dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add two more assignments for SQL injection where only filtering is applied.

Browse Source
This commit is contained in:
Nanne Baars
2020-04-13 15:17:43 +02:00
committed by Nanne Baars
parent 122cc323f2
commit 407e19638f
16 changed files with 341 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java
View File

@ -38,6 +38,14 @@ public class SqlInjectionMitigationTest extends IntegrationTest {
"}");
checkAssignment(url("/WebGoat/SqlInjectionMitigations/attack10b"), params, true);
params.clear();
params.put("userid_sql_only_input_validation", "Smith';SELECT/**/*/**/from/**/user_system_data;--");
checkAssignment(url("/WebGoat/SqlOnlyInputValidation/attack"), params, true);
params.clear();
params.put("userid_sql_only_input_validation_on_keywords", "Smith';SESELECTLECT/**/*/**/FRFROMOM/**/user_system_data;--");
checkAssignment(url("/WebGoat/SqlOnlyInputValidationOnKeywords/attack"), params, true);
RestAssured.given()
.when().relaxedHTTPSValidation().cookie("JSESSIONID", getWebGoatCookie())
.contentType(ContentType.JSON)
@ -57,7 +65,6 @@ public class SqlInjectionMitigationTest extends IntegrationTest {
params.put("ip", "104.130.219.202");
checkAssignment(url("/WebGoat/SqlInjectionMitigations/attack12a"), params, true);
checkResults("/SqlInjectionMitigations/");
checkResults();
}
}