diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java index d51af280c3..d73f9128ca 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java +++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java @@ -2,6 +2,9 @@ import org.junit.Test; +import io.restassured.RestAssured; +import io.restassured.http.ContentType; + import java.util.HashMap; import java.util.Map; @@ -33,7 +36,18 @@ public void runTests() { "}"); checkAssignment(url("/WebGoat/SqlInjectionMitigations/attack10b"), params, true); - //checkResults(webGoatCookie, webgoatURL, "/SqlInjectionMitigations/"); + RestAssured.given() + .when().config(restConfig).cookie("JSESSIONID", getWebGoatCookie()) + .contentType(ContentType.JSON) + .get(url("/WebGoat/SqlInjectionMitigations/servers?column=(case when (true) then hostname else id end)")) + .then() + .statusCode(200); + + params.clear(); + params.put("ip", "104.130.219.202"); + checkAssignment(url("/WebGoat/SqlInjectionMitigations/attack12a"), params, true); + + checkResults("/SqlInjectionMitigations/"); } } diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10a.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10a.java index 1c531e2dfc..13e3c65d8e 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10a.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10a.java @@ -13,7 +13,7 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; -@AssignmentPath("SqlInjectionMitigations/attack10a") +@AssignmentPath("/SqlInjectionMitigations/attack10a") @Slf4j @AssignmentHints(value = {"SqlStringInjectionHint-mitigation-10a-1", "SqlStringInjectionHint-mitigation-10a-10a2"}) public class SqlInjectionLesson10a extends AssignmentEndpoint { diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10b.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10b.java index b47c7580c4..3467ac521a 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10b.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson10b.java @@ -18,7 +18,7 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; -@AssignmentPath("SqlInjectionMitigations/attack10b") +@AssignmentPath("/SqlInjectionMitigations/attack10b") @AssignmentHints(value = {"SqlStringInjectionHint-mitigation-10b-1", "SqlStringInjectionHint-mitigation-10b-2", "SqlStringInjectionHint-mitigation-10b-3", "SqlStringInjectionHint-mitigation-10b-4", "SqlStringInjectionHint-mitigation-10b-5"}) public class SqlInjectionLesson10b extends AssignmentEndpoint { diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java index d99be9505a..591576fde5 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/mitigation/SqlInjectionLesson12a.java @@ -20,7 +20,7 @@ * @author nbaars * @since 6/13/17. */ -@AssignmentPath("SqlInjectionMitigations/attack12a") +@AssignmentPath("/SqlInjectionMitigations/attack12a") @AssignmentHints(value = {"SqlStringInjectionHint-mitigation-12a-1", "SqlStringInjectionHint-mitigation-12a-2", "SqlStringInjectionHint-mitigation-12a-3", "SqlStringInjectionHint-mitigation-12a-4"}) @Slf4j public class SqlInjectionLesson12a extends AssignmentEndpoint { diff --git a/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionMitigations.html b/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionMitigations.html index 92cc1eca79..577e589966 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionMitigations.html +++ b/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionMitigations.html @@ -128,7 +128,7 @@

List of servers
-
+
IP address webgoat-prd server: