From a3ceacb9ebf11c6467d66c0f42af714ef93591c2 Mon Sep 17 00:00:00 2001 From: "puthuparambil.aditya" Date: Tue, 16 Mar 2021 12:01:23 +0000 Subject: Fix for security hotspot related to safe archive expansion https://sonarcloud.io/project/security_hotspots?id=onap_cps&hotspots=AXfObcsqA2pnU4Plp4-g Issue-ID: CPS-289 Signed-off-by: puthuparambil.aditya Change-Id: Ibe8627413fc9e3964cdc5bb98caf5e25fa4f3a95 --- .../cps/rest/utils/ZipFileSizeValidatorSpec.groovy | 101 +++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 cps-rest/src/test/groovy/org/onap/cps/rest/utils/ZipFileSizeValidatorSpec.groovy (limited to 'cps-rest/src/test') diff --git a/cps-rest/src/test/groovy/org/onap/cps/rest/utils/ZipFileSizeValidatorSpec.groovy b/cps-rest/src/test/groovy/org/onap/cps/rest/utils/ZipFileSizeValidatorSpec.groovy new file mode 100644 index 0000000000..16fbf9885a --- /dev/null +++ b/cps-rest/src/test/groovy/org/onap/cps/rest/utils/ZipFileSizeValidatorSpec.groovy @@ -0,0 +1,101 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Bell Canada. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.cps.rest.utils + +import org.onap.cps.spi.exceptions.ModelValidationException +import spock.lang.Specification + +class ZipFileSizeValidatorSpec extends Specification { + + def static thresholdSize = ZipFileSizeValidator.THRESHOLD_SIZE + def static thresholdEntries = ZipFileSizeValidator.THRESHOLD_ENTRIES + def static thresholdRatio = ZipFileSizeValidator.THRESHOLD_RATIO + + def objectUnderTest = new ZipFileSizeValidator() + def compressedFileSize = 100 + + def setup() { + objectUnderTest.setTotalEntryInArchive(0) + objectUnderTest.setTotalSizeArchive(0) + objectUnderTest.setCompressedSize(compressedFileSize) + } + + def 'Increment the total entries in Archive.'() { + when: 'the totalEntriesInArchive value is incremented' + objectUnderTest.incrementTotalEntryInArchive() + then: 'the totalEntriesInArchive is incremented by 1' + assert objectUnderTest.totalEntryInArchive == old(objectUnderTest.totalEntryInArchive) + 1 + } + + def 'Update the total size of Archive.'() { + given: 'the size of an entry of archive' + def entrySize = 100 + when: 'the totalSizeArchive is to be updated with the latest entry Size' + objectUnderTest.updateTotalSizeArchive(entrySize) + then: 'the totalSizeArchive is updated as expected' + assert objectUnderTest.totalSizeArchive == old(objectUnderTest.totalSizeArchive) + entrySize + } + + def 'Validate the zip archive for compression ratio less that threshold compression ratio.'() { + given: 'the totalEntrySize of the archive so that compression ratio is within the threshold' + int totalEntrySize = compressedFileSize * thresholdRatio - 1 + when: 'the validation is performed against the threshold compression ratio' + objectUnderTest.validateCompresssionRatio(totalEntrySize) + then: 'validation passes and no exception is thrown' + noExceptionThrown() + } + + def 'Validate the zip archive for compression ratio.'() { + given: 'the totalEntrySize of the archive so that compression ratio is higher than the threshold' + int totalEntrySize = compressedFileSize * thresholdRatio + 1 + when: 'the validation is performed against the threshold compression ratio' + objectUnderTest.validateCompresssionRatio(totalEntrySize) + then: 'validation fails and exception is thrown' + thrown ModelValidationException + } + + def 'Validate the zip archive for thresholdSize and thresholdEntries #caseDescriptor.'() { + given: + objectUnderTest.setTotalEntryInArchive(totalEntriesInArchive) + objectUnderTest.setTotalSizeArchive(totalSizeArchive) + when: 'the validation is performed against the threshold size and threshold Entries count' + objectUnderTest.validateSizeAndEntries() + then: 'validation passes and no exception is thrown' + noExceptionThrown() + where: 'following cases are tested' + caseDescriptor | totalSizeArchive | totalEntriesInArchive + 'less than threshold value' | thresholdSize - 1 | thresholdEntries - 1 + 'at threshold value' | thresholdSize | thresholdEntries + } + + def 'Validate the zip archive for thresholdSize and thresholdEntries with #caseDescriptor.'() { + given: + objectUnderTest.setTotalEntryInArchive(totalEntriesInArchive) + objectUnderTest.setTotalSizeArchive(totalSizeArchive) + when: 'the validation is performed against the threshold size and threshold Entries count' + objectUnderTest.validateSizeAndEntries() + then: 'validation fails and exception is thrown' + thrown ModelValidationException + where: 'following cases are tested' + caseDescriptor | totalSizeArchive | totalEntriesInArchive + 'totalEntriesInArchive exceeds threshold value' | thresholdSize | thresholdEntries + 1 + 'totalSizeArchive exceeds threshold value' | thresholdSize + 1 | thresholdEntries + } +} -- cgit 1.2.3-korg