diff options
author | Dominik Mizyn <d.mizyn@samsung.com> | 2019-05-31 08:55:42 +0200 |
---|---|---|
committer | Dominik Mizyn <d.mizyn@samsung.com> | 2019-05-31 08:56:01 +0200 |
commit | 7b634d6019b6fb31a120f7810af095feb7a0317d (patch) | |
tree | b0070c6bfa67d8d68a9b52516802d72db67c31e5 /ecomp-portal-BE-os/src/test/java/org | |
parent | 73cf89e10ba0d50c119cbd82b3aa4f46154c4b9f (diff) |
XSS Vulnerability fix in AppsOSController
SecureString class used to secure PathVariable.
Issue-ID: OJSI-207
Change-Id: I6275c5db4d8d97dc60ef1676b651e3d8802ad9f7
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Diffstat (limited to 'ecomp-portal-BE-os/src/test/java/org')
-rw-r--r-- | ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java index 0596e749..15fe1dd9 100644 --- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java +++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java @@ -176,6 +176,17 @@ public class AppsOSControllerTest { } @Test + public void getCurrentUserProfileXSSTest() { + String loginId = "<iframe/src=\"data:text/html,<svg onload=alert(1)>\">"; + EPUser user = mockUser.mockEPUser(); + List<EPUser> expectedList = new ArrayList<>(); + expectedList.add(user); + Mockito.when(userService.getUserByUserId(loginId)).thenReturn(expectedList); + String expectedString = appsOSController.getCurrentUserProfile(mockedRequest, loginId); + assertEquals("loginId is not valid", expectedString); + } + + @Test public void getCurrentUserProfileExceptionTest() { String loginId = "guestT"; EPUser user = mockUser.mockEPUser(); |