dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added testcase for LabelService

Browse Source
This commit is contained in:
Nanne Baars 2016-11-29 21:27:11 +01:00
parent 5f0ab09866
commit e5ed24fcf7
7 changed files with 120 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pom.xml
View File

@ -20,7 +20,7 @@
<parent> <parent>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId> <artifactId>spring-boot-starter-parent</artifactId>
<version>1.4.1.RELEASE</version> <version>1.4.2.RELEASE</version>
</parent> </parent>
<licenses> <licenses>

6
webgoat-container/pom.xml
View File

@ -283,6 +283,12 @@
<artifactId>spring-boot-starter-test</artifactId> <artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<version>4.1.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency> <dependency>
<groupId>junit</groupId> <groupId>junit</groupId>
<artifactId>junit</artifactId> <artifactId>junit</artifactId>

6
webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
View File

@ -46,6 +46,7 @@ import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder; import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.web.support.SpringBootServletInitializer; import org.springframework.boot.web.support.SpringBootServletInitializer;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Scope; import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode; import org.springframework.context.annotation.ScopedProxyMode;
@ -86,6 +87,11 @@ public class WebGoat extends SpringBootServletInitializer {
return new WebSession(webgoatContext); return new WebSession(webgoatContext);
} }
@Bean
public PluginEndpointPublisher pluginEndpointPublisher(ApplicationContext applicationContext) {
return new PluginEndpointPublisher(applicationContext);
}
@Bean @Bean
public Course course(PluginsExtractor extractor, PluginEndpointPublisher pluginEndpointPublisher) { public Course course(PluginsExtractor extractor, PluginEndpointPublisher pluginEndpointPublisher) {
return new PluginsLoader(extractor, pluginEndpointPublisher).loadPlugins(); return new PluginsLoader(extractor, pluginEndpointPublisher).loadPlugins();

2
webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginEndpointPublisher.java
View File

@ -8,7 +8,6 @@ import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint; import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint;
import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContext;
import org.springframework.context.support.AbstractApplicationContext; import org.springframework.context.support.AbstractApplicationContext;
import org.springframework.stereotype.Component;
/** /**
* ************************************************************************************************ * ************************************************************************************************
@ -39,7 +38,6 @@ import org.springframework.stereotype.Component;
* @version $Id: $Id * @version $Id: $Id
* @since October 16, 2016 * @since October 16, 2016
*/ */
@Component
@Slf4j @Slf4j
public class PluginEndpointPublisher { public class PluginEndpointPublisher {

15
webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java
View File

@ -29,10 +29,9 @@
*/ */
package org.owasp.webgoat.service; package org.owasp.webgoat.service;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.session.LabelDebugger; import org.owasp.webgoat.session.LabelDebugger;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
@ -51,18 +50,16 @@ import java.util.Map;
* @version $Id: $Id * @version $Id: $Id
*/ */
@Controller @Controller
@Slf4j
@AllArgsConstructor
public class LabelDebugService { public class LabelDebugService {
private static final String URL_DEBUG_LABELS_MVC = "/service/debug/labels.mvc"; private static final String URL_DEBUG_LABELS_MVC = "/service/debug/labels.mvc";
private static final String KEY_ENABLED = "enabled"; private static final String KEY_ENABLED = "enabled";
private static final String KEY_SUCCESS = "success"; private static final String KEY_SUCCESS = "success";
private static final Logger logger = LoggerFactory.getLogger(LabelDebugService.class);
@Autowired
private LabelDebugger labelDebugger; private LabelDebugger labelDebugger;
/** /**
* Checks if debugging of labels is enabled or disabled * Checks if debugging of labels is enabled or disabled
* *
@ -71,7 +68,7 @@ public class LabelDebugService {
@RequestMapping(path = URL_DEBUG_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE) @RequestMapping(path = URL_DEBUG_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody public @ResponseBody
ResponseEntity<Map<String, Object>> checkDebuggingStatus() { ResponseEntity<Map<String, Object>> checkDebuggingStatus() {
logger.debug("Checking label debugging, it is " + labelDebugger.isEnabled()); // FIXME parameterize log.debug("Checking label debugging, it is {}", labelDebugger.isEnabled());
Map<String, Object> result = createResponse(labelDebugger.isEnabled()); Map<String, Object> result = createResponse(labelDebugger.isEnabled());
return new ResponseEntity<>(result, HttpStatus.OK); return new ResponseEntity<>(result, HttpStatus.OK);
} }
@ -85,7 +82,7 @@ public class LabelDebugService {
@RequestMapping(value = URL_DEBUG_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE, params = KEY_ENABLED) @RequestMapping(value = URL_DEBUG_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE, params = KEY_ENABLED)
public @ResponseBody public @ResponseBody
ResponseEntity<Map<String, Object>> setDebuggingStatus(@RequestParam("enabled") Boolean enabled) throws Exception { ResponseEntity<Map<String, Object>> setDebuggingStatus(@RequestParam("enabled") Boolean enabled) throws Exception {
logger.debug("Setting label debugging to " + labelDebugger.isEnabled()); // FIXME parameterize log.debug("Setting label debugging to {} ", labelDebugger.isEnabled());
Map<String, Object> result = createResponse(enabled); Map<String, Object> result = createResponse(enabled);
labelDebugger.setEnabled(enabled); labelDebugger.setEnabled(enabled);
return new ResponseEntity<>(result, HttpStatus.OK); return new ResponseEntity<>(result, HttpStatus.OK);

