2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.onap.policy.rest.daoimpl;
22 import static org.junit.Assert.*;
25 import java.util.ArrayList;
26 import java.util.Date;
27 import java.util.List;
28 import java.util.Properties;
30 import javax.script.SimpleBindings;
32 import org.apache.tomcat.dbcp.dbcp2.BasicDataSource;
33 import org.h2.tools.Server;
34 import org.hibernate.SessionFactory;
35 import org.junit.After;
36 import org.junit.Before;
37 import org.junit.Test;
38 import org.onap.policy.common.logging.flexlogger.FlexLogger;
39 import org.onap.policy.common.logging.flexlogger.Logger;
40 //import org.onap.policy.conf.HibernateSession;
41 //import org.onap.policy.controller.PolicyController;
42 import org.onap.policy.rest.jpa.OnapName;
43 import org.onap.policy.rest.jpa.PolicyEntity;
44 import org.onap.policy.rest.jpa.PolicyRoles;
45 import org.onap.policy.rest.jpa.PolicyVersion;
46 import org.onap.policy.rest.jpa.SystemLogDB;
47 import org.onap.policy.rest.jpa.UserInfo;
48 import org.onap.policy.rest.jpa.WatchPolicyNotificationTable;
49 import org.springframework.orm.hibernate4.LocalSessionFactoryBuilder;
50 import org.springframework.transaction.annotation.Transactional;
51 import org.springframework.test.annotation.Rollback;
54 public class PolicyValidationDaoImplTest {
56 private static Logger logger = FlexLogger.getLogger(PolicyValidationDaoImplTest.class);
58 SessionFactory sessionFactory;
60 PolicyValidationDaoImpl commonClassDao;
63 public void setUp() throws Exception{
65 BasicDataSource dataSource = new BasicDataSource();
66 dataSource.setDriverClassName("org.h2.Driver");
67 // In-memory DB for testing
68 dataSource.setUrl("jdbc:h2:mem:test");
69 dataSource.setUsername("sa");
70 dataSource.setPassword("");
71 LocalSessionFactoryBuilder sessionBuilder = new LocalSessionFactoryBuilder(dataSource);
72 sessionBuilder.scanPackages("org.onap.*", "com.*");
74 Properties properties = new Properties();
75 properties.put("hibernate.show_sql", "false");
76 properties.put("hibernate.dialect", "org.hibernate.dialect.H2Dialect");
77 properties.put("hibernate.hbm2ddl.auto", "drop");
78 properties.put("hibernate.hbm2ddl.auto", "create");
80 sessionBuilder.addProperties(properties);
81 sessionFactory = sessionBuilder.buildSessionFactory();
83 // Set up dao with SessionFactory
84 commonClassDao = new PolicyValidationDaoImpl();
85 PolicyValidationDaoImpl.setSessionfactory(sessionFactory);
86 //PolicyController.setLogTableLimit("1");
87 //HibernateSession.setSession(sessionFactory);
88 SystemLogDB data1 = new SystemLogDB();
89 data1.setDate(new Date());
90 data1.setLogtype("INFO");
91 data1.setRemote("Test");
92 data1.setSystem("Test");
93 data1.setType("Test");
94 SystemLogDB data2 = new SystemLogDB();
95 data2.setDate(new Date());
96 data2.setLogtype("error");
97 data2.setRemote("Test");
98 data2.setSystem("Test");
99 data2.setType("Test");
100 //HibernateSession.getSession().save(data1);
101 //HibernateSession.getSession().save(data2);
103 // Create TCP server for troubleshooting
104 server = Server.createTcpServer("-tcpAllowOthers").start();
105 System.out.println("URL: jdbc:h2:" + server.getURL() + "/mem:test");
108 System.err.println(e);
116 public void testDB(){
119 UserInfo userinfo = new UserInfo();
120 userinfo.setUserLoginId("Test");
121 userinfo.setUserName("Test");
122 commonClassDao.save(userinfo);
123 OnapName onapName = new OnapName();
124 onapName.setOnapName("Test");
125 onapName.setUserCreatedBy(userinfo);
126 onapName.setUserModifiedBy(userinfo);
127 onapName.setModifiedDate(new Date());
128 commonClassDao.save(onapName);
131 List<Object> list = commonClassDao.getData(OnapName.class);
132 assertTrue(list.size() == 1);
133 logger.debug(list.size());
134 logger.debug(list.get(0));
136 logger.debug("Exception Occured"+e);
144 public void testUser(){
