Added Test for Developer Tools
This commit is contained in:
committed by
Nanne Baars
parent
5a11a5dae9
commit
bcacf94c6f
@ -1,6 +1,5 @@
|
||||
package org.owasp.webgoat.plugin.introduction;
|
||||
|
||||
import org.hsqldb.lib.MultiValueHashMap;
|
||||
import org.junit.Before;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
@ -12,7 +11,6 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
import org.springframework.util.LinkedMultiValueMap;
|
||||
import org.springframework.util.MultiValueMap;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.containsString;
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
@ -81,7 +79,7 @@ public class SqlInjectionLesson5aTest extends LessonTest {
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("lessonCompleted", is(true)))
|
||||
.andExpect(jsonPath("$.feedback", containsString("You have succeed")))
|
||||
.andExpect(jsonPath("$.output").doesNotExist());
|
||||
.andExpect(jsonPath("$.output").exists());
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -96,6 +94,7 @@ public class SqlInjectionLesson5aTest extends LessonTest {
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("lessonCompleted", is(false)))
|
||||
.andExpect(jsonPath("$.feedback", containsString(messages.getMessage("assignment.not.solved"))))
|
||||
.andExpect(jsonPath("$.output", is("malformed string: '1''")));
|
||||
.andExpect(jsonPath("$.output", is("malformed string: '1''<br> Your query was: SELECT * FROM user_data WHERE" +
|
||||
" first_name = 'John' and last_name = 'Smith' OR '1' = '1''")));
|
||||
}
|
||||
}
|
@ -44,7 +44,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
|
||||
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$.lessonCompleted", is(false)))
|
||||
.andExpect(jsonPath("$.output", is("column number mismatch detected in rows of UNION, INTERSECT, EXCEPT, or VALUES operation")));
|
||||
.andExpect(jsonPath("$.output", containsString("column number mismatch detected in rows of UNION, INTERSECT, EXCEPT, or VALUES operation")));
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -60,10 +60,9 @@ public class SqlInjectionLesson6aTest extends LessonTest {
|
||||
@Test
|
||||
public void correctSolution() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
|
||||
.param("userid_6a", "Smith' union select 1,password, '1','2','3', '4',1 from user_system_data --"))
|
||||
|
||||
.param("userid_6a", "Smith'; SELECT * from user_system_data; --"))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$.lessonCompleted", is(true)))
|
||||
.andExpect(jsonPath("$.lessonCompleted", is(false)))
|
||||
.andExpect(jsonPath("$.feedback", containsString("passW0rD")));
|
||||
}
|
||||
|
||||
@ -83,7 +82,6 @@ public class SqlInjectionLesson6aTest extends LessonTest {
|
||||
.param("userid_6a", "S'; Select * from user_system_data; --"))
|
||||
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$.lessonCompleted", is(false)))
|
||||
.andExpect(jsonPath("$.output", containsString("To succesfully complete this Assignement you have to use a UNION")));
|
||||
.andExpect(jsonPath("$.feedback", containsString("UNION")));
|
||||
}
|
||||
}
|
Reference in New Issue
Block a user