summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-common/src/test
diff options
context:
space:
mode:
authorDominik Mizyn <d.mizyn@samsung.com>2019-10-21 14:14:15 +0200
committerDominik Mizyn <d.mizyn@samsung.com>2019-10-24 15:54:49 +0200
commitbb6fb4c52904d119ba790d5d9c1f752649a74a0a (patch)
tree4c0ac451308e4dbb574f05243b0e59e4e9a78fde /ecomp-portal-BE-common/src/test
parent604bf4f45cf1f1726f1b8129963627ffb90b5f4c (diff)
Persistent XSS vulnerability in functionalMenuItem form fix
javax.validation.Validator used to fix this vulnerability issue. Issue-ID: OJSI-21 Change-Id: Ie13e17edb4c12c9d60baca7fc85cc46d4480b84b Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Diffstat (limited to 'ecomp-portal-BE-common/src/test')
-rw-r--r--ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java22
1 files changed, 20 insertions, 2 deletions
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java
index 84ee691e..79c85672 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java
@@ -175,6 +175,24 @@ public class FunctionalMenuControllerTest extends MockitoTestSuite {
}
+ @Test
+ public void editFunctionalMenuItemXSSTest(){
+ FunctionalMenuItemWithRoles menuItemJson = new FunctionalMenuItemWithRoles();
+ menuItemJson.url = "1<b>tes<img src=‘~‘ onerror=prompt(32)>t_menu";
+ FieldsValidator actualFieldsValidator = new FieldsValidator();
+ FieldsValidator expectedFieldsValidator = new FieldsValidator();
+ List<FieldName> fields = new ArrayList<>();
+ expectedFieldsValidator.setHttpStatusCode(406L);
+ expectedFieldsValidator.setFields(fields);
+ expectedFieldsValidator.setErrorCode(null);
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true);
+ Mockito.when(functionalMenuService.editFunctionalMenuItem(menuItemJson)).thenReturn(actualFieldsValidator);
+ actualFieldsValidator = functionalMenuController.editFunctionalMenuItem(mockedRequest, menuItemJson, mockedResponse);
+ assertEquals(actualFieldsValidator, expectedFieldsValidator);
+ }
+
@Test
public void getAppListTestIfAppDoesnotExistsInBusinessCardApplicationRolesList() throws IOException {
@@ -459,7 +477,7 @@ public class FunctionalMenuControllerTest extends MockitoTestSuite {
Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(false);
Mockito.when(functionalMenuService.createFunctionalMenuItem(menuItemJson)).thenReturn(expectedFieldsValidator);
actualFieldsValidator = functionalMenuController.createFunctionalMenuItem(mockedRequest, menuItemJson, mockedResponse);
- assertEquals(actualFieldsValidator, expectedFieldsValidator);
+ assertEquals(expectedFieldsValidator, actualFieldsValidator);
}
@Test
@@ -574,7 +592,7 @@ public class FunctionalMenuControllerTest extends MockitoTestSuite {
Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(false);
Mockito.when(functionalMenuService.editFunctionalMenuItem(menuItemJson)).thenReturn(actualFieldsValidator);
actualFieldsValidator = functionalMenuController.editFunctionalMenuItem(mockedRequest, menuItemJson, mockedResponse);
- assertEquals(actualFieldsValidator, expectedFieldsValidator);
+ assertEquals(expectedFieldsValidator, actualFieldsValidator);
}
@Test