Extend CpsPathQuerySpec for dangerous SQLi characters

Issue-ID: CPS-2781 Change-Id: Ic658028d0ed48c3345db218ab913732d7665e2c6 Signed-off-by: egernug <gerard.nugent@est.tech>
author: egernug <gerard.nugent@est.tech> 2025-04-30 10:16:40 +0100
committer: egernug <gerard.nugent@est.tech> 2025-05-01 15:36:07 +0100
commit: 3c8f96e18dc55b18b011db232fb7b2c751833d37 (patch)
tree: b3e085898ffea5144725e29baf3c661b2eff352e /cps-path-parser/src/test/groovy/org/onap
parent: 5ed5c84a47301755d078b7b10ed99cba3861d2de (diff)
1 files changed, 24 insertions, 12 deletions
diff --git a/cps-path-parser/src/test/groovy/org/onap/cps/cpspath/parser/CpsPathQuerySpec.groovy b/cps-path-parser/src/test/groovy/org/onap/cps/cpspath/parser/CpsPathQuerySpec.groovy
index b551080b40..5cf3fa2950 100644
--- a/cps-path-parser/src/test/groovy/org/onap/cps/cpspath/parser/CpsPathQuerySpec.groovy
+++ b/cps-path-parser/src/test/groovy/org/onap/cps/cpspath/parser/CpsPathQuerySpec.groovy
@@ -1,6 +1,6 @@
 /*
  *  ============LICENSE_START=======================================================
- *  Copyright (C) 2021-2024 Nordix Foundation
+ *  Copyright (C) 2021-2025 OpenInfra Foundation Europe. All rights reserved.
  *  Modifications Copyright (C) 2023 TechMahindra Ltd
  *  ================================================================================
  *  Licensed under the Apache License, Version 2.0 (the "License");
@@ -180,17 +180,29 @@ class CpsPathQuerySpec extends Specification {
         then: 'a CpsPathException is thrown'
             thrown(PathParsingException)
         where: 'the following data is used'
-            scenario                                 | cpsPath
-            'no / at the start'                      | 'invalid-cps-path/child'
-            'additional / after descendant option'   | '///cps-path'
-            'float value'                            | '/parent/child[@someFloat=5.0]'
-            'unmatched quotes, double quote first '  | '/parent/child[@someString="value with unmatched quotes\']'
-            'unmatched quotes, single quote first'   | '/parent/child[@someString=\'value with unmatched quotes"]'
-            'missing attribute value'                | '//child[@int-leaf=5 and @name]'
-            'incomplete ancestor value'              | '//books/ancestor::'
-            'invalid list element with missing ['    | '/parent-206/child-206/grand-child-206@key="A"]'
-            'invalid list element with incorrect ]'  | '/parent-206/child-206/grand-child-206]@key="A"]'
-            'invalid list element with incorrect ::' | '/parent-206/child-206/grand-child-206::@key"A"]'
+            group               | scenario                                 | cpsPath
+            'axis'              | 'incomplete ancestor value'              | '//books/ancestor::'
+            'list element'      | 'invalid list element with missing ['    | '/parent-206/child-206/grand-child-206@key="A"]'
+            'list element'      | 'invalid list element with incorrect ]'  | '/parent-206/child-206/grand-child-206]@key="A"]'
+            'list element'      | 'invalid list element with incorrect ::' | '/parent-206/child-206/grand-child-206::@key"A"]'
+            'operators'         | 'hash preceding string '                 | '/parent/child[@someString=#"value with preceding hash"]'
+            'operators'         | 'semi-colon preceding string '           | '/parent/child[@someString=;"value with preceding hash"]'
+            'operators'         | 'double dash comment '                   | '/parent/child[--dangerous sql]'
+            'operators'         | 'dangling operator'                      | '/parent/child[@a=5 AND]'
+            'predicate_logic'   | 'included OR expression'                 | '/parent/child[@a=5 OR 1=1]'
+            'predicate_logic'   | 'float value'                            | '/parent/child[@someFloat=5.0]'
+            'predicate_logic'   | 'missing attribute value'                | '//child[@int-leaf=5 and @name]'
+            'predicate_syntax'  | 'missing value'                          | '/parent/child[]'
+            'predicate_syntax'  | 'unclosed value'                         | '/parent/child[@attr=\'val\''
+            'predicate_syntax'  | 'missing closing bracket'                | '/parent/child[@attr="val"'
+            'quotes'            | 'unmatched quotes, double quote first '  | '/parent/child[@someString="value with unmatched quotes\']'
+            'quotes'            | 'unmatched quotes, single quote first'   | '/parent/child[@someString=\'value with unmatched quotes"]'
+            'quotes'            | 'quotes in leaf name'                    | '/parent/child[@leaf\'name=\'123\']'
+            'structure'         | 'no / at the start'                      | 'invalid-cps-path/child'
+            'structure'         | 'additional / after descendant option'   | '///cps-path'
+            'structure'         | 'wildcard misuse'                        | '/parent/*/'
+            'structure'         | 'empty path'                             | ''
+            'structure'         | 'single slash only'                      | '/'
     }
 
     def 'Parse cps path using ancestor by schema node identifier with a #scenario.'() {
author	egernug <gerard.nugent@est.tech>	2025-04-30 10:16:40 +0100
committer	egernug <gerard.nugent@est.tech>	2025-05-01 15:36:07 +0100
commit	3c8f96e18dc55b18b011db232fb7b2c751833d37 (patch)
tree	b3e085898ffea5144725e29baf3c661b2eff352e /cps-path-parser/src/test/groovy/org/onap
parent	5ed5c84a47301755d078b7b10ed99cba3861d2de (diff)