XSS Vulnerability fix in AppsOSController

SecureString class used to secure PathVariable. Issue-ID: OJSI-207 Change-Id: I6275c5db4d8d97dc60ef1676b651e3d8802ad9f7 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
author: Dominik Mizyn <d.mizyn@samsung.com> 2019-05-31 08:55:42 +0200
committer: Dominik Mizyn <d.mizyn@samsung.com> 2019-05-31 08:56:01 +0200
commit: 7b634d6019b6fb31a120f7810af095feb7a0317d (patch)
tree: b0070c6bfa67d8d68a9b52516802d72db67c31e5 /ecomp-portal-BE-os/src/test
parent: 73cf89e10ba0d50c119cbd82b3aa4f46154c4b9f (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
index 0596e749..15fe1dd9 100644
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
+++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
@@ -176,6 +176,17 @@ public class AppsOSControllerTest {
 	}
 
 	@Test
+	public void getCurrentUserProfileXSSTest() {
+		String loginId = "<iframe/src=\"data:text/html,<svg &#111;&#110;load=alert(1)>\">";
+		EPUser user = mockUser.mockEPUser();
+		List<EPUser> expectedList = new ArrayList<>();
+		expectedList.add(user);
+		Mockito.when(userService.getUserByUserId(loginId)).thenReturn(expectedList);
+		String expectedString = appsOSController.getCurrentUserProfile(mockedRequest, loginId);
+		assertEquals("loginId is not valid", expectedString);
+	}
+
+	@Test
 	public void getCurrentUserProfileExceptionTest() {
 		String loginId = "guestT";
 		EPUser user = mockUser.mockEPUser();
author	Dominik Mizyn <d.mizyn@samsung.com>	2019-05-31 08:55:42 +0200
committer	Dominik Mizyn <d.mizyn@samsung.com>	2019-05-31 08:56:01 +0200
commit	7b634d6019b6fb31a120f7810af095feb7a0317d (patch)
tree	b0070c6bfa67d8d68a9b52516802d72db67c31e5 /ecomp-portal-BE-os/src/test
parent	73cf89e10ba0d50c119cbd82b3aa4f46154c4b9f (diff)