summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-common/src/test/java/org
diff options
context:
space:
mode:
authorDominik Mizyn <d.mizyn@samsung.com>2019-05-30 10:47:56 +0200
committerDominik Mizyn <d.mizyn@samsung.com>2019-05-30 10:48:13 +0200
commit1f4d93651fdc71e0b661728a7c7efc9b4f524b5a (patch)
treefdf232903f5ea43b9d8659758b169bc6dbdff2ed /ecomp-portal-BE-common/src/test/java/org
parentc5b960eaa66fcfdd69c4a8201d2c0ff8ee1253a8 (diff)
XSS Vulnerability fix in DashboardSearchResultController
@SafeHtml annotation is used to fix this problem. New class 'SecureString' must be added to project to valid incoming Strings from '@RequestParam String incoming String' pom.xml file update. This patch also fix: * remove unnecessary semicolon * Sonar issue: Replace the type specification in this constructor call with the diamond operator ("<>") Issue-ID: PORTAL-601 Change-Id: Id214b6e65f0c486141679fd23725a7fb66443acd Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Diffstat (limited to 'ecomp-portal-BE-common/src/test/java/org')
-rw-r--r--ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java142
1 files changed, 114 insertions, 28 deletions
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java
index 839b9fd5..34667853 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java
@@ -93,7 +93,7 @@ public class DashboardSearchResultControllerTest {
@Test
public void getWidgetDataTest() {
String resourceType = "test";
- PortalRestResponse<CommonWidgetMeta> ecpectedPortalRestResponse = new PortalRestResponse<CommonWidgetMeta>();
+ PortalRestResponse<CommonWidgetMeta> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("success");
ecpectedPortalRestResponse.setResponse(null);
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -105,8 +105,21 @@ public class DashboardSearchResultControllerTest {
}
@Test
+ public void getWidgetDataXSSTest() {
+ String resourceType = "\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\"";
+ PortalRestResponse expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setMessage("resourceType: String string is not valid");
+ expectedPortalRestResponse.setResponse("");
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ Mockito.when(searchService.getWidgetData(resourceType)).thenReturn(null);
+ PortalRestResponse acutualPoratlRestResponse = dashboardSearchResultController
+ .getWidgetData(mockedRequest, resourceType);
+ assertEquals(expectedPortalRestResponse,acutualPoratlRestResponse);
+ }
+
+ @Test
public void saveWidgetDataBulkTest() {
- PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("success");
ecpectedPortalRestResponse.setResponse(null);
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -114,7 +127,7 @@ public class DashboardSearchResultControllerTest {
CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta();
commonWidgetMeta.setCategory("test");
- List<CommonWidget> commonWidgetList = new ArrayList<CommonWidget>();
+ List<CommonWidget> commonWidgetList = new ArrayList<>();
CommonWidget commonWidget = new CommonWidget();
commonWidget.setId((long) 1);
commonWidget.setCategory("test");
@@ -136,8 +149,39 @@ public class DashboardSearchResultControllerTest {
}
@Test
+ public void saveWidgetDataBulkXSSTest() {
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
+ ecpectedPortalRestResponse.setMessage("ERROR");
+ ecpectedPortalRestResponse.setResponse("Category is not valid");
+ ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+
+ CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta();
+ commonWidgetMeta.setCategory("test");
+
+ List<CommonWidget> commonWidgetList = new ArrayList<>();
+ CommonWidget commonWidget = new CommonWidget();
+ commonWidget.setId((long) 1);
+ commonWidget.setCategory("test");
+ commonWidget.setHref("\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\"");
+ commonWidget.setTitle("test_title");
+ commonWidget.setContent("test_content");
+ commonWidget.setEventDate(null);
+ commonWidget.setSortOrder(1);
+
+ commonWidgetList.add(commonWidget);
+
+ commonWidgetMeta.setItems(commonWidgetList);
+
+ Mockito.when(searchService.saveWidgetDataBulk(commonWidgetMeta)).thenReturn(null);
+
+ PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+ .saveWidgetDataBulk(commonWidgetMeta);
+ assertEquals(ecpectedPortalRestResponse, actualPortalRestResponse);
+ }
+
+ @Test
public void saveWidgetDataBulkIfCategoryNullTest() {
- PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("java.text.ParseException: Unparseable date: \"1\"");
ecpectedPortalRestResponse.setResponse(null);
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -145,7 +189,7 @@ public class DashboardSearchResultControllerTest {
CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta();
commonWidgetMeta.setCategory("test");
- List<CommonWidget> commonWidgetList = new ArrayList<CommonWidget>();
+ List<CommonWidget> commonWidgetList = new ArrayList<>();
CommonWidget commonWidget = new CommonWidget();
commonWidget.setId(null);
commonWidget.setCategory(null);
@@ -166,7 +210,7 @@ public class DashboardSearchResultControllerTest {
@Test
public void saveWidgetDataTest() {
- PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("success");
ecpectedPortalRestResponse.setResponse(null);
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -188,10 +232,33 @@ public class DashboardSearchResultControllerTest {
}
@Test
+ public void saveWidgetDataXSSTest() {
+ PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setMessage("ERROR");
+ expectedPortalRestResponse.setResponse("Category is not valid");
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ CommonWidget commonWidget = new CommonWidget();
+ commonWidget.setId((long) 1);
+ commonWidget.setCategory("test");
+ commonWidget.setHref("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\"");
+ commonWidget.setTitle("test_title");
+ commonWidget.setContent("test_content");
+ commonWidget.setEventDate(null);
+ commonWidget.setSortOrder(1);
+
+ Mockito.when(searchService.saveWidgetData(commonWidget)).thenReturn(null);
+
+ PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+ .saveWidgetData(commonWidget);
+ assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+
+ }
+
+ @Test
public void saveWidgetDataExceptionTest() {
- PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("ERROR");
- ecpectedPortalRestResponse.setResponse("Cateogry cannot be null or empty");
+ ecpectedPortalRestResponse.setResponse("Category cannot be null or empty");
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
CommonWidget commonWidget = new CommonWidget();
commonWidget.setId((long) 1);
@@ -212,7 +279,7 @@ public class DashboardSearchResultControllerTest {
@Test
public void saveWidgetDataDateErrorTest() {
- PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("java.text.ParseException: Unparseable date: \"1\"");
ecpectedPortalRestResponse.setResponse(null);
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -233,8 +300,9 @@ public class DashboardSearchResultControllerTest {
}
+ @Test
public void deleteWidgetDataTest() {
- PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("success");
ecpectedPortalRestResponse.setResponse(null);
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -255,14 +323,36 @@ public class DashboardSearchResultControllerTest {
}
@Test
+ public void deleteWidgetDataXSSTest() {
+ PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setMessage("ERROR");
+ expectedPortalRestResponse.setResponse("CommonWidget is not valid");
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ CommonWidget commonWidget = new CommonWidget();
+ commonWidget.setId((long) 1);
+ commonWidget.setCategory("test");
+ commonWidget.setHref("test_href");
+ commonWidget.setTitle("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\"");
+ commonWidget.setContent("test_content");
+ commonWidget.setEventDate(null);
+ commonWidget.setSortOrder(1);
+ Mockito.when(searchService.deleteWidgetData(commonWidget)).thenReturn(null);
+
+ PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+ .deleteWidgetData(commonWidget);
+
+ assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+ }
+
+ @Test
public void searchPortalIfUserIsNull() {
EPUser user = null;
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
String searchString = "test";
- PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("searchPortal: User object is null? - check logs");
- expectedResult.setResponse(new HashMap<String, List<SearchResultItem>>());
+ expectedResult.setResponse(new HashMap<>());
expectedResult.setStatus(PortalRestStatusEnum.ERROR);
PortalRestResponse<Map<String, List<SearchResultItem>>> actualResult = dashboardSearchResultController
.searchPortal(mockedRequest, searchString);
@@ -272,13 +362,12 @@ public class DashboardSearchResultControllerTest {
@Test
public void searchPortalIfSearchStringNullTest() {
