refactor: move plugin messages (#1968)
This commit is contained in:
Nanne Baars
GitHub
@ -1,63 +0,0 @@
|
||||
/*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
||||
* please see http://www.owasp.org/
|
||||
* <p>
|
||||
* Copyright (c) 2002 - 2017 Bruce Mayhew
|
||||
* <p>
|
||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
||||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
* <p>
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
||||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
* <p>
|
||||
* You should have received a copy of the GNU General Public License along with this program; if
|
||||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||
* 02111-1307, USA.
|
||||
* <p>
|
||||
* Getting Source ==============
|
||||
* <p>
|
||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
|
||||
* projects.
|
||||
* <p>
|
||||
*/
|
||||
|
||||
package org.owasp.webgoat.container.assignments;
|
||||
|
||||
import java.util.Locale;
|
||||
import org.mockito.Mock;
|
||||
import org.owasp.webgoat.WithWebGoatUser;
|
||||
import org.owasp.webgoat.container.i18n.Language;
|
||||
import org.owasp.webgoat.container.i18n.Messages;
|
||||
import org.owasp.webgoat.container.i18n.PluginMessages;
|
||||
import org.owasp.webgoat.container.users.UserProgress;
|
||||
import org.owasp.webgoat.container.users.UserProgressRepository;
|
||||
import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.test.util.ReflectionTestUtils;
|
||||
import org.springframework.web.servlet.i18n.FixedLocaleResolver;
|
||||
|
||||
// Do not remove is the base class for all assignments tests
|
||||
|
||||
@WithWebGoatUser
|
||||
public class AssignmentEndpointTest {
|
||||
|
||||
@Mock protected UserProgress userTracker;
|
||||
@Mock protected UserProgressRepository userTrackerRepository;
|
||||
|
||||
private Language language =
|
||||
new Language(new FixedLocaleResolver()) {
|
||||
@Override
|
||||
public Locale getLocale() {
|
||||
return Locale.ENGLISH;
|
||||
}
|
||||
};
|
||||
protected Messages messages = new Messages(language);
|
||||
protected PluginMessages pluginMessages =
|
||||
new PluginMessages(messages, language, new ClassPathXmlApplicationContext());
|
||||
|
||||
public void init(AssignmentEndpoint a) {
|
||||
messages.setBasenames("classpath:/i18n/messages", "classpath:/i18n/WebGoatLabels");
|
||||
ReflectionTestUtils.setField(a, "messages", pluginMessages);
|
||||
}
|
||||
}
|
||||
@ -22,6 +22,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.test.context.TestPropertySource;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
|
||||
/**
|
||||
@ -57,5 +58,6 @@ public abstract class LessonTest {
|
||||
(WebGoatUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
|
||||
flywayLessons.apply(user.getUsername()).migrate();
|
||||
lessonInitializers.forEach(init -> init.initialize(user));
|
||||
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
|
||||
}
|
||||
}
|
||||
|
||||
@ -25,30 +25,13 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.authbypass;
|
||||
|
||||
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpointTest;
|
||||
import org.owasp.webgoat.container.session.LessonSession;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
public class BypassVerificationTest extends AssignmentEndpointTest {
|
||||
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@BeforeEach
|
||||
public void setup() {
|
||||
VerifyAccount verifyAccount = new VerifyAccount(new LessonSession());
|
||||
init(verifyAccount);
|
||||
this.mockMvc = standaloneSetup(verifyAccount).build();
|
||||
}
|
||||
class BypassVerificationTest extends LessonTest {
|
||||
|
||||
@Test
|
||||
public void placeHolder() {
|
||||
void placeHolder() {
|
||||
assert (true);
|
||||
}
|
||||
|
||||
|
||||
@ -23,33 +23,22 @@
|
||||
package org.owasp.webgoat.lessons.challenges;
|
||||
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
|
||||
|
||||
import java.net.InetAddress;
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpointTest;
|
||||
import org.owasp.webgoat.lessons.challenges.challenge1.Assignment1;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.owasp.webgoat.lessons.challenges.challenge1.ImageServlet;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class Assignment1Test extends AssignmentEndpointTest {
