migrate to JUnit 5 code
This commit is contained in:
René Zubcevic
Nanne Baars
parent
c4153ecbfb
commit
c4ae9ae2ab
@ -1,18 +1,25 @@
|
||||
package org.owasp.webgoat;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.DynamicTest.dynamicTest;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.DynamicTest;
|
||||
import org.junit.jupiter.api.TestFactory;
|
||||
|
||||
import io.restassured.RestAssured;
|
||||
import io.restassured.http.ContentType;
|
||||
import lombok.SneakyThrows;
|
||||
|
||||
public class CSRFTest extends IntegrationTest {
|
||||
|
||||
@ -44,32 +51,33 @@ public class CSRFTest extends IntegrationTest {
|
||||
|
||||
private String webwolfFileDir;
|
||||
|
||||
|
||||
@Test
|
||||
public void runTests() throws IOException {
|
||||
@BeforeEach
|
||||
@SneakyThrows
|
||||
public void init() {
|
||||
startLesson("CSRF");
|
||||
|
||||
webwolfFileDir = getWebWolfServerPath();
|
||||
|
||||
//Assignment 3
|
||||
uploadTrickHtml("csrf3.html", trickHTML3.replace("WEBGOATURL", url("/csrf/basic-get-flag")));
|
||||
checkAssignment3(callTrickHtml("csrf3.html"));
|
||||
|
||||
//Assignment 4
|
||||
uploadTrickHtml("csrf4.html", trickHTML4.replace("WEBGOATURL", url("/csrf/review")));
|
||||
checkAssignment4(callTrickHtml("csrf4.html"));
|
||||
|
||||
//Assignment 7
|
||||
uploadTrickHtml("csrf7.html", trickHTML7.replace("WEBGOATURL", url("/csrf/feedback/message")));
|
||||
checkAssignment7(callTrickHtml("csrf7.html"));
|
||||
|
||||
//Assignment 8
|
||||
uploadTrickHtml("csrf8.html", trickHTML8.replace("WEBGOATURL", url("/login")).replace("USERNAME", getWebgoatUser()));
|
||||
checkAssignment8(callTrickHtml("csrf8.html"));
|
||||
}
|
||||
|
||||
@TestFactory
|
||||
Iterable<DynamicTest> testCSRFLesson() {
|
||||
return Arrays.asList(
|
||||
dynamicTest("assignement 3",()-> checkAssignment3(callTrickHtml("csrf3.html"))),
|
||||
dynamicTest("assignement 4",()-> checkAssignment4(callTrickHtml("csrf4.html"))),
|
||||
dynamicTest("assignement 7",()-> checkAssignment7(callTrickHtml("csrf7.html"))),
|
||||
dynamicTest("assignement 8",()-> checkAssignment8(callTrickHtml("csrf8.html")))
|
||||
);
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
public void shutdown() throws IOException {
|
||||
//logout();
|
||||
login();//because old cookie got replaced and invalidated
|
||||
checkResults("csrf");
|
||||
|
||||
startLesson("CSRF", false);
|
||||
checkResults("/csrf");
|
||||
}
|
||||
|
||||
private void uploadTrickHtml(String htmlName, String htmlContent) throws IOException {
|
||||
@ -217,7 +225,7 @@ public class CSRFTest extends IntegrationTest {
|
||||
/**
|
||||
* Try to register the new user. Ignore the result.
