Skip to content

Commit

Permalink
Added testcase for RoleBasedAccessControl
Browse files Browse the repository at this point in the history
  • Loading branch information
@nbaars
nbaars committed Sep 22, 2016
1 parent a0f1bc1 commit 5d69467
Show file tree
Hide file tree
Showing 2 changed files with 131 additions and 0 deletions.
27 changes: 27 additions & 0 deletions webgoat-container/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,28 @@
</excludes>
</configuration>
</plugin>
<plugin>
<groupId>com.github.webdriverextensions</groupId>
<artifactId>webdriverextensions-maven-plugin</artifactId>
<version>3.0.2</version>
<executions>
<execution>
<goals>
<goal>install-drivers</goal>
</goals>
</execution>
</executions>
<configuration>
<drivers>
<driver>
<name>chromedriver</name>
<platform>windows</platform>
<bit>64</bit>
</driver>
</drivers>
<keepDownloadedWebdrivers>true</keepDownloadedWebdrivers>
</configuration>
</plugin>
</plugins>
</build>

Expand Down Expand Up @@ -470,6 +492,11 @@
<version>${sauce_junit.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.github.webdriverextensions</groupId>
<artifactId>webdriverextensions</artifactId>
<version>2.8.0</version>
</dependency>
<!-- ************* END: Dependencies for Unit and Integration Testing ************** -->
<!-- ************* END: <dependencies> ************** -->
</dependencies>
Expand Down
104 changes: 104 additions & 0 deletions webgoat-container/src/test/java/org/owasp/webgoat/plugins/WebGoatIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
import java.util.LinkedList;
import java.util.concurrent.TimeUnit;

import static com.github.webdriverextensions.WebDriverExtensionsContext.getDriver;
import static java.util.concurrent.TimeUnit.SECONDS;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
Expand Down Expand Up @@ -327,6 +328,109 @@ public boolean apply(WebDriver webDriver) {
});
}

@Test
public void testRoleBasedAccessConrol() throws IOException {
doLoginWebgoatUser();

getWebDriver().get(baseWebGoatUrl + "/start.mvc#attack/160587164/200");
getWebDriver().get(baseWebGoatUrl + "/service/restartlesson.mvc");
getWebDriver().get(baseWebGoatUrl + "/start.mvc#attack/160587164/200");

FluentWait<WebDriver> wait = new WebDriverWait(getDriver(), 15); // wait for a maximum of 15 seconds
wait.until(ExpectedConditions.textToBePresentInElementLocated(By.id("lesson-title"), "LAB: Role Based Access Control"));

wait = new FluentWait(getDriver())
.withTimeout(10, SECONDS)
.pollingEvery(2, SECONDS)
.ignoring(NoSuchElementException.class)
.ignoring(StaleElementReferenceException.class);
WebElement user = wait.until(ExpectedConditions.presenceOfElementLocated(By.name("employee_id")));
user.click();
user.sendKeys("T");

WebElement resource = getDriver().findElement(By.name("password"));
resource.click();
resource.sendKeys("tom");

WebElement submit = getDriver().findElement(By.name("action"));
submit.click();

wait = new FluentWait(getDriver())
.withTimeout(10, SECONDS)
.pollingEvery(2, SECONDS)
.ignoring(NoSuchElementException.class);

wait.until(new Predicate<WebDriver>() {
public boolean apply(WebDriver webDriver) {
return webDriver.getPageSource().contains("Welcome Back");
}
});

JavascriptExecutor javascript = (JavascriptExecutor) getDriver();
String value = "document.getElementsByName('action')[0].value='DeleteProfile';";
javascript.executeScript(value);


WebElement viewProfile = getDriver().findElements(By.name("action")).get(0);
viewProfile.click();
wait = new FluentWait(getDriver())
.withTimeout(40, SECONDS)
.pollingEvery(2, SECONDS)
.ignoring(NoSuchElementException.class);

wait.until(new Predicate<WebDriver>() {
public boolean apply(WebDriver webDriver) {
return webDriver.getPageSource().contains("Stage 2");
}
});

//
// Stage 3
//
getDriver().get(baseWebGoatUrl + "/start.mvc#attack/160587164/200/3");

user = wait.until(ExpectedConditions.presenceOfElementLocated(By.name("employee_id")));
user.click();
user.sendKeys("T");

resource = getDriver().findElement(By.name("password"));
resource.click();
resource.sendKeys("tom");

submit = getDriver().findElement(By.name("action"));
submit.click();

wait = new FluentWait(getDriver())
.withTimeout(10, SECONDS)
.pollingEvery(2, SECONDS)
.ignoring(NoSuchElementException.class);

wait.until(new Predicate<WebDriver>() {
public boolean apply(WebDriver webDriver) {
return webDriver.getPageSource().contains("Welcome Back");
}
});

javascript = (JavascriptExecutor) getDriver();
value = "var select = document.getElementsByName('employee_id')[0]; select.options[0].value='106'; ";
javascript.executeScript(value);


viewProfile = getDriver().findElements(By.name("action")).get(0);
viewProfile.click();
wait = new FluentWait(getDriver())
.withTimeout(10, SECONDS)
.pollingEvery(2, SECONDS)
.ignoring(NoSuchElementException.class);

wait.until(new Predicate<WebDriver>() {
public boolean apply(WebDriver webDriver) {
return webDriver.getPageSource().contains("You have completed Stage 3");
}
});

}

@Test
public void testFailOpenAuthenticationScheme() throws IOException {
doLoginWebgoatUser();
Expand Down

0 comments on commit 5d69467

Please sign in to comment.