Merge "XSS Vulnerability fix in AppsOSController"

author: Sunder Tattavarada <statta@research.att.com> 2019-06-14 16:07:42 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2019-06-14 16:07:42 +0000
commit: e496b1b94a07e7995fefd8113c0fbe25953322ea (patch)
tree: f3daff0ffe4a5709abd5814f82f108834e6538e4 /ecomp-portal-BE-os/src/test/java/org
parent: 3462e289aec5880f3e2f2f23ce4b5f70160ba7f4 (diff)
parent: 7b634d6019b6fb31a120f7810af095feb7a0317d (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
index 0596e749..15fe1dd9 100644
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
+++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
@@ -176,6 +176,17 @@ public class AppsOSControllerTest {
 	}
 
 	@Test
+	public void getCurrentUserProfileXSSTest() {
+		String loginId = "<iframe/src=\"data:text/html,<svg &#111;&#110;load=alert(1)>\">";
+		EPUser user = mockUser.mockEPUser();
+		List<EPUser> expectedList = new ArrayList<>();
+		expectedList.add(user);
+		Mockito.when(userService.getUserByUserId(loginId)).thenReturn(expectedList);
+		String expectedString = appsOSController.getCurrentUserProfile(mockedRequest, loginId);
+		assertEquals("loginId is not valid", expectedString);
+	}
+
+	@Test
 	public void getCurrentUserProfileExceptionTest() {
 		String loginId = "guestT";
 		EPUser user = mockUser.mockEPUser();
author	Sunder Tattavarada <statta@research.att.com>	2019-06-14 16:07:42 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2019-06-14 16:07:42 +0000
commit	e496b1b94a07e7995fefd8113c0fbe25953322ea (patch)
tree	f3daff0ffe4a5709abd5814f82f108834e6538e4 /ecomp-portal-BE-os/src/test/java/org
parent	3462e289aec5880f3e2f2f23ce4b5f70160ba7f4 (diff)
parent	7b634d6019b6fb31a120f7810af095feb7a0317d (diff)