EPUser user = mockUser.mockEPUser();
- ;
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
String searchString = null;
- PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("searchPortal: String string is null");
- expectedResult.setResponse(new HashMap<String, List<SearchResultItem>>());
+ expectedResult.setResponse(new HashMap<>());
expectedResult.setStatus(PortalRestStatusEnum.ERROR);
PortalRestResponse<Map<String, List<SearchResultItem>>> actualResult = dashboardSearchResultController
@@ -289,10 +378,9 @@ public class DashboardSearchResultControllerTest {
@Test
public void searchPortalIfSearchTest() {
EPUser user = mockUser.mockEPUser();
- ;
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
String searchString = "test";
- List<SearchResultItem> searchResultItemList = new ArrayList<SearchResultItem>();
+ List<SearchResultItem> searchResultItemList = new ArrayList<>();
SearchResultItem searchResultItem = new SearchResultItem();
searchResultItem.setId((long) 1);
@@ -301,10 +389,10 @@ public class DashboardSearchResultControllerTest {
searchResultItem.setTarget("test_target");
searchResultItem.setUuid("test_UUId");
searchResultItemList.add(searchResultItem);
- Map<String, List<SearchResultItem>> expectedResultMap = new HashMap<String, List<SearchResultItem>>();
+ Map<String, List<SearchResultItem>> expectedResultMap = new HashMap<>();
expectedResultMap.put(searchString, searchResultItemList);
- PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("success");
expectedResult.setResponse(expectedResultMap);
expectedResult.setStatus(PortalRestStatusEnum.OK);
@@ -319,13 +407,12 @@ public class DashboardSearchResultControllerTest {
@Test
public void searchPortalIfSearchExcptionTest() {
EPUser user = mockUser.mockEPUser();
- ;
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
String searchString = "test";
- PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("null - check logs.");
- expectedResult.setResponse(new HashMap<String, List<SearchResultItem>>());
+ expectedResult.setResponse(new HashMap<>());
expectedResult.setStatus(PortalRestStatusEnum.ERROR);
Mockito.when(searchService.searchResults(user.getLoginId(), searchString)).thenThrow(nullPointerException);
@@ -336,9 +423,8 @@ public class DashboardSearchResultControllerTest {
@Test
public void getActiveUsersTest() {
- List<String> expectedActiveUsers = new ArrayList<String>();
+ List<String> expectedActiveUsers = new ArrayList<>();
EPUser user = mockUser.mockEPUser();
- ;
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
String userId = user.getOrgUserId();
Mockito.when(searchService.getRelatedUsers(userId)).thenReturn(expectedActiveUsers);
@@ -349,7 +435,7 @@ public class DashboardSearchResultControllerTest {
@Test
public void getActiveUsersExceptionTest() {
- List<String> expectedActiveUsers = new ArrayList<String>();
+ List<String> expectedActiveUsers = new ArrayList<>();
EPUser user = mockUser.mockEPUser();
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
String userId = user.getOrgUserId();
@@ -363,7 +449,7 @@ public class DashboardSearchResultControllerTest {
public void activeUsersTest() {
EPUser user = mockUser.mockEPUser();
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
- PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<List<String>>();
+ PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("success");
expectedResult.setResponse(new ArrayList<>());
expectedResult.setStatus(PortalRestStatusEnum.OK);
@@ -377,7 +463,7 @@ public class DashboardSearchResultControllerTest {
public void activeUsersIfUserNullTest() {
EPUser user = null;
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
- PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<List<String>>();
+ PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("User object is null? - check logs");
expectedResult.setResponse(new ArrayList<>());
expectedResult.setStatus(PortalRestStatusEnum.ERROR);
@@ -390,7 +476,7 @@ public class DashboardSearchResultControllerTest {
public void activeUsersExceptionTest() {
EPUser user = mockUser.mockEPUser();
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
- PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<List<String>>();
+ PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("null - check logs.");
expectedResult.setResponse(new ArrayList<>());
expectedResult.setStatus(PortalRestStatusEnum.ERROR);