dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Test for Developer Tools

Browse Source
This commit is contained in:
Tobias-Melzer
2019-03-13 18:03:54 +01:00
committed by Nanne Baars
parent 5a11a5dae9
commit bcacf94c6f
6 changed files with 66 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5aTest.java
View File

@ -1,6 +1,5 @@
package org.owasp.webgoat.plugin.introduction;
import org.hsqldb.lib.MultiValueHashMap;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
@ -12,7 +11,6 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.CoreMatchers.is;
@ -81,7 +79,7 @@ public class SqlInjectionLesson5aTest extends LessonTest {
.andExpect(status().isOk())
.andExpect(jsonPath("lessonCompleted", is(true)))
.andExpect(jsonPath("$.feedback", containsString("You have succeed")))
.andExpect(jsonPath("$.output").doesNotExist());
.andExpect(jsonPath("$.output").exists());
}
@Test
@ -96,6 +94,7 @@ public class SqlInjectionLesson5aTest extends LessonTest {
.andExpect(status().isOk())
.andExpect(jsonPath("lessonCompleted", is(false)))
.andExpect(jsonPath("$.feedback", containsString(messages.getMessage("assignment.not.solved"))))
.andExpect(jsonPath("$.output", is("malformed string: '1''")));
.andExpect(jsonPath("$.output", is("malformed string: '1''<br> Your query was: SELECT * FROM user_data WHERE" +
" first_name = 'John' and last_name = 'Smith' OR '1' = '1''")));
}
}

10
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java
View File

@ -44,7 +44,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
.andExpect(status().isOk())
.andExpect(jsonPath("$.lessonCompleted", is(false)))
.andExpect(jsonPath("$.output", is("column number mismatch detected in rows of UNION, INTERSECT, EXCEPT, or VALUES operation")));
.andExpect(jsonPath("$.output", containsString("column number mismatch detected in rows of UNION, INTERSECT, EXCEPT, or VALUES operation")));
}
@Test
@ -60,10 +60,9 @@ public class SqlInjectionLesson6aTest extends LessonTest {
@Test
public void correctSolution() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
.param("userid_6a", "Smith' union select 1,password, '1','2','3', '4',1 from user_system_data --"))
.param("userid_6a", "Smith'; SELECT * from user_system_data; --"))
.andExpect(status().isOk())
.andExpect(jsonPath("$.lessonCompleted", is(true)))
.andExpect(jsonPath("$.lessonCompleted", is(false)))
.andExpect(jsonPath("$.feedback", containsString("passW0rD")));
}
@ -83,7 +82,6 @@ public class SqlInjectionLesson6aTest extends LessonTest {
.param("userid_6a", "S'; Select * from user_system_data; --"))
.andExpect(status().isOk())
.andExpect(jsonPath("$.lessonCompleted", is(false)))
.andExpect(jsonPath("$.output", containsString("To succesfully complete this Assignement you have to use a UNION")));
.andExpect(jsonPath("$.feedback", containsString("UNION")));
}
}