summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-common/src/test/java/org/onap
diff options
context:
space:
mode:
authorSunder Tattavarada <statta@research.att.com>2019-06-14 16:14:23 +0000
committerGerrit Code Review <gerrit@onap.org>2019-06-14 16:14:23 +0000
commit682773f88ca8b69b5ba9dee3515d437522817148 (patch)
tree5a80e3f3220775b967e0cb51bff55f9ecd345adc /ecomp-portal-BE-common/src/test/java/org/onap
parent5b6231bb65d5033f911827b13572bc70756d7b1d (diff)
parenta665aa372b189efa98bfe17ce485c053bc0754e4 (diff)
Merge "XSS Vulnerability fix in TicketEventController"
Diffstat (limited to 'ecomp-portal-BE-common/src/test/java/org/onap')
-rw-r--r--ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/TicketEventControllerTest.java12
1 files changed, 12 insertions, 0 deletions
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/TicketEventControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/TicketEventControllerTest.java
index aca7c1b3..211462d1 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/TicketEventControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/TicketEventControllerTest.java
@@ -151,6 +151,18 @@ public class TicketEventControllerTest {
}
@Test
+ public void saveXSSTest() throws Exception {
+ String ticketEventJson = "<iframe %00 src=\"&Tab;javascript:prompt(1)&Tab;\"%00>";
+ PortalRestResponse<String> actualPortalRestResponse;
+ PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ expectedPortalRestResponse.setMessage("Data is not valid");
+ actualPortalRestResponse = ticketEventController.handleRequest(mockedRequest,
+ mockedResponse, ticketEventJson);
+ assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+ }
+
+ @Test
public void saveTestForException() throws Exception {
String ticketEventJson = "\"event\": {\"body\": {\"ticketStatePhrase\": \"We recently detected a problem with the equipment at your site. The event is in queue for immediate work.\", \"ivrNotificationFlag\": \"1\",\"expectedRestoreDate\": 0,\"bridgeTransport\": \"AOTS\", \"reptRequestType\": 0,\"ticketNum\": \"000002000857405\",\"assetID\": \"CISCO_1921C1_ISR_G2\", \"eventDate\": 1490545134601,\"eventAbstract\": \"ospfIfConfigError trap received from Cisco_1921c1_ISR_G2 with arguments: ospfRouterId=Cisco_1921c1_ISR_G2; ospfIfIpAddress=1921c1_288266; ospfAddressLessIf=0; ospfPacketSrc=172.17.0.11; ospfConfigErrorType=2; ospfPacketType=1\",\"severity\": \"2 - Major\",\"ticketPriority\": \"3\",\"reportedCustomerImpact\": 0,\"testAutoIndicator\": 0,\"supportGroupName\": \"US-TEST-ORT\",\"lastModifiedDate\": \"1487687703\",\"messageGroup\": \"SNMP\",\"csi\": 0,\"mfabRestoredTime\": 0},\"header\": {\"timestamp\": \"2017-02-21T14:35:05.219+0000\",\"eventSource\": \"aotstm\",\"entityId\": \"000002000857405\", \"sequenceNumber\": 2 },\"blinkMsgId\": \"f38c071e-1a47-4b55-9e72-1db830100a61\",\"sourceIP\": \"130.4.165.158\"},\"SubscriberInfo\": {\"UserList\": [\"hk8777\"] }}";
PortalRestResponse<String> actualPortalRestResponse = ticketEventController.handleRequest(mockedRequest,