Skip to content

Commit

Permalink
properly escape XML
Browse files Browse the repository at this point in the history
  • Loading branch information
Henry Coles committed Sep 30, 2022
1 parent cccb78f commit 678c09a
Show file tree
Hide file tree
Showing 5 changed files with 34 additions and 9 deletions.
7 changes: 7 additions & 0 deletions pitest-entry/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,13 @@
<artifactId>asm-util</artifactId>
<version>${asm.version}</version>
</dependency>

<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>1.10.0</version>
</dependency>

<dependency>
<groupId>org.pitest</groupId>
<artifactId>pitest</artifactId>
Expand Down
6 changes: 3 additions & 3 deletions pitest-entry/src/main/java/org/pitest/coverage/export/DefaultCoverageExporter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@
import java.util.Collections;
import java.util.List;

import org.apache.commons.text.StringEscapeUtils;
import org.pitest.coverage.BlockCoverage;
import org.pitest.coverage.CoverageExporter;
import org.pitest.mutationtest.engine.Location;
import org.pitest.util.ResultOutputStrategy;
import org.pitest.util.StringUtil;
import org.pitest.util.Unchecked;

/**
Expand Down Expand Up @@ -48,14 +48,14 @@ private void writeLineCoverage(final BlockCoverage each, final Writer out) {
out,
"<block classname='" + l.getClassName().asJavaName() + "'"
+ " method='"
+ StringUtil.escapeBasicHtmlChars(l.getMethodName()) + StringUtil.escapeBasicHtmlChars(l.getMethodDesc())
+ StringEscapeUtils.escapeXml11(l.getMethodName()) + StringEscapeUtils.escapeXml11(l.getMethodDesc())
+ "' number='" + each.getBlock().getBlock()
+ "'>");
write(out, "<tests>\n");
final List<String> ts = new ArrayList<>(each.getTests());
Collections.sort(ts);
for (final String test : ts) {
write(out, "<test name='" + StringUtil.escapeBasicHtmlChars(test) + "'/>\n");
write(out, "<test name='" + StringEscapeUtils.escapeXml11(test) + "'/>\n");
}
write(out, "</tests>\n");
write(out, "</block>\n");
Expand Down
5 changes: 3 additions & 2 deletions pitest-entry/src/main/java/org/pitest/mutationtest/report/xml/XMLReportListener.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,13 @@
import java.util.Arrays;
import java.util.List;
import java.util.Optional;

import org.apache.commons.text.StringEscapeUtils;
import org.pitest.mutationtest.ClassMutationResults;
import org.pitest.mutationtest.MutationResult;
import org.pitest.mutationtest.MutationResultListener;
import org.pitest.mutationtest.engine.MutationDetails;
import org.pitest.util.ResultOutputStrategy;
import org.pitest.util.StringUtil;
import org.pitest.util.Unchecked;

enum Tag {
Expand Down Expand Up @@ -101,7 +102,7 @@ private String makeMutationNode(final MutationResult mutation) {
}

private String clean(final String value) {
return StringUtil.escapeBasicHtmlChars(value);
return StringEscapeUtils.escapeXml11(value);
}

private String makeNode(final String value, final String attributes,
Expand Down
21 changes: 19 additions & 2 deletions pitest-entry/src/test/java/org/pitest/coverage/export/DefaultCoverageExporterTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,9 +83,26 @@ public void shouldEscapeSpecialCharsInTestName() {

final String actual = this.out.toString();
assertThat(actual).contains(
"<tests>\n<test name='ParameterizedTest[case=&#39;Not so simple quotes&#39;]'/>\n</tests>");
"<tests>\n<test name='ParameterizedTest[case=&apos;Not so simple quotes&apos;]'/>\n</tests>");
assertThat(actual).contains(
"<tests>\n<test name='ParameterizedTest[case=\\0 Null-Byte]'/>\n</tests>");
"<tests>\n<test name='ParameterizedTest[case= Null-Byte]'/>\n</tests>");
}

@Test
public void escapesQuotesBackTicks() {
final LocationBuilder loc = aLocation().withMethod("method");
final BlockLocationBuilder block = aBlockLocation().withBlock(42);
final Collection<BlockCoverage> coverage = Arrays.asList(
new BlockCoverage(
block.withLocation(loc.withClass(ClassName.fromString("Foo"))).build(),
Collections.singletonList("`escape this ' quote`"))
);

testee.recordCoverage(coverage);

final String actual = this.out.toString();
assertThat(actual).contains(
"<tests>\n<test name='`escape this &apos; quote`'/>\n</tests>");
}

}
4 changes: 2 additions & 2 deletions pitest-entry/src/test/java/org/pitest/mutationtest/report/xml/XMLReportListenerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,15 +78,15 @@ public void shouldEscapeGTAndLTSymbols() {
final MutationResult mr = createdKilledMutationWithKillingTestOf("<foo>");
this.testee
.handleMutationResult(MutationTestResultMother.createClassResults(mr));
assertThat(this.out.toString()).contains("&#60;foo&#62;");
assertThat(this.out.toString()).contains("&lt;foo&gt;");
}

@Test
public void shouldEscapeNullBytes() {
final MutationResult mr = createdKilledMutationWithKillingTestOf("\0 Null-Byte");
this.testee
.handleMutationResult(MutationTestResultMother.createClassResults(mr));
assertThat(this.out.toString()).contains("\\0 Null-Byte");
assertThat(this.out.toString()).contains(" Null-Byte");
}

private MutationResult createdKilledMutationWithKillingTestOf(
Expand Down

0 comments on commit 678c09a

Please sign in to comment.