From ddb9d5a7637b382be9ac7a96ad023a983c41c342 Mon Sep 17 00:00:00 2001 From: vasraz Date: Fri, 14 Oct 2022 13:35:39 +0100 Subject: Fix security risk 'Improper Input Validation' Signed-off-by: Vasyl Razinkov Change-Id: I6a52148aec3b567db43ec57109214e52d106f73c Issue-ID: SDC-4189 --- .../main/java/org/openecomp/sdc/be/model/User.java | 158 +------- .../java/org/openecomp/sdc/be/model/UserTest.java | 444 ++++++++++----------- 2 files changed, 239 insertions(+), 363 deletions(-) (limited to 'catalog-model') diff --git a/catalog-model/src/main/java/org/openecomp/sdc/be/model/User.java b/catalog-model/src/main/java/org/openecomp/sdc/be/model/User.java index 7b83dae731..72dc4aa7aa 100644 --- a/catalog-model/src/main/java/org/openecomp/sdc/be/model/User.java +++ b/catalog-model/src/main/java/org/openecomp/sdc/be/model/User.java @@ -20,35 +20,44 @@ package org.openecomp.sdc.be.model; import com.fasterxml.jackson.annotation.JsonInclude; +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; +import lombok.ToString; import org.joda.time.DateTime; import org.joda.time.DateTimeZone; import org.openecomp.sdc.be.dao.utils.UserStatusEnum; -import org.openecomp.sdc.be.resources.data.UserData; +import org.openecomp.sdc.common.util.NoHtml; @JsonInclude +@NoArgsConstructor +@Getter +@Setter +@ToString +@EqualsAndHashCode public class User { public static final String FORCE_DELETE_HEADER_FLAG = "FORCE_DELETE"; + @NoHtml private String firstName; + @NoHtml private String lastName; + @NoHtml private String userId; + @NoHtml private String email; + @NoHtml private String role; private Long lastLoginTime; + @ToString.Exclude + @EqualsAndHashCode.Exclude private UserStatusEnum status = UserStatusEnum.ACTIVE; - public User() { - } - public User(String userId) { this.userId = userId; } - public User(UserData userDate) { - this(userDate.getFirstName(), userDate.getLastName(), userDate.getUserId(), userDate.getEmail(), userDate.getRole(), - userDate.getLastLoginTime()); - } - public User(String firstName, String lastName, String userId, String emailAddress, String role, Long lastLoginTime) { this.firstName = firstName; this.lastName = lastName; @@ -74,46 +83,6 @@ public class User { this.lastLoginTime = other.getLastLoginTime(); } - public String getFirstName() { - return firstName; - } - - public void setFirstName(String firstName) { - this.firstName = firstName; - } - - public String getLastName() { - return lastName; - } - - public void setLastName(String lastName) { - this.lastName = lastName; - } - - public String getUserId() { - return userId; - } - - public void setUserId(String userId) { - this.userId = userId; - } - - public String getEmail() { - return email; - } - - public void setEmail(String email) { - this.email = email; - } - - public String getRole() { - return role; - } - - public void setRole(String role) { - this.role = role; - } - public String getFullName() { return this.getFirstName() + " " + this.getLastName(); } @@ -123,95 +92,4 @@ public class User { this.lastLoginTime = now.getMillis(); } - public Long getLastLoginTime() { - return this.lastLoginTime; - } - - public void setLastLoginTime(Long time) { - this.lastLoginTime = time; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + ((userId == null) ? 0 : userId.hashCode()); - result = prime * result + ((email == null) ? 0 : email.hashCode()); - result = prime * result + ((firstName == null) ? 0 : firstName.hashCode()); - result = prime * result + ((lastName == null) ? 0 : lastName.hashCode()); - result = prime * result + ((role == null) ? 0 : role.hashCode()); - result = prime * result + ((lastLoginTime == null) ? 0 : lastLoginTime.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - if (obj == null) { - return false; - } - if (getClass() != obj.getClass()) { - return false; - } - User other = (User) obj; - if (userId == null) { - if (other.userId != null) { - return false; - } - } else if (!userId.equals(other.userId)) { - return false; - } - if (email == null) { - if (other.email != null) { - return false; - } - } else if (!email.equals(other.email)) { - return false; - } - if (firstName == null) { - if (other.firstName != null) { - return false; - } - } else if (!firstName.equals(other.firstName)) { - return false; - } - if (lastName == null) { - if (other.lastName != null) { - return false; - } - } else if (!lastName.equals(other.lastName)) { - return false; - } - if (role == null) { - if (other.role != null) { - return false; - } - } else if (!role.equals(other.role)) { - return false; - } - if (lastLoginTime == null) { - if (other.lastLoginTime != null) { - return false; - } - } else if (!lastLoginTime.equals(other.lastLoginTime)) { - return false; - } - return true; - } - - public UserStatusEnum getStatus() { - return status; - } - - public void setStatus(UserStatusEnum status) { - this.status = status; - } - - @Override - public String toString() { - return "User [firstName=" + firstName + ", lastName=" + lastName + ", userId=" + userId + ", email=" + email + ", role=" + role - + ", last login time=" + lastLoginTime + "]"; - } } diff --git a/catalog-model/src/test/java/org/openecomp/sdc/be/model/UserTest.java b/catalog-model/src/test/java/org/openecomp/sdc/be/model/UserTest.java index 13684e154c..50fcd41d93 100644 --- a/catalog-model/src/test/java/org/openecomp/sdc/be/model/UserTest.java +++ b/catalog-model/src/test/java/org/openecomp/sdc/be/model/UserTest.