Increased Junit coverage for 'PreflightController' & 'UnrestrictedFileUpload' class (#493)

* Increase coverage of 'UnrestrictedFileUpload' to 95%  & 'PreflightController' to 100%.

* Increase coverage of 'UnrestrictedFileUpload' to 95%  & 'PreflightController' to 100%.

* Increase coverage of 'UnrestrictedFileUpload' to 95%  & 'PreflightController' to 100%.

* Remove SampleVulnerability.java from PR

---------

Co-authored-by: kartik patel <kartik.patell4july1997@gmail.com>

Author: demoralizerr

build.gradle

@@ -124,6 +124,9 @@ dependencies {
     // https://mvnrepository.com/artifact/org.assertj/assertj-core
     testImplementation group: 'org.assertj', name: 'assertj-core', version: '3.17.2'
 
+    // https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-test
+    testImplementation 'org.springframework.boot:spring-boot-starter-test'
+
     // https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-data-jpa
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-jpa', version: '2.3.1.RELEASE'
 

src/main/java/org/sasanlabs/service/vulnerability/fileupload/PreflightController.java

@@ -1,10 +1,12 @@
 package org.sasanlabs.service.vulnerability.fileupload;
 
 import static org.sasanlabs.service.vulnerability.fileupload.UnrestrictedFileUpload.CONTENT_DISPOSITION_STATIC_FILE_LOCATION;
+import static org.springframework.http.HttpHeaders.CONTENT_DISPOSITION;
 
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Path;
 import org.apache.commons.io.IOUtils;
 import org.sasanlabs.internal.utility.FrameworkConstants;
 import org.springframework.http.HttpHeaders;
@@ -34,14 +36,16 @@ public PreflightController(UnrestrictedFileUpload unrestrictedFileUpload) {
             CONTENT_DISPOSITION_STATIC_FILE_LOCATION + FrameworkConstants.SLASH + "{fileName}")
     public ResponseEntity<byte[]> fetchFile(@PathVariable("fileName") String fileName)
             throws IOException {
-        InputStream inputStream =
-                new FileInputStream(
-                        unrestrictedFileUpload.getContentDispositionRoot().toFile()
-                                + FrameworkConstants.SLASH
-                                + fileName);
-        HttpHeaders httpHeaders = new HttpHeaders();
-        httpHeaders.add(HttpHeaders.CONTENT_DISPOSITION, "attachment");
-        return new ResponseEntity<byte[]>(
-                IOUtils.toByteArray(inputStream), httpHeaders, HttpStatus.OK);
+
+        // Resolve path using Path API
+        Path filePath = unrestrictedFileUpload.getContentDispositionRoot().resolve(fileName);
+
+        // Try-with-resources ensures the stream closes automatically
+        try (InputStream inputStream = new FileInputStream(filePath.toFile())) {
+            byte[] fileBytes = IOUtils.toByteArray(inputStream);
+            HttpHeaders httpHeaders = new HttpHeaders();
+            httpHeaders.add(CONTENT_DISPOSITION, "attachment");
+            return new ResponseEntity<>(fileBytes, httpHeaders, HttpStatus.OK);
+        }
     }
 }

src/test/java/org/sasanlabs/service/vulnerability/fileupload/PreflightControllerTest.java

