From cda852f4e81ab98b1f05dd500831a81cc00ca3f0 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Tue, 30 Mar 2021 17:50:55 +0200 Subject: [PATCH] Run unit tests again for all lessons and rewrite all to JUnit 5 Due to the migration to Spring Boot 2.4 the Vintage dependency was no longer included by default, resulting in skipping all unit tests. --- .../auth_bypass/BypassVerificationTest.java | 6 ++-- .../BypassRestrictionsFrontendValidation.java | 5 ++- ...assRestrictionsFrontendValidationTest.java | 18 +++++------ webgoat-lessons/challenge/pom.xml | 8 +---- .../org/owasp/webgoat/challenges/Flag.java | 16 +++++----- .../challenges/challenge1/Assignment1.java | 5 ++- .../challenges/challenge1/ImageServlet.java | 11 +++---- .../challenges/challenge7/Assignment7.java | 7 ++++- .../webgoat/challenges/challenge7/MD5.java | 3 +- .../webgoat/challenges/Assignment1Test.java | 21 ++++++------- .../chrome_dev_tools/NetworkDummy.java | 5 ++- .../chrome_dev_tools/NetworkLesson.java | 5 ++- .../chrome_dev_tools/ChromeDevToolsTest.java | 14 ++++----- .../java/org/owasp/webgoat/cia/CIAQuiz.java | 6 +++- .../org/owasp/webgoat/cia/CIAQuizTest.java | 12 +++---- .../ClientSideFilteringAssignment.java | 5 ++- .../ClientSideFilteringFreeAssignment.java | 5 ++- .../client_side_filtering/Salaries.java | 6 +++- .../ClientSideFilteringAssignmentTest.java | 12 +++---- ...ClientSideFilteringFreeAssignmentTest.java | 12 +++---- .../ShopEndpointTest.java | 14 ++++----- .../xss/CrossSiteScriptingLesson4.java | 7 +++-- .../xss/CrossSiteScriptingLesson5a.java | 5 ++- .../xss/CrossSiteScriptingLesson6a.java | 5 ++- .../webgoat/xss/CrossSiteScriptingQuiz.java | 6 +++- .../webgoat/xss/DOMCrossSiteScripting.java | 5 ++- .../xss/DOMCrossSiteScriptingVerifier.java | 5 ++- .../webgoat/xss/stored/StoredXssComments.java | 17 +++++++--- .../xss/DOMCrossSiteScriptingTest.java | 19 +++++------- .../webgoat/xss/StoredXssCommentsTest.java | 12 +++---- .../org/owasp/webgoat/crypto/CryptoUtil.java | 7 ++--- .../webgoat/crypto/EncodingAssignment.java | 9 +++--- .../webgoat/crypto/HashingAssignment.java | 13 ++++---- .../crypto/SecureDefaultsAssignment.java | 4 +-- .../webgoat/crypto/SigningAssignment.java | 16 +++++----- .../owasp/webgoat/crypto/CryptoUtilTest.java | 12 +++---- .../java/org/owasp/webgoat/csrf/CSRF.java | 3 -- .../org/owasp/webgoat/csrf/CSRFFeedback.java | 6 +++- .../org/owasp/webgoat/csrf/CSRFLogin.java | 5 ++- .../org/owasp/webgoat/csrf/ForgedReviews.java | 11 +++++-- .../owasp/webgoat/csrf/CSRFFeedbackTest.java | 12 +++---- webgoat-lessons/html-tampering/pom.xml | 8 +---- .../html_tampering/HtmlTamperingTask.java | 5 ++- .../webgoat/http_basics/HttpBasicsLesson.java | 5 ++- .../webgoat/http_basics/HttpBasicsQuiz.java | 8 ++--- webgoat-lessons/http-proxies/pom.xml | 9 ------ .../HttpBasicsInterceptRequest.java | 7 ++++- .../HttpBasicsInterceptRequestTest.java | 14 ++++----- .../webgoat/idor/IDORDiffAttributes.java | 5 ++- .../webgoat/idor/IDOREditOtherProfiile.java | 6 +++- .../org/owasp/webgoat/idor/IDORLogin.java | 6 ++-- .../webgoat/idor/IDORViewOwnProfile.java | 7 +++-- .../idor/IDORViewOwnProfileAltUrl.java | 5 ++- .../framework/VulnerableTaskHolder.java | 4 +-- .../deserialization/DeserializeTest.java | 23 +++++++------- webgoat-lessons/insecure-login/pom.xml | 8 ----- .../insecure_login/InsecureLoginTask.java | 5 ++- .../owasp/webgoat/jwt/JWTRefreshEndpoint.java | 19 ++++++++++-- .../webgoat/jwt/JWTSecretKeyEndpoint.java | 6 +++- .../owasp/webgoat/jwt/JWTVotesEndpoint.java | 9 +++++- .../org/owasp/webgoat/jwt/votes/Vote.java | 1 - .../webgoat/jwt/JWTDecodeEndpointTest.java | 12 +++---- .../webgoat/jwt/JWTFinalEndpointTest.java | 12 +++---- .../webgoat/jwt/JWTRefreshEndpointTest.java | 12 +++---- .../webgoat/jwt/JWTSecretKeyEndpointTest.java | 14 ++++----- .../webgoat/jwt/JWTVotesEndpointTest.java | 14 ++++----- .../java/org/owasp/webgoat/jwt/TokenTest.java | 9 ++++-- .../missing_ac/MissingFunctionACUsers.java | 3 +- .../webgoat/missing_ac/DisplayUserTest.java | 8 ++--- .../MissingFunctionACHiddenMenusTest.java | 13 ++++---- .../MissingFunctionACUsersTest.java | 12 +++---- .../MissingFunctionYourHashTest.java | 11 ++++--- .../password_reset/ResetLinkAssignment.java | 8 ++++- .../ResetLinkAssignmentForgotPassword.java | 7 +++-- .../SecurityQuestionAssignment.java | 5 ++- .../SecurityQuestionAssignmentTest.java | 6 ++-- .../webgoat/path_traversal/ProfileUpload.java | 13 +++----- .../path_traversal/ProfileUploadFix.java | 6 +++- .../ProfileUploadRetrieval.java | 6 +++- .../path_traversal/ProfileUploadFixTest.java | 22 ++++++------- .../ProfileUploadRemoveUserInputTest.java | 16 +++++----- .../ProfileUploadRetrievalTest.java | 17 +++++----- .../path_traversal/ProfileUploadTest.java | 20 ++++++------ webgoat-lessons/pom.xml | 7 ----- .../SecurePasswordsAssignment.java | 5 ++- .../advanced/SqlInjectionChallenge.java | 6 +++- .../advanced/SqlInjectionLesson6a.java | 6 +++- .../advanced/SqlInjectionQuiz.java | 6 +++- .../introduction/SqlInjectionLesson4.java | 8 +++-- .../introduction/SqlInjectionLesson5a.java | 6 +++- .../introduction/SqlInjectionLesson5b.java | 6 +++- .../introduction/SqlInjectionLesson8.java | 9 ++++-- .../sql_injection/mitigation/Servers.java | 8 +++-- .../mitigation/SqlInjectionLesson10b.java | 13 ++++++-- .../webgoat/sql_injection/SqlLessonTest.java | 4 +-- .../SqlInjectionLesson10Test.java | 8 ++--- .../introduction/SqlInjectionLesson2Test.java | 8 ++--- .../introduction/SqlInjectionLesson5Test.java | 20 +++++------- .../SqlInjectionLesson5aTest.java | 12 +++---- .../SqlInjectionLesson6aTest.java | 8 ++--- .../SqlInjectionLesson6bTest.java | 13 +++----- .../introduction/SqlInjectionLesson8Test.java | 8 ++--- .../introduction/SqlInjectionLesson9Test.java | 8 ++--- .../mitigation/SqlInjectionLesson13Test.java | 8 ++--- .../SqlOnlyInputValidationOnKeywordsTest.java | 8 ++--- .../SqlOnlyInputValidationTest.java | 8 ++--- webgoat-lessons/ssrf/pom.xml | 7 ----- .../org/owasp/webgoat/ssrf/SSRFTask2.java | 3 -- .../org/owasp/webgoat/ssrf/SSRFTest1.java | 13 ++++---- .../org/owasp/webgoat/ssrf/SSRFTest2.java | 13 ++++---- .../VulnerableComponentsLesson.java | 3 +- .../VulnerableComponentsLessonTest.java | 9 +++--- .../owasp/webgoat/template/SampleAttack.java | 7 ++++- .../webgoat/webwolf_introduction/Email.java | 1 - .../webgoat/xxe/BlindSendFileAssignment.java | 1 - .../java/org/owasp/webgoat/xxe/Comments.java | 10 ++++-- .../webgoat/xxe/ContentTypeAssignment.java | 10 ++++-- .../main/java/org/owasp/webgoat/xxe/Ping.java | 6 +++- .../java/org/owasp/webgoat/xxe/SimpleXXE.java | 6 ++-- .../xxe/BlindSendFileAssignmentTest.java | 31 +++++++++++-------- .../xxe/ContentTypeAssignmentTest.java | 14 ++++----- .../org/owasp/webgoat/xxe/SimpleXXETest.java | 13 ++++---- 122 files changed, 613 insertions(+), 508 deletions(-) diff --git a/webgoat-lessons/auth-bypass/src/test/org/owasp/webgoat/auth_bypass/BypassVerificationTest.java b/webgoat-lessons/auth-bypass/src/test/org/owasp/webgoat/auth_bypass/BypassVerificationTest.java index 1492e8195..2cf46c450 100644 --- a/webgoat-lessons/auth-bypass/src/test/org/owasp/webgoat/auth_bypass/BypassVerificationTest.java +++ b/webgoat-lessons/auth-bypass/src/test/org/owasp/webgoat/auth_bypass/BypassVerificationTest.java @@ -27,7 +27,7 @@ package org.owasp.webgoat.auth_bypass; import org.hamcrest.CoreMatchers; import org.junit.Before; -import org.junit.Test; +import org.junit.jupiter.api.Test; import org.junit.runner.RunWith; import org.mockito.runners.MockitoJUnitRunner; import org.owasp.webgoat.assignments.AssignmentEndpointTest; @@ -43,12 +43,12 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; -@RunWith(MockitoJUnitRunner.class) +@ExtendWith(MockitoExtension.class) public class BypassVerificationTest extends AssignmentEndpointTest { private MockMvc mockMvc; - @Before + @BeforeEach public void setup() { VerifyAccount verifyAccount = new VerifyAccount(); init(verifyAccount); diff --git a/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidation.java b/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidation.java index 212ee9133..dceb19f98 100644 --- a/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidation.java +++ b/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidation.java @@ -24,7 +24,10 @@ package org.owasp.webgoat.bypass_restrictions; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AttackResult; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; @RestController public class BypassRestrictionsFrontendValidation extends AssignmentEndpoint { diff --git a/webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java b/webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java index 6cc54799c..959465030 100644 --- a/webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java +++ b/webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java @@ -1,11 +1,11 @@ package org.owasp.webgoat.bypass_restrictions; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.plugins.LessonTest; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -18,20 +18,20 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @author nbaars * @since 6/16/17. */ -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class BypassRestrictionsFrontendValidationTest