initial test cases added
This commit is contained in:
		
				
					committed by
					
						 Nanne Baars
						Nanne Baars
					
				
			
			
				
	
			
			
			
						parent
						
							8d7142e6d3
						
					
				
				
					commit
					e932253f06
				
			| @ -0,0 +1,153 @@ | ||||
| package org.owasp.webgoat; | ||||
|  | ||||
| import static org.junit.Assert.assertEquals; | ||||
|  | ||||
| import java.io.IOException; | ||||
| import java.nio.file.Files; | ||||
| import java.nio.file.Path; | ||||
| import java.nio.file.Paths; | ||||
| import java.util.HashMap; | ||||
| import java.util.Map; | ||||
|  | ||||
| import org.junit.Test; | ||||
|  | ||||
| import io.restassured.RestAssured; | ||||
| import io.restassured.http.ContentType; | ||||
|  | ||||
| public class CSRFTest extends IntegrationTest { | ||||
| 	 | ||||
| 	private static final String trickHTML3 = "<!DOCTYPE html><html><body><form action=\"WEBGOATURL\" method=\"POST\">\n" +  | ||||
| 			"<input type=\"hidden\" name=\"csrf\" value=\"thisisnotchecked\"/>\n" +  | ||||
| 			"<input type=\"submit\" name=\"submit\" value=\"assignment 3\"/>\n" +  | ||||
| 			"</form></body></html>"; | ||||
| 	 | ||||
| 	private static final String trickHTML4 = "<!DOCTYPE html><html><body><form action=\"WEBGOATURL\" method=\"POST\">\n" +  | ||||
| 			"<input type=\"hidden\" name=\"reviewText\" value=\"hoi\"/>\n" +  | ||||
| 			"<input type=\"hidden\" name=\"starts\" value=\"3\"/>\n" +  | ||||
| 			"<input type=\"hidden\" name=\"validateReq\" value=\"2aa14227b9a13d0bede0388a7fba9aa9\"/>\n" +  | ||||
| 			"<input type=\"submit\" name=\"submit\" value=\"assignment 4\"/>\n" +  | ||||
| 			"</form>\n" +  | ||||
| 			"</body></html>"; | ||||
|      | ||||
| 	private static final String trickHTML7 = "<!DOCTYPE html><html><body><form action=\"WEBGOATURL\" enctype='text/plain' method=\"POST\">\n" +  | ||||
| 			"<input type=\"hidden\" name='{\"name\":\"WebGoat\",\"email\":\"webgoat@webgoat.org\",\"content\":\"WebGoat is the best!!' value='\"}' />\n" +  | ||||
| 			"<input type=\"submit\" value=\"assignment 7\"/>\n" +  | ||||
| 			"</form></body></html>"; | ||||
| 	 | ||||
|     private String webwolfFileDir; | ||||
| 	 | ||||
| 	 | ||||
|     @Test | ||||
|     public void runTests() throws IOException { | ||||
|         startLesson("CSRF"); | ||||
|          | ||||
|         webwolfFileDir = getWebWolfServerPath(); | ||||
|          | ||||
|         //Assignment 3 | ||||
|         uploadTrickHtml("csrf3.html", trickHTML3.replace("WEBGOATURL", url("/csrf/basic-get-flag"))); | ||||
|         checkAssignment3(callTrickHtml("csrf3.html")); | ||||
|          | ||||
|         uploadTrickHtml("csrf4.html", trickHTML4.replace("WEBGOATURL", url("/csrf/review"))); | ||||
|         checkAssignment4(callTrickHtml("csrf4.html")); | ||||
|          | ||||
|         uploadTrickHtml("csrf7.html", trickHTML7.replace("WEBGOATURL", url("/csrf/feedback/message"))); | ||||
|         //checkAssignment7(callTrickHtml("csrf7.html")); | ||||
|          | ||||
|         //checkResults("/csrf"); | ||||
|          | ||||
|     } | ||||
|      | ||||
|     private void uploadTrickHtml(String htmlName, String htmlContent) throws IOException { | ||||
|     	 | ||||
|     	//remove any left over html | ||||
|     	Path webWolfFilePath = Paths.get(webwolfFileDir); | ||||
|         if (webWolfFilePath.resolve(Paths.get(getWebgoatUser(),htmlName)).toFile().exists()) { | ||||
|         	Files.delete(webWolfFilePath.resolve(Paths.get(getWebgoatUser(),htmlName))); | ||||
|         } | ||||
|          | ||||
|     	//upload trick html | ||||
|         RestAssured.given() | ||||
|         .when() | ||||
|         .relaxedHTTPSValidation() | ||||
|         .cookie("WEBWOLFSESSION", getWebWolfCookie()) | ||||
|         .multiPart("file", htmlName, htmlContent.getBytes()) | ||||
