From fbd62e0fd53cf2ffe51ae5f676e574a54640c344 Mon Sep 17 00:00:00 2001
From: Rene Pfeuffer <rene.pfeuffer@cloudogu.com>
Date: Thu, 1 Nov 2018 10:21:39 +0100
Subject: [PATCH] Verify that valid diff formats are accepted

---
 .../api/v2/resources/DiffRootResource.java    |  6 +++-
 .../api/v2/resources/DiffResourceTest.java    | 33 +++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/DiffRootResource.java b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/DiffRootResource.java
index 9687fef817..dbbad2c076 100644
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/DiffRootResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/DiffRootResource.java
@@ -12,6 +12,7 @@ import sonia.scm.util.HttpUtil;
 import sonia.scm.web.VndMediaType;
 
 import javax.inject.Inject;
+import javax.validation.constraints.Pattern;
 import javax.ws.rs.DefaultValue;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
@@ -25,6 +26,9 @@ import javax.ws.rs.core.StreamingOutput;
 public class DiffRootResource {
 
   public static final String HEADER_CONTENT_DISPOSITION = "Content-Disposition";
+
+  private static final String DIFF_FORMAT_VALUES_REGEX = "NATIVE|GIT|UNIFIED";
+
   private final RepositoryServiceFactory serviceFactory;
 
   @Inject
@@ -53,7 +57,7 @@ public class DiffRootResource {
     @ResponseCode(code = 404, condition = "not found, no revision with the specified param for the repository available or repository not found"),
     @ResponseCode(code = 500, condition = "internal server error")
   })
-  public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision , @DefaultValue("NATIVE") @QueryParam("format") String format ){
+  public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision , @Pattern(regexp = DIFF_FORMAT_VALUES_REGEX) @DefaultValue("NATIVE") @QueryParam("format") String format ){
     HttpUtil.checkForCRLFInjection(revision);
     DiffFormat diffFormat = DiffFormat.valueOf(format);
     try (RepositoryService repositoryService = serviceFactory.create(new NamespaceAndName(namespace, name))) {
diff --git a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/DiffResourceTest.java b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/DiffResourceTest.java
index dc0b838cf6..8c508be9fd 100644
--- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/DiffResourceTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/DiffResourceTest.java
@@ -24,14 +24,17 @@ import sonia.scm.repository.Repository;
 import sonia.scm.repository.RepositoryNotFoundException;
 import sonia.scm.repository.RevisionNotFoundException;
 import sonia.scm.repository.api.DiffCommandBuilder;
+import sonia.scm.repository.api.DiffFormat;
 import sonia.scm.repository.api.RepositoryService;
 import sonia.scm.repository.api.RepositoryServiceFactory;
 import sonia.scm.web.VndMediaType;
 
 import java.net.URISyntaxException;
+import java.util.Arrays;
 
 import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.mock;
@@ -158,4 +161,34 @@ public class DiffResourceTest extends RepositoryTestBase {
     dispatcher.invoke(request, response);
     assertEquals(400, response.getStatus());
   }
+
+  @Test
+  public void shouldAcceptDiffFormats() throws Exception {
+    when(diffCommandBuilder.setRevision(anyString())).thenReturn(diffCommandBuilder);
+    when(diffCommandBuilder.setFormat(any())).thenReturn(diffCommandBuilder);
+    when(diffCommandBuilder.retriveContent(any())).thenReturn(diffCommandBuilder);
+
+    Arrays.stream(DiffFormat.values()).map(DiffFormat::name).forEach(
+      this::assertRequestOk
+    );
+  }
+
+  private void assertRequestOk(String format) {
+    MockHttpRequest request = null;
+    try {
+      request = MockHttpRequest
+        .get(DIFF_URL + "revision?format=" + format)
+        .accept(VndMediaType.DIFF);
+    } catch (URISyntaxException e) {
+      e.printStackTrace();
+      fail("got exception: " + e);
+    }
+    MockHttpResponse response = new MockHttpResponse();
+
+    dispatcher.invoke(request, response);
+
+    assertThat(response.getStatus())
+      .withFailMessage("diff format from DiffFormat enum must be accepted: " + format)
+      .isEqualTo(200);
+  }
 }