Skip to content

Commit 6e9ad0a

Browse files
committed
Merge remote-tracking branch 'origin/MC-7811' into 2.2-develop-pr116
2 parents b08962c + afd3637 commit 6e9ad0a

File tree

5 files changed

+102
-0
lines changed

5 files changed

+102
-0
lines changed

app/code/Magento/Catalog/Test/Mftf/Data/ProductData.xml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -345,4 +345,9 @@
345345
<data key="quantity">0</data>
346346
<requiredEntity type="custom_attribute_array">CustomAttributeCategoryIds</requiredEntity>
347347
</entity>
348+
<entity name="ProductFileOptionWithScriptTag" type="product">
349+
<var key="sku" entityType="product" entityKey="sku"/>
350+
<data key="file">&lt;img src=x onerror='alert("XSS without &lt;script&gt;&lt;:script&gt; tags...")'&gt;.png</data>
351+
<requiredEntity type="product_option">ProductOptionFile</requiredEntity>
352+
</entity>
348353
</entities>
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
/**
4+
* Copyright © Magento, Inc. All rights reserved.
5+
* See COPYING.txt for license details.
6+
*/
7+
-->
8+
9+
<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
10+
xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
11+
<test name="StorefrontVerifyCannotLoadFileWithIncorrectNameThroughCustomOptionsTest">
12+
<annotations>
13+
<features value="Catalog"/>
14+
<stories value="Custom options"/>
15+
<title value="Verify cannot load file with incorrect name through Custom options"/>
16+
<description value="Verify cannot load file with incorrect name through Custom options"/>
17+
<severity value="CRITICAL"/>
18+
<testCaseId value="MC-7811"/>
19+
<group value="catalog"/>
20+
</annotations>
21+
<before>
22+
<!-- Create customer -->
23+
<createData entity="Simple_US_Customer" stepKey="createCustomer"/>
24+
<!-- Create category -->
25+
<createData entity="_defaultCategory" stepKey="createCategory"/>
26+
<!-- Create simple product -->
27+
<createData entity="_defaultProduct" stepKey="createProduct">
28+
<requiredEntity createDataKey="createCategory"/>
29+
</createData>
30+
<!-- Add file upload custom option to the product -->
31+
<updateData createDataKey="createProduct" entity="ProductFileOptionWithScriptTag" stepKey="updateProductWithOption"/>
32+
<actionGroup ref="StorefrontCustomerLogoutActionGroup" stepKey="logoutCustomer"/>
33+
</before>
34+
<after>
35+
<!-- Delete product -->
36+
<deleteData createDataKey="createProduct" stepKey="deleteSimpleProduct"/>
37+
<!-- Delete category -->
38+
<deleteData createDataKey="createCategory" stepKey="deleteCategory"/>
39+
<!-- Delete customer -->
40+
<deleteData createDataKey="createCustomer" stepKey="deleteCustomer"/>
41+
<actionGroup ref="StorefrontCustomerLogoutActionGroup" stepKey="logoutCustomer"/>
42+
</after>
43+
44+
<!-- Login to storefront -->
45+
<actionGroup ref="LoginToStorefrontActionGroup" stepKey="loginAsCustomer">
46+
<argument name="Customer" value="$$createCustomer$$"/>
47+
</actionGroup>
48+
49+
<!-- Open product page -->
50+
<actionGroup ref="OpenStoreFrontProductPageActionGroup" stepKey="openProductPage">
51+
<argument name="productUrlKey" value="$$createProduct.custom_attributes[url_key]$$"/>
52+
</actionGroup>
53+
54+
<!-- Upload file -->
55+
<actionGroup ref="StorefrontAttachOptionFileActionGroup" stepKey="selectAndAttachFile">
56+
<argument name="optionTitle" value="{{ProductOptionFile.title}}"/>
57+
<argument name="file" value="ProductFileOptionWithScriptTag.file"/>
58+
</actionGroup>
59+
60+
<!-- Add product to cart -->
61+
<click selector="{{StorefrontProductInfoMainSection.AddToCart}}" stepKey="clickAddToCartButton"/>
62+
<waitForPageLoad stepKey="waitForProductAddToCart"/>
63+
64+
<!-- Assert alert message -->
65+
<waitForElementVisible selector="{{StorefrontProductPageSection.alertMessage}}" stepKey="waitForElementVisible"/>
66+
<see selector="{{StorefrontProductPageSection.alertMessage}}" userInput="The file is empty. Please choose another one" stepKey="seeAlertMessage"/>
67+
68+
<!-- Assert cart is empty -->
69+
<actionGroup ref="AssertMiniCartEmpty" stepKey="assertMiniCartEmpty"/>
70+
</test>
71+
</tests>
Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
/**
4+
* Copyright © Magento, Inc. All rights reserved.
5+
* See COPYING.txt for license details.
6+
*/
7+
-->
8+
9+
<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
10+
xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
11+
<actionGroup name="StorefrontAttachOptionFileActionGroup">
12+
<annotations>
13+
<description>Attaches the provided File to the provided Product Option on a Storefront Product page.</description>
14+
</annotations>
15+
<arguments>
16+
<argument name="optionTitle" type="string"/>
17+
<argument name="file" defaultValue="MagentoLogo.file" />
18+
</arguments>
19+
20+
<attachFile selector="{{StorefrontProductInfoMainSection.addLinkFileUploadFile(optionTitle)}}" userInput="{{file}}" stepKey="attachFile"/>
21+
</actionGroup>
22+
</actionGroups>

app/code/Magento/Checkout/Test/Mftf/ActionGroup/StorefrontMiniCartActionGroup.xml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,10 @@
3939

4040
<!--Check that the minicart is empty-->
4141
<actionGroup name="AssertMiniCartEmpty">
42+
<annotations>
43+
<description>Validates that the provided Product Count appears in the Storefront Header next to the Shopping Cart icon. Clicks on the Mini Shopping Cart icon. Validates that the 'No Items' message is present and correct in the Storefront Mini Shopping Cart.</description>
44+
</annotations>
45+
4246
<dontSeeElement selector="{{StorefrontMinicartSection.productCount}}" stepKey="dontSeeMinicartProductCount"/>
4347
<click selector="{{StorefrontMinicartSection.showCart}}" stepKey="expandMinicart"/>
4448
<see selector="{{StorefrontMinicartSection.minicartContent}}" userInput="You have no items in your shopping cart." stepKey="seeEmptyCartMessage"/>

dev/tests/acceptance/tests/_data/<img src=x onerror='alert("XSS without <script><:script> tags...")'>.png

Loading

0 commit comments

Comments
 (0)