migrate to JUnit 5 code

webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java

@@ -1,18 +1,25 @@
 package org.owasp.webgoat;
 
-import static org.junit.Assert.assertEquals;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.DynamicTest.dynamicTest;
 
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
 
-import org.junit.Test;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DynamicTest;
+import org.junit.jupiter.api.TestFactory;
 
 import io.restassured.RestAssured;
 import io.restassured.http.ContentType;
+import lombok.SneakyThrows;
 
 public class CSRFTest extends IntegrationTest {
 	
@@ -44,32 +51,33 @@ public class CSRFTest extends IntegrationTest {
 	
     private String webwolfFileDir;
 	
-	
+    @BeforeEach
-    @Test
+    @SneakyThrows
-    public void runTests() throws IOException {
+    public void init() {
     	startLesson("CSRF");        
-        
         webwolfFileDir = getWebWolfServerPath();
-        
-        //Assignment 3
         uploadTrickHtml("csrf3.html", trickHTML3.replace("WEBGOATURL", url("/csrf/basic-get-flag")));
-        checkAssignment3(callTrickHtml("csrf3.html"));
-        
-        //Assignment 4
         uploadTrickHtml("csrf4.html", trickHTML4.replace("WEBGOATURL", url("/csrf/review")));
-        checkAssignment4(callTrickHtml("csrf4.html"));
-        
-        //Assignment 7
         uploadTrickHtml("csrf7.html", trickHTML7.replace("WEBGOATURL", url("/csrf/feedback/message")));
-        checkAssignment7(callTrickHtml("csrf7.html"));
-        
-        //Assignment 8
         uploadTrickHtml("csrf8.html", trickHTML8.replace("WEBGOATURL", url("/login")).replace("USERNAME", getWebgoatUser()));
-        checkAssignment8(callTrickHtml("csrf8.html"));
+    }
 
+    @TestFactory
+    Iterable<DynamicTest> testCSRFLesson() {
+    	return Arrays.asList(
+    			dynamicTest("assignement 3",()-> checkAssignment3(callTrickHtml("csrf3.html"))),
+    			dynamicTest("assignement 4",()-> checkAssignment4(callTrickHtml("csrf4.html"))),
+    			dynamicTest("assignement 7",()-> checkAssignment7(callTrickHtml("csrf7.html"))),
+    			dynamicTest("assignement 8",()-> checkAssignment8(callTrickHtml("csrf8.html")))
+    			);
+    }
+	
+    @AfterEach
+    public void shutdown() throws IOException {        
+    	//logout();
         login();//because old cookie got replaced and invalidated
-        checkResults("csrf");
+        startLesson("CSRF", false);
-        
+        checkResults("/csrf");        
     }
     
     private void uploadTrickHtml(String htmlName, String htmlContent) throws IOException {
@@ -217,7 +225,7 @@ public class CSRFTest extends IntegrationTest {
     /**
      * Try to register the new user. Ignore the result.
      */
-    public void registerCSRFUser() {
+    private void registerCSRFUser() {
     	
        RestAssured.given()
                     .when()

webgoat-integration-tests/src/test/java/org/owasp/webgoat/CryptoTest.java

@@ -1,6 +1,6 @@
 package org.owasp.webgoat;
 
-import static org.junit.Assert.fail;
+import static org.junit.jupiter.api.Assertions.fail;
 
 import java.nio.charset.Charset;
 import java.security.NoSuchAlgorithmException;
@@ -13,7 +13,7 @@ import java.util.Map;
 
 import javax.xml.bind.DatatypeConverter;
 
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 import org.owasp.webgoat.crypto.CryptoUtil;
 import org.owasp.webgoat.crypto.HashingAssignment;
 

webgoat-integration-tests/src/test/java/org/owasp/webgoat/DeserializationTest.java

@@ -5,7 +5,7 @@ import java.util.HashMap;
 import java.util.Map;
 
 import org.dummy.insecure.framework.VulnerableTaskHolder;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 import org.owasp.webgoat.deserialization.SerializationHelper;
 
 public class DeserializationTest extends IntegrationTest {

webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java

@@ -4,7 +4,7 @@ import io.restassured.RestAssured;
 import io.restassured.http.ContentType;
 import org.hamcrest.CoreMatchers;
 import org.junit.Assert;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 
 import java.util.HashMap;
 import java.util.Map;

webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java

@@ -8,6 +8,9 @@ import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.BeforeClass;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
 import org.owasp.webwolf.WebWolf;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 
@@ -47,6 +50,7 @@ public abstract class IntegrationTest {
     private static boolean started = false;
 
