diff options
| author |   Dominik Mizyn <d.mizyn@samsung.com> | 2019-07-05 14:33:53 +0200 |
|---|---|---|
| committer | Dominik Mizyn <d.mizyn@samsung.com> | 2019-07-05 14:34:17 +0200 |
| commit | 6fb5b257a327c64eb3e3f8df65db835ca6cb38aa (patch) | |
| tree | cef821c5fc97059aea6b9051561e50b748bdb97d /ecomp-portal-BE-common/src/test/java/org | |
| parent | 4f77c9f6c5539747c0fadd6028044e2ff2ceb8cf (diff) | |
XSS Vulnerability fix in PortalAdminController
Custom data validator used to fix this issue.
Issue-ID: OJSI-15
Change-Id: I224887d31e4e2d7301544194ef44ba38e66e047d
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Diffstat (limited to 'ecomp-portal-BE-common/src/test/java/org')
| -rw-r--r-- | ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/PortalAdminControllerTest.java | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/PortalAdminControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/PortalAdminControllerTest.java index 20bb3e8b..bd8d1551 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/PortalAdminControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/PortalAdminControllerTest.java @@ -42,22 +42,17 @@ import static org.junit.Assert.assertNull; import java.util.ArrayList; import java.util.List; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import org.junit.Before; import org.junit.Test; import org.mockito.InjectMocks; -import org.mockito.Matchers; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.MockitoAnnotations; -import org.onap.portalapp.portal.controller.PortalAdminController; import org.onap.portalapp.portal.core.MockEPUser; import org.onap.portalapp.portal.domain.EPRole; import org.onap.portalapp.portal.domain.EPUser; -import org.onap.portalapp.portal.exceptions.NoHealthyServiceException; import org.onap.portalapp.portal.framework.MockitoTestSuite; import org.onap.portalapp.portal.service.AdminRolesService; import org.onap.portalapp.portal.service.AdminRolesServiceImpl; @@ -73,7 +68,7 @@ import org.onap.portalsdk.core.service.AuditServiceImpl; public class PortalAdminControllerTest extends MockitoTestSuite{ @InjectMocks - PortalAdminController portalAdminController = new PortalAdminController(); + PortalAdminController portalAdminController; @Mock AdminRolesService adminRolesService = new AdminRolesServiceImpl(); @@ -168,9 +163,22 @@ public class PortalAdminControllerTest extends MockitoTestSuite{ assertEquals(actualFieldValidator,expectedFieldValidator); } - - + @Test + public void createPortalAdminXSSTest() + { + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + FieldsValidator expectedFieldValidator = null; + FieldsValidator actualFieldValidator; + String userId = "<IMG SRC=jAVasCrIPt:alert(‘XSS’)>"; + Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true); + Mockito.when(portalAdminService.createPortalAdmin(userId)).thenReturn(expectedFieldValidator); + actualFieldValidator = portalAdminController.createPortalAdmin(mockedRequest, userId, mockedResponse); + assertEquals(expectedFieldValidator, actualFieldValidator); + + } + @Test public void createPortalAdminIfUserIsNullTest() { @@ -204,6 +212,17 @@ public class PortalAdminControllerTest extends MockitoTestSuite{ assertNull(actualPortalAdminsList); } + + @Test + public void deletePortalAdminXSSTest() + { + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true); + FieldsValidator actualFieldValidator = portalAdminController.deletePortalAdmin(mockedRequest,"<img src=xss onerror=alert(1)>" , mockedResponse); + assertNull(actualFieldValidator); + + } @Test public void deletePortalAdminTest1() |