diff options
| author |   Dominik Mizyn <d.mizyn@samsung.com> | 2019-06-06 11:18:50 +0200 |
|---|---|---|
| committer | Dominik Mizyn <d.mizyn@samsung.com> | 2019-07-12 11:38:11 +0200 |
| commit | 29ff0e2cd2a78f7149422c40b1cff6dd4d1f23e3 (patch) | |
| tree | 0b06aebf21edd4f6d94d408f49f00637051913bb /ecomp-portal-BE-common/src/test/java/org/onap | |
| parent | 73248465fc2867a3dd1a6494afb6b0774c9028f2 (diff) | |
XSS Vulnerability fix in AppContactUsController
Custom data validator used to fix this issue.
Issue-ID: OJSI-15
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: Ie8df4df552cfe53e3839c7021284f0226ea56a39
Diffstat (limited to 'ecomp-portal-BE-common/src/test/java/org/onap')
| -rw-r--r-- | ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java index b08a8769..f2b2d3da 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java @@ -78,7 +78,7 @@ public class AppContactUsControllerTest extends MockitoTestSuite{ AppContactUsService contactUsService = new AppContactUsServiceImpl(); @InjectMocks - AppContactUsController appContactUsController = new AppContactUsController(); + AppContactUsController appContactUsController; @Before public void setup() { @@ -233,6 +233,25 @@ public class AppContactUsControllerTest extends MockitoTestSuite{ } @Test + public void saveXSSTest() throws Exception { + PortalRestResponse<String> actualSaveAppContactUS = null; + + AppContactUsItem contactUs = new AppContactUsItem(); + contactUs.setAppId((long) 1); + contactUs.setAppName("<meta content=\"
 1 
; JAVASCRIPT: alert(1)\" http-equiv=\"refresh\"/>"); + contactUs.setDescription("Test"); + contactUs.setContactName("Test"); + contactUs.setContactEmail("person@onap.org"); + contactUs.setUrl("Test_URL"); + contactUs.setActiveYN("Y"); + + Mockito.when(contactUsService.saveAppContactUs(contactUs)).thenReturn("FAILURE"); + actualSaveAppContactUS = appContactUsController.save(contactUs); + assertEquals("AppName is not valid.", actualSaveAppContactUS.getResponse()); + assertEquals("failure", actualSaveAppContactUS.getMessage()); + } + + @Test public void saveExceptionTest() throws Exception { PortalRestResponse<String> actualSaveAppContactUS = null; @@ -270,6 +289,19 @@ public class AppContactUsControllerTest extends MockitoTestSuite{ } @Test + public void saveAllXSSTest() throws Exception { + + List<AppContactUsItem> contactUs = mockResponse(); + AppContactUsItem appContactUsItem = new AppContactUsItem(); + appContactUsItem.setActiveYN("<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>"); + contactUs.add(appContactUsItem); + PortalRestResponse<String> actualSaveAppContactUS = null; + Mockito.when(contactUsService.saveAppContactUs(contactUs)).thenReturn("failure"); + actualSaveAppContactUS = appContactUsController.save(contactUs); + assertEquals("failure", actualSaveAppContactUS.getMessage()); + } + + @Test public void saveAllExceptionTest() throws Exception { List<AppContactUsItem> contactUs = mockResponse(); |