diff --git a/pom.xml b/pom.xml
index a9d0049..69c66c6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -60,6 +60,18 @@
3.3.2
maven-plugin
+
+ org.junit.jupiter
+ junit-jupiter-api
+ 5.10.0
+ test
+
+
+ org.mockito
+ mockito-all
+ 1.10.19
+ test
+
diff --git a/src/main/java/demo/security/util/Utils.java b/src/main/java/demo/security/util/Utils.java
index a73c6f5..c68b801 100644
--- a/src/main/java/demo/security/util/Utils.java
+++ b/src/main/java/demo/security/util/Utils.java
@@ -3,16 +3,18 @@
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.commons.io.FileUtils;
+import javax.crypto.Cipher;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
import javax.script.ScriptEngine;
import javax.script.ScriptEngineManager;
import javax.script.ScriptException;
import java.io.File;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
import java.nio.file.Files;
import java.nio.file.Paths;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
+import java.security.*;
public class Utils {
@@ -37,4 +39,14 @@ public static void executeJs(String input) throws ScriptException {
ScriptEngine engine = manager.getEngineByName("JavaScript");
engine.eval(input);
}
+
+ public static void encrypt(byte[] key, byte[] ptxt) throws Exception {
+ byte[] nonce = "7cVgr5cbdCZV".getBytes("UTF-8");
+
+ Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+ SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
+ GCMParameterSpec gcmSpec = new GCMParameterSpec(128, nonce);
+
+ cipher.init(Cipher.ENCRYPT_MODE, keySpec, gcmSpec); // Noncompliant
+ }
}
diff --git a/src/main/java/demo/security/util/WebUtils.java b/src/main/java/demo/security/util/WebUtils.java
index 35c5314..b6df5c9 100644
--- a/src/main/java/demo/security/util/WebUtils.java
+++ b/src/main/java/demo/security/util/WebUtils.java
@@ -16,7 +16,7 @@ public void addCookie(HttpServletResponse response, String name, String value) {
public static void getSessionId(HttpServletRequest request){
String sessionId = request.getRequestedSessionId();
- if (sessionId == null || sessionId != null){
+ if (sessionId != null){
String ip = "10.40.1.1";
Socket socket = null;
try {
diff --git a/src/test/java/WebUtilsTest.java b/src/test/java/WebUtilsTest.java
new file mode 100644
index 0000000..02b60c2
--- /dev/null
+++ b/src/test/java/WebUtilsTest.java
@@ -0,0 +1,34 @@
+import demo.security.util.WebUtils;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+import javax.servlet.http.HttpServletRequest;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.Mockito.when;
+
+public class WebUtilsTest {
+
+ @Test
+ public void getSessionId_withValidRequest() {
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ when(request.getRequestedSessionId()).thenReturn("validSessionId");
+
+ WebUtils.getSessionId(request);
+ }
+
+ @Test
+ public void getSessionId_withNullSessionId() {
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ when(request.getRequestedSessionId()).thenReturn(null);
+
+ WebUtils.getSessionId(request);
+ }
+
+ @Test
+ public void getSessionId_withIOException() {
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ when(request.getRequestedSessionId()).thenThrow(new RuntimeException());
+
+ assertThrows(RuntimeException.class, () -> WebUtils.getSessionId(request));
+ }
+}
\ No newline at end of file