diff --git a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadBaseTest.java b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadBaseTest.java deleted file mode 100644 index 896b97dd7..000000000 --- a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadBaseTest.java +++ /dev/null @@ -1,42 +0,0 @@ -package org.owasp.webgoat.path_traversal; - -import org.junit.Before; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.TemporaryFolder; -import org.junit.runner.RunWith; -import org.mockito.Mockito; -import org.owasp.webgoat.plugins.LessonTest; -import org.owasp.webgoat.session.WebSession; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.mock.web.MockMultipartFile; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import java.io.File; -import java.io.IOException; - -import static org.junit.Assert.*; - -@RunWith(SpringJUnit4ClassRunner.class) -public class ProfileUploadBaseTest extends LessonTest { - - @Rule - public TemporaryFolder temporaryFolder = new TemporaryFolder(); - private File folder; - @Autowired - private PathTraversal pathTraversal; - - - @Before - public void setup() throws IOException { - this.folder = temporaryFolder.newFolder(); - } - - @Test - public void shouldNotOverwriteExistingFile() throws IOException { - var existingFile = new File(folder, "test.jpg").createNewFile(); - var profilePicture = new MockMultipartFile("uploadedFileFix", "../picture.jpg", "text/plain", "an image".getBytes()); - new ProfileUploadBase(this.folder.getPath(), this.webSession).execute(profilePicture, "test.jpg"); - } - -} \ No newline at end of file diff --git a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInputTest.java b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInputTest.java index fab9cf4c5..e0e3d5cde 100644 --- a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInputTest.java +++ b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInputTest.java @@ -30,7 +30,7 @@ public class ProfileUploadRemoveUserInputTest extends LessonTest { @Test public void solve() throws Exception { - var profilePicture = new MockMultipartFile("uploadedFileRetrieval", "../picture.jpg", "text/plain", "an image".getBytes()); + var profilePicture = new MockMultipartFile("uploadedFileRemoveUserInput", "../picture.jpg", "text/plain", "an image".getBytes()); mockMvc.perform(MockMvcRequestBuilders.multipart("/PathTraversal/profile-upload-remove-user-input") .file(profilePicture) @@ -42,7 +42,7 @@ public class ProfileUploadRemoveUserInputTest extends LessonTest { @Test public void normalUpdate() throws Exception { - var profilePicture = new MockMultipartFile("uploadedFileRetrieval", "picture.jpg", "text/plain", "an image".getBytes()); + var profilePicture = new MockMultipartFile("uploadedFileRemoveUserInput", "picture.jpg", "text/plain", "an image".getBytes()); mockMvc.perform(MockMvcRequestBuilders.multipart("/PathTraversal/profile-upload-remove-user-input") .file(profilePicture) diff --git a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java index 489e362b1..d5598a3ae 100644 --- a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java +++ b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java @@ -33,20 +33,20 @@ public class ProfileUploadRetrievalTest extends LessonTest { @Test public void solve() throws Exception { //Look at the response - mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random")) + mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture")) .andExpect(status().is(200)) .andExpect(header().exists("Location")) .andExpect(header().string("Location", containsString("?id="))) .andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG)); //Browse the directories - mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random?id=../../")) + mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture?id=../../")) .andExpect(status().is(200)) .andExpect(content().string(containsString("/path-traversal-secret.jpg"))) .andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG)); //Retrieve the secret file (note: .jpg is added by the server) - mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random?id=../../path-traversal-secret")) + mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture?id=../../path-traversal-secret")) .andExpect(status().is(200)) .andExpect(content().string("You found it submit the SHA-512 hash of your username as answer")) .andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG)); @@ -60,7 +60,7 @@ public class ProfileUploadRetrievalTest extends LessonTest { @Test public void shouldReceiveRandomPicture() throws Exception { - mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random")) + mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture")) .andExpect(status().is(200)) .andExpect(header().exists("Location")) .andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG)); @@ -68,7 +68,7 @@ public class ProfileUploadRetrievalTest extends LessonTest { @Test public void unknownFileShouldGiveDirectoryContents() throws Exception { - mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random?id=test")) + mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture?id=test")) .andExpect(status().is(200)) .andExpect(content().string(containsString("cats/8.jpg"))) .andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG));