Moved challenge2 to client-side-filtering as final assignment
This commit is contained in:
Nanne Baars
parent
6e003bc088
commit
d2b6725f3b
@ -10,7 +10,6 @@ public interface SolutionConstants {
|
||||
|
||||
//TODO should be random generated when starting the server
|
||||
String PASSWORD = "!!webgoat_admin_1234!!";
|
||||
String SUPER_COUPON_CODE = "get_it_for_free";
|
||||
String PASSWORD_TOM = "thisisasecretfortomonly";
|
||||
String PASSWORD_LARRY = "larryknows";
|
||||
String JWT_PASSWORD = "victory";
|
||||
|
||||
@ -1,39 +0,0 @@
|
||||
package org.owasp.webgoat.plugin.challenge2;
|
||||
|
||||
import com.google.common.collect.Lists;
|
||||
import org.owasp.webgoat.lessons.Category;
|
||||
import org.owasp.webgoat.lessons.NewLesson;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author nbaars
|
||||
* @since 3/21/17.
|
||||
*/
|
||||
public class Challenge2 extends NewLesson {
|
||||
|
||||
@Override
|
||||
public Category getDefaultCategory() {
|
||||
return Category.CHALLENGE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> getHints() {
|
||||
return Lists.newArrayList();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Integer getDefaultRanking() {
|
||||
return 10;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getTitle() {
|
||||
return "challenge2.title";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "Challenge2";
|
||||
}
|
||||
}
|
||||
@ -1,112 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<html xmlns:th="http://www.thymeleaf.org">
|
||||
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:Challenge_2.adoc"></div>
|
||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge2.css}"/>
|
||||
<script th:src="@{/lesson_js/challenge2.js}" language="JavaScript"></script>
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
|
||||
<div class="container-fluid">
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
method="POST" name="form"
|
||||
action="/WebGoat/challenge/2"
|
||||
enctype="application/json;charset=UTF-8">
|
||||
|
||||
<input id="discount" type="hidden" value="0"/>
|
||||
<div class="row">
|
||||
|
||||
<div class="col-xs-3 item-photo">
|
||||
<img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
|
||||
</div>
|
||||
<div class="col-xs-5" style="border:0px solid gray">
|
||||
<h3>Samsung Galaxy S8</h3>
|
||||
<h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ·
|
||||
<small style="color:#337ab7">(124421 reviews)</small>
|
||||
</h5>
|
||||
|
||||
<h6 class="title-price">
|
||||
<small>PRICE</small>
|
||||
</h6>
|
||||
<h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3>
|
||||
|
||||
<div class="section">
|
||||
<h6 class="title-attr" style="margin-top:15px;">
|
||||
<small>COLOR</small>
|
||||
</h6>
|
||||
<div>
|
||||
<div class="attr" style="width:25px;background:lightgrey;"></div>
|
||||
<div class="attr" style="width:25px;background:black;"></div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="section" style="padding-bottom:5px;">
|
||||
<h6 class="title-attr">
|
||||
<small>CAPACITY</small>
|
||||
</h6>
|
||||
<div>
|
||||
<div class="attr2">64 GB</div>
|
||||
<div class="attr2">128 GB</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="section" style="padding-bottom:5px;">
|
||||
<h6 class="title-attr">
|
||||
<small>QUANTITY</small>
|
||||
</h6>
|
||||
<div>
|
||||
<div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div>
|
||||
<input class="quantity" value="1"/>
|
||||
<div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="section" style="padding-bottom:5px;">
|
||||
<h6 class="title-attr">
|
||||
<small>CHECKOUT CODE</small>
|
||||
</h6>
|
||||
<!--
|
||||
Checkout code: webgoat, owasp, owasp-webgoat
|
||||
-->
|
||||
<input name="checkoutCode" class="checkoutCode" value=""/>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="section" style="padding-bottom:20px;">
|
||||
<button type="submit" class="btn btn-success"><span style="margin-right:20px"
|
||||
class="glyphicon glyphicon-shopping-cart"
|
||||
aria-hidden="true"></span>Buy
|
||||
</button>
|
||||
<h6><a href="#"><span class="glyphicon glyphicon-heart-empty"
|
||||
style="cursor:pointer;"></span>
|
||||
Like</a></h6>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</form>
|
||||
</div>
|
||||
<br/>
|
||||
<form class="attack-form" method="POST" name="form" action="/WebGoat/challenge/flag">
|
||||
<div class="form-group">
|
||||
<div class="input-group">
|
||||
<div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true"
|
||||
style="font-size:20px"></i></div>
|
||||
<input type="text" class="form-control" id="flag" name="flag"
|
||||
placeholder="a7179f89-906b-4fec-9d99-f15b796e7208"/>
|
||||
</div>
|
||||
<div class="input-group" style="margin-top: 10px">
|
||||
<button type="submit" class="btn btn-primary">Submit flag</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</form>
|
||||
|
||||
<br/>
|
||||
<div class="attack-feedback"></div>
|
||||
<div class="attack-output"></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</html>
|
||||
@ -1,49 +0,0 @@
|
||||
package org.owasp.webgoat.plugin.challenge2;
|
||||
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.runners.MockitoJUnitRunner;
|
||||
import org.owasp.webgoat.assignments.AssignmentEndpointTest;
|
||||
import org.owasp.webgoat.plugin.Flag;
|
||||
import org.owasp.webgoat.plugin.SolutionConstants;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
|
||||
|
||||
/**
|
||||
* @author nbaars
|
||||
* @since 5/2/17.
