diff --git a/pom.xml b/pom.xml
index b65e76daa3..ff44f4d856 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@
org.springframework.boot
spring-boot-starter-parent
- 2.2.2.RELEASE
+ 2.4.0
@@ -127,7 +127,6 @@
3.4
2.6
18.0
- 4.12
1.18.4
3.8.0
2.22.0
@@ -148,6 +147,10 @@
+
+ org.springframework.boot
+ spring-boot-starter-validation
+
org.projectlombok
lombok
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java
index b5166fb5d6..e96fba6b76 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java
@@ -3,7 +3,7 @@
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import org.hamcrest.CoreMatchers;
-import org.junit.Assert;
+import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.Test;
import java.util.HashMap;
@@ -38,7 +38,7 @@ public void httpBasics() {
@Test
public void httpProxies() {
startLesson("HttpProxies");
- Assert.assertThat(RestAssured.given()
+ MatcherAssert.assertThat(RestAssured.given()
.when().relaxedHTTPSValidation().cookie("JSESSIONID", getWebGoatCookie()).header("x-request-intercepted", "true")
.contentType(ContentType.JSON)
.get(url("HttpProxies/intercept-request?changeMe=Requests are tampered easily"))
@@ -114,7 +114,7 @@ public void securePasswords() {
checkResults("/auth-bypass/");
startLesson("HttpProxies");
- Assert.assertThat(RestAssured.given().when().relaxedHTTPSValidation().cookie("JSESSIONID", getWebGoatCookie()).header("x-request-intercepted", "true")
+ MatcherAssert.assertThat(RestAssured.given().when().relaxedHTTPSValidation().cookie("JSESSIONID", getWebGoatCookie()).header("x-request-intercepted", "true")
.contentType(ContentType.JSON)
.get(url("/WebGoat/HttpProxies/intercept-request?changeMe=Requests are tampered easily")).then()
.statusCode(200).extract().path("lessonCompleted"), CoreMatchers.is(true));
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IDORTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IDORTest.java
index f702a28797..817233b64b 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IDORTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IDORTest.java
@@ -9,7 +9,7 @@
import java.util.Map;
import org.hamcrest.CoreMatchers;
-import org.junit.Assert;
+import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DynamicTest;
@@ -53,7 +53,7 @@ private void loginIDOR() throws IOException {
}
private void profile() {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -70,7 +70,7 @@ private void profile() {
params.put("url", "WebGoat/IDOR/profile/2342384");
checkAssignment(url("/WebGoat/IDOR/profile/alt-path"), params, true);
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -80,7 +80,7 @@ private void profile() {
.statusCode(200)
.extract().path("lessonCompleted"), CoreMatchers.is(true));
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java
index 18c8c1ce48..3e054b9c25 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java
@@ -4,10 +4,7 @@
import io.restassured.http.ContentType;
import lombok.Getter;
import org.hamcrest.CoreMatchers;
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.BeforeClass;
+import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
@@ -49,7 +46,6 @@ public abstract class IntegrationTest {
private static boolean started = false;
- @BeforeClass
@BeforeAll
public static void beforeAll() {
if (WG_SSL) {
@@ -91,7 +87,6 @@ protected String webWolfUrl(String url) {
return WEBWOLF_URL + url;
}
- @Before
@BeforeEach
public void login() {
@@ -143,7 +138,6 @@ public void login() {
.cookie("WEBWOLFSESSION");
}
- @After
@AfterEach
public void logout() {
RestAssured.given()
@@ -193,7 +187,7 @@ public void startLesson(String lessonName, boolean restart) {
* @param expectedResult
*/
public void checkAssignment(String url, Map params, boolean expectedResult) {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -215,7 +209,7 @@ public void checkAssignment(String url, Map params, boolean expectedR
* @param expectedResult
*/
public void checkAssignmentWithPUT(String url, Map params, boolean expectedResult) {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -231,7 +225,7 @@ public void checkAssignmentWithPUT(String url, Map params, boolean ex
public void checkResults(String prefix) {
checkResults();
- Assert.assertThat(RestAssured.given()
+ MatcherAssert.assertThat(RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
@@ -242,7 +236,7 @@ public void checkResults(String prefix) {
}
public void checkResults() {
- Assert.assertThat(RestAssured.given()