147 UserInfo userinfo = new UserInfo();
148 String loginId_userName = "Test";
149 userinfo.setUserLoginId(loginId_userName);
150 userinfo.setUserName(loginId_userName);
151 commonClassDao.save(userinfo);
154 List<Object> dataCur = commonClassDao.getDataByQuery("from UserInfo", new SimpleBindings());
156 assertEquals(1, dataCur.size());
157 UserInfo cur = (UserInfo) dataCur.get(0);
158 assertEquals(loginId_userName, cur.getUserLoginId());
159 assertEquals(loginId_userName, cur.getUserName());
161 assertFalse(dataCur.isEmpty());
164 logger.debug("Exception Occured"+e);
172 public void getDataByQuery_DashboardController(){
175 PolicyEntity pe = new PolicyEntity();
176 String name = "TestPolicy";
177 pe.setPolicyName(name);
178 pe.setPolicyData("dummyData");
180 pe.setScope("dummyScope");
181 pe.setDescription("descr");
182 pe.setDeleted(false);
183 pe.setCreatedBy("Test");
184 commonClassDao.save(pe);
186 List<Object> dataCur = commonClassDao.getDataByQuery("from PolicyEntity", new SimpleBindings());
188 assertTrue(1 == dataCur.size());
189 assertTrue( dataCur.get(0) instanceof PolicyEntity);
190 assertEquals( name, ((PolicyEntity)dataCur.get(0)).getPolicyName());
191 assertEquals( pe, ((PolicyEntity)dataCur.get(0)));
195 logger.debug("Exception Occured"+e);
203 public void getDataByQuery_AutoPushController(){
206 PolicyVersion pv = new PolicyVersion();
207 pv.setActiveVersion(2);
208 pv.setPolicyName("myPname");
210 pv.setCreatedBy("Test");
211 pv.setModifiedBy("Test");
213 PolicyVersion pv2 = new PolicyVersion();
214 pv2.setActiveVersion(1);
215 pv2.setPolicyName("test");
217 pv2.setCreatedBy("Test");
218 pv2.setModifiedBy("Test");
220 commonClassDao.save(pv);
221 commonClassDao.save(pv2);
225 String query = "From PolicyVersion where policy_name like :scope and id > 0";
226 SimpleBindings params = new SimpleBindings();
227 params.put("scope", scope);
228 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
231 assertTrue(1 == dataCur.size());
232 assertEquals(pv, (PolicyVersion) dataCur.get(0));
235 logger.debug("Exception Occured"+e);
243 public void getDataByQuery_PolicyNotificationMail(){
246 WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
247 String policyFileName = "banana";
248 watch.setLoginIds("Test");
249 watch.setPolicyName("bananaWatch");
250 commonClassDao.save(watch);
252 if(policyFileName.contains("/")){
253 policyFileName = policyFileName.substring(0, policyFileName.indexOf("/"));
254 policyFileName = policyFileName.replace("/", File.separator);
256 if(policyFileName.contains("\\")){
257 policyFileName = policyFileName.substring(0, policyFileName.indexOf("\\"));
258 policyFileName = policyFileName.replace("\\", "\\\\");
262 // Current Implementation
263 policyFileName += "%";
264 String query = "from WatchPolicyNotificationTable where policyName like:policyFileName";
265 SimpleBindings params = new SimpleBindings();
266 params.put("policyFileName", policyFileName);
267 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
270 assertTrue(dataCur.size() == 1);
271 assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
272 assertEquals(watch, (WatchPolicyNotificationTable) dataCur.get(0));
275 logger.debug("Exception Occured"+e);
284 public void getDataByQuery_PolicyController(){
287 PolicyEntity pe = new PolicyEntity();
288 String name = "actionDummy";
289 pe.setPolicyName(name);
290 pe.setPolicyData("dummyData");
292 pe.setScope("dummyScope");
293 pe.setDescription("descr");
294 pe.setDeleted(false);
295 pe.setCreatedBy("Test");
296 commonClassDao.save(pe);
298 String dbCheckName = "dummyScope:action";
299 String[] splitDBCheckName = dbCheckName.split(":");
302 // Current Implementation
303 String query = "FROM PolicyEntity where policyName like :splitDBCheckName1 and scope = :splitDBCheckName0";
304 SimpleBindings params = new SimpleBindings();
