Fix tests after updating from develop, changes applied for migrating to Spring Boot 2
This commit is contained in:
Nanne Baars
parent
35c1305ce9
commit
dad9c75ee0
@ -13,7 +13,7 @@ import org.hamcrest.CoreMatchers;
|
|||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.owasp.webgoat.plugin.JWTSecretKeyEndpoint;
|
import org.owasp.webgoat.jwt.JWTSecretKeyEndpoint;
|
||||||
|
|
||||||
import com.fasterxml.jackson.databind.JsonNode;
|
import com.fasterxml.jackson.databind.JsonNode;
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
|
|||||||
@ -74,6 +74,7 @@ public class XXETest extends IntegrationTest {
|
|||||||
.get(webWolfUrl("/WebWolf/requests"))
|
.get(webWolfUrl("/WebWolf/requests"))
|
||||||
.then()
|
.then()
|
||||||
.extract().response().getBody().asString();
|
.extract().response().getBody().asString();
|
||||||
|
result = result.replace("%20", " ");
|
||||||
result = result.substring(result.lastIndexOf("WebGoat 8.0 rocks... ("),result.lastIndexOf("WebGoat 8.0 rocks... (")+33);
|
result = result.substring(result.lastIndexOf("WebGoat 8.0 rocks... ("),result.lastIndexOf("WebGoat 8.0 rocks... (")+33);
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -60,7 +60,7 @@ public class JWTSecretKeyEndpoint extends AssignmentEndpoint {
|
|||||||
private static final String WEBGOAT_USER = "WebGoat";
|
private static final String WEBGOAT_USER = "WebGoat";
|
||||||
private static final List<String> expectedClaims = Lists.newArrayList("iss", "iat", "exp", "aud", "sub", "username", "Email", "Role");
|
private static final List<String> expectedClaims = Lists.newArrayList("iss", "iat", "exp", "aud", "sub", "username", "Email", "Role");
|
||||||
|
|
||||||
@RequestMapping(path="/gettoken",produces=MediaType.TEXT_HTML_VALUE)
|
@RequestMapping(path="/JWT/secret/gettoken",produces=MediaType.TEXT_HTML_VALUE)
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public String getSecretToken() {
|
public String getSecretToken() {
|
||||||
return Jwts.builder()
|
return Jwts.builder()
|
||||||
|
|||||||
@ -153,7 +153,7 @@ public class JWTVotesEndpoint extends AssignmentEndpoint {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/JWT/votings/reset")
|
@PostMapping("/JWT/votings")
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public AttackResult resetVotes(@CookieValue(value = "access_token", required = false) String accessToken) {
|
public AttackResult resetVotes(@CookieValue(value = "access_token", required = false) String accessToken) {
|
||||||
if (StringUtils.isEmpty(accessToken)) {
|
if (StringUtils.isEmpty(accessToken)) {
|
||||||
|
|||||||
@ -153,7 +153,7 @@ public class JWTVotesEndpointTest extends LessonTest {
|
|||||||
Object[] nodes = new ObjectMapper().readValue(result.getResponse().getContentAsString(), Object[].class);
|
Object[] nodes = new ObjectMapper().readValue(result.getResponse().getContentAsString(), Object[].class);
|
||||||
int currentNumberOfVotes = (int) findNodeByTitle(nodes, "Admin lost password").get("numberOfVotes");
|
int currentNumberOfVotes = (int) findNodeByTitle(nodes, "Admin lost password").get("numberOfVotes");
|
||||||
|
|
||||||
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/vote/Admin lost password")
|
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/Admin lost password")
|
||||||
.cookie(cookie))
|
.cookie(cookie))
|
||||||
.andExpect(status().isAccepted());
|
.andExpect(status().isAccepted());
|
||||||
result = mockMvc.perform(MockMvcRequestBuilders.get("/JWT/votings")
|
result = mockMvc.perform(MockMvcRequestBuilders.get("/JWT/votings")
|
||||||
@ -176,7 +176,7 @@ public class JWTVotesEndpointTest extends LessonTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void guestShouldNotBeAbleToVote() throws Exception {
|
public void guestShouldNotBeAbleToVote() throws Exception {
|
||||||
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/vote/Admin lost password")
|