|
||||
*/
|
||||
public void registerCSRFUser() {
|
||||
private void registerCSRFUser() {
|
||||
|
||||
RestAssured.given()
|
||||
.when()
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package org.owasp.webgoat;
|
||||
|
||||
import static org.junit.Assert.fail;
|
||||
import static org.junit.jupiter.api.Assertions.fail;
|
||||
|
||||
import java.nio.charset.Charset;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
@ -13,7 +13,7 @@ import java.util.Map;
|
||||
|
||||
import javax.xml.bind.DatatypeConverter;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.crypto.CryptoUtil;
|
||||
import org.owasp.webgoat.crypto.HashingAssignment;
|
||||
|
||||
|
||||
@ -5,7 +5,7 @@ import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.dummy.insecure.framework.VulnerableTaskHolder;
|
||||
import org.junit.Test;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.deserialization.SerializationHelper;
|
||||
|
||||
public class DeserializationTest extends IntegrationTest {
|
||||
|
||||
@ -4,7 +4,7 @@ import io.restassured.RestAssured;
|
||||
import io.restassured.http.ContentType;
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
@ -8,6 +8,9 @@ import org.junit.After;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.owasp.webwolf.WebWolf;
|
||||
import org.springframework.boot.builder.SpringApplicationBuilder;
|
||||
|
||||
@ -47,6 +50,7 @@ public abstract class IntegrationTest {
|
||||
private static boolean started = false;
|
||||
|
||||
@BeforeClass
|
||||
@BeforeAll
|
||||
public static void beforeAll() {
|
||||
if (WG_SSL) {
|
||||
WEBGOAT_URL = WEBGOAT_URL.replace("http:", "https:");
|
||||
@ -88,6 +92,7 @@ public abstract class IntegrationTest {
|
||||
}
|
||||
|
||||
@Before
|
||||
@BeforeEach
|
||||
public void login() {
|
||||
|
||||
String location = given()
|
||||
@ -139,6 +144,7 @@ public abstract class IntegrationTest {
|
||||
}
|
||||
|
||||
@After
|
||||
@AfterEach
|
||||
public void logout() {
|
||||
RestAssured.given()
|
||||
.when()
|
||||
@ -154,6 +160,10 @@ public abstract class IntegrationTest {
|
||||
* @param lessonName
|
||||
*/
|
||||
public void startLesson(String lessonName) {
|
||||
startLesson(lessonName, true);
|
||||
}
|
||||
|
||||
public void startLesson(String lessonName, boolean restart) {
|
||||
RestAssured.given()
|
||||
.when()
|
||||
.relaxedHTTPSValidation()
|
||||
@ -162,6 +172,7 @@ public abstract class IntegrationTest {
|
||||
.then()
|
||||
.statusCode(200);
|
||||
|
||||
if (restart) {
|
||||
RestAssured.given()
|
||||
.when()
|
||||
.relaxedHTTPSValidation()
|
||||
@ -170,6 +181,7 @@ public abstract class IntegrationTest {
|
||||
.then()
|
||||
.statusCode(200);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method for most common type of test.
|
||||
|
||||
@ -11,8 +11,8 @@ import java.util.Date;
|
||||
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.owasp.webgoat.jwt.JWTSecretKeyEndpoint;
|
||||
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
@ -28,11 +28,6 @@ import io.restassured.RestAssured;
|
||||
|
||||
public class JWTLessonTest extends IntegrationTest {
|
||||
|
||||
@Before
|
||||
public void initTest() {
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void solveAssignment() throws IOException, InvalidKeyException, NoSuchAlgorithmException {
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@ package org.owasp.webgoat;
|
||||
|
||||
import io.restassured.RestAssured;
|
||||
import org.assertj.core.api.Assertions;
|
||||
import org.junit.Test;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
|
||||
@ -1,27 +1,54 @@
|
||||
package org.owasp.webgoat;
|
||||
|
||||
import io.restassured.RestAssured;
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.*;
|
||||
import org.junit.rules.TemporaryFolder;
|
||||
import org.springframework.security.core.token.Sha512DigestUtils;
|
||||
import static org.junit.jupiter.api.DynamicTest.dynamicTest;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.util.Arrays;
|
||||
import java.util.Map;
|
||||
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.Assert;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.DynamicTest;
|
||||
import org.junit.jupiter.api.TestFactory;
|
||||
import org.junit.jupiter.api.io.TempDir;
|
||||
import org.springframework.security.core.token.Sha512DigestUtils;
|
||||
|
||||
import io.restassured.RestAssured;
|
||||
import lombok.SneakyThrows;
|
||||
|
||||
public class PathTraversalTest extends IntegrationTest {
|
||||
|
||||
@Rule
|
||||
public TemporaryFolder temporaryFolder = new TemporaryFolder();
|
||||
//the JUnit5 way
|
||||
@TempDir
|
||||
Path tempDir;
|
||||
|
||||
@Test
|
||||
public void assignment1() throws IOException {
|
||||