|
||||
class Assignment1Test extends LessonTest {
|
||||
|
||||
private MockMvc mockMvc;
|
||||
private Flags flags;
|
||||
@Autowired private Flags flags;
|
||||
|
||||
@BeforeEach
|
||||
void setup() {
|
||||
flags = new Flags();
|
||||
Assignment1 assignment1 = new Assignment1(flags);
|
||||
init(assignment1);
|
||||
this.mockMvc = standaloneSetup(assignment1).build();
|
||||
}
|
||||
public void setup() {}
|
||||
|
||||
@Test
|
||||
void success() throws Exception {
|
||||
|
||||
@ -27,44 +27,28 @@ import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
|
||||
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpointTest;
|
||||
import org.owasp.webgoat.lessons.challenges.Flags;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.test.mock.mockito.MockBean;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.ResultActions;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
public class Assignment7Test extends AssignmentEndpointTest {
|
||||
private MockMvc mockMvc;
|
||||
|
||||
class Assignment7Test extends LessonTest {
|
||||
private static final String CHALLENGE_PATH = "/challenge/7";
|
||||
private static final String RESET_PASSWORD_PATH = CHALLENGE_PATH + "/reset-password";
|
||||
private static final String GIT_PATH = CHALLENGE_PATH + "/.git";
|
||||
|
||||
@Mock private RestTemplate restTemplate;
|
||||
@MockBean private RestTemplate restTemplate;
|
||||
|
||||
@Value("${webwolf.mail.url}")
|
||||
String webWolfMailURL;
|
||||
|
||||
@BeforeEach
|
||||
void setup() {
|
||||
Assignment7 assignment7 = new Assignment7(new Flags(), restTemplate, webWolfMailURL);
|
||||
init(assignment7);
|
||||
mockMvc = standaloneSetup(assignment7).build();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("Reset password test")
|
||||
void resetPasswordTest() throws Exception {
|
||||
|
||||
@ -6,9 +6,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
import org.hamcrest.Matchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
|
||||
@ -16,7 +14,6 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
* @author Benedikt Stuhrmann
|
||||
* @since 13/03/19.
|
||||
*/
|
||||
@ExtendWith(SpringExtension.class)
|
||||
public class ChromeDevToolsTest extends LessonTest {
|
||||
|
||||
@BeforeEach
|
||||
|
||||
@ -5,26 +5,19 @@ import static org.hamcrest.CoreMatchers.is;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.MvcResult;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
|
||||
/**
|
||||
* @author Benedikt Stuhrmann
|
||||
* @since 13/03/19.
|
||||
*/
|
||||
public class CIAQuizTest extends LessonTest {
|
||||
|
||||
@BeforeEach
|
||||
public void setup() {
|
||||
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
|
||||
}
|
||||
class CIAQuizTest extends LessonTest {
|
||||
|
||||
@Test
|
||||
public void allAnswersCorrectIsSuccess() throws Exception {
|
||||
void allAnswersCorrectIsSuccess() throws Exception {
|
||||
String[] solution0 = {"Solution 3"};
|
||||
String[] solution1 = {"Solution 1"};
|
||||
String[] solution2 = {"Solution 4"};
|
||||
@ -42,7 +35,7 @@ public class CIAQuizTest extends LessonTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void oneAnswerWrongIsFailure() throws Exception {
|
||||
void oneAnswerWrongIsFailure() throws Exception {
|
||||
String[] solution0 = {"Solution 1"};
|
||||
String[] solution1 = {"Solution 1"};
|
||||
String[] solution2 = {"Solution 4"};
|
||||
@ -60,7 +53,7 @@ public class CIAQuizTest extends LessonTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void twoAnswersWrongIsFailure() throws Exception {
|
||||
void twoAnswersWrongIsFailure() throws Exception {
|
||||
String[] solution0 = {"Solution 1"};
|
||||
String[] solution1 = {"Solution 1"};
|
||||
String[] solution2 = {"Solution 4"};
|
||||
@ -78,7 +71,7 @@ public class CIAQuizTest extends LessonTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void threeAnswersWrongIsFailure() throws Exception {
|
||||
void threeAnswersWrongIsFailure() throws Exception {
|
||||
String[] solution0 = {"Solution 1"};
|
||||
String[] solution1 = {"Solution 1"};
|
||||
String[] solution2 = {"Solution 1"};
|
||||
@ -96,7 +89,7 @@ public class CIAQuizTest extends LessonTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void allAnswersWrongIsFailure() throws Exception {
