X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Ftest%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FAuxApiRequestMapperControllerTest.java;h=5f49c7448fd361bd2f99b2bac8548e46e1f50c52;hb=b8a540c2aa08175b2d4c144c6a27d774c8e76acb;hp=62e93727c0e063ff9770aa21a850e71871978d3e;hpb=2edaa4d6a5f7066e0c718f85a7bf7b8dabd0c59b;p=portal.git

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java
index 62e93727..5f49c744 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java
@@ -36,17 +36,17 @@
  */
 package org.onap.portalapp.portal.controller;
 
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
 
 import java.lang.reflect.Method;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -56,7 +56,6 @@ import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.MockitoAnnotations;
 import org.onap.portalapp.annotation.ApiVersion;
-import org.onap.portalapp.controller.sessionmgt.SessionCommunicationController;
 import org.onap.portalapp.controller.sessionmgt.SessionCommunicationVersionController;
 import org.onap.portalapp.externalsystemapproval.model.ExternalSystemUser;
 import org.onap.portalapp.portal.domain.EPUser;
@@ -67,6 +66,7 @@ import org.onap.portalapp.portal.transport.Analytics;
 import org.onap.portalapp.portal.transport.EpNotificationItem;
 import org.onap.portalapp.portal.transport.OnboardingApp;
 import org.onap.portalsdk.core.domain.Role;
+import org.onap.portalsdk.core.onboarding.crossapi.PortalAPIResponse;
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
@@ -114,6 +114,34 @@ public class AuxApiRequestMapperControllerTest {
 		assertNull(auxApiRequestMapperController.getUser(mockedRequest, mockedResponse, "test12"));
 	}
 
+	@Test
+	public void getUserXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roles");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
+		String expected = "Provided data is not valid";
+		String actual = auxApiRequestMapperController.getUser(mockedRequest, mockedResponse, "â><script>alert(âXSSâ)</script>");
+		assertEquals(expected, actual);
+	}
+	
+	@Test
+	public void getUserTestWithException() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roles");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
+		assertNull(auxApiRequestMapperController.getUser(mockedRequest, mockedResponse, "test12"));
+	}
+
 	@Test
 	public void getRolesTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roles");
@@ -219,6 +247,7 @@ public class AuxApiRequestMapperControllerTest {
 		assertNull(auxApiRequestMapperController.getRoleFunction(mockedRequest, mockedResponse, "test"));
 	}
 
+
 	@Test
 	public void saveRoleFunctionTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction");
@@ -233,6 +262,21 @@ public class AuxApiRequestMapperControllerTest {
 		assertNotNull(response);
 	}
 
+	@Test
+	public void saveRoleFunctionXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.saveRoleFunction(mockedRequest, mockedResponse, "<script>alert(123)</script>");
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
 	@Test
 	public void deleteRoleFunctionTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction/test");
@@ -246,6 +290,22 @@ public class AuxApiRequestMapperControllerTest {
 		assertNull(auxApiRequestMapperController.deleteRoleFunction(mockedRequest, mockedResponse, "test"));
 	}
 
+	@Test
+	public void deleteRoleFunctionXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction/test");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.deleteRoleFunction(mockedRequest, mockedResponse,
+			"<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}");
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
 	@Test
 	public void deleteRoleTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/deleteRole/1");
@@ -285,6 +345,19 @@ public class AuxApiRequestMapperControllerTest {
 		assertNull(auxApiRequestMapperController.getEcompUser(mockedRequest, mockedResponse, "test"));
 	}
 
+	@Test
+	public void getEcompUserXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v4/user/test");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
+		assertNull(auxApiRequestMapperController.getEcompUser(mockedRequest, mockedResponse, "<script>alert(âXSSâ)</script>"));
+	}
+
 	@Test
 	public void getEcompRolesOfApplicationTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v4/roles");
@@ -325,6 +398,20 @@ public class AuxApiRequestMapperControllerTest {
 		assertNull(auxApiRequestMapperController.extendSessionTimeOuts(mockedRequest, mockedResponse, sessionMap));
 	}
 
+	@Test
+	public void extendSessionTimeOutsXSSTest() throws Exception {
+		String sessionMap = "<script>alert(âXSSâ)</script>";
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/extendSessionTimeOuts");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", sessionCommunicationController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		assertNull(auxApiRequestMapperController.extendSessionTimeOuts(mockedRequest, mockedResponse, sessionMap));
+	}
+
 	@Test
 	public void getAnalyticsScriptTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/analytics");
@@ -352,6 +439,23 @@ public class AuxApiRequestMapperControllerTest {
 		assertNull(auxApiRequestMapperController.storeAnalyticsScript(mockedRequest, mockedResponse, analyticsMap));
 	}
 
+	@Test
+	public void storeAnalyticsScriptXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/storeAnalytics");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", webAnalyticsExtAppController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		Analytics analyticsMap = new Analytics();
+		analyticsMap.setPage("<script>alert(âXSSâ);</script>");
+		PortalAPIResponse actual = auxApiRequestMapperController.storeAnalyticsScript(mockedRequest, mockedResponse, analyticsMap);
+		PortalAPIResponse expected  = new PortalAPIResponse(true, "analyticsScript is not valid");
+		assertEquals(expected.getMessage(), actual.getMessage());
+	}
+
 	@Test
 	public void bulkUploadFunctionsTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/portal/functions");
@@ -517,6 +621,23 @@ public class AuxApiRequestMapperControllerTest {
 		assertNull(auxApiRequestMapperController.postUserProfile(mockedRequest, extSysUser, mockedResponse));
 	}
 
