dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moved challenge2 to client-side-filtering as final assignment

Browse Source
This commit is contained in:
Nanne Baars 2018-05-27 12:41:52 +02:00
parent 6e003bc088
commit d2b6725f3b
16 changed files with 163 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java
View File

@ -10,7 +10,6 @@ public interface SolutionConstants {
//TODO should be random generated when starting the server //TODO should be random generated when starting the server
String PASSWORD = "!!webgoat_admin_1234!!"; String PASSWORD = "!!webgoat_admin_1234!!";
String SUPER_COUPON_CODE = "get_it_for_free";
String PASSWORD_TOM = "thisisasecretfortomonly"; String PASSWORD_TOM = "thisisasecretfortomonly";
String PASSWORD_LARRY = "larryknows"; String PASSWORD_LARRY = "larryknows";
String JWT_PASSWORD = "victory"; String JWT_PASSWORD = "victory";

39
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge2/Challenge2.java
View File

@ -1,39 +0,0 @@
package org.owasp.webgoat.plugin.challenge2;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import java.util.List;
/**
* @author nbaars
* @since 3/21/17.
*/
public class Challenge2 extends NewLesson {
@Override
public Category getDefaultCategory() {
return Category.CHALLENGE;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override
public String getTitle() {
return "challenge2.title";
}
@Override
public String getId() {
return "Challenge2";
}
}

112
webgoat-lessons/challenge/src/main/resources/html/Challenge2.html
View File

@ -1,112 +0,0 @@
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:Challenge_2.adoc"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge2.css}"/>
<script th:src="@{/lesson_js/challenge2.js}" language="JavaScript"></script>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="container-fluid">
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/challenge/2"
enctype="application/json;charset=UTF-8">
<input id="discount" type="hidden" value="0"/>
<div class="row">
<div class="col-xs-3 item-photo">
<img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
</div>
<div class="col-xs-5" style="border:0px solid gray">
<h3>Samsung Galaxy S8</h3>
<h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ·
<small style="color:#337ab7">(124421 reviews)</small>
</h5>
<h6 class="title-price">
<small>PRICE</small>
</h6>
<h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3>
<div class="section">
<h6 class="title-attr" style="margin-top:15px;">
<small>COLOR</small>
</h6>
<div>
<div class="attr" style="width:25px;background:lightgrey;"></div>
<div class="attr" style="width:25px;background:black;"></div>
</div>
</div>
<div class="section" style="padding-bottom:5px;">
<h6 class="title-attr">
<small>CAPACITY</small>
</h6>
<div>
<div class="attr2">64 GB</div>
<div class="attr2">128 GB</div>
</div>
</div>
<div class="section" style="padding-bottom:5px;">
<h6 class="title-attr">
<small>QUANTITY</small>
</h6>
<div>
<div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div>
<input class="quantity" value="1"/>
<div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div>
</div>
</div>
<div class="section" style="padding-bottom:5px;">
<h6 class="title-attr">
<small>CHECKOUT CODE</small>
</h6>
<!--
Checkout code: webgoat, owasp, owasp-webgoat
-->
<input name="checkoutCode" class="checkoutCode" value=""/>
</div>
<div class="section" style="padding-bottom:20px;">
<button type="submit" class="btn btn-success"><span style="margin-right:20px"
class="glyphicon glyphicon-shopping-cart"
aria-hidden="true"></span>Buy
</button>
<h6><a href="#"><span class="glyphicon glyphicon-heart-empty"
style="cursor:pointer;"></span>
Like</a></h6>
</div>
</div>
</div>
</form>
</div>
<br/>
<form class="attack-form" method="POST" name="form" action="/WebGoat/challenge/flag">
<div class="form-group">
<div class="input-group">
<div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true"
style="font-size:20px"></i></div>
<input type="text" class="form-control" id="flag" name="flag"
placeholder="a7179f89-906b-4fec-9d99-f15b796e7208"/>
</div>
<div class="input-group" style="margin-top: 10px">
<button type="submit" class="btn btn-primary">Submit flag</button>
</div>
</div>
</form>
<br/>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
</html>

49
webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/plugin/challenge2/Assignment2Test.java
View File