|
||||
void allAnswersWrongIsFailure() throws Exception {
|
||||
String[] solution0 = {"Solution 2"};
|
||||
String[] solution1 = {"Solution 1"};
|
||||
String[] solution2 = {"Solution 3"};
|
||||
@ -114,7 +107,7 @@ public class CIAQuizTest extends LessonTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void allAnswersCorrectGetResultsReturnsTrueTrueTrueTrue() throws Exception {
|
||||
void allAnswersCorrectGetResultsReturnsTrueTrueTrueTrue() throws Exception {
|
||||
String[] solution0 = {"Solution 3"};
|
||||
String[] solution1 = {"Solution 1"};
|
||||
String[] solution2 = {"Solution 4"};
|
||||
@ -138,7 +131,7 @@ public class CIAQuizTest extends LessonTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void firstAnswerFalseGetResultsReturnsFalseTrueTrueTrue() throws Exception {
|
||||
void firstAnswerFalseGetResultsReturnsFalseTrueTrueTrue() throws Exception {
|
||||
String[] solution0 = {"Solution 2"};
|
||||
String[] solution1 = {"Solution 1"};
|
||||
String[] solution2 = {"Solution 4"};
|
||||
@ -162,7 +155,7 @@ public class CIAQuizTest extends LessonTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void secondAnswerFalseGetResultsReturnsTrueFalseTrueTrue() throws Exception {
|
||||
void secondAnswerFalseGetResultsReturnsTrueFalseTrueTrue() throws Exception {
|
||||
String[] solution0 = {"Solution 3"};
|
||||
String[] solution1 = {"Solution 2"};
|
||||
String[] solution2 = {"Solution 4"};
|
||||
@ -186,7 +179,7 @@ public class CIAQuizTest extends LessonTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void allAnswersFalseGetResultsReturnsFalseFalseFalseFalse() throws Exception {
|
||||
void allAnswersFalseGetResultsReturnsFalseFalseFalseFalse() throws Exception {
|
||||
String[] solution0 = {"Solution 1"};
|
||||
String[] solution1 = {"Solution 2"};
|
||||
String[] solution2 = {"Solution 1"};
|
||||
|
||||
@ -30,9 +30,7 @@ import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standal
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
@ -40,7 +38,6 @@ import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
* @author nbaars
|
||||
* @since 5/2/17.
|
||||
*/
|
||||
@ExtendWith(SpringExtension.class)
|
||||
public class ShopEndpointTest extends LessonTest {
|
||||
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@ -3,32 +3,17 @@ package org.owasp.webgoat.lessons.deserialization;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
|
||||
|
||||
import org.dummy.insecure.framework.VulnerableTaskHolder;
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpointTest;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class DeserializeTest extends AssignmentEndpointTest {
|
||||
|
||||
private MockMvc mockMvc;
|
||||
class DeserializeTest extends LessonTest {
|
||||
|
||||
private static String OS = System.getProperty("os.name").toLowerCase();
|
||||
|
||||
@BeforeEach
|
||||
void setup() {
|
||||
InsecureDeserializationTask insecureTask = new InsecureDeserializationTask();
|
||||
init(insecureTask);
|
||||
this.mockMvc = standaloneSetup(insecureTask).build();
|
||||
}
|
||||
|
||||
@Test
|
||||
void success() throws Exception {
|
||||
if (OS.indexOf("win") > -1) {
|
||||
@ -75,8 +60,7 @@ class DeserializeTest extends AssignmentEndpointTest {
|
||||
.andExpect(
|
||||
jsonPath(
|
||||
"$.feedback",
|
||||
CoreMatchers.is(
|
||||
pluginMessages.getMessage("insecure-deserialization.invalidversion"))))
|
||||
CoreMatchers.is(messages.getMessage("insecure-deserialization.invalidversion"))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", is(false)));
|
||||
}
|
||||
|
||||
@ -90,7 +74,7 @@ class DeserializeTest extends AssignmentEndpointTest {
|
||||
.andExpect(
|
||||
jsonPath(
|
||||
"$.feedback",
|
||||
CoreMatchers.is(pluginMessages.getMessage("insecure-deserialization.expired"))))
|
||||
CoreMatchers.is(messages.getMessage("insecure-deserialization.expired"))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", is(false)));
|
||||
}
|
||||
|
||||
@ -104,8 +88,7 @@ class DeserializeTest extends AssignmentEndpointTest {
|
||||
.andExpect(
|
||||
jsonPath(
|
||||
"$.feedback",
|
||||
CoreMatchers.is(
|
||||
pluginMessages.getMessage("insecure-deserialization.stringobject"))))
|
||||
