2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * Modifications copyright (c) 2019 Nokia
7 * Modifications Copyright (C) 2019 Nordix Foundation.
8 * ================================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 * ============LICENSE_END=========================================================
23 package org.onap.policy.rest.daoimpl;
25 import static org.junit.Assert.assertEquals;
26 import static org.junit.Assert.assertFalse;
27 import static org.junit.Assert.assertNull;
28 import static org.junit.Assert.assertTrue;
29 import static org.junit.Assert.fail;
32 import java.sql.SQLException;
33 import java.util.ArrayList;
34 import java.util.Date;
35 import java.util.List;
36 import java.util.Properties;
38 import javax.script.SimpleBindings;
40 import org.apache.tomcat.dbcp.dbcp2.BasicDataSource;
41 import org.h2.tools.Server;
42 import org.hibernate.Query;
43 import org.hibernate.Session;
44 import org.hibernate.SessionFactory;
45 import org.hibernate.Transaction;
46 import org.junit.After;
47 import org.junit.AfterClass;
48 import org.junit.BeforeClass;
49 import org.junit.Test;
50 import org.onap.policy.common.logging.flexlogger.FlexLogger;
51 import org.onap.policy.common.logging.flexlogger.Logger;
52 import org.onap.policy.rest.jpa.OnapName;
53 import org.onap.policy.rest.jpa.PolicyEntity;
54 import org.onap.policy.rest.jpa.PolicyRoles;
55 import org.onap.policy.rest.jpa.PolicyVersion;
56 import org.onap.policy.rest.jpa.SystemLogDB;
57 import org.onap.policy.rest.jpa.UserInfo;
58 import org.onap.policy.rest.jpa.WatchPolicyNotificationTable;
59 import org.springframework.orm.hibernate4.LocalSessionFactoryBuilder;
60 import org.springframework.test.annotation.Rollback;
61 import org.springframework.transaction.annotation.Transactional;
63 public class PolicyValidationDaoImplTest {
65 private static Logger logger = FlexLogger.getLogger(PolicyValidationDaoImplTest.class);
67 static SessionFactory sessionFactory;
69 static PolicyValidationDaoImpl commonClassDao;
72 * Set up all unit tests.
73 * @throws SQLException on SQL exceptions
76 public static void setupAll() throws SQLException {
77 BasicDataSource dataSource = new BasicDataSource();
78 dataSource.setDriverClassName("org.h2.Driver");
79 // In-memory DB for testing
80 dataSource.setUrl("jdbc:h2:mem:test");
81 dataSource.setUsername("sa");
82 dataSource.setPassword("");
83 LocalSessionFactoryBuilder sessionBuilder = new LocalSessionFactoryBuilder(dataSource);
84 sessionBuilder.scanPackages("org.onap.*", "com.*");
86 Properties properties = new Properties();
87 properties.put("hibernate.show_sql", "false");
88 properties.put("hibernate.dialect", "org.hibernate.dialect.H2Dialect");
89 properties.put("hibernate.hbm2ddl.auto", "drop");
90 properties.put("hibernate.hbm2ddl.auto", "create");
92 sessionBuilder.addProperties(properties);
93 sessionFactory = sessionBuilder.buildSessionFactory();
95 // Set up dao with SessionFactory
96 commonClassDao = new PolicyValidationDaoImpl();
97 PolicyValidationDaoImpl.setSessionfactory(sessionFactory);
98 // PolicyController.setLogTableLimit("1");
99 // HibernateSession.setSession(sessionFactory);
100 SystemLogDB data1 = new SystemLogDB();
101 data1.setDate(new Date());
102 data1.setLogtype("INFO");
103 data1.setRemote("Test");
104 data1.setSystem("Test");
105 data1.setType("Test");
106 SystemLogDB data2 = new SystemLogDB();
107 data2.setDate(new Date());
108 data2.setLogtype("error");
109 data2.setRemote("Test");
110 data2.setSystem("Test");
111 data2.setType("Test");
113 // Create TCP server for troubleshooting
114 server = Server.createTcpServer("-tcpAllowOthers").start();
115 System.out.println("URL: jdbc:h2:" + server.getURL() + "/mem:test");
119 public static void deleteDB() {
120 sessionFactory.close();
125 public void tearDown() {
132 public void testDB() {
