From b5f8a61b85bd153d83b1955416d42f4edc2a44d7 Mon Sep 17 00:00:00 2001 From: Richard Sirovic Date: Wed, 22 Nov 2023 10:36:41 +0100 Subject: [PATCH 1/3] Add test for PathTraversal class --- .../pathTraversal/PathTraversalTest.java | 306 ++++++++++++++++++ 1 file changed, 306 insertions(+) create mode 100644 src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java diff --git a/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java b/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java new file mode 100644 index 00000000..1da5e5d9 --- /dev/null +++ b/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java @@ -0,0 +1,306 @@ +package org.sasanlabs.service.vulnerability.pathTraversal; + +import org.junit.jupiter.api.Test; +import org.mockito.InjectMocks; +import org.sasanlabs.service.vulnerability.bean.GenericVulnerabilityResponseBean; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.http.RequestEntity; + + +import java.net.URI; +import java.net.URISyntaxException; +import java.util.HashMap; +import java.util.Map; + +import static org.junit.jupiter.api.Assertions.*; + + +class PathTraversalVulnerabilityTest { + @InjectMocks + private PathTraversalVulnerability pathTraversalVulnerability = new PathTraversalVulnerability(); + @Test + void testGetVulnerablePayloadLevel1WithNullFileName() { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel1(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel1() { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel1(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel2WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel2(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel2() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel2(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel3WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel3(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + + @Test + void testGetVulnerablePayloadLevel3() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel3(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel4WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel4(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel4() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel4(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel5WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel5(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel5() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel5(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel6WithNullFileName() { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel6(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel6() { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel6(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel7WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel7(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel7() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel7(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel8WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel8(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel8() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel8(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel9WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel9(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel9() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel9(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel10WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel10(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel10() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel10(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel11WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel11(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel11() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel11(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel12WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel12(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel12() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel12(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } +} From eddf7a4f4ee0fa3d4bdce0e12d5ce35728cb6ace Mon Sep 17 00:00:00 2001 From: Richard Sirovic Date: Mon, 4 Dec 2023 16:04:26 +0100 Subject: [PATCH 2/3] Add next tests for PathTraversal class --- .../pathTraversal/PathTraversalTest.java | 148 +++++++++++++++++- 1 file changed, 146 insertions(+), 2 deletions(-) diff --git a/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java b/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java index 1da5e5d9..5ebc909a 100644 --- a/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java +++ b/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java @@ -32,6 +32,17 @@ void testGetVulnerablePayloadLevel1WithNullFileName() { assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel1WithWrongFileName() { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "../"); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel1(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertTrue(response.getBody().getIsValid()); + assertNotNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel1() { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -54,6 +65,20 @@ void testGetVulnerablePayloadLevel2WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel2WithWrongURL() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("../")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel2(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel2() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -78,7 +103,20 @@ void testGetVulnerablePayloadLevel3WithNullFileName() throws URISyntaxException assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } - + @Test + void testGetVulnerablePayloadLevel3WithWrongURL() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("..")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel3(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } @Test void testGetVulnerablePayloadLevel3() throws URISyntaxException { Map queryParams = new HashMap<>(); @@ -105,6 +143,20 @@ void testGetVulnerablePayloadLevel4WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel4WithWrongURL() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("%2f")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel4(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel4() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -130,6 +182,20 @@ void testGetVulnerablePayloadLevel5WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel5WithWrongURLAndFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("%2f/..")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel5(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel5() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -152,6 +218,17 @@ void testGetVulnerablePayloadLevel6WithNullFileName() { assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel6WithWrongFileName() { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", ".."); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel6(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel6() { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -199,6 +276,20 @@ void testGetVulnerablePayloadLevel8WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel8WithWrongURLAndFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("../")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel8(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel8() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -224,6 +315,20 @@ void testGetVulnerablePayloadLevel9WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel9WithWrongURLAndFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("..")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel9(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel9() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -249,6 +354,20 @@ void testGetVulnerablePayloadLevel10WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel10WithWrongURLAndFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("%2f/..")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel10(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel10() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -274,6 +393,20 @@ void testGetVulnerablePayloadLevel11WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel11WithWrongURLAndFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("2f/..")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel11(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel11() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -296,6 +429,17 @@ void testGetVulnerablePayloadLevel12WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel12WithWrongFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", ".."); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel12(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel12() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -303,4 +447,4 @@ void testGetVulnerablePayloadLevel12() throws URISyntaxException { pathTraversalVulnerability.getVulnerablePayloadLevel12(queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } -} +} \ No newline at end of file From e4ad5d7eb36ec4dc55609badc8cb0a7ec9fc8430 Mon Sep 17 00:00:00 2001 From: Karan Preet Singh Sasan Date: Mon, 4 Dec 2023 11:47:43 -0800 Subject: [PATCH 3/3] running spotlessapply --- .../pathTraversal/PathTraversalTest.java | 193 +++++++++--------- 1 file changed, 97 insertions(+), 96 deletions(-) diff --git a/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java b/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java index 5ebc909a..ed779b9c 100644 --- a/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java +++ b/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java @@ -1,25 +1,24 @@ package org.sasanlabs.service.vulnerability.pathTraversal; +import static org.junit.jupiter.api.Assertions.