2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * Modifications copyright (c) 2019 Nokia
7 * Modifications Copyright (C) 2019 Nordix Foundation.
8 * ================================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 * ============LICENSE_END=========================================================
23 package org.onap.policy.rest.daoimpl;
25 import static org.junit.Assert.assertEquals;
26 import static org.junit.Assert.assertFalse;
27 import static org.junit.Assert.assertNull;
28 import static org.junit.Assert.assertTrue;
29 import static org.junit.Assert.fail;
32 import java.sql.SQLException;
33 import java.util.ArrayList;
34 import java.util.Date;
35 import java.util.List;
36 import java.util.Properties;
38 import javax.script.SimpleBindings;
40 import org.apache.tomcat.dbcp.dbcp2.BasicDataSource;
41 import org.h2.tools.Server;
42 import org.hibernate.Query;
43 import org.hibernate.Session;
44 import org.hibernate.SessionFactory;
45 import org.hibernate.Transaction;
46 import org.junit.After;
47 import org.junit.AfterClass;
48 import org.junit.BeforeClass;
49 import org.junit.Test;
50 import org.onap.policy.common.logging.flexlogger.FlexLogger;
51 import org.onap.policy.common.logging.flexlogger.Logger;
52 import org.onap.policy.rest.jpa.OnapName;
53 import org.onap.policy.rest.jpa.PolicyEntity;
54 import org.onap.policy.rest.jpa.PolicyRoles;
55 import org.onap.policy.rest.jpa.PolicyVersion;
56 import org.onap.policy.rest.jpa.SystemLogDB;
57 import org.onap.policy.rest.jpa.UserInfo;
58 import org.onap.policy.rest.jpa.WatchPolicyNotificationTable;
59 import org.springframework.orm.hibernate4.LocalSessionFactoryBuilder;
60 import org.springframework.test.annotation.Rollback;
61 import org.springframework.transaction.annotation.Transactional;
63 public class PolicyValidationDaoImplTest {
65 private static Logger logger = FlexLogger.getLogger(PolicyValidationDaoImplTest.class);
67 static SessionFactory sessionFactory;
69 static PolicyValidationDaoImpl commonClassDao;
72 * Set up all unit tests.
74 * @throws SQLException on SQL exceptions
77 public static void setupAll() throws SQLException {
78 BasicDataSource dataSource = new BasicDataSource();
79 dataSource.setDriverClassName("org.h2.Driver");
80 // In-memory DB for testing
81 dataSource.setUrl("jdbc:h2:mem:test");
82 dataSource.setUsername("sa");
83 dataSource.setPassword("");
84 LocalSessionFactoryBuilder sessionBuilder = new LocalSessionFactoryBuilder(dataSource);
85 sessionBuilder.scanPackages("org.onap.*", "com.*");
87 Properties properties = new Properties();
88 properties.put("hibernate.show_sql", "false");
89 properties.put("hibernate.dialect", "org.hibernate.dialect.H2Dialect");
90 properties.put("hibernate.hbm2ddl.auto", "drop");
91 properties.put("hibernate.hbm2ddl.auto", "create");
93 sessionBuilder.addProperties(properties);
94 sessionFactory = sessionBuilder.buildSessionFactory();
96 // Set up dao with SessionFactory
97 commonClassDao = new PolicyValidationDaoImpl();
98 PolicyValidationDaoImpl.setSessionfactory(sessionFactory);
99 // PolicyController.setLogTableLimit("1");
100 // HibernateSession.setSession(sessionFactory);
101 SystemLogDB data1 = new SystemLogDB();
102 data1.setDate(new Date());
103 data1.setLogtype("INFO");
104 data1.setRemote("Test");
105 data1.setSystem("Test");
106 data1.setType("Test");
107 SystemLogDB data2 = new SystemLogDB();
108 data2.setDate(new Date());
109 data2.setLogtype("error");
110 data2.setRemote("Test");
111 data2.setSystem("Test");
112 data2.setType("Test");
114 // Create TCP server for troubleshooting
115 server = Server.createTcpServer("-tcpAllowOthers").start();
116 System.out.println("URL: jdbc:h2:" + server.getURL() + "/mem:test");
120 public static void deleteDB() {
121 sessionFactory.close();
126 public void tearDown() {
133 public void testDB() {
