summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-common/src/test/java
diff options
context:
space:
mode:
authorManoop Talasila <talasila@research.att.com>2019-07-22 19:31:46 +0000
committerGerrit Code Review <gerrit@onap.org>2019-07-22 19:31:46 +0000
commit7971d223f73c936027011a0241a0c73cc68fe8b0 (patch)
tree96f271f7f50aee17bed1329a1a2c095655b924f2 /ecomp-portal-BE-common/src/test/java
parent1f36ac393692177f00ed2c7ea8481585cd29d979 (diff)
parent5d37bb1bbd825616ef7b1622c71a2dce5239cc23 (diff)
Merge "XSS Vulnerability fix in WidgetsController"
Diffstat (limited to 'ecomp-portal-BE-common/src/test/java')
-rw-r--r--ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/WidgetsControllerTest.java51
1 files changed, 47 insertions, 4 deletions
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/WidgetsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/WidgetsControllerTest.java
index c6bd8001..f69ac99e 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/WidgetsControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/WidgetsControllerTest.java
@@ -68,7 +68,7 @@ import org.springframework.web.client.RestClientException;
public class WidgetsControllerTest extends MockitoTestSuite{
@InjectMocks
- WidgetsController widgetsController = new WidgetsController();
+ WidgetsController widgetsController;
@Mock
private AdminRolesService rolesService;
@@ -150,7 +150,7 @@ public class WidgetsControllerTest extends MockitoTestSuite{
OnboardingWidget onboardingWidget=new OnboardingWidget();
onboardingWidget.id=12L;
onboardingWidget.normalize();
- //Mockito.doNothing().when(onboardingWidget).normalize();
+ //Mockito.doNothing().when(onboardingWidget).normalize();
FieldsValidator expectedFieldValidator = new FieldsValidator();
List<FieldName> fields = new ArrayList<>();
@@ -161,6 +161,24 @@ public class WidgetsControllerTest extends MockitoTestSuite{
actualFieldsValidator = widgetsController.putOnboardingWidget(mockedRequest, 12L, onboardingWidget, mockedResponse);
}
+
+ @Test
+ public void putOnboardingWidgetXSSTest() {
+ FieldsValidator actualFieldsValidator = null;
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ OnboardingWidget onboardingWidget=new OnboardingWidget();
+ onboardingWidget.id=12L;
+ onboardingWidget.name = "<script>alert(/XSS”)</script>";
+ onboardingWidget.normalize();
+ FieldsValidator expectedFieldValidator = new FieldsValidator();
+ expectedFieldValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
+ Mockito.when(widgetService.setOnboardingWidget(user, onboardingWidget)).thenReturn(expectedFieldValidator);
+ actualFieldsValidator = widgetsController.putOnboardingWidget(mockedRequest, 12L, onboardingWidget, mockedResponse);
+
+ assertEquals(expectedFieldValidator, actualFieldsValidator);
+
+ }
@Test
public void putOnboardingWidgetWithUserPermissionTest() {
@@ -172,7 +190,7 @@ public class WidgetsControllerTest extends MockitoTestSuite{
OnboardingWidget onboardingWidget=new OnboardingWidget();
onboardingWidget.id=12L;
onboardingWidget.normalize();
- //Mockito.doNothing().when(onboardingWidget).normalize();
+ //Mockito.doNothing().when(onboardingWidget).normalize();
FieldsValidator expectedFieldValidator = new FieldsValidator();
List<FieldName> fields = new ArrayList<>();
@@ -209,6 +227,31 @@ public class WidgetsControllerTest extends MockitoTestSuite{
assertEquals(expectedFieldValidator.getErrorCode(), actualFieldsValidator.getErrorCode());
assertEquals(expectedFieldValidator.getFields(), actualFieldsValidator.getFields());
}
+
+ @Test
+ public void postOnboardingWidgetXSSTest(){
+ EPUser user=mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ FieldsValidator actualFieldsValidator = null;
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(rolesService.isSuperAdmin(user)).thenReturn(true);
+ Mockito.when(rolesService.isAccountAdmin(user)).thenReturn(true);
+ OnboardingWidget onboardingWidget=new OnboardingWidget();
+ onboardingWidget.id=12L;
+ onboardingWidget.appName="<script>alert(/XSS”)</script>";
+ onboardingWidget.normalize();
+ FieldsValidator expectedFieldValidator = new FieldsValidator();
+ List<FieldName> fields = new ArrayList<>();
+
+ expectedFieldValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
+ expectedFieldValidator.setFields(fields);
+ expectedFieldValidator.setErrorCode(null);
+ Mockito.when(widgetService.setOnboardingWidget(user, onboardingWidget)).thenReturn(expectedFieldValidator);
+ actualFieldsValidator = widgetsController.postOnboardingWidget(mockedRequest, onboardingWidget, mockedResponse);
+ assertEquals(expectedFieldValidator.getHttpStatusCode(), actualFieldsValidator.getHttpStatusCode());
+ assertEquals(expectedFieldValidator.getErrorCode(), actualFieldsValidator.getErrorCode());
+ assertEquals(expectedFieldValidator.getFields(), actualFieldsValidator.getFields());
+ }
@Test
public void postOnboardingWidgetTestwiThoutUserPermission() {
@@ -218,7 +261,7 @@ public class WidgetsControllerTest extends MockitoTestSuite{
OnboardingWidget onboardingWidget=new OnboardingWidget();
onboardingWidget.id=12L;
onboardingWidget.normalize();
- //Mockito.doNothing().when(onboardingWidget).normalize();
+ //Mockito.doNothing().when(onboardingWidget).normalize();
FieldsValidator expectedFieldValidator = new FieldsValidator();
List<FieldName> fields = new ArrayList<>();