ONAP-REST/src/test/java/org/onap/policy/rest/daoimpl/PolicyValidationDaoImplTest.java

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * ONAP-REST
   4  * ================================================================================
   5  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20 package org.onap.policy.rest.daoimpl;
  21
  22 import static org.junit.Assert.*;
  23
  24 import java.io.File;
  25 import java.util.ArrayList;
  26 import java.util.Date;
  27 import java.util.List;
  28 import java.util.Properties;
  29
  30 import javax.script.SimpleBindings;
  31
  32 import org.apache.tomcat.dbcp.dbcp2.BasicDataSource;
  33 import org.h2.tools.Server;
  34 import org.hibernate.SessionFactory;
  35 import org.junit.After;
  36 import org.junit.Before;
  37 import org.junit.Test;
  38 import org.onap.policy.common.logging.flexlogger.FlexLogger;
  39 import org.onap.policy.common.logging.flexlogger.Logger;
  40 //import org.onap.policy.conf.HibernateSession;
  41 //import org.onap.policy.controller.PolicyController;
  42 import org.onap.policy.rest.jpa.OnapName;
  43 import org.onap.policy.rest.jpa.PolicyEntity;
  44 import org.onap.policy.rest.jpa.PolicyRoles;
  45 import org.onap.policy.rest.jpa.PolicyVersion;
  46 import org.onap.policy.rest.jpa.SystemLogDB;
  47 import org.onap.policy.rest.jpa.UserInfo;
  48 import org.onap.policy.rest.jpa.WatchPolicyNotificationTable;
  49 import org.springframework.orm.hibernate4.LocalSessionFactoryBuilder;
  50 import org.springframework.transaction.annotation.Transactional;
  51 import org.springframework.test.annotation.Rollback;
  52
  53
  54 public class PolicyValidationDaoImplTest {
  55
  56     private static Logger logger = FlexLogger.getLogger(PolicyValidationDaoImplTest.class);
  57
  58     SessionFactory sessionFactory;
  59     Server server;
  60     PolicyValidationDaoImpl commonClassDao;
  61
  62     @Before
  63     public void setUp() throws Exception{
  64         try{
  65             BasicDataSource dataSource = new BasicDataSource();
  66             dataSource.setDriverClassName("org.h2.Driver");
  67             // In-memory DB for testing
  68             dataSource.setUrl("jdbc:h2:mem:test");
  69             dataSource.setUsername("sa");
  70             dataSource.setPassword("");
  71             LocalSessionFactoryBuilder sessionBuilder = new LocalSessionFactoryBuilder(dataSource);
  72             sessionBuilder.scanPackages("org.onap.*", "com.*");
  73
  74             Properties properties = new Properties();
  75             properties.put("hibernate.show_sql", "false");
  76             properties.put("hibernate.dialect", "org.hibernate.dialect.H2Dialect");
  77             properties.put("hibernate.hbm2ddl.auto", "drop");
  78             properties.put("hibernate.hbm2ddl.auto", "create");
  79
  80             sessionBuilder.addProperties(properties);
  81             sessionFactory = sessionBuilder.buildSessionFactory();
  82
  83             // Set up dao with SessionFactory
  84             commonClassDao = new PolicyValidationDaoImpl();
  85             PolicyValidationDaoImpl.setSessionfactory(sessionFactory);
  86             //PolicyController.setLogTableLimit("1");
  87             //HibernateSession.setSession(sessionFactory);
  88             SystemLogDB data1 = new SystemLogDB();
  89             data1.setDate(new Date());
  90             data1.setLogtype("INFO");
  91             data1.setRemote("Test");
  92             data1.setSystem("Test");
  93             data1.setType("Test");
  94             SystemLogDB data2 = new SystemLogDB();
  95             data2.setDate(new Date());
  96             data2.setLogtype("error");
  97             data2.setRemote("Test");
  98             data2.setSystem("Test");
  99             data2.setType("Test");
 100             //HibernateSession.getSession().save(data1);
 101             //HibernateSession.getSession().save(data2);
 102
 103             // Create TCP server for troubleshooting
 104             server = Server.createTcpServer("-tcpAllowOthers").start();
 105             System.out.println("URL: jdbc:h2:" + server.getURL() + "/mem:test");
 106
 107         }catch(Exception e){
 108             System.err.println(e);
 109             fail();
 110         }
 111     }
 112
 113     @Test
 114     @Transactional
