diff --git a/pom.xml b/pom.xml
index b65e76daa..ff44f4d85 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@
org.springframework.boot
spring-boot-starter-parent
- 2.2.2.RELEASE
+ 2.4.0
@@ -127,7 +127,6 @@
3.4
2.6
18.0
- 4.12
1.18.4
3.8.0
2.22.0
@@ -148,6 +147,10 @@
+
+ org.springframework.boot
+ spring-boot-starter-validation
+
org.projectlombok
lombok
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java
index b5166fb5d..e96fba6b7 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java
@@ -3,7 +3,7 @@ package org.owasp.webgoat;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import org.hamcrest.CoreMatchers;
-import org.junit.Assert;
+import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.Test;
import java.util.HashMap;
@@ -38,7 +38,7 @@ public class GeneralLessonTest extends IntegrationTest {
@Test
public void httpProxies() {
startLesson("HttpProxies");
- Assert.assertThat(RestAssured.given()
+ MatcherAssert.assertThat(RestAssured.given()
.when().relaxedHTTPSValidation().cookie("JSESSIONID", getWebGoatCookie()).header("x-request-intercepted", "true")
.contentType(ContentType.JSON)
.get(url("HttpProxies/intercept-request?changeMe=Requests are tampered easily"))
@@ -114,7 +114,7 @@ public class GeneralLessonTest extends IntegrationTest {
checkResults("/auth-bypass/");
startLesson("HttpProxies");
- Assert.assertThat(RestAssured.given().when().relaxedHTTPSValidation().cookie("JSESSIONID", getWebGoatCookie()).header("x-request-intercepted", "true")
+ MatcherAssert.assertThat(RestAssured.given().when().relaxedHTTPSValidation().cookie("JSESSIONID", getWebGoatCookie()).header("x-request-intercepted", "true")
.contentType(ContentType.JSON)
.get(url("/WebGoat/HttpProxies/intercept-request?changeMe=Requests are tampered easily")).then()
.statusCode(200).extract().path("lessonCompleted"), CoreMatchers.is(true));
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IDORTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IDORTest.java
index f702a2879..817233b64 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IDORTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IDORTest.java
@@ -9,7 +9,7 @@ import java.util.HashMap;
import java.util.Map;
import org.hamcrest.CoreMatchers;
-import org.junit.Assert;
+import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DynamicTest;
@@ -53,7 +53,7 @@ public class IDORTest extends IntegrationTest {
}
private void profile() {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -70,7 +70,7 @@ public class IDORTest extends IntegrationTest {
params.put("url", "WebGoat/IDOR/profile/2342384");
checkAssignment(url("/WebGoat/IDOR/profile/alt-path"), params, true);
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -80,7 +80,7 @@ public class IDORTest extends IntegrationTest {
.statusCode(200)
.extract().path("lessonCompleted"), CoreMatchers.is(true));
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java
index 18c8c1ce4..3e054b9c2 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java
@@ -4,10 +4,7 @@ import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import lombok.Getter;
import org.hamcrest.CoreMatchers;
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.BeforeClass;
+import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
@@ -49,7 +46,6 @@ public abstract class IntegrationTest {
private static boolean started = false;
- @BeforeClass
@BeforeAll
public static void beforeAll() {
if (WG_SSL) {
@@ -91,7 +87,6 @@ public abstract class IntegrationTest {
return WEBWOLF_URL + url;
}
- @Before
@BeforeEach
public void login() {
@@ -143,7 +138,6 @@ public abstract class IntegrationTest {
.cookie("WEBWOLFSESSION");
}
- @After
@AfterEach
public void logout() {
RestAssured.given()
@@ -193,7 +187,7 @@ public abstract class IntegrationTest {
* @param expectedResult
*/
public void checkAssignment(String url, Map params, boolean expectedResult) {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -215,7 +209,7 @@ public abstract class IntegrationTest {
* @param expectedResult
*/
public void checkAssignmentWithPUT(String url, Map params, boolean expectedResult) {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -231,7 +225,7 @@ public abstract class IntegrationTest {
public void checkResults(String prefix) {
checkResults();
- Assert.assertThat(RestAssured.given()
+ MatcherAssert.assertThat(RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
@@ -242,7 +236,7 @@ public abstract class IntegrationTest {
}
public void checkResults() {
- Assert.assertThat(RestAssured.given()
