Run unit tests again for all lessons and rewrite all to JUnit 5
Due to the migration to Spring Boot 2.4 the Vintage dependency was no longer included by default, resulting in skipping all unit tests.
This commit is contained in:
		| @ -27,7 +27,7 @@ package org.owasp.webgoat.auth_bypass; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.mockito.runners.MockitoJUnitRunner; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpointTest; | ||||
| @ -43,12 +43,12 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
| import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; | ||||
|  | ||||
| @RunWith(MockitoJUnitRunner.class) | ||||
| @ExtendWith(MockitoExtension.class) | ||||
| public class BypassVerificationTest extends AssignmentEndpointTest { | ||||
|  | ||||
|     private MockMvc mockMvc; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         VerifyAccount verifyAccount = new VerifyAccount(); | ||||
|         init(verifyAccount); | ||||
|  | ||||
| @ -24,7 +24,10 @@ package org.owasp.webgoat.bypass_restrictions; | ||||
|  | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| @RestController | ||||
| public class BypassRestrictionsFrontendValidation extends AssignmentEndpoint { | ||||
|  | ||||
| @ -1,11 +1,11 @@ | ||||
| package org.owasp.webgoat.bypass_restrictions; | ||||
|  | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
|  | ||||
| @ -18,20 +18,20 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. | ||||
|  * @author nbaars | ||||
|  * @since 6/16/17. | ||||
|  */ | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class BypassRestrictionsFrontendValidationTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private BypassRestrictions bypassRestrictions; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         when(webSession.getCurrentLesson()).thenReturn(bypassRestrictions); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|     } | ||||
|  | ||||
|     @Test | ||||
|     public void noChangesShouldNotPassTheLesson() throws Exception { | ||||
|     void noChangesShouldNotPassTheLesson() throws Exception { | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/BypassRestrictions/frontendValidation") | ||||
|                 .param("field1", "abc") | ||||
|                 .param("field2", "123") | ||||
| @ -45,7 +45,7 @@ public class BypassRestrictionsFrontendValidationTest extends LessonTest { | ||||
|     } | ||||
|  | ||||
|     @Test | ||||
|     public void bypassAllFieldShouldPass() throws Exception { | ||||
|     void bypassAllFieldShouldPass() throws Exception { | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/BypassRestrictions/frontendValidation") | ||||
|                 .param("field1", "abcd") | ||||
|                 .param("field2", "1234") | ||||
| @ -59,7 +59,7 @@ public class BypassRestrictionsFrontendValidationTest extends LessonTest { | ||||
|     } | ||||
|  | ||||
|     @Test | ||||
|     public void notBypassingAllFieldShouldNotPass() throws Exception { | ||||
|     void notBypassingAllFieldShouldNotPass() throws Exception { | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/BypassRestrictions/frontendValidation") | ||||
|                 .param("field1", "abc") | ||||
|                 .param("field2", "1234") | ||||
|  | ||||
| @ -27,12 +27,6 @@ | ||||
|             <version>4.1.3.RELEASE</version> | ||||
|             <scope>test</scope> | ||||
|         </dependency> | ||||
|         <dependency> | ||||
|             <groupId>junit</groupId> | ||||
|             <artifactId>junit</artifactId> | ||||
|             <version>${junit.version}</version> | ||||
|             <type>jar</type> | ||||
|             <scope>test</scope> | ||||
|         </dependency> | ||||
|  | ||||
|     </dependencies> | ||||
| </project> | ||||
|  | ||||
| @ -22,13 +22,8 @@ | ||||
|  | ||||
| package org.owasp.webgoat.challenges; | ||||
|  | ||||
| import java.util.HashMap; | ||||
| import java.util.Map; | ||||
| import java.util.UUID; | ||||
| import java.util.stream.IntStream; | ||||
|  | ||||
| import javax.annotation.PostConstruct; | ||||
|  | ||||
| import lombok.AllArgsConstructor; | ||||
| import lombok.Getter; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.session.WebSession; | ||||
| @ -42,8 +37,11 @@ import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import lombok.AllArgsConstructor; | ||||
| import lombok.Getter; | ||||
| import javax.annotation.PostConstruct; | ||||
| import java.util.HashMap; | ||||
| import java.util.Map; | ||||
| import java.util.UUID; | ||||
| import java.util.stream.IntStream; | ||||
|  | ||||
| /** | ||||
|  * @author nbaars | ||||
|  | ||||
| @ -4,7 +4,10 @@ import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.challenges.Flag; | ||||
| import org.springframework.util.StringUtils; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
|  | ||||
|  | ||||
| @ -1,17 +1,16 @@ | ||||
| package org.owasp.webgoat.challenges.challenge1; | ||||
|  | ||||
| import java.io.IOException; | ||||
| import java.security.SecureRandom; | ||||
| import org.springframework.core.io.ClassPathResource; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.util.FileCopyUtils; | ||||
|  | ||||
| import javax.servlet.ServletException; | ||||
| import javax.servlet.annotation.WebServlet; | ||||
| import javax.servlet.http.HttpServlet; | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import javax.servlet.http.HttpServletResponse; | ||||
|  | ||||
| import org.springframework.core.io.ClassPathResource; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.util.FileCopyUtils; | ||||
| import java.io.IOException; | ||||
| import java.security.SecureRandom; | ||||
|  | ||||
| @WebServlet(name = "ImageServlet", urlPatterns = "/challenge/logo") | ||||
| public class ImageServlet extends HttpServlet { | ||||
|  | ||||
| @ -12,7 +12,12 @@ import org.springframework.http.HttpStatus; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.http.ResponseEntity; | ||||
| import org.springframework.util.StringUtils; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.PathVariable; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
| import org.springframework.web.client.RestTemplate; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
|  | ||||
| @ -1,12 +1,11 @@ | ||||
| package org.owasp.webgoat.challenges.challenge7; | ||||
|  | ||||
| import java.io.File; | ||||
| import java.io.FileInputStream; | ||||
| import java.io.IOException; | ||||
| import java.io.InputStream; | ||||
| import java.io.UnsupportedEncodingException; | ||||
|  | ||||
| import java.io.*; | ||||
|  | ||||
| /** | ||||
|  * MD5 hash generator. | ||||
|  * More information about this class is available from <a target="_top" href= | ||||
|  | ||||
| @ -23,10 +23,9 @@ | ||||
| package org.owasp.webgoat.challenges; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.mockito.junit.MockitoJUnitRunner; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.mockito.junit.jupiter.MockitoExtension; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpointTest; | ||||
| import org.owasp.webgoat.challenges.challenge1.Assignment1; | ||||
| import org.owasp.webgoat.challenges.challenge1.ImageServlet; | ||||
| @ -35,8 +34,6 @@ import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
|  | ||||
| import java.net.InetAddress; | ||||
|  | ||||
| import static org.mockito.Mockito.when; | ||||
| import static org.owasp.webgoat.challenges.SolutionConstants.PASSWORD; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; | ||||
|  | ||||
| @ -44,13 +41,13 @@ import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standal | ||||
|  * @author nbaars | ||||
|  * @since 5/2/17. | ||||
|  */ | ||||
| @RunWith(MockitoJUnitRunner.class) | ||||
| public class Assignment1Test extends AssignmentEndpointTest { | ||||
| @ExtendWith(MockitoExtension.class) | ||||
| class Assignment1Test extends AssignmentEndpointTest { | ||||