135 UserInfo userinfo = new UserInfo();
136 userinfo.setUserLoginId("Test");
137 userinfo.setUserName("Test");
138 commonClassDao.save(userinfo);
139 OnapName onapName = new OnapName();
140 onapName.setName("Test");
141 onapName.setUserCreatedBy(userinfo);
142 onapName.setUserModifiedBy(userinfo);
143 onapName.setModifiedDate(new Date());
144 commonClassDao.save(onapName);
146 List<Object> list = commonClassDao.getData(OnapName.class);
147 assertTrue(list.size() == 1);
148 logger.debug(list.size());
149 logger.debug(list.get(0));
155 public void testUser() {
157 UserInfo userinfo = new UserInfo();
158 String loginIdUserName = "Test";
159 userinfo.setUserLoginId(loginIdUserName);
160 userinfo.setUserName(loginIdUserName);
161 commonClassDao.save(userinfo);
163 List<Object> dataCur = commonClassDao.getDataByQuery("from UserInfo", new SimpleBindings());
165 assertEquals(1, dataCur.size());
166 UserInfo cur = (UserInfo) dataCur.get(0);
167 assertEquals(loginIdUserName, cur.getUserLoginId());
168 assertEquals(loginIdUserName, cur.getUserName());
170 assertFalse(dataCur.isEmpty());
176 public void getDataByQuery_DashboardController() {
178 PolicyEntity pe = new PolicyEntity();
179 String name = "TestPolicy";
180 pe.setPolicyName(name);
181 pe.setPolicyData("dummyData");
183 pe.setScope("dummyScope");
184 pe.setDescription("descr");
185 pe.setDeleted(false);
186 pe.setCreatedBy("Test");
187 commonClassDao.save(pe);
189 List<Object> dataCur = commonClassDao.getDataByQuery("from PolicyEntity", new SimpleBindings());
191 assertTrue(1 == dataCur.size());
192 assertTrue(dataCur.get(0) instanceof PolicyEntity);
193 assertEquals(name, ((PolicyEntity) dataCur.get(0)).getPolicyName());
194 assertEquals(pe, (dataCur.get(0)));
200 public void getDataByQuery_AutoPushController() {
202 PolicyVersion pv = new PolicyVersion();
203 pv.setActiveVersion(2);
204 pv.setPolicyName("myPname");
206 pv.setCreatedBy("Test");
207 pv.setModifiedBy("Test");
209 PolicyVersion pv2 = new PolicyVersion();
210 pv2.setActiveVersion(1);
211 pv2.setPolicyName("test");
213 pv2.setCreatedBy("Test");
214 pv2.setModifiedBy("Test");
216 commonClassDao.save(pv);
217 commonClassDao.save(pv2);
221 String query = "From PolicyVersion where policy_name like :scope and id > 0";
222 SimpleBindings params = new SimpleBindings();
223 params.put("scope", scope);
224 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
226 assertTrue(1 == dataCur.size());
227 assertEquals(pv, dataCur.get(0));
233 public void getDataByQuery_PolicyNotificationMail() {
235 WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
236 watch.setLoginIds("Test");
239 UserInfo userinfo = new UserInfo();
240 String loginIdUserName = "Test";
241 userinfo.setUserLoginId(loginIdUserName);
242 userinfo.setUserName(loginIdUserName);
243 commonClassDao.save(userinfo);
245 List<Object> dataCur = commonClassDao.getDataByQuery("from UserInfo", new SimpleBindings());
247 assertEquals(1, dataCur.size());
248 UserInfo cur = (UserInfo) dataCur.get(0);
249 assertEquals(loginIdUserName, cur.getUserLoginId());
250 assertEquals(loginIdUserName, cur.getUserName());
252 assertFalse(dataCur.isEmpty());
254 watch.setPolicyName("bananaWatch");
255 commonClassDao.save(watch);
257 String policyFileName = "banana";
258 if (policyFileName.contains("/")) {
259 policyFileName = policyFileName.substring(0, policyFileName.indexOf("/"));
260 policyFileName = policyFileName.replace("/", File.separator);
262 if (policyFileName.contains("\\")) {
263 policyFileName = policyFileName.substring(0, policyFileName.indexOf("\\"));
264 policyFileName = policyFileName.replace("\\", "\\\\");
267 // Current Implementation
268 policyFileName += "%";
269 String query = "from WatchPolicyNotificationTable where policyName like:policyFileName";
270 SimpleBindings params = new SimpleBindings();
271 params.put("policyFileName", policyFileName);
