Merge remote-tracking branch 'origin/MC-7811' into 2.2-develop-pr116

Author: StasKozar

app/code/Magento/Catalog/Test/Mftf/Data/ProductData.xml

@@ -345,4 +345,9 @@
         <data key="quantity">0</data>
         <requiredEntity type="custom_attribute_array">CustomAttributeCategoryIds</requiredEntity>
     </entity>
+    <entity name="ProductFileOptionWithScriptTag" type="product">
+        <var key="sku" entityType="product" entityKey="sku"/>
+        <data key="file">&lt;img src=x onerror='alert("XSS without &lt;script&gt;&lt;:script&gt; tags...")'&gt;.png</data>
+        <requiredEntity type="product_option">ProductOptionFile</requiredEntity>
+    </entity>
 </entities>

app/code/Magento/Catalog/Test/Mftf/Test/StorefrontVerifyCannotLoadFileWithIncorrectNameThroughCustomOptionsTest.xml

@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
+    <test name="StorefrontVerifyCannotLoadFileWithIncorrectNameThroughCustomOptionsTest">
+        <annotations>
+            <features value="Catalog"/>
+            <stories value="Custom options"/>
+            <title value="Verify cannot load file with incorrect name through Custom options"/>
+            <description value="Verify cannot load file with incorrect name through Custom options"/>
+            <severity value="CRITICAL"/>
+            <testCaseId value="MC-7811"/>
+            <group value="catalog"/>
+        </annotations>
+        <before>
+            <!-- Create customer -->
+            <createData entity="Simple_US_Customer" stepKey="createCustomer"/>
+            <!-- Create category -->
+            <createData entity="_defaultCategory" stepKey="createCategory"/>
+            <!-- Create simple product -->
+            <createData entity="_defaultProduct" stepKey="createProduct">
+                <requiredEntity createDataKey="createCategory"/>
+            </createData>
+            <!-- Add file upload custom option to the product -->
+            <updateData createDataKey="createProduct" entity="ProductFileOptionWithScriptTag" stepKey="updateProductWithOption"/>
+            <actionGroup ref="StorefrontCustomerLogoutActionGroup" stepKey="logoutCustomer"/>
+        </before>
+        <after>
+            <!-- Delete product -->
+            <deleteData createDataKey="createProduct" stepKey="deleteSimpleProduct"/>
+            <!-- Delete category -->
+            <deleteData createDataKey="createCategory" stepKey="deleteCategory"/>
+            <!-- Delete customer -->
+            <deleteData createDataKey="createCustomer" stepKey="deleteCustomer"/>
+            <actionGroup ref="StorefrontCustomerLogoutActionGroup" stepKey="logoutCustomer"/>
+        </after>
+
+        <!-- Login to storefront -->
+        <actionGroup ref="LoginToStorefrontActionGroup" stepKey="loginAsCustomer">
+            <argument name="Customer" value="$$createCustomer$$"/>
+        </actionGroup>
+
+        <!-- Open product page -->
+        <actionGroup ref="OpenStoreFrontProductPageActionGroup" stepKey="openProductPage">
+            <argument name="productUrlKey" value="$$createProduct.custom_attributes[url_key]$$"/>
+        </actionGroup>
+
+        <!-- Upload file -->
+        <actionGroup ref="StorefrontAttachOptionFileActionGroup" stepKey="selectAndAttachFile">
+            <argument name="optionTitle" value="{{ProductOptionFile.title}}"/>
+            <argument name="file" value="ProductFileOptionWithScriptTag.file"/>
+        </actionGroup>
+
+        <!-- Add product to cart -->
+        <click selector="{{StorefrontProductInfoMainSection.AddToCart}}" stepKey="clickAddToCartButton"/>
+        <waitForPageLoad stepKey="waitForProductAddToCart"/>
+
+        <!-- Assert alert message -->
+        <waitForElementVisible selector="{{StorefrontProductPageSection.alertMessage}}" stepKey="waitForElementVisible"/>
+        <see selector="{{StorefrontProductPageSection.alertMessage}}" userInput="The file is empty. Please choose another one" stepKey="seeAlertMessage"/>
+
+        <!-- Assert cart is empty -->
+        <actionGroup ref="AssertMiniCartEmpty" stepKey="assertMiniCartEmpty"/>
+    </test>
+</tests>

app/code/Magento/Checkout/Test/Mftf/ActionGroup/StorefrontAttachOptionFileActionGroup.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
+    <actionGroup name="StorefrontAttachOptionFileActionGroup">
+        <annotations>
+            <description>Attaches the provided File to the provided Product Option on a Storefront Product page.</description>
+        </annotations>
+        <arguments>
+            <argument name="optionTitle" type="string"/>
+            <argument name="file" defaultValue="MagentoLogo.file" />
+        </arguments>
+        
+        <attachFile selector="{{StorefrontProductInfoMainSection.addLinkFileUploadFile(optionTitle)}}" userInput="{{file}}" stepKey="attachFile"/>
+    </actionGroup>
+</actionGroups>

app/code/Magento/Checkout/Test/Mftf/ActionGroup/StorefrontMiniCartActionGroup.xml

@@ -39,6 +39,10 @@
 
     <!--Check that the minicart is empty-->
     <actionGroup name="AssertMiniCartEmpty">
+        <annotations>
+            <description>Validates that the provided Product Count appears in the Storefront Header next to the Shopping Cart icon. Clicks on the Mini Shopping Cart icon. Validates that the 'No Items' message is present and correct in the Storefront Mini Shopping Cart.</description>
+        </annotations>
+
         <dontSeeElement selector="{{StorefrontMinicartSection.productCount}}" stepKey="dontSeeMinicartProductCount"/>
         <click selector="{{StorefrontMinicartSection.showCart}}" stepKey="expandMinicart"/>
         <see selector="{{StorefrontMinicartSection.minicartContent}}" userInput="You have no items in your shopping cart." stepKey="seeEmptyCartMessage"/>