startLesson("PathTraversal");
|
||||
var fileToUpload = temporaryFolder.newFile("test.jpg");
|
||||
private File fileToUpload = null;
|
||||
|
||||
@BeforeEach
|
||||
@SneakyThrows
|
||||
public void init() {
|
||||
fileToUpload = Files.createFile(
|
||||
tempDir.resolve("test.jpg")).toFile();
|
||||
Files.write(fileToUpload.toPath(), "This is a test" .getBytes());
|
||||
startLesson("PathTraversal");
|
||||
}
|
||||
|
||||
@TestFactory
|
||||
Iterable<DynamicTest> testPathTraversal() {
|
||||
return Arrays.asList(
|
||||
dynamicTest("assignement 1 - profile upload",()-> assignment1()),
|
||||
dynamicTest("assignement 2 - profile upload fix",()-> assignment2()),
|
||||
dynamicTest("assignement 3 - profile upload remove user input",()-> assignment3()),
|
||||
dynamicTest("assignement 4 - profile upload random pic",()-> assignment4())
|
||||
);
|
||||
}
|
||||
|
||||
public void assignment1() throws IOException {
|
||||
Assert.assertThat(
|
||||
RestAssured.given()
|
||||
.when()
|
||||
@ -35,12 +62,7 @@ public class PathTraversalTest extends IntegrationTest {
|
||||
.extract().path("lessonCompleted"), CoreMatchers.is(true));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void assignment2() throws IOException {
|
||||
startLesson("PathTraversal");
|
||||
var fileToUpload = temporaryFolder.newFile("test.jpg");
|
||||
Files.write(fileToUpload.toPath(), "This is a test" .getBytes());
|
||||
|
||||
Assert.assertThat(
|
||||
RestAssured.given()
|
||||
.when()
|
||||
@ -54,12 +76,7 @@ public class PathTraversalTest extends IntegrationTest {
|
||||
.extract().path("lessonCompleted"), CoreMatchers.is(true));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void assignment3() throws IOException {
|
||||
startLesson("PathTraversal");
|
||||
var fileToUpload = temporaryFolder.newFile("test.jpg");
|
||||
Files.write(fileToUpload.toPath(), "This is a test" .getBytes());
|
||||
|
||||
Assert.assertThat(
|
||||
RestAssured.given()
|
||||
.when()
|
||||
@ -71,11 +88,7 @@ public class PathTraversalTest extends IntegrationTest {
|
||||
.statusCode(200)
|
||||
.extract().path("lessonCompleted"), CoreMatchers.is(true));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void assignment4() throws IOException {
|
||||
startLesson("PathTraversal");
|
||||
|
||||
var uri = "/WebGoat/PathTraversal/random-picture?id=%2E%2E%2F%2E%2E%2Fpath-traversal-secret";
|
||||
RestAssured.given().urlEncodingEnabled(false)
|
||||
.when()
|
||||
@ -88,4 +101,10 @@ public class PathTraversalTest extends IntegrationTest {
|
||||
|
||||
checkAssignment("/WebGoat/PathTraversal/random", Map.of("secret", Sha512DigestUtils.shaHex(getWebgoatUser())), true);
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
public void shutdown() {
|
||||
//this will run only once after the list of dynamic tests has run, this is to test if the lesson is marked complete
|
||||
checkResults("/PathTraversal");
|
||||
}
|
||||
}
|
||||
|
||||
@ -3,7 +3,7 @@ package org.owasp.webgoat;
|
||||
import io.restassured.RestAssured;
|
||||
import io.restassured.response.Response;
|
||||
import org.assertj.core.api.Assertions;
|
||||
import org.junit.Test;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
package org.owasp.webgoat;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
public class SqlInjectionAdvancedTest extends IntegrationTest {
|
||||
|
||||
@Test
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
package org.owasp.webgoat;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
public class SqlInjectionLessonTest extends IntegrationTest {
|
||||
|
||||
private static final String sql_2 = "select department from employees where last_name='Franco'";
|
||||
|
||||
@ -1,14 +1,13 @@
|
||||
package org.owasp.webgoat;
|
||||
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.Test;
|
||||
|
||||
import io.restassured.RestAssured;
|
||||
import io.restassured.http.ContentType;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.containsString;
|
||||
|
||||
public class SqlInjectionMitigationTest extends IntegrationTest {
|
||||
|
||||
@ -6,7 +6,7 @@ import java.io.IOException;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import io.restassured.RestAssured;
|
||||
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
package org.owasp.webgoat;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import io.restassured.RestAssured;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
public class XSSTest extends IntegrationTest {
|
||||
|
||||
|
||||
|
||||
@ -5,7 +5,7 @@ import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import io.restassured.RestAssured;
|
||||
import io.restassured.http.ContentType;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user