dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move unit test to JUnit 5

Browse Source
This commit is contained in:
Nanne Baars 2021-11-08 09:36:17 +01:00 committed by Nanne Baars
parent 2fbc52e6a2
commit 20d7015dff
1 changed files with 7 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java
View File

@ -16,47 +16,43 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
public class DeserializeTest extends AssignmentEndpointTest { class DeserializeTest extends AssignmentEndpointTest {
private MockMvc mockMvc; private MockMvc mockMvc;
private static String OS = System.getProperty("os.name").toLowerCase(); private static String OS = System.getProperty("os.name").toLowerCase();
@BeforeEach @BeforeEach
public void setup() { void setup() {
InsecureDeserializationTask insecureTask = new InsecureDeserializationTask(); InsecureDeserializationTask insecureTask = new InsecureDeserializationTask();
init(insecureTask); init(insecureTask);
this.mockMvc = standaloneSetup(insecureTask).build(); this.mockMvc = standaloneSetup(insecureTask).build();
} }
@Test @Test
public void success() throws Exception { void success() throws Exception {
if (OS.indexOf("win") > -1) { if (OS.indexOf("win") > -1) {
mockMvc.perform(MockMvcRequestBuilders.post("/InsecureDeserialization/task") mockMvc.perform(MockMvcRequestBuilders.post("/InsecureDeserialization/task")
.header("x-request-intercepted", "true")
.param("token", SerializationHelper.toString(new VulnerableTaskHolder("wait", "ping localhost -n 5")))) .param("token", SerializationHelper.toString(new VulnerableTaskHolder("wait", "ping localhost -n 5"))))
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true))); .andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true)));
} else { } else {
mockMvc.perform(MockMvcRequestBuilders.post("/InsecureDeserialization/task") mockMvc.perform(MockMvcRequestBuilders.post("/InsecureDeserialization/task")
.header("x-request-intercepted", "true")
.param("token", SerializationHelper.toString(new VulnerableTaskHolder("wait", "sleep 5")))) .param("token", SerializationHelper.toString(new VulnerableTaskHolder("wait", "sleep 5"))))
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true))); .andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true)));
} }
} }
@Test @Test
public void fail() throws Exception { void fail() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/InsecureDeserialization/task") mockMvc.perform(MockMvcRequestBuilders.post("/InsecureDeserialization/task")
.header("x-request-intercepted", "true")
.param("token", SerializationHelper.toString(new VulnerableTaskHolder("delete", "rm *")))) .param("token", SerializationHelper.toString(new VulnerableTaskHolder("delete", "rm *"))))
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false))); .andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false)));
} }
@Test @Test
public void wrongVersion() throws Exception { void wrongVersion() throws Exception {