@@ -0,0 +1,57 @@
+package org.sasanlabs.service.vulnerability.fileupload;
+
+import static org.mockito.Mockito.when;
+import static org.mockito.MockitoAnnotations.openMocks;
+import static org.sasanlabs.internal.utility.FrameworkConstants.SLASH;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Collections;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+import org.mockito.Mock;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+
+class PreflightControllerTest {
+
+    private MockMvc mockMvc;
+
+    @Mock private UnrestrictedFileUpload unrestrictedFileUpload;
+
+    @TempDir Path tempDir;
+
+    private static final String FILE_NAME = "testFile";
+    private static final String FILE_CONTENT = "Hello SasanLabs!";
+
+    @BeforeEach
+    void setUp() {
+        openMocks(this);
+        PreflightController preflightController = new PreflightController(unrestrictedFileUpload);
+        mockMvc = MockMvcBuilders.standaloneSetup(preflightController).build();
+    }
+
+    @Test
+    void testFetchFile_Success() throws Exception {
+        // given
+        Path filePath = tempDir.resolve(FILE_NAME);
+        Files.write(filePath, Collections.singletonList(FILE_CONTENT));
+        String url =
+                SLASH
+                        + UnrestrictedFileUpload.CONTENT_DISPOSITION_STATIC_FILE_LOCATION
+                        + SLASH
+                        + FILE_NAME;
+
+        // when
+        when(unrestrictedFileUpload.getContentDispositionRoot()).thenReturn(tempDir);
+
+        // then
+        mockMvc.perform(get(url))
+                .andExpect(status().isOk())
+                .andExpect(content().string(org.hamcrest.Matchers.containsString(FILE_CONTENT)));
+    }
+}

src/test/java/org/sasanlabs/service/vulnerability/fileupload/UnrestrictedFileUploadTest.java

