From 7add1ef73e668b916f6ec49a1d83c43451c91fd8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Zubcevic?= <rene@zubcevic.com>
Date: Fri, 15 Jul 2022 12:44:37 +0200
Subject: [PATCH] hints tested (#1295)

---
 ....java => LabelAndHintIntegrationTest.java} | 51 +++++++++++++++++--
 1 file changed, 46 insertions(+), 5 deletions(-)
 rename src/it/java/org/owasp/webgoat/{LabelAndHintTest.java => LabelAndHintIntegrationTest.java} (55%)

diff --git a/src/it/java/org/owasp/webgoat/LabelAndHintTest.java b/src/it/java/org/owasp/webgoat/LabelAndHintIntegrationTest.java
similarity index 55%
rename from src/it/java/org/owasp/webgoat/LabelAndHintTest.java
rename to src/it/java/org/owasp/webgoat/LabelAndHintIntegrationTest.java
index 0724e9475..7ddc3b79a 100644
--- a/src/it/java/org/owasp/webgoat/LabelAndHintTest.java
+++ b/src/it/java/org/owasp/webgoat/LabelAndHintIntegrationTest.java
@@ -8,10 +8,12 @@ import org.junit.jupiter.api.Test;
 
 import java.io.FileInputStream;
 import java.io.InputStream;
+import java.util.List;
 import java.util.Properties;
 
-public class LabelAndHintTest extends IntegrationTest {
+public class LabelAndHintIntegrationTest extends IntegrationTest {
 
+    final static String ESCAPE_JSON_PATH_CHAR = "\'";
 
     @Test
     public void testSingleLabel() {
@@ -24,14 +26,40 @@ public class LabelAndHintTest extends IntegrationTest {
                 .cookie("JSESSIONID", getWebGoatCookie())
                 .get(url("service/labels.mvc")).then().statusCode(200).extract().jsonPath();
 
-        Assertions.assertEquals("Try again: but this time enter a value before hitting go.", jsonPath.getString("\'http-basics.close\'"));
+        Assertions.assertEquals("Try again: but this time enter a value before hitting go.", jsonPath.getString(ESCAPE_JSON_PATH_CHAR+"http-basics.close"+ESCAPE_JSON_PATH_CHAR));
+    }
+
+    @Test
+    public void testHints() {
+        JsonPath jsonPathLabels = getLabels("en");
+        List<String> allLessons = List.of(
+                "HttpBasics",
+                "HttpProxies", "CIA", "InsecureLogin", "Cryptography", "PathTraversal",
+                "XXE", "JWT", "IDOR", "SSRF", "WebWolfIntroduction", "CrossSiteScripting", "CSRF", "HijackSession",
+                "SqlInjection", "SqlInjectionMitigations" ,"SqlInjectionAdvanced",
+                "Challenge1");
+        for (String lesson: allLessons) {
+            startLesson(lesson);
+            List<String> hintKeys = getHints();
+            for (String key : hintKeys) {
+                String keyValue = jsonPathLabels.getString(ESCAPE_JSON_PATH_CHAR + key + ESCAPE_JSON_PATH_CHAR);
+                //System.out.println("key: " + key + " ,value: " + keyValue);
+                Assertions.assertNotNull(keyValue);
+                Assertions.assertNotEquals(key, keyValue);
+            }
+        }
+        //Assertions.assertEquals("http-basics.hints.http_basics_lesson.1", ""+jsonPath.getList("hint").get(0));
     }
 
     @Test
     public void testLabels() {
 
+        JsonPath jsonPathLabels = getLabels("en");
         Properties propsDefault = getProperties("");
-        System.out.println("Working Directory = " + System.getProperty("user.dir"));
+        for (String key: propsDefault.stringPropertyNames()) {
+            String keyValue = jsonPathLabels.getString(ESCAPE_JSON_PATH_CHAR+key+ESCAPE_JSON_PATH_CHAR);
+            Assertions.assertNotNull(keyValue);
+        }
         checkLang(propsDefault,"nl");
         checkLang(propsDefault,"de");
         checkLang(propsDefault,"fr");
@@ -62,9 +90,9 @@ public class LabelAndHintTest extends IntegrationTest {
                 System.err.println("key: " + key + " in (" +lang+") is missing from default properties");
                 Assertions.fail();
             }
-            /*if (!jsonPath.getString("\'"+key+"\'").equals(propsLang.get(key))) {
+            /*if (!jsonPath.getString(ESCAPE_JSON_PATH_CHAR+key+ESCAPE_JSON_PATH_CHAR).equals(propsLang.get(key))) {
                 System.out.println("key: " + key + " in (" +lang+") has incorrect translation in label service");
-                System.out.println("actual:"+jsonPath.getString("\'"+key+"\'"));
+                System.out.println("actual:"+jsonPath.getString(ESCAPE_JSON_PATH_CHAR+key+ESCAPE_JSON_PATH_CHAR));
                 System.out.println("expected: "+propsLang.getProperty(key));
                 System.out.println();
                 //Assertions.fail();
@@ -86,4 +114,17 @@ public class LabelAndHintTest extends IntegrationTest {
                 .statusCode(200).extract().jsonPath();
     }
 
+    private List<String> getHints() {
+        JsonPath jsonPath = RestAssured.given()
+                .when()
+                .relaxedHTTPSValidation()
+                .contentType(ContentType.JSON)
+                .cookie("JSESSIONID", getWebGoatCookie())
+                .get(url("service/hint.mvc"))
+                .then()
+                //.log().all()
+                .statusCode(200).extract().jsonPath();
+        return jsonPath.getList("hint");
+    }
+
 }