summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-os/src/test/java/org
diff options
context:
space:
mode:
authorDominik Mizyn <d.mizyn@samsung.com>2019-05-31 08:55:42 +0200
committerDominik Mizyn <d.mizyn@samsung.com>2019-05-31 08:56:01 +0200
commit7b634d6019b6fb31a120f7810af095feb7a0317d (patch)
treeb0070c6bfa67d8d68a9b52516802d72db67c31e5 /ecomp-portal-BE-os/src/test/java/org
parent73cf89e10ba0d50c119cbd82b3aa4f46154c4b9f (diff)
XSS Vulnerability fix in AppsOSController
SecureString class used to secure PathVariable. Issue-ID: OJSI-207 Change-Id: I6275c5db4d8d97dc60ef1676b651e3d8802ad9f7 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Diffstat (limited to 'ecomp-portal-BE-os/src/test/java/org')
-rw-r--r--ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java11
1 files changed, 11 insertions, 0 deletions
diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
index 0596e749..15fe1dd9 100644
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
+++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
@@ -176,6 +176,17 @@ public class AppsOSControllerTest {
}
@Test
+ public void getCurrentUserProfileXSSTest() {
+ String loginId = "<iframe/src=\"data:text/html,<svg &#111;&#110;load=alert(1)>\">";
+ EPUser user = mockUser.mockEPUser();
+ List<EPUser> expectedList = new ArrayList<>();
+ expectedList.add(user);
+ Mockito.when(userService.getUserByUserId(loginId)).thenReturn(expectedList);
+ String expectedString = appsOSController.getCurrentUserProfile(mockedRequest, loginId);
+ assertEquals("loginId is not valid", expectedString);
+ }
+
+ @Test
public void getCurrentUserProfileExceptionTest() {
String loginId = "guestT";
EPUser user = mockUser.mockEPUser();