suppressing some useless log messages and banners in unit tests (#752)
* suppressing some useless log messages and banners in unit tests * some more log suppressed
This commit is contained in:
René Zubcevic
GitHub
0
webgoat-lessons/cia/src/test/resources/banner.txt
Normal file
0
webgoat-lessons/cia/src/test/resources/banner.txt
Normal file
@ -67,7 +67,6 @@ public class CrossSiteScriptingLesson3 extends AssignmentEndpoint {
|
||||
}
|
||||
|
||||
if (includeCorrect && firstNameCorrect && lastNameCorrect) {
|
||||
System.out.println("true");
|
||||
return success(this).feedback("xss-mitigation-3-success").build();
|
||||
} else {
|
||||
return failed(this).feedback("xss-mitigation-3-failure").build();
|
||||
|
||||
@ -11,6 +11,9 @@ import javax.xml.bind.DatatypeConverter;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
@Slf4j
|
||||
public class CryptoUtilTest {
|
||||
|
||||
@Test
|
||||
@ -21,10 +24,10 @@ public class CryptoUtilTest {
|
||||
PrivateKey privateKey = CryptoUtil.getPrivateKeyFromPEM(CryptoUtil.getPrivateKeyInPEM(keyPair));
|
||||
String modulus = DatatypeConverter.printHexBinary(rsaPubKey.getModulus().toByteArray());
|
||||
String signature = CryptoUtil.signMessage(modulus, privateKey);
|
||||
System.out.println(rsaPubKey.getPublicExponent());
|
||||
log.debug("public exponent {}", rsaPubKey.getPublicExponent());
|
||||
assertTrue(CryptoUtil.verifyAssignment(modulus, signature, keyPair.getPublic()));
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
log.error("signing failed", e);;
|
||||
fail();
|
||||
}
|
||||
}
|
||||
|
||||
0
webgoat-lessons/csrf/src/test/resources/banner.txt
Normal file
0
webgoat-lessons/csrf/src/test/resources/banner.txt
Normal file
@ -27,10 +27,13 @@ import org.owasp.webgoat.session.UserSessionData;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
@RestController
|
||||
@Slf4j
|
||||
public class IDORViewOwnProfile {
|
||||
|
||||
@Autowired
|
||||
@ -54,7 +57,7 @@ public class IDORViewOwnProfile {
|
||||
details.put("error","You do not have privileges to view the profile. Authenticate as tom first please.");
|
||||
}
|
||||
}catch (Exception ex) {
|
||||
System.out.println(ex.getMessage());
|
||||
log.error("something went wrong", ex.getMessage());
|
||||
}
|
||||
return details;
|
||||
}
|
||||
|
||||
@ -7,6 +7,9 @@ import java.io.ObjectInputStream;
|
||||
import java.io.Serializable;
|
||||
import java.time.LocalDateTime;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
@Slf4j
|
||||
public class VulnerableTaskHolder implements Serializable {
|
||||
|
||||
private static final long serialVersionUID = 2;
|
||||
@ -37,31 +40,31 @@ public class VulnerableTaskHolder implements Serializable {
|
||||
stream.defaultReadObject();
|
||||
|
||||
//do something with the data
|
||||
System.out.println("restoring task: "+taskName);
|
||||
System.out.println("restoring time: "+requestedExecutionTime);
|
||||
log.info("restoring task: {}", taskName);
|
||||
log.info("restoring time: {}", requestedExecutionTime);
|
||||
|
||||
if (requestedExecutionTime!=null &&
|
||||
(requestedExecutionTime.isBefore(LocalDateTime.now().minusMinutes(10))
|
||||
|| requestedExecutionTime.isAfter(LocalDateTime.now()))) {
|
||||
//do nothing is the time is not within 10 minutes after the object has been created
|
||||
System.out.println(this.toString());
|
||||
log.debug(this.toString());
|
||||
throw new IllegalArgumentException("outdated");
|
||||
}
|
||||
|
||||
//condition is here to prevent you from destroying the goat altogether
|
||||
if ((taskAction.startsWith("sleep")||taskAction.startsWith("ping"))
|
||||
&& taskAction.length() < 22) {
|
||||
System.out.println("about to execute: "+taskAction);
|
||||
log.info("about to execute: {}", taskAction);
|
||||
try {
|
||||
Process p = Runtime.getRuntime().exec(taskAction);
|
||||
