summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-os/src/test/java
diff options
context:
space:
mode:
Diffstat (limited to 'ecomp-portal-BE-os/src/test/java')
-rw-r--r--ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java11
-rw-r--r--ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java104
2 files changed, 115 insertions, 0 deletions
diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
index 0596e749..15fe1dd9 100644
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
+++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
@@ -176,6 +176,17 @@ public class AppsOSControllerTest {
}
@Test
+ public void getCurrentUserProfileXSSTest() {
+ String loginId = "<iframe/src=\"data:text/html,<svg &#111;&#110;load=alert(1)>\">";
+ EPUser user = mockUser.mockEPUser();
+ List<EPUser> expectedList = new ArrayList<>();
+ expectedList.add(user);
+ Mockito.when(userService.getUserByUserId(loginId)).thenReturn(expectedList);
+ String expectedString = appsOSController.getCurrentUserProfile(mockedRequest, loginId);
+ assertEquals("loginId is not valid", expectedString);
+ }
+
+ @Test
public void getCurrentUserProfileExceptionTest() {
String loginId = "guestT";
EPUser user = mockUser.mockEPUser();
diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java
index 9edf99e7..ff588daa 100644
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java
+++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java
@@ -99,6 +99,18 @@ public class DashboardSearchResultControllerTest {
}
@Test
+ public void getWidgetDataXSSTest() {
+ String resourceType = "\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\"";
+ PortalRestResponse expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setMessage("Provided data is invalid");
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ Mockito.when(searchService.getWidgetData(resourceType)).thenReturn(null);
+ PortalRestResponse acutualPoratlRestResponse = dashboardSearchResultController
+ .getWidgetData(mockedRequest, resourceType);
+ assertEquals(acutualPoratlRestResponse, expectedPortalRestResponse);
+ }
+
+ @Test
public void saveWidgetDataBulkIfCatrgoryNullTest() {
PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
ecpectedPortalRestResponse.setMessage("ERROR");
@@ -152,6 +164,82 @@ public class DashboardSearchResultControllerTest {
}
@Test
+ public void saveWidgetDataBulkXSSTest() {
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
+ ecpectedPortalRestResponse.setMessage("ERROR");
+ ecpectedPortalRestResponse.setResponse("Category is not valid");
+ ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+
+ CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta();
+ commonWidgetMeta.setCategory("test");
+
+ List<CommonWidget> commonWidgetList = new ArrayList<>();
+ CommonWidget commonWidget = new CommonWidget();
+ commonWidget.setId((long) 1);
+ commonWidget.setCategory("test");
+ commonWidget.setHref("\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\"");
+ commonWidget.setTitle("test_title");
+ commonWidget.setContent("test_content");
+ commonWidget.setEventDate(null);
+ commonWidget.setSortOrder(1);
+
+ commonWidgetList.add(commonWidget);
+
+ commonWidgetMeta.setItems(commonWidgetList);
+
+ Mockito.when(searchService.saveWidgetDataBulk(commonWidgetMeta)).thenReturn(null);
+
+ PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+ .saveWidgetDataBulk(commonWidgetMeta);
+ assertEquals(ecpectedPortalRestResponse, actualPortalRestResponse);
+ }
+
+ @Test
+ public void saveWidgetDataXSSTest() {
+ PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setMessage("ERROR");
+ expectedPortalRestResponse.setResponse("Category is not valid");
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ CommonWidget commonWidget = new CommonWidget();
+ commonWidget.setId((long) 1);
+ commonWidget.setCategory("test");
+ commonWidget.setHref("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\"");
+ commonWidget.setTitle("test_title");
+ commonWidget.setContent("test_content");
+ commonWidget.setEventDate(null);
+ commonWidget.setSortOrder(1);
+
+ Mockito.when(searchService.saveWidgetData(commonWidget)).thenReturn(null);
+
+ PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+ .saveWidgetData(commonWidget);
+ assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+
+ }
+
+ @Test
+ public void deleteWidgetDataXSSTest() {
+ PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setMessage("ERROR");
+ expectedPortalRestResponse.setResponse("Data is not valid");
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ CommonWidget commonWidget = new CommonWidget();
+ commonWidget.setId((long) 1);
+ commonWidget.setCategory("test");
+ commonWidget.setHref("test_href");
+ commonWidget.setTitle("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\"");
+ commonWidget.setContent("test_content");
+ commonWidget.setEventDate(null);
+ commonWidget.setSortOrder(1);
+ Mockito.when(searchService.deleteWidgetData(commonWidget)).thenReturn(null);
+
+ PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+ .deleteWidgetData(commonWidget);
+
+ assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+ }
+
+ @Test
public void saveWidgetDataIfCatagoryNullTest() {
PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
ecpectedPortalRestResponse.setMessage("ERROR");
@@ -340,6 +428,22 @@ public class DashboardSearchResultControllerTest {
}
@Test
+ public void searchPortalXSS() {
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ String searchString = "<script>alert(“XSS”)</script> ";
+
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ expectedResult.setMessage("searchPortal: User object is invalid");
+ expectedResult.setStatus(PortalRestStatusEnum.ERROR);
+
+ PortalRestResponse<Map<String, List<SearchResultItem>>> actualResult = dashboardSearchResultController
+ .searchPortal(mockedRequest, searchString);
+ assertEquals(actualResult, expectedResult);
+
+ }
+
+ @Test
public void searchPortalIfSearchExcptionTest() {
EPUser user = mockUser.mockEPUser();
;