     @BeforeClass
+    @BeforeAll
     public static void beforeAll() {
         if (WG_SSL) {
             WEBGOAT_URL = WEBGOAT_URL.replace("http:", "https:");
@@ -88,6 +92,7 @@ public abstract class IntegrationTest {
     }
 
     @Before
+    @BeforeEach
     public void login() {
 
         String location = given()
@@ -139,6 +144,7 @@ public abstract class IntegrationTest {
     }
 
     @After
+    @AfterEach
     public void logout() {
         RestAssured.given()
                 .when()
@@ -154,6 +160,10 @@ public abstract class IntegrationTest {
      * @param lessonName
      */
     public void startLesson(String lessonName) {
+        startLesson(lessonName, true);
+    }
+    
+    public void startLesson(String lessonName, boolean restart) {
         RestAssured.given()
                 .when()
                 .relaxedHTTPSValidation()
@@ -162,6 +172,7 @@ public abstract class IntegrationTest {
                 .then()
                 .statusCode(200);
 
+        if (restart) {
         RestAssured.given()
                 .when()
                 .relaxedHTTPSValidation()
@@ -170,6 +181,7 @@ public abstract class IntegrationTest {
                 .then()
                 .statusCode(200);
         }
+    }
 
     /**
      * Helper method for most common type of test.

webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java

@@ -11,8 +11,8 @@ import java.util.Date;
 
 import org.hamcrest.CoreMatchers;
 import org.junit.Assert;
-import org.junit.Before;
+import org.junit.jupiter.api.BeforeEach;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 import org.owasp.webgoat.jwt.JWTSecretKeyEndpoint;
 
 import com.fasterxml.jackson.databind.JsonNode;
@@ -28,11 +28,6 @@ import io.restassured.RestAssured;
 
 public class JWTLessonTest extends IntegrationTest {
 	
-	@Before
-	public void initTest() {
-		
-	}
-	
     @Test
     public void solveAssignment() throws IOException, InvalidKeyException, NoSuchAlgorithmException {
 

webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java

@@ -2,7 +2,7 @@ package org.owasp.webgoat;
 
 import io.restassured.RestAssured;
 import org.assertj.core.api.Assertions;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 
 import java.util.Map;
 

webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java

@@ -1,27 +1,54 @@
 package org.owasp.webgoat;
 
-import io.restassured.RestAssured;
+import static org.junit.jupiter.api.DynamicTest.dynamicTest;
-import org.hamcrest.CoreMatchers;
-import org.junit.*;
-import org.junit.rules.TemporaryFolder;
-import org.springframework.security.core.token.Sha512DigestUtils;
 
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Arrays;
 import java.util.Map;
 
+import org.hamcrest.CoreMatchers;
+import org.junit.Assert;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DynamicTest;
+import org.junit.jupiter.api.TestFactory;
+import org.junit.jupiter.api.io.TempDir;
+import org.springframework.security.core.token.Sha512DigestUtils;
+
+import io.restassured.RestAssured;
+import lombok.SneakyThrows;
+
 public class PathTraversalTest extends IntegrationTest {
         
-    @Rule
+	//the JUnit5 way
-    public TemporaryFolder temporaryFolder = new TemporaryFolder();
+    @TempDir
+    Path tempDir;
     
-    @Test
+    private File fileToUpload = null;
-    public void assignment1() throws IOException {
+    
-        startLesson("PathTraversal");
+    @BeforeEach
-        var fileToUpload = temporaryFolder.newFile("test.jpg");
+    @SneakyThrows
+    public void init() {
+    	fileToUpload = Files.createFile(
+                tempDir.resolve("test.jpg")).toFile();
     	Files.write(fileToUpload.toPath(), "This is a test" .getBytes());
+    	startLesson("PathTraversal");
+    }
 
+    @TestFactory
+    Iterable<DynamicTest> testPathTraversal() {
+    	return Arrays.asList(
+    			dynamicTest("assignement 1 - profile upload",()-> assignment1()),
+    			dynamicTest("assignement 2 - profile upload fix",()-> assignment2()),
+    			dynamicTest("assignement 3 - profile upload remove user input",()-> assignment3()),
+    			dynamicTest("assignement 4 - profile upload random pic",()-> assignment4())
+    			);
+    }
+    
+    public void assignment1() throws IOException {
         Assert.assertThat(
                 RestAssured.given()
                         .when()
@@ -35,12 +62,7 @@ public class PathTraversalTest extends IntegrationTest {
                         .extract().path("lessonCompleted"), CoreMatchers.is(true));
     }
 