@ -1,49 +0,0 @@
package org.owasp.webgoat.plugin.challenge2;
import org.hamcrest.CoreMatchers;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.runners.MockitoJUnitRunner;
import org.owasp.webgoat.assignments.AssignmentEndpointTest;
import org.owasp.webgoat.plugin.Flag;
import org.owasp.webgoat.plugin.SolutionConstants;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
/**
* @author nbaars
* @since 5/2/17.
*/
@RunWith(MockitoJUnitRunner.class)
public class Assignment2Test extends AssignmentEndpointTest {
private MockMvc mockMvc;
@Before
public void setup() {
Assignment2 assignment2 = new Assignment2();
init(assignment2);
new Flag().initFlags();
this.mockMvc = standaloneSetup(assignment2).build();
}
@Test
public void success() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/challenge/2")
.param("checkoutCode", SolutionConstants.SUPER_COUPON_CODE))
.andExpect(jsonPath("$.feedback", CoreMatchers.containsString("flag: " + Flag.FLAGS.get(2))))
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(true)));
}
@Test
public void wrongCouponCode() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/challenge/2")
.param("checkoutCode", "test"))
.andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("assignment.not.solved"))))
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
}
}

19
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge2/Assignment2.java → webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/plugin/ClientSideFilteringFreeAssignment.java
View File

@ -1,9 +1,9 @@
package org.owasp.webgoat.plugin.challenge2; package org.owasp.webgoat.plugin;
import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentHints;
import org.owasp.webgoat.assignments.AssignmentPath; import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.plugin.Flag;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
@ -11,22 +11,23 @@ import org.springframework.web.bind.annotation.ResponseBody;
import java.io.IOException; import java.io.IOException;
import static org.owasp.webgoat.plugin.SolutionConstants.SUPER_COUPON_CODE;
/** /**
* @author nbaars * @author nbaars
* @since 4/6/17. * @since 4/6/17.
*/ */
@AssignmentPath("/challenge/2") @AssignmentPath("/clientSideFiltering/getItForFree")
public class Assignment2 extends AssignmentEndpoint { @AssignmentHints({"client.side.filtering.free.hint1", "client.side.filtering.free.hint2", "client.side.filtering.free.hint3"})
public class ClientSideFilteringFreeAssignment extends AssignmentEndpoint {
public static final String SUPER_COUPON_CODE = "get_it_for_free";
@RequestMapping(method = RequestMethod.POST) @RequestMapping(method = RequestMethod.POST)
public public
@ResponseBody @ResponseBody
AttackResult completed(@RequestParam String checkoutCode) throws IOException { AttackResult completed(@RequestParam String checkoutCode) {
if (SUPER_COUPON_CODE.equals(checkoutCode)) { if (SUPER_COUPON_CODE.equals(checkoutCode)) {
return success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(2)).build(); return trackProgress(success().build());
} }
return failed().build(); return trackProgress(failed().build());
} }
} }

8
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge2/ShopEndpoint.java → webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/plugin/ShopEndpoint.java
View File

@ -1,4 +1,4 @@
package org.owasp.webgoat.plugin.challenge2; package org.owasp.webgoat.plugin;
import com.beust.jcommander.internal.Lists; import com.beust.jcommander.internal.Lists;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
@ -12,21 +12,21 @@ import org.springframework.web.bind.annotation.RestController;
import java.util.List; import java.util.List;
import java.util.Optional; import java.util.Optional;
import static org.owasp.webgoat.plugin.SolutionConstants.SUPER_COUPON_CODE; import static org.owasp.webgoat.plugin.ClientSideFilteringFreeAssignment.SUPER_COUPON_CODE;
/** /**
* @author nbaars * @author nbaars
* @since 4/6/17. * @since 4/6/17.
*/ */
@RestController @RestController
@RequestMapping("challenge-store") @RequestMapping("/clientSideFiltering/challenge-store")
public class ShopEndpoint { public class ShopEndpoint {
@AllArgsConstructor @AllArgsConstructor
private class CheckoutCodes { private class CheckoutCodes {
@Getter @Getter
private List<CheckoutCode> codes = Lists.newArrayList(); private List<CheckoutCode> codes;
public Optional<CheckoutCode> get(String code) { public Optional<CheckoutCode> get(String code) {
return codes.stream().filter(c -> c.getCode().equals(code)).findFirst(); return codes.stream().filter(c -> c.getCode().equals(code)).findFirst();

0
webgoat-lessons/challenge/src/main/resources/css/challenge2.css → webgoat-lessons/client-side-filtering/src/main/resources/css/clientSideFilteringFree.css
View File

89
webgoat-lessons/client-side-filtering/src/main/resources/html/ClientSideFiltering.html
View File

