Merge pull request #104 from asebastian/escape-fixes

Escape fixes + specs
sensu · Aug 31, 2013 · 4823ccb · 4823ccb
2 parents de9594f + 69bb267
commit 4823ccb
Show file tree

Hide file tree

Showing 13 changed files with 101 additions and 29 deletions.
diff --git a/Gemfile b/Gemfile
@@ -49,11 +49,12 @@ gem 'thin', :group => :development
 
 #testing
 group :test, :development do
-  gem "fake_sensu", "0.1.2"
+  gem "fake_sensu", "0.1.3"
   gem "rspec-rails"
   gem "factory_girl_rails"
   gem "capybara"
   gem "poltergeist"
+  gem "launchy"
 end
 
 group :test do

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -28,6 +28,7 @@ GEM
     activesupport (3.2.14)
       i18n (~> 0.6, >= 0.6.4)
       multi_json (~> 1.0)
+    addressable (2.3.5)
     arel (3.0.2)
     bcrypt-ruby (3.1.1)
     bootstrap-sass (2.1.1.0)
@@ -65,7 +66,7 @@ GEM
     factory_girl_rails (4.2.1)
       factory_girl (~> 4.2.0)
       railties (>= 3.0.0)
-    fake_sensu (0.1.2)
+    fake_sensu (0.1.3)
       rest-client
       sinatra
       thin
@@ -94,6 +95,8 @@ GEM
       thor (>= 0.14, < 2.0)
     json (1.8.0)
     kgio (2.8.0)
+    launchy (2.3.0)
+      addressable (~> 2.3)
     libv8 (3.11.8.17)
     mail (2.5.4)
       mime-types (~> 1.16)
@@ -208,13 +211,14 @@ DEPENDENCIES
   coffee-rails (~> 3.2.1)
   devise
   factory_girl_rails
-  fake_sensu (= 0.1.2)
+  fake_sensu (= 0.1.3)
   font-awesome-sass-rails
   formtastic
   haml-rails
   jquery-datatables-rails
   jquery-rails
   json
+  launchy
   mysql2 (~> 0.3.11)
   poltergeist
   rails (= 3.2.14)

diff --git a/app/assets/javascripts/events.js.coffee b/app/assets/javascripts/events.js.coffee
@@ -7,6 +7,10 @@ $ ->
   $('div.modal').attr("tabindex", "-1")
 
   if $('#primary_events_table').length > 0
+
+    escapeString = (str)->
+      str.replace(/([ #;?&,.+*~\':"!^$[\]()=>|\/@])/g,'\\$1')
+
     updateEventTable = ()->
       $('#updating_event_list').show()
       $('#primary_events_table').dataTable().fnReloadAjax()
@@ -18,7 +22,7 @@ $ ->
 
     runPermanentHooks = ()->
       $(document).on 'keydown', '.silence-input', ->
-        misc = $(this).attr("misc")
+        misc = escapeString($(this).attr("misc"))
         $('#no_input_' + $(this).attr("misc")).hide()
         if $(this).val().length >= $(this).data("min")
           $('[control="silence_submit_' + misc + '"]').addClass('btn-success').removeClass('btn-inverse')
@@ -70,7 +74,7 @@ $ ->
               alert("Could not get modal info")
 
       $(document).on 'click', '.silence-submit-event', ->
-        misc = $(this).attr("misc")
+        misc = escapeString($(this).attr("misc"))
         if $('#text_input_' + misc).val().length < $('#text_input_' + misc).data("min")
           alert('Comment must be at least ' + $('#text_input_' + misc).data("min") + ' characters long')
           return false
@@ -84,7 +88,7 @@ $ ->
               alert(data)
 
       $(document).on 'click', '.unsilence-submit-event', ->
-        misc = $(this).attr("misc")
+        misc = escapeString($(this).attr("misc"))
         $.post $(this).attr("rel"),
           (data) ->
             if data

diff --git a/app/views/downtimes/_form.html.haml b/app/views/downtimes/_form.html.haml
@@ -63,9 +63,9 @@
               %td.toggle_box= client.subscriptions.join(',')[0..100]
               %td.check_box{:filter => "false"}
                 - if client_checked
-                  %input{:name => 'downtime[client_ids][]', :value => "#{client.name}", :type => "checkbox", :checked => "true"}
+                  %input{:name => 'downtime[client_ids][]', :value => "#{client.name}", :id => "#{client.name}", :type => "checkbox", :checked => "true"}
                 -else
-                  %input{:name => 'downtime[client_ids][]', :value => "#{client.name}", :type => "checkbox"}
+                  %input{:name => 'downtime[client_ids][]', :value => "#{client.name}", :id => "#{client.name}", :type => "checkbox"}
       %br
       %br
       %h3 Checks 

