summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-common/src/test/java
diff options
context:
space:
mode:
Diffstat (limited to 'ecomp-portal-BE-common/src/test/java')
-rw-r--r--ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java34
-rw-r--r--ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java73
2 files changed, 102 insertions, 5 deletions
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java
index b08a8769..f2b2d3da 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java
@@ -78,7 +78,7 @@ public class AppContactUsControllerTest extends MockitoTestSuite{
AppContactUsService contactUsService = new AppContactUsServiceImpl();
@InjectMocks
- AppContactUsController appContactUsController = new AppContactUsController();
+ AppContactUsController appContactUsController;
@Before
public void setup() {
@@ -233,6 +233,25 @@ public class AppContactUsControllerTest extends MockitoTestSuite{
}
@Test
+ public void saveXSSTest() throws Exception {
+ PortalRestResponse<String> actualSaveAppContactUS = null;
+
+ AppContactUsItem contactUs = new AppContactUsItem();
+ contactUs.setAppId((long) 1);
+ contactUs.setAppName("<meta content=\"&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)\" http-equiv=\"refresh\"/>");
+ contactUs.setDescription("Test");
+ contactUs.setContactName("Test");
+ contactUs.setContactEmail("person@onap.org");
+ contactUs.setUrl("Test_URL");
+ contactUs.setActiveYN("Y");
+
+ Mockito.when(contactUsService.saveAppContactUs(contactUs)).thenReturn("FAILURE");
+ actualSaveAppContactUS = appContactUsController.save(contactUs);
+ assertEquals("AppName is not valid.", actualSaveAppContactUS.getResponse());
+ assertEquals("failure", actualSaveAppContactUS.getMessage());
+ }
+
+ @Test
public void saveExceptionTest() throws Exception {
PortalRestResponse<String> actualSaveAppContactUS = null;
@@ -270,6 +289,19 @@ public class AppContactUsControllerTest extends MockitoTestSuite{
}
@Test
+ public void saveAllXSSTest() throws Exception {
+
+ List<AppContactUsItem> contactUs = mockResponse();
+ AppContactUsItem appContactUsItem = new AppContactUsItem();
+ appContactUsItem.setActiveYN("<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>");
+ contactUs.add(appContactUsItem);
+ PortalRestResponse<String> actualSaveAppContactUS = null;
+ Mockito.when(contactUsService.saveAppContactUs(contactUs)).thenReturn("failure");
+ actualSaveAppContactUS = appContactUsController.save(contactUs);
+ assertEquals("failure", actualSaveAppContactUS.getMessage());
+ }
+
+ @Test
public void saveAllExceptionTest() throws Exception {
List<AppContactUsItem> contactUs = mockResponse();
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
index 4df1c2ac..58745d22 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
@@ -58,7 +58,6 @@ import org.mockito.Matchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
-import org.onap.portalapp.portal.controller.AppsController;
import org.onap.portalapp.portal.core.MockEPUser;
import org.onap.portalapp.portal.domain.AdminUserApplications;
import org.onap.portalapp.portal.domain.AppIdAndNameTransportModel;
@@ -82,7 +81,6 @@ import org.onap.portalapp.portal.transport.EPWidgetsSortPreference;
import org.onap.portalapp.portal.transport.FieldsValidator;
import org.onap.portalapp.portal.transport.LocalRole;
import org.onap.portalapp.portal.transport.OnboardingApp;
-import org.onap.portalapp.portal.utils.EcompPortalUtils;
import org.onap.portalapp.util.EPUserUtils;
import org.onap.portalsdk.core.util.SystemProperties;
import org.onap.portalsdk.core.web.support.AppUtils;
@@ -100,7 +98,7 @@ import org.springframework.web.client.HttpClientErrorException;
public class AppsControllerTest extends MockitoTestSuite{
@InjectMocks
- AppsController appsController = new AppsController();
+ AppsController appsController;
@Mock
AdminRolesService adminRolesService = new AdminRolesServiceImpl();
@@ -369,6 +367,38 @@ public class AppsControllerTest extends MockitoTestSuite{
}
@Test
+ public void putUserAppsSortingManualXSSTest() {
+ EPUser user = mockUser.mockEPUser();
+ EPAppsManualPreference preference = new EPAppsManualPreference();
+ preference.setHeaderText("<script>alert(\"hellox worldss\");</script>");
