From 525034fea2acf6426a9d7a954eccd4dd27d38528 Mon Sep 17 00:00:00 2001 From: Brian Cipollone Date: Mon, 12 Feb 2024 14:00:54 -0600 Subject: [PATCH] Add unit tests --- pom.xml | 12 +++++++ src/main/java/demo/security/util/Utils.java | 18 ++++++++-- .../java/demo/security/util/WebUtils.java | 2 +- src/test/java/WebUtilsTest.java | 34 +++++++++++++++++++ 4 files changed, 62 insertions(+), 4 deletions(-) create mode 100644 src/test/java/WebUtilsTest.java diff --git a/pom.xml b/pom.xml index a9d0049..69c66c6 100644 --- a/pom.xml +++ b/pom.xml @@ -60,6 +60,18 @@ 3.3.2 maven-plugin + + org.junit.jupiter + junit-jupiter-api + 5.10.0 + test + + + org.mockito + mockito-all + 1.10.19 + test + diff --git a/src/main/java/demo/security/util/Utils.java b/src/main/java/demo/security/util/Utils.java index a73c6f5..c68b801 100644 --- a/src/main/java/demo/security/util/Utils.java +++ b/src/main/java/demo/security/util/Utils.java @@ -3,16 +3,18 @@ import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.commons.io.FileUtils; +import javax.crypto.Cipher; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; import javax.script.ScriptEngine; import javax.script.ScriptEngineManager; import javax.script.ScriptException; import java.io.File; import java.io.IOException; +import java.io.UnsupportedEncodingException; import java.nio.file.Files; import java.nio.file.Paths; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; +import java.security.*; public class Utils { @@ -37,4 +39,14 @@ public static void executeJs(String input) throws ScriptException { ScriptEngine engine = manager.getEngineByName("JavaScript"); engine.eval(input); } + + public static void encrypt(byte[] key, byte[] ptxt) throws Exception { + byte[] nonce = "7cVgr5cbdCZV".getBytes("UTF-8"); + + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, nonce); + + cipher.init(Cipher.ENCRYPT_MODE, keySpec, gcmSpec); // Noncompliant + } } diff --git a/src/main/java/demo/security/util/WebUtils.java b/src/main/java/demo/security/util/WebUtils.java index 35c5314..b6df5c9 100644 --- a/src/main/java/demo/security/util/WebUtils.java +++ b/src/main/java/demo/security/util/WebUtils.java @@ -16,7 +16,7 @@ public void addCookie(HttpServletResponse response, String name, String value) { public static void getSessionId(HttpServletRequest request){ String sessionId = request.getRequestedSessionId(); - if (sessionId == null || sessionId != null){ + if (sessionId != null){ String ip = "10.40.1.1"; Socket socket = null; try { diff --git a/src/test/java/WebUtilsTest.java b/src/test/java/WebUtilsTest.java new file mode 100644 index 0000000..02b60c2 --- /dev/null +++ b/src/test/java/WebUtilsTest.java @@ -0,0 +1,34 @@ +import demo.security.util.WebUtils; +import org.junit.jupiter.api.Test; +import org.mockito.Mockito; +import javax.servlet.http.HttpServletRequest; + +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.mockito.Mockito.when; + +public class WebUtilsTest { + + @Test + public void getSessionId_withValidRequest() { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + when(request.getRequestedSessionId()).thenReturn("validSessionId"); + + WebUtils.getSessionId(request); + } + + @Test + public void getSessionId_withNullSessionId() { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + when(request.getRequestedSessionId()).thenReturn(null); + + WebUtils.getSessionId(request); + } + + @Test + public void getSessionId_withIOException() { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + when(request.getRequestedSessionId()).thenThrow(new RuntimeException()); + + assertThrows(RuntimeException.class, () -> WebUtils.getSessionId(request)); + } +} \ No newline at end of file