Code Review / portal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Persistent XSS vulnerability in basicAuthAccount form fix
[portal.git] / ecomp-portal-BE-common / src / test / java / org / onap / portalapp / portal / service / BasicAuthAccountServiceImplTest.java
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImplTest.java
index 5434749..6382bef 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImplTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImplTest.java
@@ -78,6 +78,15 @@ public class BasicAuthAccountServiceImplTest {
                Mockito.doNothing().when(dataAccessService).saveDomainObject(basicAuthCredentials, null);
                basicAuthAccountServiceImpl.saveBasicAuthAccount(basicAuthCredentials);
                
+       }
+
+               @Test(expected= Exception.class)
+       public void saveBasicAuthAccountValidTest() throws Exception {
+                               BasicAuthCredentials basicAuthCredentials = new BasicAuthCredentials();
+                               basicAuthCredentials.setPassword("<IMG SRC=\"jav\tascript:alert('XSS');\">");
+                               Mockito.doNothing().when(dataAccessService).saveDomainObject(basicAuthCredentials, null);
+                               basicAuthAccountServiceImpl.saveBasicAuthAccount(basicAuthCredentials);
+
        }
        
        @Test
@@ -175,4 +184,17 @@ public class BasicAuthAccountServiceImplTest {
                basicAuthAccountServiceImpl.deleteEndpointAccout(1l);
                
        }
+       
+       @Test
+       public void getBasicAuthCredentialsById() throws Exception{
+               List<BasicAuthCredentials> list = new ArrayList<>();
+               BasicAuthCredentials basicAuthCredentials = new BasicAuthCredentials();
+               basicAuthCredentials.setPassword("password");
+               basicAuthCredentials.setId(1l);
+               list.add(basicAuthCredentials);
+               Mockito.when((List<BasicAuthCredentials>) dataAccessService.getList(BasicAuthCredentials.class, null))
+               .thenReturn(list);
+               basicAuthAccountServiceImpl.getBasicAuthCredentialsById(1l);
+               
+       }
 }
ARCHIVED- 2022-02-15 at the request of the project