fix: correct number of solved assignments in report card (#2065)

* fix: correct number of solved assignments in report card Filter the list of assignments to accurately count the number of solved assignments. Closes: gh-2063 * chore: remove scoreboard code This is added when we run a CTF challenge during OWASP AppSecEU in 2017. We can remove this code. Closes: gh-2064
2025-03-11 22:57:49 +01:00
parent 2c5e4c4491
commit 23d6fe6f36
16 changed files with 106 additions and 441 deletions
--- a/src/it/java/org/owasp/webgoat/integration/ChallengeIntegrationTest.java
+++ b/src/it/java/org/owasp/webgoat/integration/ChallengeIntegrationTest.java
@ -4,12 +4,9 @@
 */
 package org.owasp.webgoat.integration;

-import static org.junit.jupiter.api.Assertions.assertTrue;
-
 import io.restassured.RestAssured;
 import java.util.Arrays;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
 import org.assertj.core.api.Assertions;
 import org.junit.jupiter.api.Test;
@ -21,7 +18,7 @@ public class ChallengeIntegrationTest extends IntegrationTest {
  void testChallenge1() {
    startLesson("Challenge1");

-      byte[] resultBytes =
+    byte[] resultBytes =
        RestAssured.given()
            .when()
            .relaxedHTTPSValidation()
@ -38,8 +35,8 @@ public class ChallengeIntegrationTest extends IntegrationTest {
    params.put("username", "admin");
    params.put("password", "!!webgoat_admin_1234!!".replace("1234", pincode));

-      checkAssignment(webGoatUrlConfig.url("challenge/1"), params, true);
-      String result =
+    checkAssignment(webGoatUrlConfig.url("challenge/1"), params, true);
+    String result =
        RestAssured.given()
            .when()
            .relaxedHTTPSValidation()
@ -54,22 +51,9 @@ public class ChallengeIntegrationTest extends IntegrationTest {
    String flag = result.substring(result.indexOf("flag") + 6, result.indexOf("flag") + 42);
    params.clear();
    params.put("flag", flag);
-      checkAssignment(webGoatUrlConfig.url("challenge/flag/1"), params, true);
+    checkAssignment(webGoatUrlConfig.url("challenge/flag/1"), params, true);

    checkResults("Challenge1");
-
-      List<String> capturefFlags =
-        RestAssured.given()
-            .when()
-            .relaxedHTTPSValidation()
-            .cookie("JSESSIONID", getWebGoatCookie())
-            .get(webGoatUrlConfig.url("scoreboard-data"))
-            .then()
-            .statusCode(200)
-            .extract()
-            .jsonPath()
-            .get("find { it.username == \"" + this.getUser() + "\" }.flagsCaptured");
-    assertTrue(capturefFlags.contains("Admin lost password"));
  }

  @Test
@ -81,7 +65,7 @@ public class ChallengeIntegrationTest extends IntegrationTest {
    params.put("username_login", "Larry");
    params.put("password_login", "1' or '1'='1");

-      String result =
+    String result =
        RestAssured.given()
            .when()
            .relaxedHTTPSValidation()
@ -96,22 +80,9 @@ public class ChallengeIntegrationTest extends IntegrationTest {
    String flag = result.substring(result.indexOf("flag") + 6, result.indexOf("flag") + 42);
    params.clear();
    params.put("flag", flag);
-      checkAssignment(webGoatUrlConfig.url("challenge/flag/5"), params, true);
+    checkAssignment(webGoatUrlConfig.url("challenge/flag/5"), params, true);

    checkResults("Challenge5");
-
-      List<String> capturefFlags =
-        RestAssured.given()
-            .when()
-            .relaxedHTTPSValidation()
-            .cookie("JSESSIONID", getWebGoatCookie())
-            .get(webGoatUrlConfig.url("scoreboard-data"))
-            .then()
-            .statusCode(200)
-            .extract()
-            .jsonPath()
-            .get("find { it.username == \"" + this.getUser() + "\" }.flagsCaptured");
-    assertTrue(capturefFlags.contains("Without password"));
  }

  @Test
@ -120,7 +91,7 @@ public class ChallengeIntegrationTest extends IntegrationTest {
    cleanMailbox();

    // One should first be able to download git.zip from WebGoat
-      RestAssured.given()
+    RestAssured.given()
        .when()
        .relaxedHTTPSValidation()
        .cookie("JSESSIONID", getWebGoatCookie())
@ -131,7 +102,7 @@ public class ChallengeIntegrationTest extends IntegrationTest {
        .asString();

    // Should email WebWolf inbox this should give a hint to the link being static
-      RestAssured.given()
+    RestAssured.given()
        .when()
        .relaxedHTTPSValidation()
        .cookie("JSESSIONID", getWebGoatCookie())
@ -157,18 +128,20 @@ public class ChallengeIntegrationTest extends IntegrationTest {
    Assertions.assertThat(responseBody).contains("Hi, you requested a password reset link");

    // Call reset link with admin link
-      String result =
+    String result =
        RestAssured.given()
            .when()
            .relaxedHTTPSValidation()
            .cookie("JSESSIONID", getWebGoatCookie())
-            .get(webGoatUrlConfig.url("challenge/7/reset-password/{link}"), "375afe1104f4a487a73823c50a9292a2")
+            .get(
+                webGoatUrlConfig.url("challenge/7/reset-password/{link}"),
+                "375afe1104f4a487a73823c50a9292a2")
            .then()
            .statusCode(HttpStatus.ACCEPTED.value())
            .extract()
            .asString();

    String flag = result.substring(result.indexOf("flag") + 6, result.indexOf("flag") + 42);
-      checkAssignment(webGoatUrlConfig.url("challenge/flag/7"), Map.of("flag", flag), true);
+    checkAssignment(webGoatUrlConfig.url("challenge/flag/7"), Map.of("flag", flag), true);
  }
 }