305 params.put("splitDBCheckName1", splitDBCheckName[1] + "%");
306 params.put("splitDBCheckName0", splitDBCheckName[0]);
307 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
310 assertTrue(dataCur.size() == 1);
311 assertTrue(dataCur.get(0) instanceof PolicyEntity);
312 assertEquals(pe, (PolicyEntity) dataCur.get(0));
315 logger.debug("Exception Occured"+e);
323 public void getDataByQuery_PolicyNotificationController(){
326 WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
327 String finalName = "banana"; // Policy File Name
328 String userId = "Test";
329 watch.setLoginIds(userId);
330 watch.setPolicyName(finalName);
331 commonClassDao.save(watch);
334 // Current Implementation
335 String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
336 SimpleBindings params = new SimpleBindings();
337 params.put("finalName", finalName);
338 params.put("userId", userId);
339 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
342 assertTrue(dataCur.size() == 1);
343 assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
344 assertEquals(watch, (WatchPolicyNotificationTable) dataCur.get(0) );
347 logger.debug("Exception Occured"+e);
353 /* Test for SQL Injection Protection
359 public void getDataByQuery_PolicyNotificationController_Injection(){
362 WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
363 String userId = "Test";
364 watch.setLoginIds(userId);
365 watch.setPolicyName("banana");
366 commonClassDao.save(watch);
368 WatchPolicyNotificationTable watch2 = new WatchPolicyNotificationTable();
369 watch2.setLoginIds(userId);
370 watch2.setPolicyName("banana2");
371 commonClassDao.save(watch2);
373 // SQL Injection attempt
374 String finalName = "banana' OR '1'='1";
377 // Current Implementation
378 String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
379 SimpleBindings params = new SimpleBindings();
380 params.put("finalName", finalName);
381 params.put("userId", userId);
382 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
385 assertTrue(dataCur.size() <= 1);
387 if(dataCur.size() >= 1){
388 assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
389 assertFalse(watch.equals((WatchPolicyNotificationTable) dataCur.get(0)));
390 assertFalse(watch.equals((WatchPolicyNotificationTable) dataCur.get(0)));
393 logger.debug("Exception Occured"+e);
399 public void testCommonClassDaoImplMethods(){
401 UserInfo userInfo = new UserInfo();
402 userInfo.setUserLoginId("TestID");
403 userInfo.setUserName("Test");
404 commonClassDao.save(userInfo);
405 List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
406 assertTrue(data.size() == 1);
407 UserInfo userInfoUpdate = (UserInfo) data.get(0);
408 userInfoUpdate.setUserName("Test1");
409 commonClassDao.update(userInfoUpdate);
410 List<String> data1 = commonClassDao.getDataByColumn(UserInfo.class, "userLoginId");
411 assertTrue(data1.size() == 1);
412 UserInfo data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginId:userName", "TestID:Test1");
413 assertTrue("TestID".equals(data2.getUserLoginId()));
414 List<Object> data3 = commonClassDao.checkDuplicateEntry("TestID:Test1", "userLoginId:userName", UserInfo.class);
415 assertTrue(data3.size() == 1);
416 PolicyRoles roles = new PolicyRoles();
417 roles.setRole("admin");
418 roles.setLoginId(userInfo);
419 roles.setScope("test");
420 commonClassDao.save(roles);
421 List<PolicyRoles> roles1 = commonClassDao.getUserRoles();
422 assertTrue(roles1.size() == 1);
423 List<String> multipleData = new ArrayList<>();
424 multipleData.add("TestID:Test1");
425 List<Object> data4 = commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, "userLoginId:userName", multipleData);
426 assertTrue(data4.size() == 1);
427 commonClassDao.delete(data2);
429 logger.debug("Exception Occured"+e);
435 public void deleteDB(){
436 sessionFactory.close();