diff --git a/app/views/events/_actions.html.haml b/app/views/events/_actions.html.haml
@@ -1,6 +1,6 @@
 %td{:rel => "#{event.client}_popup_info", :title => "Check Silence", 'data-content' => silenced_output(check_silenced, client_silenced)}
   %div.btn-group
-    %button.btn.btn-info.dropdown-toggle{:id => "dropdown_toggle_#{i}", 'data-toggle' => 'dropdown'}
+    %button.btn.btn-info.dropdown-toggle{:id => "#{event.client}_#{event.check}", 'data-toggle' => 'dropdown'}
       %div{:style => "width: 25px"}
         %div{:style => "float: left;"}
           - display_silenced(event, i, client_silenced, check_silenced)

diff --git a/spec/features/client_features_spec.rb b/spec/features/client_features_spec.rb
@@ -29,7 +29,7 @@
   end
 
   it "should show a client time" do
-    page.should have_content time_ago_in_words(Time.at(1377890282))
+    page.should have_content time_ago_in_words(Time.at(1377979075))
   end
 
 end
diff --git a/spec/features/downtimes_features_spec.rb b/spec/features/downtimes_features_spec.rb
@@ -28,7 +28,7 @@
     t2 = Time.at(time_now.to_i/(15*60)*(15*60)) + 13.hours
     fill_in "downtime[begin_time]", :with => t1.strftime("%-l:%M%P")
     fill_in "downtime[end_time]", :with => t2.strftime("%-l:%M%P")
-    check "downtime[client_ids][]"
+    check "www.fqdn.com"
     click_button "Create Downtime"
     page.should have_content "Test Downtime"
     page.should have_content "This is a test description"

diff --git a/spec/features/events_features_spec.rb b/spec/features/events_features_spec.rb
@@ -35,22 +35,87 @@
     end
 
     it "should show time since issued for an event", :js => true do
-      page.should have_content time_ago_in_words(Time.at(1377890282))
+      page.should have_content time_ago_in_words(Time.at(1377979235))
     end
 
-    it "should allow a check to be silenced", :js => true do
-      page.find("#dropdown_toggle_0").click
-      page.find("#silence_check_0").click
+    it "should allow a check with fqdn in client name to be silenced", :js => true do
+      page.find(:xpath, "//button[@id='www.fqdn.com_test']").click
+      page.find(:xpath, "//a[@class='silence-check'][@misc='www.fqdn.com_test']").click
+      page.should have_css ".modal-footer"
+      within ".modal-body" do
+        fill_in "text_input_www.fqdn.com_test", :with => "test comment..."
+      end
+      within ".modal-footer" do
+        page.should have_css ".silence-submit-event"
+        find(:xpath, "//a[@control='silence_submit_www.fqdn.com_test']").click
+      end
+      visit "/events"
+      page.find(:xpath, "//button[@id='www.fqdn.com_test']").click
+      page.find(:xpath, "//i[@class='icon-volume-off']")
       reset_fake_sensu!
+      Stash.refresh_cache
     end
 
