Fix test cases

2020-03-08 17:56:34 +01:00 · 2020-03-08 17:56:34 +01:00 · d4966b5e71
commit d4966b5e71
parent b3840e60e3
3 changed files with 7 additions and 49 deletions
--- a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadBaseTest.java
+++ b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadBaseTest.java
@ -1,42 +0,0 @@
 package org.owasp.webgoat.path_traversal;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TemporaryFolder;
 import org.junit.runner.RunWith;
 import org.mockito.Mockito;
 import org.owasp.webgoat.plugins.LessonTest;
 import org.owasp.webgoat.session.WebSession;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.mock.web.MockMultipartFile;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import java.io.File;
 import java.io.IOException;
 import static org.junit.Assert.*;
@RunWith(SpringJUnit4ClassRunner.class)
 public class ProfileUploadBaseTest extends LessonTest {
    @Rule
    public TemporaryFolder temporaryFolder = new TemporaryFolder();
    private File folder;
    @Autowired
    private PathTraversal pathTraversal;
    @Before
    public void setup() throws IOException {
        this.folder = temporaryFolder.newFolder();
    }
    @Test
    public void shouldNotOverwriteExistingFile() throws IOException {
        var existingFile = new File(folder, "test.jpg").createNewFile();
        var profilePicture = new MockMultipartFile("uploadedFileFix", "../picture.jpg", "text/plain", "an image".getBytes());
        new ProfileUploadBase(this.folder.getPath(), this.webSession).execute(profilePicture, "test.jpg");
    }
 }
--- a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInputTest.java
+++ b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInputTest.java
@ -30,7 +30,7 @@ public class ProfileUploadRemoveUserInputTest extends LessonTest {
    @Test
    public void solve() throws Exception {
-        var profilePicture = new MockMultipartFile("uploadedFileRetrieval", "../picture.jpg", "text/plain", "an image".getBytes());
+        var profilePicture = new MockMultipartFile("uploadedFileRemoveUserInput", "../picture.jpg", "text/plain", "an image".getBytes());
        mockMvc.perform(MockMvcRequestBuilders.multipart("/PathTraversal/profile-upload-remove-user-input")
                .file(profilePicture)
@ -42,7 +42,7 @@ public class ProfileUploadRemoveUserInputTest extends LessonTest {
    @Test
    public void normalUpdate() throws Exception {
-        var profilePicture = new MockMultipartFile("uploadedFileRetrieval", "picture.jpg", "text/plain", "an image".getBytes());
+        var profilePicture = new MockMultipartFile("uploadedFileRemoveUserInput", "picture.jpg", "text/plain", "an image".getBytes());
        mockMvc.perform(MockMvcRequestBuilders.multipart("/PathTraversal/profile-upload-remove-user-input")
                .file(profilePicture)
--- a/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java
+++ b/webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrievalTest.java
@ -33,20 +33,20 @@ public class ProfileUploadRetrievalTest extends LessonTest {
    @Test
    public void solve() throws Exception {
        //Look at the response
-        mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random"))
+        mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture"))
                .andExpect(status().is(200))
                .andExpect(header().exists("Location"))
                .andExpect(header().string("Location", containsString("?id=")))
                .andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG));
        //Browse the directories
-        mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random?id=../../"))
+        mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture?id=../../"))
                .andExpect(status().is(200))
                .andExpect(content().string(containsString("/path-traversal-secret.jpg")))
                .andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG));
        //Retrieve the secret file (note: .jpg is added by the server)
-        mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random?id=../../path-traversal-secret"))
+        mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture?id=../../path-traversal-secret"))
                .andExpect(status().is(200))
                .andExpect(content().string("You found it submit the SHA-512 hash of your username as answer"))
                .andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG));
@ -60,7 +60,7 @@ public class ProfileUploadRetrievalTest extends LessonTest {
    @Test
    public void shouldReceiveRandomPicture() throws Exception {
-        mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random"))
+        mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture"))
                .andExpect(status().is(200))
                .andExpect(header().exists("Location"))
                .andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG));
@ -68,7 +68,7 @@ public class ProfileUploadRetrievalTest extends LessonTest {
    @Test
    public void unknownFileShouldGiveDirectoryContents() throws Exception {
-        mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random?id=test"))
+        mockMvc.perform(MockMvcRequestBuilders.get("/PathTraversal/random-picture?id=test"))
                .andExpect(status().is(200))
                .andExpect(content().string(containsString("cats/8.jpg")))
                .andExpect(content().contentTypeCompatibleWith(MediaType.IMAGE_JPEG));