diff options
2 files changed, 32 insertions, 0 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java index 0be0d357..c34311c3 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java @@ -739,6 +739,11 @@ public class AppsController extends EPRestrictedBaseController { user = EPUserUtils.getUserSession(request); if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdminOfAnyActiveorInactiveApplication(user, oldEPApp) ) { EcompPortalUtils.setBadPermissions(user, response, "putOnboardingApp"); + } else if(!dataValidator.isValid(modifiedOnboardingApp)){ + logger.error(EELFLoggerDelegate.errorLogger, "putOnboardingApp is not valid"); + EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/onboardingApps", "POST result =", + response.getStatus()); + return fieldsValidator; } else { if((oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && !oldEPApp.getNameSpace().equalsIgnoreCase(modifiedOnboardingApp.nameSpace) && modifiedOnboardingApp.nameSpace!= null ) || (!oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && modifiedOnboardingApp.nameSpace!= null)) { diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java index 58745d22..f622faca 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java @@ -129,6 +129,33 @@ public class AppsControllerTest extends MockitoTestSuite{ MockEPUser mockUser = new MockEPUser(); @Test + public void putOnboardingAppXSSTest() { + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + OnboardingApp onboardingApp = new OnboardingApp(); + onboardingApp.setUebTopicName("test<img src=‘~‘ onerror=prompt(123)>"); + Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true); + Mockito.when(appService.modifyOnboardingApp(onboardingApp, user)).thenReturn(null); + Mockito.when(mockedResponse.getStatus()).thenReturn(200); + FieldsValidator actualFieldValidator = appsController.putOnboardingApp(mockedRequest, onboardingApp, + mockedResponse); + assertNull(actualFieldValidator); + } + + @Test + public void postOnboardingAppXSSTest() { + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + OnboardingApp onboardingApp = new OnboardingApp(); + onboardingApp.setUebKey("test<img src=‘~‘ onerror=prompt(123)>"); + Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true); + Mockito.when(appService.addOnboardingApp(onboardingApp, user)).thenReturn(null); + FieldsValidator actualFieldValidator = appsController.postOnboardingApp(mockedRequest, onboardingApp, + mockedResponse); + assertNull(actualFieldValidator); + } + + @Test public void getUserAppsTest() { EPUser user = mockUser.mockEPUser(); Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); |