|  | ||||
|     private MockMvc mockMvc; | ||||
|  | ||||
|     @Before | ||||
|     public void setup() { | ||||
|     @BeforeEach | ||||
|     void setup() { | ||||
|         Assignment1 assignment1 = new Assignment1(); | ||||
|         init(assignment1); | ||||
|         new Flag().initFlags(); | ||||
| @ -58,7 +55,7 @@ public class Assignment1Test extends AssignmentEndpointTest { | ||||
|     } | ||||
|  | ||||
|     @Test | ||||
|     public void success() throws Exception { | ||||
|     void success() throws Exception { | ||||
|         InetAddress addr = InetAddress.getLocalHost(); | ||||
|         String host = addr.getHostAddress(); | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/challenge/1") | ||||
| @ -70,7 +67,7 @@ public class Assignment1Test extends AssignmentEndpointTest { | ||||
|     } | ||||
|  | ||||
|     @Test | ||||
|     public void wrongPassword() throws Exception { | ||||
|     void wrongPassword() throws Exception { | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/challenge/1") | ||||
|                 .param("username", "admin") | ||||
|                 .param("password", "wrong")) | ||||
|  | ||||
| @ -25,7 +25,10 @@ package org.owasp.webgoat.chrome_dev_tools; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.session.UserSessionData; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| /** | ||||
|  * This is just a class used to make the the HTTP request. | ||||
|  | ||||
| @ -26,7 +26,10 @@ import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.http.ResponseEntity; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| /** | ||||
|  * Assignment where the user has to look through an HTTP Request | ||||
|  | ||||
| @ -1,17 +1,15 @@ | ||||
| package org.owasp.webgoat.chrome_dev_tools; | ||||
|  | ||||
| import org.hamcrest.Matchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
|  | ||||
| import static org.assertj.core.api.Assertions.assertThat; | ||||
| import static org.hamcrest.CoreMatchers.is; | ||||
| import static org.mockito.Mockito.when; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
| @ -20,13 +18,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. | ||||
|  * @author Benedikt Stuhrmann | ||||
|  * @since 13/03/19. | ||||
|  */ | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class ChromeDevToolsTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private ChromeDevTools cdt; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         when(webSession.getCurrentLesson()).thenReturn(cdt); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -2,7 +2,11 @@ package org.owasp.webgoat.cia; | ||||
|  | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| @RestController | ||||
| public class CIAQuiz extends AssignmentEndpoint { | ||||
|  | ||||
| @ -1,11 +1,11 @@ | ||||
| package org.owasp.webgoat.cia; | ||||
|  | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.MvcResult; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
| @ -19,13 +19,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. | ||||
|  * @author Benedikt Stuhrmann | ||||
|  * @since 13/03/19. | ||||
|  */ | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class CIAQuizTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private CIA cia; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         when(webSession.getCurrentLesson()).thenReturn(cia); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -25,7 +25,10 @@ package org.owasp.webgoat.client_side_filtering; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| @RestController | ||||
| @AssignmentHints({"ClientSideFilteringHint1", "ClientSideFilteringHint2", "ClientSideFilteringHint3", "ClientSideFilteringHint4"}) | ||||
|  | ||||
| @ -25,7 +25,10 @@ package org.owasp.webgoat.client_side_filtering; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| /** | ||||
|  * @author nbaars | ||||
|  | ||||
| @ -38,7 +38,11 @@ import javax.xml.xpath.XPath; | ||||
| import javax.xml.xpath.XPathConstants; | ||||
| import javax.xml.xpath.XPathExpressionException; | ||||
| import javax.xml.xpath.XPathFactory; | ||||
| import java.io.*; | ||||
| import java.io.File; | ||||
| import java.io.FileInputStream; | ||||
| import java.io.FileOutputStream; | ||||
| import java.io.IOException; | ||||
| import java.io.InputStream; | ||||
| import java.util.ArrayList; | ||||
| import java.util.HashMap; | ||||
| import java.util.List; | ||||
|  | ||||
| @ -1,12 +1,12 @@ | ||||
| package org.owasp.webgoat.client_side_filtering; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
|  | ||||
| @ -18,13 +18,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. | ||||
|  * @author nbaars | ||||
|  * @since 5/2/17. | ||||
|  */ | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class ClientSideFilteringAssignmentTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private ClientSideFiltering clientSideFiltering; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         when(webSession.getCurrentLesson()).thenReturn(clientSideFiltering); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -2,25 +2,25 @@ package org.owasp.webgoat.client_side_filtering; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.hamcrest.Matchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
|  | ||||
| import static org.mockito.Mockito.when; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class ClientSideFilteringFreeAssignmentTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private ClientSideFiltering clientSideFiltering; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         when(webSession.getCurrentLesson()).thenReturn(clientSideFiltering); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -23,17 +23,15 @@ | ||||
| package org.owasp.webgoat.client_side_filtering; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.mockito.junit.MockitoJUnitRunner; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.MockMvc; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
|  | ||||
| import static org.hamcrest.Matchers.is; | ||||
| import static org.mockito.Mockito.when; | ||||
| import static org.owasp.webgoat.client_side_filtering.ClientSideFilteringFreeAssignment.SUPER_COUPON_CODE; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; | ||||
| @ -42,12 +40,12 @@ import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standal | ||||
|  * @author nbaars | ||||
|  * @since 5/2/17. | ||||
|  */ | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class ShopEndpointTest extends LessonTest { | ||||
|  | ||||
|     private MockMvc mockMvc; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         ShopEndpoint shopEndpoint = new ShopEndpoint(); | ||||
|         this.mockMvc = standaloneSetup(shopEndpoint).build(); | ||||
|  | ||||
| @ -22,12 +22,13 @@ | ||||
|  | ||||
| package org.owasp.webgoat.xss; | ||||
|  | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
|  | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
|  | ||||
| //@RestController | ||||
| @Deprecated | ||||
|  | ||||
| @ -28,7 +28,10 @@ import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.session.UserSessionData; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import java.util.function.Predicate; | ||||
| import java.util.regex.Pattern; | ||||
|  | ||||
| @ -28,7 +28,10 @@ import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.session.UserSessionData; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
|  | ||||
| @RestController | ||||
|  | ||||
| @ -24,7 +24,11 @@ package org.owasp.webgoat.xss; | ||||
|  | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import java.io.IOException; | ||||
|  | ||||
|  | ||||
| @ -25,7 +25,10 @@ package org.owasp.webgoat.xss; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.session.UserSessionData; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import java.security.SecureRandom; | ||||
|  | ||||