 115     @Rollback(true)
 116     public void testDB(){
 117         try{
 118             // Add data
 119             UserInfo userinfo = new UserInfo();
 120             userinfo.setUserLoginId("Test");
 121             userinfo.setUserName("Test");
 122             commonClassDao.save(userinfo);
 123             OnapName onapName = new OnapName();
 124             onapName.setOnapName("Test");
 125             onapName.setUserCreatedBy(userinfo);
 126             onapName.setUserModifiedBy(userinfo);
 127             onapName.setModifiedDate(new Date());
 128             commonClassDao.save(onapName);
 129
 130
 131             List<Object> list = commonClassDao.getData(OnapName.class);
 132             assertTrue(list.size() == 1);
 133             logger.debug(list.size());
 134             logger.debug(list.get(0));
 135         }catch(Exception e){
 136             logger.debug("Exception Occured"+e);
 137             fail();
 138         }
 139     }
 140
 141     @Test
 142     @Transactional
 143     @Rollback(true)
 144     public void testUser(){
 145         try{
 146             // Add data
 147             UserInfo userinfo = new UserInfo();
 148             String loginId_userName = "Test";
 149             userinfo.setUserLoginId(loginId_userName);
 150             userinfo.setUserName(loginId_userName);
 151             commonClassDao.save(userinfo);
 152
 153
 154             List<Object> dataCur = commonClassDao.getDataByQuery("from UserInfo", new SimpleBindings());
 155
 156             assertEquals(1, dataCur.size());
 157             UserInfo cur = (UserInfo) dataCur.get(0);
 158             assertEquals(loginId_userName, cur.getUserLoginId());
 159             assertEquals(loginId_userName, cur.getUserName());
 160
 161             assertFalse(dataCur.isEmpty());
 162
 163         }catch(Exception e){
 164             logger.debug("Exception Occured"+e);
 165             fail();
 166         }
 167     }
 168
 169     @Test
 170     @Transactional
 171     @Rollback(true)
 172     public void getDataByQuery_DashboardController(){
 173         try{
 174             // Add data
 175             PolicyEntity pe = new PolicyEntity();
 176             String name = "TestPolicy";
 177             pe.setPolicyName(name);
 178             pe.setPolicyData("dummyData");
 179             pe.prePersist();
 180             pe.setScope("dummyScope");
 181             pe.setDescription("descr");
 182             pe.setDeleted(false);
 183             pe.setCreatedBy("Test");
 184             commonClassDao.save(pe);
 185
 186             List<Object> dataCur = commonClassDao.getDataByQuery("from PolicyEntity", new SimpleBindings());
 187
 188             assertTrue(1 == dataCur.size());
 189             assertTrue( dataCur.get(0) instanceof PolicyEntity);
 190             assertEquals( name,  ((PolicyEntity)dataCur.get(0)).getPolicyName());
 191             assertEquals( pe, ((PolicyEntity)dataCur.get(0)));
 192
 193
 194         }catch(Exception e){
 195             logger.debug("Exception Occured"+e);
 196             fail();
 197         }
 198     }
 199
 200     @Test
 201     @Transactional
 202     @Rollback(true)
 203     public void getDataByQuery_AutoPushController(){
 204         try{
 205             // Add data
 206             PolicyVersion pv = new PolicyVersion();
 207             pv.setActiveVersion(2);
 208             pv.setPolicyName("myPname");
 209             pv.prePersist();
 210             pv.setCreatedBy("Test");
 211             pv.setModifiedBy("Test");
 212
 213             PolicyVersion pv2 = new PolicyVersion();
 214             pv2.setActiveVersion(1);
 215             pv2.setPolicyName("test");
 216             pv2.prePersist();
 217             pv2.setCreatedBy("Test");
 218             pv2.setModifiedBy("Test");
 219
 220             commonClassDao.save(pv);
 221             commonClassDao.save(pv2);
 222
 223             String scope = "my";
 224             scope += "%";
 225             String query = "From PolicyVersion where policy_name like :scope and id > 0";
 226             SimpleBindings params = new SimpleBindings();
 227             params.put("scope", scope);
 228             List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
 229
 230
 231             assertTrue(1 == dataCur.size());
