summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-common/src/test/java/org/onap
diff options
context:
space:
mode:
authorSunder Tattavarada <statta@research.att.com>2019-07-09 14:48:26 +0000
committerGerrit Code Review <gerrit@onap.org>2019-07-09 14:48:26 +0000
commita1db0d8fc1a98c8e22879059400d218402b82925 (patch)
tree6d2d8089d2ce3fa1f8f5106638aab564aeebfdaa /ecomp-portal-BE-common/src/test/java/org/onap
parentb771e1ab3bc1a6c76c987d9c14fb3b77a338f155 (diff)
parent6fb5b257a327c64eb3e3f8df65db835ca6cb38aa (diff)
Merge "XSS Vulnerability fix in PortalAdminController"
Diffstat (limited to 'ecomp-portal-BE-common/src/test/java/org/onap')
-rw-r--r--ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/PortalAdminControllerTest.java35
1 files changed, 27 insertions, 8 deletions
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/PortalAdminControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/PortalAdminControllerTest.java
index 20bb3e8b..bd8d1551 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/PortalAdminControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/PortalAdminControllerTest.java
@@ -42,22 +42,17 @@ import static org.junit.Assert.assertNull;
import java.util.ArrayList;
import java.util.List;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
import org.junit.Before;
import org.junit.Test;
import org.mockito.InjectMocks;
-import org.mockito.Matchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
-import org.onap.portalapp.portal.controller.PortalAdminController;
import org.onap.portalapp.portal.core.MockEPUser;
import org.onap.portalapp.portal.domain.EPRole;
import org.onap.portalapp.portal.domain.EPUser;
-import org.onap.portalapp.portal.exceptions.NoHealthyServiceException;
import org.onap.portalapp.portal.framework.MockitoTestSuite;
import org.onap.portalapp.portal.service.AdminRolesService;
import org.onap.portalapp.portal.service.AdminRolesServiceImpl;
@@ -73,7 +68,7 @@ import org.onap.portalsdk.core.service.AuditServiceImpl;
public class PortalAdminControllerTest extends MockitoTestSuite{
@InjectMocks
- PortalAdminController portalAdminController = new PortalAdminController();
+ PortalAdminController portalAdminController;
@Mock
AdminRolesService adminRolesService = new AdminRolesServiceImpl();
@@ -168,9 +163,22 @@ public class PortalAdminControllerTest extends MockitoTestSuite{
assertEquals(actualFieldValidator,expectedFieldValidator);
}
-
-
+ @Test
+ public void createPortalAdminXSSTest()
+ {
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ FieldsValidator expectedFieldValidator = null;
+ FieldsValidator actualFieldValidator;
+ String userId = "<IMG SRC=jAVasCrIPt:alert(‘XSS’)>";
+ Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true);
+ Mockito.when(portalAdminService.createPortalAdmin(userId)).thenReturn(expectedFieldValidator);
+ actualFieldValidator = portalAdminController.createPortalAdmin(mockedRequest, userId, mockedResponse);
+ assertEquals(expectedFieldValidator, actualFieldValidator);
+
+ }
+
@Test
public void createPortalAdminIfUserIsNullTest()
{
@@ -204,6 +212,17 @@ public class PortalAdminControllerTest extends MockitoTestSuite{
assertNull(actualPortalAdminsList);
}
+
+ @Test
+ public void deletePortalAdminXSSTest()
+ {
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true);
+ FieldsValidator actualFieldValidator = portalAdminController.deletePortalAdmin(mockedRequest,"<img src=xss onerror=alert(1)>" , mockedResponse);
+ assertNull(actualFieldValidator);
+
+ }
@Test
public void deletePortalAdminTest1()