diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java
new file mode 100644
index 000000000..872950ec1
--- /dev/null
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java
@@ -0,0 +1,153 @@
+package org.owasp.webgoat;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Test;
+
+import io.restassured.RestAssured;
+import io.restassured.http.ContentType;
+
+public class CSRFTest extends IntegrationTest {
+
+ private static final String trickHTML3 = "";
+
+ private static final String trickHTML4 = "\n" +
+ "";
+
+ private static final String trickHTML7 = "";
+
+ private String webwolfFileDir;
+
+
+ @Test
+ public void runTests() throws IOException {
+ startLesson("CSRF");
+
+ webwolfFileDir = getWebWolfServerPath();
+
+ //Assignment 3
+ uploadTrickHtml("csrf3.html", trickHTML3.replace("WEBGOATURL", url("/csrf/basic-get-flag")));
+ checkAssignment3(callTrickHtml("csrf3.html"));
+
+ uploadTrickHtml("csrf4.html", trickHTML4.replace("WEBGOATURL", url("/csrf/review")));
+ checkAssignment4(callTrickHtml("csrf4.html"));
+
+ uploadTrickHtml("csrf7.html", trickHTML7.replace("WEBGOATURL", url("/csrf/feedback/message")));
+ //checkAssignment7(callTrickHtml("csrf7.html"));
+
+ //checkResults("/csrf");
+
+ }
+
+ private void uploadTrickHtml(String htmlName, String htmlContent) throws IOException {
+
+ //remove any left over html
+ Path webWolfFilePath = Paths.get(webwolfFileDir);
+ if (webWolfFilePath.resolve(Paths.get(getWebgoatUser(),htmlName)).toFile().exists()) {
+ Files.delete(webWolfFilePath.resolve(Paths.get(getWebgoatUser(),htmlName)));
+ }
+
+ //upload trick html
+ RestAssured.given()
+ .when()
+ .relaxedHTTPSValidation()
+ .cookie("WEBWOLFSESSION", getWebWolfCookie())
+ .multiPart("file", htmlName, htmlContent.getBytes())
+ .post(webWolfUrl("/WebWolf/fileupload"))
+ .then()
+ .extract().response().getBody().asString();
+ }
+
+ private String callTrickHtml(String htmlName) {
+ String result = RestAssured.given()
+ .when()
+ .relaxedHTTPSValidation()
+ .cookie("JSESSIONID", getWebGoatCookie())
+ .cookie("WEBWOLFSESSION", getWebWolfCookie())
+ .get(webWolfUrl("/files/"+getWebgoatUser()+"/"+htmlName))
+ .then()
+ .extract().response().getBody().asString();
+ result = result.substring(8+result.indexOf("action=\""));
+ result = result.substring(0, result.indexOf("\""));
+
+ return result;
+ }
+
+ private void checkAssignment3(String goatURL) {
+
+ String flag = RestAssured.given()
+ .when()
+ .relaxedHTTPSValidation()
+ .cookie("JSESSIONID", getWebGoatCookie())
+ .header("Referer", webWolfUrl("/files/fake.html"))
+ .post(goatURL)
+ .then()
+ .extract().path("flag").toString();
+
+ Map params = new HashMap<>();
+ params.clear();
+ params.put("confirmFlagVal", flag);
+ checkAssignment(url("/WebGoat/csrf/confirm-flag-1"), params, true);
+ }
+
+ private void checkAssignment4(String goatURL) {
+
+ Map params = new HashMap<>();
+ params.clear();
+ params.put("reviewText", "test review");
+ params.put("stars", "5");
+ params.put("validateReq", "2aa14227b9a13d0bede0388a7fba9aa9");//always the same token is the weakness
+
+ boolean result = RestAssured.given()
+ .when()
+ .relaxedHTTPSValidation()
+ .cookie("JSESSIONID", getWebGoatCookie())
+ .header("Referer", webWolfUrl("/files/fake.html"))
+ .formParams(params)
+ .post(goatURL)
+ .then()
+ .extract().path("lessonCompleted");
+ assertEquals(true, result);
+
+ }
+
+ private void checkAssignment7(String goatURL) {
+
+ Map params = new HashMap<>();
+ params.clear();
+ params.put("{\"name\":\"WebGoat\",\"email\":\"webgoat@webgoat.org\",\"content\":\"WebGoat is the best!!", "\"}");
+
