policy;
+	}
+}
diff --git a/src/test/java/org/mamute/sanitizer/HtmlSanitizerTest.java b/src/test/java/org/mamute/sanitizer/HtmlSanitizerTest.java
@@ -12,6 +12,7 @@
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.runners.MockitoJUnitRunner;
+import org.owasp.html.PolicyFactory;
 
 import br.com.caelum.vraptor.environment.Environment;
 
@@ -30,8 +31,11 @@ public void setUp(){
 		envReturns(ALLOWED_ATTRIBUTES_KEY_PREFIX+"iframe", "src, width, height, scrolling, frameborder");
 		envReturns(ALLOWED_ATTRIBUTES_KEY_PREFIX+"iframe"+ALLOWED_ATTRIBUTES_WHITELIST_KEY_SUFIX+"href", ".*soundcloud.com\\/tracks\\/.*|.*youtube.com\\/embed\\/.*|.*//player.vimeo.com\\/video\\/.*");
 
-		htmlSanitizer = new HtmlSanitizer(env);
-		htmlSanitizer.setUp();
+		MamutePolicyProducer mamutePolicyProducer = new MamutePolicyProducer(new HtmlElementsBuilder(env, new HtmlAttributesBuilder(env)));
+		mamutePolicyProducer.setUp();
+		PolicyFactory policy = mamutePolicyProducer.getInstance();
+
+		htmlSanitizer = new HtmlSanitizer(policy);
 	}
 
 	@Test 
