Code Review / portal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Persistent XSS vulnerability in basicAuthAccount form fix
[portal.git] / ecomp-portal-BE-common / src / test / java / org / onap / portalapp / portal / service / BasicAuthAccountServiceImplTest.java
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImplTest.java
index 4409a4f..6382bef 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImplTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImplTest.java
@@ -78,6 +78,15 @@ public class BasicAuthAccountServiceImplTest {
                Mockito.doNothing().when(dataAccessService).saveDomainObject(basicAuthCredentials, null);
                basicAuthAccountServiceImpl.saveBasicAuthAccount(basicAuthCredentials);
                
+       }
+
+               @Test(expected= Exception.class)
+       public void saveBasicAuthAccountValidTest() throws Exception {
+                               BasicAuthCredentials basicAuthCredentials = new BasicAuthCredentials();
+                               basicAuthCredentials.setPassword("<IMG SRC=\"jav\tascript:alert('XSS');\">");
+                               Mockito.doNothing().when(dataAccessService).saveDomainObject(basicAuthCredentials, null);
+                               basicAuthAccountServiceImpl.saveBasicAuthAccount(basicAuthCredentials);
+
        }
        
        @Test
ARCHIVED- 2022-02-15 at the request of the project