diff options
Diffstat (limited to 'ecomp-portal-BE-common/src/test/java')
2 files changed, 102 insertions, 5 deletions
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java index b08a8769..f2b2d3da 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java @@ -78,7 +78,7 @@ public class AppContactUsControllerTest extends MockitoTestSuite{ AppContactUsService contactUsService = new AppContactUsServiceImpl(); @InjectMocks - AppContactUsController appContactUsController = new AppContactUsController(); + AppContactUsController appContactUsController; @Before public void setup() { @@ -233,6 +233,25 @@ public class AppContactUsControllerTest extends MockitoTestSuite{ } @Test + public void saveXSSTest() throws Exception { + PortalRestResponse<String> actualSaveAppContactUS = null; + + AppContactUsItem contactUs = new AppContactUsItem(); + contactUs.setAppId((long) 1); + contactUs.setAppName("<meta content=\"
 1 
; JAVASCRIPT: alert(1)\" http-equiv=\"refresh\"/>"); + contactUs.setDescription("Test"); + contactUs.setContactName("Test"); + contactUs.setContactEmail("person@onap.org"); + contactUs.setUrl("Test_URL"); + contactUs.setActiveYN("Y"); + + Mockito.when(contactUsService.saveAppContactUs(contactUs)).thenReturn("FAILURE"); + actualSaveAppContactUS = appContactUsController.save(contactUs); + assertEquals("AppName is not valid.", actualSaveAppContactUS.getResponse()); + assertEquals("failure", actualSaveAppContactUS.getMessage()); + } + + @Test public void saveExceptionTest() throws Exception { PortalRestResponse<String> actualSaveAppContactUS = null; @@ -270,6 +289,19 @@ public class AppContactUsControllerTest extends MockitoTestSuite{ } @Test + public void saveAllXSSTest() throws Exception { + + List<AppContactUsItem> contactUs = mockResponse(); + AppContactUsItem appContactUsItem = new AppContactUsItem(); + appContactUsItem.setActiveYN("<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>"); + contactUs.add(appContactUsItem); + PortalRestResponse<String> actualSaveAppContactUS = null; + Mockito.when(contactUsService.saveAppContactUs(contactUs)).thenReturn("failure"); + actualSaveAppContactUS = appContactUsController.save(contactUs); + assertEquals("failure", actualSaveAppContactUS.getMessage()); + } + + @Test public void saveAllExceptionTest() throws Exception { List<AppContactUsItem> contactUs = mockResponse(); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java index 4df1c2ac..58745d22 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java @@ -58,7 +58,6 @@ import org.mockito.Matchers; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.MockitoAnnotations; -import org.onap.portalapp.portal.controller.AppsController; import org.onap.portalapp.portal.core.MockEPUser; import org.onap.portalapp.portal.domain.AdminUserApplications; import org.onap.portalapp.portal.domain.AppIdAndNameTransportModel; @@ -82,7 +81,6 @@ import org.onap.portalapp.portal.transport.EPWidgetsSortPreference; import org.onap.portalapp.portal.transport.FieldsValidator; import org.onap.portalapp.portal.transport.LocalRole; import org.onap.portalapp.portal.transport.OnboardingApp; -import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.util.EPUserUtils; import org.onap.portalsdk.core.util.SystemProperties; import org.onap.portalsdk.core.web.support.AppUtils; @@ -100,7 +98,7 @@ import org.springframework.web.client.HttpClientErrorException; public class AppsControllerTest extends MockitoTestSuite{ @InjectMocks - AppsController appsController = new AppsController(); + AppsController appsController; @Mock AdminRolesService adminRolesService = new AdminRolesServiceImpl(); @@ -369,6 +367,38 @@ public class AppsControllerTest extends MockitoTestSuite{ } @Test + public void putUserAppsSortingManualXSSTest() { + EPUser user = mockUser.mockEPUser(); + EPAppsManualPreference preference = new EPAppsManualPreference(); + preference.setHeaderText("<script>alert(\"hellox worldss\");</script>"); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + List<EPAppsManualPreference> ePAppsManualPreference = new ArrayList<>(); + FieldsValidator expectedFieldValidator = new FieldsValidator(); + expectedFieldValidator.setHttpStatusCode((long)HttpServletResponse.SC_NOT_ACCEPTABLE); + ePAppsManualPreference.add(preference); + Mockito.when(appService.saveAppsSortManual(ePAppsManualPreference, user)).thenReturn(expectedFieldValidator); + FieldsValidator actualFieldValidator = appsController.putUserAppsSortingManual(mockedRequest, ePAppsManualPreference, + mockedResponse); + assertEquals(actualFieldValidator, expectedFieldValidator); + } + + @Test + public void putUserWidgetsSortManualXSSTest() { + EPUser user = mockUser.mockEPUser(); + EPWidgetsSortPreference preference = new EPWidgetsSortPreference(); + preference.setHeaderText("<script>alert(\"hellox worldss\");</script>"); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + List<EPWidgetsSortPreference> ePAppsManualPreference = new ArrayList<>(); + FieldsValidator expectedFieldValidator = new FieldsValidator(); + expectedFieldValidator.setHttpStatusCode((long)HttpServletResponse.SC_NOT_ACCEPTABLE); + ePAppsManualPreference.add(preference); + Mockito.when(appService.saveWidgetsSortManual(ePAppsManualPreference, user)).thenReturn(expectedFieldValidator); + FieldsValidator actualFieldValidator = appsController.putUserWidgetsSortManual(mockedRequest, ePAppsManualPreference, + mockedResponse); + assertEquals(expectedFieldValidator, actualFieldValidator); + } + + @Test public void putUserAppsSortingManualExceptionTest() throws IOException { EPUser user = mockUser.mockEPUser(); Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); @@ -404,7 +434,7 @@ public class AppsControllerTest extends MockitoTestSuite{ } @Test - public void putUserWidgetsSortPrefTest() throws IOException { + public void putUserWidgetsSortPrefTest() { EPUser user = mockUser.mockEPUser(); Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); List<EPWidgetsSortPreference> ePWidgetsSortPreference = new ArrayList<EPWidgetsSortPreference>(); @@ -421,6 +451,24 @@ public class AppsControllerTest extends MockitoTestSuite{ } @Test + public void putUserWidgetsSortPrefXSSTest() { + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + List<EPWidgetsSortPreference> ePWidgetsSortPreference = new ArrayList<>(); + EPWidgetsSortPreference preference = new EPWidgetsSortPreference(); + preference.setHeaderText("<script>alert(\"hellox worldss\");</script>"); + ePWidgetsSortPreference.add(preference); + FieldsValidator expectedFieldValidator = new FieldsValidator(); + expectedFieldValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE); + FieldsValidator actualFieldValidator; + Mockito.when(appService.deleteUserWidgetSortPref(ePWidgetsSortPreference, user)) + .thenReturn(expectedFieldValidator); + actualFieldValidator = appsController.putUserWidgetsSortPref(mockedRequest, ePWidgetsSortPreference, + mockedResponse); + assertEquals(actualFieldValidator, expectedFieldValidator); + } + + @Test public void putUserWidgetsSortPrefExceptionTest() throws IOException { EPUser user = mockUser.mockEPUser(); Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); @@ -476,6 +524,23 @@ public class AppsControllerTest extends MockitoTestSuite{ } @Test + public void putUserAppsSortingPreferenceXSSTest() { + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + EPAppsSortPreference userAppsValue = new EPAppsSortPreference(); + userAppsValue.setTitle("</script><script>alert(1)</script>"); + FieldsValidator expectedFieldValidator = new FieldsValidator(); + expectedFieldValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE); + expectedFieldValidator.setFields(null); + expectedFieldValidator.setErrorCode(null); + FieldsValidator actualFieldValidator; + Mockito.when(appService.saveAppsSortPreference(userAppsValue, user)).thenReturn(expectedFieldValidator); + actualFieldValidator = appsController.putUserAppsSortingPreference(mockedRequest, userAppsValue, + mockedResponse); + assertEquals(actualFieldValidator, expectedFieldValidator); + } + + @Test public void putUserAppsSortingPreferenceExceptionTest() throws IOException { EPUser user = mockUser.mockEPUser(); Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); |