dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Stubs for security unit test

Browse Source
This commit is contained in:
Jason White 2017-05-24 13:12:36 -04:00
parent a9e5dd645d
commit e733131241
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/StoredXssComments.java
View File

@ -45,6 +45,7 @@ import org.owasp.webgoat.session.WebSession;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import org.owasp.encoder.*;
import static org.springframework.http.MediaType.ALL_VALUE; import static org.springframework.http.MediaType.ALL_VALUE;
import java.io.IOException; import java.io.IOException;
@ -76,6 +77,7 @@ public class StoredXssComments extends AssignmentEndpoint {
Collection<Comment> allComments = Lists.newArrayList(); Collection<Comment> allComments = Lists.newArrayList();
// no filtering applied here at render // no filtering applied here at render
allComments.addAll(comments); allComments.addAll(comments);
return allComments; return allComments;
} }

12
webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java
View File

@ -73,4 +73,16 @@ public class StoredXssCommentsTest extends AssignmentEndpointTest {
results.andExpect(status().isOk()); results.andExpect(status().isOk());
results.andExpect(jsonPath("$.lessonCompleted",CoreMatchers.is(false))); results.andExpect(jsonPath("$.lessonCompleted",CoreMatchers.is(false)));
} }
@Test
public void isNotEncoded() {
assert true;
//TODO: get around to this
}
@Test
public void isEncoded() {
assert true;
//TODO: get around to this
}
} }