dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix for complete progress of sql mitigations and integration test

Browse Source
This commit is contained in:
René Zubcevic 2019-09-10 09:00:13 +02:00 committed by Nanne Baars
parent a56f41e0ea
commit fb2e11fe11
5 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java
View File

@ -2,6 +2,9 @@ package org.owasp.webgoat;
import org.junit.Test; import org.junit.Test;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@ -33,7 +36,18 @@ public class SqlInjectionMitigationTest extends IntegrationTest {
"}"); "}");
checkAssignment(url("/WebGoat/SqlInjectionMitigations/attack10b"), params, true); checkAssignment(url("/WebGoat/SqlInjectionMitigations/attack10b"), params, true);
//checkResults(webGoatCookie, webgoatURL, "/SqlInjectionMitigations/"); RestAssured.given()
.when().config(restConfig).cookie("JSESSIONID", getWebGoatCookie())
.contentType(ContentType.JSON)
.get(url("/WebGoat/SqlInjectionMitigations/servers?column=(case when (true) then hostname else id end)"))
.then()
.statusCode(200);
params.clear();
params.put("ip", "104.130.219.202");
checkAssignment(url("/WebGoat/SqlInjectionMitigations/attack12a"), params, true);
checkResults("/SqlInjectionMitigations/");
} }
} }

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10a.java
View File

@ -13,7 +13,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
@AssignmentPath("SqlInjectionMitigations/attack10a") @AssignmentPath("/SqlInjectionMitigations/attack10a")
@Slf4j @Slf4j
@AssignmentHints(value = {"SqlStringInjectionHint-mitigation-10a-1", "SqlStringInjectionHint-mitigation-10a-10a2"}) @AssignmentHints(value = {"SqlStringInjectionHint-mitigation-10a-1", "SqlStringInjectionHint-mitigation-10a-10a2"})
public class SqlInjectionLesson10a extends AssignmentEndpoint { public class SqlInjectionLesson10a extends AssignmentEndpoint {

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10b.java
View File

@ -18,7 +18,7 @@ import java.util.List;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
@AssignmentPath("SqlInjectionMitigations/attack10b") @AssignmentPath("/SqlInjectionMitigations/attack10b")
@AssignmentHints(value = {"SqlStringInjectionHint-mitigation-10b-1", "SqlStringInjectionHint-mitigation-10b-2", "SqlStringInjectionHint-mitigation-10b-3", "SqlStringInjectionHint-mitigation-10b-4", "SqlStringInjectionHint-mitigation-10b-5"}) @AssignmentHints(value = {"SqlStringInjectionHint-mitigation-10b-1", "SqlStringInjectionHint-mitigation-10b-2", "SqlStringInjectionHint-mitigation-10b-3", "SqlStringInjectionHint-mitigation-10b-4", "SqlStringInjectionHint-mitigation-10b-5"})
public class SqlInjectionLesson10b extends AssignmentEndpoint { public class SqlInjectionLesson10b extends AssignmentEndpoint {

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java
View File

@ -20,7 +20,7 @@ import java.sql.*;
* @author nbaars * @author nbaars
* @since 6/13/17. * @since 6/13/17.
*/ */
@AssignmentPath("SqlInjectionMitigations/attack12a") @AssignmentPath("/SqlInjectionMitigations/attack12a")
@AssignmentHints(value = {"SqlStringInjectionHint-mitigation-12a-1", "SqlStringInjectionHint-mitigation-12a-2", "SqlStringInjectionHint-mitigation-12a-3", "SqlStringInjectionHint-mitigation-12a-4"}) @AssignmentHints(value = {"SqlStringInjectionHint-mitigation-12a-1", "SqlStringInjectionHint-mitigation-12a-2", "SqlStringInjectionHint-mitigation-12a-3", "SqlStringInjectionHint-mitigation-12a-4"})
@Slf4j @Slf4j
public class SqlInjectionLesson12a extends AssignmentEndpoint { public class SqlInjectionLesson12a extends AssignmentEndpoint {

2
webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionMitigations.html
View File

@ -128,7 +128,7 @@
<br/> <br/>
</div> </div>
</form> </form>
<form class="attack-form" method="POST" name="form" action="SqlInjection/attack12a"> <form class="attack-form" method="POST" name="form" action="/WebGoat/SqlInjectionMitigations/attack12a">
<div class="form-group"> <div class="form-group">
<div class="input-group"> <div class="input-group">
<div class="input-group-addon">IP address webgoat-prd server:</div> <div class="input-group-addon">IP address webgoat-prd server:</div>