|
||||
*/
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class Assignment2Test extends AssignmentEndpointTest {
|
||||
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
Assignment2 assignment2 = new Assignment2();
|
||||
init(assignment2);
|
||||
new Flag().initFlags();
|
||||
this.mockMvc = standaloneSetup(assignment2).build();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void success() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/challenge/2")
|
||||
.param("checkoutCode", SolutionConstants.SUPER_COUPON_CODE))
|
||||
.andExpect(jsonPath("$.feedback", CoreMatchers.containsString("flag: " + Flag.FLAGS.get(2))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(true)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void wrongCouponCode() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/challenge/2")
|
||||
.param("checkoutCode", "test"))
|
||||
.andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("assignment.not.solved"))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
|
||||
}
|
||||
}
|
||||
@ -1,9 +1,9 @@
|
||||
package org.owasp.webgoat.plugin.challenge2;
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.assignments.AssignmentHints;
|
||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
||||
import org.owasp.webgoat.assignments.AttackResult;
|
||||
import org.owasp.webgoat.plugin.Flag;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
@ -11,22 +11,23 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.owasp.webgoat.plugin.SolutionConstants.SUPER_COUPON_CODE;
|
||||
|
||||
/**
|
||||
* @author nbaars
|
||||
* @since 4/6/17.
|
||||
*/
|
||||
@AssignmentPath("/challenge/2")
|
||||
public class Assignment2 extends AssignmentEndpoint {
|
||||
@AssignmentPath("/clientSideFiltering/getItForFree")
|
||||
@AssignmentHints({"client.side.filtering.free.hint1", "client.side.filtering.free.hint2", "client.side.filtering.free.hint3"})
|
||||
public class ClientSideFilteringFreeAssignment extends AssignmentEndpoint {
|
||||
|
||||
public static final String SUPER_COUPON_CODE = "get_it_for_free";
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public
|
||||
@ResponseBody
|
||||
AttackResult completed(@RequestParam String checkoutCode) throws IOException {
|
||||
AttackResult completed(@RequestParam String checkoutCode) {
|
||||
if (SUPER_COUPON_CODE.equals(checkoutCode)) {
|
||||
return success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(2)).build();
|
||||
return trackProgress(success().build());
|
||||
}
|
||||
return failed().build();
|
||||
return trackProgress(failed().build());
|
||||
}
|
||||
}
|
||||
@ -1,4 +1,4 @@
|
||||
package org.owasp.webgoat.plugin.challenge2;
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import com.beust.jcommander.internal.Lists;
|
||||
import lombok.AllArgsConstructor;
|
||||
@ -12,21 +12,21 @@ import org.springframework.web.bind.annotation.RestController;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
import static org.owasp.webgoat.plugin.SolutionConstants.SUPER_COUPON_CODE;
|
||||
import static org.owasp.webgoat.plugin.ClientSideFilteringFreeAssignment.SUPER_COUPON_CODE;
|
||||
|
||||
/**
|
||||
* @author nbaars
|
||||
* @since 4/6/17.
|
||||
*/
|
||||
@RestController
|
||||
@RequestMapping("challenge-store")
|
||||
@RequestMapping("/clientSideFiltering/challenge-store")
|
||||
public class ShopEndpoint {
|
||||
|
||||
@AllArgsConstructor
|
||||
private class CheckoutCodes {
|
||||
|
||||
@Getter
|
||||
private List<CheckoutCode> codes = Lists.newArrayList();
|
||||
private List<CheckoutCode> codes;
|
||||
|
||||
public Optional<CheckoutCode> get(String code) {
|
||||
return codes.stream().filter(c -> c.getCode().equals(code)).findFirst();
|
||||
@ -73,7 +73,96 @@
|
||||
<!-- ... of course, you can move them if you want to, but that will not look consistent to other lessons -->
|
||||
</div>
|
||||
</div>
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:ClientSideFiltering_final.adoc"></div>
|
||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/clientSideFilteringFree.css}"/>
|
||||
<script th:src="@{/lesson_js/clientSideFilteringFree.js}" language="JavaScript"></script>
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
|
||||
<div class="container-fluid">
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
method="POST" name="form"
|
||||
action="/WebGoat/clientSideFiltering/getItForFree"
|
||||
enctype="application/json;charset=UTF-8">
|
||||
|
||||
<input id="discount" type="hidden" value="0"/>
|
||||
<div class="row">
|
||||
|
||||
<div class="col-xs-3 item-photo">
|
||||
<img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
|
||||
</div>
|
||||
<div class="col-xs-5" style="border:0px solid gray">
|
||||
<h3>Samsung Galaxy S8</h3>
|
||||
<h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ·
|
||||
<small style="color:#337ab7">(124421 reviews)</small>
|
||||
</h5>
|
||||
|
||||
<h6 class="title-price">
|
||||
<small>PRICE</small>
|
||||
</h6>
|
||||
<h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3>
|
||||
|
||||
<div class="section">
|
||||
<h6 class="title-attr" style="margin-top:15px;">
|
||||
<small>COLOR</small>
|
||||
</h6>
|
||||
<div>
|
||||
<div class="attr" style="width:25px;background:lightgrey;"></div>
|
||||
<div class="attr" style="width:25px;background:black;"></div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="section" style="padding-bottom:5px;">
|
||||
<h6 class="title-attr">
|
||||
<small>CAPACITY</small>
|
||||
</h6>
|
||||
<div>
|
||||
<div class="attr2">64 GB</div>
|
||||
<div class="attr2">128 GB</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="section" style="padding-bottom:5px;">
|
||||
<h6 class="title-attr">
|
||||
<small>QUANTITY</small>
|
||||
</h6>
|
||||
<div>
|
||||
<div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div>
|
||||
<input class="quantity" value="1"/>
|
||||
<div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="section" style="padding-bottom:5px;">
|
||||
<h6 class="title-attr">
|
||||
<small>CHECKOUT CODE</small>
|
||||
</h6>
|
||||
<!--
|
||||
Checkout code: webgoat, owasp, owasp-webgoat
|
||||
-->
|
||||
<input name="checkoutCode" class="checkoutCode" value=""/>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="section" style="padding-bottom:20px;">
|
||||
<button type="submit" class="btn btn-success"><span style="margin-right:20px"
|
||||
class="glyphicon glyphicon-shopping-cart"
|
||||
aria-hidden="true"></span>Buy
|
||||
</button>
|
||||
<h6><a href="#"><span class="glyphicon glyphicon-heart-empty"
|
||||
style="cursor:pointer;"></span>
|
||||
Like</a></h6>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</form>
|
||||
</div>
|
||||
<br/>
|
||||
<br/>
|
||||
<div class="attack-feedback"></div>
|
||||
<div class="attack-output"></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</html>
|
||||
|
||||
|
||||
@ -26,3 +26,7 @@ ClientSideFilteringHint10=Stage 2: Your filter operator should look something li
|
||||
ClientSideFilteringInstructions1=STAGE 1: You are logged in as Moe Stooge, CSO of Goat Hills Financial. You have access to everyone in the company's information, except the CEO, . Or at least you shouldn't have access to the CEO's information. For this exercise, examine the contents of the page to see what extra information you can find.
|
||||
ClientSideFilteringInstructions2=STAGE 2: Now, fix the problem. Modify the server to only return results that Moe Stooge is allowed to see.
|
||||
ClientSideFiltering.incorrect=This is not the salary from Neville Bartholomew...
