Summary Table

Categories Total Count
PII 0
URL 0
DNS 0
EKL 0
IP 0
PORT 0
VsID 0
CF 0
AI 0
VPD 0
PL 0
Other 0

File Content

package gov.va.security.util;

import static org.assertj.core.api.Assertions.assertThat;

import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;

import org.junit.Test;

import gov.va.security.entity.BillingCodeTest;
import gov.va.security.entity.CategoryOfCareTest;
import gov.va.security.entity.ClinicalServiceTest;
import gov.va.security.entity.PayableServiceTest;
import gov.va.security.entity.QaspTest;
import gov.va.security.entity.SeocTest;
import gov.va.security.entity.ServiceLineTest;
import gov.va.security.entity.StatusTest;



public class DataSanitizerTest
{

private DataSanitizer ds = new DataSanitizer();

// Test html encoder when data contains script elements
@Test
public void test_applyHtmlEncoder()
{
String test = "test<script>data";
String cleanedUpData = ds.applyHtmlEncoder(test);
assertThat(cleanedUpData).isEqualTo("test&lt;script&gt;data");
}

@Test
public void test_applyHtmlEncoder_Nomatch()
{
String test = "test data";
String cleanedUpData = ds.applyHtmlEncoder(test);
assertThat(cleanedUpData).isEqualTo("test data");
}

// Test html encoder when data contains script elements
@Test
public void test_applyHtmlAttributeEncoder()
{
String test = "test<script>data.";
String cleanedUpData = ds.applyHtmlAttributeEncoder(test);
assertThat(cleanedUpData).isEqualTo("test&lt;script&gt;data.");
}

@Test
public void test_applyHtmlAttributeEncoder_nullValue()
{
String test = null;
String cleanedUpData = ds.applyHtmlAttributeEncoder(test);
assertThat(cleanedUpData).isNull();
}

// Test url encoder when data contains url
@Test
public void test_applyUrlEncoder()
{
String test = "test unit https://abc data";
String cleanedUpData = ds.applyUrlEncoder(test);
assertThat(cleanedUpData).isEqualTo("test unit https%3A%2F%2Fabc data");
}

// Test sanitize methods used for output data. Data contains script and html
// elements
@Test
public void test_sanitizeOutputData()
{
String test = "{\"description\":\"</script><script>alert('XSS https://test successful')</script>\"}";
String cleanedUpData = ds.sanitizeOutputData(test);
String expectedOutput = "{\"description\":\"&lt;/script&gt;&lt;script&gt;alert('XSS https://test successful')&lt;/script&gt;\"}";
assertThat(cleanedUpData).isEqualTo(expectedOutput);
}

// Test sanitize methods used for output data. Data does not contain script or
// html elements
@Test
public void test_sanitizeOutputData_negative()
{
String test = "{\"description\":\"test data \"}";
String cleanedUpData = ds.sanitizeOutputData(test);
String expectedOutput = "{\"description\":\"test data \"}";
assertThat(cleanedUpData).isEqualTo(expectedOutput);
}

// Test sanitize method used for input data. Whietlisting with regular
// expression coming from validation.properties
@Test
public void test_sanitizeInputData()
{
String test = "{\"Description\" : \"(-12/34+ & *Test's?;.)_\"";
String cleanedUpData = ds.sanitizeInputData(test);
assertThat(cleanedUpData).isEqualTo(test);
}

@Test
public void test_replaceUnknownData()
{
String test = "{\"Description\" : [test]<script>\"(-12/34+ & *Test's?;.)_\"</script><script>email@email.com;\nURL=http://www.url.com/\";";
String cleanedUpData = ds.replaceUnknownData(test);
String expectedData = "{\"Description\" : [test]script\"(-12/34+ & *Test's?;.)_\"/scriptscriptemailemail.com;\nURLhttp://www.url.com/\";";
assertThat(cleanedUpData).isEqualTo(expectedData);
}

// Test object traversing using a completely loaded object.
@Test
public void test_traverseObject_success()
{
SeocTest seoc = new SeocTest();
Date today = new Date();

ServiceLineTest sl = new ServiceLineTest();
sl.setId(1);
sl.setDescription("SL");
sl.setServiceAbbreviation("S1");

