From cc5b64989fab288bf756342e9bd3b1493ce36099 Mon Sep 17 00:00:00 2001 From: "Bhatt, Prema" Date: Fri, 10 May 2019 09:55:00 -0400 Subject: APIH should ensure valid requestId UUID Added logic to check if the requestId sent in GET orchestrationRequest query is a valid UUID. Updated existing unit tests and added a new test for invalid UUID scenario. Change-Id: I424bef8aa75dd7e47de8145603899820dfb99725 Issue-ID: SO-1865 Signed-off-by: Benjamin, Max (mb388a) --- .../so/apihandlerinfra/OrchestrationRequests.java | 10 +++++++ .../apihandlerinfra/OrchestrationRequestsTest.java | 33 ++++++++++++++++++---- .../OrchestrationRequest/OrchestrationList.json | 4 +-- 3 files changed, 40 insertions(+), 7 deletions(-) diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/OrchestrationRequests.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/OrchestrationRequests.java index fc407bd167..ff8b5d14cd 100644 --- a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/OrchestrationRequests.java +++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/OrchestrationRequests.java @@ -63,6 +63,7 @@ import org.onap.so.serviceinstancebeans.RequestDetails; import org.onap.so.serviceinstancebeans.RequestList; import org.onap.so.serviceinstancebeans.RequestStatus; import org.onap.so.serviceinstancebeans.ServiceInstancesRequest; +import org.onap.so.utils.UUIDChecker; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -101,6 +102,15 @@ public class OrchestrationRequests { InfraActiveRequests infraActiveRequest = null; List requestProcessingData = null; + + if (!UUIDChecker.isValidUUID(requestId)) { + + ErrorLoggerInfo errorLoggerInfo = + new ErrorLoggerInfo.Builder(MessageEnum.APIH_VALIDATION_ERROR, ErrorCode.SchemaError) + .errorSource(Constants.MODIFIED_BY_APIHANDLER).build(); + throw new ValidateException.Builder("Request Id " + requestId + " is not a valid UUID", + HttpStatus.SC_BAD_REQUEST, ErrorNumbers.SVC_BAD_PARAMETER).errorInfo(errorLoggerInfo).build(); + } try { infraActiveRequest = requestsDbClient.getInfraActiveRequestbyRequestId(requestId); requestProcessingData = requestsDbClient.getRequestProcessingDataBySoRequestId(requestId); diff --git a/mso-api-handlers/mso-api-handler-infra/src/test/java/org/onap/so/apihandlerinfra/OrchestrationRequestsTest.java b/mso-api-handlers/mso-api-handler-infra/src/test/java/org/onap/so/apihandlerinfra/OrchestrationRequestsTest.java index 4deaccd938..f82f5ac746 100644 --- a/mso-api-handlers/mso-api-handler-infra/src/test/java/org/onap/so/apihandlerinfra/OrchestrationRequestsTest.java +++ b/mso-api-handlers/mso-api-handler-infra/src/test/java/org/onap/so/apihandlerinfra/OrchestrationRequestsTest.java @@ -119,7 +119,7 @@ public class OrchestrationRequestsTest extends BaseTest { assertEquals("0", response.getHeaders().get("X-MinorVersion").get(0)); assertEquals("0", response.getHeaders().get("X-PatchVersion").get(0)); assertEquals("7.0.0", response.getHeaders().get("X-LatestVersion").get(0)); - assertEquals("00032ab7-na18-42e5-965d-8ea592502018", response.getHeaders().get("X-TransactionID").get(0)); + assertEquals("00032ab7-1a18-42e5-965d-8ea592502018", response.getHeaders().get("X-TransactionID").get(0)); assertNotNull(response.getBody().getRequest().getFinishTime()); } @@ -204,6 +204,29 @@ public class OrchestrationRequestsTest extends BaseTest { assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatusCode().value()); } + @Test + public void testGetOrchestrationRequestInvalidRequestID() throws Exception { + setupTestGetOrchestrationRequest(); + // TEST INVALID REQUESTID + GetOrchestrationResponse testResponse = new GetOrchestrationResponse(); + + Request request = ORCHESTRATION_LIST.getRequestList().get(1).getRequest(); + testResponse.setRequest(request); + String testRequestId = "00032ab7-pfb3-42e5-965d-8ea592502016"; + HttpHeaders headers = new