XCOMMONS-2830: Introduce a utility component to check if a string con…

…tains Velocity code

* Introduce an internal VelocityDetector role and a corresponding
  default implementation including a test.

xwiki-commons-core/xwiki-commons-velocity/src/main/java/org/xwiki/velocity/internal/util/DefaultVelocityDetector.java

@@ -0,0 +1,41 @@
+/*
+ * See the NOTICE file distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.xwiki.velocity.internal.util;
+
+import javax.inject.Singleton;
+
+import org.xwiki.component.annotation.Component;
+
+/**
+ * Default implementation of {@link VelocityDetector}.
+ *
+ * @version $Id$
+ * @since 15.9RC1
+ */
+@Component
+@Singleton
+public class DefaultVelocityDetector implements VelocityDetector
+{
+    @Override
+    public boolean containsVelocityScript(String input)
+    {
+        return input.contains("#") || input.contains("$");
+    }
+}

xwiki-commons-core/xwiki-commons-velocity/src/main/java/org/xwiki/velocity/internal/util/VelocityDetector.java

@@ -0,0 +1,40 @@
+/*
+ * See the NOTICE file distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.xwiki.velocity.internal.util;
+
+import org.xwiki.component.annotation.Role;
+
+/**
+ * Utility role to detect velocity scripts.
+ *
+ * @version $Id$
+ * @since 15.9RC1
+ */
+@Role
+public interface VelocityDetector
+{
+    /**
+     * Checks if a string contains a velocity script.
+     *
+     * @param input the string to check
+     * @return true if the string contains a velocity script, false otherwise
+     */
+    boolean containsVelocityScript(String input);
+}

xwiki-commons-core/xwiki-commons-velocity/src/main/resources/META-INF/components.txt

@@ -4,3 +4,4 @@ org.xwiki.velocity.internal.DefaultVelocityContextFactory
 org.xwiki.velocity.internal.DefaultVelocityManager
 org.xwiki.velocity.internal.InternalVelocityEngine
 org.xwiki.velocity.internal.ServicesVelocityContextInitializer
+org.xwiki.velocity.internal.util.DefaultVelocityDetector

xwiki-commons-core/xwiki-commons-velocity/src/test/java/org/xwiki/velocity/internal/util/DefaultVelocityDetectorTest.java

@@ -0,0 +1,52 @@
+/*
+ * See the NOTICE file distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.xwiki.velocity.internal.util;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+import org.xwiki.test.junit5.mockito.ComponentTest;
+import org.xwiki.test.junit5.mockito.InjectMockComponents;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+/**
+ * Tests for {@link DefaultVelocityDetector}.
+ *
+ * @version $Id$
+ */
+@ComponentTest
+class DefaultVelocityDetectorTest
+{
+    @InjectMockComponents
+    private DefaultVelocityDetector detector;
+
+    @ParameterizedTest
+    @CsvSource({
+        "true, #set($foo = 'bar')",
+        "true, Hello$foo",
+        "true, Hello #XWiki",
+        "false, Hello World",
+        "false, 42'foo'"
+    })
+    void containsVelocityScript(boolean isVelocity, String input)
+    {
+        assertEquals(isVelocity, this.detector.containsVelocityScript(input), input);
+    }
+}