Skip to content

Commit

Permalink
fixing spotless
Browse files Browse the repository at this point in the history
  • Loading branch information
Karan Preet Singh Sasan committed Oct 2, 2024
1 parent 33835a3 commit 151eaa1
Show file tree
Hide file tree
Showing 2 changed files with 194 additions and 183 deletions.
3 changes: 2 additions & 1 deletion src/main/java/org/sasanlabs/configuration/VulnerableAppConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,8 @@ protected MultipartResolver lookupMultipartResolver(HttpServletRequest request)
return lookupMultipartResolver();
}
}
};
}
;
return new MaxUploadSizeOverrideMultipartFilter();
}
}
374 changes: 192 additions & 182 deletions .../org/sasanlabs/service/vulnerability/sqlInjection/BlindSQLInjectionVulnerabilityTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,186 +20,196 @@

public class BlindSQLInjectionVulnerabilityTest {

@Mock private JdbcTemplate jdbcTemplate;

@InjectMocks private BlindSQLInjectionVulnerability blindSQLInjectionVulnerability;

@BeforeEach
public void setUp() {
MockitoAnnotations.openMocks(this);
}

@Test
public void testGetCarInformationLevel1_CarPresent() throws SQLException {
// Arrange
String id = "1";
Map<String, String> queryParams = new HashMap<>();
queryParams.put("id", id);

// The query is simulated to have returned a result (i.e. there is a car with ID "1")
ResultSet mockResultSet = mock(ResultSet.class);
when(mockResultSet.next()).thenReturn(true);

// return rse.extractData(mockResultSet); indicates that the ResultSetExtractor extracts the
// data from the mockResultSet (which mocks the query result)
when(jdbcTemplate.query(anyString(), any(ResultSetExtractor.class)))
.thenAnswer(
invocation -> {
ResultSetExtractor<ResponseEntity<String>> rse = invocation.getArgument(1);
return rse.extractData(mockResultSet);
});

// Act
ResponseEntity<String> response =
blindSQLInjectionVulnerability.getCarInformationLevel1(queryParams);

// Assert
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals("{ \"isCarPresent\": true}", response.getBody());
}

@Test
public void testGetCarInformationLevel1_CarNotPresent() throws SQLException {
// Arrange
String id = "2";
Map<String, String> queryParams = new HashMap<>();
queryParams.put("id", id);

// The query is simulated to have returned a result (i.e. there is no a car with ID "2")
ResultSet mockResultSet = mock(ResultSet.class);
when(mockResultSet.next()).thenReturn(false);

// return rse.extractData(mockResultSet); indicates that the ResultSetExtractor extracts the
// data from the mockResultSet (which mocks the query result)
when(jdbcTemplate.query(anyString(), any(ResultSetExtractor.class)))
.thenAnswer(
invocation -> {
ResultSetExtractor<ResponseEntity<String>> rse = invocation.getArgument(1);
return rse.extractData(mockResultSet);
});

// Act
ResponseEntity<String> response =
blindSQLInjectionVulnerability.getCarInformationLevel1(queryParams);

// Assert
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals(
ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE, response.getBody());
}

@Test
public void testGetCarInformationLevel2_CarPresent() throws SQLException {
// Arrange
String id = "1";
Map<String, String> queryParams = new HashMap<>();
queryParams.put("id", id);

// Mock the ResultSet behavior
ResultSet mockResultSet = mock(ResultSet.class);
when(mockResultSet.next()).thenReturn(true);

// Mock the query method of JdbcTemplate
when(jdbcTemplate.query(anyString(), any(ResultSetExtractor.class)))
.thenAnswer(
invocation -> {
ResultSetExtractor<ResponseEntity<String>> rse = invocation.getArgument(1);
return rse.extractData(mockResultSet);
});

// Act
ResponseEntity<String> response =
blindSQLInjectionVulnerability.getCarInformationLevel2(queryParams);

// Assert
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals("{ \"isCarPresent\": true}", response.getBody());
}

@Test
public void testGetCarInformationLevel2_CarNotPresent() throws SQLException {
// Arrange
String id = "2";
Map<String, String> queryParams = new HashMap<>();
queryParams.put("id", id);

