diff options
author | Sunder Tattavarada <statta@research.att.com> | 2019-06-14 16:07:42 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-06-14 16:07:42 +0000 |
commit | e496b1b94a07e7995fefd8113c0fbe25953322ea (patch) | |
tree | f3daff0ffe4a5709abd5814f82f108834e6538e4 /ecomp-portal-BE-os/src/test/java | |
parent | 3462e289aec5880f3e2f2f23ce4b5f70160ba7f4 (diff) | |
parent | 7b634d6019b6fb31a120f7810af095feb7a0317d (diff) |
Merge "XSS Vulnerability fix in AppsOSController"
Diffstat (limited to 'ecomp-portal-BE-os/src/test/java')
-rw-r--r-- | ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java index 0596e749..15fe1dd9 100644 --- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java +++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java @@ -176,6 +176,17 @@ public class AppsOSControllerTest { } @Test + public void getCurrentUserProfileXSSTest() { + String loginId = "<iframe/src=\"data:text/html,<svg onload=alert(1)>\">"; + EPUser user = mockUser.mockEPUser(); + List<EPUser> expectedList = new ArrayList<>(); + expectedList.add(user); + Mockito.when(userService.getUserByUserId(loginId)).thenReturn(expectedList); + String expectedString = appsOSController.getCurrentUserProfile(mockedRequest, loginId); + assertEquals("loginId is not valid", expectedString); + } + + @Test public void getCurrentUserProfileExceptionTest() { String loginId = "guestT"; EPUser user = mockUser.mockEPUser(); |