134 UserInfo userinfo = new UserInfo();
135 userinfo.setUserLoginId("Test");
136 userinfo.setUserName("Test");
137 commonClassDao.save(userinfo);
138 OnapName onapName = new OnapName();
139 onapName.setOnapName("Test");
140 onapName.setUserCreatedBy(userinfo);
141 onapName.setUserModifiedBy(userinfo);
142 onapName.setModifiedDate(new Date());
143 commonClassDao.save(onapName);
146 List<Object> list = commonClassDao.getData(OnapName.class);
147 assertTrue(list.size() == 1);
148 logger.debug(list.size());
149 logger.debug(list.get(0));
155 public void testUser() {
157 UserInfo userinfo = new UserInfo();
158 String loginIdUserName = "Test";
159 userinfo.setUserLoginId(loginIdUserName);
160 userinfo.setUserName(loginIdUserName);
161 commonClassDao.save(userinfo);
164 List<Object> dataCur = commonClassDao.getDataByQuery("from UserInfo", new SimpleBindings());
166 assertEquals(1, dataCur.size());
167 UserInfo cur = (UserInfo) dataCur.get(0);
168 assertEquals(loginIdUserName, cur.getUserLoginId());
169 assertEquals(loginIdUserName, cur.getUserName());
171 assertFalse(dataCur.isEmpty());
177 public void getDataByQuery_DashboardController() {
179 PolicyEntity pe = new PolicyEntity();
180 String name = "TestPolicy";
181 pe.setPolicyName(name);
182 pe.setPolicyData("dummyData");
184 pe.setScope("dummyScope");
185 pe.setDescription("descr");
186 pe.setDeleted(false);
187 pe.setCreatedBy("Test");
188 commonClassDao.save(pe);
190 List<Object> dataCur = commonClassDao.getDataByQuery("from PolicyEntity", new SimpleBindings());
192 assertTrue(1 == dataCur.size());
193 assertTrue(dataCur.get(0) instanceof PolicyEntity);
194 assertEquals(name, ((PolicyEntity) dataCur.get(0)).getPolicyName());
195 assertEquals(pe, (dataCur.get(0)));
201 public void getDataByQuery_AutoPushController() {
203 PolicyVersion pv = new PolicyVersion();
204 pv.setActiveVersion(2);
205 pv.setPolicyName("myPname");
207 pv.setCreatedBy("Test");
208 pv.setModifiedBy("Test");
210 PolicyVersion pv2 = new PolicyVersion();
211 pv2.setActiveVersion(1);
212 pv2.setPolicyName("test");
214 pv2.setCreatedBy("Test");
215 pv2.setModifiedBy("Test");
217 commonClassDao.save(pv);
218 commonClassDao.save(pv2);
222 String query = "From PolicyVersion where policy_name like :scope and id > 0";
223 SimpleBindings params = new SimpleBindings();
224 params.put("scope", scope);
225 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
228 assertTrue(1 == dataCur.size());
229 assertEquals(pv, dataCur.get(0));
235 public void getDataByQuery_PolicyNotificationMail() {
237 WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
238 watch.setLoginIds("Test");
241 UserInfo userinfo = new UserInfo();
242 String loginIdUserName = "Test";
243 userinfo.setUserLoginId(loginIdUserName);
244 userinfo.setUserName(loginIdUserName);
245 commonClassDao.save(userinfo);
248 List<Object> dataCur = commonClassDao.getDataByQuery("from UserInfo", new SimpleBindings());
250 assertEquals(1, dataCur.size());
251 UserInfo cur = (UserInfo) dataCur.get(0);
252 assertEquals(loginIdUserName, cur.getUserLoginId());
253 assertEquals(loginIdUserName, cur.getUserName());
255 assertFalse(dataCur.isEmpty());
258 watch.setPolicyName("bananaWatch");
259 commonClassDao.save(watch);
261 String policyFileName = "banana";
262 if (policyFileName.contains("/")) {
263 policyFileName = policyFileName.substring(0, policyFileName.indexOf("/"));
264 policyFileName = policyFileName.replace("/", File.separator);
266 if (policyFileName.contains("\\")) {
267 policyFileName = policyFileName.substring(0, policyFileName.indexOf("\\"));
268 policyFileName = policyFileName.replace("\\", "\\\\");
271 // Current Implementation
272 policyFileName += "%";
273 String query = "from WatchPolicyNotificationTable where policyName like:policyFileName";
274 SimpleBindings params = new SimpleBindings();
275 params.put("policyFileName", policyFileName);