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/Admin lost password")
|
||||||
.cookie(new Cookie("access_token", "")))
|
.cookie(new Cookie("access_token", "")))
|
||||||
.andExpect(status().isUnauthorized());
|
.andExpect(status().isUnauthorized());
|
||||||
}
|
}
|
||||||
@ -188,7 +188,7 @@ public class JWTVotesEndpointTest extends LessonTest {
|
|||||||
claims.put("user", "Intruder");
|
claims.put("user", "Intruder");
|
||||||
String token = Jwts.builder().signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, JWT_PASSWORD).setClaims(claims).compact();
|
String token = Jwts.builder().signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, JWT_PASSWORD).setClaims(claims).compact();
|
||||||
|
|
||||||
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/vote/Admin lost password")
|
mockMvc.perform(MockMvcRequestBuilders.post("/JWT/votings/Admin lost password")
|
||||||
.cookie(new Cookie("access_token", token)))
|
.cookie(new Cookie("access_token", token)))
|
||||||
.andExpect(status().isUnauthorized());
|
.andExpect(status().isUnauthorized());
|
||||||
}
|
}
|
||||||
|
|||||||
@ -41,7 +41,7 @@ public class SqlInjectionLesson10a extends AssignmentEndpoint {
|
|||||||
private WebSession webSession;
|
private WebSession webSession;
|
||||||
private String[] results = {"getConnection", "PreparedStatement", "prepareStatement", "?", "?", "setString", "setString"};
|
private String[] results = {"getConnection", "PreparedStatement", "prepareStatement", "?", "?", "setString", "setString"};
|
||||||
|
|
||||||
@PostMapping("SqlInjectionMitigations/attack10a")
|
@PostMapping("/SqlInjectionMitigations/attack10a")
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public AttackResult completed(@RequestParam String field1, @RequestParam String field2, @RequestParam String field3, @RequestParam String field4, @RequestParam String field5, @RequestParam String field6, @RequestParam String field7) {
|
public AttackResult completed(@RequestParam String field1, @RequestParam String field2, @RequestParam String field3, @RequestParam String field4, @RequestParam String field5, @RequestParam String field6, @RequestParam String field7) {
|
||||||
String[] userInput = {field1, field2, field3, field4, field5, field6, field7};
|
String[] userInput = {field1, field2, field3, field4, field5, field6, field7};
|
||||||
|
|||||||
@ -41,7 +41,7 @@ import java.util.regex.Pattern;
|
|||||||
@AssignmentHints(value = {"SqlStringInjectionHint-mitigation-10b-1", "SqlStringInjectionHint-mitigation-10b-2", "SqlStringInjectionHint-mitigation-10b-3", "SqlStringInjectionHint-mitigation-10b-4", "SqlStringInjectionHint-mitigation-10b-5"})
|
@AssignmentHints(value = {"SqlStringInjectionHint-mitigation-10b-1", "SqlStringInjectionHint-mitigation-10b-2", "SqlStringInjectionHint-mitigation-10b-3", "SqlStringInjectionHint-mitigation-10b-4", "SqlStringInjectionHint-mitigation-10b-5"})
|
||||||
public class SqlInjectionLesson10b extends AssignmentEndpoint {
|
public class SqlInjectionLesson10b extends AssignmentEndpoint {
|
||||||
|
|
||||||
@PostMapping("SqlInjectionMitigations/attack10b")
|
@PostMapping("/SqlInjectionMitigations/attack10b")
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public AttackResult completed(@RequestParam String editor) {
|
public AttackResult completed(@RequestParam String editor) {
|
||||||
try {
|
try {
|
||||||
|
|||||||
@ -51,7 +51,7 @@ public class SqlInjectionLesson12a extends AssignmentEndpoint {
|
|||||||
@Autowired
|
@Autowired
|
||||||
private WebSession webSession;
|
private WebSession webSession;
|
||||||
|
|
||||||
@PostMapping("SqlInjectionMitigations/attack12a")
|
@PostMapping("/SqlInjectionMitigations/attack12a")
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
@SneakyThrows
|
@SneakyThrows
|
||||||
public AttackResult completed(@RequestParam String ip) {
|
public AttackResult completed(@RequestParam String ip) {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user