1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package edu.samplu.krad.demo.travel.account;
17
18 import edu.samplu.common.SmokeTestBase;
19 import org.junit.Test;
20
21
22
23
24 public class DemoTravelAccountMaintenanceEditSmokeTest extends SmokeTestBase {
25
26
27
28
29 public static final String BOOKMARK_URL = "/kr-krad/maintenance?methodToCall=maintenanceEdit&number=a14&dataObjectClassName=org.kuali.rice.krad.demo.travel.account.TravelAccount&hideReturnLink=true";
30
31
32
33
34 public static final String DESCRIPTION_FIELD = "document.documentHeader.documentDescription";
35
36
37
38
39 public static final String EXPLANATION_FIELD = "document.documentHeader.explanation";
40
41
42
43
44 public static final String ORGANIZATION_DOCUMENT_NUMBER_FIELD = "document.documentHeader.organizationDocumentNumber";
45
46
47
48
49 public static final String SUB_ACCOUNT_FIELD = "document.newMaintainableObject.dataObject.subAccount";
50
51
52
53
54 public static final String SUB_ACCOUNT_NAME_FIELD = "document.newMaintainableObject.dataObject.subAccountName";
55
56
57
58
59 public static final String SUBSIDIZED_PERCENT_FIELD = "document.newMaintainableObject.dataObject.subsidizedPercent";
60
61
62
63
64 public static final String DATE_CREATED_FIELD = "document.newMaintainableObject.dataObject.createDate";
65
66
67
68
69 public static final String FISCAL_OFFICER_ID_FIELD = "document.newMaintainableObject.dataObject.foId";
70
71 @Override
72 public String getBookmarkUrl() {
73 return BOOKMARK_URL;
74 }
75
76 protected void navigate() throws Exception {
77 waitAndClickById("Demo-DemoLink", "");
78 waitAndClickByLinkText("Account Maintenance (Edit)");
79 }
80
81 protected void testTravelAccountMaintenanceEdit() throws Exception {
82 if(!isTextPresent("Stacktrace (only in dev mode)")) {
83
84 } else {
85 fail("Development Exception (Error) on page. Test cannot be executed.");
86 }
87 }
88
89 protected void testTravelAccountMaintenanceEditXss() throws Exception {
90 waitAndTypeByName(DESCRIPTION_FIELD,"\"/><script>alert('!')</script>");
91 waitAndTypeByName(EXPLANATION_FIELD,"\"/><script>alert('!')</script>");
92 waitAndTypeByName(ORGANIZATION_DOCUMENT_NUMBER_FIELD,"\"/><script>alert('!')</script>");
93 waitAndTypeByName(SUB_ACCOUNT_FIELD,"blah");
94 waitAndTypeByName(SUB_ACCOUNT_NAME_FIELD,"\"/><script>alert('!')</script>");
95 waitAndTypeByName(SUBSIDIZED_PERCENT_FIELD,"\"/><script>alert('!')</script>");
96 waitAndTypeByName(DATE_CREATED_FIELD,"\"/><script>alert('!')</script>");
97 waitAndTypeByName(FISCAL_OFFICER_ID_FIELD,"\"/><script>alert('!')</script>");
98 waitAndClickButtonByText("Save");
99 Thread.sleep(1000);
100 if(isAlertPresent()) {
101 fail("XSS vulnerability identified.");
102 }
103 }
104
105 public boolean isAlertPresent()
106 {
107 try
108 {
109 driver.switchTo().alert();
110 return true;
111 }
112 catch (Exception Ex)
113 {
114 return false;
115 }
116 }
117
118 @Test
119 public void testDemoTravelAccountMaintenanceEditBookmark() throws Exception {
120 testTravelAccountMaintenanceEdit();
121 testTravelAccountMaintenanceEditXss();
122 passed();
123 }
124
125 @Test
126 public void testDemoTravelAccountMaintenanceEditNav() throws Exception {
127 testTravelAccountMaintenanceEdit();
128 testTravelAccountMaintenanceEditXss();
129 passed();
130 }
131 }