fix: challenge test fails sometimes when calling scoreboard endpoint

2023-02-15 17:28:15 +00:00
parent eb4c8388f8
commit 3ec34b0df5
3 changed files with 99 additions and 103 deletions
--- a/src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java
+++ b/src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java
@ -1,112 +1,112 @@
 package org.owasp.webgoat;

+import static java.util.concurrent.TimeUnit.SECONDS;
+import static org.hamcrest.Matchers.lessThan;
+import static org.junit.jupiter.api.Assertions.assertTrue;

 import io.restassured.RestAssured;
-import org.junit.jupiter.api.Test;
-
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-
-import static org.junit.jupiter.api.Assertions.assertTrue;
-
+import org.junit.jupiter.api.Test;

 public class ChallengeIntegrationTest extends IntegrationTest {

-    @Test
-    public void testChallenge1() {
-        startLesson("Challenge1");
+  @Test
+  public void testChallenge1() {
+    startLesson("Challenge1");

-        byte[] resultBytes =
-                RestAssured.given()
-                        .when()
-                        .relaxedHTTPSValidation()
-                        .cookie("JSESSIONID", getWebGoatCookie())
-                        .get(url("/WebGoat/challenge/logo"))
-                        .then()
-                        .statusCode(200)
-                        .extract().asByteArray();
+    byte[] resultBytes =
+        RestAssured.given()
+            .when()
+            .relaxedHTTPSValidation()
+            .cookie("JSESSIONID", getWebGoatCookie())
+            .get(url("/WebGoat/challenge/logo"))
+            .then()
+            .statusCode(200)
+            .extract()
+            .asByteArray();

-        String pincode = new String(Arrays.copyOfRange(resultBytes, 81216, 81220));
-        Map<String, Object> params = new HashMap<>();
-        params.clear();
-        params.put("username", "admin");
-        params.put("password", "!!webgoat_admin_1234!!".replace("1234", pincode));
+    String pincode = new String(Arrays.copyOfRange(resultBytes, 81216, 81220));
+    Map<String, Object> params = new HashMap<>();
+    params.clear();
+    params.put("username", "admin");
+    params.put("password", "!!webgoat_admin_1234!!".replace("1234", pincode));

+    checkAssignment(url("/WebGoat/challenge/1"), params, true);
+    String result =
+        RestAssured.given()
+            .when()
+            .relaxedHTTPSValidation()
+            .cookie("JSESSIONID", getWebGoatCookie())
+            .formParams(params)
+            .post(url("/WebGoat/challenge/1"))
+            .then()
+            .statusCode(200)
+            .extract()
+            .asString();

-        checkAssignment(url("/WebGoat/challenge/1"), params, true);
-        String result =
-                RestAssured.given()
-                        .when()
-                        .relaxedHTTPSValidation()
-                        .cookie("JSESSIONID", getWebGoatCookie())
-                        .formParams(params)
-                        .post(url("/WebGoat/challenge/1"))
-                        .then()
-                        .statusCode(200)
-                        .extract().asString();
+    String flag = result.substring(result.indexOf("flag") + 6, result.indexOf("flag") + 42);
+    params.clear();
+    params.put("flag", flag);
+    checkAssignment(url("/WebGoat/challenge/flag"), params, true);

-        String flag = result.substring(result.indexOf("flag") + 6, result.indexOf("flag") + 42);
-        params.clear();
-        params.put("flag", flag);
-        checkAssignment(url("/WebGoat/challenge/flag"), params, true);
+    checkResults("/challenge/1");

+    List<String> capturefFlags =
+        RestAssured.given()
+            .when()
+            .relaxedHTTPSValidation()
+            .cookie("JSESSIONID", getWebGoatCookie())
+            .get(url("/WebGoat/scoreboard-data"))
+            .then()
+            .statusCode(200)
+            .extract()
+            .jsonPath()
+            .get("find { it.username == \"" + this.getUser() + "\" }.flagsCaptured");
+    assertTrue(capturefFlags.contains("Admin lost password"));
+  }

-        checkResults("/challenge/1");
+  @Test
+  public void testChallenge5() {
+    startLesson("Challenge5");

-        List<String> capturefFlags =
-                RestAssured.given()
-                        .when()
-                        .relaxedHTTPSValidation()
-                        .cookie("JSESSIONID", getWebGoatCookie())
-                        .get(url("/WebGoat/scoreboard-data"))
-                        .then()
-                        .statusCode(200)
-                        .extract().jsonPath()
-                        .get("find { it.username == \"" + this.getUser() + "\" }.flagsCaptured");
-        assertTrue(capturefFlags.contains("Admin lost password"));
-    }
+    Map<String, Object> params = new HashMap<>();
+    params.clear();
+    params.put("username_login", "Larry");
+    params.put("password_login", "1' or '1'='1");

-    @Test
-    public void testChallenge5() {
-        startLesson("Challenge5");
+    String result =
+        RestAssured.given()
+            .when()
+            .relaxedHTTPSValidation()
+            .cookie("JSESSIONID", getWebGoatCookie())
+            .formParams(params)
+            .post(url("/WebGoat/challenge/5"))
+            .then()
+            .statusCode(200)
+            .extract()
+            .asString();

-        Map<String, Object> params = new HashMap<>();
-        params.clear();
-        params.put("username_login", "Larry");
-        params.put("password_login", "1' or '1'='1");
+    String flag = result.substring(result.indexOf("flag") + 6, result.indexOf("flag") + 42);
+    params.clear();
+    params.put("flag", flag);
+    checkAssignment(url("/WebGoat/challenge/flag"), params, true);

-        String result =
-                RestAssured.given()
-                        .when()
-                        .relaxedHTTPSValidation()
-                        .cookie("JSESSIONID", getWebGoatCookie())
-                        .formParams(params)
-                        .post(url("/WebGoat/challenge/5"))
-                        .then()
-                        .statusCode(200)
-                        .extract().asString();
-
-        String flag = result.substring(result.indexOf("flag") + 6, result.indexOf("flag") + 42);
-        params.clear();
-        params.put("flag", flag);
-        checkAssignment(url("/WebGoat/challenge/flag"), params, true);
-
-
-        checkResults("/challenge/5");
-
-        List<String> capturefFlags =
-                RestAssured.given()
-                        .when()
-                        .relaxedHTTPSValidation()
-                        .cookie("JSESSIONID", getWebGoatCookie())
-                        .get(url("/WebGoat/scoreboard-data"))
-                        .then()
-                        .statusCode(200)
-                        .extract().jsonPath()
-                        .get("find { it.username == \"" + this.getUser() + "\" }.flagsCaptured");
-        assertTrue(capturefFlags.contains("Without password"));
-    }
+    checkResults("/challenge/5");

+    List<String> capturefFlags =
+        RestAssured.given()
+            .when()
+            .relaxedHTTPSValidation()
+            .cookie("JSESSIONID", getWebGoatCookie())
+            .get(url("/WebGoat/scoreboard-data"))
+            .then()
+            .statusCode(200)
+            .extract()
+            .jsonPath()
+            .get("find { it.username == \"" + this.getUser() + "\" }.flagsCaptured");
+    assertTrue(capturefFlags.contains("Without password"));
+  }
 }
--- a/src/it/java/org/owasp/webgoat/IntegrationTest.java
+++ b/src/it/java/org/owasp/webgoat/IntegrationTest.java
@ -26,7 +26,7 @@ public abstract class IntegrationTest {
    @Getter
    private String webWolfCookie;
    @Getter
-    private String user = "webgoat";
+    private final String user = "webgoat";

    protected String url(String url) {
        url = url.replaceFirst("/WebGoat/", "");