|
||||
|
||||
client.side.filtering.free.hint1=Look through the webpage inspect the sources etc
|
||||
client.side.filtering.free.hint2=Try to see the flow of request from the page to the backend
|
||||
client.side.fiterling.free.hint3=One of the responses contains the answer
|
||||
|
||||
|
Before Width: | Height: | Size: 12 KiB After Width: | Height: | Size: 12 KiB |
|
Before Width: | Height: | Size: 11 KiB After Width: | Height: | Size: 11 KiB |
@ -38,7 +38,7 @@ $(document).ready(function () {
|
||||
})
|
||||
$(".checkoutCode").on("blur", function () {
|
||||
var checkoutCode = $(".checkoutCode").val();
|
||||
$.get("challenge-store/coupons/" + checkoutCode, function (result, status) {
|
||||
$.get("clientSideFiltering/challenge-store/coupons/" + checkoutCode, function (result, status) {
|
||||
var discount = result.discount;
|
||||
if (discount > 0) {
|
||||
$('#discount').text(discount);
|
||||
@ -0,0 +1,49 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.runners.MockitoJUnitRunner;
|
||||
import org.owasp.webgoat.plugins.LessonTest;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.owasp.webgoat.plugin.ClientSideFilteringFreeAssignment.SUPER_COUPON_CODE;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
|
||||
/**
|
||||
* @author nbaars
|
||||
* @since 5/2/17.
|
||||
*/
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
public class ClientSideFilteringFreeAssignmentTest extends LessonTest {
|
||||
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
ClientSideFiltering clientSideFiltering = new ClientSideFiltering();
|
||||
when(webSession.getCurrentLesson()).thenReturn(clientSideFiltering);
|
||||
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
|
||||
when(webSession.getUserName()).thenReturn("unit-test");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void success() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/clientSideFiltering/getItForFree")
|
||||
.param("checkoutCode", SUPER_COUPON_CODE))
|
||||
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(true)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void wrongCouponCode() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.post("/clientSideFiltering/getItForFree")
|
||||
.param("checkoutCode", "test"))
|
||||
.andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("assignment.not.solved"))))
|
||||
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
|
||||
}
|
||||
}
|
||||
@ -1,4 +1,4 @@
|
||||
package org.owasp.webgoat.plugin.challenge2;
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.hamcrest.CoreMatchers;
|
||||
import org.junit.Before;
|
||||
@ -9,7 +9,7 @@ import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.owasp.webgoat.plugin.SolutionConstants.SUPER_COUPON_CODE;
|
||||
import static org.owasp.webgoat.plugin.ClientSideFilteringFreeAssignment.SUPER_COUPON_CODE;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
|
||||
|
||||
@ -30,28 +30,28 @@ public class ShopEndpointTest {
|
||||
|
||||
@Test
|
||||
public void getSuperCoupon() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.get("/challenge-store/coupons/" + SUPER_COUPON_CODE))
|
||||
mockMvc.perform(MockMvcRequestBuilders.get("/clientSideFiltering/challenge-store/coupons/" + SUPER_COUPON_CODE))
|
||||
.andExpect(jsonPath("$.code", CoreMatchers.is(SUPER_COUPON_CODE)))
|
||||
.andExpect(jsonPath("$.discount", CoreMatchers.is(100)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getCoupon() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.get("/challenge-store/coupons/webgoat"))
|
||||
mockMvc.perform(MockMvcRequestBuilders.get("/clientSideFiltering/challenge-store/coupons/webgoat"))
|
||||
.andExpect(jsonPath("$.code", CoreMatchers.is("webgoat")))
|
||||
.andExpect(jsonPath("$.discount", CoreMatchers.is(25)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void askForUnknownCouponCode() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.get("/challenge-store/coupons/does-not-exists"))
|
||||
mockMvc.perform(MockMvcRequestBuilders.get("/clientSideFiltering/challenge-store/coupons/does-not-exists"))
|
||||
.andExpect(jsonPath("$.code", CoreMatchers.is("no")))
|
||||
.andExpect(jsonPath("$.discount", CoreMatchers.is(0)));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void fetchAllTheCouponsShouldContainGetItForFree() throws Exception {
|
||||
mockMvc.perform(MockMvcRequestBuilders.get("/challenge-store/coupons/"))
|
||||
mockMvc.perform(MockMvcRequestBuilders.get("/clientSideFiltering/challenge-store/coupons/"))
|
||||
.andExpect(jsonPath("$.codes[3].code", is("get_it_for_free")));
|
||||
}
|
||||
|
||||
@ -28,7 +28,6 @@ public class SimpleXXETest extends LessonTest {
|
||||
when(webSession.getUserName()).thenReturn("unit-test");
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void workingAttack() throws Exception {
|
||||
//Call with XXE injection
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user