String token = "rO0ABXNyADFvcmcuZHVtbXkuaW5zZWN1cmUuZnJhbWV3b3JrLlZ1bG5lcmFibGVUYXNrSG9sZGVyAAAAAAAAAAECAANMABZyZXF1ZXN0ZWRFeGVjdXRpb25UaW1ldAAZTGphdmEvdGltZS9Mb2NhbERhdGVUaW1lO0wACnRhc2tBY3Rpb250ABJMamF2YS9sYW5nL1N0cmluZztMAAh0YXNrTmFtZXEAfgACeHBzcgANamF2YS50aW1lLlNlcpVdhLobIkiyDAAAeHB3DgUAAAfjCR4GIQgMLRSoeHQACmVjaG8gaGVsbG90AAhzYXlIZWxsbw"; String token = "rO0ABXNyADFvcmcuZHVtbXkuaW5zZWN1cmUuZnJhbWV3b3JrLlZ1bG5lcmFibGVUYXNrSG9sZGVyAAAAAAAAAAECAANMABZyZXF1ZXN0ZWRFeGVjdXRpb25UaW1ldAAZTGphdmEvdGltZS9Mb2NhbERhdGVUaW1lO0wACnRhc2tBY3Rpb250ABJMamF2YS9sYW5nL1N0cmluZztMAAh0YXNrTmFtZXEAfgACeHBzcgANamF2YS50aW1lLlNlcpVdhLobIkiyDAAAeHB3DgUAAAfjCR4GIQgMLRSoeHQACmVjaG8gaGVsbG90AAhzYXlIZWxsbw";
mockMvc.perform(MockMvcRequestBuilders.post("/InsecureDeserialization/task") mockMvc.perform(MockMvcRequestBuilders.post("/InsecureDeserialization/task")
.header("x-request-intercepted", "true")
.param("token", token)) .param("token", token))
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("insecure-deserialization.invalidversion")))) .andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("insecure-deserialization.invalidversion"))))
@ -64,27 +60,22 @@ public class DeserializeTest extends AssignmentEndpointTest {
} }
@Test @Test
public void expiredTask() throws Exception { void expiredTask() throws Exception {
String token = "rO0ABXNyADFvcmcuZHVtbXkuaW5zZWN1cmUuZnJhbWV3b3JrLlZ1bG5lcmFibGVUYXNrSG9sZGVyAAAAAAAAAAICAANMABZyZXF1ZXN0ZWRFeGVjdXRpb25UaW1ldAAZTGphdmEvdGltZS9Mb2NhbERhdGVUaW1lO0wACnRhc2tBY3Rpb250ABJMamF2YS9sYW5nL1N0cmluZztMAAh0YXNrTmFtZXEAfgACeHBzcgANamF2YS50aW1lLlNlcpVdhLobIkiyDAAAeHB3DgUAAAfjCR4IDC0YfvNIeHQACmVjaG8gaGVsbG90AAhzYXlIZWxsbw"; String token = "rO0ABXNyADFvcmcuZHVtbXkuaW5zZWN1cmUuZnJhbWV3b3JrLlZ1bG5lcmFibGVUYXNrSG9sZGVyAAAAAAAAAAICAANMABZyZXF1ZXN0ZWRFeGVjdXRpb25UaW1ldAAZTGphdmEvdGltZS9Mb2NhbERhdGVUaW1lO0wACnRhc2tBY3Rpb250ABJMamF2YS9sYW5nL1N0cmluZztMAAh0YXNrTmFtZXEAfgACeHBzcgANamF2YS50aW1lLlNlcpVdhLobIkiyDAAAeHB3DgUAAAfjCR4IDC0YfvNIeHQACmVjaG8gaGVsbG90AAhzYXlIZWxsbw";
mockMvc.perform(MockMvcRequestBuilders.post("/InsecureDeserialization/task") mockMvc.perform(MockMvcRequestBuilders.post("/InsecureDeserialization/task")
.header("x-request-intercepted", "true")
.param("token", token)) .param("token", token))
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("insecure-deserialization.expired")))) .andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("insecure-deserialization.expired"))))
.andExpect(jsonPath("$.lessonCompleted", is(false))); .andExpect(jsonPath("$.lessonCompleted", is(false)));
} }
@Test @Test
public void checkOtherObject() throws Exception { void checkOtherObject() throws Exception {
String token = "rO0ABXQAVklmIHlvdSBkZXNlcmlhbGl6ZSBtZSBkb3duLCBJIHNoYWxsIGJlY29tZSBtb3JlIHBvd2VyZnVsIHRoYW4geW91IGNhbiBwb3NzaWJseSBpbWFnaW5l"; String token = "rO0ABXQAVklmIHlvdSBkZXNlcmlhbGl6ZSBtZSBkb3duLCBJIHNoYWxsIGJlY29tZSBtb3JlIHBvd2VyZnVsIHRoYW4geW91IGNhbiBwb3NzaWJseSBpbWFnaW5l";
mockMvc.perform(MockMvcRequestBuilders.post("/InsecureDeserialization/task") mockMvc.perform(MockMvcRequestBuilders.post("/InsecureDeserialization/task")
.header("x-request-intercepted", "true")
.param("token", token)) .param("token", token))
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("insecure-deserialization.stringobject")))) .andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("insecure-deserialization.stringobject"))))
.andExpect(jsonPath("$.lessonCompleted", is(false))); .andExpect(jsonPath("$.lessonCompleted", is(false)));
} }
} }