summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-analytics
diff options
context:
space:
mode:
authorst398c <st398c@research.att.com>2019-05-29 15:03:01 -0400
committerst398c <st398c@research.att.com>2019-05-29 15:04:06 -0400
commit944ec97d2b75bf63d596c529dc495c74e2cc7033 (patch)
tree1cec9179f1eef06e0852a4aa20f381da0e8cd3f2 /ecomp-sdk/epsdk-analytics
parent68eabf669e4c83bd669286900e8a6f77e4009f29 (diff)
AtomicPutWithDeleteLock
Copy Report, SQL Injection Issue-ID: PORTAL-581, PORTAL-582,PORTAL-583, PORTAL-594 Change-Id: Ibbd7a2a63f41a75109fb3916a5de1ab6a0bacfe2 Signed-off-by: st398c <st398c@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-analytics')
-rw-r--r--ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/adapter/RaptorAdapter.java8
-rw-r--r--ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java17
-rw-r--r--ecomp-sdk/epsdk-analytics/src/test/java/org/onap/portalsdk/analytics/system/fusion/adapter/RaptorAdapterTest.java83
3 files changed, 98 insertions, 10 deletions
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/adapter/RaptorAdapter.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/adapter/RaptorAdapter.java
index fd225246..fc5fdb36 100644
--- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/adapter/RaptorAdapter.java
+++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/adapter/RaptorAdapter.java
@@ -37,6 +37,7 @@
*/
package org.onap.portalsdk.analytics.system.fusion.adapter;
+import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@@ -49,6 +50,8 @@ import java.util.TreeSet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
+import org.hibernate.criterion.Criterion;
+import org.hibernate.criterion.Restrictions;
import org.onap.portalsdk.analytics.system.AppUtils;
import org.onap.portalsdk.core.domain.Menu;
import org.onap.portalsdk.core.domain.MenuData;
@@ -145,7 +148,10 @@ public class RaptorAdapter extends FusionAdapter {
String loginId = "";
try{
- List list = getDataAccessService().getList(User.class, " where user_id = " + userId, null, null);
+ List<Criterion> restrictionsList = new ArrayList<Criterion>();
+ Criterion criterion1 = Restrictions.eq("user_id", userId);
+ restrictionsList.add(criterion1);
+ List list = getDataAccessService().getList(User.class, null, restrictionsList, null);
if (list != null) {
if (!list.isEmpty()) {
User user = (User)list.get(0);
diff --git a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java
index dbecbbd8..9e11affe 100644
--- a/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java
+++ b/ecomp-sdk/epsdk-analytics/src/main/java/org/onap/portalsdk/analytics/system/fusion/web/RaptorControllerAsync.java
@@ -452,6 +452,7 @@ public class RaptorControllerAsync extends RestrictedBaseController {
ReportDefinition rdef = rh.loadReportDefinition(request, reportID);
rdef.setAsCopy(request);
request.getSession().setAttribute(AppConstants.SI_REPORT_DEFINITION, rdef);
+ request.getSession().setAttribute("COPY_REPORT_EVENT", "true");
messageJSON.setMessage("Success- Report Copied.");
messageJSON.setAnyStacktrace(rdef.getReportID() + " is Modified and added to session and DB.");
@@ -671,12 +672,10 @@ public class RaptorControllerAsync extends RestrictedBaseController {
ReportRuntime rr = null;
boolean newReport = false;
MessageJSON messageJSON = new MessageJSON();
- if("-1".equals(id)) {
- id = "Create";
- }
try {
- if (id.equals("InSession")) {
- rdef = (ReportDefinition) request.getSession().getAttribute(AppConstants.SI_REPORT_DEFINITION);
+ String copyReportEvent = (String)request.getSession().getAttribute("COPY_REPORT_EVENT");
