Summary Table
Categories |
Total Count |
PII |
0 |
URL |
0 |
DNS |
0 |
EKL |
0 |
IP |
0 |
PORT |
0 |
VsID |
0 |
CF |
0 |
AI |
0 |
VPD |
0 |
PL |
0 |
Other |
0 |
File Content
package gov.va.security.util;
import static org.assertj.core.api.Assertions.assertThat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import org.junit.Test;
import gov.va.security.entity.BillingCodeTest;
import gov.va.security.entity.CategoryOfCareTest;
import gov.va.security.entity.ClinicalServiceTest;
import gov.va.security.entity.PayableServiceTest;
import gov.va.security.entity.QaspTest;
import gov.va.security.entity.SeocTest;
import gov.va.security.entity.ServiceLineTest;
import gov.va.security.entity.StatusTest;
public class DataSanitizerTest
{
private DataSanitizer ds = new DataSanitizer();
// Test html encoder when data contains script elements
@Test
public void test_applyHtmlEncoder()
{
String test = "test<script>data";
String cleanedUpData = ds.applyHtmlEncoder(test);
assertThat(cleanedUpData).isEqualTo("test<script>data");
}
@Test
public void test_applyHtmlEncoder_Nomatch()
{
String test = "test data";
String cleanedUpData = ds.applyHtmlEncoder(test);
assertThat(cleanedUpData).isEqualTo("test data");
}
// Test html encoder when data contains script elements
@Test
public void test_applyHtmlAttributeEncoder()
{
String test = "test<script>data.";
String cleanedUpData = ds.applyHtmlAttributeEncoder(test);
assertThat(cleanedUpData).isEqualTo("test<script>data.");
}
@Test
public void test_applyHtmlAttributeEncoder_nullValue()
{
String test = null;
String cleanedUpData = ds.applyHtmlAttributeEncoder(test);
assertThat(cleanedUpData).isNull();
}
// Test url encoder when data contains url
@Test
public void test_applyUrlEncoder()
{
String test = "test unit https://abc data";
String cleanedUpData = ds.applyUrlEncoder(test);
assertThat(cleanedUpData).isEqualTo("test unit https%3A%2F%2Fabc data");
}
// Test sanitize methods used for output data. Data contains script and html
// elements
@Test
public void test_sanitizeOutputData()
{
String test = "{\"description\":\"</script><script>alert('XSS https://test successful')</script>\"}";
String cleanedUpData = ds.sanitizeOutputData(test);
String expectedOutput = "{\"description\":\"</script><script>alert('XSS https://test successful')</script>\"}";
assertThat(cleanedUpData).isEqualTo(expectedOutput);
}
// Test sanitize methods used for output data. Data does not contain script or
// html elements
@Test
public void test_sanitizeOutputData_negative()
{
String test = "{\"description\":\"test data \"}";
String cleanedUpData = ds.sanitizeOutputData(test);
String expectedOutput = "{\"description\":\"test data \"}";
assertThat(cleanedUpData).isEqualTo(expectedOutput);
}
// Test sanitize method used for input data. Whietlisting with regular
// expression coming from validation.properties
@Test
public void test_sanitizeInputData()
{
String test = "{\"Description\" : \"(-12/34+ & *Test's?;.)_\"";
String cleanedUpData = ds.sanitizeInputData(test);
assertThat(cleanedUpData).isEqualTo(test);
}
@Test
public void test_replaceUnknownData()
{
String test = "{\"Description\" : [test]<script>\"(-12/34+ & *Test's?;.)_\"</script><script>email@email.com;\nURL=http://www.url.com/\";";
String cleanedUpData = ds.replaceUnknownData(test);
String expectedData = "{\"Description\" : [test]script\"(-12/34+ & *Test's?;.)_\"/scriptscriptemailemail.com;\nURLhttp://www.url.com/\";";
assertThat(cleanedUpData).isEqualTo(expectedData);
}
// Test object traversing using a completely loaded object.
