From: Manoop Talasila Date: Tue, 29 Oct 2019 14:29:40 +0000 (+0000) Subject: Merge "Fix sonar issues" X-Git-Tag: 3.2.0~68 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=df4d078a7e3bcb1d566b0f3f69108979ecaf62d0;hp=78b33155a14fd35d9c0db7b0fa91fdfd7573bfbb;p=portal.git Merge "Fix sonar issues" --- diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml index 1a04c40d..070ee05c 100644 --- a/ecomp-portal-BE-common/pom.xml +++ b/ecomp-portal-BE-common/pom.xml @@ -136,7 +136,7 @@ com.att.eelf eelf-core - 1.0.0-oss + 1.0.1-oss com.google.code.gson @@ -204,7 +204,7 @@ org.hibernate hibernate-validator - 5.2.5.Final + 6.0.17.Final com.fasterxml.jackson.core jackson-annotations - ${fasterxml.version} + 2.8.10 com.fasterxml.jackson.core jackson-core - ${fasterxml.version} + 2.8.10 com.fasterxml.jackson.core jackson-databind - ${fasterxml.version} + 2.8.11.4 postgresql @@ -311,7 +311,7 @@ org.elasticsearch elasticsearch - 6.8.2 + 7.4.1 org.apache.lucene @@ -338,7 +338,7 @@ org.apache.tomcat tomcat-websocket - 8.0.52 + 9.0.27 provided @@ -361,7 +361,7 @@ org.apache.poi poi - 3.17 + 4.1.1 commons-logging @@ -391,7 +391,7 @@ org.apache.poi poi-scratchpad - 3.17 + 4.1.1 commons-logging @@ -422,7 +422,7 @@ org.quartz-scheduler quartz - 2.2.1 + 2.3.1 @@ -434,7 +434,7 @@ org.bouncycastle bcprov-jdk15on - 1.60 + 1.64 commons-codec @@ -572,7 +572,7 @@ com.orbitz.consul consul-client - 1.3.6 + 1.3.9 commons-fileupload @@ -605,17 +605,17 @@ jackson-jaxrs-json-provider 2.10.0 - + - org.glassfish.web + org.glassfish javax.el - 2.2.6 + 3.0.0 javax.el - el-api - 2.2.1-b04 + javax.el-api + 3.0.0 @@ -626,7 +626,7 @@ org.glassfish.jersey.connectors jersey-jetty-connector - 2.28 + 2.29.1 @@ -672,7 +672,7 @@ com.thoughtworks.xstream xstream - 1.4.11 + 1.4.11.1 ch.qos.logback @@ -752,7 +752,7 @@ com.alibaba fastjson - 1.2.25 + 1.2.62 diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java index 0be0d357..c34311c3 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java @@ -739,6 +739,11 @@ public class AppsController extends EPRestrictedBaseController { user = EPUserUtils.getUserSession(request); if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdminOfAnyActiveorInactiveApplication(user, oldEPApp) ) { EcompPortalUtils.setBadPermissions(user, response, "putOnboardingApp"); + } else if(!dataValidator.isValid(modifiedOnboardingApp)){ + logger.error(EELFLoggerDelegate.errorLogger, "putOnboardingApp is not valid"); + EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/onboardingApps", "POST result =", + response.getStatus()); + return fieldsValidator; } else { if((oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && !oldEPApp.getNameSpace().equalsIgnoreCase(modifiedOnboardingApp.nameSpace) && modifiedOnboardingApp.nameSpace!= null ) || (!oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && modifiedOnboardingApp.nameSpace!= null)) { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/BasicAuthAccountController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/BasicAuthAccountController.java index 9024570c..f655d352 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/BasicAuthAccountController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/BasicAuthAccountController.java @@ -53,6 +53,7 @@ import org.onap.portalapp.portal.logging.aop.EPAuditLog; import org.onap.portalapp.portal.service.AdminRolesService; import org.onap.portalapp.portal.service.BasicAuthAccountService; import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.validation.DataValidator; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.EnableAspectJAutoProxy; @@ -74,6 +75,7 @@ public class BasicAuthAccountController extends EPRestrictedBaseController { private static final String ADMIN_ONLY_OPERATIONS = "Admin Only Operation! "; private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(BasicAuthAccountController.class); + private final DataValidator dataValidator = new DataValidator(); @Autowired private BasicAuthAccountService basicAuthAccountService; @@ -98,6 +100,8 @@ public class BasicAuthAccountController extends EPRestrictedBaseController { public PortalRestResponse createBasicAuthAccount(HttpServletRequest request, HttpServletResponse response, @RequestBody BasicAuthCredentials newBasicAuthAccount) throws Exception { + + EPUser user = EPUserUtils.getUserSession(request); if (!adminRolesService.isSuperAdmin(user)) { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, AUTHORIZATION_REQUIRED, @@ -108,7 +112,18 @@ public class BasicAuthAccountController extends EPRestrictedBaseController { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, "newBasicAuthAccount cannot be null or empty"); } - long accountId = basicAuthAccountService.saveBasicAuthAccount(newBasicAuthAccount); + + if(!dataValidator.isValid(newBasicAuthAccount)){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "createBasicAuthAccount() failed, new credential are not safe", + ""); + } + + long accountId; + try { + accountId = basicAuthAccountService.saveBasicAuthAccount(newBasicAuthAccount); + } catch (Exception