From 4e371b63d0b0f82423fed55e604487a47bcd6ba1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Zubcevic?= Date: Sat, 25 Jan 2020 12:11:45 +0100 Subject: [PATCH] suppressing some useless log messages and banners in unit tests (#752) * suppressing some useless log messages and banners in unit tests * some more log suppressed --- .../src/test/resources/banner.txt | 0 .../webgoat/PasswordResetLessonTest.java | 2 - .../src/test/resources/banner.txt | 0 .../challenge/src/test/resources/banner.txt | 0 .../src/test/resources/banner.txt | 0 .../cia/src/test/resources/banner.txt | 0 .../src/test/resources/banner.txt | 0 .../xss/CrossSiteScriptingLesson3.java | 1 - .../src/test/resources/banner.txt | 0 .../owasp/webgoat/crypto/CryptoUtilTest.java | 7 ++- .../crypto/src/test/resources/banner.txt | 0 .../csrf/src/test/resources/banner.txt | 0 .../src/test/resources/banner.txt | 0 .../src/test/resources/banner.txt | 0 .../webgoat/idor/IDORViewOwnProfile.java | 5 +- .../framework/VulnerableTaskHolder.java | 15 +++--- .../src/test/resources/banner.txt | 0 .../webgoat/jwt/JWTSecretKeyEndpoint.java | 1 - .../webgoat/jwt/JWTVotesEndpointTest.java | 2 +- .../java/org/owasp/webgoat/jwt/TokenTest.java | 9 ++-- .../jwt/src/test/resources/banner.txt | 0 .../missing_ac/MissingFunctionACUsers.java | 6 ++- .../src/test/resources/banner.txt | 0 .../src/test/resources/banner.txt | 0 .../ssrf/src/test/resources/banner.txt | 0 .../src/test/resources/banner.txt | 0 .../xxe/src/test/resources/banner.txt | 0 webwolf/pom.xml | 48 ------------------- webwolf/src/test/resources/banner.txt | 0 webwolf/src/test/resources/logback-test.xml | 16 +++++++ 30 files changed, 44 insertions(+), 68 deletions(-) create mode 100644 webgoat-container/src/test/resources/banner.txt create mode 100644 webgoat-lessons/bypass-restrictions/src/test/resources/banner.txt create mode 100644 webgoat-lessons/challenge/src/test/resources/banner.txt create mode 100644 webgoat-lessons/chrome-dev-tools/src/test/resources/banner.txt create mode 100644 webgoat-lessons/cia/src/test/resources/banner.txt create mode 100644 webgoat-lessons/client-side-filtering/src/test/resources/banner.txt create mode 100644 webgoat-lessons/cross-site-scripting/src/test/resources/banner.txt create mode 100644 webgoat-lessons/crypto/src/test/resources/banner.txt create mode 100644 webgoat-lessons/csrf/src/test/resources/banner.txt create mode 100644 webgoat-lessons/html-tampering/src/test/resources/banner.txt create mode 100644 webgoat-lessons/http-proxies/src/test/resources/banner.txt create mode 100644 webgoat-lessons/insecure-deserialization/src/test/resources/banner.txt create mode 100644 webgoat-lessons/jwt/src/test/resources/banner.txt create mode 100644 webgoat-lessons/missing-function-ac/src/test/resources/banner.txt create mode 100644 webgoat-lessons/sql-injection/src/test/resources/banner.txt create mode 100644 webgoat-lessons/ssrf/src/test/resources/banner.txt create mode 100644 webgoat-lessons/vulnerable-components/src/test/resources/banner.txt create mode 100644 webgoat-lessons/xxe/src/test/resources/banner.txt create mode 100644 webwolf/src/test/resources/banner.txt create mode 100644 webwolf/src/test/resources/logback-test.xml diff --git a/webgoat-container/src/test/resources/banner.txt b/webgoat-container/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java index b0a6f576b..637bcc750 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java +++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java @@ -46,7 +46,6 @@ public class PasswordResetLessonTest extends IntegrationTest { .formParams("resetLink", link, "password", "123456") .post(url("PasswordReset/reset/change-password")) .then() - .log().all() .statusCode(200); } @@ -57,7 +56,6 @@ public class PasswordResetLessonTest extends IntegrationTest { .cookie("WEBWOLFSESSION", getWebWolfCookie()) .get(webWolfUrl("WebWolf/requests")) .then() - .log().all() .extract().response().getBody().asString(); int