API Testing Results - Validation Added

.gitignore

 /target
+.metadata
\ No newline at end of file

src/main/java/com/ic/config/SecurityConfig.java

@@ -108,7 +108,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(Arrays.asList("*"));
+        // configuration.setAllowedOrigins(Arrays.asList("*"));
         configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
         configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token", "auth"));
         configuration.setExposedHeaders(Arrays.asList("x-auth-token", "auth"));

src/main/java/com/ic/modules/auth/controller/LeaderCalc.java

@@ -21,6 +21,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
+import org.json.JSONException;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
@@ -67,7 +68,13 @@ public class LeaderCalc {
 	    	
 	    	try {
 				System.out.println("in try");
+				// Yashvant - 16 May 2020 - 0000 - Validation For JSON Keys ( < , > )
+				if( checkValidation(data) ) {
 					calc =  leaderCalcService.calculate(data);
+				}
+				else {
+					return new ResponseEntity( new ApiResponse( StatusCode.UNEXPECTED_ERROR, true, "Request Contains Invalid Input", calc ), HttpStatus.BAD_REQUEST );
+				}
 	    		System.out.println("after operation calc");
 	    		System.out.println(calc);
 	    		
@@ -94,5 +101,26 @@ public class LeaderCalc {
 	    	//return new ResponseEntity(new ApiResponse(StatusCode.RESOURCE_EXIST, true, "USER_Already_Exist", null), HttpStatus.NOT_FOUND);
 	    }
    
+		// Yashvant - 16 May 2020 - 0000 - Validation For JSON Keys ( < , > )
+		public boolean checkValidation(String requestString) throws JSONException {
+			// No need of try catch as default exception added
+			int i;
+			String [] jsonKeysStringValue = new String [4];
+			JSONObject request = new JSONObject(requestString);
+			request = request.getJSONObject("CALC_JSON");
+			
+			jsonKeysStringValue[0] = request.getString("LEADER_CODE");
+			jsonKeysStringValue[1] = request.getString("LEADER_DESIGNATION");
+			jsonKeysStringValue[2] = request.getString("LEADER_NAME");
+			jsonKeysStringValue[3] = request.getString("LEADER_FIRM_NAME");
+			
+			for( i = 0; i < jsonKeysStringValue.length; i++ ) {
+				if( jsonKeysStringValue[i].contains("<") && jsonKeysStringValue[i].contains(">") ) {
+					return false;
+				}
+			}
+			
+			return true;
+		}	
 	
 }

src/main/java/com/ic/modules/auth/controller/NGPAtoNGPLCalc.java

@@ -21,6 +21,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
+import org.json.JSONException;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -66,7 +67,13 @@ public class NGPAtoNGPLCalc {
 	    	JSONObject calc = null;
 	    	try {
 				System.out.println("in try");
+				// Yashvant - 16 May 2020 - 0000 - Validation For JSON Keys ( < , > )
+				if( checkValidation(requestJSON) ) {
 					calc =  nGPAtoNGPLCalcService.prepareAllFormula(requestJSON);
+				}
+				else {
+					return new ResponseEntity( new ApiResponse( StatusCode.UNEXPECTED_ERROR, true, "Request Contains Invalid Input", calc ), HttpStatus.BAD_REQUEST );
+				}
 	    		System.out.println("after operation calc");
 	    		System.out.println(calc);
 	    		
@@ -88,4 +95,28 @@ public class NGPAtoNGPLCalc {
 	    	//return new ResponseEntity(new ApiResponse(StatusCode.RESOURCE_EXIST, true, "USER_Already_Exist", null), HttpStatus.NOT_FOUND);
 	    }
 	
+		// Yashvant - 16 May 2020 - 0000 - Validation For JSON Keys ( < , > )
+		public boolean checkValidation(JSONObject request) throws JSONException {
+			// No need of try catch as default exception added
+			int i;
+			String [] jsonKeysStringValue = new String [6];
+			
+			jsonKeysStringValue[0] = request.getString("FS_Type");
+			jsonKeysStringValue[1] = request.getString("Total_Validations_Met");
+
+			request = request.getJSONObject("Metrics_MeetingConversion_Earnings");
+
+			jsonKeysStringValue[2] = request.getJSONObject("Year_1_NGPA").getString("Validations_Met");
+			jsonKeysStringValue[3] = request.getJSONObject("Year_1_NGPL").getString("Validations_Met");
+			jsonKeysStringValue[4] = request.getJSONObject("Year_1_Total").getString("Validations_Met");
+			jsonKeysStringValue[5] = request.getJSONObject("Year_2_4_Validated_NGPAs").getString("Validations_Met");
+			
+			for( i = 0; i < jsonKeysStringValue.length; i++ ) {
+				if( jsonKeysStringValue[i].contains("<") && jsonKeysStringValue[i].contains(">") ) {
+					return false;
+				}
+			}
+			
+			return true;
+		}
 }