+ MatcherAssert.assertThat(RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
@@ -252,7 +246,7 @@ public abstract class IntegrationTest {
}
public void checkAssignment(String url, ContentType contentType, String body, boolean expectedResult) {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -266,7 +260,7 @@ public abstract class IntegrationTest {
}
public void checkAssignmentWithGet(String url, Map params, boolean expectedResult) {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java
index 9611a2f41..b4b422014 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java
@@ -12,7 +12,7 @@ import java.util.HashMap;
import java.util.Map;
import org.hamcrest.CoreMatchers;
-import org.junit.Assert;
+import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.Test;
import org.owasp.webgoat.jwt.JWTSecretKeyEndpoint;
@@ -86,7 +86,7 @@ public class JWTLessonTest extends IntegrationTest {
String secret = getSecretToken(accessToken);
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -126,7 +126,7 @@ public class JWTLessonTest extends IntegrationTest {
.concat(new String(Base64.getUrlEncoder().encode(bodyObject.toString().getBytes())).toString())
.concat(".").replace("=", "");
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -154,7 +154,7 @@ public class JWTLessonTest extends IntegrationTest {
.concat(new String(Base64.getUrlEncoder().encode(body.getBytes())).toString())
.concat(".").replace("=", "");
- Assert.assertThat(RestAssured.given()
+ MatcherAssert.assertThat(RestAssured.given()
.when().relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
.header("Authorization","Bearer "+replacedToken)
@@ -180,7 +180,7 @@ public class JWTLessonTest extends IntegrationTest {
.claim("Role", new String[] {"Manager", "Project Administrator"})
.signWith(SignatureAlgorithm.HS256, "deletingTom").compact();
- Assert.assertThat(RestAssured.given()
+ MatcherAssert.assertThat(RestAssured.given()
.when().relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
.post(url("/WebGoat/JWT/final/delete?token="+token))
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java
index 7bf4bf5f8..fa924e43b 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java
@@ -10,7 +10,7 @@ import java.util.Arrays;
import java.util.Map;
import org.hamcrest.CoreMatchers;
-import org.junit.Assert;
+import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DynamicTest;
@@ -49,7 +49,7 @@ public class PathTraversalTest extends IntegrationTest {
}
public void assignment1() throws IOException {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -63,7 +63,7 @@ public class PathTraversalTest extends IntegrationTest {
}
public void assignment2() throws IOException {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -77,7 +77,7 @@ public class PathTraversalTest extends IntegrationTest {
}
public void assignment3() throws IOException {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java
index d3139f173..8bc13f64b 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java
@@ -59,7 +59,7 @@ public class SqlInjectionMitigationTest extends IntegrationTest {
.get(url("/WebGoat/SqlInjectionMitigations/servers?column=unknown"))
.then()
.statusCode(500)
- .body("message", containsString("select id, hostname, ip, mac, status, description from servers where status <> 'out of order' order by"));
+ .body("trace", containsString("select id, hostname, ip, mac, status, description from servers where status <> 'out of order' order by"));
params.clear();
params.put("ip", "104.130.219.202");
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java
index 2712f1baf..6ffbf736a 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java
@@ -1,6 +1,6 @@
package org.owasp.webgoat;
-import static org.junit.Assert.assertTrue;
+import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.IOException;
import java.util.HashMap;
diff --git a/webwolf/pom.xml b/webwolf/pom.xml
index ba65fb4d2..c5d66f19a 100644
--- a/webwolf/pom.xml
+++ b/webwolf/pom.xml
@@ -10,6 +10,10 @@
+
+ org.springframework.boot
+ spring-boot-starter-validation
+
com.fasterxml.jackson.datatype
jackson-datatype-jsr310
diff --git a/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxControllerTest.java b/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxControllerTest.java
index 3b3a85308..a1600b094 100644
--- a/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxControllerTest.java
+++ b/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxControllerTest.java
@@ -22,12 +22,20 @@
package org.owasp.webwolf.mailbox;