50
webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java
View File

@ -1,46 +1,44 @@
/** /**
* ************************************************************************************************* * *************************************************************************************************
* * <p>
* * <p>
* This file is part of WebGoat, an Open Web Application Security Project * This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/ * utility. For details, please see http://www.owasp.org/
* * <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew * Copyright (c) 2002 - 20014 Bruce Mayhew
* * <p>
* This program is free software; you can redistribute it and/or modify it under * This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software * the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later * Foundation; either version 2 of the License, or (at your option) any later
* version. * version.
* * <p>
* This program is distributed in the hope that it will be useful, but WITHOUT * This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details. * details.
* * <p>
* You should have received a copy of the GNU General Public License along with * You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA. * Place - Suite 330, Boston, MA 02111-1307, USA.
* * <p>
* Getting Source ============== * Getting Source ==============
* * <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
* for free software projects. * for free software projects.
*
*/ */
package org.owasp.webgoat.service; package org.owasp.webgoat.service;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.i18n.LabelProvider; import org.owasp.webgoat.i18n.LabelProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import java.util.Locale; import java.util.Locale;
@ -53,15 +51,13 @@ import java.util.Map;
* @author zupzup * @author zupzup
*/ */
@Controller @RestController
@Slf4j
@AllArgsConstructor
public class LabelService { public class LabelService {
private static final String URL_LABELS_MVC = "/service/labels.mvc"; public static final String URL_LABELS_MVC = "/service/labels.mvc";
private final LabelProvider labelProvider;
private static final Logger logger = LoggerFactory.getLogger(LabelService.class);
@Autowired
private LabelProvider labelProvider;
/** /**
* Fetches labels for given language * Fetches labels for given language
@ -72,19 +68,19 @@ public class LabelService {
* @return a map of labels * @return a map of labels
* @throws Exception * @throws Exception
*/ */
@RequestMapping(path = URL_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE) @GetMapping(path = URL_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody @ResponseBody
ResponseEntity<Map<String, String>> fetchLabels(@RequestParam(value = "lang", required = false) String lang, HttpServletRequest request) throws Exception { public ResponseEntity<Map<String, String>> fetchLabels(@RequestParam(value = "lang", required = false) String lang, HttpServletRequest request) {
Locale locale; Locale locale;
if (StringUtils.isEmpty(lang)) { if (StringUtils.isEmpty(lang)) {
logger.debug("No language provided, determining from request headers"); log.debug("No language provided, determining from request headers");
locale = request.getLocale(); locale = request.getLocale();
if (locale != null) { if (locale != null) {
logger.debug("Locale set to {}", locale); log.debug("Locale set to {}", locale);
} }
} else { } else {
locale = Locale.forLanguageTag(lang); locale = Locale.forLanguageTag(lang);
logger.debug("Language provided: {} leads to Locale: {}", lang, locale); log.debug("Language provided: {} leads to Locale: {}", lang, locale);
} }
return new ResponseEntity<>(labelProvider.getLabels(locale), HttpStatus.OK); return new ResponseEntity<>(labelProvider.getLabels(locale), HttpStatus.OK);
} }

78
webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java Normal file
View File

@ -0,0 +1,78 @@
package org.owasp.webgoat.service;
import org.assertj.core.util.Maps;
import org.hamcrest.CoreMatchers;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.i18n.LabelProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import java.util.Locale;
import static org.mockito.Mockito.when;
import static org.owasp.webgoat.service.LabelService.URL_LABELS_MVC;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
* <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* <p>
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
* <p>
* Getting Source ==============
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
* <p>
*
* @author nbaars
* @version $Id: $Id
* @since November 29, 2016
*/
@WebMvcTest(value = {LabelService.class, LabelProvider.class})
@RunWith(SpringRunner.class)
public class LabelServiceTest {
@Autowired
public MockMvc mockMvc;
@MockBean
private LabelProvider labelProvider;
@Test
@WithMockUser(username = "guest", password = "guest")
public void withoutLocale() throws Exception {
when(labelProvider.getLabels(Locale.ENGLISH)).thenReturn(Maps.newHashMap("key", "value"));
mockMvc.perform(MockMvcRequestBuilders.get(URL_LABELS_MVC))
.andExpect(status().isOk())
.andExpect(jsonPath("key", CoreMatchers.is("value")));
}
@Test
@WithMockUser(username = "guest", password = "guest")
public void withLocale() throws Exception {
when(labelProvider.getLabels(Locale.GERMAN)).thenReturn(Maps.newHashMap("key", "value"));
mockMvc.perform(MockMvcRequestBuilders.get(URL_LABELS_MVC).param("lang", "de"))
.andExpect(status().isOk())
.andExpect(jsonPath("key", CoreMatchers.is("value")));
}
}