Merge pull request #8 from SonarSource-Demos/features/bcipo-add-tests

Add unit tests

pom.xml

@@ -60,6 +60,18 @@
   <version>3.3.2</version>
   <type>maven-plugin</type>
 </dependency>
+      <dependency>
+          <groupId>org.junit.jupiter</groupId>
+          <artifactId>junit-jupiter-api</artifactId>
+          <version>5.10.0</version>
+          <scope>test</scope>
+      </dependency>
+    <dependency>
+      <groupId>org.mockito</groupId>
+      <artifactId>mockito-all</artifactId>
+      <version>1.10.19</version>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
   <build>
     <plugins>

src/main/java/demo/security/util/Utils.java

@@ -3,16 +3,18 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.apache.commons.io.FileUtils;
 
+import javax.crypto.Cipher;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
 import javax.script.ScriptEngine;
 import javax.script.ScriptEngineManager;
 import javax.script.ScriptException;
 import java.io.File;
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.nio.file.Files;
 import java.nio.file.Paths;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
+import java.security.*;
 
 public class Utils {
 
@@ -37,4 +39,14 @@ public static void executeJs(String input) throws ScriptException {
         ScriptEngine engine = manager.getEngineByName("JavaScript");
         engine.eval(input);
     }
+
+    public static void encrypt(byte[] key, byte[] ptxt) throws Exception {
+        byte[] nonce = "7cVgr5cbdCZV".getBytes("UTF-8");
+
+        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+        SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
+        GCMParameterSpec gcmSpec = new GCMParameterSpec(128, nonce);
+
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec, gcmSpec); // Noncompliant
+    }
 }

src/main/java/demo/security/util/WebUtils.java

@@ -16,7 +16,7 @@ public void addCookie(HttpServletResponse response, String name, String value) {
 
     public static void getSessionId(HttpServletRequest request){
         String sessionId = request.getRequestedSessionId();
-        if (sessionId == null || sessionId != null){
+        if (sessionId != null){
             String ip = "10.40.1.1";
             Socket socket = null;
             try {

src/test/java/WebUtilsTest.java

@@ -0,0 +1,34 @@
+import demo.security.util.WebUtils;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+import javax.servlet.http.HttpServletRequest;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.Mockito.when;
+
+public class WebUtilsTest {
+
+    @Test
+    public void getSessionId_withValidRequest() {
+        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+        when(request.getRequestedSessionId()).thenReturn("validSessionId");
+
+        WebUtils.getSessionId(request);
+    }
+
+    @Test
+    public void getSessionId_withNullSessionId() {
+        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+        when(request.getRequestedSessionId()).thenReturn(null);
+
+        WebUtils.getSessionId(request);
+    }
+
+    @Test
+    public void getSessionId_withIOException() {
+        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+        when(request.getRequestedSessionId()).thenThrow(new RuntimeException());
+
+        assertThrows(RuntimeException.class, () -> WebUtils.getSessionId(request));
+    }
+}