CategoryOfCareTest cc = new CategoryOfCareTest();
cc.setId(1);
cc.setDescription("CC");
cc.setServiceLine(sl);

Set<CategoryOfCareTest> cocs = new HashSet<CategoryOfCareTest>();
cocs.add(cc);
sl.setCocs(cocs);

ClinicalServiceTest cs = new ClinicalServiceTest();
cs.setId(2);
cs.setDescription("CS");

QaspTest qasp = new QaspTest();
qasp.setId(1);
qasp.setDescription("qasp1");

StatusTest status = new StatusTest();
status.setId(1);
status.setDescription("Active");

seoc.setId(1);
seoc.setName("Test");
seoc.setActivatedBy("System");
seoc.setActivatedTimestamp(today);
seoc.setCategoryOfCare(cc);
seoc.setDescription("Seoc Description");
seoc.setDisclaimer("Disclaimer");
seoc.setDiscontinuedBy("System");
seoc.setDiscontinuedTimestamp(today);
seoc.setDuration(1);
seoc.setEffectiveDate(today);
seoc.setEndDate(today);
seoc.setMaxAllowableVisits(10);
seoc.setRev(true);
seoc.setProceduralOverview("Proc overview");
seoc.setQasp(qasp);
seoc.setSeocKey(1);
seoc.setServiceLine(sl);
seoc.setStatus(status);

cc.setSeocs(new HashSet<SeocTest>());
cc.getSeocs().add(seoc);

sl.setSeocs(new HashSet<SeocTest>());
sl.getSeocs().add(seoc);

qasp.setSeocs(new HashSet<SeocTest>());
qasp.getSeocs().add(seoc);

status.setSeocs(new HashSet<SeocTest>());
status.getSeocs().add(seoc);

PayableServiceTest ps1 = new PayableServiceTest();
ps1.setId(1);
ps1.setDescription("ps1");
ps1.setClinicalService(cs);
ps1.setCodedBy("System");
ps1.setCodedTimestamp(today);
ps1.setCodeRequired("YES");
ps1.setFrequency(3);
ps1.setFrequencyType("week");
ps1.setVisits(5);

PayableServiceTest ps2 = new PayableServiceTest();
ps2.setId(2);
ps2.setDescription("ps21");
ps2.setClinicalService(cs);
ps2.setCodedBy("System");
ps2.setCodedTimestamp(today);
ps2.setCodeRequired("YES");
ps2.setFrequency(2);
ps2.setFrequencyType("week");
ps2.setVisits(6);

seoc.setServices(new ArrayList<PayableServiceTest>());
seoc.getServices().add(ps1);
seoc.getServices().add(ps2);

BillingCodeTest bc1 = new BillingCodeTest();
bc1.setCodeType("Code1");
bc1.setBillingCode("bc1");
bc1.setDescription("Billing Code 1");
bc1.setId(1);
bc1.setPrecertRequired(Boolean.TRUE);
bc1.setServices(new HashSet<PayableServiceTest>());
bc1.getServices().add(ps1);

BillingCodeTest bc2 = new BillingCodeTest();
bc2.setCodeType("Code2");
bc2.setBillingCode("bc2");
bc2.setDescription("Billing Code 2");
bc2.setId(2);
bc2.setPrecertRequired(Boolean.FALSE);
bc2.setServices(new HashSet<PayableServiceTest>());
bc2.getServices().add(ps1);
bc2.getServices().add(ps2);

BillingCodeTest bc3 = new BillingCodeTest();
bc3.setCodeType("Code3");
bc3.setBillingCode("bc3");
bc3.setDescription("Billing Code 3");
bc3.setId(3);
bc3.setPrecertRequired(Boolean.TRUE);
bc3.setServices(new HashSet<PayableServiceTest>());
bc3.getServices().add(ps2);

Set<BillingCodeTest> bcSet = new HashSet<BillingCodeTest>();
bcSet.add(bc1);
bcSet.add(bc2);
ps1.setBillingCodes(bcSet);
ps1.setSeoc(seoc);

Set<BillingCodeTest> bcSet2 = new HashSet<BillingCodeTest>();
bcSet2.add(bc2);
bcSet2.add(bc3);
ps2.setBillingCodes(bcSet2);
ps2.setSeoc(seoc);

// Inject fully loaded with seoc with all data fields filled
ds.sanitize(seoc);
}
}