Cleaning up test case logging
This commit is contained in:
Nanne Baars
@ -8,7 +8,6 @@ import org.owasp.webgoat.session.WebgoatContext;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.containsString;
|
||||
@ -39,7 +38,7 @@ public class SqlInjectionLesson5aTest extends LessonTest {
|
||||
public void knownAccountShouldDisplayData() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack5a")
|
||||
.param("account", "Smith"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("lessonCompleted", is(false)))
|
||||
.andExpect(jsonPath("$.feedback", is(messages.getMessage("assignment.not.solved"))))
|
||||
@ -50,7 +49,7 @@ public class SqlInjectionLesson5aTest extends LessonTest {
|
||||
public void unknownAccount() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack5a")
|
||||
.param("account", "Smithh"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("lessonCompleted", is(false)))
|
||||
.andExpect(jsonPath("$.feedback", is(messages.getMessage("NoResultsMatched"))))
|
||||
@ -61,7 +60,7 @@ public class SqlInjectionLesson5aTest extends LessonTest {
|
||||
public void sqlInjection() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack5a")
|
||||
.param("account", "smith' OR '1' = '1"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("lessonCompleted", is(true)))
|
||||
.andExpect(jsonPath("$.feedback", containsString("You have succeed")))
|
||||
@ -72,7 +71,7 @@ public class SqlInjectionLesson5aTest extends LessonTest {
|
||||
public void sqlInjectionWrongShouldDisplayError() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack5a")
|
||||
.param("account", "smith' OR '1' = '1'"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("lessonCompleted", is(false)))
|
||||
.andExpect(jsonPath("$.feedback", containsString(messages.getMessage("assignment.not.solved"))))
|
||||
|
||||
@ -32,7 +32,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
|
||||
public void wrongSolution() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
|
||||
.param("userid_6a", "John"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$.lessonCompleted", is(false)));
|
||||
}
|
||||
@ -41,7 +41,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
|
||||
public void wrongNumberOfColumns() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
|
||||
.param("userid_6a", "Smith' union select userid,user_name, password,cookie from user_system_data --"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$.lessonCompleted", is(false)))
|
||||
.andExpect(jsonPath("$.output", is("column number mismatch detected in rows of UNION, INTERSECT, EXCEPT, or VALUES operation")));
|
||||
@ -51,7 +51,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
|
||||
public void wrongDataTypeOfColumns() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
|
||||
.param("userid_6a", "Smith' union select 1,password, 1,'2','3', '4',1 from user_system_data --"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$.lessonCompleted", is(false)))
|
||||
.andExpect(jsonPath("$.output", containsString("incompatible data types in combination")));
|
||||
@ -61,7 +61,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
|
||||
public void correctSolution() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
|
||||
.param("userid_6a", "Smith' union select 1,password, '1','2','3', '4',1 from user_system_data --"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$.lessonCompleted", is(true)))
|
||||
.andExpect(jsonPath("$.feedback", containsString("dave")));
|
||||
@ -71,7 +71,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
|
||||
public void noResultsReturned() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
|
||||
.param("userid_6a", "Smith' and 1 = 2 --"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$.lessonCompleted", is(false)))
|
||||
.andExpect(jsonPath("$.feedback", is(messages.getMessage("sql-injection.6a.no.results"))));
|
||||
|
||||
@ -31,7 +31,7 @@ public class SqlInjectionLesson6bTest extends LessonTest {
|
||||
public void submitCorrectPassword() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b")
|
||||
.param("userid_6b", "dave"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true)));
|
||||
}
|
||||
|
||||
@ -39,7 +39,7 @@ public class SqlInjectionLesson6bTest extends LessonTest {
|
||||
public void submitWrongPassword() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b")
|
||||
.param("userid_6b", "John"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false)));
|
||||
}
|
||||
|
||||
|
||||
@ -40,7 +40,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
|
||||
public void knownAccountShouldDisplayData() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
|
||||
.param("column", "id"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@ -48,7 +48,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
|
||||
public void trueShouldSortByHostname() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
|
||||
.param("column", "(case when (true) then hostname else id end)"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(status().isOk()).andExpect(jsonPath("$[0].hostname", is("webgoat-acc")));
|
||||
}
|
||||
@ -57,7 +57,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
|
||||
public void falseShouldSortById() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
|
||||
.param("column", "(case when (true) then hostname else id end)"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(status().isOk()).andExpect(jsonPath("$[0].hostname", is("webgoat-acc")));
|
||||
}
|
||||
@ -66,7 +66,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
|
||||
public void passwordIncorrectShouldOrderByHostname() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
|
||||
.param("column", "CASE WHEN (SELECT ip FROM servers WHERE hostname='webgoat-prd') LIKE '192.%' THEN hostname ELSE id END"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk()).andExpect(jsonPath("$[0].hostname", is("webgoat-dev")));
|
||||
}
|
||||
|
||||
@ -74,7 +74,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
|
||||
public void passwordCorrectShouldOrderByHostname() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
|
||||
.param("column", "CASE WHEN (SELECT ip FROM servers WHERE hostname='webgoat-prd') LIKE '104.%' THEN hostname ELSE id END"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk()).andExpect(jsonPath("$[0].hostname", is("webgoat-acc")));
|
||||
}
|
||||
|
||||
@ -82,7 +82,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
|
||||
public void postingCorrectAnswerShouldPassTheLesson() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack12a")
|
||||
.param("ip", "104.130.219.202"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true)));
|
||||
}
|
||||
|
||||
@ -90,7 +90,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
|
||||
public void postingWrongAnswerShouldNotPassTheLesson() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack12a")
|
||||
.param("ip", "192.168.219.202"))
|
||||
.andDo(MockMvcResultHandlers.print())
|
||||
|
||||
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false)));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user