startIndex = responseBody.lastIndexOf("/PasswordReset/reset/reset-password/"); var link = responseBody.substring(startIndex + "/PasswordReset/reset/reset-password/".length(), responseBody.indexOf(",", startIndex) - 1); diff --git a/webgoat-lessons/bypass-restrictions/src/test/resources/banner.txt b/webgoat-lessons/bypass-restrictions/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/challenge/src/test/resources/banner.txt b/webgoat-lessons/challenge/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/chrome-dev-tools/src/test/resources/banner.txt b/webgoat-lessons/chrome-dev-tools/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/cia/src/test/resources/banner.txt b/webgoat-lessons/cia/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/client-side-filtering/src/test/resources/banner.txt b/webgoat-lessons/client-side-filtering/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson3.java b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson3.java index 78310b9b0..41bcec5a2 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson3.java +++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson3.java @@ -67,7 +67,6 @@ public class CrossSiteScriptingLesson3 extends AssignmentEndpoint { } if (includeCorrect && firstNameCorrect && lastNameCorrect) { - System.out.println("true"); return success(this).feedback("xss-mitigation-3-success").build(); } else { return failed(this).feedback("xss-mitigation-3-failure").build(); diff --git a/webgoat-lessons/cross-site-scripting/src/test/resources/banner.txt b/webgoat-lessons/cross-site-scripting/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/crypto/src/test/java/org/owasp/webgoat/crypto/CryptoUtilTest.java b/webgoat-lessons/crypto/src/test/java/org/owasp/webgoat/crypto/CryptoUtilTest.java index 6744e250e..c93353103 100644 --- a/webgoat-lessons/crypto/src/test/java/org/owasp/webgoat/crypto/CryptoUtilTest.java +++ b/webgoat-lessons/crypto/src/test/java/org/owasp/webgoat/crypto/CryptoUtilTest.java @@ -11,6 +11,9 @@ import javax.xml.bind.DatatypeConverter; import org.junit.jupiter.api.Test; +import lombok.extern.slf4j.Slf4j; + +@Slf4j public class CryptoUtilTest { @Test @@ -21,10 +24,10 @@ public class CryptoUtilTest { PrivateKey privateKey = CryptoUtil.getPrivateKeyFromPEM(CryptoUtil.getPrivateKeyInPEM(keyPair)); String modulus = DatatypeConverter.printHexBinary(rsaPubKey.getModulus().toByteArray()); String signature = CryptoUtil.signMessage(modulus, privateKey); - System.out.println(rsaPubKey.getPublicExponent()); + log.debug("public exponent {}", rsaPubKey.getPublicExponent()); assertTrue(CryptoUtil.verifyAssignment(modulus, signature, keyPair.getPublic())); } catch (Exception e) { - e.printStackTrace(); + log.error("signing failed", e);; fail(); } } diff --git a/webgoat-lessons/crypto/src/test/resources/banner.txt b/webgoat-lessons/crypto/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/csrf/src/test/resources/banner.txt b/webgoat-lessons/csrf/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/html-tampering/src/test/resources/banner.txt b/webgoat-lessons/html-tampering/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/http-proxies/src/test/resources/banner.txt b/webgoat-lessons/http-proxies/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java index 1db35b954..01031a063 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java +++ b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java @@ -27,10 +27,13 @@ import org.owasp.webgoat.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; +import lombok.extern.slf4j.Slf4j; + import java.util.HashMap; import java.util.Map; @RestController +@Slf4j public class IDORViewOwnProfile { @Autowired @@ -54,7 +57,7 @@ public class IDORViewOwnProfile { details.put("error","You do not have privileges to view the profile. Authenticate as tom first please."); } }catch (Exception ex) { - System.out.println(ex.getMessage()); + log.error("something went wrong", ex.getMessage()); } return details; } diff --git a/webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java b/webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java index 2698f04d0..473336e87 100644 --- a/webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java +++ b/webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java @@ -7,6 +7,9 @@ import java.io.ObjectInputStream; import java.io.Serializable; import java.time.LocalDateTime; +import lombok.extern.slf4j.Slf4j; + +@Slf4j public class VulnerableTaskHolder implements Serializable { private static final long serialVersionUID = 2; @@ -37,31 +40,31 @@ public class VulnerableTaskHolder implements Serializable { stream.defaultReadObject(); //do something with the data - System.out.println("restoring task: "+taskName); - System.out.println("restoring time: "+requestedExecutionTime); + log.info("restoring task: {}", taskName); + log.info("restoring time: {}", requestedExecutionTime); if (requestedExecutionTime!=null && (requestedExecutionTime.isBefore(LocalDateTime.now().minusMinutes(10)) || requestedExecutionTime.isAfter(LocalDateTime.now()))) { //do nothing is the time is not within 10 minutes after the object has been created - System.out.println(this.toString()); + log.debug(this.toString()); throw new IllegalArgumentException("outdated"); } //condition is here to prevent you from destroying the goat altogether if ((taskAction.startsWith("sleep")||taskAction.startsWith("ping")) && taskAction.length() < 22) { - System.out.println("about to execute: "+taskAction); + log.info("about to execute: {}", taskAction); try { Process p = Runtime.getRuntime().exec(taskAction); BufferedReader in = new BufferedReader( new InputStreamReader(p.getInputStream())); String line = null; while ((line = in.readLine()) != null) { - System.out.println(line); + log.info(line); } } catch (IOException e) { - e.printStackTrace(); + log.error("IO Exception", e); } } diff --git a/webgoat-lessons/insecure-deserialization/src/test/resources/banner.txt b/webgoat-lessons/insecure-deserialization/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java index 29f6bd41d..a06dc6b05 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java +++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java @@ -85,7 +85,6 @@ public class JWTSecretKeyEndpoint extends AssignmentEndpoint { } } } catch (Exception e) { - e.printStackTrace(); return failed(this).feedback("jwt-invalid-token").output(e.getMessage()).build(); } } diff --git a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java index 5b2475473..04d3031fd 100644 --- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java +++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java @@ -149,7 +149,7 @@ public class JWTVotesEndpointTest extends LessonTest { result = mockMvc.perform(MockMvcRequestBuilders.get("/JWT/votings") .cookie(cookie)) - .andExpect(status().isOk()).andDo(print()).andReturn(); + .andExpect(status().isOk())./*andDo(print()).*/andReturn(); Object[] nodes = new ObjectMapper().readValue(result.getResponse().getContentAsString(), Object[].class); int currentNumberOfVotes = (int) findNodeByTitle(nodes, "Admin lost password").get("numberOfVotes"); diff --git a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/TokenTest.java b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/TokenTest.java index afc129877..5ee4f045f 100644 --- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/TokenTest.java +++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/TokenTest.java @@ -24,6 +24,8 @@ package org.owasp.webgoat.jwt; import io.jsonwebtoken.