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ List<EPAppsManualPreference> ePAppsManualPreference = new ArrayList<>();
+ FieldsValidator expectedFieldValidator = new FieldsValidator();
+ expectedFieldValidator.setHttpStatusCode((long)HttpServletResponse.SC_NOT_ACCEPTABLE);
+ ePAppsManualPreference.add(preference);
+ Mockito.when(appService.saveAppsSortManual(ePAppsManualPreference, user)).thenReturn(expectedFieldValidator);
+ FieldsValidator actualFieldValidator = appsController.putUserAppsSortingManual(mockedRequest, ePAppsManualPreference,
+ mockedResponse);
+ assertEquals(actualFieldValidator, expectedFieldValidator);
+ }
+
+ @Test
+ public void putUserWidgetsSortManualXSSTest() {
+ EPUser user = mockUser.mockEPUser();
+ EPWidgetsSortPreference preference = new EPWidgetsSortPreference();
+ preference.setHeaderText("<script>alert(\"hellox worldss\");</script>");
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ List<EPWidgetsSortPreference> ePAppsManualPreference = new ArrayList<>();
+ FieldsValidator expectedFieldValidator = new FieldsValidator();
+ expectedFieldValidator.setHttpStatusCode((long)HttpServletResponse.SC_NOT_ACCEPTABLE);
+ ePAppsManualPreference.add(preference);
+ Mockito.when(appService.saveWidgetsSortManual(ePAppsManualPreference, user)).thenReturn(expectedFieldValidator);
+ FieldsValidator actualFieldValidator = appsController.putUserWidgetsSortManual(mockedRequest, ePAppsManualPreference,
+ mockedResponse);
+ assertEquals(expectedFieldValidator, actualFieldValidator);
+ }
+
+ @Test
public void putUserAppsSortingManualExceptionTest() throws IOException {
EPUser user = mockUser.mockEPUser();
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
@@ -404,7 +434,7 @@ public class AppsControllerTest extends MockitoTestSuite{
}
@Test
- public void putUserWidgetsSortPrefTest() throws IOException {
+ public void putUserWidgetsSortPrefTest() {
EPUser user = mockUser.mockEPUser();
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
List<EPWidgetsSortPreference> ePWidgetsSortPreference = new ArrayList<EPWidgetsSortPreference>();
@@ -421,6 +451,24 @@ public class AppsControllerTest extends MockitoTestSuite{
}
@Test
+ public void putUserWidgetsSortPrefXSSTest() {
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ List<EPWidgetsSortPreference> ePWidgetsSortPreference = new ArrayList<>();
+ EPWidgetsSortPreference preference = new EPWidgetsSortPreference();
+ preference.setHeaderText("<script>alert(\"hellox worldss\");</script>");
+ ePWidgetsSortPreference.add(preference);
+ FieldsValidator expectedFieldValidator = new FieldsValidator();
+ expectedFieldValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
+ FieldsValidator actualFieldValidator;
+ Mockito.when(appService.deleteUserWidgetSortPref(ePWidgetsSortPreference, user))
+ .thenReturn(expectedFieldValidator);
+ actualFieldValidator = appsController.putUserWidgetsSortPref(mockedRequest, ePWidgetsSortPreference,
+ mockedResponse);
+ assertEquals(actualFieldValidator, expectedFieldValidator);
+ }
+
+ @Test
public void putUserWidgetsSortPrefExceptionTest() throws IOException {
EPUser user = mockUser.mockEPUser();
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
@@ -476,6 +524,23 @@ public class AppsControllerTest extends MockitoTestSuite{
}
@Test
+ public void putUserAppsSortingPreferenceXSSTest() {
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ EPAppsSortPreference userAppsValue = new EPAppsSortPreference();
+ userAppsValue.setTitle("</script><script>alert(1)</script>");
+ FieldsValidator expectedFieldValidator = new FieldsValidator();
+ expectedFieldValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
+ expectedFieldValidator.setFields(null);
+ expectedFieldValidator.setErrorCode(null);
+ FieldsValidator actualFieldValidator;
+ Mockito.when(appService.saveAppsSortPreference(userAppsValue, user)).thenReturn(expectedFieldValidator);
+ actualFieldValidator = appsController.putUserAppsSortingPreference(mockedRequest, userAppsValue,
+ mockedResponse);
+ assertEquals(actualFieldValidator, expectedFieldValidator);
+ }
+
+ @Test
public void putUserAppsSortingPreferenceExceptionTest() throws IOException {
EPUser user = mockUser.mockEPUser();
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);