dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#846: add extra test to verify whether the solution is solved for the original user as well

Browse Source
This commit is contained in:
Nanne Baars 2020-10-23 14:06:14 +02:00 committed by Nanne Baars
parent 37e9359c9e
commit 753a2db958
2 changed files with 201 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java
View File

@ -1,8 +1,15 @@
package org.owasp.webgoat; package org.owasp.webgoat;
import static org.junit.jupiter.api.Assertions.assertEquals; import io.restassured.RestAssured;
import static org.junit.jupiter.api.DynamicTest.dynamicTest; import io.restassured.http.ContentType;
import lombok.Data;
import lombok.SneakyThrows;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DynamicTest;
import org.junit.jupiter.api.TestFactory;
import org.owasp.webgoat.lessons.Assignment;
import java.io.IOException; import java.io.IOException;
import java.nio.file.Files; import java.nio.file.Files;
@ -12,14 +19,9 @@ import java.util.Arrays;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import org.junit.jupiter.api.AfterEach; import static org.assertj.core.api.Assertions.assertThat;
import org.junit.jupiter.api.BeforeEach; import static org.junit.jupiter.api.Assertions.assertEquals;
import org.junit.jupiter.api.DynamicTest; import static org.junit.jupiter.api.DynamicTest.dynamicTest;
import org.junit.jupiter.api.TestFactory;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import lombok.SneakyThrows;
public class CSRFTest extends IntegrationTest { public class CSRFTest extends IntegrationTest {
@ -217,9 +219,28 @@ public class CSRFTest extends IntegrationTest {
.statusCode(200) .statusCode(200)
.extract().path("lessonCompleted"); .extract().path("lessonCompleted");
//vaidate the result assertThat(result).isTrue();
assertEquals(true, result);
login();
startLesson("CSRF", false);
Overview[] assignments = RestAssured.given()
.cookie("JSESSIONID", getWebGoatCookie())
.get(url("/service/lessonoverview.mvc"))
.then()
.extract()
.jsonPath()
.getObject("$", Overview[].class);
assertThat(assignments)
.filteredOn(a -> a.getAssignment().getName().equals("CSRFLogin"))
.extracting(o -> o.solved)
.containsExactly(true);
}
@Data
private static class Overview {
Assignment assignment;
boolean solved;
} }
/** /**

7
webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFLogin.java
View File

@ -42,8 +42,11 @@ import org.springframework.web.bind.annotation.RestController;
@AssignmentHints({"csrf-login-hint1", "csrf-login-hint2", "csrf-login-hint3"}) @AssignmentHints({"csrf-login-hint1", "csrf-login-hint2", "csrf-login-hint3"})
public class CSRFLogin extends AssignmentEndpoint { public class CSRFLogin extends AssignmentEndpoint {
@Autowired private final UserTrackerRepository userTrackerRepository;
private UserTrackerRepository userTrackerRepository;
public CSRFLogin(UserTrackerRepository userTrackerRepository) {
this.userTrackerRepository = userTrackerRepository;
}
@PostMapping(path = "/csrf/login", produces = {"application/json"}) @PostMapping(path = "/csrf/login", produces = {"application/json"})
@ResponseBody @ResponseBody