+ if (id.equals("InSession") || "true".equals(copyReportEvent)) {
+ rdef = (ReportDefinition) request.getSession().getAttribute(AppConstants.SI_REPORT_DEFINITION);
newReport = false;
} else if (id.equals("Create")) {
@@ -833,7 +832,7 @@ public class RaptorControllerAsync extends RestrictedBaseController {
persistReportDefinition(request, rdef);
messageJSON.setMessage("Success Definition of given report is saved in session.");
messageJSON.setAnyStacktrace((newReport ? " New Report info is added to Session "
- : rdef.getReportID() + " is Modified and added to session and DB."));
+ : rdef.getReportID() + "- is Modified and added to session and DB."));
} catch (Exception ex) {
messageJSON.setMessage("Error occured while saving definition Tab");
@@ -1389,9 +1388,9 @@ public class RaptorControllerAsync extends RestrictedBaseController {
if (!Globals.isSystemInitialized()) {
Globals.initializeSystem(servletContext);
}
-
- if (tabId.equals("Def") && id.equals("InSession")) {
- rdef = (ReportDefinition) request.getSession().getAttribute(AppConstants.SI_REPORT_DEFINITION);
+ String copyReportEvent = (String)request.getSession().getAttribute("COPY_REPORT_EVENT");
+ if (tabId.equals("Def") && id.equals("InSession") || "true".equals(copyReportEvent)) {
+ rdef = (ReportDefinition) request.getSession().getAttribute(AppConstants.SI_REPORT_DEFINITION);
newReport = false;
} else if (tabId.equals("Def") && id.equals("Create")) {
diff --git a/ecomp-sdk/epsdk-analytics/src/test/java/org/onap/portalsdk/analytics/system/fusion/adapter/RaptorAdapterTest.java b/ecomp-sdk/epsdk-analytics/src/test/java/org/onap/portalsdk/analytics/system/fusion/adapter/RaptorAdapterTest.java
new file mode 100644
index 00000000..34bdd787
--- /dev/null
+++ b/ecomp-sdk/epsdk-analytics/src/test/java/org/onap/portalsdk/analytics/system/fusion/adapter/RaptorAdapterTest.java
@@ -0,0 +1,83 @@
+/*
+ * ============LICENSE_START==========================================
+ * ONAP Portal SDK
+ * ===================================================================
+ * Copyright © 2019 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+
+package org.onap.portalsdk.analytics.system.fusion.adapter;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mockito;
+import org.onap.portalsdk.core.domain.User;
+import org.onap.portalsdk.core.service.DataAccessService;
+import org.onap.portalsdk.core.web.support.AppUtils;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(AppUtils.class)
+public class RaptorAdapterTest {
+
+ @Test
+ public void testGetUserLoginId() {
+ User user = new User();
+ user.setLoginId("test");
+ List<User> userList = new ArrayList<>();
+ userList.add(user);
+ DataAccessService mockDataAccessService = Mockito.mock(DataAccessService.class);
+ PowerMockito.mockStatic(AppUtils.class);
+ PowerMockito.when(AppUtils.getDataAccessService()).thenReturn(mockDataAccessService);
+ Mockito.doReturn(userList).when(mockDataAccessService).getList(Mockito.eq(User.class), Mockito.eq(null), Mockito.anyList(), Mockito.eq(null));
+ String loginID = RaptorAdapter.getUserLoginId("1");
+ assertEquals("test",loginID);
+ }
+
+ @Test
+ public void testGetUserLoginIdWithNullList() {
+ DataAccessService mockDataAccessService = Mockito.mock(DataAccessService.class);
+ PowerMockito.mockStatic(AppUtils.class);
+ PowerMockito.when(AppUtils.getDataAccessService()).thenReturn(mockDataAccessService);
+ Mockito.doReturn(null).when(mockDataAccessService).getList(Mockito.eq(User.class), Mockito.eq(null), Mockito.anyList(), Mockito.eq(null));
+ String loginID = RaptorAdapter.getUserLoginId("1");
+ assertEquals("",loginID);
+ }
+}