276 dataCur = commonClassDao.getDataByQuery(query, params);
279 assertTrue(dataCur.size() == 1);
280 assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
281 assertEquals(watch, dataCur.get(0));
288 public void getDataByQuery_PolicyController() {
290 PolicyEntity pe = new PolicyEntity();
291 String name = "actionDummy";
292 pe.setPolicyName(name);
293 pe.setPolicyData("dummyData");
295 pe.setScope("dummyScope");
296 pe.setDescription("descr");
297 pe.setDeleted(false);
298 pe.setCreatedBy("Test");
299 commonClassDao.save(pe);
301 String dbCheckName = "dummyScope:action";
302 String[] splitDbCheckName = dbCheckName.split(":");
304 // Current Implementation
305 String query = "FROM PolicyEntity where policyName like :splitDBCheckName1 and scope = :splitDBCheckName0";
306 SimpleBindings params = new SimpleBindings();
307 params.put("splitDBCheckName1", splitDbCheckName[1] + "%");
308 params.put("splitDBCheckName0", splitDbCheckName[0]);
309 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
312 assertTrue(dataCur.size() == 1);
313 assertTrue(dataCur.get(0) instanceof PolicyEntity);
314 assertEquals(pe, dataCur.get(0));
320 public void getDataByQuery_PolicyNotificationController() {
322 WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
323 String finalName = "banana"; // Policy File Name
324 String userId = "Test";
325 watch.setLoginIds(userId);
326 watch.setPolicyName(finalName);
327 commonClassDao.save(watch);
330 // Current Implementation
331 String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
332 SimpleBindings params = new SimpleBindings();
333 params.put("finalName", finalName);
334 params.put("userId", userId);
335 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
338 assertTrue(dataCur.size() == 1);
339 assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
340 assertEquals(watch, dataCur.get(0));
344 * Test for SQL Injection Protection
350 public void getDataByQuery_PolicyNotificationController_Injection() {
352 WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
353 String userId = "Test";
354 watch.setLoginIds(userId);
355 watch.setPolicyName("banana");
356 commonClassDao.save(watch);
358 WatchPolicyNotificationTable watch2 = new WatchPolicyNotificationTable();
359 watch2.setLoginIds(userId);
360 watch2.setPolicyName("banana2");
361 commonClassDao.save(watch2);
363 // SQL Injection attempt
364 String finalName = "banana' OR '1'='1";
367 // Current Implementation
368 String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
369 SimpleBindings params = new SimpleBindings();
370 params.put("finalName", finalName);
371 params.put("userId", userId);
372 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
375 assertTrue(dataCur.size() <= 1);
377 if (dataCur.size() >= 1) {
378 assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
379 assertFalse(watch.equals(dataCur.get(0)));
380 assertFalse(watch.equals(dataCur.get(0)));
385 public void testCommonClassDaoImplMethods() {
386 UserInfo userInfo = new UserInfo();
387 userInfo.setUserLoginId("TestID");
388 userInfo.setUserName("Test");
389 commonClassDao.save(userInfo);
390 List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
391 assertTrue(data.size() == 1);
392 UserInfo userInfoUpdate = (UserInfo) data.get(0);
393 userInfoUpdate.setUserName("Test1");
394 commonClassDao.update(userInfoUpdate);
395 List<String> data1 = commonClassDao.getDataByColumn(UserInfo.class, "userLoginId");
396 assertTrue(data1.size() == 1);
398 (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginId:userName", "TestID:Test1");
399 assertTrue("TestID".equals(data2.getUserLoginId()));
400 List<Object> data3 = commonClassDao.checkDuplicateEntry("TestID:Test1", "userLoginId:userName", UserInfo.class);
401 assertTrue(data3.size() == 1);
402 PolicyRoles roles = new PolicyRoles();
403 roles.setRole("admin");