*; import io.jsonwebtoken.impl.TextCodec; +import lombok.extern.slf4j.Slf4j; + import org.junit.Test; import java.time.Duration; @@ -32,6 +34,7 @@ import java.util.Date; import java.util.Map; import java.util.concurrent.TimeUnit; +@Slf4j public class TokenTest { @Test @@ -43,7 +46,7 @@ public class TokenTest { .setIssuedAt(new Date(System.currentTimeMillis() + TimeUnit.DAYS.toDays(10))) .setClaims(claims) .signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, key).compact(); - System.out.println(token); + log.debug(token); Jwt jwt = Jwts.parser().setSigningKey("qwertyqwerty1234").parse(token); jwt = Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() { @Override @@ -64,8 +67,6 @@ public class TokenTest { String token = Jwts.builder().setClaims(claims) .signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, "bm5n3SkxCX4kKRy4") .compact(); - //Jws jws = Jwts.parser().setSigningKey("bm5n3SkxCX4kKRy4").parseClaimsJws(token); - //Jwts.parser().setSigningKey().parsePlaintextJws(token); - System.out.println(token); + log.debug(token); } } diff --git a/webgoat-lessons/jwt/src/test/resources/banner.txt b/webgoat-lessons/jwt/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java b/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java index 8073ddb4e..abf58a370 100644 --- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java +++ b/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java @@ -32,6 +32,8 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.servlet.ModelAndView; +import lombok.extern.slf4j.Slf4j; + import javax.servlet.http.HttpServletRequest; import java.util.ArrayList; import java.util.List; @@ -41,6 +43,7 @@ import java.util.List; */ @Controller +@Slf4j public class MissingFunctionACUsers { // this will actually put controllers on the /WebGoat/* path ... the jsp for list_users restricts what can be seen, but the add_user is not controlled carefully @@ -84,8 +87,7 @@ public class MissingFunctionACUsers { userService.addUser(newUser.getUsername(),newUser.getPassword(),newUser.getRole()); return userService.loadUserByUsername(newUser.getUsername()); } catch (Exception ex) { - System.out.println("Error creating new User" + ex.getMessage()); - ex.printStackTrace(); + log.error("Error creating new User", ex); //TODO: implement error handling ... } finally { // no streams or other resources opened ... nothing to do, right? diff --git a/webgoat-lessons/missing-function-ac/src/test/resources/banner.txt b/webgoat-lessons/missing-function-ac/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/sql-injection/src/test/resources/banner.txt b/webgoat-lessons/sql-injection/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/ssrf/src/test/resources/banner.txt b/webgoat-lessons/ssrf/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/vulnerable-components/src/test/resources/banner.txt b/webgoat-lessons/vulnerable-components/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webgoat-lessons/xxe/src/test/resources/banner.txt b/webgoat-lessons/xxe/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webwolf/pom.xml b/webwolf/pom.xml index 273e841be..c84672b7d 100644 --- a/webwolf/pom.xml +++ b/webwolf/pom.xml @@ -31,7 +31,6 @@ org.apache.commons commons-lang3 - ${commons-lang3.version} org.springframework.boot @@ -96,51 +95,4 @@ - - - - org.apache.maven.plugins - maven-compiler-plugin - ${maven-compiler-plugin.version} - - 11 - 11 - UTF-8 - - - - org.springframework.boot - spring-boot-maven-plugin - - - org.apache.maven.plugins - maven-jar-plugin - 3.1.2 - - - test-compile - - jar - - - internal - - - - - - org.apache.maven.plugins - maven-surefire-plugin - ${maven-surefire-plugin.version} - - never - - --illegal-access=permit - - - - - - - diff --git a/webwolf/src/test/resources/banner.txt b/webwolf/src/test/resources/banner.txt new file mode 100644 index 000000000..e69de29bb diff --git a/webwolf/src/test/resources/logback-test.xml b/webwolf/src/test/resources/logback-test.xml new file mode 100644 index 000000000..a2aa1f5c1 --- /dev/null +++ b/webwolf/src/test/resources/logback-test.xml @@ -0,0 +1,16 @@ + + + + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n + + + + + + + + + \ No newline at end of file