CoreMatchers.is(messages.getMessage("insecure-deserialization.stringobject"))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", is(false)));
|
||||
}
|
||||
}
|
||||
|
||||
@ -28,20 +28,14 @@ import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.lenient;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.cookie;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
|
||||
|
||||
import jakarta.servlet.http.Cookie;
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpointTest;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.owasp.webgoat.lessons.hijacksession.cas.Authentication;
|
||||
import org.owasp.webgoat.lessons.hijacksession.cas.HijackSessionAuthenticationProvider;
|
||||
import org.springframework.test.util.ReflectionTestUtils;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.boot.test.mock.mockito.MockBean;
|
||||
import org.springframework.test.web.servlet.ResultActions;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
@ -50,27 +44,14 @@ import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
* @author Angel Olle Blazquez
|
||||
*
|
||||
*/
|
||||
class HijackSessionAssignmentTest extends LessonTest {
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class HijackSessionAssignmentTest extends AssignmentEndpointTest {
|
||||
|
||||
private MockMvc mockMvc;
|
||||
private static final String COOKIE_NAME = "hijack_cookie";
|
||||
private static final String LOGIN_CONTEXT_PATH = "/HijackSession/login";
|
||||
|
||||
@Mock Authentication authenticationMock;
|
||||
@MockBean Authentication authenticationMock;
|
||||
|
||||
@Mock HijackSessionAuthenticationProvider providerMock;
|
||||
|
||||
HijackSessionAssignment assignment;
|
||||
|
||||
@BeforeEach
|
||||
void setup() {
|
||||
assignment = new HijackSessionAssignment();
|
||||
init(assignment);
|
||||
ReflectionTestUtils.setField(assignment, "provider", new HijackSessionAuthenticationProvider());
|
||||
mockMvc = standaloneSetup(assignment).build();
|
||||
}
|
||||
@MockBean HijackSessionAuthenticationProvider providerMock;
|
||||
|
||||
@Test
|
||||
void testValidCookie() throws Exception {
|
||||
@ -78,7 +59,6 @@ class HijackSessionAssignmentTest extends AssignmentEndpointTest {
|
||||
lenient()
|
||||
.when(providerMock.authenticate(any(Authentication.class)))
|
||||
.thenReturn(authenticationMock);
|
||||
ReflectionTestUtils.setField(assignment, "provider", providerMock);
|
||||
|
||||
Cookie cookie = new Cookie(COOKIE_NAME, "value");
|
||||
|
||||
@ -94,6 +74,10 @@ class HijackSessionAssignmentTest extends AssignmentEndpointTest {
|
||||
|
||||
@Test
|
||||
void testBlankCookie() throws Exception {
|
||||
lenient().when(authenticationMock.isAuthenticated()).thenReturn(false);
|
||||
lenient()
|
||||
.when(providerMock.authenticate(any(Authentication.class)))
|
||||
.thenReturn(authenticationMock);
|
||||
ResultActions result =
|
||||
mockMvc.perform(
|
||||
MockMvcRequestBuilders.post(LOGIN_CONTEXT_PATH)
|
||||
|
||||
@ -24,31 +24,19 @@ package org.owasp.webgoat.lessons.httpproxies;
|
||||
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
|
||||
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpointTest;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
public class HttpBasicsInterceptRequestTest extends AssignmentEndpointTest {
|
||||
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@BeforeEach
|
||||
public void setup() {
|
||||
HttpBasicsInterceptRequest httpBasicsInterceptRequest = new HttpBasicsInterceptRequest();
|
||||
init(httpBasicsInterceptRequest);
|
||||
this.mockMvc = standaloneSetup(httpBasicsInterceptRequest).build();
|
||||
}
|
||||
public class HttpBasicsInterceptRequestTest extends LessonTest {
|
||||
|
||||
@Test
|
||||
public void success() throws Exception {
|
||||
void success() throws Exception {
|
||||
mockMvc
|
||||
.perform(
|
||||
MockMvcRequestBuilders.get("/HttpProxies/intercept-request")
|
||||
@ -58,12 +46,12 @@ public class HttpBasicsInterceptRequestTest extends AssignmentEndpointTest {
|
||||
.andExpect(
|
||||
jsonPath(
|
||||
"$.feedback",
|
||||
CoreMatchers.is(pluginMessages.getMessage("http-proxies.intercept.success"))))
|
||||
CoreMatchers.is(messages.getMessage("http-proxies.intercept.success"))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(true)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void failure() throws Exception {