extends LessonTest { @Autowired private BypassRestrictions bypassRestrictions; - @Before + @BeforeEach public void setup() { when(webSession.getCurrentLesson()).thenReturn(bypassRestrictions); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); } @Test - public void noChangesShouldNotPassTheLesson() throws Exception { + void noChangesShouldNotPassTheLesson() throws Exception { mockMvc.perform(MockMvcRequestBuilders.post("/BypassRestrictions/frontendValidation") .param("field1", "abc") .param("field2", "123") @@ -45,7 +45,7 @@ public class BypassRestrictionsFrontendValidationTest extends LessonTest { } @Test - public void bypassAllFieldShouldPass() throws Exception { + void bypassAllFieldShouldPass() throws Exception { mockMvc.perform(MockMvcRequestBuilders.post("/BypassRestrictions/frontendValidation") .param("field1", "abcd") .param("field2", "1234") @@ -59,7 +59,7 @@ public class BypassRestrictionsFrontendValidationTest extends LessonTest { } @Test - public void notBypassingAllFieldShouldNotPass() throws Exception { + void notBypassingAllFieldShouldNotPass() throws Exception { mockMvc.perform(MockMvcRequestBuilders.post("/BypassRestrictions/frontendValidation") .param("field1", "abc") .param("field2", "1234") diff --git a/webgoat-lessons/challenge/pom.xml b/webgoat-lessons/challenge/pom.xml index 9f064f853..accce8025 100644 --- a/webgoat-lessons/challenge/pom.xml +++ b/webgoat-lessons/challenge/pom.xml @@ -27,12 +27,6 @@ 4.1.3.RELEASE test - - junit - junit - ${junit.version} - jar - test - + diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/Flag.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/Flag.java index 3d20545f1..77761697f 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/Flag.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/Flag.java @@ -22,13 +22,8 @@ package org.owasp.webgoat.challenges; -import java.util.HashMap; -import java.util.Map; -import java.util.UUID; -import java.util.stream.IntStream; - -import javax.annotation.PostConstruct; - +import lombok.AllArgsConstructor; +import lombok.Getter; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.session.WebSession; @@ -42,8 +37,11 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; -import lombok.AllArgsConstructor; -import lombok.Getter; +import javax.annotation.PostConstruct; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; +import java.util.stream.IntStream; /** * @author nbaars diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Assignment1.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Assignment1.java index 305ce1b2e..7966972d0 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Assignment1.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Assignment1.java @@ -4,7 +4,10 @@ import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.challenges.Flag; import org.springframework.util.StringUtils; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/ImageServlet.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/ImageServlet.java index a8b1165d8..593c51047 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/ImageServlet.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/ImageServlet.java @@ -1,17 +1,16 @@ package org.owasp.webgoat.challenges.challenge1; -import java.io.IOException; -import java.security.SecureRandom; +import org.springframework.core.io.ClassPathResource; +import org.springframework.http.MediaType; +import org.springframework.util.FileCopyUtils; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - -import org.springframework.core.io.ClassPathResource; -import org.springframework.http.MediaType; -import org.springframework.util.FileCopyUtils; +import java.io.IOException; +import java.security.SecureRandom; @WebServlet(name = "ImageServlet", urlPatterns = "/challenge/logo") public class ImageServlet extends HttpServlet { diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Assignment7.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Assignment7.java index a1276a559..5c1ee1fa5 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Assignment7.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Assignment7.java @@ -12,7 +12,12 @@ import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.util.StringUtils; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import org.springframework.web.client.RestTemplate; import javax.servlet.http.HttpServletRequest; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java index 7611570ea..543bce623 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java @@ -1,12 +1,11 @@ package org.owasp.webgoat.challenges.challenge7; +import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; -import java.io.*; - /** * MD5 hash generator. * More information about this class is available from 4.1.3.RELEASE test - - junit - junit - ${junit.version} - jar - test - + diff --git a/webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTamperingTask.java b/webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTamperingTask.java index f292c336b..4f4a04f56 100644 --- a/webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTamperingTask.java +++ b/webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTamperingTask.java @@ -25,7 +25,10 @@ package org.owasp.webgoat.html_tampering; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AttackResult; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; @RestController @AssignmentHints({"hint1", "hint2", "hint3"}) diff --git a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsLesson.java b/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsLesson.java index ac935c5f8..589636325 100644 --- a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsLesson.java +++ b/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsLesson.java @@ -25,7 +25,10 @@ package org.owasp.webgoat.http_basics; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AttackResult; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; @RestController @AssignmentHints({"http-basics.hints.http_basics_lesson.1"}) diff --git a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsQuiz.java b/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsQuiz.java index 695991856..8c9977fc2 100644 --- a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsQuiz.java +++ b/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsQuiz.java @@ -26,10 +26,10 @@ import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AssignmentPath; import org.owasp.webgoat.assignments.AttackResult; -import org.springframework.web.bind.annotation.*; - -import javax.servlet.http.HttpServletRequest; -import java.io.IOException; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; @RestController @AssignmentHints({"http-basics.hints.http_basic_quiz.1", "http-basics.hints.http_basic_quiz.2"}) diff --git a/webgoat-lessons/http-proxies/pom.xml b/webgoat-lessons/http-proxies/pom.xml index 1b0a2ef54..e17527af8 100644 --- a/webgoat-lessons/http-proxies/pom.xml +++ b/webgoat-lessons/http-proxies/pom.xml @@ -18,17 +18,8 @@ org.springframework.security spring-security-test - 4.1.3.RELEASE test - - junit - junit - ${junit.version} - jar - test - - diff --git a/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequest.java b/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequest.java index a766b3f39..d6c8f0206 100644 --- a/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequest.java +++ b/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequest.java @@ -25,7 +25,12 @@ package org.owasp.webgoat.http_proxies; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AttackResult; import org.springframework.http.HttpMethod; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.RequestHeader; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; diff --git a/webgoat-lessons/http-proxies/src/test/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequestTest.java b/webgoat-lessons/http-proxies/src/test/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequestTest.java index 663ba45ec..564fb0267 100644 --- a/webgoat-lessons/http-proxies/src/test/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequestTest.java +++ b/webgoat-lessons/http-proxies/src/test/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequestTest.java @@ -23,26 +23,24 @@ package org.owasp.webgoat.http_proxies; import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.junit.MockitoJUnitRunner; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.junit.jupiter.MockitoExtension; import org.owasp.webgoat.assignments.AssignmentEndpointTest; -import org.owasp.webgoat.http_proxies.HttpBasicsInterceptRequest; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; -@RunWith(MockitoJUnitRunner.class) +@ExtendWith(MockitoExtension.class) public class HttpBasicsInterceptRequestTest extends AssignmentEndpointTest { private MockMvc mockMvc; - @Before + @BeforeEach public void setup() { HttpBasicsInterceptRequest httpBasicsInterceptRequest = new HttpBasicsInterceptRequest(); init(httpBasicsInterceptRequest); diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORDiffAttributes.java b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORDiffAttributes.java index 5b6042f2f..d1d6d26c4 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORDiffAttributes.java +++ b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORDiffAttributes.java @@ -25,7 +25,10 @@ package org.owasp.webgoat.idor; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AttackResult; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; @RestController @AssignmentHints({"idor.hints.idorDiffAttributes1", "idor.hints.idorDiffAttributes2", "idor.hints.idorDiffAttributes3"}) diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java index 133e832de..ee00894ab 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java +++ b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java @@ -27,7 +27,11 @@ import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; @RestController @AssignmentHints({"idor.hints.otherProfile1", "idor.hints.otherProfile2", "idor.hints.otherProfile3", "idor.hints.otherProfile4", "idor.hints.otherProfile5", "idor.hints.otherProfile6", "idor.hints.otherProfile7", "idor.hints.otherProfile8", "idor.hints.otherProfile9"}) diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORLogin.java b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORLogin.java index 7e0dd7ff0..813b16e87 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORLogin.java +++ b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORLogin.java @@ -25,9 +25,11 @@ package org.owasp.webgoat.idor; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AttackResult; - import org.owasp.webgoat.session.UserSessionData; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import java.util.HashMap; import java.util.Map; diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java index d460a921a..6eedf0024 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java +++ b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java @@ -23,11 +23,12 @@ package org.owasp.webgoat.idor; +import lombok.extern.slf4j.Slf4j; import org.owasp.webgoat.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.*; - -import lombok.extern.slf4j.Slf4j; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import java.util.HashMap; import java.util.Map; diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfileAltUrl.java b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfileAltUrl.java index bc2331090..0501a6c14 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfileAltUrl.java +++ b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfileAltUrl.java @@ -28,7 +28,10 @@ import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; @RestController @AssignmentHints({"idor.hints.ownProfileAltUrl1", "idor.hints.ownProfileAltUrl2", "idor.hints.ownProfileAltUrl3"}) diff --git a/webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java b/webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java index 473336e87..00325eb93 100644 --- a/webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java +++ b/webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java @@ -1,5 +1,7 @@ package org.dummy.insecure.framework; +import lombok.extern.slf4j.Slf4j; + import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; @@ -7,8 +9,6 @@ import java.io.ObjectInputStream; import java.io.Serializable; import java.time.LocalDateTime; -import lombok.extern.slf4j.Slf4j; - @Slf4j public class VulnerableTaskHolder implements Serializable { diff --git a/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java b/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java index 765a9e8ce..9a2ecec94 100644 --- a/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java +++ b/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java @@ -1,29 +1,28 @@ package org.owasp.webgoat.deserialization; -import static org.hamcrest.Matchers.is; -import static org.mockito.Mockito.when; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; - import org.dummy.insecure.framework.VulnerableTaskHolder; import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.junit.MockitoJUnitRunner; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.junit.jupiter.MockitoExtension; import org.owasp.webgoat.assignments.AssignmentEndpointTest; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -@RunWith(MockitoJUnitRunner.class) +import static org.hamcrest.Matchers.is; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; + +@ExtendWith(MockitoExtension.class) public class DeserializeTest extends AssignmentEndpointTest { private MockMvc mockMvc; private static String OS = System.getProperty("os.name").toLowerCase(); - @Before + @BeforeEach public void setup() { InsecureDeserializationTask insecureTask = new InsecureDeserializationTask(); init(insecureTask); diff --git a/webgoat-lessons/insecure-login/pom.xml b/webgoat-lessons/insecure-login/pom.xml index 6efd8b3b9..5c4dd18b6 100755 --- a/webgoat-lessons/insecure-login/pom.xml +++ b/webgoat-lessons/insecure-login/pom.xml @@ -21,14 +21,6 @@ 4.1.3.RELEASE test - - junit - junit - ${junit.version} - jar - test - - diff --git a/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLoginTask.java b/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLoginTask.java index 4619b97e1..10cb2bc72 100644 --- a/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLoginTask.java +++ b/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLoginTask.java @@ -24,7 +24,10 @@ package org.owasp.webgoat.insecure_login; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AttackResult; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; @RestController public class InsecureLoginTask extends AssignmentEndpoint { diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java index 39b63c326..27ea4c610 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java +++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java @@ -22,7 +22,12 @@ package org.owasp.webgoat.jwt; -import io.jsonwebtoken.*; +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.ExpiredJwtException; +import io.jsonwebtoken.Header; +import io.jsonwebtoken.Jwt; +import io.jsonwebtoken.JwtException; +import io.jsonwebtoken.Jwts; import org.apache.commons.lang3.RandomStringUtils; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentHints; @@ -30,9 +35,17 @@ import org.owasp.webgoat.assignments.AttackResult; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestHeader; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; -import java.util.*; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; import java.util.concurrent.TimeUnit; import static org.springframework.http.ResponseEntity.ok; diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java index a06dc6b05..8fece23b2 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java +++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java @@ -31,7 +31,11 @@ import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AttackResult; import org.springframework.http.MediaType; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import java.time.Instant; import java.util.Calendar; diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java index cf36551bb..b4384c8b9 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java +++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java @@ -37,7 +37,14 @@ import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.http.converter.json.MappingJacksonValue; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.CookieValue; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.ResponseStatus; +import org.springframework.web.bind.annotation.RestController; import javax.annotation.PostConstruct; import javax.servlet.http.Cookie; diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/votes/Vote.java b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/votes/Vote.java index 54ae78e74..3ec4bca7a 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/votes/Vote.java +++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/votes/Vote.java @@ -24,7 +24,6 @@ package org.owasp.webgoat.jwt.votes; import com.fasterxml.jackson.annotation.JsonView; import lombok.Getter; -import lombok.Setter; /** * @author nbaars diff --git a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTDecodeEndpointTest.java b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTDecodeEndpointTest.java index c838833d2..3119c97cd 100644 --- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTDecodeEndpointTest.java +++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTDecodeEndpointTest.java @@ -1,11 +1,11 @@ package org.owasp.webgoat.jwt; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.plugins.LessonTest; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -14,13 +14,13 @@ import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class JWTDecodeEndpointTest extends LessonTest { @Autowired private JWT jwt; - @Before + @BeforeEach public void setup() { when(webSession.getCurrentLesson()).thenReturn(jwt); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java index 379c402b5..f09693c71 100644 --- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java +++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java @@ -2,12 +2,12 @@ package org.owasp.webgoat.jwt; import io.jsonwebtoken.Jwts; import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.plugins.LessonTest; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -21,7 +21,7 @@ import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class JWTFinalEndpointTest