|         .post(webWolfUrl("/WebWolf/fileupload")) | ||||
|         .then() | ||||
|         .extract().response().getBody().asString(); | ||||
|     } | ||||
|      | ||||
|     private String callTrickHtml(String htmlName) { | ||||
|     	String result = RestAssured.given() | ||||
|     	        .when() | ||||
|     	        .relaxedHTTPSValidation() | ||||
|     	        .cookie("JSESSIONID", getWebGoatCookie()) | ||||
|     	        .cookie("WEBWOLFSESSION", getWebWolfCookie()) | ||||
|     	        .get(webWolfUrl("/files/"+getWebgoatUser()+"/"+htmlName)) | ||||
|     	        .then() | ||||
|     	        .extract().response().getBody().asString(); | ||||
|     	result = result.substring(8+result.indexOf("action=\"")); | ||||
|     	result = result.substring(0, result.indexOf("\"")); | ||||
|     	 | ||||
|     	return result; | ||||
|     } | ||||
|      | ||||
|     private void checkAssignment3(String goatURL) { | ||||
|     	 | ||||
|     	String flag = RestAssured.given() | ||||
|             	.when() | ||||
|             	.relaxedHTTPSValidation() | ||||
|             	.cookie("JSESSIONID", getWebGoatCookie()) | ||||
|             	.header("Referer", webWolfUrl("/files/fake.html")) | ||||
|             	.post(goatURL) | ||||
|             	.then() | ||||
|             	.extract().path("flag").toString(); | ||||
|         	 | ||||
|     	Map<String, Object> params = new HashMap<>(); | ||||
|         params.clear(); | ||||
|         params.put("confirmFlagVal", flag); | ||||
|         checkAssignment(url("/WebGoat/csrf/confirm-flag-1"), params, true); | ||||
|     } | ||||
|      | ||||
|     private void checkAssignment4(String goatURL) { | ||||
|     	 | ||||
|     	Map<String, Object> params = new HashMap<>(); | ||||
|         params.clear(); | ||||
|         params.put("reviewText", "test review"); | ||||
|         params.put("stars", "5"); | ||||
|         params.put("validateReq", "2aa14227b9a13d0bede0388a7fba9aa9");//always the same token is the weakness | ||||
|     	 | ||||
|     	boolean result = RestAssured.given() | ||||
|             	.when() | ||||
|             	.relaxedHTTPSValidation() | ||||
|             	.cookie("JSESSIONID", getWebGoatCookie()) | ||||
|             	.header("Referer", webWolfUrl("/files/fake.html")) | ||||
|             	.formParams(params) | ||||
|             	.post(goatURL) | ||||
|             	.then() | ||||
|             	.extract().path("lessonCompleted"); | ||||
|     	assertEquals(true, result); | ||||
|         	 | ||||
|     } | ||||
|      | ||||
|     private void checkAssignment7(String goatURL) { | ||||
|     	 | ||||
|     	Map<String, Object> params = new HashMap<>(); | ||||
|         params.clear(); | ||||
|         params.put("{\"name\":\"WebGoat\",\"email\":\"webgoat@webgoat.org\",\"content\":\"WebGoat is the best!!", "\"}"); | ||||
|         | ||||
|     	String result = RestAssured.given() | ||||
|             	.when() | ||||
|             	.relaxedHTTPSValidation() | ||||
|             	.cookie("JSESSIONID", getWebGoatCookie()) | ||||
|             	.header("Referer", webWolfUrl("/files/fake.html")) | ||||
|             	.formParams(params) | ||||
|             	.log().all() | ||||
|             	.contentType(ContentType.TEXT) | ||||
|             	.post(goatURL) | ||||
|             	.then() | ||||
|             	.log().all() | ||||
|             	.extract().asString(); | ||||
|         	 | ||||
|     } | ||||
|      | ||||
| } | ||||
| @ -252,5 +252,33 @@ public abstract class IntegrationTest { | ||||
|                         .extract().path("lessonCompleted"), CoreMatchers.is(expectedResult)); | ||||
|     } | ||||
|      | ||||
|     public String getWebGoatServerPath() throws IOException { | ||||
|     	 | ||||
|     	//read path from server | ||||
|         String result = RestAssured.given() | ||||
|         .when() | ||||
|         .relaxedHTTPSValidation() | ||||