HttpHeaders(); + headers.set("Accept", MediaType.APPLICATION_JSON); + headers.set("Content-Type", MediaType.APPLICATION_JSON); + HttpEntity entity = new HttpEntity(null, headers); + + UriComponentsBuilder builder = UriComponentsBuilder + .fromHttpUrl(createURLWithPort("/onap/so/infra/orchestrationRequests/v7/" + testRequestId)); + + ResponseEntity response = + restTemplate.exchange(builder.toUriString(), HttpMethod.GET, entity, GetOrchestrationResponse.class); + + assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatusCode().value()); + } + @Test public void testGetOrchestrationRequestFilter() throws Exception { setupTestGetOrchestrationRequestFilter(); @@ -370,14 +393,14 @@ public class OrchestrationRequestsTest extends BaseTest { public void setupTestGetOrchestrationRequest() throws Exception { // For testGetOrchestrationRequest - wireMockServer.stubFor(any(urlPathEqualTo("/infraActiveRequests/00032ab7-na18-42e5-965d-8ea592502018")) + wireMockServer.stubFor(any(urlPathEqualTo("/infraActiveRequests/00032ab7-1a18-42e5-965d-8ea592502018")) .willReturn(aResponse().withHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON) .withBody(new String(Files.readAllBytes( Paths.get("src/test/resources/OrchestrationRequest/getOrchestrationRequest.json")))) .withStatus(HttpStatus.SC_OK))); wireMockServer .stubFor(get(urlPathEqualTo("/requestProcessingData/search/findBySoRequestIdOrderByGroupingIdDesc/")) - .withQueryParam("SO_REQUEST_ID", equalTo("00032ab7-na18-42e5-965d-8ea592502018")) + .withQueryParam("SO_REQUEST_ID", equalTo("00032ab7-1a18-42e5-965d-8ea592502018")) .willReturn(aResponse().withHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON) .withBody(new String(Files.readAllBytes(Paths .get("src/test/resources/OrchestrationRequest/getRequestProcessingData.json")))) @@ -386,14 +409,14 @@ public class OrchestrationRequestsTest extends BaseTest { public void setupTestGetOrchestrationRequestInstanceGroup() throws Exception { // For testGetOrchestrationRequest - wireMockServer.stubFor(any(urlPathEqualTo("/infraActiveRequests/00032ab7-na18-42e5-965d-8ea592502018")) + wireMockServer.stubFor(any(urlPathEqualTo("/infraActiveRequests/00032ab7-1a18-42e5-965d-8ea592502018")) .willReturn(aResponse().withHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON) .withBody(new String(Files.readAllBytes(Paths.get( "src/test/resources/OrchestrationRequest/getOrchestrationRequestInstanceGroup.json")))) .withStatus(HttpStatus.SC_OK))); wireMockServer .stubFor(get(urlPathEqualTo("/requestProcessingData/search/findBySoRequestIdOrderByGroupingIdDesc/")) - .withQueryParam("SO_REQUEST_ID", equalTo("00032ab7-na18-42e5-965d-8ea592502018")) + .withQueryParam("SO_REQUEST_ID", equalTo("00032ab7-1a18-42e5-965d-8ea592502018")) .willReturn(aResponse().withHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON) .withBody(new String(Files.readAllBytes(Paths .get("src/test/resources/OrchestrationRequest/getRequestProcessingData.json")))) diff --git a/mso-api-handlers/mso-api-handler-infra/src/test/resources/OrchestrationRequest/OrchestrationList.json b/mso-api-handlers/mso-api-handler-infra/src/test/resources/OrchestrationRequest/OrchestrationList.json index 90089c0c7e..baddb21617 100644 --- a/mso-api-handlers/mso-api-handler-infra/src/test/resources/OrchestrationRequest/OrchestrationList.json +++ b/mso-api-handlers/mso-api-handler-infra/src/test/resources/OrchestrationRequest/OrchestrationList.json @@ -34,7 +34,7 @@ }, { "request":{ - "requestId":"00032ab7-na18-42e5-965d-8ea592502018", + "requestId":"00032ab7-1a18-42e5-965d-8ea592502018", "requestScope":"vfModule", "requestType":"deleteInstance", "requestDetails":{ @@ -298,7 +298,7 @@ }, { "request":{ - "requestId":"00032ab7-na18-42e5-965d-8ea592502018", + "requestId":"00032ab7-1a18-42e5-965d-8ea592502018", "requestScope":"instanceGroup", "requestType":"addMembers", "requestDetails":{ -- cgit 1.2.3-korg