extends LessonTest { private static final String TOKEN_JERRY = "eyJraWQiOiJ3ZWJnb2F0X2tleSIsImFsZyI6IkhTNTEyIn0.eyJhdWQiOiJ3ZWJnb2F0Lm9yZyIsImVtYWlsIjoiamVycnlAd2ViZ29hdC5jb20iLCJ1c2VybmFtZSI6IkplcnJ5In0.xBc5FFwaOcuxjdr_VJ16n8Jb7vScuaZulNTl66F2MWF1aBe47QsUosvbjWGORNcMPiPNwnMu1Yb0WZVNrp2ZXA"; @@ -32,7 +32,7 @@ public class JWTFinalEndpointTest extends LessonTest { @Autowired private JWTFinalEndpoint jwtFinalEndpoint; - @Before + @BeforeEach public void setup() { when(webSession.getCurrentLesson()).thenReturn(jwt); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java index 0b66fb49b..f80cf95e5 100644 --- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java +++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java @@ -24,13 +24,13 @@ package org.owasp.webgoat.jwt; import com.fasterxml.jackson.databind.ObjectMapper; import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.plugins.LessonTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -44,13 +44,13 @@ import static org.owasp.webgoat.jwt.JWTRefreshEndpoint.PASSWORD; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class JWTRefreshEndpointTest extends LessonTest { @Autowired private JWT jwt; - @Before + @BeforeEach public void setup() { when(webSession.getCurrentLesson()).thenReturn(jwt); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java index 13f6d9ae3..955dfff18 100644 --- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java +++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java @@ -25,12 +25,12 @@ package org.owasp.webgoat.jwt; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.plugins.LessonTest; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -38,20 +38,20 @@ import java.time.Duration; import java.time.Instant; import java.util.Date; -import static io.jsonwebtoken.SignatureAlgorithm.*; +import static io.jsonwebtoken.SignatureAlgorithm.HS512; import static org.hamcrest.Matchers.is; import static org.mockito.Mockito.when; import static org.owasp.webgoat.jwt.JWTSecretKeyEndpoint.JWT_SECRET; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class JWTSecretKeyEndpointTest extends LessonTest { @Autowired private JWT jwt; - @Before + @BeforeEach public void setup() { when(webSession.getCurrentLesson()).thenReturn(jwt); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java index 04d3031fd..af14f4ebd 100644 --- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java +++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java @@ -26,19 +26,18 @@ import com.fasterxml.jackson.databind.ObjectMapper; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.plugins.LessonTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; import javax.servlet.http.Cookie; - import java.util.Map; import static org.assertj.core.api.Assertions.assertThat; @@ -46,18 +45,17 @@ import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.is; import static org.mockito.Mockito.when; import static org.owasp.webgoat.jwt.JWTVotesEndpoint.JWT_PASSWORD; -import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.cookie; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class JWTVotesEndpointTest extends LessonTest { @Autowired private JWT jwt; - @Before + @BeforeEach public void setup() { when(webSession.getCurrentLesson()).thenReturn(jwt); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/TokenTest.java b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/TokenTest.java index 5ee4f045f..9e1b13dbe 100644 --- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/TokenTest.java +++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/TokenTest.java @@ -22,11 +22,14 @@ package org.owasp.webgoat.jwt; -import io.jsonwebtoken.*; +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.JwsHeader; +import io.jsonwebtoken.Jwt; +import io.jsonwebtoken.Jwts; +import io.jsonwebtoken.SigningKeyResolverAdapter; import io.jsonwebtoken.impl.TextCodec; import lombok.extern.slf4j.Slf4j; - -import org.junit.Test; +import org.junit.jupiter.api.Test; import java.time.Duration; import java.time.Instant; diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java b/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java index abf58a370..d1be78d4c 100644 --- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java +++ b/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java @@ -22,6 +22,7 @@ package org.owasp.webgoat.missing_ac; +import lombok.extern.slf4j.Slf4j; import org.owasp.webgoat.users.UserService; import org.owasp.webgoat.users.WebGoatUser; import org.springframework.beans.factory.annotation.Autowired; @@ -32,8 +33,6 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.servlet.ModelAndView; -import lombok.extern.slf4j.Slf4j; - import javax.servlet.http.HttpServletRequest; import java.util.ArrayList; import java.util.List; diff --git a/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/DisplayUserTest.java b/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/DisplayUserTest.java index 7b161c20c..2b10d7b75 100644 --- a/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/DisplayUserTest.java +++ b/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/DisplayUserTest.java @@ -22,12 +22,12 @@ package org.owasp.webgoat.missing_ac; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.junit.MockitoJUnitRunner; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.junit.jupiter.MockitoExtension; import org.owasp.webgoat.users.WebGoatUser; -@RunWith(MockitoJUnitRunner.class) +@ExtendWith(MockitoExtension.class) public class DisplayUserTest { @Test diff --git a/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenusTest.java b/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenusTest.java index 1ad571dea..3ce8340b3 100644 --- a/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenusTest.java +++ b/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenusTest.java @@ -23,24 +23,23 @@ package org.owasp.webgoat.missing_ac; import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.junit.MockitoJUnitRunner; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.junit.jupiter.MockitoExtension; import org.owasp.webgoat.assignments.AssignmentEndpointTest; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; -@RunWith(MockitoJUnitRunner.class) +@ExtendWith(MockitoExtension.class) public class MissingFunctionACHiddenMenusTest extends AssignmentEndpointTest { private MockMvc mockMvc; - @Before + @BeforeEach public void setup() { MissingFunctionACHiddenMenus hiddenMenus = new MissingFunctionACHiddenMenus(); init(hiddenMenus); diff --git a/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsersTest.java b/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsersTest.java index b621157e7..0046c6c79 100644 --- a/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsersTest.java +++ b/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsersTest.java @@ -23,11 +23,11 @@ package org.owasp.webgoat.missing_ac; import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mock; -import org.mockito.junit.MockitoJUnitRunner; +import org.mockito.junit.jupiter.MockitoExtension; import org.owasp.webgoat.users.UserService; import org.owasp.webgoat.users.WebGoatUser; import org.springframework.test.util.ReflectionTestUtils; @@ -42,13 +42,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; -@RunWith(MockitoJUnitRunner.class) +@ExtendWith(MockitoExtension.class) public class MissingFunctionACUsersTest { private MockMvc mockMvc; @Mock private UserService userService; - @Before + @BeforeEach public void setup() { MissingFunctionACUsers usersController = new MissingFunctionACUsers(); this.mockMvc = standaloneSetup(usersController).build(); diff --git a/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionYourHashTest.java b/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionYourHashTest.java index 2f2150c85..f39077ffb 100644 --- a/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionYourHashTest.java +++ b/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionYourHashTest.java @@ -23,11 +23,12 @@ package org.owasp.webgoat.missing_ac; import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mock; import org.mockito.junit.MockitoJUnitRunner; +import org.mockito.junit.jupiter.MockitoExtension; import org.owasp.webgoat.assignments.AssignmentEndpointTest; import org.owasp.webgoat.users.UserService; import org.owasp.webgoat.users.WebGoatUser; @@ -41,7 +42,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; -@RunWith(MockitoJUnitRunner.Silent.class) +@ExtendWith(MockitoExtension.class) public class MissingFunctionYourHashTest extends AssignmentEndpointTest { private MockMvc mockMvc; private DisplayUser mockDisplayUser; @@ -49,7 +50,7 @@ public class MissingFunctionYourHashTest extends AssignmentEndpointTest { @Mock protected UserService userService; - @Before + @BeforeEach public void setUp() { MissingFunctionACYourHash yourHashTest = new MissingFunctionACYourHash(); init(yourHashTest); diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java index 6122a855f..7283f68aa 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java +++ b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java @@ -29,7 +29,13 @@ import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.password_reset.resetlink.PasswordChangeForm; import org.springframework.ui.Model; import org.springframework.validation.BindingResult; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.ModelAttribute; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import org.springframework.web.servlet.ModelAndView; import java.util.ArrayList; diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java index e299e9e89..6c0e54f33 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java +++ b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java @@ -28,13 +28,16 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import org.springframework.web.client.RestTemplate; import javax.servlet.http.HttpServletRequest; import java.util.UUID; -import static org.springframework.util.StringUtils.*; +import static org.springframework.util.StringUtils.hasText; /** * Part of the password reset assignment. Used to send the e-mail. diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignment.java b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignment.java index 0dc2e534d..551a8f7b8 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignment.java +++ b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignment.java @@ -25,7 +25,10 @@ package org.owasp.webgoat.password_reset; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AttackResult; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import java.util.HashMap; import java.util.Map; diff --git a/webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java b/webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java index d4e65990b..646d90870 100644 --- a/webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java +++ b/webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java @@ -2,7 +2,7 @@ package org.owasp.webgoat.password_reset; import org.hamcrest.CoreMatchers; import org.junit.Before; -import org.junit.Test; +import org.junit.jupiter.api.Test; import org.junit.runner.RunWith; import org.mockito.Mockito; import org.owasp.webgoat.plugins.LessonTest; @@ -15,13 +15,13 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SecurityQuestionAssignmentTest extends LessonTest { @Autowired private PasswordReset passwordReset; - @Before + @BeforeEach public void setup() { Mockito.when(webSession.getCurrentLesson()).thenReturn(passwordReset); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUpload.java b/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUpload.java index 5ebcb77e1..67eac2277 100644 --- a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUpload.java +++ b/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUpload.java @@ -4,17 +4,14 @@ import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.session.WebSession; import org.springframework.beans.factory.annotation.Value; -import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; -import org.springframework.util.FileCopyUtils; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import org.springframework.web.multipart.MultipartFile; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.util.Base64; - import static org.springframework.http.MediaType.ALL_VALUE; import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE; diff --git a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadFix.java b/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadFix.java index ee9add857..f828dbfb1 100644 --- a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadFix.java +++ b/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadFix.java @@ -5,7 +5,11 @@ import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.session.WebSession; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import org.springframework.web.multipart.MultipartFile; import static org.springframework.http.MediaType.ALL_VALUE; diff --git a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrieval.java b/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrieval.java index 44f71073a..611798951 100644 --- a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrieval.java +++ b/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrieval.java @@ -13,7 +13,11 @@ import org.springframework.http.ResponseEntity; import org.springframework.security.core.token.Sha512DigestUtils; import org.springframework.util.FileCopyUtils; import org.springframework.util.StringUtils; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import javax.annotation.PostConstruct; import javax.servlet.http.HttpServletRequest; diff --git a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadFixTest.java b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadFixTest.java index 2b2edddbf..11312be69 100644 --- a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadFixTest.java +++ b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadFixTest.java @@ -1,29 +1,29 @@ package org.owasp.webgoat.path_traversal; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; - -import java.io.File; - import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mockito; import org.owasp.webgoat.plugins.LessonTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockMultipartFile; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; -@RunWith(SpringJUnit4ClassRunner.class) +import java.io.File; + +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +@ExtendWith(SpringExtension.class) public class ProfileUploadFixTest extends LessonTest { @Autowired private PathTraversal pathTraversal; - @Before + @BeforeEach public void setup() { Mockito.when(webSession.getCurrentLesson()).thenReturn(pathTraversal); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInputTest.java b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInputTest.java index 8a68c0030..541f1625b 100644 --- a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInputTest.java +++ b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInputTest.java @@ -1,29 +1,29 @@ package org.owasp.webgoat.path_traversal; import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mockito; import org.owasp.webgoat.plugins.LessonTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockMultipartFile; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; +import java.io.File; + import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -import java.io.File; - -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class ProfileUploadRemoveUserInputTest extends LessonTest { @Autowired private PathTraversal pathTraversal; - @Before + @BeforeEach public void setup() { Mockito.when(webSession.getCurrentLesson()).thenReturn(pathTraversal); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java index 7ed5da2f2..08e72941c 100644 --- a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java +++ b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java @@ -1,14 +1,14 @@ package org.owasp.webgoat.path_traversal; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mockito; import org.owasp.webgoat.plugins.LessonTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.security.core.token.Sha512DigestUtils; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.result.MockMvcResultHandlers; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -20,15 +20,18 @@ import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.Matchers.containsString; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class ProfileUploadRetrievalTest extends LessonTest { @Autowired private PathTraversal pathTraversal; - @Before + @BeforeEach public void setup() { Mockito.when(webSession.getCurrentLesson()).thenReturn(pathTraversal); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadTest.java b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadTest.java index 7fd57a572..2389a1157 100644 --- a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadTest.java +++ b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadTest.java @@ -1,31 +1,29 @@ package org.owasp.webgoat.path_traversal; import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mockito; import org.owasp.webgoat.plugins.LessonTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockMultipartFile; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -import org.springframework.test.web.servlet.result.MockMvcResultHandlers; import org.springframework.test.web.servlet.setup.MockMvcBuilders; -import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; - import java.io.File; -@RunWith(SpringJUnit4ClassRunner.class) +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +@ExtendWith(SpringExtension.class) public class ProfileUploadTest extends LessonTest { @Autowired private PathTraversal pathTraversal; - @Before + @BeforeEach public void setup() { Mockito.when(webSession.getCurrentLesson()).thenReturn(pathTraversal); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/pom.xml b/webgoat-lessons/pom.xml index 1974f8be4..c1ab7af78 100644 --- a/webgoat-lessons/pom.xml +++ b/webgoat-lessons/pom.xml @@ -58,13 +58,6 @@ tests test - - junit - junit - ${junit.version} - jar - test - org.mockito mockito-core diff --git a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java b/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java index 24bbf5bf2..ed8d0d3a1 100644 --- a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java +++ b/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java @@ -26,7 +26,10 @@ import com.nulabinc.zxcvbn.Strength; import com.nulabinc.zxcvbn.Zxcvbn; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AttackResult; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import java.text.DecimalFormat; import java.text.DecimalFormatSymbols; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java index c2f4f6699..5b46aa5b9 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java @@ -33,7 +33,11 @@ import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; import javax.sql.DataSource; -import java.sql.*; +import java.sql.Connection; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; /** * @author nbaars diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java index 7220fee56..e83f945f1 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java @@ -32,7 +32,11 @@ import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; import javax.sql.DataSource; -import java.sql.*; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.ResultSetMetaData; +import java.sql.SQLException; +import java.sql.Statement; @RestController diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionQuiz.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionQuiz.java index 9a7495550..49ec417b8 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionQuiz.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionQuiz.java @@ -24,7 +24,11 @@ package org.owasp.webgoat.sql_injection.advanced; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AttackResult; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import java.io.IOException; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java index e0e8286f0..95aaf1457 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java @@ -32,9 +32,13 @@ import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; import javax.sql.DataSource; -import java.sql.*; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; -import static java.sql.ResultSet.*; +import static java.sql.ResultSet.CONCUR_READ_ONLY; +import static java.sql.ResultSet.TYPE_SCROLL_INSENSITIVE; @RestController diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java index dab42a601..810e13608 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java @@ -31,7 +31,11 @@ import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; import javax.sql.DataSource; -import java.sql.*; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.ResultSetMetaData; +import java.sql.SQLException; +import java.sql.Statement; @RestController diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java index bec04145a..37dec57de 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java @@ -33,7 +33,11 @@ import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; import javax.sql.DataSource; import java.io.IOException; -import java.sql.*; +import java.sql.Connection; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.ResultSetMetaData; +import java.sql.SQLException; @RestController diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java index f05b27cdd..8387e2683 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java @@ -32,11 +32,16 @@ import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; import javax.sql.DataSource; -import java.sql.*; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.ResultSetMetaData; +import java.sql.SQLException; +import java.sql.Statement; import java.text.SimpleDateFormat; import java.util.Calendar; -import static java.sql.ResultSet.*; +import static java.sql.ResultSet.CONCUR_UPDATABLE; +import static java.sql.ResultSet.TYPE_SCROLL_SENSITIVE; @RestController @AssignmentHints(value = {"SqlStringInjectionHint.8.1", "SqlStringInjectionHint.8.2", "SqlStringInjectionHint.8.3", "SqlStringInjectionHint.8.4", "SqlStringInjectionHint.8.5"}) diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java index 1e9ca3be9..2d9befef6 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java @@ -24,16 +24,18 @@ package org.owasp.webgoat.sql_injection.mitigation; import lombok.AllArgsConstructor; import lombok.Getter; -import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; import org.springframework.http.MediaType; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import javax.sql.DataSource; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; -import java.sql.SQLException; import java.util.ArrayList; import java.util.List; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10b.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10b.java index 87f48b06c..ef608e669 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10b.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10b.java @@ -25,9 +25,18 @@ package org.owasp.webgoat.sql_injection.mitigation; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AttackResult; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; -import javax.tools.*; +import javax.tools.Diagnostic; +import javax.tools.DiagnosticCollector; +import javax.tools.JavaCompiler; +import javax.tools.JavaFileObject; +import javax.tools.SimpleJavaFileObject; +import javax.tools.StandardJavaFileManager; +import javax.tools.ToolProvider; import java.io.IOException; import java.net.URI; import java.util.Arrays; diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/SqlLessonTest.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/SqlLessonTest.java index dca11f7b5..9aa497ec0 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/SqlLessonTest.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/SqlLessonTest.java @@ -22,7 +22,7 @@ package org.owasp.webgoat.sql_injection; -import org.junit.Before; +import org.junit.jupiter.api.BeforeEach; import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.sql_injection.introduction.SqlInjection; import org.springframework.beans.factory.annotation.Autowired; @@ -35,7 +35,7 @@ public class SqlLessonTest extends LessonTest { @Autowired private SqlInjection sql = new SqlInjection(); - @Before + @BeforeEach public void setup() { when(webSession.getCurrentLesson()).thenReturn(sql); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10Test.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10Test.java index 6eaca4a5c..f653b4107 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10Test.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10Test.java @@ -22,10 +22,10 @@ package org.owasp.webgoat.sql_injection.introduction; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.sql_injection.SqlLessonTest; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import static org.hamcrest.CoreMatchers.is; @@ -36,7 +36,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @author Benedikt Stuhrmann * @since 11/07/18. */ -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SqlInjectionLesson10Test extends SqlLessonTest { private String completedError = "JSON path \"lessonCompleted\""; diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2Test.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2Test.java index 083ea8d6d..99bf74fde 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2Test.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2Test.java @@ -23,16 +23,16 @@ package org.owasp.webgoat.sql_injection.introduction; import org.hamcrest.CoreMatchers; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.sql_injection.SqlLessonTest; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SqlInjectionLesson2Test extends SqlLessonTest { @Test diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5Test.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5Test.java index ad0296714..35f89a072 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5Test.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5Test.java @@ -22,35 +22,29 @@ package org.owasp.webgoat.sql_injection.introduction; +import org.aspectj.lang.annotation.After; import org.hamcrest.CoreMatchers; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.junit.MockitoJUnitRunner; -import org.owasp.webgoat.assignments.AssignmentEndpointTest; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.sql_injection.SqlLessonTest; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import javax.sql.DataSource; - import java.sql.SQLException; -import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SqlInjectionLesson5Test extends SqlLessonTest { @Autowired private DataSource dataSource; - @After + @AfterEach public void removeGrant() throws SQLException { dataSource.getConnection().prepareStatement("revoke select on grant_rights from unauthorized_user cascade").execute(); } diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java index 7384c93d3..723e6e855 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java @@ -22,11 +22,11 @@ package org.owasp.webgoat.sql_injection.introduction; -import org.junit.Ignore; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.sql_injection.SqlLessonTest; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import static org.hamcrest.CoreMatchers.containsString; @@ -34,7 +34,7 @@ import static org.hamcrest.CoreMatchers.is; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SqlInjectionLesson5aTest extends SqlLessonTest { @Test @@ -49,7 +49,7 @@ public class SqlInjectionLesson5aTest extends SqlLessonTest { .andExpect(jsonPath("$.output", containsString("

USERID, FIRST_NAME"))); } - @Ignore + @Disabled @Test public void unknownAccount() throws Exception { mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/assignment5a") diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java index 37bc54018..d21e5d1f6 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java @@ -22,10 +22,10 @@ package org.owasp.webgoat.sql_injection.introduction; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.sql_injection.SqlLessonTest; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import static org.hamcrest.Matchers.containsString; @@ -37,7 +37,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @author nbaars * @since 6/15/17. */ -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SqlInjectionLesson6aTest extends SqlLessonTest { @Test diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6bTest.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6bTest.java index 7210d4d94..aa7999b69 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6bTest.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6bTest.java @@ -22,18 +22,13 @@ package org.owasp.webgoat.sql_injection.introduction; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.owasp.webgoat.plugins.LessonTest; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.sql_injection.SqlLessonTest; -import org.owasp.webgoat.sql_injection.introduction.SqlInjection; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; import static org.hamcrest.Matchers.is; -import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -41,7 +36,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @author nbaars * @since 6/16/17. */ -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SqlInjectionLesson6bTest extends SqlLessonTest { @Test diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java index 7a07b6342..2e0b7146c 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java @@ -22,10 +22,10 @@ package org.owasp.webgoat.sql_injection.introduction; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.sql_injection.SqlLessonTest; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import static org.hamcrest.CoreMatchers.containsString; @@ -37,7 +37,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @author Benedikt Stuhrmann * @since 11/07/18. */ -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SqlInjectionLesson8Test extends SqlLessonTest { @Test diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java index 04daa43f2..6b7b2d953 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java @@ -22,10 +22,10 @@ package org.owasp.webgoat.sql_injection.introduction; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.sql_injection.SqlLessonTest; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import static org.hamcrest.CoreMatchers.containsString; @@ -37,7 +37,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @author Benedikt Stuhrmann * @since 11/07/18. */ -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SqlInjectionLesson9Test extends SqlLessonTest { private String completedError = "JSON path \"lessonCompleted\""; diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13Test.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13Test.java index 7b871ba22..1ff4381cb 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13Test.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13Test.java @@ -1,9 +1,9 @@ package org.owasp.webgoat.sql_injection.mitigation; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.sql_injection.SqlLessonTest; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import static org.hamcrest.Matchers.is; @@ -14,7 +14,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @author nbaars * @since 5/21/17. */ -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SqlInjectionLesson13Test extends SqlLessonTest { @Test diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java index 3b3ca9680..5fcaca951 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java @@ -1,9 +1,9 @@ package org.owasp.webgoat.sql_injection.mitigation; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.sql_injection.SqlLessonTest; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import static org.hamcrest.Matchers.containsString; @@ -11,7 +11,7 @@ import static org.hamcrest.Matchers.is; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SqlOnlyInputValidationOnKeywordsTest extends SqlLessonTest { @Test diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationTest.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationTest.java index 4961956f5..06252992b 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationTest.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationTest.java @@ -1,9 +1,9 @@ package org.owasp.webgoat.sql_injection.mitigation; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.sql_injection.SqlLessonTest; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import static org.hamcrest.Matchers.containsString; @@ -11,7 +11,7 @@ import static org.hamcrest.Matchers.is; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SqlOnlyInputValidationTest extends SqlLessonTest { @Test diff --git a/webgoat-lessons/ssrf/pom.xml b/webgoat-lessons/ssrf/pom.xml index 13b3e1e4b..48a85a78b 100755 --- a/webgoat-lessons/ssrf/pom.xml +++ b/webgoat-lessons/ssrf/pom.xml @@ -21,13 +21,6 @@ 4.1.3.RELEASE test - - junit - junit - ${junit.version} - jar - test - diff --git a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java b/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java index 3d435e994..f0415676e 100644 --- a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java +++ b/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java @@ -30,13 +30,10 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; -import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; -import java.io.InputStreamReader; import java.net.MalformedURLException; import java.net.URL; -import java.net.URLConnection; import java.nio.charset.StandardCharsets; diff --git a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java index 7123aff68..87d98a491 100644 --- a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java +++ b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java @@ -1,13 +1,12 @@ package org.owasp.webgoat.ssrf; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.plugins.LessonTest; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -import org.springframework.test.web.servlet.result.MockMvcResultHandlers; import org.springframework.test.web.servlet.setup.MockMvcBuilders; import static org.hamcrest.Matchers.is; @@ -19,13 +18,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @author afry * @since 12/28/18. */ -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SSRFTest1 extends LessonTest { @Autowired private SSRF ssrf; - @Before + @BeforeEach public void setup() { when(webSession.getCurrentLesson()).thenReturn(ssrf); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java index f1556605d..ee74c7024 100644 --- a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java +++ b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java @@ -22,14 +22,13 @@ package org.owasp.webgoat.ssrf; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.plugins.LessonTest; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -import org.springframework.test.web.servlet.result.MockMvcResultHandlers; import org.springframework.test.web.servlet.setup.MockMvcBuilders; import static org.hamcrest.Matchers.is; @@ -41,13 +40,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @author afry * @since 12/28/18. */ -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SSRFTest2 extends LessonTest { @Autowired private SSRF ssrf; - @Before + @BeforeEach public void setup() { when(webSession.getCurrentLesson()).thenReturn(ssrf); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLesson.java b/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLesson.java index 7bba5afbf..fad32a00d 100644 --- a/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLesson.java +++ b/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLesson.java @@ -22,6 +22,7 @@ package org.owasp.webgoat.vulnerable_components; +import com.thoughtworks.xstream.XStream; import org.apache.commons.lang3.StringUtils; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentHints; @@ -31,8 +32,6 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; -import com.thoughtworks.xstream.XStream; - @RestController @AssignmentHints({"vulnerable.hint"}) public class VulnerableComponentsLesson extends AssignmentEndpoint { diff --git a/webgoat-lessons/vulnerable-components/src/test/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLessonTest.java b/webgoat-lessons/vulnerable-components/src/test/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLessonTest.java index 8ae6d0736..a134800a5 100644 --- a/webgoat-lessons/vulnerable-components/src/test/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLessonTest.java +++ b/webgoat-lessons/vulnerable-components/src/test/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLessonTest.java @@ -22,15 +22,14 @@ package org.owasp.webgoat.vulnerable_components; +import com.thoughtworks.xstream.XStream; +import com.thoughtworks.xstream.io.StreamException; +import org.junit.jupiter.api.Test; + import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import