dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Last assignment now filters out .. and / so encoding plays a role now

Browse Source
This commit is contained in:
Nanne Baars
2020-03-08 20:52:24 +01:00
committed by Nanne Baars
parent d4966b5e71
commit 14022d88c9
5 changed files with 78 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java
View File

@ -10,11 +10,15 @@ import org.springframework.http.MediaType;
import org.springframework.security.core.token.Sha512DigestUtils;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import java.net.URI;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.Matchers.containsString;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
@RunWith(SpringJUnit4ClassRunner.class)
@ -33,26 +37,28 @@ public class ProfileUploadRetrievalTest extends LessonTest {
@Test
public void solve() throws Exception {
//Look at the response
mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture"))
mockMvc.perform(get("/PathTraversal/random-picture"))
.andExpect(status().is(200))
.andExpect(header().exists("Location"))
.andExpect(header().string("Location", containsString("?id=")))
.andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG));
//Browse the directories
mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture?id=../../"))
.andExpect(status().is(200))
.andExpect(content().string(containsString("/path-traversal-secret.jpg")))
.andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG));
var uri = new URI("/PathTraversal/random-picture?id=%2E%2E%2F%2E%2E%2F");
mockMvc.perform(get(uri))
.andExpect(status().is(404))
.andDo(MockMvcResultHandlers.print())
.andExpect(content().string(containsString("/path-traversal-secret.jpg")));
//Retrieve the secret file (note: .jpg is added by the server)
mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture?id=../../path-traversal-secret"))
uri = new URI("/PathTraversal/random-picture?id=%2E%2E%2F%2E%2E%2Fpath-traversal-secret");
mockMvc.perform(get(uri))
.andExpect(status().is(200))
.andExpect(content().string("You found it submit the SHA-512 hash of your username as answer"))
.andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG));
//Post flag
mockMvc.perform(MockMvcRequestBuilders.post("/PathTraversal/random").param("secret", Sha512DigestUtils.shaHex("unit-test")))
mockMvc.perform(post("/PathTraversal/random").param("secret", Sha512DigestUtils.shaHex("unit-test")))
.andExpect(status().is(200))
.andExpect(jsonPath("$.assignment", equalTo("ProfileUploadRetrieval")))
.andExpect(jsonPath("$.lessonCompleted", is(true)));
@ -60,7 +66,7 @@ public class ProfileUploadRetrievalTest extends LessonTest {
@Test
public void shouldReceiveRandomPicture() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture"))
mockMvc.perform(get("/PathTraversal/random-picture"))
.andExpect(status().is(200))
.andExpect(header().exists("Location"))
.andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG));
@ -68,7 +74,7 @@ public class ProfileUploadRetrievalTest extends LessonTest {
@Test
public void unknownFileShouldGiveDirectoryContents() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture?id=test"))
mockMvc.perform(get("/PathTraversal/random-picture?id=test"))
.andExpect(status().is(200))
.andExpect(content().string(containsString("cats/8.jpg")))
.andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG));