dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Vulnerable components only work in a Docker container

Browse Source
This commit is contained in:
Nanne Baars 2023-01-05 20:51:15 +01:00
parent bdbf66c8e1
commit 323daae578
1 changed files with 183 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

342
src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java
View File

@ -2,185 +2,209 @@ package org.owasp.webgoat;
import io.restassured.RestAssured; import io.restassured.RestAssured;
import io.restassured.http.ContentType; import io.restassured.http.ContentType;
import java.util.HashMap;
import java.util.Map;
import org.hamcrest.CoreMatchers; import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert; import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.springframework.util.StringUtils;
import java.util.HashMap;
import java.util.Map;
public class GeneralLessonIntegrationTest extends IntegrationTest { public class GeneralLessonIntegrationTest extends IntegrationTest {
@Test @Test
public void httpBasics() { public void httpBasics() {
startLesson("HttpBasics"); startLesson("HttpBasics");
Map<String, Object> params = new HashMap<>(); Map<String, Object> params = new HashMap<>();
params.clear(); params.clear();
params.put("person", "goatuser"); params.put("person", "goatuser");
checkAssignment(url("HttpBasics/attack1"), params, true); checkAssignment(url("HttpBasics/attack1"), params, true);
params.clear(); params.clear();
params.put("answer", "POST"); params.put("answer", "POST");
params.put("magic_answer", "33"); params.put("magic_answer", "33");
params.put("magic_num", "4"); params.put("magic_num", "4");
checkAssignment(url("HttpBasics/attack2"), params, false); checkAssignment(url("HttpBasics/attack2"), params, false);
params.clear(); params.clear();
params.put("answer", "POST"); params.put("answer", "POST");
params.put("magic_answer", "33"); params.put("magic_answer", "33");
params.put("magic_num", "33"); params.put("magic_num", "33");
checkAssignment(url("HttpBasics/attack2"), params, true); checkAssignment(url("HttpBasics/attack2"), params, true);
checkResults("/HttpBasics/"); checkResults("/HttpBasics/");
}
@Test
public void httpProxies() {
startLesson("HttpProxies");
MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
.header("x-request-intercepted", "true")
.contentType(ContentType.JSON)
.get(url("HttpProxies/intercept-request?changeMe=Requests are tampered easily"))
.then()
.statusCode(200)
.extract()
.path("lessonCompleted"),
CoreMatchers.is(true));
checkResults("/HttpProxies/");
}
@Test
public void cia() {
startLesson("CIA");
Map<String, Object> params = new HashMap<>();
params.clear();
params.put(
"question_0_solution",
"Solution 3: By stealing a database where names and emails are stored and uploading it to a website.");
params.put(
"question_1_solution",
"Solution 1: By changing the names and emails of one or more users stored in a database.");
params.put(
"question_2_solution",
"Solution 4: By launching a denial of service attack on the servers.");
params.put(
"question_3_solution",
"Solution 2: The systems security is compromised even if only one goal is harmed.");
checkAssignment(url("/WebGoat/cia/quiz"), params, true);
checkResults("/cia/");
}
@Test
public void vulnerableComponents() {
if (StringUtils.hasText(System.getProperty("running.in.docker"))) {
String solution =
"<contact class='dynamic-proxy'>\n"
+ "<interface>org.owasp.webgoat.lessons.vulnerablecomponents.Contact</interface>\n"
+ " <handler class='java.beans.EventHandler'>\n"
+ " <target class='java.lang.ProcessBuilder'>\n"
+ " <command>\n"
+ " <string>calc.exe</string>\n"
+ " </command>\n"
+ " </target>\n"
+ " <action>start</action>\n"
+ " </handler>\n"
+ "</contact>";
startLesson("VulnerableComponents");
Map<String, Object> params = new HashMap<>();
params.clear();
params.put("payload", solution);
