2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2022 Nordix Foundation. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.openecomp.sdc.be.servlets.utils;
23 import static org.junit.jupiter.api.Assertions.assertFalse;
25 import org.junit.jupiter.api.Test;
26 import org.junit.jupiter.api.extension.ExtendWith;
27 import org.mockito.InjectMocks;
28 import org.mockito.junit.jupiter.MockitoExtension;
29 import org.openecomp.sdc.be.model.User;
30 import org.openecomp.sdc.common.util.DataValidator;
31 import org.openecomp.sdc.common.util.SecureString;
33 @ExtendWith(MockitoExtension.class)
34 class DataValidatorTest {
37 private DataValidator dataValidator;
40 void isValidSecureString() {
41 final SecureString secureString = new SecureString("<script>alert(“XSS”);</script>");
42 assertFalse(dataValidator.isValid(secureString));
46 void isValidEPUser() {
47 final User user = new User();
48 user.setEmail("“><script>alert(“XSS”)</script>");
49 user.setUserId("<IMG SRC=”javascript:alert(‘XSS’);”>");
50 user.setFirstName("<IMG SRC=javascript:alert(‘XSS’)> ");
51 assertFalse(dataValidator.isValid(user));