272 dataCur = commonClassDao.getDataByQuery(query, params);
275 assertTrue(dataCur.size() == 1);
276 assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
277 assertEquals(watch, dataCur.get(0));
283 public void getDataByQuery_PolicyController() {
285 PolicyEntity pe = new PolicyEntity();
286 String name = "actionDummy";
287 pe.setPolicyName(name);
288 pe.setPolicyData("dummyData");
290 pe.setScope("dummyScope");
291 pe.setDescription("descr");
292 pe.setDeleted(false);
293 pe.setCreatedBy("Test");
294 commonClassDao.save(pe);
296 String dbCheckName = "dummyScope:action";
297 String[] splitDbCheckName = dbCheckName.split(":");
299 // Current Implementation
300 String query = "FROM PolicyEntity where policyName like :splitDBCheckName1 and scope = :splitDBCheckName0";
301 SimpleBindings params = new SimpleBindings();
302 params.put("splitDBCheckName1", splitDbCheckName[1] + "%");
303 params.put("splitDBCheckName0", splitDbCheckName[0]);
304 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
307 assertTrue(dataCur.size() == 1);
308 assertTrue(dataCur.get(0) instanceof PolicyEntity);
309 assertEquals(pe, dataCur.get(0));
315 public void getDataByQuery_PolicyNotificationController() {
317 WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
318 String finalName = "banana"; // Policy File Name
319 String userId = "Test";
320 watch.setLoginIds(userId);
321 watch.setPolicyName(finalName);
322 commonClassDao.save(watch);
324 // Current Implementation
325 String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
326 SimpleBindings params = new SimpleBindings();
327 params.put("finalName", finalName);
328 params.put("userId", userId);
329 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
332 assertTrue(dataCur.size() == 1);
333 assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
334 assertEquals(watch, dataCur.get(0));
338 * Test for SQL Injection Protection
344 public void getDataByQuery_PolicyNotificationController_Injection() {
346 WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
347 String userId = "Test";
348 watch.setLoginIds(userId);
349 watch.setPolicyName("banana");
350 commonClassDao.save(watch);
352 WatchPolicyNotificationTable watch2 = new WatchPolicyNotificationTable();
353 watch2.setLoginIds(userId);
354 watch2.setPolicyName("banana2");
355 commonClassDao.save(watch2);
357 // SQL Injection attempt
358 String finalName = "banana' OR '1'='1";
360 // Current Implementation
361 String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
362 SimpleBindings params = new SimpleBindings();
363 params.put("finalName", finalName);
364 params.put("userId", userId);
365 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
368 assertTrue(dataCur.size() <= 1);
370 if (dataCur.size() >= 1) {
371 assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
372 assertFalse(watch.equals(dataCur.get(0)));
373 assertFalse(watch.equals(dataCur.get(0)));
378 public void testCommonClassDaoImplMethods() {
379 UserInfo userInfo = new UserInfo();
380 userInfo.setUserLoginId("TestID");
381 userInfo.setUserName("Test");
382 commonClassDao.save(userInfo);
383 List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
384 assertTrue(data.size() == 1);
385 UserInfo userInfoUpdate = (UserInfo) data.get(0);
386 userInfoUpdate.setUserName("Test1");
387 commonClassDao.update(userInfoUpdate);
388 List<String> data1 = commonClassDao.getDataByColumn(UserInfo.class, "userLoginId");
389 assertTrue(data1.size() == 1);
390 UserInfo data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginId:userName",
392 assertTrue("TestID".equals(data2.getUserLoginId()));
393 List<Object> data3 = commonClassDao.checkDuplicateEntry("TestID:Test1", "userLoginId:userName", UserInfo.class);
394 assertTrue(data3.size() == 1);
395 PolicyRoles roles = new PolicyRoles();
396 roles.setRole("admin");
397 roles.setLoginId(userInfo);