checkAssignment(url("/WebGoat/VulnerableComponents/attack1"), params, true);
checkResults("/VulnerableComponents/");
} }
}
@Test @Test
public void httpProxies() { public void insecureLogin() {
startLesson("HttpProxies"); startLesson("InsecureLogin");
MatcherAssert.assertThat(RestAssured.given() Map<String, Object> params = new HashMap<>();
.when().relaxedHTTPSValidation().cookie("JSESSIONID", getWebGoatCookie()).header("x-request-intercepted", "true") params.clear();
.contentType(ContentType.JSON) params.put("username", "CaptainJack");
.get(url("HttpProxies/intercept-request?changeMe=Requests are tampered easily")) params.put("password", "BlackPearl");
.then() checkAssignment(url("/WebGoat/InsecureLogin/task"), params, true);
.statusCode(200).extract().path("lessonCompleted"), CoreMatchers.is(true)); checkResults("/InsecureLogin/");
}
checkResults("/HttpProxies/"); @Test
} public void securePasswords() {
startLesson("SecurePasswords");
Map<String, Object> params = new HashMap<>();
params.clear();
params.put("password", "ajnaeliclm^&&@kjn.");
checkAssignment(url("/WebGoat/SecurePasswords/assignment"), params, true);
checkResults("SecurePasswords/");
@Test startLesson("AuthBypass");
public void cia() { params.clear();
startLesson("CIA"); params.put("secQuestion2", "John");
Map<String, Object> params = new HashMap<>(); params.put("secQuestion3", "Main");
params.clear(); params.put("jsEnabled", "1");
params.put("question_0_solution", "Solution 3: By stealing a database where names and emails are stored and uploading it to a website."); params.put("verifyMethod", "SEC_QUESTIONS");
params.put("question_1_solution", "Solution 1: By changing the names and emails of one or more users stored in a database."); params.put("userId", "12309746");
params.put("question_2_solution", "Solution 4: By launching a denial of service attack on the servers."); checkAssignment(url("/WebGoat/auth-bypass/verify-account"), params, true);
params.put("question_3_solution", "Solution 2: The systems security is compromised even if only one goal is harmed."); checkResults("/auth-bypass/");
checkAssignment(url("/WebGoat/cia/quiz"), params, true);
checkResults("/cia/");
} startLesson("HttpProxies");
MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
.header("x-request-intercepted", "true")
.contentType(ContentType.JSON)
.get(
url("/WebGoat/HttpProxies/intercept-request?changeMe=Requests are tampered easily"))
.then()
.statusCode(200)
.extract()
.path("lessonCompleted"),
CoreMatchers.is(true));
checkResults("/HttpProxies/");
}
@Test @Test
public void vulnerableComponents() { public void chrome() {
String solution = "<contact class='dynamic-proxy'>\n" + startLesson("ChromeDevTools");
"<interface>org.owasp.webgoat.lessons.vulnerablecomponents.Contact</interface>\n" +
" <handler class='java.beans.EventHandler'>\n" +
" <target class='java.lang.ProcessBuilder'>\n" +
" <command>\n" +
" <string>calc.exe</string>\n" +
" </command>\n" +
" </target>\n" +
" <action>start</action>\n" +
" </handler>\n" +
"</contact>";
startLesson("VulnerableComponents");
Map<String, Object> params = new HashMap<>();
params.clear();
params.put("payload", solution);
checkAssignment(url("/WebGoat/VulnerableComponents/attack1"), params, true);
checkResults("/VulnerableComponents/");
}
@Test Map<String, Object> params = new HashMap<>();
public void insecureLogin() { params.clear();
startLesson("InsecureLogin"); params.put("param1", "42");
Map<String, Object> params = new HashMap<>(); params.put("param2", "24");
params.clear();
params.put("username", "CaptainJack");
params.put("password", "BlackPearl");
checkAssignment(url("/WebGoat/InsecureLogin/task"), params, true);
checkResults("/InsecureLogin/");
}
@Test String result =
public void securePasswords() { RestAssured.given()
startLesson("SecurePasswords"); .when()
Map<String, Object> params = new HashMap<>(); .relaxedHTTPSValidation()
