Code Review / portal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
XSS Vulnerability fix in AppsOSController
[portal.git] / ecomp-portal-BE-os / src / test / java / org / onap / portalapp / portal / controller / AppsOSControllerTest.java
diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
index 0596e74..15fe1dd 100644 (file)
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
+++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
@@ -175,6 +175,17 @@ public class AppsOSControllerTest {
                assertEquals("{\"firstName\":\"test\",\"lastName\":\"test\"}", expectedString);
        }
 
+       @Test
+       public void getCurrentUserProfileXSSTest() {
+               String loginId = "<iframe/src=\"data:text/html,<svg &#111;&#110;load=alert(1)>\">";
+               EPUser user = mockUser.mockEPUser();
+               List<EPUser> expectedList = new ArrayList<>();
+               expectedList.add(user);
+               Mockito.when(userService.getUserByUserId(loginId)).thenReturn(expectedList);
+               String expectedString = appsOSController.getCurrentUserProfile(mockedRequest, loginId);
+               assertEquals("loginId is not valid", expectedString);
+       }
+
        @Test
        public void getCurrentUserProfileExceptionTest() {
                String loginId = "guestT";
ARCHIVED- 2022-02-15 at the request of the project