398 roles.setScope("test");
399 commonClassDao.save(roles);
400 List<PolicyRoles> roles1 = commonClassDao.getUserRoles();
401 assertTrue(roles1.size() == 1);
402 List<String> multipleData = new ArrayList<>();
403 multipleData.add("TestID:Test1");
404 List<Object> data4 = commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, "userLoginId:userName",
406 assertTrue(data4.size() == 1);
407 commonClassDao.delete(data2);
411 public void testGetDataByIdparameters() {
412 UserInfo userInfo = new UserInfo();
413 userInfo.setUserLoginId("TestID");
414 userInfo.setUserName("Test");
415 commonClassDao.save(userInfo);
416 List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
417 assertTrue(data.size() == 1);
418 data = commonClassDao.getDataById(UserInfo.class, null, null);
420 data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", null);
422 data = commonClassDao.getDataById(UserInfo.class, null, "TestID:Test");
424 data = commonClassDao.getDataById(UserInfo.class, "userLoginIduserName", "TestID:Test");
426 data = commonClassDao.getDataById(UserInfo.class, "userLoginIduserName", "TestIDTest");
428 data = commonClassDao.getDataById(UserInfo.class, "userLoginId data2.getUserLoginId()" + ":userName",
431 commonClassDao.delete(data);
435 public void testGetDataByColumnParameters() {
436 UserInfo userInfo = new UserInfo();
437 userInfo.setUserLoginId("TestID");
438 userInfo.setUserName("Test");
439 commonClassDao.save(userInfo);
440 List<String> data = commonClassDao.getDataByColumn(UserInfo.class, "userLoginId");
441 assertTrue(data.size() == 1);
442 data = commonClassDao.getDataByColumn(null, null);
444 data = commonClassDao.getDataByColumn(UserInfo.class, null);
446 data = commonClassDao.getDataByColumn(null, "userLoginId");
448 commonClassDao.delete(data);
452 public void testGetMultipleDataOnAddingConjunctionParameters() {
453 UserInfo userInfo = new UserInfo();
454 userInfo.setUserLoginId("TestID");
455 userInfo.setUserName("Test");
456 commonClassDao.save(userInfo);
457 List<String> multipleData = new ArrayList<>();
458 multipleData.add("TestID:Test1");
459 List<Object> data = commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, "userLoginId:userName",
461 assertTrue(data.size() == 0);
462 data = commonClassDao.getMultipleDataOnAddingConjunction(null, null, null);
464 data = commonClassDao.getMultipleDataOnAddingConjunction(null, null, multipleData);
466 data = commonClassDao.getMultipleDataOnAddingConjunction(null, "userLoginId:userName", null);
468 data = commonClassDao.getMultipleDataOnAddingConjunction(null, "userLoginId:userName", multipleData);
470 data = commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, null, null);
472 data = commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, null, multipleData);
474 data = commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, "userLoginId:userName", null);
476 commonClassDao.delete(data);
480 public void testCheckDuplicateEntryParameters() {
481 UserInfo userInfo = new UserInfo();
482 userInfo.setUserLoginId("TestID");
483 userInfo.setUserName("Test");
484 commonClassDao.save(userInfo);
485 List<Object> data = commonClassDao.checkDuplicateEntry("TestID:Test1", "userLoginId:userName", UserInfo.class);
486 assertTrue(data.size() == 0);
487 data = commonClassDao.checkDuplicateEntry(null, null, UserInfo.class);
489 data = commonClassDao.checkDuplicateEntry("userLoginId:userName", null, UserInfo.class);
491 data = commonClassDao.checkDuplicateEntry(null, "TestID:Test", UserInfo.class);
493 data = commonClassDao.checkDuplicateEntry("userLoginIduserName", "TestID:Test", UserInfo.class);
495 data = commonClassDao.checkDuplicateEntry("userLoginId:userName", "TestID:Test:zooby", UserInfo.class);
497 data = commonClassDao.checkDuplicateEntry("userLoginId:userName", "TestID", UserInfo.class);
499 commonClassDao.delete(data);