|
||||
void failure() throws Exception {
|
||||
mockMvc
|
||||
.perform(
|
||||
MockMvcRequestBuilders.get("/HttpProxies/intercept-request")
|
||||
@ -73,12 +61,12 @@ public class HttpBasicsInterceptRequestTest extends AssignmentEndpointTest {
|
||||
.andExpect(
|
||||
jsonPath(
|
||||
"$.feedback",
|
||||
CoreMatchers.is(pluginMessages.getMessage("http-proxies.intercept.failure"))))
|
||||
CoreMatchers.is(messages.getMessage("http-proxies.intercept.failure"))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void missingParam() throws Exception {
|
||||
void missingParam() throws Exception {
|
||||
mockMvc
|
||||
.perform(
|
||||
MockMvcRequestBuilders.get("/HttpProxies/intercept-request")
|
||||
@ -87,12 +75,12 @@ public class HttpBasicsInterceptRequestTest extends AssignmentEndpointTest {
|
||||
.andExpect(
|
||||
jsonPath(
|
||||
"$.feedback",
|
||||
CoreMatchers.is(pluginMessages.getMessage("http-proxies.intercept.failure"))))
|
||||
CoreMatchers.is(messages.getMessage("http-proxies.intercept.failure"))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void missingHeader() throws Exception {
|
||||
void missingHeader() throws Exception {
|
||||
mockMvc
|
||||
.perform(
|
||||
MockMvcRequestBuilders.get("/HttpProxies/intercept-request")
|
||||
@ -101,12 +89,12 @@ public class HttpBasicsInterceptRequestTest extends AssignmentEndpointTest {
|
||||
.andExpect(
|
||||
jsonPath(
|
||||
"$.feedback",
|
||||
CoreMatchers.is(pluginMessages.getMessage("http-proxies.intercept.failure"))))
|
||||
CoreMatchers.is(messages.getMessage("http-proxies.intercept.failure"))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void whenPostAssignmentShouldNotPass() throws Exception {
|
||||
void whenPostAssignmentShouldNotPass() throws Exception {
|
||||
mockMvc
|
||||
.perform(
|
||||
MockMvcRequestBuilders.post("/HttpProxies/intercept-request")
|
||||
@ -116,7 +104,7 @@ public class HttpBasicsInterceptRequestTest extends AssignmentEndpointTest {
|
||||
.andExpect(
|
||||
jsonPath(
|
||||
"$.feedback",
|
||||
CoreMatchers.is(pluginMessages.getMessage("http-proxies.intercept.failure"))))
|
||||
CoreMatchers.is(messages.getMessage("http-proxies.intercept.failure"))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
|
||||
}
|
||||
}
|
||||
|
||||
@ -65,7 +65,6 @@ public class JWTRefreshEndpointTest extends LessonTest {
|
||||
.andReturn();
|
||||
Map<String, String> tokens =
|
||||
objectMapper.readValue(result.getResponse().getContentAsString(), Map.class);
|
||||
String accessToken = tokens.get("access_token");
|
||||
String refreshToken = tokens.get("refresh_token");
|
||||
|
||||
// Now create a new refresh token for Tom based on Toms old access token and send the refresh
|
||||
|
||||
@ -23,31 +23,16 @@
|
||||
package org.owasp.webgoat.lessons.missingac;
|
||||
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
|
||||
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpointTest;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
public class MissingFunctionACHiddenMenusTest extends AssignmentEndpointTest {
|
||||
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@BeforeEach
|
||||
public void setup() {
|
||||
MissingFunctionACHiddenMenus hiddenMenus = new MissingFunctionACHiddenMenus();
|
||||
init(hiddenMenus);
|
||||
this.mockMvc = standaloneSetup(hiddenMenus).build();
|
||||
}
|
||||
class MissingFunctionACHiddenMenusTest extends LessonTest {
|
||||
|
||||
@Test
|
||||
public void HiddenMenusSuccess() throws Exception {
|
||||
void HiddenMenusSuccess() throws Exception {
|
||||
mockMvc
|
||||
.perform(
|
||||
MockMvcRequestBuilders.post("/access-control/hidden-menu")
|
||||
@ -56,12 +41,12 @@ public class MissingFunctionACHiddenMenusTest extends AssignmentEndpointTest {
|
||||
.andExpect(
|
||||
jsonPath(
|
||||
"$.feedback",
|
||||
CoreMatchers.is(pluginMessages.getMessage("access-control.hidden-menus.success"))))
|
||||
CoreMatchers.is(messages.getMessage("access-control.hidden-menus.success"))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(true)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void HiddenMenusClose() throws Exception {
|
||||
void HiddenMenusClose() throws Exception {
|
||||
mockMvc
|
||||