// Mock the ResultSet behavior
ResultSet mockResultSet = mock(ResultSet.class);
when(mockResultSet.next()).thenReturn(false);

// Mock the query method of JdbcTemplate
when(jdbcTemplate.query(anyString(), any(ResultSetExtractor.class)))
.thenAnswer(
invocation -> {
ResultSetExtractor<ResponseEntity<String>> rse = invocation.getArgument(1);
return rse.extractData(mockResultSet);
});

// Act
ResponseEntity<String> response =
blindSQLInjectionVulnerability.getCarInformationLevel2(queryParams);

// Assert
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals(
ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE, response.getBody());
}

@Test
public void testGetCarInformationLevel3_CarPresent() throws SQLException {
// Arrange
String id = "1";
Map<String, String> queryParams = new HashMap<>();
queryParams.put("id", id);

// Mock the ResultSet behavior
ResultSet mockResultSet = mock(ResultSet.class);
when(mockResultSet.next()).thenReturn(true);

// Mock the query method of JdbcTemplate
when(jdbcTemplate.query((PreparedStatementCreator) any(), any(), any(ResultSetExtractor.class)))
.thenAnswer(
invocation -> {
ResultSetExtractor<ResponseEntity<String>> rse = invocation.getArgument(2);
return rse.extractData(mockResultSet);
});

// Act
ResponseEntity<String> response =
blindSQLInjectionVulnerability.getCarInformationLevel3(queryParams);

// Assert
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals("{ \"isCarPresent\": true}", response.getBody());
}

@Test
public void testGetCarInformationLevel3_CarNotPresent() throws SQLException {
// Arrange
String id = "2";
Map<String, String> queryParams = new HashMap<>();
queryParams.put("id", id);

// Mock the ResultSet behavior
ResultSet mockResultSet = mock(ResultSet.class);
when(mockResultSet.next()).thenReturn(false);

// Mock the query method of JdbcTemplate
when(jdbcTemplate.query((PreparedStatementCreator) any(), any(), any(ResultSetExtractor.class)))
.thenAnswer(
invocation -> {
ResultSetExtractor<ResponseEntity<String>> rse = invocation.getArgument(2);
return rse.extractData(mockResultSet);
});

// Act
ResponseEntity<String> response =
blindSQLInjectionVulnerability.getCarInformationLevel3(queryParams);

// Assert
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals(
ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE, response.getBody());
}
@Mock private JdbcTemplate jdbcTemplate;

@InjectMocks private BlindSQLInjectionVulnerability blindSQLInjectionVulnerability;

@BeforeEach
public void setUp() {
MockitoAnnotations.openMocks(this);
}

@Test
public void testGetCarInformationLevel1_CarPresent() throws SQLException {
// Arrange
String id = "1";
Map<String, String> queryParams = new HashMap<>();
queryParams.put("id", id);

// The query is simulated to have returned a result (i.e. there is a car with ID "1")
ResultSet mockResultSet = mock(ResultSet.class);
when(mockResultSet.next()).thenReturn(true);

// return rse.extractData(mockResultSet); indicates that the ResultSetExtractor extracts the
// data from the mockResultSet (which mocks the query result)
when(jdbcTemplate.query(anyString(), any(ResultSetExtractor.class)))
.thenAnswer(
invocation -> {
ResultSetExtractor<ResponseEntity<String>> rse =
invocation.getArgument(1);
return rse.extractData(mockResultSet);
});

// Act
ResponseEntity<String> response =
blindSQLInjectionVulnerability.getCarInformationLevel1(queryParams);

// Assert
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals("{ \"isCarPresent\": true}", response.getBody());
}

@Test
public void testGetCarInformationLevel1_CarNotPresent() throws SQLException {
// Arrange
String id = "2";
Map<String, String> queryParams = new HashMap<>();
queryParams.put("id", id);

// The query is simulated to have returned a result (i.e. there is no a car with ID "2")
ResultSet mockResultSet = mock(ResultSet.class);
when(mockResultSet.next()).thenReturn(false);