@Test
public void test_traverseObject_success()
{
SeocTest seoc = new SeocTest();
Date today = new Date();
ServiceLineTest sl = new ServiceLineTest();
sl.setId(1);
sl.setDescription("SL");
sl.setServiceAbbreviation("S1");
CategoryOfCareTest cc = new CategoryOfCareTest();
cc.setId(1);
cc.setDescription("CC");
cc.setServiceLine(sl);
Set<CategoryOfCareTest> cocs = new HashSet<CategoryOfCareTest>();
cocs.add(cc);
sl.setCocs(cocs);
ClinicalServiceTest cs = new ClinicalServiceTest();
cs.setId(2);
cs.setDescription("CS");
QaspTest qasp = new QaspTest();
qasp.setId(1);
qasp.setDescription("qasp1");
StatusTest status = new StatusTest();
status.setId(1);
status.setDescription("Active");
seoc.setId(1);
seoc.setName("Test");
seoc.setActivatedBy("System");
seoc.setActivatedTimestamp(today);
seoc.setCategoryOfCare(cc);
seoc.setDescription("Seoc Description");
seoc.setDisclaimer("Disclaimer");
seoc.setDiscontinuedBy("System");
seoc.setDiscontinuedTimestamp(today);
seoc.setDuration(1);
seoc.setEffectiveDate(today);
seoc.setEndDate(today);
seoc.setMaxAllowableVisits(10);
seoc.setRev(true);
seoc.setProceduralOverview("Proc overview");
seoc.setQasp(qasp);
seoc.setSeocKey(1);
seoc.setServiceLine(sl);
seoc.setStatus(status);
cc.setSeocs(new HashSet<SeocTest>());
cc.getSeocs().add(seoc);
sl.setSeocs(new HashSet<SeocTest>());
sl.getSeocs().add(seoc);
qasp.setSeocs(new HashSet<SeocTest>());
qasp.getSeocs().add(seoc);
status.setSeocs(new HashSet<SeocTest>());
status.getSeocs().add(seoc);
PayableServiceTest ps1 = new PayableServiceTest();
ps1.setId(1);
ps1.setDescription("ps1");
ps1.setClinicalService(cs);
ps1.setCodedBy("System");
ps1.setCodedTimestamp(today);
ps1.setCodeRequired("YES");
ps1.setFrequency(3);
ps1.setFrequencyType("week");
ps1.setVisits(5);
PayableServiceTest ps2 = new PayableServiceTest();
ps2.setId(2);
ps2.setDescription("ps21");
ps2.setClinicalService(cs);
ps2.setCodedBy("System");
ps2.setCodedTimestamp(today);
ps2.setCodeRequired("YES");
ps2.setFrequency(2);
ps2.setFrequencyType("week");
ps2.setVisits(6);
seoc.setServices(new ArrayList<PayableServiceTest>());
seoc.getServices().add(ps1);
seoc.getServices().add(ps2);
BillingCodeTest bc1 = new BillingCodeTest();
bc1.setCodeType("Code1");
bc1.setBillingCode("bc1");
bc1.setDescription("Billing Code 1");
bc1.setId(1);
bc1.setPrecertRequired(Boolean.TRUE);
bc1.setServices(new HashSet<PayableServiceTest>());
bc1.getServices().add(ps1);
BillingCodeTest bc2 = new BillingCodeTest();
bc2.setCodeType("Code2");
bc2.setBillingCode("bc2");
bc2.setDescription("Billing Code 2");
bc2.setId(2);
bc2.setPrecertRequired(Boolean.FALSE);
bc2.setServices(new HashSet<PayableServiceTest>());
bc2.getServices().add(ps1);
bc2.getServices().add(ps2);
BillingCodeTest bc3 = new BillingCodeTest();
bc3.setCodeType("Code3");
bc3.setBillingCode("bc3");
bc3.setDescription("Billing Code 3");
bc3.setId(3);
bc3.setPrecertRequired(Boolean.TRUE);
bc3.setServices(new HashSet<PayableServiceTest>());
bc3.getServices().add(ps2);
Set<BillingCodeTest> bcSet = new HashSet<BillingCodeTest>();
bcSet.add(bc1);
bcSet.add(bc2);
ps1.setBillingCodes(bcSet);
ps1.setSeoc(seoc);
Set<BillingCodeTest> bcSet2 = new HashSet<BillingCodeTest>();
bcSet2.add(bc2);
bcSet2.add(bc3);
ps2.setBillingCodes(bcSet2);
ps2.setSeoc(seoc);
// Inject fully loaded with seoc with all data fields filled
ds.sanitize(seoc);
}
}