/**
* This Source Code Form is subject to the terms of the Mozilla Public License,
* v. 2.0. If a copy of the MPL was not distributed with this file, You can
* obtain one at http://mozilla.org/MPL/2.0/. OpenMRS is also distributed under
* the terms of the Healthcare Disclaimer located at http://openmrs.org/license.
*
* Copyright (C) OpenMRS Inc. OpenMRS is a registered trademark and the OpenMRS
* graphic logo is a trademark of OpenMRS Inc.
*/
package org.openmrs.serialization;
import java.beans.EventHandler;
import java.lang.reflect.Proxy;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.openmrs.OpenmrsObject;
import com.thoughtworks.xstream.XStreamException;
public class SimpleXStreamSerializerTest {
@Rule
public ExpectedException expectedException = ExpectedException.none();
/**
* @throws SerializationException
* @see org.openmrs.serialization.SimpleXStreamSerializer#serialize(Object)
*/
@Test
public void serialize_shouldSerializeObject() throws SerializationException {
OpenmrsSerializer serializer = new SimpleXStreamSerializer();
Foo foo = new Foo("test", 1);
List<String> list = new ArrayList<>();
list.add("foo");
list.add("bar");
Map<Integer, String> map = new HashMap<>();
map.put(1, "foo");
map.put(2, "fooBar");
map.put(3, "bar");
foo.setAttributeList(list);
foo.setAttributeMap(map);
String serializedFoo = serializer.serialize(foo);
Assert.assertTrue(StringUtils.deleteWhitespace(serializedFoo).equals(
StringUtils.deleteWhitespace("<org.openmrs.serialization.Foo>\n" + " <attributeString>test</attributeString>\n"
+ " <attributeInt>1</attributeInt>\n" + " <attributeList>\n" + " <string>foo</string>\n"
+ " <string>bar</string>\n" + " </attributeList>\n" + " <attributeMap>\n" + " <entry>\n"
+ " <int>1</int>\n" + " <string>foo</string>\n" + " </entry>\n" + " <entry>\n"
+ " <int>2</int>\n" + " <string>fooBar</string>\n" + " </entry>\n" + " <entry>\n"
+ " <int>3</int>\n" + " <string>bar</string>\n" + " </entry>\n" + " </attributeMap>\n"
+ " </org.openmrs.serialization.Foo>")));
}
/**
* @throws SerializationException
* @see org.openmrs.serialization.SimpleXStreamSerializer#serialize(Object)
*/
@Test
public void deserialize_shouldDeserializeStringToClassInstance() throws SerializationException {
String serializedFoo = "<org.openmrs.serialization.Foo>\n" + " <attributeString>Testing</attributeString>\n"
+ " <attributeInt>4</attributeInt>\n" + " <attributeList>\n" + " <string>fooBar</string>\n"
+ " <string>bar</string>\n" + " </attributeList>\n" + " <attributeMap>\n" + " <entry>\n"
+ " <int>10</int>\n" + " <string>foo</string>\n" + " </entry>\n" + " <entry>\n"
+ " <int>20</int>\n" + " <string>fooBar</string>\n" + " </entry>\n" + " <entry>\n"
+ " <int>30</int>\n" + " <string>bar</string>\n" + " </entry>\n" + " </attributeMap>\n"
+ "</org.openmrs.serialization.Foo>";
OpenmrsSerializer serializer = new SimpleXStreamSerializer();
Foo foo = serializer.deserialize(serializedFoo, Foo.class);
Assert.assertTrue(foo.getAttributeString().equals("Testing"));
Assert.assertTrue(foo.getAttributeInt() == 4);
List newList = foo.getAttributeList();
Assert.assertTrue(newList.size() == 2);
Assert.assertTrue(newList.get(0).equals("fooBar"));
Assert.assertTrue(newList.get(1).equals("bar"));
Map newMap = foo.getAttributeMap();
Assert.assertTrue(newMap.size() == 3);
Assert.assertTrue(newMap.get(10).equals("foo"));
Assert.assertTrue(newMap.get(20).equals("fooBar"));
Assert.assertTrue(newMap.get(30).equals("bar"));
}
/**
* @throws SerializationException
* @see SimpleXStreamSerializer#deserialize(String,Class)
*/
@Test
public void deserialize_shouldNotDeserializeProxies() throws SerializationException {
String serialized = "<dynamic-proxy>" + "<interface>org.openmrs.OpenmrsObject</interface>"
+ "<handler class=\"java.beans.EventHandler\">" + "<target class=\"java.lang.ProcessBuilder\">"
+ "<command>" + "<string>someApp</string>" + "</command></target>" + "<action>start</action>" + "</handler>"
+ "</dynamic-proxy>";
expectedException.expect(SerializationException.class);
new SimpleXStreamSerializer().deserialize(serialized, OpenmrsObject.class);
}
/**
* @throws SerializationException
* @see SimpleXStreamSerializer#deserialize(String,Class)
*/
@Test
public void deserialize_shouldIgnoreEntities() throws SerializationException {
String xml = "<!DOCTYPE ZSL [<!ENTITY xxe1 \"some attribute value\" >]>" + "<org.openmrs.serialization.Foo>"
+ "<attributeString>&xxe1;</attributeString>" + "</org.openmrs.serialization.Foo>";
expectedException.expect(SerializationException.class);
new SimpleXStreamSerializer().deserialize(xml, Foo.class);
}
/**
* @throws SerializationException
* @see SimpleXStreamSerializer#serialize(Object)
*/
@Test
public void serialize_shouldNotSerializeProxies() throws SerializationException {
EventHandler h = new EventHandler(new ProcessBuilder("someApp"), "start", null, null);
Object proxy = Proxy.newProxyInstance(this.getClass().getClassLoader(), new Class[] { OpenmrsObject.class }, h);
expectedException.expect(XStreamException.class);
new SimpleXStreamSerializer().serialize(proxy);
}
}