| @ -26,7 +26,10 @@ import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.session.UserSessionData; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| /** | ||||
|  * Created by jason on 11/23/16. | ||||
|  | ||||
| @ -33,12 +33,21 @@ import org.owasp.webgoat.session.WebSession; | ||||
| import org.owasp.webgoat.xss.Comment; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
|  | ||||
| import static org.springframework.http.MediaType.ALL_VALUE; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestBody; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import java.io.IOException; | ||||
| import java.util.*; | ||||
| import java.util.ArrayList; | ||||
| import java.util.Collection; | ||||
| import java.util.Collections; | ||||
| import java.util.HashMap; | ||||
| import java.util.List; | ||||
| import java.util.Map; | ||||
|  | ||||
| import static org.springframework.http.MediaType.ALL_VALUE; | ||||
|  | ||||
|  | ||||
| @RestController | ||||
|  | ||||
| @ -23,36 +23,33 @@ | ||||
| package org.owasp.webgoat.xss; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.mockito.junit.MockitoJUnitRunner; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.mockito.junit.jupiter.MockitoExtension; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpointTest; | ||||
| import org.owasp.webgoat.lessons.Assignment; | ||||
| import org.owasp.webgoat.xss.DOMCrossSiteScripting; | ||||
| import org.springframework.test.web.servlet.MockMvc; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
|  | ||||
| import java.util.List; | ||||
|  | ||||
| import static org.mockito.Mockito.lenient; | ||||
| import static org.mockito.Mockito.when; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
| import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; | ||||
|  | ||||
|  | ||||
| @RunWith(MockitoJUnitRunner.class) | ||||
| @ExtendWith(MockitoExtension.class) | ||||
| public class DOMCrossSiteScriptingTest extends AssignmentEndpointTest { | ||||
|     private MockMvc mockMvc; | ||||
|     private String randVal = "12034837"; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         DOMCrossSiteScripting domXss = new DOMCrossSiteScripting(); | ||||
|         init(domXss); | ||||
|         this.mockMvc = standaloneSetup(domXss).build(); | ||||
|         CrossSiteScripting xss = new CrossSiteScripting(); | ||||
|         when(userSessionData.getValue("randValue")).thenReturn(randVal); | ||||
|         lenient().when(userSessionData.getValue("randValue")).thenReturn(randVal); | ||||
|     } | ||||
|  | ||||
|     @Test | ||||
|  | ||||
| @ -23,10 +23,10 @@ | ||||
| package org.owasp.webgoat.xss; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.mockito.junit.MockitoJUnitRunner; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.mockito.junit.jupiter.MockitoExtension; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpointTest; | ||||
| import org.owasp.webgoat.xss.stored.StoredXssComments; | ||||
| import org.springframework.http.MediaType; | ||||
| @ -40,12 +40,12 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. | ||||
| import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; | ||||
|  | ||||
|  | ||||
| @RunWith(MockitoJUnitRunner.class) | ||||
| @ExtendWith(MockitoExtension.class) | ||||
| public class StoredXssCommentsTest extends AssignmentEndpointTest { | ||||
|  | ||||
|     private MockMvc mockMvc; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         StoredXssComments storedXssComments = new StoredXssComments(); | ||||
|         init(storedXssComments); | ||||
|  | ||||
| @ -1,5 +1,8 @@ | ||||
| package org.owasp.webgoat.crypto; | ||||
|  | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
|  | ||||
| import javax.xml.bind.DatatypeConverter; | ||||
| import java.math.BigInteger; | ||||
| import java.nio.charset.Charset; | ||||
| import java.security.InvalidAlgorithmParameterException; | ||||
| @ -17,10 +20,6 @@ import java.security.spec.PKCS8EncodedKeySpec; | ||||
| import java.security.spec.RSAKeyGenParameterSpec; | ||||
| import java.util.Base64; | ||||
|  | ||||
| import javax.xml.bind.DatatypeConverter; | ||||
|  | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
|  | ||||
| @Slf4j | ||||
| public class CryptoUtil { | ||||
|  | ||||
|  | ||||
| @ -22,11 +22,6 @@ | ||||
|  | ||||
| package org.owasp.webgoat.crypto; | ||||
|  | ||||
| import java.util.Base64; | ||||
| import java.util.Random; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
|  | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.http.MediaType; | ||||
| @ -36,6 +31,10 @@ import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import java.util.Base64; | ||||
| import java.util.Random; | ||||
|  | ||||
| @RestController | ||||
| public class EncodingAssignment extends AssignmentEndpoint { | ||||
|  | ||||
|  | ||||
| @ -22,13 +22,6 @@ | ||||
|  | ||||
| package org.owasp.webgoat.crypto; | ||||
|  | ||||
| import java.security.MessageDigest; | ||||
| import java.security.NoSuchAlgorithmException; | ||||
| import java.util.Random; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import javax.xml.bind.DatatypeConverter; | ||||
|  | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| @ -39,6 +32,12 @@ import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import javax.xml.bind.DatatypeConverter; | ||||
| import java.security.MessageDigest; | ||||
| import java.security.NoSuchAlgorithmException; | ||||
| import java.util.Random; | ||||
|  | ||||
| @RestController | ||||
| @AssignmentHints({"crypto-hashing.hints.1","crypto-hashing.hints.2"}) | ||||
| public class HashingAssignment extends AssignmentEndpoint { | ||||
|  | ||||
| @ -22,8 +22,6 @@ | ||||
|  | ||||
| package org.owasp.webgoat.crypto; | ||||
|  | ||||
| import java.security.NoSuchAlgorithmException; | ||||
|  | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| @ -32,6 +30,8 @@ import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import java.security.NoSuchAlgorithmException; | ||||
|  | ||||
| @RestController | ||||
| @AssignmentHints({"crypto-secure-defaults.hints.1", "crypto-secure-defaults.hints.2", "crypto-secure-defaults.hints.3"}) | ||||
| public class SecureDefaultsAssignment extends AssignmentEndpoint { | ||||
|  | ||||
| @ -22,14 +22,7 @@ | ||||
|  | ||||
| package org.owasp.webgoat.crypto; | ||||
|  | ||||
| import java.security.InvalidAlgorithmParameterException; | ||||
| import java.security.KeyPair; | ||||
| import java.security.NoSuchAlgorithmException; | ||||
| import java.security.interfaces.RSAPublicKey; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import javax.xml.bind.DatatypeConverter; | ||||
|  | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| @ -40,7 +33,12 @@ import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import javax.xml.bind.DatatypeConverter; | ||||
| import java.security.InvalidAlgorithmParameterException; | ||||
| import java.security.KeyPair; | ||||
| import java.security.NoSuchAlgorithmException; | ||||
| import java.security.interfaces.RSAPublicKey; | ||||
|  | ||||
| @RestController | ||||
| @AssignmentHints({"crypto-signing.hints.1","crypto-signing.hints.2", "crypto-signing.hints.3", "crypto-signing.hints.4"}) | ||||
|  | ||||
| @ -1,17 +1,15 @@ | ||||
| package org.owasp.webgoat.crypto; | ||||
|  | ||||
| import static org.junit.jupiter.api.Assertions.assertTrue; | ||||
| import static org.junit.jupiter.api.Assertions.fail; | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
| import org.junit.jupiter.api.Test; | ||||
|  | ||||
| import javax.xml.bind.DatatypeConverter; | ||||
| import java.security.KeyPair; | ||||
| import java.security.PrivateKey; | ||||
| import java.security.interfaces.RSAPublicKey; | ||||
|  | ||||
| import javax.xml.bind.DatatypeConverter; | ||||
|  | ||||
| import org.junit.jupiter.api.Test; | ||||
|  | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
| import static org.junit.jupiter.api.Assertions.assertTrue; | ||||
