Vulnerable components only work in a Docker container
This commit is contained in:
Nanne Baars
parent
bdbf66c8e1
commit
323daae578
@ -2,185 +2,209 @@ package org.owasp.webgoat;
|
||||
|
||||
import io.restassured.RestAssured;
|
||||
import io.restassured.http.ContentType;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.hamcrest.MatcherAssert;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
public class GeneralLessonIntegrationTest extends IntegrationTest {
|
||||
|
||||
@Test
|
||||
public void httpBasics() {
|
||||
startLesson("HttpBasics");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("person", "goatuser");
|
||||
checkAssignment(url("HttpBasics/attack1"), params, true);
|
||||
@Test
|
||||
public void httpBasics() {
|
||||
startLesson("HttpBasics");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("person", "goatuser");
|
||||
checkAssignment(url("HttpBasics/attack1"), params, true);
|
||||
|
||||
params.clear();
|
||||
params.put("answer", "POST");
|
||||
params.put("magic_answer", "33");
|
||||
params.put("magic_num", "4");
|
||||
checkAssignment(url("HttpBasics/attack2"), params, false);
|
||||
params.clear();
|
||||
params.put("answer", "POST");
|
||||
params.put("magic_answer", "33");
|
||||
params.put("magic_num", "4");
|
||||
checkAssignment(url("HttpBasics/attack2"), params, false);
|
||||
|
||||
params.clear();
|
||||
params.put("answer", "POST");
|
||||
params.put("magic_answer", "33");
|
||||
params.put("magic_num", "33");
|
||||
checkAssignment(url("HttpBasics/attack2"), params, true);
|
||||
params.clear();
|
||||
params.put("answer", "POST");
|
||||
params.put("magic_answer", "33");
|
||||
params.put("magic_num", "33");
|
||||
checkAssignment(url("HttpBasics/attack2"), params, true);
|
||||
|
||||
checkResults("/HttpBasics/");
|
||||
checkResults("/HttpBasics/");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void httpProxies() {
|
||||
startLesson("HttpProxies");
|
||||
MatcherAssert.assertThat(
|
||||
RestAssured.given()
|
||||
.when()
|
||||
.relaxedHTTPSValidation()
|
||||
.cookie("JSESSIONID", getWebGoatCookie())
|
||||
.header("x-request-intercepted", "true")
|
||||
.contentType(ContentType.JSON)
|
||||
.get(url("HttpProxies/intercept-request?changeMe=Requests are tampered easily"))
|
||||
.then()
|
||||
.statusCode(200)
|
||||
.extract()
|
||||
.path("lessonCompleted"),
|
||||
CoreMatchers.is(true));
|
||||
|
||||
checkResults("/HttpProxies/");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void cia() {
|
||||
startLesson("CIA");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put(
|
||||
"question_0_solution",
|
||||
"Solution 3: By stealing a database where names and emails are stored and uploading it to a website.");
|
||||
params.put(
|
||||
"question_1_solution",
|
||||
"Solution 1: By changing the names and emails of one or more users stored in a database.");
|
||||
params.put(
|
||||
"question_2_solution",
|
||||
"Solution 4: By launching a denial of service attack on the servers.");
|
||||
params.put(
|
||||
"question_3_solution",
|
||||
"Solution 2: The systems security is compromised even if only one goal is harmed.");
|
||||
checkAssignment(url("/WebGoat/cia/quiz"), params, true);
|
||||
checkResults("/cia/");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void vulnerableComponents() {
|
||||
if (StringUtils.hasText(System.getProperty("running.in.docker"))) {
|
||||
String solution =
|
||||
"<contact class='dynamic-proxy'>\n"
|
||||
+ "<interface>org.owasp.webgoat.lessons.vulnerablecomponents.Contact</interface>\n"
|
||||
+ " <handler class='java.beans.EventHandler'>\n"
|
||||
+ " <target class='java.lang.ProcessBuilder'>\n"
|
||||
+ " <command>\n"
|
||||
+ " <string>calc.exe</string>\n"
|
||||
+ " </command>\n"
|
||||
+ " </target>\n"
|
||||
+ " <action>start</action>\n"
|
||||
+ " </handler>\n"
|
||||
+ "</contact>";
|
||||
startLesson("VulnerableComponents");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("payload", solution);
|
||||
checkAssignment(url("/WebGoat/VulnerableComponents/attack1"), params, true);
|
||||
checkResults("/VulnerableComponents/");
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void httpProxies() {
|
||||
startLesson("HttpProxies");
|
||||
MatcherAssert.assertThat(RestAssured.given()
|
||||
.when().relaxedHTTPSValidation().cookie("JSESSIONID", getWebGoatCookie()).header("x-request-intercepted", "true")
|
||||
.contentType(ContentType.JSON)
|
||||
.get(url("HttpProxies/intercept-request?changeMe=Requests are tampered easily"))
|
||||
.then()
|
||||
.statusCode(200).extract().path("lessonCompleted"), CoreMatchers.is(true));
|
||||
@Test
|
||||
public void insecureLogin() {
|
||||
startLesson("InsecureLogin");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("username", "CaptainJack");
|
||||
params.put("password", "BlackPearl");
|
||||
checkAssignment(url("/WebGoat/InsecureLogin/task"), params, true);
|
||||
checkResults("/InsecureLogin/");
|
||||
}
|
||||
|
||||
checkResults("/HttpProxies/");
|
||||
}
|
||||
@Test
|
||||
public void securePasswords() {
|
||||
startLesson("SecurePasswords");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("password", "ajnaeliclm^&&@kjn.");
|
||||
checkAssignment(url("/WebGoat/SecurePasswords/assignment"), params, true);
|
||||
checkResults("SecurePasswords/");
|
||||
|
||||
@Test
|
||||
public void cia() {
|
||||
startLesson("CIA");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("question_0_solution", "Solution 3: By stealing a database where names and emails are stored and uploading it to a website.");
|
||||
params.put("question_1_solution", "Solution 1: By changing the names and emails of one or more users stored in a database.");
|
||||
params.put("question_2_solution", "Solution 4: By launching a denial of service attack on the servers.");
|
||||
params.put("question_3_solution", "Solution 2: The systems security is compromised even if only one goal is harmed.");
|
||||
checkAssignment(url("/WebGoat/cia/quiz"), params, true);
|
||||
checkResults("/cia/");
|
||||
startLesson("AuthBypass");
|
||||
params.clear();
|
||||
params.put("secQuestion2", "John");
|
||||
params.put("secQuestion3", "Main");
|
||||
params.put("jsEnabled", "1");
|
||||
params.put("verifyMethod", "SEC_QUESTIONS");
|
||||
params.put("userId", "12309746");
|
||||
checkAssignment(url("/WebGoat/auth-bypass/verify-account"), params, true);
|
||||
checkResults("/auth-bypass/");
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void vulnerableComponents() {
|
||||
String solution = "<contact class='dynamic-proxy'>\n" +
|
||||
"<interface>org.owasp.webgoat.lessons.vulnerablecomponents.Contact</interface>\n" +
|
||||
" <handler class='java.beans.EventHandler'>\n" +
|
||||
" <target class='java.lang.ProcessBuilder'>\n" +
|
||||
" <command>\n" +
|
||||
" <string>calc.exe</string>\n" +
|
||||
" </command>\n" +
|
||||
" </target>\n" +
|
||||
" <action>start</action>\n" +
|
||||
" </handler>\n" +
|
||||
"</contact>";
|
||||
startLesson("VulnerableComponents");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("payload", solution);
|
||||
checkAssignment(url("/WebGoat/VulnerableComponents/attack1"), params, true);
|
||||
checkResults("/VulnerableComponents/");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void insecureLogin() {
|
||||
startLesson("InsecureLogin");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("username", "CaptainJack");
|
||||
params.put("password", "BlackPearl");
|
||||
checkAssignment(url("/WebGoat/InsecureLogin/task"), params, true);
|
||||
checkResults("/InsecureLogin/");
|
||||
}
|
||||
startLesson("HttpProxies");
|
||||
MatcherAssert.assertThat(
|
||||
RestAssured.given()
|
||||
.when()
|
||||
.relaxedHTTPSValidation()
|
||||
.cookie("JSESSIONID", getWebGoatCookie())
|
||||
.header("x-request-intercepted", "true")
|
||||
.contentType(ContentType.JSON)
|
||||
.get(
|
||||
url("/WebGoat/HttpProxies/intercept-request?changeMe=Requests are tampered easily"))
|
||||
.then()
|
||||
.statusCode(200)
|
||||
.extract()
|
||||
.path("lessonCompleted"),
|
||||
CoreMatchers.is(true));
|
||||
checkResults("/HttpProxies/");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void securePasswords() {
|
||||
startLesson("SecurePasswords");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("password", "ajnaeliclm^&&@kjn.");
|
||||
checkAssignment(url("/WebGoat/SecurePasswords/assignment"), params, true);
|
||||
checkResults("SecurePasswords/");
|
||||
@Test
|
||||
public void chrome() {
|
||||
startLesson("ChromeDevTools");
|
||||
|
||||
startLesson("AuthBypass");
|
||||
params.clear();
|
||||
params.put("secQuestion2", "John");
|
||||
params.put("secQuestion3", "Main");
|
||||
params.put("jsEnabled", "1");
|
||||
params.put("verifyMethod", "SEC_QUESTIONS");
|
||||
params.put("userId", "12309746");
