2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.daoImp;
23 import static org.junit.Assert.*;
26 import java.util.Date;
27 import java.util.List;
28 import java.util.Properties;
30 import javax.script.SimpleBindings;
32 import org.apache.tomcat.dbcp.dbcp2.BasicDataSource;
33 import org.h2.tools.Server;
34 import org.hibernate.SessionFactory;
35 import org.junit.After;
36 import org.junit.Before;
37 import org.junit.Test;
38 import org.onap.policy.common.logging.flexlogger.FlexLogger;
39 import org.onap.policy.common.logging.flexlogger.Logger;
40 import org.onap.policy.daoImp.CommonClassDaoImpl;
41 import org.onap.policy.rest.jpa.OnapName;
42 import org.onap.policy.rest.jpa.PolicyEntity;
43 import org.onap.policy.rest.jpa.PolicyVersion;
44 import org.onap.policy.rest.jpa.UserInfo;
45 import org.onap.policy.rest.jpa.WatchPolicyNotificationTable;
46 import org.springframework.orm.hibernate4.LocalSessionFactoryBuilder;
47 import org.springframework.test.annotation.Rollback;
48 import org.springframework.transaction.annotation.Transactional;
50 public class CommonClassDaoImplTest{
52 private static Logger logger = FlexLogger.getLogger(CommonClassDaoImplTest.class);
54 SessionFactory sessionFactory;
56 CommonClassDaoImpl commonClassDao;
59 public void setUp() throws Exception{
61 BasicDataSource dataSource = new BasicDataSource();
62 dataSource.setDriverClassName("org.h2.Driver");
63 // In-memory DB for testing
64 dataSource.setUrl("jdbc:h2:mem:test");
65 dataSource.setUsername("sa");
66 dataSource.setPassword("");
67 LocalSessionFactoryBuilder sessionBuilder = new LocalSessionFactoryBuilder(dataSource);
68 sessionBuilder.scanPackages("org.onap.*", "com.*");
70 Properties properties = new Properties();
71 properties.put("hibernate.show_sql", "false");
72 properties.put("hibernate.dialect", "org.hibernate.dialect.H2Dialect");
73 properties.put("hibernate.hbm2ddl.auto", "drop");
74 properties.put("hibernate.hbm2ddl.auto", "create");
76 sessionBuilder.addProperties(properties);
77 sessionFactory = sessionBuilder.buildSessionFactory();
79 // Set up dao with SessionFactory
80 commonClassDao = new CommonClassDaoImpl();
81 CommonClassDaoImpl.setSessionfactory(sessionFactory);
83 // Create TCP server for troubleshooting
84 server = Server.createTcpServer("-tcpAllowOthers").start();
85 System.out.println("URL: jdbc:h2:" + server.getURL() + "/mem:test");
88 System.err.println(e);
99 UserInfo userinfo = new UserInfo();
100 userinfo.setUserLoginId("Test");
101 userinfo.setUserName("Test");
102 commonClassDao.save(userinfo);
103 OnapName onapName = new OnapName();
104 onapName.setOnapName("Test");
105 onapName.setUserCreatedBy(userinfo);
106 onapName.setUserModifiedBy(userinfo);
107 onapName.setModifiedDate(new Date());
108 commonClassDao.save(onapName);
111 List<Object> list = commonClassDao.getData(OnapName.class);
112 assertTrue(list.size() == 1);
113 logger.debug(list.size());
114 logger.debug(list.get(0));
116 logger.debug("Exception Occured"+e);
124 public void testUser(){
127 UserInfo userinfo = new UserInfo();
128 String loginId_userName = "Test";
129 userinfo.setUserLoginId(loginId_userName);
130 userinfo.setUserName(loginId_userName);
131 commonClassDao.save(userinfo);
134 List<Object> dataCur = commonClassDao.getDataByQuery("from UserInfo", new SimpleBindings());
136 assertEquals(1, dataCur.size());
137 UserInfo cur = (UserInfo) dataCur.get(0);
138 assertEquals(loginId_userName, cur.getUserLoginId());
139 assertEquals(loginId_userName, cur.getUserName());
141 assertFalse(dataCur.isEmpty());
144 logger.debug("Exception Occured"+e);
152 public void getDataByQuery_DashboardController(){
155 PolicyEntity pe = new PolicyEntity();
156 String name = "TestPolicy";
157 pe.setPolicyName(name);
158 pe.setPolicyData("dummyData");
160 pe.setScope("dummyScope");
161 pe.setDescription("descr");
162 pe.setDeleted(false);
163 pe.setCreatedBy("Test");
164 commonClassDao.save(pe);
166 List<Object> dataCur = commonClassDao.getDataByQuery("from PolicyEntity", new SimpleBindings());
168 assertTrue(1 == dataCur.size());
169 assertTrue( dataCur.get(0) instanceof PolicyEntity);
170 assertEquals( name, ((PolicyEntity)dataCur.get(0)).getPolicyName());
171 assertEquals( pe, ((PolicyEntity)dataCur.get(0)));
175 logger.debug("Exception Occured"+e);
183 public void getDataByQuery_AutoPushController(){
186 PolicyVersion pv = new PolicyVersion();
187 pv.setActiveVersion(2);
188 pv.setPolicyName("myPname");
190 pv.setCreatedBy("Test");
191 pv.setModifiedBy("Test");
193 PolicyVersion pv2 = new PolicyVersion();
194 pv2.setActiveVersion(1);
195 pv2.setPolicyName("test");