| import static org.junit.jupiter.api.Assertions.fail; | ||||
|  | ||||
| @Slf4j | ||||
| public class CryptoUtilTest { | ||||
|  | ||||
| @ -22,13 +22,10 @@ | ||||
|  | ||||
| package org.owasp.webgoat.csrf; | ||||
|  | ||||
| import com.beust.jcommander.internal.Lists; | ||||
| import org.owasp.webgoat.lessons.Category; | ||||
| import org.owasp.webgoat.lessons.Lesson; | ||||
| import org.springframework.stereotype.Component; | ||||
|  | ||||
| import java.util.List; | ||||
|  | ||||
| /** | ||||
|  * Created by jason on 9/29/17. | ||||
|  */ | ||||
|  | ||||
| @ -31,7 +31,11 @@ import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.session.UserSessionData; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestBody; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.servlet.http.Cookie; | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
|  | ||||
| @ -22,18 +22,17 @@ | ||||
|  | ||||
| package org.owasp.webgoat.csrf; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
|  | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.users.UserTracker; | ||||
| import org.owasp.webgoat.users.UserTrackerRepository; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
|  | ||||
| /** | ||||
|  * @author nbaars | ||||
|  * @since 11/17/17. | ||||
|  | ||||
| @ -32,10 +32,17 @@ import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.session.WebSession; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import java.util.*; | ||||
| import java.util.ArrayList; | ||||
| import java.util.Collection; | ||||
| import java.util.HashMap; | ||||
| import java.util.List; | ||||
| import java.util.Map; | ||||
|  | ||||
| import static org.springframework.http.MediaType.ALL_VALUE; | ||||
|  | ||||
|  | ||||
| @ -23,13 +23,13 @@ | ||||
| package org.owasp.webgoat.csrf; | ||||
|  | ||||
| import org.hamcrest.core.StringContains; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
|  | ||||
| import javax.servlet.http.Cookie; | ||||
| @ -44,13 +44,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. | ||||
|  * @author nbaars | ||||
|  * @since 11/17/17. | ||||
|  */ | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class CSRFFeedbackTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private CSRF csrf; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         when(webSession.getCurrentLesson()).thenReturn(csrf); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -21,13 +21,7 @@ | ||||
|             <version>4.1.3.RELEASE</version> | ||||
|             <scope>test</scope> | ||||
|         </dependency> | ||||
|         <dependency> | ||||
|             <groupId>junit</groupId> | ||||
|             <artifactId>junit</artifactId> | ||||
|             <version>${junit.version}</version> | ||||
|             <type>jar</type> | ||||
|             <scope>test</scope> | ||||
|         </dependency> | ||||
|  | ||||
|  | ||||
|     </dependencies> | ||||
|  | ||||
|  | ||||
| @ -25,7 +25,10 @@ package org.owasp.webgoat.html_tampering; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| @RestController | ||||
| @AssignmentHints({"hint1", "hint2", "hint3"}) | ||||
|  | ||||
| @ -25,7 +25,10 @@ package org.owasp.webgoat.http_basics; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| @RestController | ||||
| @AssignmentHints({"http-basics.hints.http_basics_lesson.1"}) | ||||
|  | ||||
| @ -26,10 +26,10 @@ import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AssignmentPath; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import java.io.IOException; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| @RestController | ||||
| @AssignmentHints({"http-basics.hints.http_basic_quiz.1", "http-basics.hints.http_basic_quiz.2"}) | ||||
|  | ||||
| @ -18,17 +18,8 @@ | ||||
|         <dependency> | ||||
|             <groupId>org.springframework.security</groupId> | ||||
|             <artifactId>spring-security-test</artifactId> | ||||
|             <version>4.1.3.RELEASE</version> | ||||
|             <scope>test</scope> | ||||
|         </dependency> | ||||
|         <dependency> | ||||
|             <groupId>junit</groupId> | ||||
|             <artifactId>junit</artifactId> | ||||
|             <version>${junit.version}</version> | ||||
|             <type>jar</type> | ||||
|             <scope>test</scope> | ||||
|         </dependency> | ||||
|  | ||||
|     </dependencies> | ||||
|  | ||||
| </project> | ||||
|  | ||||
| @ -25,7 +25,12 @@ package org.owasp.webgoat.http_proxies; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.http.HttpMethod; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.RequestHeader; | ||||
| import org.springframework.web.bind.annotation.RequestMapping; | ||||
| import org.springframework.web.bind.annotation.RequestMethod; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
|  | ||||
|  | ||||
| @ -23,26 +23,24 @@ | ||||
| package org.owasp.webgoat.http_proxies; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.mockito.junit.MockitoJUnitRunner; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.mockito.junit.jupiter.MockitoExtension; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpointTest; | ||||
| import org.owasp.webgoat.http_proxies.HttpBasicsInterceptRequest; | ||||
| import org.springframework.test.web.servlet.MockMvc; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
|  | ||||
| import static org.mockito.Mockito.when; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
| import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; | ||||
|  | ||||
| @RunWith(MockitoJUnitRunner.class) | ||||
| @ExtendWith(MockitoExtension.class) | ||||
| public class HttpBasicsInterceptRequestTest extends AssignmentEndpointTest { | ||||
|  | ||||
|     private MockMvc mockMvc; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         HttpBasicsInterceptRequest httpBasicsInterceptRequest = new HttpBasicsInterceptRequest(); | ||||
|         init(httpBasicsInterceptRequest); | ||||
|  | ||||
| @ -25,7 +25,10 @@ package org.owasp.webgoat.idor; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| @RestController | ||||
| @AssignmentHints({"idor.hints.idorDiffAttributes1", "idor.hints.idorDiffAttributes2", "idor.hints.idorDiffAttributes3"}) | ||||
|  | ||||
| @ -27,7 +27,11 @@ import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.session.UserSessionData; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PathVariable; | ||||
| import org.springframework.web.bind.annotation.PutMapping; | ||||
| import org.springframework.web.bind.annotation.RequestBody; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| @RestController | ||||
| @AssignmentHints({"idor.hints.otherProfile1", "idor.hints.otherProfile2", "idor.hints.otherProfile3", "idor.hints.otherProfile4", "idor.hints.otherProfile5", "idor.hints.otherProfile6", "idor.hints.otherProfile7", "idor.hints.otherProfile8", "idor.hints.otherProfile9"}) | ||||
|  | ||||
| @ -25,9 +25,11 @@ package org.owasp.webgoat.idor; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
|  | ||||
| import org.owasp.webgoat.session.UserSessionData; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import java.util.HashMap; | ||||
| import java.util.Map; | ||||
|  | ||||
| @ -23,11 +23,12 @@ | ||||
| package org.owasp.webgoat.idor; | ||||
|  | ||||
|  | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
| import org.owasp.webgoat.session.UserSessionData; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
|  | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import java.util.HashMap; | ||||
| import java.util.Map; | ||||
|  | ||||
| @ -28,7 +28,10 @@ import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.session.UserSessionData; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| @RestController | ||||
| @AssignmentHints({"idor.hints.ownProfileAltUrl1", "idor.hints.ownProfileAltUrl2", "idor.hints.ownProfileAltUrl3"}) | ||||
|  | ||||
