dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

additional tests, one fix

Browse Source
This commit is contained in:
Jason White 2017-08-08 23:56:43 -06:00
parent 476ab415a4
commit 8f740ace73
3 changed files with 56 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/HiddenMenuItems.java → webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/MissingFunctionACHiddenMenus.java
View File

@ -27,7 +27,7 @@ import java.util.Map;
@AssignmentPath("/access-control/hidden-menu") @AssignmentPath("/access-control/hidden-menu")
@AssignmentHints({"access-control.hidden-menus.hint1","access-control.hidden-menus.hint2","access-control.hidden-menus.hint3"}) @AssignmentHints({"access-control.hidden-menus.hint1","access-control.hidden-menus.hint2","access-control.hidden-menus.hint3"})
public class HiddenMenuItems extends AssignmentEndpoint { public class MissingFunctionACHiddenMenus extends AssignmentEndpoint {
//UserSessionData is bound to session and can be used to persist data across multiple assignments //UserSessionData is bound to session and can be used to persist data across multiple assignments
@Autowired @Autowired
UserSessionData userSessionData; UserSessionData userSessionData;
@ -46,7 +46,7 @@ public class HiddenMenuItems extends AssignmentEndpoint {
} }
if (hiddenMenu1.equals("Config") && hiddenMenu2.equals("Users")) { if (hiddenMenu1.equals("Config") && hiddenMenu2.equals("Users")) {
return trackProgress(success() return trackProgress(failed()
.output("") .output("")
.feedback("access-control.hidden-menus.close") .feedback("access-control.hidden-menus.close")
.build()); .build());

2
webgoat-lessons/missing-function-ac/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -1,6 +1,6 @@
missing-function-access-control.title=Missing Function Level Access Control missing-function-access-control.title=Missing Function Level Access Control
access-control.hidden-menus.success=Correct! And not hard to find are they?!? For the next lab, note that the endpoints are at /WebGoat/access-control/list-users and /WebGoat/access-control/add-user access-control.hidden-menus.success=Correct! And not hard to find are they?!? One of these urls will be helpful in the next lab.
access-control.hidden-menus.close=Close. Remember that when hacking ... details such as order,case and the like matter. access-control.hidden-menus.close=Close. Remember that when hacking ... details such as order,case and the like matter.
access-control.hidden-menus.failure=Please try again. access-control.hidden-menus.failure=Please try again.

53
webgoat-lessons/missing-function-ac/src/test/org/owasp/webgoat/plugin/MissingFunctionACHiddenMenusTest.java Normal file
View File

@ -0,0 +1,53 @@
package org.owasp.webgoat.plugin;
import org.hamcrest.CoreMatchers;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.runners.MockitoJUnitRunner;
import org.owasp.webgoat.assignments.AssignmentEndpointTest;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
@RunWith(MockitoJUnitRunner.class)
public class MissingFunctionACHiddenMenusTest extends AssignmentEndpointTest {
private MockMvc mockMvc;
@Before
public void setup() {
MissingFunctionACHiddenMenus hiddenMenus = new MissingFunctionACHiddenMenus();
init(hiddenMenus);
this.mockMvc = standaloneSetup(hiddenMenus).build();
}
@Test
public void HiddenMenusSuccess() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/access-control/hidden-menu")
.param("hiddenMenu1", "Users")
.param("hiddenMenu2", "Config"))
.andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("access-control.hidden-menus.success"))))
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(true)));
}
@Test
public void HiddenMenusClose() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/access-control/hidden-menu")
.param("hiddenMenu1", "Config")
.param("hiddenMenu2", "Users"))
.andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("access-control.hidden-menus.close"))))
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
}
@Test
public void HiddenMenusFailure() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/access-control/hidden-menu")
.param("hiddenMenu1", "Foo")
.param("hiddenMenu2", "Bar"))
.andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("access-control.hidden-menus.failure"))))
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
}
}