+ MatcherAssert.assertThat(RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
@@ -252,7 +246,7 @@ public void checkResults() {
}
public void checkAssignment(String url, ContentType contentType, String body, boolean expectedResult) {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -266,7 +260,7 @@ public void checkAssignment(String url, ContentType contentType, String body, bo
}
public void checkAssignmentWithGet(String url, Map params, boolean expectedResult) {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java
index 9611a2f410..b4b422014d 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java
@@ -12,7 +12,7 @@
import java.util.Map;
import org.hamcrest.CoreMatchers;
-import org.junit.Assert;
+import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.Test;
import org.owasp.webgoat.jwt.JWTSecretKeyEndpoint;
@@ -86,7 +86,7 @@ private void findPassword() throws IOException, NoSuchAlgorithmException, Invali
String secret = getSecretToken(accessToken);
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -126,7 +126,7 @@ private void resetVotes() throws IOException {
.concat(new String(Base64.getUrlEncoder().encode(bodyObject.toString().getBytes())).toString())
.concat(".").replace("=", "");
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -154,7 +154,7 @@ private void buyAsTom() throws IOException {
.concat(new String(Base64.getUrlEncoder().encode(body.getBytes())).toString())
.concat(".").replace("=", "");
- Assert.assertThat(RestAssured.given()
+ MatcherAssert.assertThat(RestAssured.given()
.when().relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
.header("Authorization","Bearer "+replacedToken)
@@ -180,7 +180,7 @@ private void deleteTom() {
.claim("Role", new String[] {"Manager", "Project Administrator"})
.signWith(SignatureAlgorithm.HS256, "deletingTom").compact();
- Assert.assertThat(RestAssured.given()
+ MatcherAssert.assertThat(RestAssured.given()
.when().relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
.post(url("/WebGoat/JWT/final/delete?token="+token))
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java
index 7bf4bf5f8f..fa924e43bd 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalTest.java
@@ -10,7 +10,7 @@
import java.util.Map;
import org.hamcrest.CoreMatchers;
-import org.junit.Assert;
+import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DynamicTest;
@@ -49,7 +49,7 @@ Iterable testPathTraversal() {
}
public void assignment1() throws IOException {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -63,7 +63,7 @@ public void assignment1() throws IOException {
}
public void assignment2() throws IOException {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
@@ -77,7 +77,7 @@ public void assignment2() throws IOException {
}
public void assignment3() throws IOException {
- Assert.assertThat(
+ MatcherAssert.assertThat(
RestAssured.given()
.when()
.relaxedHTTPSValidation()
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java
index d3139f1731..8bc13f64b7 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java
@@ -59,7 +59,7 @@ public void runTests() {
.get(url("/WebGoat/SqlInjectionMitigations/servers?column=unknown"))
.then()
.statusCode(500)
- .body("message", containsString("select id, hostname, ip, mac, status, description from servers where status <> 'out of order' order by"));
+ .body("trace", containsString("select id, hostname, ip, mac, status, description from servers where status <> 'out of order' order by"));
params.clear();
params.put("ip", "104.130.219.202");
diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java
index 2712f1baf4..6ffbf736a8 100644
--- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java
+++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java
@@ -1,6 +1,6 @@
package org.owasp.webgoat;
-import static org.junit.Assert.assertTrue;
+import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.IOException;
import java.util.HashMap;
diff --git a/webwolf/pom.xml b/webwolf/pom.xml
index ba65fb4d2d..c5d66f19a7 100644
--- a/webwolf/pom.xml
+++ b/webwolf/pom.xml
@@ -10,6 +10,10 @@
+
+ org.springframework.boot
+ spring-boot-starter-validation
+
com.fasterxml.jackson.datatype
jackson-datatype-jsr310
diff --git a/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxControllerTest.java b/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxControllerTest.java
index 3b3a853081..a1600b094f 100644
--- a/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxControllerTest.java