@ -73,7 +73,96 @@
<!-- ... of course, you can move them if you want to, but that will not look consistent to other lessons --> <!-- ... of course, you can move them if you want to, but that will not look consistent to other lessons -->
</div> </div>
</div> </div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:ClientSideFiltering_final.adoc"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/clientSideFilteringFree.css}"/>
<script th:src="@{/lesson_js/clientSideFilteringFree.js}" language="JavaScript"></script>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="container-fluid">
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/clientSideFiltering/getItForFree"
enctype="application/json;charset=UTF-8">
<input id="discount" type="hidden" value="0"/>
<div class="row">
<div class="col-xs-3 item-photo">
<img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
</div>
<div class="col-xs-5" style="border:0px solid gray">
<h3>Samsung Galaxy S8</h3>
<h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ·
<small style="color:#337ab7">(124421 reviews)</small>
</h5>
<h6 class="title-price">
<small>PRICE</small>
</h6>
<h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3>
<div class="section">
<h6 class="title-attr" style="margin-top:15px;">
<small>COLOR</small>
</h6>
<div>
<div class="attr" style="width:25px;background:lightgrey;"></div>
<div class="attr" style="width:25px;background:black;"></div>
</div>
</div>
<div class="section" style="padding-bottom:5px;">
<h6 class="title-attr">
<small>CAPACITY</small>
</h6>
<div>
<div class="attr2">64 GB</div>
<div class="attr2">128 GB</div>
</div>
</div>
<div class="section" style="padding-bottom:5px;">
<h6 class="title-attr">
<small>QUANTITY</small>
</h6>
<div>
<div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div>
<input class="quantity" value="1"/>
<div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div>
</div>
</div>
<div class="section" style="padding-bottom:5px;">
<h6 class="title-attr">
<small>CHECKOUT CODE</small>
</h6>
<!--
Checkout code: webgoat, owasp, owasp-webgoat
-->
<input name="checkoutCode" class="checkoutCode" value=""/>
</div>
<div class="section" style="padding-bottom:20px;">
<button type="submit" class="btn btn-success"><span style="margin-right:20px"
class="glyphicon glyphicon-shopping-cart"
aria-hidden="true"></span>Buy
</button>
<h6><a href="#"><span class="glyphicon glyphicon-heart-empty"
style="cursor:pointer;"></span>
Like</a></h6>
</div>
</div>
</div>
</form>
</div>
<br/>
<br/>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
</html> </html>

4
webgoat-lessons/client-side-filtering/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -26,3 +26,7 @@ ClientSideFilteringHint10=Stage 2: Your filter operator should look something li
ClientSideFilteringInstructions1=STAGE 1: You are logged in as Moe Stooge, CSO of Goat Hills Financial. You have access to everyone in the company's information, except the CEO, . Or at least you shouldn't have access to the CEO's information. For this exercise, examine the contents of the page to see what extra information you can find. ClientSideFilteringInstructions1=STAGE 1: You are logged in as Moe Stooge, CSO of Goat Hills Financial. You have access to everyone in the company's information, except the CEO, . Or at least you shouldn't have access to the CEO's information. For this exercise, examine the contents of the page to see what extra information you can find.
ClientSideFilteringInstructions2=STAGE 2: Now, fix the problem. Modify the server to only return results that Moe Stooge is allowed to see. ClientSideFilteringInstructions2=STAGE 2: Now, fix the problem. Modify the server to only return results that Moe Stooge is allowed to see.
ClientSideFiltering.incorrect=This is not the salary from Neville Bartholomew... ClientSideFiltering.incorrect=This is not the salary from Neville Bartholomew...
client.side.filtering.free.hint1=Look through the webpage inspect the sources etc
client.side.filtering.free.hint2=Try to see the flow of request from the page to the backend
client.side.fiterling.free.hint3=One of the responses contains the answer

0
webgoat-lessons/challenge/src/main/resources/images/samsung-black.jpg → webgoat-lessons/client-side-filtering/src/main/resources/images/samsung-black.jpg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 12 KiB

0
webgoat-lessons/challenge/src/main/resources/images/samsung-grey.jpg → webgoat-lessons/client-side-filtering/src/main/resources/images/samsung-grey.jpg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 11 KiB

After

Width:  |  Height:  |  Size: 11 KiB

2
webgoat-lessons/challenge/src/main/resources/js/challenge2.js → webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js
View File

@ -38,7 +38,7 @@ $(document).ready(function () {
}) })
$(".checkoutCode").on("blur", function () { $(".checkoutCode").on("blur", function () {
var checkoutCode = $(".checkoutCode").val(); var checkoutCode = $(".checkoutCode").val();
$.get("challenge-store/coupons/" + checkoutCode, function (result, status) { $.get("clientSideFiltering/challenge-store/coupons/" + checkoutCode, function (result, status) {
var discount = result.discount; var discount = result.discount;
if (discount > 0) { if (discount > 0) {
$('#discount').text(discount); $('#discount').text(discount);

0
webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_2.adoc → webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_final.adoc
View File

