Code Review / portal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Persistent XSS vulnerability in onboardingApps form fix
[portal.git] / ecomp-portal-BE-common / src / test / java / org / onap / portalapp / portal / controller / AppsControllerTest.java
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
index 58745d2..f622fac 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
@@ -128,6 +128,33 @@ public class AppsControllerTest extends MockitoTestSuite{
 
        MockEPUser mockUser = new MockEPUser();
 
+       @Test
+       public void putOnboardingAppXSSTest() {
+               EPUser user = mockUser.mockEPUser();
+               Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+               OnboardingApp onboardingApp = new OnboardingApp();
+               onboardingApp.setUebTopicName("test<img src=‘~‘ onerror=prompt(123)>");
+               Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true);
+               Mockito.when(appService.modifyOnboardingApp(onboardingApp, user)).thenReturn(null);
+               Mockito.when(mockedResponse.getStatus()).thenReturn(200);
+               FieldsValidator actualFieldValidator = appsController.putOnboardingApp(mockedRequest, onboardingApp,
+               mockedResponse);
+               assertNull(actualFieldValidator);
+       }
+
+       @Test
+       public void postOnboardingAppXSSTest() {
+               EPUser user = mockUser.mockEPUser();
+               Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+               OnboardingApp onboardingApp = new OnboardingApp();
+               onboardingApp.setUebKey("test<img src=‘~‘ onerror=prompt(123)>");
+               Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true);
+               Mockito.when(appService.addOnboardingApp(onboardingApp, user)).thenReturn(null);
+               FieldsValidator actualFieldValidator = appsController.postOnboardingApp(mockedRequest, onboardingApp,
+               mockedResponse);
+               assertNull(actualFieldValidator);
+       }
+
        @Test
        public void getUserAppsTest() {
                EPUser user = mockUser.mockEPUser();
ARCHIVED- 2022-02-15 at the request of the project