// return rse.extractData(mockResultSet); indicates that the ResultSetExtractor extracts the
// data from the mockResultSet (which mocks the query result)
when(jdbcTemplate.query(anyString(), any(ResultSetExtractor.class)))
.thenAnswer(
invocation -> {
ResultSetExtractor<ResponseEntity<String>> rse =
invocation.getArgument(1);
return rse.extractData(mockResultSet);
});

// Act
ResponseEntity<String> response =
blindSQLInjectionVulnerability.getCarInformationLevel1(queryParams);

// Assert
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals(
ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE,
response.getBody());
}

@Test
public void testGetCarInformationLevel2_CarPresent() throws SQLException {
// Arrange
String id = "1";
Map<String, String> queryParams = new HashMap<>();
queryParams.put("id", id);

// Mock the ResultSet behavior
ResultSet mockResultSet = mock(ResultSet.class);
when(mockResultSet.next()).thenReturn(true);

// Mock the query method of JdbcTemplate
when(jdbcTemplate.query(anyString(), any(ResultSetExtractor.class)))
.thenAnswer(
invocation -> {
ResultSetExtractor<ResponseEntity<String>> rse =
invocation.getArgument(1);
return rse.extractData(mockResultSet);
});

// Act
ResponseEntity<String> response =
blindSQLInjectionVulnerability.getCarInformationLevel2(queryParams);

// Assert
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals("{ \"isCarPresent\": true}", response.getBody());
}

@Test
public void testGetCarInformationLevel2_CarNotPresent() throws SQLException {
// Arrange
String id = "2";
Map<String, String> queryParams = new HashMap<>();
queryParams.put("id", id);

// Mock the ResultSet behavior
ResultSet mockResultSet = mock(ResultSet.class);
when(mockResultSet.next()).thenReturn(false);

// Mock the query method of JdbcTemplate
when(jdbcTemplate.query(anyString(), any(ResultSetExtractor.class)))
.thenAnswer(
invocation -> {
ResultSetExtractor<ResponseEntity<String>> rse =
invocation.getArgument(1);
return rse.extractData(mockResultSet);
});

// Act
ResponseEntity<String> response =
blindSQLInjectionVulnerability.getCarInformationLevel2(queryParams);

// Assert
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals(
ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE,
response.getBody());
}

@Test
public void testGetCarInformationLevel3_CarPresent() throws SQLException {
// Arrange
String id = "1";
Map<String, String> queryParams = new HashMap<>();
queryParams.put("id", id);

// Mock the ResultSet behavior
ResultSet mockResultSet = mock(ResultSet.class);
when(mockResultSet.next()).thenReturn(true);

// Mock the query method of JdbcTemplate
when(jdbcTemplate.query(
(PreparedStatementCreator) any(), any(), any(ResultSetExtractor.class)))
.thenAnswer(
invocation -> {
ResultSetExtractor<ResponseEntity<String>> rse =
invocation.getArgument(2);
return rse.extractData(mockResultSet);
});

// Act
ResponseEntity<String> response =
blindSQLInjectionVulnerability.getCarInformationLevel3(queryParams);

// Assert
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals("{ \"isCarPresent\": true}", response.getBody());
}

@Test
public void testGetCarInformationLevel3_CarNotPresent() throws SQLException {
// Arrange
String id = "2";
Map<String, String> queryParams = new HashMap<>();
queryParams.put("id", id);

// Mock the ResultSet behavior
ResultSet mockResultSet = mock(ResultSet.class);
when(mockResultSet.next()).thenReturn(false);

// Mock the query method of JdbcTemplate
when(jdbcTemplate.query(
(PreparedStatementCreator) any(), any(), any(ResultSetExtractor.class)))
.thenAnswer(
invocation -> {
ResultSetExtractor<ResponseEntity<String>> rse =
invocation.getArgument(2);
return rse.extractData(mockResultSet);
});

// Act
ResponseEntity<String> response =
blindSQLInjectionVulnerability.getCarInformationLevel3(queryParams);

// Assert
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals(
ErrorBasedSQLInjectionVulnerability.CAR_IS_NOT_PRESENT_RESPONSE,
response.getBody());
}
}

0 comments on commit 151eaa1

Please sign in to comment.