+	@Test
+	public void postUserProfileXSSTest() {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesApprovalSystemController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		ExternalSystemUser extSysUser = new ExternalSystemUser();
+		extSysUser.setLoginId("<script>alert(âXSSâ);</script>");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.postUserProfile(mockedRequest, extSysUser, mockedResponse);
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
 	@Test
 	public void putUserProfileTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
@@ -531,6 +652,23 @@ public class AuxApiRequestMapperControllerTest {
 		assertNull(auxApiRequestMapperController.putUserProfile(mockedRequest, extSysUser, mockedResponse));
 	}
 
+	@Test
+	public void putUserProfileXSSTest() {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesApprovalSystemController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		ExternalSystemUser extSysUser = new ExternalSystemUser();
+		extSysUser.setLoginId("<script>alert(âXSSâ);</script>");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.putUserProfile(mockedRequest, extSysUser, mockedResponse);
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
 	@Test
 	public void deleteUserProfileTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
@@ -545,6 +683,23 @@ public class AuxApiRequestMapperControllerTest {
 		assertNull(auxApiRequestMapperController.deleteUserProfile(mockedRequest, extSysUser, mockedResponse));
 	}
 
+	@Test
+	public void deleteUserProfileXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesApprovalSystemController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
+		ExternalSystemUser extSysUser = new ExternalSystemUser();
+		extSysUser.setLoginId("<script>alert(âXSSâ);</script>");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.deleteUserProfile(mockedRequest, extSysUser, mockedResponse);
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
 	@Test
 	public void handleRequestTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/ticketevent");
@@ -558,6 +713,21 @@ public class AuxApiRequestMapperControllerTest {
 		assertNull(auxApiRequestMapperController.handleRequest(mockedRequest, mockedResponse, "test"));
 	}
 
+	@Test
+	public void handleRequestXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/ticketevent");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", ticketEventVersionController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.handleRequest(mockedRequest, mockedResponse, "<script>alert(âXSSâ);</script>");
+		PortalRestResponse<String> expected =  new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ticketEventJson is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
 	@Test
 	public void postPortalAdminTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/portalAdmin");
@@ -572,6 +742,23 @@ public class AuxApiRequestMapperControllerTest {
 		assertNull(auxApiRequestMapperController.postPortalAdmin(mockedRequest, mockedResponse, epUser));
 	}
 
+	@Test
+	public void postPortalAdminXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/portalAdmin");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", appsControllerExternalVersionRequest);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		EPUser epUser = new EPUser();
+		epUser.setLoginId("<script>alert(/XSSâ)</script>");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.postPortalAdmin(mockedRequest, mockedResponse, epUser);
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "EPUser is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
 	@Test
 	public void getOnboardAppExternalTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp/1");
@@ -599,6 +786,23 @@ public class AuxApiRequestMapperControllerTest {
 		assertNull(auxApiRequestMapperController.postOnboardAppExternal(mockedRequest, mockedResponse, newOnboardApp));
 	}
 
+	@Test
+	public void postOnboardAppExternalXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", appsControllerExternalVersionRequest);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		OnboardingApp newOnboardApp = new OnboardingApp();
+		newOnboardApp.setUebKey("&#00;</form><input type&#61;\"date\" onfocus=\"alert(1)\">");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.postOnboardAppExternal(mockedRequest, mockedResponse, newOnboardApp);
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "OnboardingApp is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
 	@Test
 	public void putOnboardAppExternalTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp/1");
@@ -614,6 +818,24 @@ public class AuxApiRequestMapperControllerTest {
 				newOnboardApp));
 	}
 
+	@Test
+	public void putOnboardAppExternalXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp/1");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", appsControllerExternalVersionRequest);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("PUT");
+		OnboardingApp newOnboardApp = new OnboardingApp();
+		newOnboardApp.setUebTopicName("&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.putOnboardAppExternal(mockedRequest, mockedResponse, (long) 1,
+			newOnboardApp);
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "OnboardingApp is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
 	@Test
 	public void publishNotificationTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/publishNotification");
@@ -625,7 +847,25 @@ public class AuxApiRequestMapperControllerTest {
 		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
 		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
 		EpNotificationItem notificationItem = new EpNotificationItem();
-		assertNull(auxApiRequestMapperController.publishNotification(mockedRequest, notificationItem, mockedResponse));
+		assertNotNull(auxApiRequestMapperController.publishNotification(mockedRequest, notificationItem, mockedResponse));
+	}
+
+	@Test
+	public void publishNotificationXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/publishNotification");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", externalAppsRestfulVersionController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		EpNotificationItem notificationItem = new EpNotificationItem();
+		notificationItem.setIsForAllRoles("</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}");
+		PortalAPIResponse actual = auxApiRequestMapperController.publishNotification(mockedRequest, notificationItem, mockedResponse);
+		PortalAPIResponse expected = new PortalAPIResponse(false, "EpNotificationItem is not valid");
+		assertEquals(expected.getMessage(), actual.getMessage());
+		assertEquals(expected.getStatus(), actual.getStatus());
 	}
 
 	@Test
@@ -653,4 +893,23 @@ public class AuxApiRequestMapperControllerTest {
 		Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
 		assertNull(auxApiRequestMapperController.getFunctionalMenuItemsForUser(mockedRequest, mockedResponse));
 	}
+	
+	@Test
+	public void updateAppRoleDescriptionApiTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/update/app/roleDescription");
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		expectedportalRestResponse.setMessage("updateAppRoleDescription: null");
+		expectedportalRestResponse.setResponse("Failure");
+		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("PUT");
+		assertEquals(auxApiRequestMapperController.updateAppRoleDescription(mockedRequest, mockedResponse),
+				expectedportalRestResponse);
+	}
+
 }