+++ b/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxControllerTest.java
@@ -22,12 +22,20 @@
package org.owasp.webwolf.mailbox;
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.collect.Lists;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.not;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.view;
+
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mockito;
import org.owasp.webwolf.user.UserService;
import org.springframework.beans.factory.annotation.Autowired;
@@ -36,19 +44,14 @@
import org.springframework.http.MediaType;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.test.context.ActiveProfiles;
-import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.test.web.servlet.MockMvc;
-import java.time.LocalDateTime;
-import java.time.format.DateTimeFormatter;
-
-import static org.hamcrest.CoreMatchers.containsString;
-import static org.hamcrest.CoreMatchers.not;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.common.collect.Lists;
-@RunWith(SpringRunner.class)
+@ExtendWith(SpringExtension.class)
@WebMvcTest(MailboxController.class)
@ActiveProfiles({"test", "webwolf"})
public class MailboxControllerTest {
@@ -66,7 +69,7 @@ public class MailboxControllerTest {
public static class EmailMixIn {
}
- @Before
+ @BeforeEach
public void setup() {
objectMapper.addMixIn(Email.class, EmailMixIn.class);
}
diff --git a/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxRepositoryTest.java b/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxRepositoryTest.java
index 46525ee388..3a32dbb44d 100644
--- a/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxRepositoryTest.java
+++ b/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxRepositoryTest.java
@@ -22,20 +22,19 @@
package org.owasp.webwolf.mailbox;
-import org.hamcrest.CoreMatchers;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
-import org.springframework.test.context.junit4.SpringRunner;
+import static org.junit.jupiter.api.Assertions.assertEquals;
import java.time.LocalDateTime;
import java.util.List;
-import static org.junit.Assert.*;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
@DataJpaTest
-@RunWith(SpringRunner.class)
+@ExtendWith(SpringExtension.class)
public class MailboxRepositoryTest {
@@ -65,7 +64,7 @@ public void savedEmailShouldBeFoundByReceipient() {
List emails = mailboxRepository.findByRecipientOrderByTimeDesc("someone@webwolf.org");
- assertThat(emails.size(), CoreMatchers.is(1));
+ assertEquals(emails.size(), 1);
}
}
diff --git a/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java b/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java
index 4a365150a0..3e7b654580 100644
--- a/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java
+++ b/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java
@@ -22,18 +22,21 @@
package org.owasp.webwolf.user;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
import org.assertj.core.api.Assertions;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
+import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import static org.mockito.Mockito.*;
-@RunWith(MockitoJUnitRunner.class)
+@ExtendWith(MockitoExtension.class)
public class UserServiceTest {
@Mock
@@ -55,12 +58,13 @@ public void testLoadUserByUsername(){
Assertions.assertThat(password).isEqualTo(webGoatUser.getPassword());
}
- @Test(expected = UsernameNotFoundException.class)
+ @Test
public void testLoadUserByUsername_NULL(){
var username = "guest";
+
when(mockUserRepository.findByUsername(username)).thenReturn(null);
- sut.loadUserByUsername(username);
+ assertThrows(UsernameNotFoundException.class, ()->sut.loadUserByUsername(username));
}
@Test
diff --git a/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java b/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java
index 44e6e9470b..62ed987fae 100644
--- a/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java
+++ b/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java
@@ -22,21 +22,17 @@
package org.owasp.webwolf.user;
+import static org.mockito.Mockito.when;
+
import org.assertj.core.api.Assertions;
-import org.junit.Assert;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.validation.BindException;
-import static junit.framework.TestCase.assertTrue;
-import static org.junit.Assert.assertFalse;
-import static org.mockito.Mockito.when;
-
-@RunWith(MockitoJUnitRunner.class)
+@ExtendWith(MockitoExtension.class)
public class UserValidatorTest {
@Mock