.perform(
|
||||
MockMvcRequestBuilders.post("/access-control/hidden-menu")
|
||||
@ -70,12 +55,12 @@ public class MissingFunctionACHiddenMenusTest extends AssignmentEndpointTest {
|
||||
.andExpect(
|
||||
jsonPath(
|
||||
"$.feedback",
|
||||
CoreMatchers.is(pluginMessages.getMessage("access-control.hidden-menus.close"))))
|
||||
CoreMatchers.is(messages.getMessage("access-control.hidden-menus.close"))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void HiddenMenusFailure() throws Exception {
|
||||
void HiddenMenusFailure() throws Exception {
|
||||
mockMvc
|
||||
.perform(
|
||||
MockMvcRequestBuilders.post("/access-control/hidden-menu")
|
||||
@ -84,7 +69,7 @@ public class MissingFunctionACHiddenMenusTest extends AssignmentEndpointTest {
|
||||
.andExpect(
|
||||
jsonPath(
|
||||
"$.feedback",
|
||||
CoreMatchers.is(pluginMessages.getMessage("access-control.hidden-menus.failure"))))
|
||||
CoreMatchers.is(messages.getMessage("access-control.hidden-menus.failure"))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
|
||||
}
|
||||
}
|
||||
|
||||
@ -7,18 +7,15 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
import org.assertj.core.api.Assertions;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.core.io.ResourceLoader;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
import org.springframework.test.web.servlet.MvcResult;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
|
||||
@ExtendWith(SpringExtension.class)
|
||||
class ResetLinkAssignmentTest extends LessonTest {
|
||||
|
||||
@Value("${webwolf.host}")
|
||||
|
||||
@ -6,15 +6,12 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
|
||||
@ExtendWith(SpringExtension.class)
|
||||
public class SecurityQuestionAssignmentTest extends LessonTest {
|
||||
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@ -28,22 +28,17 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.cookie;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
|
||||
|
||||
import jakarta.servlet.http.Cookie;
|
||||
import java.util.stream.Stream;
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.junit.jupiter.params.ParameterizedTest;
|
||||
import org.junit.jupiter.params.provider.Arguments;
|
||||
import org.junit.jupiter.params.provider.MethodSource;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpointTest;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.ResultActions;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
@ -53,21 +48,12 @@ import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
*
|
||||
*/
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class SpoofCookieAssignmentTest extends AssignmentEndpointTest {
|
||||
class SpoofCookieAssignmentTest extends LessonTest {
|
||||
|
||||
private MockMvc mockMvc;
|
||||
private static final String COOKIE_NAME = "spoof_auth";
|
||||
private static final String LOGIN_CONTEXT_PATH = "/SpoofCookie/login";
|
||||
private static final String ERASE_COOKIE_CONTEXT_PATH = "/SpoofCookie/cleanup";
|
||||
|
||||
@BeforeEach
|
||||
void setup() {
|
||||
SpoofCookieAssignment spoofCookieAssignment = new SpoofCookieAssignment();
|
||||
init(spoofCookieAssignment);
|
||||
mockMvc = standaloneSetup(spoofCookieAssignment).build();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("Lesson completed")
|
||||
void success() throws Exception {
|
||||
|
||||
@ -1,35 +0,0 @@
|
||||
/*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 2019 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
||||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
||||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with this program; if
|
||||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||
* 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
|
||||
*/
|
||||
|
||||
package org.owasp.webgoat.lessons.sqlinjection;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
|
||||
public class SqlLessonTest extends LessonTest {
|
||||
|
||||
@BeforeEach
|
||||
public void setup() {
|
||||
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
|
||||
}
|
||||
}
|
||||
@ -27,14 +27,14 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.lessons.sqlinjection.SqlLessonTest;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
/**
|
||||
* @author Benedikt Stuhrmann
|
||||
* @since 11/07/18.