org.junit.Test; - -import com.thoughtworks.xstream.XStream; -import com.thoughtworks.xstream.io.StreamException; - public class VulnerableComponentsLessonTest { String strangeContact = "\n" + diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/SampleAttack.java b/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/SampleAttack.java index 18466637a..e72ceafe1 100644 --- a/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/SampleAttack.java +++ b/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/SampleAttack.java @@ -28,7 +28,12 @@ import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import java.util.List; diff --git a/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/Email.java b/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/Email.java index 0e6271acc..4f7cc1056 100644 --- a/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/Email.java +++ b/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/Email.java @@ -4,7 +4,6 @@ import lombok.Builder; import lombok.Data; import java.io.Serializable; -import java.time.LocalDateTime; @Builder @Data diff --git a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/BlindSendFileAssignment.java b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/BlindSendFileAssignment.java index 846f3dd79..f18bb83ba 100644 --- a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/BlindSendFileAssignment.java +++ b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/BlindSendFileAssignment.java @@ -14,7 +14,6 @@ import org.springframework.web.bind.annotation.RestController; import javax.annotation.PostConstruct; import javax.servlet.http.HttpServletRequest; - import java.io.File; import java.io.IOException; import java.nio.charset.StandardCharsets; diff --git a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Comments.java b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Comments.java index ae5e2315f..a86cbd6be 100644 --- a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Comments.java +++ b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Comments.java @@ -35,13 +35,17 @@ import org.springframework.stereotype.Component; import javax.xml.XMLConstants; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; -import javax.xml.bind.Unmarshaller; import javax.xml.stream.XMLInputFactory; import javax.xml.stream.XMLStreamException; -import javax.xml.stream.XMLStreamReader; import java.io.IOException; import java.io.StringReader; -import java.util.*; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Comparator; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Optional; import java.util.stream.Collectors; import static java.util.Optional.empty; diff --git a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/ContentTypeAssignment.java b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/ContentTypeAssignment.java index 5c4509e24..c627d727f 100644 --- a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/ContentTypeAssignment.java +++ b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/ContentTypeAssignment.java @@ -30,12 +30,16 @@ import org.owasp.webgoat.session.WebSession; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.MediaType; -import org.springframework.web.bind.annotation.*; - -import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestHeader; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; +import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE; + @RestController @AssignmentHints({"xxe.hints.content.type.xxe.1", "xxe.hints.content.type.xxe.2"}) public class ContentTypeAssignment extends AssignmentEndpoint { diff --git a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java index 6c9b5b378..0f9ddfa53 100644 --- a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java +++ b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java @@ -26,7 +26,11 @@ import lombok.extern.slf4j.Slf4j; import org.owasp.webgoat.session.WebSession; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.RequestHeader; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; import java.io.File; import java.io.FileNotFoundException; diff --git a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java index d4cfbe3c3..bb43ed978 100644 --- a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java +++ b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java @@ -37,13 +37,11 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; +import javax.servlet.http.HttpServletRequest; + import static org.springframework.http.MediaType.ALL_VALUE; import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE; -import java.util.Random; - -import javax.servlet.http.HttpServletRequest; - /** * @author nbaars diff --git a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java index 67729c4e8..b5d09c582 100644 --- a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java +++ b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java @@ -1,27 +1,31 @@ package org.owasp.webgoat.xxe; +import com.github.tomakehurst.wiremock.WireMockServer; import com.github.tomakehurst.wiremock.client.WireMock; import com.github.tomakehurst.wiremock.junit.WireMockRule; import com.github.tomakehurst.wiremock.verification.LoggedRequest; import org.hamcrest.CoreMatchers; -import org.junit.Before; import org.junit.Rule; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.plugins.LessonTest; -import org.owasp.webgoat.xxe.Comments; -import org.owasp.webgoat.xxe.XXE; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; import java.io.File; import java.util.List; +import static com.github.tomakehurst.wiremock.client.WireMock.aResponse; +import static com.github.tomakehurst.wiremock.client.WireMock.findAll; +import static com.github.tomakehurst.wiremock.client.WireMock.get; +import static com.github.tomakehurst.wiremock.client.WireMock.getRequestedFor; +import static com.github.tomakehurst.wiremock.client.WireMock.urlMatching; +import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.options; import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig; -import static com.github.tomakehurst.wiremock.client.WireMock.*; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; @@ -31,7 +35,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @author nbaars * @since 5/4/17. */ -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class BlindSendFileAssignmentTest extends LessonTest { @Autowired @@ -43,14 +47,15 @@ public class BlindSendFileAssignmentTest extends LessonTest { private int port; - @Rule - public WireMockRule webwolfServer = new WireMockRule(wireMockConfig().dynamicPort()); + private WireMockServer webwolfServer; - @Before + @BeforeEach public void setup() { + this.webwolfServer = new WireMockServer(options().dynamicPort()); + webwolfServer.start(); + this.port = webwolfServer.port(); when(webSession.getCurrentLesson()).thenReturn(xxe); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - port = webwolfServer.port(); } @Test @@ -140,7 +145,7 @@ public class BlindSendFileAssignmentTest extends LessonTest { .andExpect(status().isOk()) .andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("assignment.not.solved")))); - List requests = findAll(getRequestedFor(urlMatching("/landing.*"))); + List requests = webwolfServer.findAll(getRequestedFor(urlMatching("/landing.*"))); assertThat(requests.size()).isEqualTo(1); String text = requests.get(0).getQueryParams().get("text").firstValue(); diff --git a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java index df9034660..d5536e230 100644 --- a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java +++ b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java @@ -23,15 +23,13 @@ package org.owasp.webgoat.xxe; import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.plugins.LessonTest; -import org.owasp.webgoat.xxe.Comments; -import org.owasp.webgoat.xxe.XXE; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -44,7 +42,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @author nbaars * @since 11/2/17. */ -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class ContentTypeAssignmentTest extends LessonTest { @Autowired @@ -52,7 +50,7 @@ public class ContentTypeAssignmentTest extends LessonTest { @Autowired private Comments comments; - @Before + @BeforeEach public void setup() { when(webSession.getCurrentLesson()).thenReturn(xxe); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); diff --git a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java index 73e298865..36efb0a0e 100644 --- a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java +++ b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java @@ -23,13 +23,12 @@ package org.owasp.webgoat.xxe; import org.hamcrest.CoreMatchers; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.owasp.webgoat.plugins.LessonTest; -import org.owasp.webgoat.xxe.XXE; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -41,13 +40,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @author nbaars * @since 11/2/17. */ -@RunWith(SpringJUnit4ClassRunner.class) +@ExtendWith(SpringExtension.class) public class SimpleXXETest extends LessonTest { @Autowired private XXE xxe; - @Before + @BeforeEach public void setup() { when(webSession.getCurrentLesson()).thenReturn(xxe); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();