| @ -1,5 +1,7 @@ | ||||
| package org.dummy.insecure.framework; | ||||
|  | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
|  | ||||
| import java.io.BufferedReader; | ||||
| import java.io.IOException; | ||||
| import java.io.InputStreamReader; | ||||
| @ -7,8 +9,6 @@ import java.io.ObjectInputStream; | ||||
| import java.io.Serializable; | ||||
| import java.time.LocalDateTime; | ||||
|  | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
|  | ||||
| @Slf4j | ||||
| public class VulnerableTaskHolder implements Serializable { | ||||
|  | ||||
|  | ||||
| @ -1,29 +1,28 @@ | ||||
| package org.owasp.webgoat.deserialization; | ||||
|  | ||||
| import static org.hamcrest.Matchers.is; | ||||
| import static org.mockito.Mockito.when; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
| import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; | ||||
|  | ||||
| import org.dummy.insecure.framework.VulnerableTaskHolder; | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.mockito.junit.MockitoJUnitRunner; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.mockito.junit.jupiter.MockitoExtension; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpointTest; | ||||
| import org.springframework.test.web.servlet.MockMvc; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
|  | ||||
| @RunWith(MockitoJUnitRunner.class) | ||||
| import static org.hamcrest.Matchers.is; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
| import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; | ||||
|  | ||||
| @ExtendWith(MockitoExtension.class) | ||||
| public class DeserializeTest extends AssignmentEndpointTest { | ||||
|  | ||||
| 	private MockMvc mockMvc; | ||||
| 	 | ||||
| 	private static String OS = System.getProperty("os.name").toLowerCase(); | ||||
| 	 | ||||
| 	@Before | ||||
| 	@BeforeEach | ||||
|     public void setup() { | ||||
|         InsecureDeserializationTask insecureTask = new InsecureDeserializationTask(); | ||||
|         init(insecureTask); | ||||
|  | ||||
| @ -21,14 +21,6 @@ | ||||
|             <version>4.1.3.RELEASE</version> | ||||
|             <scope>test</scope> | ||||
|         </dependency> | ||||
|         <dependency> | ||||
|             <groupId>junit</groupId> | ||||
|             <artifactId>junit</artifactId> | ||||
|             <version>${junit.version}</version> | ||||
|             <type>jar</type> | ||||
|             <scope>test</scope> | ||||
|         </dependency> | ||||
|  | ||||
|     </dependencies> | ||||
|  | ||||
| </project> | ||||
|  | ||||
| @ -24,7 +24,10 @@ package org.owasp.webgoat.insecure_login; | ||||
|  | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| @RestController | ||||
| public class InsecureLoginTask extends AssignmentEndpoint { | ||||
|  | ||||
| @ -22,7 +22,12 @@ | ||||
|  | ||||
| package org.owasp.webgoat.jwt; | ||||
|  | ||||
| import io.jsonwebtoken.*; | ||||
| import io.jsonwebtoken.Claims; | ||||
| import io.jsonwebtoken.ExpiredJwtException; | ||||
| import io.jsonwebtoken.Header; | ||||
| import io.jsonwebtoken.Jwt; | ||||
| import io.jsonwebtoken.JwtException; | ||||
| import io.jsonwebtoken.Jwts; | ||||
| import org.apache.commons.lang3.RandomStringUtils; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| @ -30,9 +35,17 @@ import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.http.HttpStatus; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.http.ResponseEntity; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestBody; | ||||
| import org.springframework.web.bind.annotation.RequestHeader; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import java.util.*; | ||||
| import java.util.ArrayList; | ||||
| import java.util.Date; | ||||
| import java.util.HashMap; | ||||
| import java.util.List; | ||||
| import java.util.Map; | ||||
| import java.util.concurrent.TimeUnit; | ||||
|  | ||||
| import static org.springframework.http.ResponseEntity.ok; | ||||
|  | ||||
| @ -31,7 +31,11 @@ import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import java.time.Instant; | ||||
| import java.util.Calendar; | ||||
|  | ||||
| @ -37,7 +37,14 @@ import org.springframework.http.HttpStatus; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.http.ResponseEntity; | ||||
| import org.springframework.http.converter.json.MappingJacksonValue; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.CookieValue; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.PathVariable; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.ResponseStatus; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.annotation.PostConstruct; | ||||
| import javax.servlet.http.Cookie; | ||||
|  | ||||
| @ -24,7 +24,6 @@ package org.owasp.webgoat.jwt.votes; | ||||
|  | ||||
| import com.fasterxml.jackson.annotation.JsonView; | ||||
| import lombok.Getter; | ||||
| import lombok.Setter; | ||||
|  | ||||
| /** | ||||
|  * @author nbaars | ||||
|  | ||||
| @ -1,11 +1,11 @@ | ||||
| package org.owasp.webgoat.jwt; | ||||
|  | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
|  | ||||
| @ -14,13 +14,13 @@ import static org.mockito.Mockito.when; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class JWTDecodeEndpointTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private JWT jwt; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         when(webSession.getCurrentLesson()).thenReturn(jwt); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -2,12 +2,12 @@ package org.owasp.webgoat.jwt; | ||||
|  | ||||
| import io.jsonwebtoken.Jwts; | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
|  | ||||
| @ -21,7 +21,7 @@ import static org.mockito.Mockito.when; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class JWTFinalEndpointTest extends LessonTest { | ||||
|  | ||||
|     private static final String TOKEN_JERRY = "eyJraWQiOiJ3ZWJnb2F0X2tleSIsImFsZyI6IkhTNTEyIn0.eyJhdWQiOiJ3ZWJnb2F0Lm9yZyIsImVtYWlsIjoiamVycnlAd2ViZ29hdC5jb20iLCJ1c2VybmFtZSI6IkplcnJ5In0.xBc5FFwaOcuxjdr_VJ16n8Jb7vScuaZulNTl66F2MWF1aBe47QsUosvbjWGORNcMPiPNwnMu1Yb0WZVNrp2ZXA"; | ||||
| @ -32,7 +32,7 @@ public class JWTFinalEndpointTest extends LessonTest { | ||||
|     @Autowired | ||||
|     private JWTFinalEndpoint jwtFinalEndpoint; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         when(webSession.getCurrentLesson()).thenReturn(jwt); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -24,13 +24,13 @@ package org.owasp.webgoat.jwt; | ||||
|  | ||||
| import com.fasterxml.jackson.databind.ObjectMapper; | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.MvcResult; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
| @ -44,13 +44,13 @@ import static org.owasp.webgoat.jwt.JWTRefreshEndpoint.PASSWORD; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class JWTRefreshEndpointTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private JWT jwt; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         when(webSession.getCurrentLesson()).thenReturn(jwt); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -25,12 +25,12 @@ package org.owasp.webgoat.jwt; | ||||
| import io.jsonwebtoken.Claims; | ||||
| import io.jsonwebtoken.Jwts; | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
|  | ||||
| @ -38,20 +38,20 @@ import java.time.Duration; | ||||
| import java.time.Instant; | ||||
| import java.util.Date; | ||||
|  | ||||
| import static io.jsonwebtoken.SignatureAlgorithm.*; | ||||
| import static io.jsonwebtoken.SignatureAlgorithm.HS512; | ||||
| import static org.hamcrest.Matchers.is; | ||||
| import static org.mockito.Mockito.when; | ||||
| import static org.owasp.webgoat.jwt.JWTSecretKeyEndpoint.JWT_SECRET; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class JWTSecretKeyEndpointTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private JWT jwt; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         when(webSession.getCurrentLesson()).thenReturn(jwt); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -26,19 +26,18 @@ import com.fasterxml.jackson.databind.ObjectMapper; | ||||
