Code Review / portal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
XSS Vulnerability fix in AppsController
[portal.git] / ecomp-portal-BE-os / src / test / java / org / onap / portalapp / portal / controller / AppsOSControllerTest.java
diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
index 0596e74..1083aed 100644 (file)
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
+++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
@@ -41,10 +41,8 @@ import static org.junit.Assert.assertEquals;
 
 import java.util.ArrayList;
 import java.util.List;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
 import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
@@ -52,7 +50,6 @@ import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.MockitoAnnotations;
-import org.onap.portalapp.portal.controller.AppsOSController;
 import org.onap.portalapp.portal.domain.EPUser;
 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
@@ -87,7 +84,7 @@ public class AppsOSControllerTest {
        }
 
        @InjectMocks
-       AppsOSController appsOSController = new AppsOSController();
+       AppsOSController appsOSController;
 
        MockitoTestSuite mockitoTestSuite = new MockitoTestSuite();
 
@@ -175,6 +172,17 @@ public class AppsOSControllerTest {
                assertEquals("{\"firstName\":\"test\",\"lastName\":\"test\"}", expectedString);
        }
 
+       @Test
+       public void getCurrentUserProfileXSSTest() {
+               String loginId = "<iframe/src=\"data:text/html,<svg &#111;&#110;load=alert(1)>\">";
+               EPUser user = mockUser.mockEPUser();
+               List<EPUser> expectedList = new ArrayList<>();
+               expectedList.add(user);
+               Mockito.when(userService.getUserByUserId(loginId)).thenReturn(expectedList);
+               String expectedString = appsOSController.getCurrentUserProfile(mockedRequest, loginId);
+               assertEquals("loginId is not valid", expectedString);
+       }
+
        @Test
        public void getCurrentUserProfileExceptionTest() {
                String loginId = "guestT";
ARCHIVED- 2022-02-15 at the request of the project