+ String result = RestAssured.given()
+ .when()
+ .relaxedHTTPSValidation()
+ .cookie("JSESSIONID", getWebGoatCookie())
+ .header("Referer", webWolfUrl("/files/fake.html"))
+ .formParams(params)
+ .log().all()
+ .contentType(ContentType.TEXT)
+ .post(goatURL)
+ .then()
+ .log().all()
+ .extract().asString();
+
+ }
+
+}
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java
index 22ef1cf29..7771e86ec 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java
@@ -252,5 +252,33 @@ public abstract class IntegrationTest {
.extract().path("lessonCompleted"), CoreMatchers.is(expectedResult));
}
+ public String getWebGoatServerPath() throws IOException {
+
+ //read path from server
+ String result = RestAssured.given()
+ .when()
+ .relaxedHTTPSValidation()
+ .cookie("JSESSIONID", getWebGoatCookie())
+ .get(url("/WebGoat/xxe/tmpdir"))
+ .then()
+ .extract().response().getBody().asString();
+ result = result.replace("%20", " ");
+ return result;
+ }
+
+ public String getWebWolfServerPath() throws IOException {
+
+ //read path from server
+ String result = RestAssured.given()
+ .when()
+ .relaxedHTTPSValidation()
+ .cookie("WEBWOLFSESSION", getWebWolfCookie())
+ .get(webWolfUrl("/tmpdir"))
+ .then()
+ .extract().response().getBody().asString();
+ result = result.replace("%20", " ");
+ return result;
+ }
+
}
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java
index 8adc1f95b..4c7070de1 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java
@@ -81,33 +81,5 @@ public class XXETest extends IntegrationTest {
result = result.substring(result.lastIndexOf("WebGoat 8.0 rocks... ("),result.lastIndexOf("WebGoat 8.0 rocks... (")+33);
return result;
}
-
- private String getWebGoatServerPath() throws IOException {
-
- //read path from server
- String result = RestAssured.given()
- .when()
- .relaxedHTTPSValidation()
- .cookie("JSESSIONID", getWebGoatCookie())
- .get(url("/WebGoat/xxe/tmpdir"))
- .then()
- .extract().response().getBody().asString();
- result = result.replace("%20", " ");
- return result;
- }
-
- private String getWebWolfServerPath() throws IOException {
-
- //read path from server
- String result = RestAssured.given()
- .when()
- .relaxedHTTPSValidation()
- .cookie("WEBWOLFSESSION", getWebWolfCookie())
- .get(webWolfUrl("/tmpdir"))
- .then()
- .extract().response().getBody().asString();
- result = result.replace("%20", " ");
- return result;
- }
}
diff --git a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFGetFlag.java b/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFGetFlag.java
index 89027ed7a..f063c9208 100644
--- a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFGetFlag.java
+++ b/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFGetFlag.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -40,7 +41,7 @@ import java.util.Random;
/**
* Created by jason on 9/30/17.
*/
-
+@RestController
public class CSRFGetFlag {
@Autowired
@@ -48,7 +49,7 @@ public class CSRFGetFlag {
@Autowired
private PluginMessages pluginMessages;
- @RequestMapping(produces = {"application/json"}, method = RequestMethod.POST)
+ @RequestMapping(path="/csrf/basic-get-flag" ,produces = {"application/json"}, method = RequestMethod.POST)
@ResponseBody
public Map invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
diff --git a/webgoat-lessons/csrf/src/main/resources/html/CSRF.html b/webgoat-lessons/csrf/src/main/resources/html/CSRF.html
index 9b9d79f02..a8119e8a6 100644
--- a/webgoat-lessons/csrf/src/main/resources/html/CSRF.html
+++ b/webgoat-lessons/csrf/src/main/resources/html/CSRF.html
@@ -139,7 +139,7 @@
padding: 7px;
margin-top:7px;
padding:5px;">
-