diff options
| author |   Manoop Talasila <talasila@research.att.com> | 2019-10-21 15:02:18 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2019-10-21 15:02:18 +0000 |
| commit | 10d37e31a640a7b4f778d71b3a44e7e9da360aac (patch) | |
| tree | 9f24d3ad8ce9f0a2443493aad7b88409c6e2d0dd /ecomp-portal-BE-common/src/test/java | |
| parent | 7813e59e6a956610e719d5d8d722af9750913a4c (diff) | |
| parent | be638f25cb9d7021ba6b58a6d3baa5cca134c56f (diff) | |
Merge changes I5837e333,I340cb721
* changes:
Reflected XSS vulnerability in saveNotification form fix.
Security Vulnerability in pom.xml fix
Diffstat (limited to 'ecomp-portal-BE-common/src/test/java')
| -rw-r--r-- | ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulControllerTest.java | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulControllerTest.java index d8f98bb9..d6cb42a6 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulControllerTest.java @@ -296,6 +296,47 @@ public class ExternalAppsRestfulControllerTest { assertEquals(543L, createdNofification.getRoleIds().get(0).longValue()); } + @Test + public void publishNotificationXSSTest() throws Exception { + // input + EpNotificationItem notificationItem = new EpNotificationItem(); + List<Long> roleList = new ArrayList<Long>(); + Long role1 = 1L; + roleList.add(role1); + notificationItem.setRoleIds(roleList); + notificationItem.setPriority(1L); + notificationItem.setMsgHeader("<script>alert(‘XSS’)</script>"); + notificationItem.setMsgDescription("Test Description"); + Date currentDate = new Date(); + Calendar c = Calendar.getInstance(); + c.setTime(currentDate); + c.add(Calendar.DATE, 1); + Date currentDatePlusOne = c.getTime(); + notificationItem.setStartTime(currentDate); + notificationItem.setEndTime(currentDatePlusOne); + + // mock calls + Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn("RxH3983AHiyBOQmj"); + Map<String, String> params = new HashMap<>(); + params.put("appKey", "RxH3983AHiyBOQmj"); + List<EPApp> apps = new ArrayList<>(); + EPApp app = new EPApp(); + app.setId(123L); + apps.add(app); + Mockito.when(DataAccessService.executeNamedQuery("getMyAppDetailsByUebKey", params, null)).thenReturn(apps); + EPRole role = new EPRole(); + role.setId(543L); + Mockito.when(epRoleService.getRole(123L, 1L)).thenReturn(role); + + // run + Mockito.when(userNotificationService.saveNotification(notificationItem)).thenReturn("Test"); + PortalAPIResponse response = externalAppsRestfulController.publishNotification(mockedRequest, notificationItem); + // verify answer + assertNotNull(response); + assertEquals("error", response.getStatus()); + assertEquals("failed", response.getMessage()); + } + @Test public void publishNotificationTest_EmptyAppHeader() throws Exception { // input |