dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIx?

Browse Source
This commit is contained in:
Nanne Baars
2019-09-20 17:10:58 +02:00
parent 6fe5831f11
commit f29b923eef
3 changed files with 19 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java
View File

@ -87,7 +87,6 @@ public class GeneralLessonTest extends IntegrationTest {
.get(url("/WebGoat/HttpProxies/intercept-request?changeMe=Requests are tampered easily")).then() .get(url("/WebGoat/HttpProxies/intercept-request?changeMe=Requests are tampered easily")).then()
.statusCode(200).extract().path("lessonCompleted"), CoreMatchers.is(true)); .statusCode(200).extract().path("lessonCompleted"), CoreMatchers.is(true));
checkResults("/HttpProxies/"); checkResults("/HttpProxies/");
} }
@Test @Test

20
webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequest.java
View File

@ -31,6 +31,11 @@ import org.springframework.web.bind.annotation.*;
@RestController @RestController
public class HttpBasicsInterceptRequest extends AssignmentEndpoint { public class HttpBasicsInterceptRequest extends AssignmentEndpoint {
// @ExceptionHandler(MissingServletRequestParameterException.class)
// public AttackResult handleMissingParams() {
// return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
// }
@GetMapping("/HttpProxies/intercept-request") @GetMapping("/HttpProxies/intercept-request")
@ResponseBody @ResponseBody
public AttackResult completed(@RequestHeader(value = "x-request-intercepted", required = false) Boolean headerValue, public AttackResult completed(@RequestHeader(value = "x-request-intercepted", required = false) Boolean headerValue,
@ -42,14 +47,9 @@ public class HttpBasicsInterceptRequest extends AssignmentEndpoint {
} }
} }
@PostMapping("/HttpProxies/intercept-request") // @PostMapping("/HttpProxies/intercept-request")
@ResponseBody // @ResponseBody
public AttackResult post() { // public AttackResult post() {
return trackProgress(failed().feedback("http-proxies.intercept.failure").build()); // return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
} // }
@ExceptionHandler(MissingServletRequestParameterException.class)
public AttackResult handleMissingParams() {
return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
}
} }

18
webgoat-lessons/http-proxies/src/test/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequestTest.java
View File

@ -88,13 +88,13 @@ public class HttpBasicsInterceptRequestTest extends AssignmentEndpointTest {
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false))); .andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
} }
@Test // @Test
public void whenPostAssignmentShouldNotPass() throws Exception { // public void whenPostAssignmentShouldNotPass() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/HttpProxies/intercept-request") // mockMvc.perform(MockMvcRequestBuilders.post("/HttpProxies/intercept-request")
.header("x-request-intercepted", "true") // .header("x-request-intercepted", "true")
.param("changeMe", "Requests are tampered easily")) // .param("changeMe", "Requests are tampered easily"))
.andExpect(status().isOk()) // .andExpect(status().isOk())
.andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("http-proxies.intercept.failure")))) // .andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("http-proxies.intercept.failure"))))
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false))); // .andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
} // }
} }