summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java5
-rw-r--r--ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java27
2 files changed, 32 insertions, 0 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java
index 0be0d357..c34311c3 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java
@@ -739,6 +739,11 @@ public class AppsController extends EPRestrictedBaseController {
user = EPUserUtils.getUserSession(request);
if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdminOfAnyActiveorInactiveApplication(user, oldEPApp) ) {
EcompPortalUtils.setBadPermissions(user, response, "putOnboardingApp");
+ } else if(!dataValidator.isValid(modifiedOnboardingApp)){
+ logger.error(EELFLoggerDelegate.errorLogger, "putOnboardingApp is not valid");
+ EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/onboardingApps", "POST result =",
+ response.getStatus());
+ return fieldsValidator;
} else {
if((oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && !oldEPApp.getNameSpace().equalsIgnoreCase(modifiedOnboardingApp.nameSpace) && modifiedOnboardingApp.nameSpace!= null ) || (!oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && modifiedOnboardingApp.nameSpace!= null))
{
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
index 58745d22..f622faca 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
@@ -129,6 +129,33 @@ public class AppsControllerTest extends MockitoTestSuite{
MockEPUser mockUser = new MockEPUser();
@Test
+ public void putOnboardingAppXSSTest() {
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ OnboardingApp onboardingApp = new OnboardingApp();
+ onboardingApp.setUebTopicName("test<img src=‘~‘ onerror=prompt(123)>");
+ Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true);
+ Mockito.when(appService.modifyOnboardingApp(onboardingApp, user)).thenReturn(null);
+ Mockito.when(mockedResponse.getStatus()).thenReturn(200);
+ FieldsValidator actualFieldValidator = appsController.putOnboardingApp(mockedRequest, onboardingApp,
+ mockedResponse);
+ assertNull(actualFieldValidator);
+ }
+
+ @Test
+ public void postOnboardingAppXSSTest() {
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ OnboardingApp onboardingApp = new OnboardingApp();
+ onboardingApp.setUebKey("test<img src=‘~‘ onerror=prompt(123)>");
+ Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true);
+ Mockito.when(appService.addOnboardingApp(onboardingApp, user)).thenReturn(null);
+ FieldsValidator actualFieldValidator = appsController.postOnboardingApp(mockedRequest, onboardingApp,
+ mockedResponse);
+ assertNull(actualFieldValidator);
+ }
+
+ @Test
public void getUserAppsTest() {
EPUser user = mockUser.mockEPUser();
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);