dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

progress fix for SqlInjectionMitigations

Browse Source
This commit is contained in:
Rene Zubcevic
2019-07-22 12:16:18 +02:00
parent ea38973068
commit b65644edee
6 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12aTest.java
View File

@ -38,7 +38,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
@Test
public void knownAccountShouldDisplayData() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjectionMitigations/servers")
.param("column", "id"))
.andExpect(status().isOk());
@ -46,7 +46,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
@Test
public void addressCorrectShouldOrderByHostname() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjectionMitigations/servers")
.param("column", "CASE WHEN (SELECT ip FROM servers WHERE hostname='webgoat-prd') LIKE '104.%' THEN hostname ELSE id END"))
.andExpect(status().isOk()).andExpect(jsonPath("$[0].hostname", is("webgoat-acc")));
@ -54,17 +54,17 @@ public class SqlInjectionLesson12aTest extends LessonTest {
@Test
public void addressCorrectShouldOrderByHostnameUsingSubstr() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjectionMitigations/servers")
.param("column", "case when (select ip from servers where hostname='webgoat-prd' and substr(ip,1,1) = '1') IS NOT NULL then hostname else id end"))
.andExpect(status().isOk()).andExpect(jsonPath("$[0].hostname", is("webgoat-acc")));
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjectionMitigations/servers")
.param("column", "case when (select ip from servers where hostname='webgoat-prd' and substr(ip,2,1) = '0') IS NOT NULL then hostname else id end"))
.andExpect(status().isOk()).andExpect(jsonPath("$[0].hostname", is("webgoat-acc")));
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjectionMitigations/servers")
.param("column", "case when (select ip from servers where hostname='webgoat-prd' and substr(ip,3,1) = '4') IS NOT NULL then hostname else id end"))
.andExpect(status().isOk()).andExpect(jsonPath("$[0].hostname", is("webgoat-acc")));
@ -72,7 +72,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
@Test
public void addressIncorrectShouldOrderByIdUsingSubstr() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjectionMitigations/servers")
.param("column", "case when (select ip from servers where hostname='webgoat-prd' and substr(ip,1,1) = '9') IS NOT NULL then hostname else id end"))
.andExpect(status().isOk()).andExpect(jsonPath("$[0].hostname", is("webgoat-dev")));
@ -80,7 +80,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
@Test
public void trueShouldSortByHostname() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjectionMitigations/servers")
.param("column", "(case when (true) then hostname else id end)"))
.andExpect(status().isOk())
@ -89,7 +89,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
@Test
public void falseShouldSortById() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjectionMitigations/servers")
.param("column", "(case when (true) then hostname else id end)"))
.andExpect(status().isOk())
@ -98,7 +98,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
@Test
public void addressIncorrectShouldOrderByHostname() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjection/servers")
mockMvc.perform(MockMvcRequestBuilders.get("/SqlInjectionMitigations/servers")
.param("column", "CASE WHEN (SELECT ip FROM servers WHERE hostname='webgoat-prd') LIKE '192.%' THEN hostname ELSE id END"))
.andExpect(status().isOk()).andExpect(jsonPath("$[0].hostname", is("webgoat-dev")));
@ -106,7 +106,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
@Test
public void postingCorrectAnswerShouldPassTheLesson() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack12a")
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionMitigations/attack12a")
.param("ip", "104.130.219.202"))
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true)));
@ -114,7 +114,7 @@ public class SqlInjectionLesson12aTest extends LessonTest {
@Test
public void postingWrongAnswerShouldNotPassTheLesson() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack12a")
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionMitigations/attack12a")
.param("ip", "192.168.219.202"))
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false)));