adamsaghy commented on code in PR #5637:
URL: https://github.com/apache/fineract/pull/5637#discussion_r2995322670
##########
integration-tests/src/test/java/org/apache/fineract/integrationtests/SqlInjectionReportingServiceIntegrationTest.java:
##########
@@ -155,53 +173,87 @@ private void createTestReportIfNotExists() {
"Test report creation failed with status " +
postResponse.getStatusCode() + ": " + errorResponse);
}
} catch (Exception e) {
- // This is a critical failure - tests cannot proceed without the
test report
throw new RuntimeException(
"CRITICAL: Could not create test report '" +
TEST_REPORT_NAME + "'. Tests cannot proceed. Error: " + e.getMessage(), e);
}
}
- private void deleteTestReport() {
- if (testReportId != null) {
- try {
- Utils.performServerDelete(requestSpec, responseSpec,
"/fineract-provider/api/v1/reports/" + testReportId, "");
- log.info("Deleted test report with ID: {}", testReportId);
- } catch (Exception e) {
- log.warn("Failed to delete test report: " + e.getMessage());
+ private void createBooleanReport() {
+ booleanReportName = "BOOLEAN_Runreports_Test_Report_" +
java.util.UUID.randomUUID();
+
+ String reportJson = "{" + "\"reportName\": \"" + booleanReportName +
"\"," + "\"reportType\": \"Table\","
+ + "\"reportCategory\": \"Client\"," + "\"reportSql\": \"" +
BOOLEAN_REPORT_SQL + "\","
+ + "\"description\": \"Test report for BOOLEAN runreports
support\"," + "\"useReport\": true" + "}";
+
+ Response postResponse =
given().spec(requestSpec).contentType(ContentType.JSON).body(reportJson).when()
+ .post("/fineract-provider/api/v1/reports");
+
+ if (postResponse.getStatusCode() == 200 ||
postResponse.getStatusCode() == 201) {
+ String response = postResponse.asString();
+ if (response.contains("resourceId")) {
+ String idStr =
response.replaceAll(".*\"resourceId\":(\\d+).*", "$1");
+ booleanReportId = Long.parseLong(idStr);
+ log.info("Created BOOLEAN test report with ID: {}, name: {}",
booleanReportId, booleanReportName);
+ } else {
+ throw new RuntimeException("BOOLEAN test report creation
failed - no resourceId in response: " + response);
}
+ } else {
+ throw new RuntimeException(
+ "BOOLEAN test report creation failed with status " +
postResponse.getStatusCode() + ": " + postResponse.asString());
+ }
+ }
+
+ private void deleteTestReport() {
+ if (testReportId == null) {
+ return;
+ }
+
+ Response deleteResponse =
given().spec(requestSpec).contentType(ContentType.JSON).when()
+ .delete("/fineract-provider/api/v1/reports/" + testReportId);
+
+ if (deleteResponse.getStatusCode() == 200 ||
deleteResponse.getStatusCode() == 204 || deleteResponse.getStatusCode() == 404)
{
+ log.info("Deleted (or already absent) test report with ID: {}",
testReportId);
+ } else {
+ throw new RuntimeException("Failed deleting test report with ID "
+ testReportId + ", status: " + deleteResponse.getStatusCode()
+ + ", body: " + deleteResponse.asString());
+ }
+ }
+
+ private void deleteBooleanReport() {
+ if (booleanReportId == null) {
+ return;
+ }
+
+ Response deleteResponse =
given().spec(requestSpec).contentType(ContentType.JSON).when()
+ .delete("/fineract-provider/api/v1/reports/" +
booleanReportId);
+
+ if (deleteResponse.getStatusCode() == 200 ||
deleteResponse.getStatusCode() == 204 || deleteResponse.getStatusCode() == 404)
{
+ log.info("Deleted (or already absent) BOOLEAN test report with ID:
{}", booleanReportId);
+ } else {
+ throw new RuntimeException("Failed deleting BOOLEAN test report
with ID " + booleanReportId + ", status: "
+ + deleteResponse.getStatusCode() + ", body: " +
deleteResponse.asString());
}
}
- /**
- * UC1: Test legitimate report execution works correctly Validates that
the SQL injection prevention doesn't break
- * normal functionality
- */
@Test
void uc1_testLegitimateReportExecution() {
log.info("Testing that legitimate reports still work after SQL
injection prevention");
Map<String, String> queryParams = new HashMap<>();
queryParams.put("R_officeId", "1");
- // Test with the test report we created in setup - this MUST succeed
String response = Utils.performServerGet(requestSpec, responseSpec,
"/fineract-provider/api/v1/runreports/" + TEST_REPORT_NAME +
"?genericResultSet=false&" + toQueryString(queryParams), null);
assertNotNull(response);
assertNotEquals("", response.trim());
- // Debug: Log actual response to understand structure
log.info("Response from report execution: {}", response);
- // Verify response is valid JSON structure
assertTrue(response.contains("columnHeaders") ||
response.contains("data") || response.contains("test_column"),
"Response should contain expected JSON structure, but got: " +
response);
}
- /**
Review Comment:
Any reason to remove these?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
