- public void getDataByQuery_PolicyNotificationController_Injection(){
- try{
- // Add data
- WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
- String userId = "Test";
- watch.setLoginIds(userId);
- watch.setPolicyName("banana");
- commonClassDao.save(watch);
-
- WatchPolicyNotificationTable watch2 = new WatchPolicyNotificationTable();
- watch2.setLoginIds(userId);
- watch2.setPolicyName("banana2");
- commonClassDao.save(watch2);
-
- // SQL Injection attempt
- String finalName = "banana' OR '1'='1";
-
-
- // Current Implementation
- String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
- SimpleBindings params = new SimpleBindings();
- params.put("finalName", finalName);
- params.put("userId", userId);
- List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
-
- // Assertions
- assertTrue(dataCur.size() <= 1);
-
- if(dataCur.size() >= 1){
- assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
- assertFalse(watch.equals((WatchPolicyNotificationTable) dataCur.get(0)));
- assertFalse(watch.equals((WatchPolicyNotificationTable) dataCur.get(0)));
- }
- }catch(Exception e){
- logger.debug("Exception Occured"+e);
- fail();
- }
- }
-
- @Test
- public void testCommonClassDaoImplMethods(){
- try{
- UserInfo userInfo = new UserInfo();
- userInfo.setUserLoginId("TestID");
- userInfo.setUserName("Test");
- commonClassDao.save(userInfo);
- List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
- assertTrue(data.size() == 1);
- UserInfo userInfoUpdate = (UserInfo) data.get(0);
- userInfoUpdate.setUserName("Test1");
- commonClassDao.update(userInfoUpdate);
- List<String> data1 = commonClassDao.getDataByColumn(UserInfo.class, "userLoginId");
- assertTrue(data1.size() == 1);
- UserInfo data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginId:userName", "TestID:Test1");
- assertTrue("TestID".equals(data2.getUserLoginId()));
- List<Object> data3 = commonClassDao.checkDuplicateEntry("TestID:Test1", "userLoginId:userName", UserInfo.class);
- assertTrue(data3.size() == 1);
- PolicyRoles roles = new PolicyRoles();
- roles.setRole("admin");
- roles.setLoginId(userInfo);
- roles.setScope("test");
- commonClassDao.save(roles);
- List<PolicyRoles> roles1 = commonClassDao.getUserRoles();
- assertTrue(roles1.size() == 1);
- List<String> multipleData = new ArrayList<>();
- multipleData.add("TestID:Test1");
- List<Object> data4 = commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, "userLoginId:userName", multipleData);
- assertTrue(data4.size() == 1);
- commonClassDao.delete(data2);
- }catch(Exception e){
- logger.debug("Exception Occured"+e);
- fail();
- }
- }
-
- @After
- public void deleteDB(){
- sessionFactory.close();
- server.stop();
-
- }
+ public void getDataByQuery_PolicyNotificationController_Injection(){
+ try{
+ // Add data
+ WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
+ String userId = "Test";
+ watch.setLoginIds(userId);
+ watch.setPolicyName("banana");
+ commonClassDao.save(watch);
+
+ WatchPolicyNotificationTable watch2 = new WatchPolicyNotificationTable();
+ watch2.setLoginIds(userId);
+ watch2.setPolicyName("banana2");
+ commonClassDao.save(watch2);
+
+ // SQL Injection attempt
+ String finalName = "banana' OR '1'='1";
+
+
+ // Current Implementation
+ String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
+ SimpleBindings params = new SimpleBindings();
+ params.put("finalName", finalName);
+ params.put("userId", userId);
+ List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
+
+ // Assertions
+ assertTrue(dataCur.size() <= 1);
+
+ if(dataCur.size() >= 1){
+ assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
+ assertFalse(watch.equals((WatchPolicyNotificationTable) dataCur.get(0)));
+ assertFalse(watch.equals((WatchPolicyNotificationTable) dataCur.get(0)));
+ }
+ }catch(Exception e){
+ logger.debug("Exception Occured"+e);
+ fail();
+ }
+ }
+
+ @Test
+ public void testCommonClassDaoImplMethods(){
+ try{
+ UserInfo userInfo = new UserInfo();
+ userInfo.setUserLoginId("TestID");
+ userInfo.setUserName("Test");
+ commonClassDao.save(userInfo);
+ List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
+ assertTrue(data.size() == 1);
+ UserInfo userInfoUpdate = (UserInfo) data.get(0);
+ userInfoUpdate.setUserName("Test1");
+ commonClassDao.update(userInfoUpdate);
+ List<String> data1 = commonClassDao.getDataByColumn(UserInfo.class, "userLoginId");
+ assertTrue(data1.size() == 1);
+ UserInfo data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginId:userName", "TestID:Test1");
+ assertTrue("TestID".equals(data2.getUserLoginId()));
+ List<Object> data3 = commonClassDao.checkDuplicateEntry("TestID:Test1", "userLoginId:userName", UserInfo.class);
+ assertTrue(data3.size() == 1);
+ PolicyRoles roles = new PolicyRoles();
+ roles.setRole("admin");
+ roles.setLoginId(userInfo);
+ roles.setScope("test");
+ commonClassDao.save(roles);
+ List<PolicyRoles> roles1 = commonClassDao.getUserRoles();
+ assertTrue(roles1.size() == 1);
+ List<String> multipleData = new ArrayList<>();
+ multipleData.add("TestID:Test1");
+ List<Object> data4 = commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, "userLoginId:userName", multipleData);
+ assertTrue(data4.size() == 1);
+ commonClassDao.delete(data2);
+ }catch(Exception e){
+ logger.debug("Exception Occured"+e);
+ fail();
+ }
+ }
+
+
+ private void truncateAllTables() {
+ Session session = sessionFactory.openSession();
+ Transaction transaction = session.beginTransaction();
+ sessionFactory.getAllClassMetadata().forEach((tableName, x) -> {
+ Query query = session.createQuery("DELETE FROM " + tableName);
+ query.executeUpdate();
+ });
+ transaction.commit();
+ session.close();
+ }