ecomp-portal-BE-os/src/test/java/org/onap/portalapp/filter/SecurityXssValidatorTest.java

   1 /*-
   2  * ============LICENSE_START==========================================
   3  * ONAP Portal
   4  * ===================================================================
   5  * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
   6  * ===================================================================
   7  *
   8  * Unless otherwise specified, all software contained herein is licensed
   9  * under the Apache License, Version 2.0 (the "License");
  10  * you may not use this software except in compliance with the License.
  11  * You may obtain a copy of the License at
  12  *
  13  *             http://www.apache.org/licenses/LICENSE-2.0
  14  *
  15  * Unless required by applicable law or agreed to in writing, software
  16  * distributed under the License is distributed on an "AS IS" BASIS,
  17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  18  * See the License for the specific language governing permissions and
  19  * limitations under the License.
  20  *
  21  * Unless otherwise specified, all documentation contained herein is licensed
  22  * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
  23  * you may not use this documentation except in compliance with the License.
  24  * You may obtain a copy of the License at
  25  *
  26  *             https://creativecommons.org/licenses/by/4.0/
  27  *
  28  * Unless required by applicable law or agreed to in writing, documentation
  29  * distributed under the License is distributed on an "AS IS" BASIS,
  30  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  31  * See the License for the specific language governing permissions and
  32  * limitations under the License.
  33  *
  34  * ============LICENSE_END============================================
  35  *
  36  *
  37  */
  38 package org.onap.portalapp.filter;
  39
  40 import org.junit.Assert;
  41 import org.junit.Test;
  42 import org.junit.runner.RunWith;
  43 import org.mockito.InjectMocks;
  44 import org.mockito.Mockito;
  45 import org.onap.portalsdk.core.util.SystemProperties;
  46 import org.owasp.esapi.ESAPI;
  47 import org.owasp.esapi.codecs.Codec;
  48 import org.powermock.api.mockito.PowerMockito;
  49 import org.powermock.core.classloader.annotations.PrepareForTest;
  50 import org.powermock.modules.junit4.PowerMockRunner;
  51
  52 @RunWith(PowerMockRunner.class)
  53 @PrepareForTest({ESAPI.class, SystemProperties.class})
  54 public class SecurityXssValidatorTest {
  55         @InjectMocks
  56         SecurityXssValidator securityXssValidator;
  57
  58         @Test
  59         public void stripXSSTest() {
  60          securityXssValidator=  SecurityXssValidator.getInstance();
  61                 String value ="Test";
  62                 securityXssValidator.stripXSS(value);
  63         }
  64
  65         @Test
  66         public void testDenyXss() {
  67          securityXssValidator=  SecurityXssValidator.getInstance();
  68                 String value ="Test";
  69                 securityXssValidator.denyXSS(value);
  70         }
  71
  72         @Test
  73                 public void getCodecMySqlTest() {
  74                         PowerMockito.mockStatic(SystemProperties.class);
  75                         Mockito.when(SystemProperties.getProperty(SystemProperties.DB_DRIVER)).thenReturn("mysql");
  76                         SecurityXssValidator validator = SecurityXssValidator.getInstance();
  77                         Codec codec = validator.getCodec();
  78                         Assert.assertNotNull(codec);
  79                 }
  80
  81         /*//@Test
  82         public void stripXSSExceptionTest() {
  83                 String value ="Test";
  84                 SecurityXssValidator validator = SecurityXssValidator.getInstance();
  85                 String reponse = validator.stripXSS(value);
  86                 Assert.assertEquals(value, reponse);;
  87         }
  88
  89         //@Test
  90         public void denyXSSTest() {
  91                 String value ="<script>Test</script>";
  92                 PowerMockito.mockStatic(ESAPI.class);
  93                 Encoder mockEncoder = Mockito.mock(Encoder.class);
  94                 Mockito.when(ESAPI.encoder()).thenReturn(mockEncoder);
  95                 Mockito.when(mockEncoder.canonicalize(value)).thenReturn(value);
  96                 SecurityXssValidator validator = SecurityXssValidator.getInstance();
  97                 Boolean flag = validator.denyXSS(value);
  98                 Assert.assertTrue(flag);
  99         }
 100
 101         //@Test
 102         public void denyXSSFalseTest() {
 103                 String value ="test";
 104                 PowerMockito.mockStatic(ESAPI.class);
 105                 Encoder mockEncoder = Mockito.mock(Encoder.class);
 106                 Mockito.when(ESAPI.encoder()).thenReturn(mockEncoder);
 107                 Mockito.when(mockEncoder.canonicalize(value)).thenReturn(value);
 108                 SecurityXssValidator validator = SecurityXssValidator.getInstance();
 109                 Boolean flag = validator.denyXSS(value);
 110                 Assert.assertFalse(flag);
 111         }
 112
 113         //@Test
 114         public void getCodecMySqlTest() {
 115                 PowerMockito.mockStatic(SystemProperties.class);
 116                 Mockito.when(SystemProperties.getProperty(SystemProperties.DB_DRIVER)).thenReturn("mysql");
 117                 SecurityXssValidator validator = SecurityXssValidator.getInstance();
 118                 Codec codec = validator.getCodec();
 119                 Assert.assertNotNull(codec);
 120         }*/
 121
 122 }