dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added testcase for RoleBasedAccessControl

Browse Source
This commit is contained in:
Nanne Baars 2016-09-22 17:46:13 +02:00
parent a0f1bc16ce
commit 5d69467c6f
2 changed files with 131 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
webgoat-container/pom.xml
View File

@ -211,6 +211,28 @@
</excludes> </excludes>
</configuration> </configuration>
</plugin> </plugin>
<plugin>
<groupId>com.github.webdriverextensions</groupId>
<artifactId>webdriverextensions-maven-plugin</artifactId>
<version>3.0.2</version>
<executions>
<execution>
<goals>
<goal>install-drivers</goal>
</goals>
</execution>
</executions>
<configuration>
<drivers>
<driver>
<name>chromedriver</name>
<platform>windows</platform>
<bit>64</bit>
</driver>
</drivers>
<keepDownloadedWebdrivers>true</keepDownloadedWebdrivers>
</configuration>
</plugin>
</plugins> </plugins>
</build> </build>
@ -470,6 +492,11 @@
<version>${sauce_junit.version}</version> <version>${sauce_junit.version}</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency>
<groupId>com.github.webdriverextensions</groupId>
<artifactId>webdriverextensions</artifactId>
<version>2.8.0</version>
</dependency>
<!-- ************* END: Dependencies for Unit and Integration Testing ************** --> <!-- ************* END: Dependencies for Unit and Integration Testing ************** -->
<!-- ************* END: <dependencies> ************** --> <!-- ************* END: <dependencies> ************** -->
</dependencies> </dependencies>

104
webgoat-container/src/test/java/org/owasp/webgoat/plugins/WebGoatIT.java
View File

@ -29,6 +29,7 @@ import java.net.URL;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import static com.github.webdriverextensions.WebDriverExtensionsContext.getDriver;
import static java.util.concurrent.TimeUnit.SECONDS; import static java.util.concurrent.TimeUnit.SECONDS;
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
@ -327,6 +328,109 @@ public class WebGoatIT implements SauceOnDemandSessionIdProvider {
}); });
} }
@Test
public void testRoleBasedAccessConrol() throws IOException {
doLoginWebgoatUser();
getWebDriver().get(baseWebGoatUrl + "/start.mvc#attack/160587164/200");
getWebDriver().get(baseWebGoatUrl + "/service/restartlesson.mvc");
getWebDriver().get(baseWebGoatUrl + "/start.mvc#attack/160587164/200");
FluentWait<WebDriver> wait = new WebDriverWait(getDriver(), 15); // wait for a maximum of 15 seconds
wait.until(ExpectedConditions.textToBePresentInElementLocated(By.id("lesson-title"), "LAB: Role Based Access Control"));
wait = new FluentWait(getDriver())
.withTimeout(10, SECONDS)
.pollingEvery(2, SECONDS)
.ignoring(NoSuchElementException.class)
.ignoring(StaleElementReferenceException.class);
WebElement user = wait.until(ExpectedConditions.presenceOfElementLocated(By.name("employee_id")));
user.click();
user.sendKeys("T");
WebElement resource = getDriver().findElement(By.name("password"));
resource.click();
resource.sendKeys("tom");
WebElement submit = getDriver().findElement(By.name("action"));
submit.click();
wait = new FluentWait(getDriver())
.withTimeout(10, SECONDS)
.pollingEvery(2, SECONDS)
.ignoring(NoSuchElementException.class);
wait.until(new Predicate<WebDriver>() {
public boolean apply(WebDriver webDriver) {
return webDriver.getPageSource().contains("Welcome Back");
}
});
JavascriptExecutor javascript = (JavascriptExecutor) getDriver();
String value = "document.getElementsByName('action')[0].value='DeleteProfile';";
javascript.executeScript(value);
WebElement viewProfile = getDriver().findElements(By.name("action")).get(0);
viewProfile.click();
wait = new FluentWait(getDriver())
.withTimeout(40, SECONDS)
.pollingEvery(2, SECONDS)
.ignoring(NoSuchElementException.class);
wait.until(new Predicate<WebDriver>() {
public boolean apply(WebDriver webDriver) {
return webDriver.getPageSource().contains("Stage 2");
}
});
//
// Stage 3
//
getDriver().get(baseWebGoatUrl + "/start.mvc#attack/160587164/200/3");
user = wait.until(ExpectedConditions.presenceOfElementLocated(By.name("employee_id")));
user.click();
user.sendKeys("T");
resource = getDriver().findElement(By.name("password"));
resource.click();
resource.sendKeys("tom");
submit = getDriver().findElement(By.name("action"));
submit.click();
wait = new FluentWait(getDriver())
.withTimeout(10, SECONDS)
.pollingEvery(2, SECONDS)
.ignoring(NoSuchElementException.class);
wait.until(new Predicate<WebDriver>() {
public boolean apply(WebDriver webDriver) {
return webDriver.getPageSource().contains("Welcome Back");
}
});
javascript = (JavascriptExecutor) getDriver();
value = "var select = document.getElementsByName('employee_id')[0]; select.options[0].value='106'; ";
javascript.executeScript(value);
viewProfile = getDriver().findElements(By.name("action")).get(0);
viewProfile.click();
wait = new FluentWait(getDriver())
.withTimeout(10, SECONDS)
.pollingEvery(2, SECONDS)
.ignoring(NoSuchElementException.class);
wait.until(new Predicate<WebDriver>() {
public boolean apply(WebDriver webDriver) {
return webDriver.getPageSource().contains("You have completed Stage 3");
}
});
}
@Test @Test
public void testFailOpenAuthenticationScheme() throws IOException { public void testFailOpenAuthenticationScheme() throws IOException {
doLoginWebgoatUser(); doLoginWebgoatUser();