-    @Test
     public void assignment2() throws IOException {
-        startLesson("PathTraversal");
-        var fileToUpload = temporaryFolder.newFile("test.jpg");
-        Files.write(fileToUpload.toPath(), "This is a test" .getBytes());
-
         Assert.assertThat(
                 RestAssured.given()
                         .when()
@@ -54,12 +76,7 @@ public class PathTraversalTest extends IntegrationTest {
                         .extract().path("lessonCompleted"), CoreMatchers.is(true));
     }
 
-    @Test
     public void assignment3() throws IOException {
-        startLesson("PathTraversal");
-        var fileToUpload = temporaryFolder.newFile("test.jpg");
-        Files.write(fileToUpload.toPath(), "This is a test" .getBytes());
-
         Assert.assertThat(
                 RestAssured.given()
                         .when()
@@ -71,11 +88,7 @@ public class PathTraversalTest extends IntegrationTest {
                         .statusCode(200)
                         .extract().path("lessonCompleted"), CoreMatchers.is(true));
     }
-
-    @Test
     public void assignment4() throws IOException {
-        startLesson("PathTraversal");
-
         var uri = "/WebGoat/PathTraversal/random-picture?id=%2E%2E%2F%2E%2E%2Fpath-traversal-secret";
         RestAssured.given().urlEncodingEnabled(false)
                 .when()
@@ -88,4 +101,10 @@ public class PathTraversalTest extends IntegrationTest {
 
         checkAssignment("/WebGoat/PathTraversal/random", Map.of("secret", Sha512DigestUtils.shaHex(getWebgoatUser())), true);
     }
+    
+    @AfterEach
+    public void shutdown() {
+    	//this will run only once after the list of dynamic tests has run, this is to test if the lesson is marked complete
+    	checkResults("/PathTraversal");
+    }
 }

webgoat-integration-tests/src/test/java/org/owasp/webgoat/ProgressRaceConditionTest.java

@@ -3,7 +3,7 @@ package org.owasp.webgoat;
 import io.restassured.RestAssured;
 import io.restassured.response.Response;
 import org.assertj.core.api.Assertions;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 
 import java.util.List;
 import java.util.Map;

webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionAdvancedTest.java

@@ -1,10 +1,10 @@
 package org.owasp.webgoat;
 
-import org.junit.Test;
-
 import java.util.HashMap;
 import java.util.Map;
 
+import org.junit.jupiter.api.Test;
+
 public class SqlInjectionAdvancedTest extends IntegrationTest {
 
     @Test

webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionLessonTest.java

@@ -1,10 +1,10 @@
 package org.owasp.webgoat;
 
-import org.junit.Test;
-
 import java.util.HashMap;
 import java.util.Map;
 
+import org.junit.jupiter.api.Test;
+
 public class SqlInjectionLessonTest extends IntegrationTest {
 
     private static final String sql_2 = "select department from employees where last_name='Franco'";

webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java

@@ -1,14 +1,13 @@
 package org.owasp.webgoat;
 
-import org.hamcrest.CoreMatchers;
-import org.junit.Test;
-
 import io.restassured.RestAssured;
 import io.restassured.http.ContentType;
 
 import java.util.HashMap;
 import java.util.Map;
 
+import org.junit.jupiter.api.Test;
+
 import static org.hamcrest.CoreMatchers.containsString;
 
 public class SqlInjectionMitigationTest extends IntegrationTest {

webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java

@@ -6,7 +6,7 @@ import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 
 import io.restassured.RestAssured;
 

webgoat-integration-tests/src/test/java/org/owasp/webgoat/XSSTest.java

@@ -1,12 +1,12 @@
 package org.owasp.webgoat;
 
-import org.junit.Test;
-
 import io.restassured.RestAssured;
 
 import java.util.HashMap;
 import java.util.Map;
 
+import org.junit.jupiter.api.Test;
+
 public class XSSTest extends IntegrationTest {
 
     

webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java

@@ -5,7 +5,7 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 
 import io.restassured.RestAssured;
 import io.restassured.http.ContentType;