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.collect.Lists;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.not;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.view;
+
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mockito;
import org.owasp.webwolf.user.UserService;
import org.springframework.beans.factory.annotation.Autowired;
@@ -36,19 +44,14 @@ import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.http.MediaType;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.test.context.ActiveProfiles;
-import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.test.web.servlet.MockMvc;
-import java.time.LocalDateTime;
-import java.time.format.DateTimeFormatter;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.common.collect.Lists;
-import static org.hamcrest.CoreMatchers.containsString;
-import static org.hamcrest.CoreMatchers.not;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
-
-@RunWith(SpringRunner.class)
+@ExtendWith(SpringExtension.class)
@WebMvcTest(MailboxController.class)
@ActiveProfiles({"test", "webwolf"})
public class MailboxControllerTest {
@@ -66,7 +69,7 @@ public class MailboxControllerTest {
public static class EmailMixIn {
}
- @Before
+ @BeforeEach
public void setup() {
objectMapper.addMixIn(Email.class, EmailMixIn.class);
}
diff --git a/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxRepositoryTest.java b/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxRepositoryTest.java
index 46525ee38..3a32dbb44 100644
--- a/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxRepositoryTest.java
+++ b/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxRepositoryTest.java
@@ -22,20 +22,19 @@
package org.owasp.webwolf.mailbox;
-import org.hamcrest.CoreMatchers;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
-import org.springframework.test.context.junit4.SpringRunner;
+import static org.junit.jupiter.api.Assertions.assertEquals;
import java.time.LocalDateTime;
import java.util.List;
-import static org.junit.Assert.*;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
@DataJpaTest
-@RunWith(SpringRunner.class)
+@ExtendWith(SpringExtension.class)
public class MailboxRepositoryTest {
@@ -65,7 +64,7 @@ public class MailboxRepositoryTest {
List emails = mailboxRepository.findByRecipientOrderByTimeDesc("someone@webwolf.org");
- assertThat(emails.size(), CoreMatchers.is(1));
+ assertEquals(emails.size(), 1);
}
}
diff --git a/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java b/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java
index 4a365150a..3e7b65458 100644
--- a/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java
+++ b/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java
@@ -22,18 +22,21 @@
package org.owasp.webwolf.user;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
import org.assertj.core.api.Assertions;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
+import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import static org.mockito.Mockito.*;
-
-@RunWith(MockitoJUnitRunner.class)
+@ExtendWith(MockitoExtension.class)
public class UserServiceTest {
@Mock
@@ -55,12 +58,13 @@ public class UserServiceTest {
Assertions.assertThat(password).isEqualTo(webGoatUser.getPassword());
}
- @Test(expected = UsernameNotFoundException.class)
+ @Test
public void testLoadUserByUsername_NULL(){
var username = "guest";
+
when(mockUserRepository.findByUsername(username)).thenReturn(null);
- sut.loadUserByUsername(username);
+ assertThrows(UsernameNotFoundException.class, ()->sut.loadUserByUsername(username));
}
@Test
diff --git a/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java b/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java
index 44e6e9470..62ed987fa 100644
--- a/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java
+++ b/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java
@@ -22,21 +22,17 @@
package org.owasp.webwolf.user;
-import org.assertj.core.api.Assertions;
-import org.junit.Assert;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.InjectMocks;
-import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.validation.BindException;
-
-import static junit.framework.TestCase.assertTrue;
-import static org.junit.Assert.assertFalse;
import static org.mockito.Mockito.when;
-@RunWith(MockitoJUnitRunner.class)
+import org.assertj.core.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.validation.BindException;
+
+@ExtendWith(MockitoExtension.class)
public class UserValidatorTest {
@Mock