| import io.jsonwebtoken.Claims; | ||||
| import io.jsonwebtoken.Jwts; | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.MvcResult; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
|  | ||||
| import javax.servlet.http.Cookie; | ||||
|  | ||||
| import java.util.Map; | ||||
|  | ||||
| import static org.assertj.core.api.Assertions.assertThat; | ||||
| @ -46,18 +45,17 @@ import static org.hamcrest.Matchers.containsString; | ||||
| import static org.hamcrest.Matchers.is; | ||||
| import static org.mockito.Mockito.when; | ||||
| import static org.owasp.webgoat.jwt.JWTVotesEndpoint.JWT_PASSWORD; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.cookie; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class JWTVotesEndpointTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private JWT jwt; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         when(webSession.getCurrentLesson()).thenReturn(jwt); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -22,11 +22,14 @@ | ||||
|  | ||||
| package org.owasp.webgoat.jwt; | ||||
|  | ||||
| import io.jsonwebtoken.*; | ||||
| import io.jsonwebtoken.Claims; | ||||
| import io.jsonwebtoken.JwsHeader; | ||||
| import io.jsonwebtoken.Jwt; | ||||
| import io.jsonwebtoken.Jwts; | ||||
| import io.jsonwebtoken.SigningKeyResolverAdapter; | ||||
| import io.jsonwebtoken.impl.TextCodec; | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
|  | ||||
| import org.junit.Test; | ||||
| import org.junit.jupiter.api.Test; | ||||
|  | ||||
| import java.time.Duration; | ||||
| import java.time.Instant; | ||||
|  | ||||
| @ -22,6 +22,7 @@ | ||||
|  | ||||
| package org.owasp.webgoat.missing_ac; | ||||
|  | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
| import org.owasp.webgoat.users.UserService; | ||||
| import org.owasp.webgoat.users.WebGoatUser; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| @ -32,8 +33,6 @@ import org.springframework.web.bind.annotation.RequestMethod; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.servlet.ModelAndView; | ||||
|  | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import java.util.ArrayList; | ||||
| import java.util.List; | ||||
|  | ||||
| @ -22,12 +22,12 @@ | ||||
|  | ||||
| package org.owasp.webgoat.missing_ac; | ||||
|  | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.mockito.junit.MockitoJUnitRunner; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.mockito.junit.jupiter.MockitoExtension; | ||||
| import org.owasp.webgoat.users.WebGoatUser; | ||||
|  | ||||
| @RunWith(MockitoJUnitRunner.class) | ||||
| @ExtendWith(MockitoExtension.class) | ||||
| public class DisplayUserTest { | ||||
|  | ||||
|     @Test | ||||
|  | ||||
| @ -23,24 +23,23 @@ | ||||
| package org.owasp.webgoat.missing_ac; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.mockito.junit.MockitoJUnitRunner; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.mockito.junit.jupiter.MockitoExtension; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpointTest; | ||||
| import org.springframework.test.web.servlet.MockMvc; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
|  | ||||
| import static org.mockito.Mockito.when; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; | ||||
|  | ||||
| @RunWith(MockitoJUnitRunner.class) | ||||
| @ExtendWith(MockitoExtension.class) | ||||
| public class MissingFunctionACHiddenMenusTest extends AssignmentEndpointTest { | ||||
|  | ||||
|     private MockMvc mockMvc; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         MissingFunctionACHiddenMenus hiddenMenus = new MissingFunctionACHiddenMenus(); | ||||
|         init(hiddenMenus); | ||||
|  | ||||
| @ -23,11 +23,11 @@ | ||||
| package org.owasp.webgoat.missing_ac; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.mockito.Mock; | ||||
| import org.mockito.junit.MockitoJUnitRunner; | ||||
| import org.mockito.junit.jupiter.MockitoExtension; | ||||
| import org.owasp.webgoat.users.UserService; | ||||
| import org.owasp.webgoat.users.WebGoatUser; | ||||
| import org.springframework.test.util.ReflectionTestUtils; | ||||
| @ -42,13 +42,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
| import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; | ||||
|  | ||||
| @RunWith(MockitoJUnitRunner.class) | ||||
| @ExtendWith(MockitoExtension.class) | ||||
| public class MissingFunctionACUsersTest { | ||||
|     private MockMvc mockMvc; | ||||
|     @Mock | ||||
|     private UserService userService; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         MissingFunctionACUsers usersController = new MissingFunctionACUsers(); | ||||
|         this.mockMvc = standaloneSetup(usersController).build(); | ||||
|  | ||||
| @ -23,11 +23,12 @@ | ||||
| package org.owasp.webgoat.missing_ac; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.mockito.Mock; | ||||
| import org.mockito.junit.MockitoJUnitRunner; | ||||
| import org.mockito.junit.jupiter.MockitoExtension; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpointTest; | ||||
| import org.owasp.webgoat.users.UserService; | ||||
| import org.owasp.webgoat.users.WebGoatUser; | ||||
| @ -41,7 +42,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
| import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; | ||||
|  | ||||
| @RunWith(MockitoJUnitRunner.Silent.class) | ||||
| @ExtendWith(MockitoExtension.class) | ||||
| public class MissingFunctionYourHashTest extends AssignmentEndpointTest { | ||||
|     private MockMvc mockMvc; | ||||
|     private DisplayUser mockDisplayUser; | ||||
| @ -49,7 +50,7 @@ public class MissingFunctionYourHashTest extends AssignmentEndpointTest { | ||||
|     @Mock | ||||
|     protected UserService userService; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setUp() { | ||||
|         MissingFunctionACYourHash yourHashTest = new MissingFunctionACYourHash(); | ||||
|         init(yourHashTest); | ||||
|  | ||||
| @ -29,7 +29,13 @@ import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.password_reset.resetlink.PasswordChangeForm; | ||||
| import org.springframework.ui.Model; | ||||
| import org.springframework.validation.BindingResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.ModelAttribute; | ||||
| import org.springframework.web.bind.annotation.PathVariable; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
| import org.springframework.web.servlet.ModelAndView; | ||||
|  | ||||
| import java.util.ArrayList; | ||||
|  | ||||
| @ -28,13 +28,16 @@ import org.springframework.beans.factory.annotation.Value; | ||||
| import org.springframework.http.HttpEntity; | ||||
| import org.springframework.http.HttpHeaders; | ||||
| import org.springframework.http.HttpMethod; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
| import org.springframework.web.client.RestTemplate; | ||||
|  | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import java.util.UUID; | ||||
|  | ||||
| import static org.springframework.util.StringUtils.*; | ||||
| import static org.springframework.util.StringUtils.hasText; | ||||
|  | ||||
| /** | ||||
|  * Part of the password reset assignment. Used to send the e-mail. | ||||
|  | ||||
| @ -25,7 +25,10 @@ package org.owasp.webgoat.password_reset; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import java.util.HashMap; | ||||
| import java.util.Map; | ||||
|  | ||||
| @ -2,7 +2,7 @@ package org.owasp.webgoat.password_reset; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.mockito.Mockito; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| @ -15,13 +15,13 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class SecurityQuestionAssignmentTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private PasswordReset passwordReset; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         Mockito.when(webSession.getCurrentLesson()).thenReturn(passwordReset); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -4,17 +4,14 @@ import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.session.WebSession; | ||||