 232             assertEquals(pv, (PolicyVersion) dataCur.get(0));
 233
 234         }catch(Exception e){
 235             logger.debug("Exception Occured"+e);
 236             fail();
 237         }
 238     }
 239
 240     @Test
 241     @Transactional
 242     @Rollback(true)
 243     public void getDataByQuery_PolicyNotificationMail(){
 244         try{
 245             // Add data
 246             WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
 247             String policyFileName = "banana";
 248             watch.setLoginIds("Test");
 249             watch.setPolicyName("bananaWatch");
 250             commonClassDao.save(watch);
 251
 252             if(policyFileName.contains("/")){
 253                 policyFileName = policyFileName.substring(0, policyFileName.indexOf("/"));
 254                 policyFileName = policyFileName.replace("/", File.separator);
 255             }
 256             if(policyFileName.contains("\\")){
 257                 policyFileName = policyFileName.substring(0, policyFileName.indexOf("\\"));
 258                 policyFileName = policyFileName.replace("\\", "\\\\");
 259             }
 260
 261
 262             // Current Implementation
 263             policyFileName += "%";
 264             String query = "from WatchPolicyNotificationTable where policyName like:policyFileName";
 265             SimpleBindings params = new SimpleBindings();
 266             params.put("policyFileName", policyFileName);
 267             List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
 268
 269             // Assertions
 270             assertTrue(dataCur.size() == 1);
 271             assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
 272             assertEquals(watch, (WatchPolicyNotificationTable) dataCur.get(0));
 273
 274         }catch(Exception e){
 275             logger.debug("Exception Occured"+e);
 276             fail();
 277         }
 278     }
 279
 280
 281     @Test
 282     @Transactional
 283     @Rollback(true)
 284     public void getDataByQuery_PolicyController(){
 285         try{
 286             // Add data
 287             PolicyEntity pe = new PolicyEntity();
 288             String name = "actionDummy";
 289             pe.setPolicyName(name);
 290             pe.setPolicyData("dummyData");
 291             pe.prePersist();
 292             pe.setScope("dummyScope");
 293             pe.setDescription("descr");
 294             pe.setDeleted(false);
 295             pe.setCreatedBy("Test");
 296             commonClassDao.save(pe);
 297
 298             String dbCheckName = "dummyScope:action";
 299             String[] splitDBCheckName = dbCheckName.split(":");
 300
 301
 302             // Current Implementation
 303             String query =   "FROM PolicyEntity where policyName like :splitDBCheckName1 and scope = :splitDBCheckName0";
 304             SimpleBindings params = new SimpleBindings();
 305             params.put("splitDBCheckName1", splitDBCheckName[1] + "%");
 306             params.put("splitDBCheckName0", splitDBCheckName[0]);
 307             List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
 308
 309             // Assertions
 310             assertTrue(dataCur.size() == 1);
 311             assertTrue(dataCur.get(0) instanceof PolicyEntity);
 312             assertEquals(pe, (PolicyEntity) dataCur.get(0));
 313
 314         }catch(Exception e){
 315             logger.debug("Exception Occured"+e);
 316             fail();
 317         }
 318     }
 319
 320     @Test
 321     @Transactional
 322     @Rollback(true)
 323     public void getDataByQuery_PolicyNotificationController(){
 324         try{
 325             // Add data
 326             WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
 327             String finalName = "banana"; // Policy File Name
 328             String userId = "Test";
 329             watch.setLoginIds(userId);
 330             watch.setPolicyName(finalName);
 331             commonClassDao.save(watch);
 332
 333
 334             // Current Implementation
 335             String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
 336             SimpleBindings params = new SimpleBindings();
 337             params.put("finalName", finalName);
 338             params.put("userId", userId);
 339             List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