params.clear(); .cookie("JSESSIONID", getWebGoatCookie())
params.put("password", "ajnaeliclm^&&@kjn."); .header("webgoat-requested-by", "dom-xss-vuln")
checkAssignment(url("/WebGoat/SecurePasswords/assignment"), params, true); .header("X-Requested-With", "XMLHttpRequest")
checkResults("SecurePasswords/"); .formParams(params)
.post(url("/WebGoat/CrossSiteScripting/phone-home-xss"))
.then()
.statusCode(200)
.extract()
.path("output");
String secretNumber = result.substring("phoneHome Response is ".length());
startLesson("AuthBypass"); params.clear();
params.clear(); params.put("successMessage", secretNumber);
params.put("secQuestion2", "John"); checkAssignment(url("/WebGoat/ChromeDevTools/dummy"), params, true);
params.put("secQuestion3", "Main");
params.put("jsEnabled", "1");
params.put("verifyMethod", "SEC_QUESTIONS");
params.put("userId", "12309746");
checkAssignment(url("/WebGoat/auth-bypass/verify-account"), params, true);
checkResults("/auth-bypass/");
startLesson("HttpProxies"); params.clear();
MatcherAssert.assertThat(RestAssured.given().when().relaxedHTTPSValidation().cookie("JSESSIONID", getWebGoatCookie()).header("x-request-intercepted", "true") params.put("number", "24");
.contentType(ContentType.JSON) params.put("network_num", "24");
.get(url("/WebGoat/HttpProxies/intercept-request?changeMe=Requests are tampered easily")).then() checkAssignment(url("/WebGoat/ChromeDevTools/network"), params, true);
.statusCode(200).extract().path("lessonCompleted"), CoreMatchers.is(true));
checkResults("/HttpProxies/");
}
@Test checkResults("/ChromeDevTools/");
public void chrome() { }
startLesson("ChromeDevTools");
Map<String, Object> params = new HashMap<>(); @Test
params.clear(); public void authByPass() {
params.put("param1", "42"); startLesson("AuthBypass");
params.put("param2", "24"); Map<String, Object> params = new HashMap<>();
params.clear();
String result = params.put("secQuestion2", "John");
RestAssured.given() params.put("secQuestion3", "Main");
.when() params.put("jsEnabled", "1");
.relaxedHTTPSValidation() params.put("verifyMethod", "SEC_QUESTIONS");
.cookie("JSESSIONID", getWebGoatCookie()) params.put("userId", "12309746");
.header("webgoat-requested-by", "dom-xss-vuln") checkAssignment(url("/auth-bypass/verify-account"), params, true);
.header("X-Requested-With", "XMLHttpRequest") checkResults("/auth-bypass/");
.formParams(params) }
.post(url("/WebGoat/CrossSiteScripting/phone-home-xss"))
.then()
.statusCode(200)
.extract().path("output");
String secretNumber = result.substring("phoneHome Response is ".length());
params.clear();
params.put("successMessage", secretNumber);
checkAssignment(url("/WebGoat/ChromeDevTools/dummy"), params, true);
params.clear();
params.put("number", "24");
params.put("network_num", "24");
checkAssignment(url("/WebGoat/ChromeDevTools/network"), params, true);
checkResults("/ChromeDevTools/");
}
@Test
public void authByPass() {
startLesson("AuthBypass");
Map<String, Object> params = new HashMap<>();
params.clear();
params.put("secQuestion2", "John");
params.put("secQuestion3", "Main");
params.put("jsEnabled", "1");
params.put("verifyMethod", "SEC_QUESTIONS");
params.put("userId", "12309746");
checkAssignment(url("/auth-bypass/verify-account"), params, true);
checkResults("/auth-bypass/");
}
@Test
public void lessonTemplate() {
startLesson("LessonTemplate");
Map<String, Object> params = new HashMap<>();
params.clear();
params.put("param1", "secr37Value");
params.put("param2", "Main");
checkAssignment(url("/lesson-template/sample-attack"), params, true);
checkResults("/lesson-template/");
}
@Test
public void lessonTemplate() {
startLesson("LessonTemplate");
Map<String, Object> params = new HashMap<>();
params.clear();
params.put("param1", "secr37Value");
params.put("param2", "Main");
checkAssignment(url("/lesson-template/sample-attack"), params, true);
checkResults("/lesson-template/");
}
} }