+
+ private OnboardingApp createExpectedApp() {
+
+ OnboardingApp expectedOnboardingApp = new OnboardingApp();;
+ expectedOnboardingApp.setAppName("test");
+ expectedOnboardingApp.setLandingPage("test.com");
+ expectedOnboardingApp.setRestUrl("<script>alert(/XSS”)</script>");
+ expectedOnboardingApp.setMyLoginsAppOwner("testUser");
+ expectedOnboardingApp.setRestrictedApp(false);
+ expectedOnboardingApp.setIsOpen(true);
+ expectedOnboardingApp.setIsEnabled(true);
+ return expectedOnboardingApp;
+
+ }
+
+
+ @Test
+ public void postOnboardAppExternalXSSTest() {
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+ expectedportalRestResponse.setMessage(
+ "Data is not valid");
+ expectedportalRestResponse.setResponse(null);
+ PortalRestStatusEnum portalRestStatusEnum = null;
+ expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+
+ OnboardingApp expectedOnboardingApp = createExpectedApp();
+
+ EPUser user = mockUser.mockEPUser();
+ user.setEmail("guestT@test.portal.onap.org");
+ user.setLoginPwd("pwd");
+ user.setLoginId("Test");
+ List<EPUser> expectedList = new ArrayList<EPUser>();
+ expectedList.add(user);
+
+ PortalRestResponse<String> actualPortalRestResponse = appsControllerExternalRequest
+ .postOnboardAppExternal(mockedRequest, mockedResponse, expectedOnboardingApp);
+ assertEquals(expectedportalRestResponse, actualPortalRestResponse);
+
+ }