From d1db58f1e6948523952db811ec2a5e0071bf03ec Mon Sep 17 00:00:00 2001 From: tkomlodi <6026319+tkomlodi@users.noreply.github.com> Date: Mon, 27 Nov 2023 08:43:52 -0500 Subject: [PATCH] PR feedback updates: renamed custom MultipartResolver class name, removed spring-test dependency. --- build.gradle | 2 -- .../configuration/VulnerableAppConfiguration.java | 4 ++-- .../fileupload/UnrestrictedFileUploadTest.java | 14 +++++++++----- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/build.gradle b/build.gradle index 4fd9806e..6bccadd5 100644 --- a/build.gradle +++ b/build.gradle @@ -129,8 +129,6 @@ dependencies { // https://mvnrepository.com/artifact/org.assertj/assertj-core testImplementation group: 'org.assertj', name: 'assertj-core', version: '3.17.2' - testImplementation group: 'org.springframework', name: 'spring-test' - // https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-data-jpa implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-jpa', version: '2.3.1.RELEASE' diff --git a/src/main/java/org/sasanlabs/configuration/VulnerableAppConfiguration.java b/src/main/java/org/sasanlabs/configuration/VulnerableAppConfiguration.java index e91aca22..26e63f1b 100755 --- a/src/main/java/org/sasanlabs/configuration/VulnerableAppConfiguration.java +++ b/src/main/java/org/sasanlabs/configuration/VulnerableAppConfiguration.java @@ -144,7 +144,7 @@ public JdbcTemplate applicationJdbcTemplate( @Bean @Order(0) public MultipartFilter multipartFilter() { - class CustomMF extends MultipartFilter { + class MaxUploadSizeOverrideMultipartFilter extends MultipartFilter { @Override protected MultipartResolver lookupMultipartResolver(HttpServletRequest request) { if (MAX_FILE_UPLOAD_SIZE_OVERRIDE_PATHS.contains(request.getServletPath())) { @@ -158,6 +158,6 @@ protected MultipartResolver lookupMultipartResolver(HttpServletRequest request) } } }; - return new CustomMF(); + return new MaxUploadSizeOverrideMultipartFilter(); } } diff --git a/src/test/java/org/sasanlabs/service/vulnerability/fileupload/UnrestrictedFileUploadTest.java b/src/test/java/org/sasanlabs/service/vulnerability/fileupload/UnrestrictedFileUploadTest.java index 6adda4ab..939bac33 100644 --- a/src/test/java/org/sasanlabs/service/vulnerability/fileupload/UnrestrictedFileUploadTest.java +++ b/src/test/java/org/sasanlabs/service/vulnerability/fileupload/UnrestrictedFileUploadTest.java @@ -1,16 +1,17 @@ package org.sasanlabs.service.vulnerability.fileupload; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.mockito.Mockito.when; import java.io.IOException; import java.net.URISyntaxException; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.mockito.Mockito; import org.sasanlabs.service.vulnerability.bean.GenericVulnerabilityResponseBean; import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; -import org.springframework.mock.web.MockMultipartFile; +import org.springframework.web.multipart.MultipartFile; public class UnrestrictedFileUploadTest { private UnrestrictedFileUpload unrestrictedFileUpload; @@ -24,10 +25,13 @@ void setUp() throws IOException, URISyntaxException { void unrestrictedFileSizeUploadLevel10_OverLimitFileSize_FileContentSavedInMemory() throws Exception { final byte[] fileContent = "Test file content".getBytes(); - MockMultipartFile m = - new MockMultipartFile("file", "file.txt", MediaType.TEXT_PLAIN_VALUE, fileContent); + + MultipartFile multiplartFile = Mockito.mock(MultipartFile.class); + when(multiplartFile.getBytes()).thenReturn(fileContent); + ResponseEntity> result = - unrestrictedFileUpload.getVulnerablePayloadLevel10(m); + unrestrictedFileUpload.getVulnerablePayloadLevel10(multiplartFile); + assertEquals(HttpStatus.OK, result.getStatusCode()); assertEquals(