503 public void testGetEntityItemParameters() {
504 UserInfo userInfo = new UserInfo();
505 userInfo.setUserLoginId("TestID");
506 userInfo.setUserName("Test");
507 commonClassDao.save(userInfo);
508 List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
509 assertTrue(data.size() == 1);
510 UserInfo userInfoUpdate = (UserInfo) data.get(0);
511 userInfoUpdate.setUserName("Test1");
512 commonClassDao.update(userInfoUpdate);
513 List<String> data1 = commonClassDao.getDataByColumn(UserInfo.class, "userLoginId");
514 assertTrue(data1.size() == 1);
515 UserInfo data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginId:userName",
517 assertTrue("TestID".equals(data2.getUserLoginId()));
518 data2 = (UserInfo) commonClassDao.getEntityItem(null, null, null);
520 data2 = (UserInfo) commonClassDao.getEntityItem(null, null, "TestID:Test1");
522 data2 = (UserInfo) commonClassDao.getEntityItem(null, "userLoginId:userName", null);
524 data2 = (UserInfo) commonClassDao.getEntityItem(null, "userLoginId:userName", "TestID:Test1");
526 data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, null, null);
528 data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, null, "TestID:Test1");
530 data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginId:userName", null);
532 data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginIduserName", "TestID:Test1");
534 data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginId:userName", "TestIDTest1");
536 commonClassDao.delete(data);
537 commonClassDao.delete(data1);
538 commonClassDao.delete(data2);
542 public void testOtherMethods() {
543 UserInfo userInfo = new UserInfo();
544 userInfo.setUserLoginId("TestID");
545 userInfo.setUserName("Test");
546 commonClassDao.save(userInfo);
547 commonClassDao.deleteAll();
548 List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
549 assertTrue(data.size() == 1);
551 data = commonClassDao.checkExistingGroupListforUpdate(null, null);
552 assertTrue(data.size() == 0);
554 commonClassDao.updateClAlarms(null, null);
555 commonClassDao.updateClYaml(null, null);
556 data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
557 assertTrue(data.size() == 1);
558 commonClassDao.update(null);
559 assertTrue(data.size() == 1);
560 commonClassDao.getData(null);
561 assertTrue(data.size() == 1);
562 commonClassDao.delete(data);
566 public void testUpdateQuery() {
567 UserInfo userInfo = new UserInfo();
568 userInfo.setUserLoginId("TestID");
569 userInfo.setUserName("Test");
570 commonClassDao.save(userInfo);
571 commonClassDao.updateQuery("SELECT * FROM userLoginId");
572 List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
573 assertTrue(data.size() == 1);
575 String query = "DELETE FROM org.onap.policy.rest.jpa.FunctionDefinition";
576 commonClassDao.updateQuery(query);
577 data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
578 assertTrue(data.size() == 1);
579 commonClassDao.delete(data);
583 public void testGetDataByQueryParameters() {
585 UserInfo userinfo = new UserInfo();
586 String loginIdUserName = "Test";
587 userinfo.setUserLoginId(loginIdUserName);
588 userinfo.setUserName(loginIdUserName);
589 commonClassDao.save(userinfo);
591 SimpleBindings bindings = new SimpleBindings();
592 bindings.put("usercode", 1L);
595 commonClassDao.getDataByQuery("from UserInfo", bindings);
596 fail("test should throw an exception here");
597 } catch (Exception exc) {
598 assertTrue(exc.getMessage().contains("Parameter usercode does not exist as a named parameter"));
602 private void truncateAllTables() {
603 Session session = sessionFactory.openSession();
604 Transaction transaction = session.beginTransaction();
605 sessionFactory.getAllClassMetadata().forEach((tableName, x) -> {
606 Query query = session.createQuery("DELETE FROM " + tableName);
607 query.executeUpdate();
609 transaction.commit();