|
||||
*/
|
||||
public class SqlInjectionLesson10Test extends SqlLessonTest {
|
||||
public class SqlInjectionLesson10Test extends LessonTest {
|
||||
|
||||
private String completedError = "JSON path \"lessonCompleted\"";
|
||||
|
||||
|
||||
@ -27,10 +27,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.lessons.sqlinjection.SqlLessonTest;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
public class SqlInjectionLesson2Test extends SqlLessonTest {
|
||||
public class SqlInjectionLesson2Test extends LessonTest {
|
||||
|
||||
@Test
|
||||
public void solution() throws Exception {
|
||||
|
||||
@ -30,11 +30,11 @@ import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.container.LessonDataSource;
|
||||
import org.owasp.webgoat.lessons.sqlinjection.SqlLessonTest;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
public class SqlInjectionLesson5Test extends SqlLessonTest {
|
||||
public class SqlInjectionLesson5Test extends LessonTest {
|
||||
|
||||
@Autowired private LessonDataSource dataSource;
|
||||
|
||||
|
||||
@ -29,10 +29,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
|
||||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.lessons.sqlinjection.SqlLessonTest;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
public class SqlInjectionLesson5aTest extends SqlLessonTest {
|
||||
public class SqlInjectionLesson5aTest extends LessonTest {
|
||||
|
||||
@Test
|
||||
public void knownAccountShouldDisplayData() throws Exception {
|
||||
|
||||
@ -28,10 +28,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.lessons.sqlinjection.SqlLessonTest;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
public class SqlInjectionLesson6aTest extends SqlLessonTest {
|
||||
public class SqlInjectionLesson6aTest extends LessonTest {
|
||||
|
||||
@Test
|
||||
public void wrongSolution() throws Exception {
|
||||
|
||||
@ -27,10 +27,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.lessons.sqlinjection.SqlLessonTest;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
public class SqlInjectionLesson6bTest extends SqlLessonTest {
|
||||
public class SqlInjectionLesson6bTest extends LessonTest {
|
||||
|
||||
@Test
|
||||
public void submitCorrectPassword() throws Exception {
|
||||
|
||||
@ -28,14 +28,14 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.lessons.sqlinjection.SqlLessonTest;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
/**
|
||||
* @author Benedikt Stuhrmann
|
||||
* @since 11/07/18.
|
||||
*/
|
||||
public class SqlInjectionLesson8Test extends SqlLessonTest {
|
||||
public class SqlInjectionLesson8Test extends LessonTest {
|
||||
|
||||
@Test
|
||||
public void oneAccount() throws Exception {
|
||||
|
||||
@ -28,14 +28,14 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.lessons.sqlinjection.SqlLessonTest;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
/**
|
||||
* @author Benedikt Stuhrmann
|
||||
* @since 11/07/18.
|
||||
*/
|
||||
public class SqlInjectionLesson9Test extends SqlLessonTest {
|
||||
public class SqlInjectionLesson9Test extends LessonTest {
|
||||
|
||||
private final String completedError = "JSON path \"lessonCompleted\"";
|
||||
|
||||
|
||||
@ -5,14 +5,14 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.lessons.sqlinjection.SqlLessonTest;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
/**
|
||||
* @author nbaars
|
||||
* @since 5/21/17.
|
||||
*/
|
||||
public class SqlInjectionLesson13Test extends SqlLessonTest {
|
||||
public class SqlInjectionLesson13Test extends LessonTest {
|
||||
|
||||
@Test
|
||||
public void knownAccountShouldDisplayData() throws Exception {
|
||||
|
||||
@ -6,10 +6,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.lessons.sqlinjection.SqlLessonTest;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
public class SqlOnlyInputValidationOnKeywordsTest extends SqlLessonTest {
|
||||
public class SqlOnlyInputValidationOnKeywordsTest extends LessonTest {
|
||||
|
||||
@Test
|
||||
public void solve() throws Exception {
|
||||
@ -40,6 +40,6 @@ public class SqlOnlyInputValidationOnKeywordsTest extends SqlLessonTest {
|
||||
containsString(
|
||||
"unexpected token: *<br> Your query was: SELECT * FROM user_data WHERE"
|
||||
+ " last_name ="
|
||||
+ " 'SMITH';\\\\\\/**\\\\\\/*\\\\\\/**\\\\\\/\\\\\\/**\\\\\\/USER_SYSTEM_DATA;--'")));
|
||||
+ " 'SMITH';\\/**\\/*\\/**\\/\\/**\\/USER_SYSTEM_DATA;--'")));
|
||||
}
|
||||
}
|
||||
|
||||
@ -6,10 +6,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.lessons.sqlinjection.SqlLessonTest;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
public class SqlOnlyInputValidationTest extends SqlLessonTest {
|
||||
public class SqlOnlyInputValidationTest extends LessonTest {
|
||||
|
||||
@Test
|
||||
public void solve() throws Exception {
|
||||
|
||||
@ -6,9 +6,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
|
||||
@ -16,7 +14,6 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
* @author afry
|
||||
* @since 12/28/18.