|         .cookie("JSESSIONID", getWebGoatCookie()) | ||||
|         .get(url("/WebGoat/xxe/tmpdir")) | ||||
|         .then() | ||||
|         .extract().response().getBody().asString(); | ||||
|         result = result.replace("%20", " "); | ||||
|         return result; | ||||
|     } | ||||
|      | ||||
|     public String getWebWolfServerPath() throws IOException { | ||||
|     	 | ||||
|     	//read path from server | ||||
|         String result = RestAssured.given() | ||||
|         .when() | ||||
|         .relaxedHTTPSValidation() | ||||
|         .cookie("WEBWOLFSESSION", getWebWolfCookie()) | ||||
|         .get(webWolfUrl("/tmpdir")) | ||||
|         .then() | ||||
|         .extract().response().getBody().asString(); | ||||
|         result = result.replace("%20", " "); | ||||
|         return result; | ||||
|     } | ||||
|      | ||||
| } | ||||
|  | ||||
|  | ||||
| @ -81,33 +81,5 @@ public class XXETest extends IntegrationTest { | ||||
|         result = result.substring(result.lastIndexOf("WebGoat 8.0 rocks... ("),result.lastIndexOf("WebGoat 8.0 rocks... (")+33); | ||||
|         return result; | ||||
|     } | ||||
|      | ||||
|     private String getWebGoatServerPath() throws IOException { | ||||
|     	 | ||||
|     	//read path from server | ||||
|         String result = RestAssured.given() | ||||
|         .when() | ||||
|         .relaxedHTTPSValidation() | ||||
|         .cookie("JSESSIONID", getWebGoatCookie()) | ||||
|         .get(url("/WebGoat/xxe/tmpdir")) | ||||
|         .then() | ||||
|         .extract().response().getBody().asString(); | ||||
|         result = result.replace("%20", " "); | ||||
|         return result; | ||||
|     } | ||||
|      | ||||
|     private String getWebWolfServerPath() throws IOException { | ||||
|     	 | ||||
|     	//read path from server | ||||
|         String result = RestAssured.given() | ||||
|         .when() | ||||
|         .relaxedHTTPSValidation() | ||||
|         .cookie("WEBWOLFSESSION", getWebWolfCookie()) | ||||
|         .get(webWolfUrl("/tmpdir")) | ||||
|         .then() | ||||
|         .extract().response().getBody().asString(); | ||||
|         result = result.replace("%20", " "); | ||||
|         return result; | ||||
|     } | ||||
|          | ||||
| } | ||||
|  | ||||
| @ -28,6 +28,7 @@ import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.web.bind.annotation.RequestMapping; | ||||
| import org.springframework.web.bind.annotation.RequestMethod; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.springframework.web.bind.annotation.RestController; | ||||
|  | ||||
| import javax.servlet.ServletException; | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| @ -40,7 +41,7 @@ import java.util.Random; | ||||
| /** | ||||
|  * Created by jason on 9/30/17. | ||||
|  */ | ||||
|  | ||||
| @RestController | ||||
| public class CSRFGetFlag { | ||||
|  | ||||
|     @Autowired | ||||
| @ -48,7 +49,7 @@ public class CSRFGetFlag { | ||||
|     @Autowired | ||||
|     private PluginMessages pluginMessages; | ||||
|  | ||||
|     @RequestMapping(produces = {"application/json"}, method = RequestMethod.POST) | ||||
|     @RequestMapping(path="/csrf/basic-get-flag" ,produces = {"application/json"}, method = RequestMethod.POST) | ||||
|     @ResponseBody | ||||
|     public Map<String, Object> invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { | ||||
|  | ||||
|  | ||||
| @ -139,7 +139,7 @@ | ||||
|   padding: 7px; | ||||
|   margin-top:7px; | ||||
|   padding:5px;"> | ||||
|         <div class="attack-container"> | ||||
|         <div class="example-container"> | ||||
|             <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||||
|             <div class="container-fluid"> | ||||
|                 <div class="row"> | ||||
|  | ||||
		Reference in New Issue
	
	Block a user