-    it "should allow a check to be unsilenced", :js => true do
-      page.find("#dropdown_toggle_0").click
-      page.find("#silence_check_0").click
-      visit '/events'
-      page.find("#dropdown_toggle_0").click
-      page.find("#silence_check_0").click
+    it "should allow a check with fqdn in client name to be unsilenced", :js => true do
+      page.find(:xpath, "//button[@id='www.fqdn.com_test']").click
+      page.find(:xpath, "//a[@class='silence-check'][@misc='www.fqdn.com_test']").click
+      page.should have_css ".modal-footer"
+      within ".modal-body" do
+        fill_in "text_input_www.fqdn.com_test", :with => "test comment..."
+      end
+      within ".modal-footer" do
+        page.should have_css ".silence-submit-event"
+        find(:xpath, "//a[@control='silence_submit_www.fqdn.com_test']").click
+      end
+      visit "/events"
+      page.find(:xpath, "//button[@id='www.fqdn.com_test']").click
+      page.find(:xpath, "//a[@class='unsilence-submit-event'][@misc='www.fqdn.com_test']").click
+      visit "/events"
+      page.find(:xpath, "//button[@id='www.fqdn.com_test']").click
+      page.find(:xpath, "//a[@class='silence-check'][@misc='www.fqdn.com_test']").click
+      reset_fake_sensu!
+      Stash.refresh_cache
+    end
+
+    it "should allow a client with an fqdn client-name to be silenced", :js => true do
+      page.find(:xpath, "//button[@id='www.fqdn.com_test']").click
+      page.find(:xpath, "//a[@class='silence-client'][@misc='www.fqdn.com_test']").click
+      page.should have_css ".modal-footer"
+      within ".modal-body" do
+        fill_in "text_input_www.fqdn.com", :with => "test comment..."
+      end
+      within ".modal-footer" do
+        page.should have_css ".silence-submit-event"
+        find(:xpath, "//a[@control='silence_submit_www.fqdn.com']").click
+      end
+      visit "/events"
+      silenced_events = page.all(:xpath, "//i[@class='icon-volume-off']").count
+      silenced_events.should eq 2
+      reset_fake_sensu!
+      Stash.refresh_cache
+    end
+
+    it "should allow a client with an fqdn client-name to be unsilenced", :js => true do
+      page.find(:xpath, "//button[@id='www.fqdn.com_test']").click
+      page.find(:xpath, "//a[@class='silence-client'][@misc='www.fqdn.com_test']").click
+      page.should have_css ".modal-footer"
+      within ".modal-body" do
+        fill_in "text_input_www.fqdn.com", :with => "test comment..."
+      end
+      within ".modal-footer" do
+        page.should have_css ".silence-submit-event"
+        find(:xpath, "//a[@control='silence_submit_www.fqdn.com']").click
+      end
+      visit "/events"
+      silenced_events = page.all(:xpath, "//i[@class='icon-volume-off']").count
+      silenced_events.should eq 2
+      page.find(:xpath, "//button[@id='www.fqdn.com_test']").click
+      page.find(:xpath, "//a[@class='unsilence-submit-event'][@misc='www.fqdn.com_test']").click
+      visit "/events"
+      silenced_events = page.all(:xpath, "//i[@class='icon-volume-off']").count
+      silenced_events.should eq 0
       reset_fake_sensu!
+      Stash.refresh_cache
     end
   end
 

diff --git a/spec/features/stashes_features_spec.rb b/spec/features/stashes_features_spec.rb
@@ -34,6 +34,7 @@
     page.should have_selector("#silence-i-424242-tokens", :text => "Delete")
     find("#silence-i-424242-tokens", :text => "Delete").click
     page.should_not have_selector("#silence-i-424242-tokens", :text => "Delete")
+    reset_fake_sensu
   end
 
 end
diff --git a/spec/features/stats_features_spec.rb b/spec/features/stats_features_spec.rb
@@ -39,7 +39,7 @@
 
   it "should show events by environment" do
     within("#events-by-environment") do
-      page.should have_content "1"
+      page.should have_content "4"
     end
   end
 

diff --git a/spec/unit/client_spec.rb b/spec/unit/client_spec.rb
@@ -4,14 +4,14 @@
 
   it "should return all clients through cache" do
     clients = Client.all_with_cache
-    clients.count.should eq 1
+    clients.count.should eq 2
   end
 
   it "should return all clients as a hash" do
     clients_hash = Client.full_hash
     clients_hash.should be_a Hash
     clients_hash.should_not be_empty
-    clients_hash.count.should eq 1
+    clients_hash.count.should eq 2
   end
 
 end
diff --git a/spec/unit/event_spec.rb b/spec/unit/event_spec.rb
@@ -8,12 +8,12 @@
 
   it "should return all checks through cache" do
     events = Event.all_with_cache
-    events.count.should eq 1
+    events.count.should eq 4
   end
 
   it "should resolve an event" do
     events = Event.all
-    events.count.should eq 1
+    events.count.should eq 4
     event = events[rand(events.length)]
     event.resolve.should be_true
     # TODO: would be nice if fake_sensu would delete, then switch back after one

diff --git a/spec/unit/stash_spec.rb b/spec/unit/stash_spec.rb
@@ -4,9 +4,6 @@
 
   before :each do
     load "#{Rails.root}/db/seeds.rb"
-    # user = FactoryGirl.create(:user)
-    # user.add_role :admin
-    # sign_in_user(user)
   end
 
   it "should return all stashes raw" do