| import org.springframework.beans.factory.annotation.Value; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.http.ResponseEntity; | ||||
| import org.springframework.util.FileCopyUtils; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
| import org.springframework.web.multipart.MultipartFile; | ||||
|  | ||||
| import java.io.File; | ||||
| import java.io.FileInputStream; | ||||
| import java.io.IOException; | ||||
| import java.util.Base64; | ||||
|  | ||||
| import static org.springframework.http.MediaType.ALL_VALUE; | ||||
| import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE; | ||||
|  | ||||
|  | ||||
| @ -5,7 +5,11 @@ import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.session.WebSession; | ||||
| import org.springframework.beans.factory.annotation.Value; | ||||
| import org.springframework.http.ResponseEntity; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
| import org.springframework.web.multipart.MultipartFile; | ||||
|  | ||||
| import static org.springframework.http.MediaType.ALL_VALUE; | ||||
|  | ||||
| @ -13,7 +13,11 @@ import org.springframework.http.ResponseEntity; | ||||
| import org.springframework.security.core.token.Sha512DigestUtils; | ||||
| import org.springframework.util.FileCopyUtils; | ||||
| import org.springframework.util.StringUtils; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.annotation.PostConstruct; | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
|  | ||||
| @ -1,29 +1,29 @@ | ||||
| package org.owasp.webgoat.path_traversal; | ||||
|  | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| import java.io.File; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.mockito.Mockito; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.mock.web.MockMultipartFile; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| import java.io.File; | ||||
|  | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class ProfileUploadFixTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private PathTraversal pathTraversal; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         Mockito.when(webSession.getCurrentLesson()).thenReturn(pathTraversal); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -1,29 +1,29 @@ | ||||
| package org.owasp.webgoat.path_traversal; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.mockito.Mockito; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.mock.web.MockMultipartFile; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
|  | ||||
| import java.io.File; | ||||
|  | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| import java.io.File; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class ProfileUploadRemoveUserInputTest extends LessonTest { | ||||
| 	 | ||||
|     @Autowired | ||||
|     private PathTraversal pathTraversal; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() {  | ||||
|         Mockito.when(webSession.getCurrentLesson()).thenReturn(pathTraversal); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -1,14 +1,14 @@ | ||||
| package org.owasp.webgoat.path_traversal; | ||||
|  | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.mockito.Mockito; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.security.core.token.Sha512DigestUtils; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.result.MockMvcResultHandlers; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
|  | ||||
| @ -20,15 +20,18 @@ import static org.hamcrest.CoreMatchers.is; | ||||
| import static org.hamcrest.Matchers.containsString; | ||||
| import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; | ||||
| import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class ProfileUploadRetrievalTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private PathTraversal pathTraversal; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         Mockito.when(webSession.getCurrentLesson()).thenReturn(pathTraversal); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -1,31 +1,29 @@ | ||||
| package org.owasp.webgoat.path_traversal; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.mockito.Mockito; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.mock.web.MockMultipartFile; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
| import org.springframework.test.web.servlet.result.MockMvcResultHandlers; | ||||
| import org.springframework.test.web.servlet.setup.MockMvcBuilders; | ||||
|  | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| import java.io.File; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class ProfileUploadTest extends LessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private PathTraversal pathTraversal; | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         Mockito.when(webSession.getCurrentLesson()).thenReturn(pathTraversal); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -58,13 +58,6 @@ | ||||
|             <classifier>tests</classifier> | ||||
|             <scope>test</scope> | ||||
|         </dependency> | ||||
|         <dependency> | ||||
|             <groupId>junit</groupId> | ||||
|             <artifactId>junit</artifactId> | ||||
|             <version>${junit.version}</version> | ||||
|             <type>jar</type> | ||||
|             <scope>test</scope> | ||||
|         </dependency> | ||||
|         <dependency> | ||||
|             <groupId>org.mockito</groupId> | ||||
|             <artifactId>mockito-core</artifactId> | ||||
|  | ||||
| @ -26,7 +26,10 @@ import com.nulabinc.zxcvbn.Strength; | ||||
| import com.nulabinc.zxcvbn.Zxcvbn; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import java.text.DecimalFormat; | ||||
| import java.text.DecimalFormatSymbols; | ||||
|  | ||||
| @ -33,7 +33,11 @@ import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.sql.DataSource; | ||||
| import java.sql.*; | ||||
| import java.sql.Connection; | ||||
| import java.sql.PreparedStatement; | ||||
| import java.sql.ResultSet; | ||||
| import java.sql.SQLException; | ||||
| import java.sql.Statement; | ||||
|  | ||||
| /** | ||||
|  * @author nbaars | ||||
|  | ||||
| @ -32,7 +32,11 @@ import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.sql.DataSource; | ||||
| import java.sql.*; | ||||
| import java.sql.Connection; | ||||
| import java.sql.ResultSet; | ||||
| import java.sql.ResultSetMetaData; | ||||
| import java.sql.SQLException; | ||||
| import java.sql.Statement; | ||||
|  | ||||
|  | ||||
| @RestController | ||||
|  | ||||
| @ -24,7 +24,11 @@ package org.owasp.webgoat.sql_injection.advanced; | ||||
|  | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import java.io.IOException; | ||||
|  | ||||
|  | ||||
| @ -32,9 +32,13 @@ import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.sql.DataSource; | ||||
| import java.sql.*; | ||||
| import java.sql.Connection; | ||||
| import java.sql.ResultSet; | ||||
| import java.sql.SQLException; | ||||
| import java.sql.Statement; | ||||
|  | ||||
| import static java.sql.ResultSet.*; | ||||
| import static java.sql.ResultSet.CONCUR_READ_ONLY; | ||||
| import static java.sql.ResultSet.TYPE_SCROLL_INSENSITIVE; | ||||
|  | ||||
|  | ||||
| @RestController | ||||
|  | ||||
| @ -31,7 +31,11 @@ import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.sql.DataSource; | ||||
| import java.sql.*; | ||||
| import java.sql.Connection; | ||||
| import java.sql.ResultSet; | ||||
| import java.sql.ResultSetMetaData; | ||||
| import java.sql.SQLException; | ||||
| import java.sql.Statement; | ||||
|  | ||||
|  | ||||
| @RestController | ||||
|  | ||||
| @ -33,7 +33,11 @@ import org.springframework.web.bind.annotation.RestController; | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import javax.sql.DataSource; | ||||
| import java.io.IOException; | ||||