|
||||
*/
|
||||
@ExtendWith(SpringExtension.class)
|
||||
public class SSRFTest1 extends LessonTest {
|
||||
|
||||
@BeforeEach
|
||||
|
||||
@ -28,9 +28,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
|
||||
@ -38,7 +36,6 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
* @author afry
|
||||
* @since 12/28/18.
|
||||
*/
|
||||
@ExtendWith(SpringExtension.class)
|
||||
public class SSRFTest2 extends LessonTest {
|
||||
|
||||
@BeforeEach
|
||||
|
||||
@ -25,35 +25,19 @@ package org.owasp.webgoat.lessons.xss;
|
||||
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
|
||||
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpointTest;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
/**
|
||||
* @author Angel Olle Blazquez
|
||||
*/
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class CrossSiteScriptingLesson1Test extends AssignmentEndpointTest {
|
||||
class CrossSiteScriptingLesson1Test extends LessonTest {
|
||||
|
||||
private static final String CONTEXT_PATH = "/CrossSiteScripting/attack1";
|
||||
|
||||
@Autowired private MockMvc mockMvc;
|
||||
|
||||
@BeforeEach
|
||||
public void setup() {
|
||||
CrossSiteScriptingLesson1 crossSiteScriptingLesson1 = new CrossSiteScriptingLesson1();
|
||||
init(crossSiteScriptingLesson1);
|
||||
mockMvc = standaloneSetup(crossSiteScriptingLesson1).build();
|
||||
}
|
||||
|
||||
@Test
|
||||
void success() throws Exception {
|
||||
mockMvc
|
||||
|
||||
@ -24,33 +24,16 @@ package org.owasp.webgoat.lessons.xss;
|
||||
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
|
||||
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpointTest;
|
||||
import org.owasp.webgoat.container.session.LessonSession;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
public class DOMCrossSiteScriptingTest extends AssignmentEndpointTest {
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@BeforeEach
|
||||
public void setup() {
|
||||
LessonSession lessonSession = new LessonSession();
|
||||
DOMCrossSiteScripting domXss = new DOMCrossSiteScripting(lessonSession);
|
||||
init(domXss);
|
||||
this.mockMvc = standaloneSetup(domXss).build();
|
||||
CrossSiteScripting xss = new CrossSiteScripting();
|
||||
}
|
||||
public class DOMCrossSiteScriptingTest extends LessonTest {
|
||||
|
||||
@Test
|
||||
public void success() throws Exception {
|
||||
void success() throws Exception {
|
||||
mockMvc
|
||||
.perform(
|
||||
MockMvcRequestBuilders.post("/CrossSiteScripting/phone-home-xss")
|
||||
@ -62,7 +45,7 @@ public class DOMCrossSiteScriptingTest extends AssignmentEndpointTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void failure() throws Exception {
|
||||
void failure() throws Exception {
|
||||
mockMvc
|
||||
.perform(
|
||||
MockMvcRequestBuilders.post("/CrossSiteScripting/phone-home-xss")
|
||||
|
||||
@ -24,32 +24,16 @@ package org.owasp.webgoat.lessons.xss;
|
||||
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
|
||||
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpointTest;
|
||||
import org.owasp.webgoat.lessons.xss.stored.StoredXssComments;
|
||||
import org.owasp.webgoat.container.plugins.LessonTest;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.MvcResult;
|
||||
import org.springframework.test.web.servlet.ResultActions;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class StoredXssCommentsTest extends AssignmentEndpointTest {
|
||||
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@BeforeEach
|
||||
void setup() {
|
||||
StoredXssComments storedXssComments = new StoredXssComments();
|
||||
init(storedXssComments);
|
||||
this.mockMvc = standaloneSetup(storedXssComments).build();
|
||||
}
|
||||
class StoredXssCommentsTest extends LessonTest {
|
||||
|
||||
@Test
|
||||
void success() throws Exception {
|
||||
|
||||
Reference in New Issue
Block a user