dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIx?

Browse Source
This commit is contained in:
Nanne Baars
2019-09-20 17:10:58 +02:00
parent 6fe5831f11
commit f29b923eef
3 changed files with 19 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java
View File

@ -87,7 +87,6 @@ public class GeneralLessonTest extends IntegrationTest {
.get(url("/WebGoat/HttpProxies/intercept-request?changeMe=Requests are tampered easily")).then()
.statusCode(200).extract().path("lessonCompleted"), CoreMatchers.is(true));
checkResults("/HttpProxies/");
}
@Test

20
webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequest.java
View File

@ -31,6 +31,11 @@ import org.springframework.web.bind.annotation.*;
@RestController
public class HttpBasicsInterceptRequest extends AssignmentEndpoint {
// @ExceptionHandler(MissingServletRequestParameterException.class)
// public AttackResult handleMissingParams() {
// return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
// }
@GetMapping("/HttpProxies/intercept-request")
@ResponseBody
public AttackResult completed(@RequestHeader(value = "x-request-intercepted", required = false) Boolean headerValue,
@ -42,14 +47,9 @@ public class HttpBasicsInterceptRequest extends AssignmentEndpoint {
}
}
@PostMapping("/HttpProxies/intercept-request")
@ResponseBody
public AttackResult post() {
return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
}
@ExceptionHandler(MissingServletRequestParameterException.class)
public AttackResult handleMissingParams() {
return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
}
// @PostMapping("/HttpProxies/intercept-request")
// @ResponseBody
// public AttackResult post() {
// return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
// }
}

18
webgoat-lessons/http-proxies/src/test/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequestTest.java
View File

@ -88,13 +88,13 @@ public class HttpBasicsInterceptRequestTest extends AssignmentEndpointTest {
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
}
@Test
public void whenPostAssignmentShouldNotPass() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/HttpProxies/intercept-request")
.header("x-request-intercepted", "true")
.param("changeMe", "Requests are tampered easily"))
.andExpect(status().isOk())
.andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("http-proxies.intercept.failure"))))
.andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
}
// @Test
// public void whenPostAssignmentShouldNotPass() throws Exception {
// mockMvc.perform(MockMvcRequestBuilders.post("/HttpProxies/intercept-request")
// .header("x-request-intercepted", "true")
// .param("changeMe", "Requests are tampered easily"))
// .andExpect(status().isOk())
// .andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("http-proxies.intercept.failure"))))
// .andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
// }
}