*; + +import java.net.URI; +import java.net.URISyntaxException; +import java.util.HashMap; +import java.util.Map; import org.junit.jupiter.api.Test; import org.mockito.InjectMocks; import org.sasanlabs.service.vulnerability.bean.GenericVulnerabilityResponseBean; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; import org.springframework.http.RequestEntity; - - -import java.net.URI; -import java.net.URISyntaxException; -import java.util.HashMap; -import java.util.Map; - -import static org.junit.jupiter.api.Assertions.*; - +import org.springframework.http.ResponseEntity; class PathTraversalVulnerabilityTest { @InjectMocks - private PathTraversalVulnerability pathTraversalVulnerability = new PathTraversalVulnerability(); + private PathTraversalVulnerability pathTraversalVulnerability = + new PathTraversalVulnerability(); + @Test void testGetVulnerablePayloadLevel1WithNullFileName() { Map queryParams = new HashMap<>(); @@ -31,6 +30,7 @@ void testGetVulnerablePayloadLevel1WithNullFileName() { assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel1WithWrongFileName() { Map queryParams = new HashMap<>(); @@ -42,6 +42,7 @@ void testGetVulnerablePayloadLevel1WithWrongFileName() { assertTrue(response.getBody().getIsValid()); assertNotNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel1() { Map queryParams = new HashMap<>(); @@ -50,162 +51,160 @@ void testGetVulnerablePayloadLevel1() { pathTraversalVulnerability.getVulnerablePayloadLevel1(queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } + @Test void testGetVulnerablePayloadLevel2WithNullFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel2(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel2(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel2WithWrongURL() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); - RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("../")); + RequestEntity requestEntity = new RequestEntity<>(HttpMethod.GET, new URI("../")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel2(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel2(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel2() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel2(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel2(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } + @Test void testGetVulnerablePayloadLevel3WithNullFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel3(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel3(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel3WithWrongURL() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); - RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("..")); + RequestEntity requestEntity = new RequestEntity<>(HttpMethod.GET, new URI("..")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel3(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel3(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel3() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel3(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel3(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } + @Test void testGetVulnerablePayloadLevel4WithNullFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel4(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel4(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel4WithWrongURL() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); - RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("%2f")); + RequestEntity requestEntity = new RequestEntity<>(HttpMethod.GET, new URI("%2f")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel4(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel4(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel4() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel4(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel4(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } + @Test void testGetVulnerablePayloadLevel5WithNullFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel5(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel5(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel5WithWrongURLAndFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("%2f/..")); + new RequestEntity<>(HttpMethod.GET, new URI("%2f/..")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel5(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel5(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel5() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel5(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel5(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } + @Test void testGetVulnerablePayloadLevel6WithNullFileName() { Map queryParams = new HashMap<>(); @@ -217,6 +216,7 @@ void testGetVulnerablePayloadLevel6WithNullFileName() { assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel6WithWrongFileName() { Map queryParams = new HashMap<>(); @@ -228,6 +228,7 @@ void testGetVulnerablePayloadLevel6WithWrongFileName() { assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel6() { Map queryParams = new HashMap<>(); @@ -236,187 +237,185 @@ void testGetVulnerablePayloadLevel6() { pathTraversalVulnerability.getVulnerablePayloadLevel6(queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } + @Test void testGetVulnerablePayloadLevel7WithNullFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel7(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel7(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel7() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel7(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel7(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } + @Test void testGetVulnerablePayloadLevel8WithNullFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel8(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel8(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel8WithWrongURLAndFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); - RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("../")); + RequestEntity requestEntity = new RequestEntity<>(HttpMethod.GET, new URI("../")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel8(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel8(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel8() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel8(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel8(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } + @Test void testGetVulnerablePayloadLevel9WithNullFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel9(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel9(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel9WithWrongURLAndFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); - RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("..")); + RequestEntity requestEntity = new RequestEntity<>(HttpMethod.GET, new URI("..")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel9(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel9(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel9() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel9(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel9(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } + @Test void testGetVulnerablePayloadLevel10WithNullFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel10(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel10(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel10WithWrongURLAndFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("%2f/..")); + new RequestEntity<>(HttpMethod.GET, new URI("%2f/..")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel10(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel10(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel10() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel10(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel10(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } + @Test void testGetVulnerablePayloadLevel11WithNullFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel11(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel11(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel11WithWrongURLAndFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", null); - RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("2f/..")); + RequestEntity requestEntity = new RequestEntity<>(HttpMethod.GET, new URI("2f/..")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel11(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel11(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNotNull(response.getBody()); assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel11() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); RequestEntity requestEntity = - new RequestEntity<>( - HttpMethod.GET, new URI("localhost")); + new RequestEntity<>(HttpMethod.GET, new URI("localhost")); ResponseEntity> response = - pathTraversalVulnerability.getVulnerablePayloadLevel11(requestEntity,queryParams); + pathTraversalVulnerability.getVulnerablePayloadLevel11(requestEntity, queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } + @Test void testGetVulnerablePayloadLevel12WithNullFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); @@ -428,6 +427,7 @@ void testGetVulnerablePayloadLevel12WithNullFileName() throws URISyntaxException assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel12WithWrongFileName() throws URISyntaxException { Map queryParams = new HashMap<>(); @@ -439,6 +439,7 @@ void testGetVulnerablePayloadLevel12WithWrongFileName() throws URISyntaxExceptio assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } + @Test void testGetVulnerablePayloadLevel12() throws URISyntaxException { Map queryParams = new HashMap<>(); @@ -447,4 +448,4 @@ void testGetVulnerablePayloadLevel12() throws URISyntaxException { pathTraversalVulnerability.getVulnerablePayloadLevel12(queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } -} \ No newline at end of file +}