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -23,228 +23,226 @@ package org.openecomp.sdc.be.model; import org.junit.Assert; import org.junit.Test; import org.openecomp.sdc.be.dao.utils.UserStatusEnum; -import org.openecomp.sdc.be.resources.data.UserData; public class UserTest { - private User createTestSubject() { - return new User(); - } - - @Test - public void testCtor() throws Exception { - new User(new User()); - new User(new UserData()); - new User("mock", "mock", "mock", "mock", "mock", 0L); - } - - @Test - public void testCopyData() throws Exception { - User testSubject; - User other = null; - - // default test - testSubject = createTestSubject(); - testSubject.copyData(other); - testSubject.copyData(new User()); - } - - @Test - public void testGetFirstName() throws Exception { - User testSubject; - String result; - - // default test - testSubject = createTestSubject(); - result = testSubject.getFirstName(); - } - - @Test - public void testSetFirstName() throws Exception { - User testSubject; - String firstName = ""; - - // default test - testSubject = createTestSubject(); - testSubject.setFirstName(firstName); - } - - @Test - public void testGetLastName() throws Exception { - User testSubject; - String result; - - // default test - testSubject = createTestSubject(); - result = testSubject.getLastName(); - } - - @Test - public void testSetLastName() throws Exception { - User testSubject; - String lastName = ""; - - // default test - testSubject = createTestSubject(); - testSubject.setLastName(lastName); - } - - @Test - public void testGetUserId() throws Exception { - User testSubject; - String result; - - // default test - testSubject = createTestSubject(); - result = testSubject.getUserId(); - } - - @Test - public void testSetUserId() throws Exception { - User testSubject; - String userId = ""; - - // default test - testSubject = createTestSubject(); - testSubject.setUserId(userId); - } - - @Test - public void testGetEmail() throws Exception { - User testSubject; - String result; - - // default test - testSubject = createTestSubject(); - result = testSubject.getEmail(); - } - - @Test - public void testSetEmail() throws Exception { - User testSubject; - String email = ""; - - // default test - testSubject = createTestSubject(); - testSubject.setEmail(email); - } - - @Test - public void testGetRole() throws Exception { - User testSubject; - String result; - - // default test - testSubject = createTestSubject(); - result = testSubject.getRole(); - } - - @Test - public void testSetRole() throws Exception { - User testSubject; - String role = ""; - - // default test - testSubject = createTestSubject(); - testSubject.setRole(role); - } - - @Test - public void testGetFullName() throws Exception { - User testSubject; - String result; - - // default test - testSubject = createTestSubject(); - result = testSubject.getFullName(); - } - - @Test - public void testSetLastLoginTime() throws Exception { - User testSubject; - - // default test - testSubject = createTestSubject(); - testSubject.setLastLoginTime(); - } - - @Test - public void testSetLastLoginTime_1() throws Exception { - User testSubject; - Long time = null; - - // default test - testSubject = createTestSubject(); - testSubject.setLastLoginTime(time); - } - - @Test - public void testGetLastLoginTime() throws Exception { - User testSubject; - Long result; - - // default test - testSubject = createTestSubject(); - result = testSubject.getLastLoginTime(); - } - - @Test - public void testHashCode() throws Exception { - User testSubject; - int result; - - // default test - testSubject = createTestSubject(); - result = testSubject.hashCode(); - } - - @Test - public void testEquals() throws Exception { - User testSubject; - Object obj = null; - boolean result; - - // test 1 - testSubject = createTestSubject(); - result = testSubject.equals(obj); - Assert.assertEquals(false, result); - - result = testSubject.equals(new Object()); - Assert.assertEquals(false, result); - - result = testSubject.equals(testSubject); - Assert.assertEquals(true, result); - result = testSubject.equals(createTestSubject()); - Assert.assertEquals(true, result); - } - - @Test - public void testGetStatus() throws Exception { - User testSubject; - UserStatusEnum result; - - // default test - testSubject = createTestSubject(); - result = testSubject.getStatus(); - } - - @Test - public void testSetStatus() throws Exception { - User testSubject; - UserStatusEnum status = null; - - // default test - testSubject = createTestSubject(); - testSubject.setStatus(status); - } - - @Test - public void testToString() throws Exception { - User testSubject; - String result; - - // default test - testSubject = createTestSubject(); - result = testSubject.toString(); - } + private User createTestSubject() { + return new User(); + } + + @Test + public void testCtor() throws Exception { + new User(new User()); + new User("mock", "mock", "mock", "mock", "mock", 0L); + } + + @Test + public void testCopyData() throws Exception { + User testSubject; + User other = null; + + // default test + testSubject = createTestSubject(); + testSubject.copyData(other); + testSubject.copyData(new User()); + } + + @Test + public void testGetFirstName() throws Exception { + User testSubject; + String result; + + // default test + testSubject = createTestSubject(); + result = testSubject.getFirstName(); + } + + @Test + public void testSetFirstName() throws Exception { + User testSubject; + String firstName = ""; + + // default test + testSubject = createTestSubject(); + testSubject.setFirstName(firstName); + } + + @Test + public void testGetLastName() throws Exception { + User testSubject; + String result; + + // default test + testSubject = createTestSubject(); + result = testSubject.getLastName(); + } + + @Test + public void testSetLastName() throws Exception { + User testSubject; + String lastName = ""; + + // default test + testSubject = createTestSubject(); + testSubject.setLastName(lastName); + } + + @Test + public void testGetUserId() throws Exception { + User testSubject; + String result; + + // default test + testSubject = createTestSubject(); + result = testSubject.getUserId(); + } + + @Test + public void testSetUserId() throws Exception { + User testSubject; + String userId = ""; + + // default test + testSubject = createTestSubject(); + testSubject.setUserId(userId); + } + + @Test + public void testGetEmail() throws Exception { + User testSubject; + String result; + + // default test + testSubject = createTestSubject(); + result = testSubject.getEmail(); + } + + @Test + public void testSetEmail() throws Exception { + User testSubject; + String email = ""; + + // default test + testSubject = createTestSubject(); + testSubject.setEmail(email); + } + + @Test + public void testGetRole() throws Exception { + User testSubject; + String result; + + // default test + testSubject = createTestSubject(); + result = testSubject.getRole(); + } + + @Test + public void testSetRole() throws Exception { + User testSubject; + String role = ""; + + // default test + testSubject = createTestSubject(); + testSubject.setRole(role); + } + + @Test + public void testGetFullName() throws Exception { + User testSubject; + String result; + + // default test + testSubject = createTestSubject(); + result = testSubject.getFullName(); + } + + @Test + public void testSetLastLoginTime() throws Exception { + User testSubject; + + // default test + testSubject = createTestSubject(); + testSubject.setLastLoginTime(); + } + + @Test + public void testSetLastLoginTime_1() throws Exception { + User testSubject; + Long time = null; + + // default test + testSubject = createTestSubject(); + testSubject.setLastLoginTime(time); + } + + @Test + public void testGetLastLoginTime() throws Exception { + User testSubject; + Long result; + + // default test + testSubject = createTestSubject(); + result = testSubject.getLastLoginTime(); + } + + @Test + public void testHashCode() throws Exception { + User testSubject; + int result; + + // default test + testSubject = createTestSubject(); + result = testSubject.hashCode(); + } + + @Test + public void testEquals() throws Exception { + User testSubject; + Object obj = null; + boolean result; + + // test 1 + testSubject = createTestSubject(); + result = testSubject.equals(obj); + Assert.assertEquals(false, result); + + result = testSubject.equals(new Object()); + Assert.assertEquals(false, result); + + result = testSubject.equals(testSubject); + Assert.assertEquals(true, result); + result = testSubject.equals(createTestSubject()); + Assert.assertEquals(true, result); + } + + @Test + public void testGetStatus() throws Exception { + User testSubject; + UserStatusEnum result; + + // default test + testSubject = createTestSubject(); + result = testSubject.getStatus(); + } + + @Test + public void testSetStatus() throws Exception { + User testSubject; + UserStatusEnum status = null; + + // default test + testSubject = createTestSubject(); + testSubject.setStatus(status); + } + + @Test + public void testToString() throws Exception { + User testSubject; + String result; + + // default test + testSubject = createTestSubject(); + result = testSubject.toString(); + } } -- cgit 1.2.3-korg