* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
import javax.servlet.http.HttpServletResponse;
import org.apache.cxf.transport.http.HTTPException;
+import org.drools.core.command.assertion.AssertEquals;
import org.hibernate.Query;
import org.hibernate.SQLQuery;
import org.hibernate.Session;
return mockRoleInAppForUserList;
}
+ @SuppressWarnings("unchecked")
+ @Test
+ public void checkTheProtectionAgainstSQLInjection() throws Exception {
+ EPUser user = mockUser.mockEPUser();
+ user.setId(1l);
+ user.setOrgId(2l);
+ Query epUserQuery = Mockito.mock(Query.class);
+ List<EPUser> mockEPUserList = new ArrayList<>();
+ mockEPUserList.add(user);
+
+ Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery);
+ Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery);
+ Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId() + "; select * from " + EPUser.class.getName() +";")).thenReturn(epUserQuery);
+ userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId(),true);
+
+ Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery);
+ Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery);
+ Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId())).thenReturn(epUserQuery);
+ userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId(),true);
+ }
+
@SuppressWarnings("unchecked")
@Test
public void getAppRolesForUserNonCentralizedForPortal() throws Exception {
Mockito.when(applicationsRestClientService.get(EcompRole[].class, mockApp.getId(), "/roles"))
.thenReturn(mockEcompRoleArray);
// syncAppRolesTest
- Mockito.when(session.createQuery("from " + EPRole.class.getName() + " where appId=" + mockApp.getId()))
+
+ Mockito.when(session.createQuery("from :name where appId = :appId"))
.thenReturn(epRoleQuery);
+
+ Mockito.when(epRoleQuery.setParameter("name",EPRole.class.getName())).thenReturn(epRoleQuery);
+ Mockito.when(epRoleQuery.setParameter("appId",mockApp.getId())).thenReturn(epRoleQuery);
+
Mockito.doReturn(mockEPRoleList).when(epRoleQuery).list();
Mockito.when(session.createQuery("from :name where app.id=:appId and role_id=:roleId"))
.thenReturn(epUserAppsQuery);
Mockito.when(epUserAppsQuery.setParameter("roleId",15l)).thenReturn(epUserAppsQuery);
Mockito.doReturn(mockUserRolesList).when(epUserAppsQuery).list();
- Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where roleId=" + 15l))
+ Mockito.when(session.createQuery("from :name where roleId=:roleId"))
.thenReturn(epFunctionalMenuQuery);
+ Mockito.when(epFunctionalMenuQuery.setParameter("name",FunctionalMenuRole.class.getName())).thenReturn(epFunctionalMenuQuery);
+ Mockito.when(epFunctionalMenuQuery.setParameter("roleId",15l)).thenReturn(epFunctionalMenuQuery);
Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery).list();
- Mockito.when(session.createQuery("from " + FunctionalMenuRole.class.getName() + " where menuId=" + 10l))
+ Mockito.when(session.createQuery("from :name where menuId=:menuId"))
.thenReturn(epFunctionalMenuQuery2);
+ Mockito.when(epFunctionalMenuQuery2.setParameter("name",FunctionalMenuRole.class.getName())).thenReturn(epFunctionalMenuQuery2);
+ Mockito.when(epFunctionalMenuQuery2.setParameter("menuId",10l)).thenReturn(epFunctionalMenuQuery2);
Mockito.doReturn(mockFunctionalMenuRolesList).when(epFunctionalMenuQuery2).list();
- Mockito.when(session.createQuery("from " + FunctionalMenuItem.class.getName() + " where menuId=" + 10l))
+ Mockito.when(session.createQuery("from :name where menuId=:menuId"))
.thenReturn(epFunctionalMenuItemQuery);
+ Mockito.when(epFunctionalMenuItemQuery.setParameter("name",FunctionalMenuItem.class.getName())).thenReturn(epFunctionalMenuItemQuery);
+ Mockito.when(epFunctionalMenuItemQuery.setParameter("menuId",10l)).thenReturn(epFunctionalMenuItemQuery);
Mockito.doReturn(mockFunctionalMenuItemList).when(epFunctionalMenuItemQuery).list();
List<EcompRole> mockEcompRoleList2 = new ArrayList<>();
EcompRole mockUserAppRoles = new EcompRole();
EPUserAppRolesRequest mockEpAppRolesRequestData = new EPUserAppRolesRequest();
Mockito.doNothing().when(dataAccessService).saveDomainObject(mockEpAppRolesRequestData, null);
final Map<String, Long> params = new HashMap<>();
- params.put("appId", appWithRolesForUser.appId);
+ params.put("appId", appWithRolesForUser.getAppId());
params.put("appRoleId", roleInAppForUser.roleId);
Mockito.when((List<EPUserAppRoles>) dataAccessService.executeNamedQuery("appRoles", params, null))
.thenReturn(epUserAppRolesList);