404 roles.setLoginId(userInfo);
405 roles.setScope("test");
406 commonClassDao.save(roles);
407 List<PolicyRoles> roles1 = commonClassDao.getUserRoles();
408 assertTrue(roles1.size() == 1);
409 List<String> multipleData = new ArrayList<>();
410 multipleData.add("TestID:Test1");
412 commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, "userLoginId:userName", multipleData);
413 assertTrue(data4.size() == 1);
414 commonClassDao.delete(data2);
418 public void testGetDataByIdparameters() {
419 UserInfo userInfo = new UserInfo();
420 userInfo.setUserLoginId("TestID");
421 userInfo.setUserName("Test");
422 commonClassDao.save(userInfo);
423 List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
424 assertTrue(data.size() == 1);
425 data = commonClassDao.getDataById(UserInfo.class, null, null);
427 data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", null);
429 data = commonClassDao.getDataById(UserInfo.class, null, "TestID:Test");
431 data = commonClassDao.getDataById(UserInfo.class, "userLoginIduserName", "TestID:Test");
433 data = commonClassDao.getDataById(UserInfo.class, "userLoginIduserName", "TestIDTest");
435 data = commonClassDao.getDataById(UserInfo.class, "userLoginId data2.getUserLoginId()" + ":userName",
438 commonClassDao.delete(data);
442 public void testGetDataByColumnParameters() {
443 UserInfo userInfo = new UserInfo();
444 userInfo.setUserLoginId("TestID");
445 userInfo.setUserName("Test");
446 commonClassDao.save(userInfo);
447 List<String> data = commonClassDao.getDataByColumn(UserInfo.class, "userLoginId");
448 assertTrue(data.size() == 1);
449 data = commonClassDao.getDataByColumn(null, null);
451 data = commonClassDao.getDataByColumn(UserInfo.class, null);
453 data = commonClassDao.getDataByColumn(null, "userLoginId");
455 commonClassDao.delete(data);
459 public void testGetMultipleDataOnAddingConjunctionParameters() {
460 UserInfo userInfo = new UserInfo();
461 userInfo.setUserLoginId("TestID");
462 userInfo.setUserName("Test");
463 commonClassDao.save(userInfo);
464 List<String> multipleData = new ArrayList<>();
465 multipleData.add("TestID:Test1");
467 commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, "userLoginId:userName", multipleData);
468 assertTrue(data.size() == 0);
469 data = commonClassDao.getMultipleDataOnAddingConjunction(null, null, null);
471 data = commonClassDao.getMultipleDataOnAddingConjunction(null, null, multipleData);
473 data = commonClassDao.getMultipleDataOnAddingConjunction(null, "userLoginId:userName", null);
475 data = commonClassDao.getMultipleDataOnAddingConjunction(null, "userLoginId:userName", multipleData);
477 data = commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, null, null);
479 data = commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, null, multipleData);
481 data = commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, "userLoginId:userName", null);
483 commonClassDao.delete(data);
487 public void testCheckDuplicateEntryParameters() {
488 UserInfo userInfo = new UserInfo();
489 userInfo.setUserLoginId("TestID");
490 userInfo.setUserName("Test");
491 commonClassDao.save(userInfo);
492 List<Object> data = commonClassDao.checkDuplicateEntry("TestID:Test1", "userLoginId:userName", UserInfo.class);
493 assertTrue(data.size() == 0);
494 data = commonClassDao.checkDuplicateEntry(null, null, UserInfo.class);
496 data = commonClassDao.checkDuplicateEntry("userLoginId:userName", null, UserInfo.class);
498 data = commonClassDao.checkDuplicateEntry(null, "TestID:Test", UserInfo.class);
500 data = commonClassDao.checkDuplicateEntry("userLoginIduserName", "TestID:Test", UserInfo.class);
502 data = commonClassDao.checkDuplicateEntry("userLoginId:userName", "TestID:Test:zooby", UserInfo.class);
504 data = commonClassDao.checkDuplicateEntry("userLoginId:userName", "TestID", UserInfo.class);
506 commonClassDao.delete(data);
