XSS Vulnerability fix in AppsControllerExternalRequest

@SafeHtml annotation is used to fix this problem.

This patch also fix some minor issues:
* isAuxRESTfulCall() method delete. Method was nowhere used.
* '.length() == 0' changed to '.isEmpty()'

Issue-ID: PORTAL-604
Change-Id: Ib7091622081f507812654b50275ad7ac4c97bfc3
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

1 files changed, 80 insertions, 0 deletions

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequestTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequestTest.java
index 847d4744..9d3c7785 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequestTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequestTest.java
@@ -133,6 +133,24 @@ public class AppsControllerExternalRequestTest extends MockitoTestSuite {
 	}
 
 	@Test
+	public void postPortalAdminXSSTest() {
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		expectedportalRestResponse.setMessage("Data is not valid");
+		expectedportalRestResponse.setResponse(null);
+		PortalRestStatusEnum portalRestStatusEnum = null;
+		expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+		EPUser user = mockUser.mockEPUser();
+		user.setEmail("“><script>alert(“XSS”)</script>");
+		user.setLoginPwd("pwd");
+		user.setLoginId("Test");
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		Mockito.when(userService.getUserByUserId(user.getOrgUserId())).thenThrow(nullPointerException);
+		PortalRestResponse<String> actualPortalRestResponse = appsControllerExternalRequest
+			.postPortalAdmin(mockedRequest, mockedResponse, user);
+		assertEquals(expectedportalRestResponse, actualPortalRestResponse);
+	}
+
+	@Test
 	public void postPortalAdminCreateUserIfNotFoundTest() throws Exception {
 		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
 		expectedportalRestResponse.setMessage(null);
@@ -277,6 +295,36 @@ public class AppsControllerExternalRequestTest extends MockitoTestSuite {
 	}
 
 	@Test
+	public void postOnboardAppExternalXSSTest() {
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		expectedportalRestResponse.setMessage(
+			"Data is not valid");
+		expectedportalRestResponse.setResponse(null);
+		PortalRestStatusEnum portalRestStatusEnum = null;
+		expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+
+		OnboardingApp expectedOnboardingApp = new OnboardingApp();;
+		expectedOnboardingApp.name = "test";
+		expectedOnboardingApp.url="test.com";
+		expectedOnboardingApp.restUrl="<script>alert(/XSS”)</script>";
+		expectedOnboardingApp.myLoginsAppOwner="testUser";
+		expectedOnboardingApp.restrictedApp=false;
+		expectedOnboardingApp.isOpen=true;
+		expectedOnboardingApp.isEnabled=true;
+		EPUser user = mockUser.mockEPUser();
+		user.setEmail("guestT@test.portal.onap.org");
+		user.setLoginPwd("pwd");
+		user.setLoginId("Test");
+		List<EPUser> expectedList = new ArrayList<EPUser>();
+		expectedList.add(user);
+
+		PortalRestResponse<String> actualPortalRestResponse = appsControllerExternalRequest
+			.postOnboardAppExternal(mockedRequest, mockedResponse, expectedOnboardingApp);
+		assertEquals(expectedportalRestResponse, actualPortalRestResponse);
+
+	}
+
+	@Test
 	public void putOnboardAppExternalifAppNullTest() {
 		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
 		expectedportalRestResponse.setMessage("Unexpected value for field: id");
@@ -293,6 +341,38 @@ public class AppsControllerExternalRequestTest extends MockitoTestSuite {
 	}
 
 	@Test
+	public void putOnboardAppExternalXSSTest() {
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		expectedportalRestResponse.setMessage(
+			"Data is not valid");
+		expectedportalRestResponse.setResponse(null);
+		PortalRestStatusEnum portalRestStatusEnum = null;
+		expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+
+		OnboardingApp expectedOnboardingApp = new OnboardingApp();;
+		expectedOnboardingApp.name = "test";
+		expectedOnboardingApp.url="test.com";
+		expectedOnboardingApp.restUrl="<script>alert(/XSS”)</script>";
+		expectedOnboardingApp.myLoginsAppOwner="testUser";
+		expectedOnboardingApp.restrictedApp=false;
+		expectedOnboardingApp.isOpen=true;
+		expectedOnboardingApp.isEnabled=true;
+		EPUser user = mockUser.mockEPUser();
+		user.setEmail("guestT@test.portal.onap.org");
+		user.setLoginPwd("pwd");
+		user.setLoginId("Test");
+		List<EPUser> expectedList = new ArrayList<EPUser>();
+		expectedList.add(user);
+
+		Long appId = (long) 1;
+
+		PortalRestResponse<String> actualPortalRestResponse = appsControllerExternalRequest
+			.putOnboardAppExternal(mockedRequest, mockedResponse, appId, expectedOnboardingApp);
+		assertEquals(expectedportalRestResponse, actualPortalRestResponse);
+
+	}
+
+	@Test
 	public void putOnboardAppExternalIfOnboardingAppDetailsNullTest() {
 		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
 		expectedportalRestResponse.setMessage(