| import java.sql.*; | ||||
| import java.sql.Connection; | ||||
| import java.sql.PreparedStatement; | ||||
| import java.sql.ResultSet; | ||||
| import java.sql.ResultSetMetaData; | ||||
| import java.sql.SQLException; | ||||
|  | ||||
|  | ||||
| @RestController | ||||
|  | ||||
| @ -32,11 +32,16 @@ import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.sql.DataSource; | ||||
| import java.sql.*; | ||||
| import java.sql.Connection; | ||||
| import java.sql.ResultSet; | ||||
| import java.sql.ResultSetMetaData; | ||||
| import java.sql.SQLException; | ||||
| import java.sql.Statement; | ||||
| import java.text.SimpleDateFormat; | ||||
| import java.util.Calendar; | ||||
|  | ||||
| import static java.sql.ResultSet.*; | ||||
| import static java.sql.ResultSet.CONCUR_UPDATABLE; | ||||
| import static java.sql.ResultSet.TYPE_SCROLL_SENSITIVE; | ||||
|  | ||||
| @RestController | ||||
| @AssignmentHints(value = {"SqlStringInjectionHint.8.1", "SqlStringInjectionHint.8.2", "SqlStringInjectionHint.8.3", "SqlStringInjectionHint.8.4", "SqlStringInjectionHint.8.5"}) | ||||
|  | ||||
| @ -24,16 +24,18 @@ package org.owasp.webgoat.sql_injection.mitigation; | ||||
|  | ||||
| import lombok.AllArgsConstructor; | ||||
| import lombok.Getter; | ||||
| import lombok.SneakyThrows; | ||||
| import lombok.extern.slf4j.Slf4j; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.GetMapping; | ||||
| import org.springframework.web.bind.annotation.RequestMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.sql.DataSource; | ||||
| import java.sql.Connection; | ||||
| import java.sql.PreparedStatement; | ||||
| import java.sql.ResultSet; | ||||
| import java.sql.SQLException; | ||||
| import java.util.ArrayList; | ||||
| import java.util.List; | ||||
|  | ||||
|  | ||||
| @ -25,9 +25,18 @@ package org.owasp.webgoat.sql_injection.mitigation; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentHints; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.PostMapping; | ||||
| import org.springframework.web.bind.annotation.RequestParam; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.tools.*; | ||||
| import javax.tools.Diagnostic; | ||||
| import javax.tools.DiagnosticCollector; | ||||
| import javax.tools.JavaCompiler; | ||||
| import javax.tools.JavaFileObject; | ||||
| import javax.tools.SimpleJavaFileObject; | ||||
| import javax.tools.StandardJavaFileManager; | ||||
| import javax.tools.ToolProvider; | ||||
| import java.io.IOException; | ||||
| import java.net.URI; | ||||
| import java.util.Arrays; | ||||
|  | ||||
| @ -22,7 +22,7 @@ | ||||
|  | ||||
| package org.owasp.webgoat.sql_injection; | ||||
|  | ||||
| import org.junit.Before; | ||||
| import org.junit.jupiter.api.BeforeEach; | ||||
| import org.owasp.webgoat.plugins.LessonTest; | ||||
| import org.owasp.webgoat.sql_injection.introduction.SqlInjection; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| @ -35,7 +35,7 @@ public class SqlLessonTest extends LessonTest { | ||||
|     @Autowired | ||||
|     private SqlInjection sql = new SqlInjection(); | ||||
|  | ||||
|     @Before | ||||
|     @BeforeEach | ||||
|     public void setup() { | ||||
|         when(webSession.getCurrentLesson()).thenReturn(sql); | ||||
|         this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); | ||||
|  | ||||
| @ -22,10 +22,10 @@ | ||||
|  | ||||
| package org.owasp.webgoat.sql_injection.introduction; | ||||
|  | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.sql_injection.SqlLessonTest; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
|  | ||||
| import static org.hamcrest.CoreMatchers.is; | ||||
| @ -36,7 +36,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. | ||||
|  * @author Benedikt Stuhrmann | ||||
|  * @since 11/07/18. | ||||
|  */ | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class SqlInjectionLesson10Test extends SqlLessonTest { | ||||
|  | ||||
|     private String completedError = "JSON path \"lessonCompleted\""; | ||||
|  | ||||
| @ -23,16 +23,16 @@ | ||||
| package org.owasp.webgoat.sql_injection.introduction; | ||||
|  | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.sql_injection.SqlLessonTest; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
|  | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class SqlInjectionLesson2Test extends SqlLessonTest { | ||||
|  | ||||
|     @Test | ||||
|  | ||||
| @ -22,35 +22,29 @@ | ||||
|  | ||||
| package org.owasp.webgoat.sql_injection.introduction; | ||||
|  | ||||
| import org.aspectj.lang.annotation.After; | ||||
| import org.hamcrest.CoreMatchers; | ||||
| import org.junit.After; | ||||
| import org.junit.Before; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.mockito.junit.MockitoJUnitRunner; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpointTest; | ||||
| import org.junit.jupiter.api.AfterEach; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.sql_injection.SqlLessonTest; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.web.servlet.MockMvc; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
|  | ||||
| import javax.sql.DataSource; | ||||
|  | ||||
| import java.sql.SQLException; | ||||
|  | ||||
| import static org.mockito.Mockito.when; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
| import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class SqlInjectionLesson5Test extends SqlLessonTest { | ||||
|  | ||||
|     @Autowired | ||||
|     private DataSource dataSource; | ||||
|  | ||||
|     @After | ||||
|     @AfterEach | ||||
|     public void removeGrant() throws SQLException { | ||||
|         dataSource.getConnection().prepareStatement("revoke select on grant_rights from unauthorized_user cascade").execute(); | ||||
|     } | ||||
|  | ||||
| @ -22,11 +22,11 @@ | ||||
|  | ||||
| package org.owasp.webgoat.sql_injection.introduction; | ||||
|  | ||||
| import org.junit.Ignore; | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.Disabled; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.sql_injection.SqlLessonTest; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
|  | ||||
| import static org.hamcrest.CoreMatchers.containsString; | ||||
| @ -34,7 +34,7 @@ import static org.hamcrest.CoreMatchers.is; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; | ||||
| import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; | ||||
|  | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class SqlInjectionLesson5aTest extends SqlLessonTest { | ||||
|  | ||||
|     @Test | ||||
| @ -49,7 +49,7 @@ public class SqlInjectionLesson5aTest extends SqlLessonTest { | ||||
|                 .andExpect(jsonPath("$.output", containsString("<p>USERID, FIRST_NAME"))); | ||||
|     } | ||||
|  | ||||
|     @Ignore | ||||
|     @Disabled | ||||
|     @Test | ||||
|     public void unknownAccount() throws Exception { | ||||
|         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/assignment5a") | ||||
|  | ||||
| @ -22,10 +22,10 @@ | ||||
|  | ||||
| package org.owasp.webgoat.sql_injection.introduction; | ||||
|  | ||||
| import org.junit.Test; | ||||
| import org.junit.runner.RunWith; | ||||
| import org.junit.jupiter.api.Test; | ||||
| import org.junit.jupiter.api.extension.ExtendWith; | ||||
| import org.owasp.webgoat.sql_injection.SqlLessonTest; | ||||
| import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; | ||||
|  | ||||
| import static org.hamcrest.Matchers.containsString; | ||||
| @ -37,7 +37,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. | ||||
|  * @author nbaars | ||||
|  * @since 6/15/17. | ||||
|  */ | ||||
| @RunWith(SpringJUnit4ClassRunner.class) | ||||
| @ExtendWith(SpringExtension.class) | ||||
| public class SqlInjectionLesson6aTest extends SqlLessonTest { | ||||
|  | ||||
|     @Test | ||||
|  | ||||
Some files were not shown because too many files have changed in this diff Show More
		Reference in New Issue
	
	Block a user