BufferedReader in = new BufferedReader(
|
||||
new InputStreamReader(p.getInputStream()));
|
||||
String line = null;
|
||||
while ((line = in.readLine()) != null) {
|
||||
System.out.println(line);
|
||||
log.info(line);
|
||||
}
|
||||
} catch (IOException e) {
|
||||
e.printStackTrace();
|
||||
log.error("IO Exception", e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -85,7 +85,6 @@ public class JWTSecretKeyEndpoint extends AssignmentEndpoint {
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
return failed(this).feedback("jwt-invalid-token").output(e.getMessage()).build();
|
||||
}
|
||||
}
|
||||
|
||||
@ -149,7 +149,7 @@ public class JWTVotesEndpointTest extends LessonTest {
|
||||
|
||||
result = mockMvc.perform(MockMvcRequestBuilders.get("/JWT/votings")
|
||||
.cookie(cookie))
|
||||
.andExpect(status().isOk()).andDo(print()).andReturn();
|
||||
.andExpect(status().isOk())./*andDo(print()).*/andReturn();
|
||||
Object[] nodes = new ObjectMapper().readValue(result.getResponse().getContentAsString(), Object[].class);
|
||||
int currentNumberOfVotes = (int) findNodeByTitle(nodes, "Admin lost password").get("numberOfVotes");
|
||||
|
||||
|
||||
@ -24,6 +24,8 @@ package org.owasp.webgoat.jwt;
|
||||
|
||||
import io.jsonwebtoken.*;
|
||||
import io.jsonwebtoken.impl.TextCodec;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import java.time.Duration;
|
||||
@ -32,6 +34,7 @@ import java.util.Date;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
@Slf4j
|
||||
public class TokenTest {
|
||||
|
||||
@Test
|
||||
@ -43,7 +46,7 @@ public class TokenTest {
|
||||
.setIssuedAt(new Date(System.currentTimeMillis() + TimeUnit.DAYS.toDays(10)))
|
||||
.setClaims(claims)
|
||||
.signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, key).compact();
|
||||
System.out.println(token);
|
||||
log.debug(token);
|
||||
Jwt jwt = Jwts.parser().setSigningKey("qwertyqwerty1234").parse(token);
|
||||
jwt = Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
|
||||
@Override
|
||||
@ -64,8 +67,6 @@ public class TokenTest {
|
||||
String token = Jwts.builder().setClaims(claims)
|
||||
.signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, "bm5n3SkxCX4kKRy4")
|
||||
.compact();
|
||||
//Jws<Claims> jws = Jwts.parser().setSigningKey("bm5n3SkxCX4kKRy4").parseClaimsJws(token);
|
||||
//Jwts.parser().setSigningKey().parsePlaintextJws(token);
|
||||
System.out.println(token);
|
||||
log.debug(token);
|
||||
}
|
||||
}
|
||||
|
||||
0
webgoat-lessons/jwt/src/test/resources/banner.txt
Normal file
0
webgoat-lessons/jwt/src/test/resources/banner.txt
Normal file
@ -32,6 +32,8 @@ import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@ -41,6 +43,7 @@ import java.util.List;
|
||||
*/
|
||||
|
||||
@Controller
|
||||
@Slf4j
|
||||
public class MissingFunctionACUsers {
|
||||
|
||||
// this will actually put controllers on the /WebGoat/* path ... the jsp for list_users restricts what can be seen, but the add_user is not controlled carefully
|
||||
@ -84,8 +87,7 @@ public class MissingFunctionACUsers {
|
||||
userService.addUser(newUser.getUsername(),newUser.getPassword(),newUser.getRole());
|
||||
return userService.loadUserByUsername(newUser.getUsername());
|
||||
} catch (Exception ex) {
|
||||
System.out.println("Error creating new User" + ex.getMessage());
|
||||
ex.printStackTrace();
|
||||
log.error("Error creating new User", ex);
|
||||
//TODO: implement error handling ...
|
||||
} finally {
|
||||
// no streams or other resources opened ... nothing to do, right?
|
||||
|
||||
0
webgoat-lessons/ssrf/src/test/resources/banner.txt
Normal file
0
webgoat-lessons/ssrf/src/test/resources/banner.txt
Normal file
0
webgoat-lessons/xxe/src/test/resources/banner.txt
Normal file
0
webgoat-lessons/xxe/src/test/resources/banner.txt
Normal file
Reference in New Issue
Block a user