197 pv2.setCreatedBy("Test");
198 pv2.setModifiedBy("Test");
200 commonClassDao.save(pv);
201 commonClassDao.save(pv2);
205 String query = "From PolicyVersion where policy_name like :scope and id > 0";
206 SimpleBindings params = new SimpleBindings();
207 params.put("scope", scope);
208 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
211 assertTrue(1 == dataCur.size());
212 assertEquals(pv, (PolicyVersion) dataCur.get(0));
215 logger.debug("Exception Occured"+e);
223 public void getDataByQuery_PolicyNotificationMail(){
226 WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
227 String policyFileName = "banana";
228 watch.setLoginIds("Test");
229 watch.setPolicyName("bananaWatch");
230 commonClassDao.save(watch);
232 if(policyFileName.contains("/")){
233 policyFileName = policyFileName.substring(0, policyFileName.indexOf("/"));
234 policyFileName = policyFileName.replace("/", File.separator);
236 if(policyFileName.contains("\\")){
237 policyFileName = policyFileName.substring(0, policyFileName.indexOf("\\"));
238 policyFileName = policyFileName.replace("\\", "\\\\");
242 // Current Implementation
243 policyFileName += "%";
244 String query = "from WatchPolicyNotificationTable where policyName like:policyFileName";
245 SimpleBindings params = new SimpleBindings();
246 params.put("policyFileName", policyFileName);
247 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
250 assertTrue(dataCur.size() == 1);
251 assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
252 assertEquals(watch, (WatchPolicyNotificationTable) dataCur.get(0));
255 logger.debug("Exception Occured"+e);
264 public void getDataByQuery_PolicyController(){
267 PolicyEntity pe = new PolicyEntity();
268 String name = "actionDummy";
269 pe.setPolicyName(name);
270 pe.setPolicyData("dummyData");
272 pe.setScope("dummyScope");
273 pe.setDescription("descr");
274 pe.setDeleted(false);
275 pe.setCreatedBy("Test");
276 commonClassDao.save(pe);
278 String dbCheckName = "dummyScope:action";
279 String[] splitDBCheckName = dbCheckName.split(":");
282 // Current Implementation
283 String query = "FROM PolicyEntity where policyName like :splitDBCheckName1 and scope = :splitDBCheckName0";
284 SimpleBindings params = new SimpleBindings();
285 params.put("splitDBCheckName1", splitDBCheckName[1] + "%");
286 params.put("splitDBCheckName0", splitDBCheckName[0]);
287 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
290 assertTrue(dataCur.size() == 1);
291 assertTrue(dataCur.get(0) instanceof PolicyEntity);
292 assertEquals(pe, (PolicyEntity) dataCur.get(0));
295 logger.debug("Exception Occured"+e);
303 public void getDataByQuery_PolicyNotificationController(){
306 WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
307 String finalName = "banana"; // Policy File Name
308 String userId = "Test";
309 watch.setLoginIds(userId);
310 watch.setPolicyName(finalName);
311 commonClassDao.save(watch);
314 // Current Implementation
315 String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
316 SimpleBindings params = new SimpleBindings();
317 params.put("finalName", finalName);
318 params.put("userId", userId);
319 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
322 assertTrue(dataCur.size() == 1);
323 assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
324 assertEquals(watch, (WatchPolicyNotificationTable) dataCur.get(0) );
327 logger.debug("Exception Occured"+e);
333 * Test for SQL Injection Protection
339 public void getDataByQuery_PolicyNotificationController_Injection(){
342 WatchPolicyNotificationTable watch = new WatchPolicyNotificationTable();
343 String userId = "Test";
344 watch.setLoginIds(userId);
345 watch.setPolicyName("banana");
346 commonClassDao.save(watch);
348 WatchPolicyNotificationTable watch2 = new WatchPolicyNotificationTable();
349 watch2.setLoginIds(userId);
350 watch2.setPolicyName("banana2");
351 commonClassDao.save(watch2);
353 // SQL Injection attempt
354 String finalName = "banana' OR '1'='1";
357 // Current Implementation
358 String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
359 SimpleBindings params = new SimpleBindings();
360 params.put("finalName", finalName);
361 params.put("userId", userId);
362 List<Object> dataCur = commonClassDao.getDataByQuery(query, params);
365 assertTrue(dataCur.size() <= 1);
367 if(dataCur.size() >= 1){
368 assertTrue(dataCur.get(0) instanceof WatchPolicyNotificationTable);
369 assertFalse(watch.equals((WatchPolicyNotificationTable) dataCur.get(0)));
370 assertFalse(watch.equals((WatchPolicyNotificationTable) dataCur.get(0)));
373 logger.debug("Exception Occured"+e);
380 public void deleteDB(){
381 sessionFactory.close();