@@ -0,0 +1,185 @@
+package org.sasanlabs.service.vulnerability.fileupload;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.test.util.ReflectionTestUtils.setField;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+import org.sasanlabs.service.vulnerability.bean.GenericVulnerabilityResponseBean;
+import org.sasanlabs.vulnerability.utils.Constants;
+import org.springframework.http.ResponseEntity;
+import org.springframework.mock.web.MockMultipartFile;
+
+class UnrestrictedFileUploadTest {
+
+    private UnrestrictedFileUpload fileUpload;
+
+    @TempDir Path tempRoot;
+
+    @TempDir Path tempContentDispositionRoot;
+
+    @BeforeEach
+    void setUp() throws IOException, URISyntaxException {
+        fileUpload = new UnrestrictedFileUpload();
+        setField(fileUpload, "root", tempRoot);
+        setField(fileUpload, "contentDispositionRoot", tempContentDispositionRoot);
+    }
+
+    @Test
+    void test_getVulnerablePayloadLevel1() throws Exception {
+        MockMultipartFile file =
+                new MockMultipartFile("file", "test.html", "text/html", "content".getBytes());
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                fileUpload.getVulnerablePayloadLevel1(file);
+
+        assertThat(response.getBody().getIsValid()).isTrue();
+        assertThat(tempRoot.resolve("test.html")).exists();
+    }
+
+    @Test
+    void test_getVulnerablePayloadLevel2() throws Exception {
+        MockMultipartFile file =
+                new MockMultipartFile("file", "image.png", "image/png", "content".getBytes());
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                fileUpload.getVulnerablePayloadLevel2(file);
+
+        assertThat(response.getBody().getIsValid()).isTrue();
+        try (Stream<Path> files = Files.list(tempRoot)) {
+            assertThat(files.count()).isGreaterThan(0);
+        }
+    }
+
+    @Test
+    void test_getVulnerablePayloadLevel3() throws Exception {
+        MockMultipartFile file =
+                new MockMultipartFile("file", "attack.html", "text/html", "content".getBytes());
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                fileUpload.getVulnerablePayloadLevel3(file);
+
+        assertThat(response.getBody().getIsValid()).isFalse();
+    }
+
+    @Test
+    void test_getVulnerablePayloadLevel4() throws Exception {
+        MockMultipartFile file =
+                new MockMultipartFile("file", "attack.htm", "text/html", "content".getBytes());
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                fileUpload.getVulnerablePayloadLevel4(file);
+
+        assertThat(response.getBody().getIsValid()).isFalse();
+    }
+
+    @Test
+    void test_getVulnerablePayloadLevel5() throws Exception {
+        MockMultipartFile file =
+                new MockMultipartFile("file", "attack.HTM", "text/html", "content".getBytes());
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                fileUpload.getVulnerablePayloadLevel5(file);
+
+        assertThat(response.getBody().getIsValid()).isFalse();
+    }
+
+    @Test
+    void test_getVulnerablePayloadLevel6() throws Exception {
+        MockMultipartFile file =
+                new MockMultipartFile(
+                        "file", "malicious.png.html", "text/html", "content".getBytes());
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                fileUpload.getVulnerablePayloadLevel6(file);
+
+        assertThat(response.getBody().getIsValid()).isTrue();
+    }
+
+    @Test
+    void test_getVulnerablePayloadLevel7() throws Exception {
+        String fileName = "shell.php" + Constants.NULL_BYTE_CHARACTER + ".png";
+        MockMultipartFile file =
+                new MockMultipartFile("file", fileName, "text/plain", "content".getBytes());
+
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                fileUpload.getVulnerablePayloadLevel7(file);
+
+        assertThat(response.getBody().getIsValid())
+                .withFailMessage("Level 7 validation should pass for null byte suffix")
+                .isTrue();
+
+        try (Stream<Path> files = Files.list(tempRoot)) {
+            List<String> fileNames =
+                    files.map(p -> p.getFileName().toString()).collect(Collectors.toList());
+
+            assertThat(fileNames)
+                    .withFailMessage("Expected truncated .php file, but found: %s", fileNames)
+                    .anyMatch(name -> name.contains("shell.php") && !name.endsWith(".png"));
+        }
+    }
+
+    @Test
+    void test_getVulnerablePayloadLevel7_WithoutNullByte() throws Exception {
+        // 1. Arrange: Use a filename WITHOUT a null byte
+        String fileName = "normal_image.png";
+        MockMultipartFile file =
+                new MockMultipartFile("file", fileName, "image/png", "dummy content".getBytes());
+
+        // 2. Act
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                fileUpload.getVulnerablePayloadLevel7(file);
+
+        // 3. Assert Response
+        assertThat(response.getBody().getIsValid())
+                .withFailMessage("Validation should pass for a normal .png file")
+                .isTrue();
+
+        // 4. Assert File System
+        try (Stream<Path> files = Files.list(tempRoot)) {
+            List<String> fileNames =
+                    files.map(p -> p.getFileName().toString()).collect(Collectors.toList());
+
+            // Verify that the file was saved ending with the original name (normal_image.png)
+            // and includes the random prefix assigned by the controller
+            assertThat(fileNames)
+                    .withFailMessage(
+                            "Expected file to be saved with original name, but found: %s",
+                            fileNames)
+                    .anyMatch(name -> name.endsWith("_" + fileName));
+        }
+    }
+
+    @Test
+    void test_getVulnerablePayloadLevel8() throws Exception {
+        MockMultipartFile file =
+                new MockMultipartFile("file", "traversal.txt", "text/plain", "content".getBytes());
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                fileUpload.getVulnerablePayloadLevel8(file);
+
+        assertThat(response.getBody().getIsValid()).isTrue();
+        assertThat(tempContentDispositionRoot.resolve("traversal.txt")).exists();
+    }
+
+    @Test
+    void test_getVulnerablePayloadLevel9() throws Exception {
+        MockMultipartFile file =
+                new MockMultipartFile("file", "dos.txt", "text/plain", new byte[1024]);
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                fileUpload.getVulnerablePayloadLevel9(file);
+
+        assertThat(response.getBody().getIsValid()).isTrue();
+    }
+
+    @Test
+    void test_getVulnerablePayloadLevel10() throws Exception {
+        MockMultipartFile malicious =
+                new MockMultipartFile("file", "test.png.php", "text/plain", "content".getBytes());
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                fileUpload.getVulnerablePayloadLevel10(malicious);
+
+        assertThat(response.getBody().getIsValid()).isFalse();
+    }
+}