final tests and fixed the issue of getting the name of the loggedinuser

2019-10-14 21:14:18 +02:00 · 2019-10-14 21:14:18 +02:00 · 6dc679e7b8
commit 6dc679e7b8
parent 00873cfe3f
2 changed files with 82 additions and 4 deletions
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java
@ -34,6 +34,14 @@ public class CSRFTest extends IntegrationTest {
 			"<input type=\"submit\" value=\"assignment 7\"/>\n" + 
 			"</form></body></html>";
 	
+	private static final String trickHTML8 = "<!DOCTYPE html><html><body><form action=\"WEBGOATURL\" method=\"POST\">\n" + 
+			"<input type=\"hidden\" name=\"username\" value=\"csrf-USERNAME\"/>\n" + 
+			"<input type=\"hidden\" name=\"password\" value=\"password\"/>\n" + 
+			"<input type=\"hidden\" name=\"matchingPassword\" value=\"password\"/>\n" + 
+			"<input type=\"hidden\" name=\"agree\" value=\"agree\"/>\n" + 
+			"<input type=\"submit\" value=\"assignment 8\"/>\n" + 
+			"</form></body></html>";
+	
    private String webwolfFileDir;
 	
 	
@ -55,7 +63,12 @@ public class CSRFTest extends IntegrationTest {
        uploadTrickHtml("csrf7.html", trickHTML7.replace("WEBGOATURL", url("/csrf/feedback/message")));
        checkAssignment7(callTrickHtml("csrf7.html"));
        
-        //checkResults("/csrf");
+        //Assignment 8
+        uploadTrickHtml("csrf8.html", trickHTML8.replace("WEBGOATURL", url("/login")).replace("USERNAME", getWebgoatUser()));
+        checkAssignment8(callTrickHtml("csrf8.html"));
+        
+        login();//because old cookie got replaced and invalidated
+        checkResults("csrf");
        
    }
    
@ -156,4 +169,68 @@ public class CSRFTest extends IntegrationTest {
        	
    }
    
+    private void checkAssignment8(String goatURL) {
+    	
+    	//first make sure there is an attack csrf- user
+    	registerCSRFUser();
+    	
+    	Map<String, Object> params = new HashMap<>();
+        params.clear();
+        params.put("username", "csrf-"+getWebgoatUser());
+        params.put("password","password");
+        	
+        //login and get the new cookie
+    	String newCookie = RestAssured.given()
+            	.when()
+            	.relaxedHTTPSValidation()
+            	.cookie("JSESSIONID", getWebGoatCookie())
+            	.header("Referer", webWolfUrl("/files/fake.html"))
+            	.params(params)
+            	.log().all()
+            	.post(goatURL)            	
+            	.then().log().all()
+            	.extract().cookie("JSESSIONID");
+  
+    	//select the lesson
+    	RestAssured.given()
+        	.when()
+        	.relaxedHTTPSValidation()
+        	.cookie("JSESSIONID", newCookie)
+        	.get(url("CSRF.lesson.lesson"))
+        	.then()
+        	.statusCode(200);
+    	
+    	//click on the assignment
+    	boolean result = RestAssured.given()
+            	.when()
+            	.relaxedHTTPSValidation()
+            	.cookie("JSESSIONID", newCookie)
+            	.log().all()
+            	.post(url("/csrf/login"))            	
+            	.then()
+            	.log().all()
+            	.statusCode(200)
+            	.extract().path("lessonCompleted");
+    	
+    	//vaidate the result
+    	assertEquals(true, result);
+        	
+    }
+    
+    /**
+     * Try to register the new user. Ignore the result.
+     */
+    public void registerCSRFUser() {
+    	
+       RestAssured.given()
+                    .when()
+                    .relaxedHTTPSValidation()
+                    .formParam("username", "csrf-"+getWebgoatUser())
+                    .formParam("password", "password")
+                    .formParam("matchingPassword", "password")
+                    .formParam("agree", "agree")
+                    .post(url("register.mvc"));
+        
+    }
+    
 }
--- a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFLogin.java
+++ b/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFLogin.java
@ -22,9 +22,10 @@

 package org.owasp.webgoat.csrf;

+import javax.servlet.http.HttpServletRequest;
+
 import org.owasp.webgoat.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.assignments.AssignmentHints;
-import org.owasp.webgoat.assignments.AssignmentPath;
 import org.owasp.webgoat.assignments.AttackResult;
 import org.owasp.webgoat.users.UserTracker;
 import org.owasp.webgoat.users.UserTrackerRepository;
@ -46,8 +47,8 @@ public class CSRFLogin extends AssignmentEndpoint {

    @PostMapping(path = "/csrf/login", produces = {"application/json"})
    @ResponseBody
-    public AttackResult completed() {
-        String userName = getWebSession().getUserName();
+    public AttackResult completed(HttpServletRequest request) {
+        String userName = request.getUserPrincipal().getName();
        if (userName.startsWith("csrf")) {
            markAssignmentSolvedWithRealUser(userName.substring("csrf-".length()));
            return trackProgress(success().feedback("csrf-login-success").build());