Persistent XSS vulnerability in onboardingApps form fix

javax.validation.Validator used to fix this vulnerability issue. Issue-ID: OJSI-18 Change-Id: I26ec795a23869c0dccd22c50e4469ae264cb7547 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
author: Dominik Mizyn <d.mizyn@samsung.com> 2019-10-21 14:32:48 +0200
committer: Dominik Mizyn <d.mizyn@samsung.com> 2019-10-24 15:54:49 +0200
commit: 85b0d73e7150af1cbebefa8e6f0ab4b5c96e6019 (patch)
tree: ab5b0ae076626f2e8778a86e19b71aa68d6a2ffd /ecomp-portal-BE-common/src/test/java/org
parent: bb6fb4c52904d119ba790d5d9c1f752649a74a0a (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
index 58745d22..f622faca 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
@@ -129,6 +129,33 @@ public class AppsControllerTest extends MockitoTestSuite{
 	MockEPUser mockUser = new MockEPUser();
 
 	@Test
+	public void putOnboardingAppXSSTest() {
+		EPUser user = mockUser.mockEPUser();
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		OnboardingApp onboardingApp = new OnboardingApp();
+		onboardingApp.setUebTopicName("test<img src=‘~‘ onerror=prompt(123)>");
+		Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true);
+		Mockito.when(appService.modifyOnboardingApp(onboardingApp, user)).thenReturn(null);
+		Mockito.when(mockedResponse.getStatus()).thenReturn(200);
+		FieldsValidator actualFieldValidator = appsController.putOnboardingApp(mockedRequest, onboardingApp,
+		mockedResponse);
+		assertNull(actualFieldValidator);
+	}
+
+	@Test
+	public void postOnboardingAppXSSTest() {
+		EPUser user = mockUser.mockEPUser();
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		OnboardingApp onboardingApp = new OnboardingApp();
+		onboardingApp.setUebKey("test<img src=‘~‘ onerror=prompt(123)>");
+		Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true);
+		Mockito.when(appService.addOnboardingApp(onboardingApp, user)).thenReturn(null);
+		FieldsValidator actualFieldValidator = appsController.postOnboardingApp(mockedRequest, onboardingApp,
+		mockedResponse);
+		assertNull(actualFieldValidator);
+	}
+
+	@Test
 	public void getUserAppsTest() {
 		EPUser user = mockUser.mockEPUser();
 		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
author	Dominik Mizyn <d.mizyn@samsung.com>	2019-10-21 14:32:48 +0200
committer	Dominik Mizyn <d.mizyn@samsung.com>	2019-10-24 15:54:49 +0200
commit	85b0d73e7150af1cbebefa8e6f0ab4b5c96e6019 (patch)
tree	ab5b0ae076626f2e8778a86e19b71aa68d6a2ffd /ecomp-portal-BE-common/src/test/java/org
parent	bb6fb4c52904d119ba790d5d9c1f752649a74a0a (diff)