511 public void testGetEntityItemParameters() {
512 UserInfo userInfo = new UserInfo();
513 userInfo.setUserLoginId("TestID");
514 userInfo.setUserName("Test");
515 commonClassDao.save(userInfo);
516 List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
517 assertTrue(data.size() == 1);
518 UserInfo userInfoUpdate = (UserInfo) data.get(0);
519 userInfoUpdate.setUserName("Test1");
520 commonClassDao.update(userInfoUpdate);
521 List<String> data1 = commonClassDao.getDataByColumn(UserInfo.class, "userLoginId");
522 assertTrue(data1.size() == 1);
524 (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginId:userName", "TestID:Test1");
525 assertTrue("TestID".equals(data2.getUserLoginId()));
526 data2 = (UserInfo) commonClassDao.getEntityItem(null, null, null);
528 data2 = (UserInfo) commonClassDao.getEntityItem(null, null, "TestID:Test1");
530 data2 = (UserInfo) commonClassDao.getEntityItem(null, "userLoginId:userName", null);
532 data2 = (UserInfo) commonClassDao.getEntityItem(null, "userLoginId:userName", "TestID:Test1");
534 data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, null, null);
536 data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, null, "TestID:Test1");
538 data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginId:userName", null);
540 data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginIduserName", "TestID:Test1");
542 data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginId:userName", "TestIDTest1");
544 commonClassDao.delete(data);
545 commonClassDao.delete(data1);
546 commonClassDao.delete(data2);
550 public void testOtherMethods() {
551 UserInfo userInfo = new UserInfo();
552 userInfo.setUserLoginId("TestID");
553 userInfo.setUserName("Test");
554 commonClassDao.save(userInfo);
555 commonClassDao.deleteAll();
556 List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
557 assertTrue(data.size() == 1);
559 data = commonClassDao.checkExistingGroupListforUpdate(null, null);
560 assertTrue(data.size() == 0);
562 commonClassDao.updateClAlarms(null, null);
563 commonClassDao.updateClYaml(null, null);
564 data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
565 assertTrue(data.size() == 1);
566 commonClassDao.update(null);
567 assertTrue(data.size() == 1);
568 commonClassDao.getData(null);
569 assertTrue(data.size() == 1);
570 commonClassDao.delete(data);
574 public void testUpdateQuery() {
575 UserInfo userInfo = new UserInfo();
576 userInfo.setUserLoginId("TestID");
577 userInfo.setUserName("Test");
578 commonClassDao.save(userInfo);
579 commonClassDao.updateQuery("SELECT * FROM userLoginId");
580 List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
581 assertTrue(data.size() == 1);
583 String query = "DELETE FROM org.onap.policy.rest.jpa.FunctionDefinition";
584 commonClassDao.updateQuery(query);
585 data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
586 assertTrue(data.size() == 1);
587 commonClassDao.delete(data);
592 public void testGetDataByQueryParameters() {
594 UserInfo userinfo = new UserInfo();
595 String loginIdUserName = "Test";
596 userinfo.setUserLoginId(loginIdUserName);
597 userinfo.setUserName(loginIdUserName);
598 commonClassDao.save(userinfo);
600 SimpleBindings bindings = new SimpleBindings();
601 bindings.put("usercode", 1L);
604 commonClassDao.getDataByQuery("from UserInfo", bindings);
605 fail("test should throw an exception here");
606 } catch (Exception exc) {
607 assertTrue(exc.getMessage().contains("Parameter usercode does not exist as a named parameter"));
611 private void truncateAllTables() {
612 Session session = sessionFactory.openSession();
613 Transaction transaction = session.beginTransaction();
614 sessionFactory.getAllClassMetadata().forEach((tableName, x) -> {
615 Query query = session.createQuery("DELETE FROM " + tableName);
616 query.executeUpdate();
618 transaction.commit();