diff options
author | Dominik Mizyn <d.mizyn@samsung.com> | 2019-10-21 14:14:15 +0200 |
---|---|---|
committer | Dominik Mizyn <d.mizyn@samsung.com> | 2019-10-24 15:54:49 +0200 |
commit | bb6fb4c52904d119ba790d5d9c1f752649a74a0a (patch) | |
tree | 4c0ac451308e4dbb574f05243b0e59e4e9a78fde /ecomp-portal-BE-common/src/test | |
parent | 604bf4f45cf1f1726f1b8129963627ffb90b5f4c (diff) |
Persistent XSS vulnerability in functionalMenuItem form fix
javax.validation.Validator used to fix this vulnerability issue.
Issue-ID: OJSI-21
Change-Id: Ie13e17edb4c12c9d60baca7fc85cc46d4480b84b
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Diffstat (limited to 'ecomp-portal-BE-common/src/test')
-rw-r--r-- | ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java index 84ee691e..79c85672 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java @@ -175,6 +175,24 @@ public class FunctionalMenuControllerTest extends MockitoTestSuite { } + @Test + public void editFunctionalMenuItemXSSTest(){ + FunctionalMenuItemWithRoles menuItemJson = new FunctionalMenuItemWithRoles(); + menuItemJson.url = "1<b>tes<img src=‘~‘ onerror=prompt(32)>t_menu"; + FieldsValidator actualFieldsValidator = new FieldsValidator(); + FieldsValidator expectedFieldsValidator = new FieldsValidator(); + List<FieldName> fields = new ArrayList<>(); + expectedFieldsValidator.setHttpStatusCode(406L); + expectedFieldsValidator.setFields(fields); + expectedFieldsValidator.setErrorCode(null); + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true); + Mockito.when(functionalMenuService.editFunctionalMenuItem(menuItemJson)).thenReturn(actualFieldsValidator); + actualFieldsValidator = functionalMenuController.editFunctionalMenuItem(mockedRequest, menuItemJson, mockedResponse); + assertEquals(actualFieldsValidator, expectedFieldsValidator); + } + @Test public void getAppListTestIfAppDoesnotExistsInBusinessCardApplicationRolesList() throws IOException { @@ -459,7 +477,7 @@ public class FunctionalMenuControllerTest extends MockitoTestSuite { Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(false); Mockito.when(functionalMenuService.createFunctionalMenuItem(menuItemJson)).thenReturn(expectedFieldsValidator); actualFieldsValidator = functionalMenuController.createFunctionalMenuItem(mockedRequest, menuItemJson, mockedResponse); - assertEquals(actualFieldsValidator, expectedFieldsValidator); + assertEquals(expectedFieldsValidator, actualFieldsValidator); } @Test @@ -574,7 +592,7 @@ public class FunctionalMenuControllerTest extends MockitoTestSuite { Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(false); Mockito.when(functionalMenuService.editFunctionalMenuItem(menuItemJson)).thenReturn(actualFieldsValidator); actualFieldsValidator = functionalMenuController.editFunctionalMenuItem(mockedRequest, menuItemJson, mockedResponse); - assertEquals(actualFieldsValidator, expectedFieldsValidator); + assertEquals(expectedFieldsValidator, actualFieldsValidator); } @Test |