dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed sql adv 5 progress and added prove in integration test

Browse Source
This commit is contained in:
René Zubcevic
2019-08-22 13:48:48 +02:00
committed by Nanne Baars
parent c93563da3f
commit 924a53c22a
4 changed files with 43 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
webgoat-server/src/test/java/org/owasp/webgoat/SqlInjectionAdvanced_TestHelper.java
View File

@ -10,6 +10,18 @@ public class SqlInjectionAdvanced_TestHelper extends TestHelper {
startLesson(cookie, webgoatURL, "SqlInjectionAdvanced");
Map<String, Object> params = new HashMap<>();
params.clear();
params.put("username_reg", "tom' AND substring(password,1,1)='t");
params.put("password_reg", "password");
params.put("email_reg", "someone@microsoft.com");
params.put("confirm_password", "password");
checkAssignmentWithPUT(cookie, webgoatURL+"/WebGoat/SqlInjectionAdvanced/challenge", params, true);
params.clear();
params.put("username_login", "tom");
params.put("password_login", "thisisasecretfortomonly");
checkAssignment(cookie, webgoatURL+"/WebGoat/SqlInjectionAdvanced/challenge_Login", params, true);
params.clear();
params.put("userid_6a", "'; SELECT * FROM user_system_data;--");
checkAssignment(cookie, webgoatURL+"/WebGoat/SqlInjectionAdvanced/attack6a", params, true);
@ -30,7 +42,7 @@ public class SqlInjectionAdvanced_TestHelper extends TestHelper {
params.put("question_4_solution", "Solution 4: The database registers 'Robert' ); DROP TABLE Students;--'.");
checkAssignment(cookie, webgoatURL+"/WebGoat/SqlInjectionAdvanced/quiz", params, true);
//checkResults(cookie, webgoatURL, "/SqlInjectionAdvanced/");
checkResults(cookie, webgoatURL, "/SqlInjectionAdvanced/");
}
}

23
webgoat-server/src/test/java/org/owasp/webgoat/TestHelper.java
View File

@ -64,6 +64,29 @@ public class TestHelper {
.extract().path("lessonCompleted"), is(expectedResult));
}
/**
* Helper method for most common type of test.
* PUT with parameters.
* Checks for 200 and lessonCompleted as indicated by expectedResult
* @param webgoatCookie
* @param url
* @param params
* @param expectedResult
*/
public void checkAssignmentWithPUT(String webgoatCookie, String url, Map<String, ?> params, boolean expectedResult) {
assertThat(
given()
.when()
.config(restConfig)
.cookie("JSESSIONID", webgoatCookie)
.formParams(params)
.put(url)
.then()
//.log().all()
.statusCode(200)
.extract().path("lessonCompleted"), is(expectedResult));
}
/**
* Helper method at the end of a lesson.
* Check if all path paramters are correct for the progress.