|
||||
checkAssignment(url("/WebGoat/auth-bypass/verify-account"), params, true);
|
||||
checkResults("/auth-bypass/");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("param1", "42");
|
||||
params.put("param2", "24");
|
||||
|
||||
startLesson("HttpProxies");
|
||||
MatcherAssert.assertThat(RestAssured.given().when().relaxedHTTPSValidation().cookie("JSESSIONID", getWebGoatCookie()).header("x-request-intercepted", "true")
|
||||
.contentType(ContentType.JSON)
|
||||
.get(url("/WebGoat/HttpProxies/intercept-request?changeMe=Requests are tampered easily")).then()
|
||||
.statusCode(200).extract().path("lessonCompleted"), CoreMatchers.is(true));
|
||||
checkResults("/HttpProxies/");
|
||||
}
|
||||
String result =
|
||||
RestAssured.given()
|
||||
.when()
|
||||
.relaxedHTTPSValidation()
|
||||
.cookie("JSESSIONID", getWebGoatCookie())
|
||||
.header("webgoat-requested-by", "dom-xss-vuln")
|
||||
.header("X-Requested-With", "XMLHttpRequest")
|
||||
.formParams(params)
|
||||
.post(url("/WebGoat/CrossSiteScripting/phone-home-xss"))
|
||||
.then()
|
||||
.statusCode(200)
|
||||
.extract()
|
||||
.path("output");
|
||||
String secretNumber = result.substring("phoneHome Response is ".length());
|
||||
|
||||
@Test
|
||||
public void chrome() {
|
||||
startLesson("ChromeDevTools");
|
||||
params.clear();
|
||||
params.put("successMessage", secretNumber);
|
||||
checkAssignment(url("/WebGoat/ChromeDevTools/dummy"), params, true);
|
||||
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("param1", "42");
|
||||
params.put("param2", "24");
|
||||
params.clear();
|
||||
params.put("number", "24");
|
||||
params.put("network_num", "24");
|
||||
checkAssignment(url("/WebGoat/ChromeDevTools/network"), params, true);
|
||||
|
||||
String result =
|
||||
RestAssured.given()
|
||||
.when()
|
||||
.relaxedHTTPSValidation()
|
||||
.cookie("JSESSIONID", getWebGoatCookie())
|
||||
.header("webgoat-requested-by", "dom-xss-vuln")
|
||||
.header("X-Requested-With", "XMLHttpRequest")
|
||||
.formParams(params)
|
||||
.post(url("/WebGoat/CrossSiteScripting/phone-home-xss"))
|
||||
.then()
|
||||
.statusCode(200)
|
||||
.extract().path("output");
|
||||
String secretNumber = result.substring("phoneHome Response is ".length());
|
||||
checkResults("/ChromeDevTools/");
|
||||
}
|
||||
|
||||
params.clear();
|
||||
params.put("successMessage", secretNumber);
|
||||
checkAssignment(url("/WebGoat/ChromeDevTools/dummy"), params, true);
|
||||
@Test
|
||||
public void authByPass() {
|
||||
startLesson("AuthBypass");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("secQuestion2", "John");
|
||||
params.put("secQuestion3", "Main");
|
||||
params.put("jsEnabled", "1");
|
||||
params.put("verifyMethod", "SEC_QUESTIONS");
|
||||
params.put("userId", "12309746");
|
||||
checkAssignment(url("/auth-bypass/verify-account"), params, true);
|
||||
checkResults("/auth-bypass/");
|
||||
}
|
||||
|
||||
params.clear();
|
||||
params.put("number", "24");
|
||||
params.put("network_num", "24");
|
||||
checkAssignment(url("/WebGoat/ChromeDevTools/network"), params, true);
|
||||
|
||||
checkResults("/ChromeDevTools/");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authByPass() {
|
||||
startLesson("AuthBypass");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("secQuestion2", "John");
|
||||
params.put("secQuestion3", "Main");
|
||||
params.put("jsEnabled", "1");
|
||||
params.put("verifyMethod", "SEC_QUESTIONS");
|
||||
params.put("userId", "12309746");
|
||||
checkAssignment(url("/auth-bypass/verify-account"), params, true);
|
||||
checkResults("/auth-bypass/");
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void lessonTemplate() {
|
||||
startLesson("LessonTemplate");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("param1", "secr37Value");
|
||||
params.put("param2", "Main");
|
||||
checkAssignment(url("/lesson-template/sample-attack"), params, true);
|
||||
checkResults("/lesson-template/");
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void lessonTemplate() {
|
||||
startLesson("LessonTemplate");
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.clear();
|
||||
params.put("param1", "secr37Value");
|
||||
params.put("param2", "Main");
|
||||
checkAssignment(url("/lesson-template/sample-attack"), params, true);
|
||||
checkResults("/lesson-template/");
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user