e){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, e.getMessage()); + } List endpointIdList = new ArrayList<>(); try { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java index 4326eac3..97af4373 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java @@ -33,7 +33,7 @@ * * ============LICENSE_END============================================ * - * + * */ package org.onap.portalapp.portal.controller; @@ -71,9 +71,11 @@ import org.onap.portalapp.portal.transport.FunctionalMenuItemWithRoles; import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.validation.DataValidator; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.util.SystemProperties; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; @@ -86,12 +88,13 @@ import org.springframework.web.bind.annotation.RestController; * Supports menus at the top of the Portal app landing page. */ @RestController -@org.springframework.context.annotation.Configuration +@Configuration @EnableAspectJAutoProxy @EPAuditLog public class FunctionalMenuController extends EPRestrictedBaseController { private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(FunctionalMenuController.class); + private final DataValidator dataValidator = new DataValidator(); @Autowired private AdminRolesService adminRolesService; @@ -104,7 +107,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all the FunctionalMenuItems. - * + * * @param request * HttpServletRequest * @param response @@ -127,7 +130,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to get ONAP Portal Title. - * + * * @param request * HttpServletRequest * @param response @@ -152,7 +155,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * RESTful service method to fetch all the FunctionalMenuItems, both active and * inactive, for the EditFunctionalMenu feature. Can only be accessed by the * portal admin. - * + * * @param request * HttpServletRequest * @param response @@ -182,7 +185,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all the FunctionalMenuItems, active , for the * Functional menu in notification Tree feature. - * + * * @param request * HttpServletRequest * @param response @@ -209,7 +212,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all FunctionalMenuItems associated with an * application. - * + * * @param request * HttpServletRequest * @param appId @@ -236,7 +239,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all FunctionalMenuItems associated with the * applications and roles that a user has access to. - * + * * @param request * HttpServletRequest * @param orgUserId @@ -264,7 +267,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all FunctionalMenuItems associated with the * applications and roles that the authenticated user has access to. - * + * * @param request * HttpServletRequest * @param response @@ -299,7 +302,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch the details for a functional menu item. * Requirement: you must be the ONAP portal super admin user. - * + * * @param request * HttpServletRequest * @param response @@ -333,9 +336,9 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to create a new menu item. - * + * * Requirement: you must be the ONAP portal super admin user. - * + * * @param request * HttpServletRequest * @param response @@ -349,6 +352,14 @@ public class FunctionalMenuController extends EPRestrictedBaseController { @RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); FieldsValidator fieldsValidator = null; + + if(!dataValidator.isValid(menuItemJson)){ + fieldsValidator = new FieldsValidator(); + logger.warn(EELFLoggerDelegate.debugLogger,"FunctionalMenuController.createFunctionalMenuItem not valid object"); + fieldsValidator.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE; + return fieldsValidator; + } + if (!adminRolesService.isSuperAdmin(user)) { logger.debug(EELFLoggerDelegate.debugLogger, "FunctionalMenuController.createFunctionalMenuItem bad permissions"); @@ -365,9 +376,9 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to update an existing menu item - * + * * Requirement: you must be the ONAP portal super admin user. - * + * * @param request * HttpServletRequest * @param response @@ -381,6 +392,14 @@ public class FunctionalMenuController extends EPRestrictedBaseController { @RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); FieldsValidator fieldsValidator = null; + + if(!dataValidator.isValid(menuItemJson)){ + fieldsValidator = new FieldsValidator(); + logger.warn(EELFLoggerDelegate.debugLogger,"FunctionalMenuController.createFunctionalMenuItem not valid object"); + fieldsValidator.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE; + return fieldsValidator; + } + if (!adminRolesService.isSuperAdmin(user)) { EcompPortalUtils.setBadPermissions(user, response, "editFunctionalMenuItem"); } else { @@ -395,7 +414,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to delete a menu item - * + * * @param request * HttpServletRequest * @param response @@ -423,7 +442,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service to regenerate table - * + * * @param request * HttpServletRequest * @param response @@ -450,7 +469,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESful service to set a favorite item. - * + * * @param request * HttpServletRequest * @param response @@ -476,7 +495,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service to get favorites for the current user as identified in the * session - * + * * @param request * HttpServletRequest * @param response @@ -499,7 +518,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service to delete a favorite menu item for the current user as * identified in the session. - * + * * @param request * HttpServletRequest * @param response @@ -528,7 +547,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * session (i.e., the CSP cookie); if that fails, calls the shared context * service to read the information from the database. Gives back what it found, * any of which may be null, as a JSON collection. - * + * * @param request * HttpServletRequest * @param response @@ -611,7 +630,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { }; /** - * + * * @param request * HttpServletRequest * @param userId diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java index 3f507726..2e1a2b46 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java @@ -58,6 +58,7 @@ import org.onap.portalapp.portal.logging.aop.EPAuditLog; import org.onap.portalapp.portal.service.WidgetMService; import org.onap.portalapp.portal.service.MicroserviceService; import org.onap.portalapp.portal.utils.EcompPortalUtils; +import org.onap.portalapp.validation.DataValidator; import org.onap.portalsdk.core.util.SystemProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.EnableAspectJAutoProxy; @@ -78,7 +79,7 @@ import org.springframework.web.client.RestTemplate; @EnableAspectJAutoProxy @EPAuditLog public class MicroserviceController extends EPRestrictedBaseController { - public static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory(); + private final DataValidator dataValidator = new DataValidator(); String whatService = "widgets-service"; RestTemplate template = new RestTemplate(); @@ -96,10 +97,7 @@ public class MicroserviceController extends EPRestrictedBaseController { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", "MicroserviceData cannot be null or empty"); }else { - Validator validator = VALIDATOR_FACTORY.getValidator(); - - Set> constraintViolations = validator.validate(newServiceData); - if(!constraintViolations.isEmpty()){ + if(!dataValidator.isValid(newServiceData)){ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", "MicroserviceData is not valid"); } @@ -129,10 +127,7 @@ public class MicroserviceController extends EPRestrictedBaseController { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", "MicroserviceData cannot be null or empty"); }else { - Validator validator = VALIDATOR_FACTORY.getValidator(); - - Set> constraintViolations = validator.validate(newServiceData); - if(!constraintViolations.isEmpty()){ + if(!dataValidator.isValid(newServiceData)){ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", "MicroserviceData is not valid"); } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/BasicAuthCredentials.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/BasicAuthCredentials.java index f0e93bcb..6d8a3f87 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/BasicAuthCredentials.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/BasicAuthCredentials.java @@ -39,21 +39,24 @@ package org.onap.portalapp.portal.domain; import java.util.List; +import javax.validation.Valid; +import org.hibernate.validator.constraints.SafeHtml; import org.onap.portalsdk.core.domain.support.DomainVo; public class BasicAuthCredentials extends DomainVo { private static final long serialVersionUID = 1L; - public BasicAuthCredentials() { - - } - private Long id; + @SafeHtml private String applicationName; + @SafeHtml private String username; + @SafeHtml private String password; + @SafeHtml private String isActive; + @Valid private List endpoints; public Long getId() { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPEndpoint.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPEndpoint.java index 92c8572b..97ecbcbe 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPEndpoint.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPEndpoint.java @@ -37,6 +37,7 @@ */ package org.onap.portalapp.portal.domain; +import org.hibernate.validator.constraints.SafeHtml; import org.onap.portalsdk.core.domain.support.DomainVo; public class EPEndpoint extends DomainVo { @@ -48,6 +49,7 @@ public class EPEndpoint extends DomainVo { } private Long id; + @SafeHtml private String name; public Long getId() { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImpl.java index 74cf1726..98b0f127 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImpl.java @@ -49,6 +49,7 @@ import org.onap.portalapp.portal.domain.EPEndpoint; import org.onap.portalapp.portal.domain.EPEndpointAccount; import org.onap.portalapp.portal.logging.aop.EPMetricsLog; import org.onap.portalapp.portal.utils.EPCommonSystemProperties; +import org.onap.portalapp.validation.DataValidator; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.onboarding.util.CipherUtil; import org.onap.portalsdk.core.service.DataAccessService; @@ -62,12 +63,16 @@ import org.springframework.stereotype.Service; @EPMetricsLog public class BasicAuthAccountServiceImpl implements BasicAuthAccountService{ EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MicroserviceServiceImpl.class); - + private final DataValidator dataValidator = new DataValidator(); @Autowired private DataAccessService dataAccessService; @Override public Long saveBasicAuthAccount(BasicAuthCredentials newCredential) throws Exception { + + if(!dataValidator.isValid(newCredential)){ + throw new Exception("saveBasicAuthAccount() failed, new credential are not safe"); + } if (newCredential.getPassword() != null) newCredential.setPassword(encryptedPassword(newCredential.getPassword())); try{ diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItemWithRoles.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItemWithRoles.java index 825cad46..9226f220 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItemWithRoles.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItemWithRoles.java @@ -39,6 +39,7 @@ package org.onap.portalapp.portal.transport; import java.io.Serializable; import java.util.List; +import org.hibernate.validator.constraints.SafeHtml; // This type is used to read the Json in from the API call from the Front End public class FunctionalMenuItemWithRoles implements Serializable { @@ -47,11 +48,11 @@ public class FunctionalMenuItemWithRoles implements Serializable { public Long menuId; public Integer column; - + @SafeHtml public String text; public Integer parentMenuId; - + @SafeHtml public String url; public Integer appid; diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java index 58745d22..f622faca 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java @@ -128,6 +128,33 @@ public class AppsControllerTest extends MockitoTestSuite{ MockEPUser mockUser = new MockEPUser(); + @Test + public void putOnboardingAppXSSTest() { + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + OnboardingApp onboardingApp = new OnboardingApp(); + onboardingApp.setUebTopicName("test"); + Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true); + Mockito.when(appService.modifyOnboardingApp(onboardingApp, user)).thenReturn(null); + Mockito.when(mockedResponse.getStatus()).thenReturn(200); + FieldsValidator actualFieldValidator = appsController.putOnboardingApp(mockedRequest, onboardingApp, + mockedResponse); + assertNull(actualFieldValidator); + } + + @Test + public void postOnboardingAppXSSTest() { + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + OnboardingApp onboardingApp = new OnboardingApp(); + onboardingApp.setUebKey("test"); + Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true); + Mockito.when(appService.addOnboardingApp(onboardingApp, user)).thenReturn(null); + FieldsValidator actualFieldValidator = appsController.postOnboardingApp(mockedRequest, onboardingApp, + mockedResponse); + assertNull(actualFieldValidator); + } + @Test public void getUserAppsTest() { EPUser user = mockUser.mockEPUser(); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/BasicAuthAccountControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/BasicAuthAccountControllerTest.java index c9d3c2fd..ff056d0d 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/BasicAuthAccountControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/BasicAuthAccountControllerTest.java @@ -134,6 +134,28 @@ public class BasicAuthAccountControllerTest extends MockitoTestSuite { assertEquals(actualResponse, expectedResponse); } + @Test + public void createBasicAuthAccountXSSTest() throws Exception { + BasicAuthCredentials basicAuthCredentials = basicAuthCredentials(); + basicAuthCredentials.setPassword(""); + + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true); + PortalRestResponse expectedResponse = new PortalRestResponse(); + expectedResponse.setMessage("createBasicAuthAccount() failed, new credential are not safe"); + expectedResponse.setResponse(""); + PortalRestStatusEnum portalRestStatusEnum = null; + expectedResponse.setStatus(portalRestStatusEnum.ERROR); + long accountd = 1; + + Mockito.when(basicAuthAccountService.saveBasicAuthAccount(basicAuthCredentials)).thenReturn(accountd); + + PortalRestResponse actualResponse = basicAuthAccountController.createBasicAuthAccount(mockedRequest, + mockedResponse, basicAuthCredentials); + assertEquals(actualResponse, expectedResponse); + } + @Test public void createBasicAuthAccountAdminTest() throws Exception { BasicAuthCredentials basicAuthCredentials = basicAuthCredentials(); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java index 84ee691e..79c85672 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/FunctionalMenuControllerTest.java @@ -175,6 +175,24 @@ public class FunctionalMenuControllerTest extends MockitoTestSuite { } + @Test + public void editFunctionalMenuItemXSSTest(){ + FunctionalMenuItemWithRoles menuItemJson = new FunctionalMenuItemWithRoles(); + menuItemJson.url = "1test_menu"; + FieldsValidator actualFieldsValidator = new FieldsValidator(); + FieldsValidator expectedFieldsValidator = new FieldsValidator(); + List fields = new ArrayList<>(); + expectedFieldsValidator.setHttpStatusCode(406L); + expectedFieldsValidator.setFields(fields); + expectedFieldsValidator.setErrorCode(null); + EPUser user = mockUser.mockEPUser(); + Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user); + Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true); + Mockito.when(functionalMenuService.editFunctionalMenuItem(menuItemJson)).thenReturn(actualFieldsValidator); + actualFieldsValidator = functionalMenuController.editFunctionalMenuItem(mockedRequest, menuItemJson, mockedResponse); + assertEquals(actualFieldsValidator, expectedFieldsValidator); + } + @Test public void getAppListTestIfAppDoesnotExistsInBusinessCardApplicationRolesList() throws IOException { @@ -459,7 +477,7 @@ public class FunctionalMenuControllerTest extends MockitoTestSuite { Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(false); Mockito.when(functionalMenuService.createFunctionalMenuItem(menuItemJson)).thenReturn(expectedFieldsValidator); actualFieldsValidator = functionalMenuController.createFunctionalMenuItem(mockedRequest, menuItemJson, mockedResponse); - assertEquals(actualFieldsValidator, expectedFieldsValidator); + assertEquals(expectedFieldsValidator, actualFieldsValidator); } @Test @@ -574,7 +592,7 @@ public class FunctionalMenuControllerTest extends MockitoTestSuite { Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(false); Mockito.when(functionalMenuService.editFunctionalMenuItem(menuItemJson)).thenReturn(actualFieldsValidator); actualFieldsValidator = functionalMenuController.editFunctionalMenuItem(mockedRequest, menuItemJson, mockedResponse); - assertEquals(actualFieldsValidator, expectedFieldsValidator); + assertEquals(expectedFieldsValidator, actualFieldsValidator); } @Test diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImplTest.java index 4409a4fc..6382bef4 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImplTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImplTest.java @@ -78,6 +78,15 @@ public class BasicAuthAccountServiceImplTest { Mockito.doNothing().when(dataAccessService).saveDomainObject(basicAuthCredentials, null); basicAuthAccountServiceImpl.saveBasicAuthAccount(basicAuthCredentials); + } + + @Test(expected= Exception.class) + public void saveBasicAuthAccountValidTest() throws Exception { + BasicAuthCredentials basicAuthCredentials = new BasicAuthCredentials(); + basicAuthCredentials.setPassword(""); + Mockito.doNothing().when(dataAccessService).saveDomainObject(basicAuthCredentials, null); + basicAuthAccountServiceImpl.saveBasicAuthAccount(basicAuthCredentials); + } @Test diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java index b1154aa3..8314e7b9 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java @@ -52,6 +52,7 @@ import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; import org.onap.portalapp.portal.logging.aop.EPAuditLog; import org.onap.portalapp.portal.service.UserService; import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.validation.DataValidator; import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; @@ -70,7 +71,7 @@ import lombok.NoArgsConstructor; @EPAuditLog @NoArgsConstructor public class AppsOSController extends AppsController { - private static final ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory(); + private final DataValidator dataValidator = new DataValidator(); private static final String FAILURE = "failure"; private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class); @@ -90,7 +91,10 @@ public class AppsOSController extends AppsController { if (newUser == null) return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, "New User cannot be null or empty"); - + if (!dataValidator.isValid(newUser)) { + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, + "New User is not safe html"); + } if (!(super.getAdminRolesService().isSuperAdmin(user) || super.getAdminRolesService().isAccountAdmin(user)) && !user.getLoginId().equalsIgnoreCase(newUser.getLoginId())) { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, @@ -113,11 +117,7 @@ public class AppsOSController extends AppsController { public String getCurrentUserProfile(HttpServletRequest request, @PathVariable("loginId") String loginId) { if (loginId != null) { - Validator validator = validatorFactory.getValidator(); - SecureString secureString = new SecureString(loginId); - Set> constraintViolations = validator.validate(secureString); - - if (!constraintViolations.isEmpty()) { + if (!dataValidator.isValid(new SecureString(loginId))) { return "loginId is not valid"; } } diff --git a/pom.xml b/pom.xml index 50674c3a..db715b2e 100644 --- a/pom.xml +++ b/pom.xml @@ -32,8 +32,7 @@ 4.3.24.RELEASE 4.2.13.RELEASE 4.3.11.Final - 2.8.10 - 1.0.0 + 2.8.11.4 0.7.6.201602180812 UTF-8