 340
 341             // Assertions
 342             assertTrue(dataCur.size() == 1);
 343             assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
 344             assertEquals(watch, (WatchPolicyNotificationTable) dataCur.get(0) );
 345
 346         }catch(Exception e){
 347             logger.debug("Exception Occured"+e);
 348             fail();
 349         }
 350     }
 351
 352
 353      /* Test for SQL Injection Protection
 354      */
 355
 356     @Test
 357     @Transactional
 358     @Rollback(true)
 359     public void getDataByQuery_PolicyNotificationController_Injection(){
 360         try{
 361             // Add data
 362             WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
 363             String userId = "Test";
 364             watch.setLoginIds(userId);
 365             watch.setPolicyName("banana");
 366             commonClassDao.save(watch);
 367
 368             WatchPolicyNotificationTable watch2 = new WatchPolicyNotificationTable();
 369             watch2.setLoginIds(userId);
 370             watch2.setPolicyName("banana2");
 371             commonClassDao.save(watch2);
 372
 373             // SQL Injection attempt
 374             String finalName = "banana' OR '1'='1";
 375
 376
 377             // Current Implementation
 378             String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
 379             SimpleBindings params = new SimpleBindings();
 380             params.put("finalName", finalName);
 381             params.put("userId", userId);
 382             List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
 383
 384             // Assertions
 385             assertTrue(dataCur.size() <= 1);
 386
 387             if(dataCur.size() >= 1){
 388                 assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
 389                 assertFalse(watch.equals((WatchPolicyNotificationTable) dataCur.get(0)));
 390                 assertFalse(watch.equals((WatchPolicyNotificationTable) dataCur.get(0)));
 391             }
 392         }catch(Exception e){
 393             logger.debug("Exception Occured"+e);
 394             fail();
 395         }
 396     }
 397
 398     @Test
 399     public void testCommonClassDaoImplMethods(){
 400         try{
 401             UserInfo userInfo = new UserInfo();
 402             userInfo.setUserLoginId("TestID");
 403             userInfo.setUserName("Test");
 404             commonClassDao.save(userInfo);
 405             List<Object> data = commonClassDao.getDataById(UserInfo.class, "userLoginId:userName", "TestID:Test");
 406             assertTrue(data.size() == 1);
 407             UserInfo userInfoUpdate = (UserInfo) data.get(0);
 408             userInfoUpdate.setUserName("Test1");
 409             commonClassDao.update(userInfoUpdate);
 410             List<String> data1 = commonClassDao.getDataByColumn(UserInfo.class, "userLoginId");
 411             assertTrue(data1.size() == 1);
 412             UserInfo data2 = (UserInfo) commonClassDao.getEntityItem(UserInfo.class, "userLoginId:userName", "TestID:Test1");
 413             assertTrue("TestID".equals(data2.getUserLoginId()));
 414             List<Object> data3 = commonClassDao.checkDuplicateEntry("TestID:Test1", "userLoginId:userName", UserInfo.class);
 415             assertTrue(data3.size() == 1);
 416             PolicyRoles roles = new PolicyRoles();
 417             roles.setRole("admin");
 418             roles.setLoginId(userInfo);
 419             roles.setScope("test");
 420             commonClassDao.save(roles);
 421             List<PolicyRoles> roles1 = commonClassDao.getUserRoles();
 422             assertTrue(roles1.size() == 1);
 423             List<String> multipleData = new ArrayList<>();
 424             multipleData.add("TestID:Test1");
 425             List<Object> data4 = commonClassDao.getMultipleDataOnAddingConjunction(UserInfo.class, "userLoginId:userName", multipleData);
 426             assertTrue(data4.size() == 1);
 427             commonClassDao.delete(data2);
 428         }catch(Exception e){
 429             logger.debug("Exception Occured"+e);
 430             fail();
 431         }
 432     }
 433
 434     @After
 435     public void deleteDB(){
 436         sessionFactory.close();
 437         server.stop();
 438
 439     }
 440
 441 }