49
webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/plugin/ClientSideFilteringFreeAssignmentTest.java Normal file
View File

@ -0,0 +1,49 @@
package org.owasp.webgoat.plugin;
import org.hamcrest.CoreMatchers;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.runners.MockitoJUnitRunner;
import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import static org.mockito.Mockito.when;
import static org.owasp.webgoat.plugin.ClientSideFilteringFreeAssignment.SUPER_COUPON_CODE;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
/**
* @author nbaars
* @since 5/2/17.
*/
@RunWith(SpringJUnit4ClassRunner.class)
public class ClientSideFilteringFreeAssignmentTest extends LessonTest {
private MockMvc mockMvc;
@Before
public void setup() {
ClientSideFiltering clientSideFiltering = new ClientSideFiltering();
when(webSession.getCurrentLesson()).thenReturn(clientSideFiltering);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
}
@Test
public void success() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/clientSideFiltering/getItForFree")
.param("checkoutCode", SUPER_COUPON_CODE))
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(true)));
}
@Test
public void wrongCouponCode() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/clientSideFiltering/getItForFree")
.param("checkoutCode", "test"))
.andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("assignment.not.solved"))))
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
}
}

12
webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/plugin/challenge2/ShopEndpointTest.java → webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/plugin/ShopEndpointTest.java
View File

@ -1,4 +1,4 @@
package org.owasp.webgoat.plugin.challenge2; package org.owasp.webgoat.plugin;
import org.hamcrest.CoreMatchers; import org.hamcrest.CoreMatchers;
import org.junit.Before; import org.junit.Before;
@ -9,7 +9,7 @@ import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.is;
import static org.owasp.webgoat.plugin.SolutionConstants.SUPER_COUPON_CODE; import static org.owasp.webgoat.plugin.ClientSideFilteringFreeAssignment.SUPER_COUPON_CODE;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
@ -30,28 +30,28 @@ public class ShopEndpointTest {
@Test @Test
public void getSuperCoupon() throws Exception { public void getSuperCoupon() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.get("/challenge-store/coupons/" + SUPER_COUPON_CODE)) mockMvc.perform(MockMvcRequestBuilders.get("/clientSideFiltering/challenge-store/coupons/" + SUPER_COUPON_CODE))
.andExpect(jsonPath("$.code", CoreMatchers.is(SUPER_COUPON_CODE))) .andExpect(jsonPath("$.code", CoreMatchers.is(SUPER_COUPON_CODE)))
.andExpect(jsonPath("$.discount", CoreMatchers.is(100))); .andExpect(jsonPath("$.discount", CoreMatchers.is(100)));
} }
@Test @Test
public void getCoupon() throws Exception { public void getCoupon() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.get("/challenge-store/coupons/webgoat")) mockMvc.perform(MockMvcRequestBuilders.get("/clientSideFiltering/challenge-store/coupons/webgoat"))
.andExpect(jsonPath("$.code", CoreMatchers.is("webgoat"))) .andExpect(jsonPath("$.code", CoreMatchers.is("webgoat")))
.andExpect(jsonPath("$.discount", CoreMatchers.is(25))); .andExpect(jsonPath("$.discount", CoreMatchers.is(25)));
} }
@Test @Test
public void askForUnknownCouponCode() throws Exception { public void askForUnknownCouponCode() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.get("/challenge-store/coupons/does-not-exists")) mockMvc.perform(MockMvcRequestBuilders.get("/clientSideFiltering/challenge-store/coupons/does-not-exists"))
.andExpect(jsonPath("$.code", CoreMatchers.is("no"))) .andExpect(jsonPath("$.code", CoreMatchers.is("no")))
.andExpect(jsonPath("$.discount", CoreMatchers.is(0))); .andExpect(jsonPath("$.discount", CoreMatchers.is(0)));
} }
@Test @Test
public void fetchAllTheCouponsShouldContainGetItForFree() throws Exception { public void fetchAllTheCouponsShouldContainGetItForFree() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.get("/challenge-store/coupons/")) mockMvc.perform(MockMvcRequestBuilders.get("/clientSideFiltering/challenge-store/coupons/"))
.andExpect(jsonPath("$.codes[3].code", is("get_it_for_free"))); .andExpect(jsonPath("$.codes[3].code", is("get_it_for_free")));
} }

1
webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/plugin/SimpleXXETest.java
View File

@ -28,7 +28,6 @@ public class SimpleXXETest extends LessonTest {
when(webSession.getUserName()).thenReturn("unit-test"); when(webSession.getUserName()).thenReturn("unit-test");
} }
@Test @Test
public void workingAttack() throws Exception { public void workingAttack() throws Exception {
//Call with XXE injection //Call with XXE injection