diff --git a/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java b/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java new file mode 100644 index 00000000..1da5e5d9 --- /dev/null +++ b/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java @@ -0,0 +1,306 @@ +package org.sasanlabs.service.vulnerability.pathTraversal; + +import org.junit.jupiter.api.Test; +import org.mockito.InjectMocks; +import org.sasanlabs.service.vulnerability.bean.GenericVulnerabilityResponseBean; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.http.RequestEntity; + + +import java.net.URI; +import java.net.URISyntaxException; +import java.util.HashMap; +import java.util.Map; + +import static org.junit.jupiter.api.Assertions.*; + + +class PathTraversalVulnerabilityTest { + @InjectMocks + private PathTraversalVulnerability pathTraversalVulnerability = new PathTraversalVulnerability(); + @Test + void testGetVulnerablePayloadLevel1WithNullFileName() { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel1(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel1() { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel1(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel2WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel2(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel2() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel2(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel3WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel3(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + + @Test + void testGetVulnerablePayloadLevel3() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel3(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel4WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel4(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel4() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel4(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel5WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel5(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel5() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel5(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel6WithNullFileName() { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel6(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel6() { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel6(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel7WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel7(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel7() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel7(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel8WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel8(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel8() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel8(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel9WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel9(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel9() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel9(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel10WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel10(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel10() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel10(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel11WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel11(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel11() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("localhost")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel11(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } + @Test + void testGetVulnerablePayloadLevel12WithNullFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel12(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test + void testGetVulnerablePayloadLevel12() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "UserInfo.json"); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel12(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + } +}