From: Pamela Dragosh Date: Sun, 25 Mar 2018 00:00:41 +0000 (+0000) Subject: Merge "Fix final 10 vulnerabilities in policy/engine" X-Git-Tag: v1.2.0~35 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=c8bed1e392b935ec50aaeeb5fb82d25a9568b790;hp=bbd56ec8187ce2a072b574b90ea0906d8ec0a140;p=policy%2Fengine.git Merge "Fix final 10 vulnerabilities in policy/engine" --- diff --git a/ONAP-PAP-REST/src/test/java/org/onap/policy/pap/test/XACMLPAPTest.java b/ONAP-PAP-REST/src/test/java/org/onap/policy/pap/test/XACMLPAPTest.java index ca2b6797d..5208ad7a7 100644 --- a/ONAP-PAP-REST/src/test/java/org/onap/policy/pap/test/XACMLPAPTest.java +++ b/ONAP-PAP-REST/src/test/java/org/onap/policy/pap/test/XACMLPAPTest.java @@ -35,18 +35,25 @@ import java.util.List; import java.util.Map; import java.util.Properties; +import javax.persistence.EntityManager; +import javax.persistence.EntityManagerFactory; +import javax.persistence.EntityTransaction; +import javax.persistence.Persistence; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.apache.tomcat.dbcp.dbcp2.BasicDataSource; import org.hibernate.SessionFactory; import org.junit.After; import org.junit.Before; import org.junit.Test; import org.mockito.Mockito; +import org.onap.policy.common.ia.IntegrityAuditProperties; import org.onap.policy.pap.xacml.rest.XACMLPapServlet; import org.onap.policy.pap.xacml.rest.controller.ActionPolicyDictionaryController; import org.onap.policy.pap.xacml.rest.controller.ClosedLoopDictionaryController; @@ -73,8 +80,8 @@ import org.springframework.orm.hibernate4.LocalSessionFactoryBuilder; import com.mockrunner.mock.web.MockServletInputStream; - public class XACMLPAPTest { + private static final Log logger = LogFactory.getLog(XACMLPAPTest.class); private static final String ENVIRONMENT_HEADER = "Environment"; private List headers = new ArrayList<>(); @@ -86,6 +93,48 @@ public class XACMLPAPTest { private SessionFactory sessionFactory; private CommonClassDao commonClassDao; + private static final String DEFAULT_DB_DRIVER = "org.h2.Driver"; + private static final String DEFAULT_DB_USER = "sa"; + private static final String DEFAULT_DB_PWD = ""; + + @Before + public void setUpDB() throws Exception { + logger.info("setUpDB: Entering"); + + Properties properties = new Properties(); + properties.put(IntegrityAuditProperties.DB_DRIVER, XACMLPAPTest.DEFAULT_DB_DRIVER); + properties.put(IntegrityAuditProperties.DB_URL, "jdbc:h2:file:./sql/xacmlTest"); + properties.put(IntegrityAuditProperties.DB_USER, XACMLPAPTest.DEFAULT_DB_USER); + properties.put(IntegrityAuditProperties.DB_PWD, XACMLPAPTest.DEFAULT_DB_PWD); + properties.put(IntegrityAuditProperties.SITE_NAME, "SiteA"); + properties.put(IntegrityAuditProperties.NODE_TYPE, "pap"); + + //Clean the iaTest DB table for IntegrityAuditEntity entries + cleanDb("testPapPU", properties); + + logger.info("setUpDB: Exiting"); + } + + public void cleanDb(String persistenceUnit, Properties properties){ + logger.debug("cleanDb: enter"); + + EntityManagerFactory emf = Persistence.createEntityManagerFactory(persistenceUnit, properties); + + EntityManager em = emf.createEntityManager(); + // Start a transaction + EntityTransaction et = em.getTransaction(); + + et.begin(); + + // Clean up the DB + em.createQuery("Delete from IntegrityAuditEntity").executeUpdate(); + + // commit transaction + et.commit(); + em.close(); + logger.debug("cleanDb: exit"); + } + @Before public void setUp() throws ServletException { httpServletRequest = Mockito.mock(HttpServletRequest.class); diff --git a/ONAP-PAP-REST/src/test/java/org/onap/policy/pap/xacml/rest/handler/DictionaryHandlerTest.java b/ONAP-PAP-REST/src/test/java/org/onap/policy/pap/xacml/rest/handler/DictionaryHandlerTest.java new file mode 100644 index 000000000..6b58184fe --- /dev/null +++ b/ONAP-PAP-REST/src/test/java/org/onap/policy/pap/xacml/rest/handler/DictionaryHandlerTest.java @@ -0,0 +1,44 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP-PAP-REST + * ================================================================================ + * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.pap.xacml.rest.handler; + +import static org.junit.Assert.assertNull; +import org.junit.Test; + +public class DictionaryHandlerTest { + @Test + public void negTestHandler() { + // Set the system property temporarily + String systemKey = "dictionary.impl.className"; + String oldProperty = System.getProperty(systemKey); + System.setProperty(systemKey, "foobar"); + + // Run negative test on instance + assertNull(DictionaryHandler.getInstance()); + + // Restore the original system property + if (oldProperty != null) { + System.setProperty(systemKey, oldProperty); + } else { + System.clearProperty(systemKey); + } + } +} diff --git a/ONAP-PAP-REST/src/test/java/org/onap/policy/pap/xacml/rest/util/JPAUtilsTest.java b/ONAP-PAP-REST/src/test/java/org/onap/policy/pap/xacml/rest/util/JPAUtilsTest.java index 2c852fd5c..9b45c3b53 100644 --- a/ONAP-PAP-REST/src/test/java/org/onap/policy/pap/xacml/rest/util/JPAUtilsTest.java +++ b/ONAP-PAP-REST/src/test/java/org/onap/policy/pap/xacml/rest/util/JPAUtilsTest.java @@ -21,24 +21,27 @@ package org.onap.policy.pap.xacml.rest.util; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.fail; +import javax.persistence.EntityManager; import javax.persistence.EntityManagerFactory; -import org.junit.Rule; +import javax.persistence.Query; import org.junit.Test; -import org.junit.rules.ExpectedException; import org.mockito.Mockito; public class JPAUtilsTest { - @Rule - public ExpectedException thrown = ExpectedException.none(); - - @Test - public void testJPAUtils() throws IllegalAccessException { - EntityManagerFactory emf = Mockito.mock(EntityManagerFactory.class); - JPAUtils utils = JPAUtils.getJPAUtilsInstance(emf); - - assertEquals(utils.dbLockdownIgnoreErrors(), false); - - thrown.expect(NullPointerException.class); - utils.dbLockdown(); - } + @Test(expected = IllegalAccessException.class) + public void testJPAUtils() throws IllegalAccessException { + // Setup test data + EntityManagerFactory emf = Mockito.mock(EntityManagerFactory.class); + EntityManager em = Mockito.mock(EntityManager.class); + Query query = Mockito.mock(Query.class); + Mockito.when(emf.createEntityManager()).thenReturn(em); + Mockito.when(em.createNamedQuery(Mockito.any())).thenReturn(query); + + // Test lockdown + JPAUtils utils = JPAUtils.getJPAUtilsInstance(emf); + assertEquals(utils.dbLockdownIgnoreErrors(), false); + utils.dbLockdown(); + fail("Expecting an exception"); + } } diff --git a/ONAP-REST/src/test/java/org/onap/policy/rest/adapter/AddressGroupJsonTest.java b/ONAP-REST/src/test/java/org/onap/policy/rest/adapter/AddressGroupJsonTest.java new file mode 100644 index 000000000..c0aa7925e --- /dev/null +++ b/ONAP-REST/src/test/java/org/onap/policy/rest/adapter/AddressGroupJsonTest.java @@ -0,0 +1,50 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP Policy Engine + * ================================================================================ + * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.rest.adapter; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import org.junit.Test; + +public class AddressGroupJsonTest { + @Test + public void testJson() { + // Setup test data + String value = "testVal"; + String value2 = "testVal2"; + + // Test constructors + AddressGroupJson json = new AddressGroupJson(); + json.setName(value); + AddressGroupJson json2 = new AddressGroupJson(); + json2.setName(value); + AddressGroupJson json3 = new AddressGroupJson(); + json3.setName(value2); + + // Test equals and hash functions + assertTrue(json.equals(json2)); + assertFalse(json.equals(json3)); + assertFalse(json.equals(null)); + assertFalse(json.equals(value)); + assertEquals(217, json.hashCode()); + } +} diff --git a/ONAP-REST/src/test/java/org/onap/policy/rest/adapter/ServiceGroupJsonTest.java b/ONAP-REST/src/test/java/org/onap/policy/rest/adapter/ServiceGroupJsonTest.java new file mode 100644 index 000000000..899a9b2b8 --- /dev/null +++ b/ONAP-REST/src/test/java/org/onap/policy/rest/adapter/ServiceGroupJsonTest.java @@ -0,0 +1,51 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP Policy Engine + * ================================================================================ + * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.rest.adapter; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import org.junit.Test; + +public class ServiceGroupJsonTest { + @Test + public void testJson() { + // Setup test data + String value = "testVal"; + String value2 = "testVal2"; + + // Test constructors + ServiceGroupJson json = new ServiceGroupJson(); + json.setName(value); + ServiceGroupJson json2 = new ServiceGroupJson(); + json2.setName(value); + ServiceGroupJson json3 = new ServiceGroupJson(); + json3.setName(value2); + + // Test equals and hash functions + assertTrue(json.equals(json2)); + assertFalse(json.equals(json3)); + assertFalse(json.equals(null)); + assertFalse(json.equals(value)); + assertEquals(217, json.hashCode()); + assertEquals(0, json.getMembers().size()); + } +} diff --git a/ONAP-REST/src/test/java/org/onap/policy/rest/util/PolicyItemSetChangeNotifierTest.java b/ONAP-REST/src/test/java/org/onap/policy/rest/util/PolicyItemSetChangeNotifierTest.java new file mode 100644 index 000000000..9e5ff5d9f --- /dev/null +++ b/ONAP-REST/src/test/java/org/onap/policy/rest/util/PolicyItemSetChangeNotifierTest.java @@ -0,0 +1,50 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP Policy Engine + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.rest.util; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.fail; +import org.junit.Test; +import org.mockito.Mockito; +import org.onap.policy.rest.util.PolicyContainer.ItemSetChangeEvent; +import org.onap.policy.rest.util.PolicyContainer.ItemSetChangeListener; + +public class PolicyItemSetChangeNotifierTest { + @Test + public void testNotifier() { + // Setup test data + ItemSetChangeListener listener = Mockito.mock(ItemSetChangeListener.class); + ItemSetChangeEvent event = Mockito.mock(ItemSetChangeEvent.class); + + // Test constructor + PolicyItemSetChangeNotifier notifier = new PolicyItemSetChangeNotifier(); + assertNotNull(notifier); + + // Test listener methods + try { + notifier.addItemSetChangeListener(listener); + notifier.fireItemSetChange(event); + notifier.removeItemSetChangeListener(listener); + } catch (Exception ex) { + fail("Not expecting any exceptions: " + ex); + } + } +} diff --git a/POLICY-SDK-APP/src/test/java/org/onap/policy/conf/HibernateSessionTest.java b/POLICY-SDK-APP/src/test/java/org/onap/policy/conf/HibernateSessionTest.java index e590fb3e9..f211c6df0 100644 --- a/POLICY-SDK-APP/src/test/java/org/onap/policy/conf/HibernateSessionTest.java +++ b/POLICY-SDK-APP/src/test/java/org/onap/policy/conf/HibernateSessionTest.java @@ -22,18 +22,23 @@ package org.onap.policy.conf; import static org.junit.Assert.assertNull; import org.hibernate.SessionFactory; +import org.junit.Before; import org.junit.Test; import org.mockito.Mockito; import org.onap.policy.controller.PolicyController; public class HibernateSessionTest { - @Test - public void testSession() { + @Before + public void setup() { PolicyController.setLogdbUrl("testURL"); PolicyController.setLogdbUserName("testUser"); PolicyController.setLogdbPassword("testPass"); PolicyController.setLogdbDialect("testDialect"); PolicyController.setLogdbDriver("testDriver"); + } + + @Test + public void testSession() { SessionFactory factory = Mockito.mock(SessionFactory.class); HibernateSession.setSession(factory); assertNull(HibernateSession.getSession()); diff --git a/docs/platform/index.rst b/docs/platform/index.rst index 1bedf09b0..2b89ee752 100644 --- a/docs/platform/index.rst +++ b/docs/platform/index.rst @@ -10,7 +10,6 @@ Policy Engine Platform offeredapis.rst installation.rst policygui.rst - modAmsterTemplate.rst Policy Software Architecture ---------------------------- @@ -39,8 +38,9 @@ Policy Platform Tutorials deployPDPPAP.rst guardpolicy.rst guardpdp.rst - runningEclipse.rst clsimulation.rst + modAmsterTemplate.rst + runningEclipse.rst tutorial_cl.rst tutorial_vDNS.rst tutorial_VOLTE.rst diff --git a/docs/platform/modAmsterTemplate.rst b/docs/platform/modAmsterTemplate.rst index 690dd5d70..c08dbb641 100644 --- a/docs/platform/modAmsterTemplate.rst +++ b/docs/platform/modAmsterTemplate.rst @@ -2,9 +2,9 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 -**************************************** -Modifying the Amsterdam release template -**************************************** +****************************** +Modifying the Release Template +****************************** .. contents:: :depth: 3 diff --git a/docs/platform/runningEclipse.rst b/docs/platform/runningEclipse.rst index 4d26fdac7..b2bcd88fa 100644 --- a/docs/platform/runningEclipse.rst +++ b/docs/platform/runningEclipse.rst @@ -44,7 +44,8 @@ An HTTP 200 message for the GET request will also appear in the console in Eclip .. image:: RunEcl_pdpd_200.png -.. seealso:: To create a controller and run a control loop please refer to Modifying the Amsterdam release template. + +.. seealso:: To create a controller and run a control loop, refer to `Modifying the Release Template `_. End of Document diff --git a/docs/platform/tutorial_cl.rst b/docs/platform/tutorial_cl.rst index f73bf8991..3395ea718 100644 --- a/docs/platform/tutorial_cl.rst +++ b/docs/platform/tutorial_cl.rst @@ -35,22 +35,17 @@ When the processing is done, you get the choice of immediately deploying the pol Proceed with testing your new policy as described in the specific tutorials: -• vCPE - Tutorial: Testing the vCPE use case in a standalone PDP-D -• vDNS - Tutorial: Testing the vDNS Use Case in a standalone PDP-D -• vFW - Tutorial: Testing the vFW flow in a standalone PDP-D -• VoLTE - Tutorial: Testing the VOLTE Use Case in a standalone PDP-D - -If you would like to deploy a control loop in Eclipse from the control loop archetype template: - -• Modifying the Amsterdam release template +• vCPE - `Tutorial: Testing the vCPE use case in a standalone PDP-D `_ +• vDNS - `Tutorial: Testing the vDNS Use Case in a standalone PDP-D `_ +• vFW - `Tutorial: Testing the vFW flow in a standalone PDP-D `_ +• VoLTE - `Tutorial: Testing the VOLTE Use Case in a standalone PDP-D `_ +.. seealso:: To deploy a control loop in Eclipse from the control loop archetype template, refer to `Modifying the Release Template `_. End of Document - - .. SSNote: Wiki page ref. https://wiki.onap.org/display/DW/Tutorial%3A+Generating+and+Testing+your+own+Control+Loop+Operational+Policy+in+a+standalone+PDP-D