dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added testcase for SQL lesson 6b

Browse Source
This commit is contained in:
Nanne Baars 2017-06-16 00:33:02 +02:00
parent e808abd504
commit bf210de013
3 changed files with 84 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6b.java
View File

@ -10,7 +10,6 @@ import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException; import java.io.IOException;
import java.sql.Connection; import java.sql.Connection;
import java.sql.ResultSet; import java.sql.ResultSet;
@ -18,7 +17,6 @@ import java.sql.SQLException;
import java.sql.Statement; import java.sql.Statement;
/*************************************************************************************************** /***************************************************************************************************
* *
* *
@ -53,7 +51,8 @@ import java.sql.Statement;
public class SqlInjectionLesson6b extends AssignmentEndpoint { public class SqlInjectionLesson6b extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST) @RequestMapping(method = RequestMethod.POST)
public @ResponseBody AttackResult completed(@RequestParam String userid_6b, HttpServletRequest request) throws IOException { @ResponseBody
public AttackResult completed(@RequestParam String userid_6b) throws IOException {
if (userid_6b.toString().equals(getPassword())) { if (userid_6b.toString().equals(getPassword())) {
return trackProgress(success().build()); return trackProgress(success().build());
} else { } else {
@ -61,32 +60,26 @@ public class SqlInjectionLesson6b extends AssignmentEndpoint {
} }
} }
protected String getPassword() protected String getPassword() {
{
String password = "dave"; String password = "dave";
try try {
{
Connection connection = DatabaseUtilities.getConnection(getWebSession()); Connection connection = DatabaseUtilities.getConnection(getWebSession());
String query = "SELECT password FROM user_system_data WHERE user_name = 'dave'"; String query = "SELECT password FROM user_system_data WHERE user_name = 'dave'";
try try {
{
Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY); ResultSet.CONCUR_READ_ONLY);
ResultSet results = statement.executeQuery(query); ResultSet results = statement.executeQuery(query);
if ((results != null) && (results.first() == true)) if ((results != null) && (results.first() == true)) {
{
password = results.getString("password"); password = results.getString("password");
} }
} catch (SQLException sqle) } catch (SQLException sqle) {
{
sqle.printStackTrace(); sqle.printStackTrace();
// do nothing // do nothing
} }
} catch (Exception e) } catch (Exception e) {
{
e.printStackTrace(); e.printStackTrace();
// do nothing // do nothing
} }

10
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java
View File

@ -34,7 +34,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
.param("userid_6a", "John")) .param("userid_6a", "John"))
.andDo(MockMvcResultHandlers.print()) .andDo(MockMvcResultHandlers.print())
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false))); .andExpect(jsonPath("$.lessonCompleted", is(false)));
} }
@Test @Test
@ -43,7 +43,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
.param("userid_6a", "Smith' union select userid,user_name, password,cookie from user_system_data --")) .param("userid_6a", "Smith' union select userid,user_name, password,cookie from user_system_data --"))
.andDo(MockMvcResultHandlers.print()) .andDo(MockMvcResultHandlers.print())
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false))) .andExpect(jsonPath("$.lessonCompleted", is(false)))
.andExpect(jsonPath("$.output", is("column number mismatch detected in rows of UNION, INTERSECT, EXCEPT, or VALUES operation"))); .andExpect(jsonPath("$.output", is("column number mismatch detected in rows of UNION, INTERSECT, EXCEPT, or VALUES operation")));
} }
@ -53,7 +53,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
.param("userid_6a", "Smith' union select 1,password, 1,'2','3', '4',1 from user_system_data --")) .param("userid_6a", "Smith' union select 1,password, 1,'2','3', '4',1 from user_system_data --"))
.andDo(MockMvcResultHandlers.print()) .andDo(MockMvcResultHandlers.print())
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false))) .andExpect(jsonPath("$.lessonCompleted", is(false)))
.andExpect(jsonPath("$.output", containsString("incompatible data types in combination"))); .andExpect(jsonPath("$.output", containsString("incompatible data types in combination")));
} }
@ -63,7 +63,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
.param("userid_6a", "Smith' union select 1,password, '1','2','3', '4',1 from user_system_data --")) .param("userid_6a", "Smith' union select 1,password, '1','2','3', '4',1 from user_system_data --"))
.andDo(MockMvcResultHandlers.print()) .andDo(MockMvcResultHandlers.print())
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true))) .andExpect(jsonPath("$.lessonCompleted", is(true)))
.andExpect(jsonPath("$.feedback", containsString("dave"))); .andExpect(jsonPath("$.feedback", containsString("dave")));
} }
@ -73,7 +73,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
.param("userid_6a", "Smith' and 1 = 2 --")) .param("userid_6a", "Smith' and 1 = 2 --"))
.andDo(MockMvcResultHandlers.print()) .andDo(MockMvcResultHandlers.print())
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false))) .andExpect(jsonPath("$.lessonCompleted", is(false)))
.andExpect(jsonPath("$.feedback", is(messages.getMessage("sql-injection.6a.no.results")))); .andExpect(jsonPath("$.feedback", is(messages.getMessage("sql-injection.6a.no.results"))));
} }

46
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6bTest.java Normal file
View File

@ -0,0 +1,46 @@
package org.owasp.webgoat.plugin.introduction;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import static org.hamcrest.Matchers.is;
import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
/**a
* @author nbaars
* @since 6/16/17.
*/
@RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson6bTest extends LessonTest {
@Before
public void setup() throws Exception {
when(webSession.getCurrentLesson()).thenReturn(new SqlInjection());
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
@Test
public void submitCorrectPassword() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b")
.param("userid_6b", "dave"))
.andDo(MockMvcResultHandlers.print())
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true)));
}
@Test
public void submitWrongPassword() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b")
.param("userid_6b", "John"))
.andDo(MockMvcResultHandlers.print())
.andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false)));
}
}