Merge "Sonar: Reduce cyclomatic complexity"

[portal.git] / ecomp-portal-BE-os / src / test / java / org / onap / portalapp / portal / controller / AppsOSControllerTest.java

diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
index 565bfdb..15fe1dd 100644 (file)
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
+++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
@@ -33,7 +33,7 @@
  *
  * ============LICENSE_END============================================
  *
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * 
  */
 package org.onap.portalapp.portal.controller;
 
@@ -175,6 +175,17 @@ public class AppsOSControllerTest {
                assertEquals("{\"firstName\":\"test\",\"lastName\":\"test\"}", expectedString);
        }
 
+       @Test
+       public void getCurrentUserProfileXSSTest() {
+               String loginId = "<iframe/src=\"data:text/html,<svg &#111;&#110;load=alert(1)>\">";
+               EPUser user = mockUser.mockEPUser();
+               List<EPUser> expectedList = new ArrayList<>();
+               expectedList.add(user);
+               Mockito.when(userService.getUserByUserId(loginId)).thenReturn(expectedList);
+               String expectedString = appsOSController.getCurrentUserProfile(mockedRequest, loginId);
+               assertEquals("loginId is not valid", expectedString);
+       }
+
        @Test
        public void getCurrentUserProfileExceptionTest() {
                String loginId = "guestT";