Add next tests for PathTraversal class

SasanLabs · Dec 4, 2023 · eddf7a4 · eddf7a4
1 parent b5f8a61
commit eddf7a4
Showing 1 changed file with 146 additions and 2 deletions.
diff --git a/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java b/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java
@@ -32,6 +32,17 @@ void testGetVulnerablePayloadLevel1WithNullFileName() {
         assertNull(response.getBody().getContent());
     }
     @Test
+    void testGetVulnerablePayloadLevel1WithWrongFileName() {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("fileName", "../");
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                pathTraversalVulnerability.getVulnerablePayloadLevel1(queryParams);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertNotNull(response.getBody());
+        assertTrue(response.getBody().getIsValid());
+        assertNotNull(response.getBody().getContent());
+    }
+    @Test
     void testGetVulnerablePayloadLevel1() {
         Map<String, String> queryParams = new HashMap<>();
         queryParams.put("fileName", "UserInfo.json");
@@ -54,6 +65,20 @@ void testGetVulnerablePayloadLevel2WithNullFileName() throws URISyntaxException
         assertNull(response.getBody().getContent());
     }
     @Test
+    void testGetVulnerablePayloadLevel2WithWrongURL() throws URISyntaxException {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("fileName", null);
+        RequestEntity<String> requestEntity =
+                new RequestEntity<>(
+                        HttpMethod.GET, new URI("../"));
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                pathTraversalVulnerability.getVulnerablePayloadLevel2(requestEntity,queryParams);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertNotNull(response.getBody());
+        assertFalse(response.getBody().getIsValid());
+        assertNull(response.getBody().getContent());
+    }
+    @Test
     void testGetVulnerablePayloadLevel2() throws URISyntaxException {
         Map<String, String> queryParams = new HashMap<>();
         queryParams.put("fileName", "UserInfo.json");
@@ -78,7 +103,20 @@ void testGetVulnerablePayloadLevel3WithNullFileName() throws URISyntaxException
         assertFalse(response.getBody().getIsValid());
         assertNull(response.getBody().getContent());
     }
-
+    @Test
+    void testGetVulnerablePayloadLevel3WithWrongURL() throws URISyntaxException {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("fileName", null);
+        RequestEntity<String> requestEntity =
+                new RequestEntity<>(
+                        HttpMethod.GET, new URI(".."));
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                pathTraversalVulnerability.getVulnerablePayloadLevel3(requestEntity,queryParams);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertNotNull(response.getBody());
+        assertFalse(response.getBody().getIsValid());
+        assertNull(response.getBody().getContent());
+    }
     @Test
     void testGetVulnerablePayloadLevel3() throws URISyntaxException {
         Map<String, String> queryParams = new HashMap<>();
@@ -105,6 +143,20 @@ void testGetVulnerablePayloadLevel4WithNullFileName() throws URISyntaxException
         assertNull(response.getBody().getContent());
     }
     @Test
+    void testGetVulnerablePayloadLevel4WithWrongURL() throws URISyntaxException {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("fileName", null);
+        RequestEntity<String> requestEntity =
+                new RequestEntity<>(
+                        HttpMethod.GET, new URI("%2f"));
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                pathTraversalVulnerability.getVulnerablePayloadLevel4(requestEntity,queryParams);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertNotNull(response.getBody());
+        assertFalse(response.getBody().getIsValid());
+        assertNull(response.getBody().getContent());
+    }
+    @Test
     void testGetVulnerablePayloadLevel4() throws URISyntaxException {
         Map<String, String> queryParams = new HashMap<>();
         queryParams.put("fileName", "UserInfo.json");
@@ -130,6 +182,20 @@ void testGetVulnerablePayloadLevel5WithNullFileName() throws URISyntaxException
         assertNull(response.getBody().getContent());
     }
     @Test
+    void testGetVulnerablePayloadLevel5WithWrongURLAndFileName() throws URISyntaxException {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("fileName", null);
+        RequestEntity<String> requestEntity =
+                new RequestEntity<>(
+                        HttpMethod.GET, new URI("%2f/.."));
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                pathTraversalVulnerability.getVulnerablePayloadLevel5(requestEntity,queryParams);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertNotNull(response.getBody());
+        assertFalse(response.getBody().getIsValid());
+        assertNull(response.getBody().getContent());
+    }
+    @Test
     void testGetVulnerablePayloadLevel5() throws URISyntaxException {
         Map<String, String> queryParams = new HashMap<>();
         queryParams.put("fileName", "UserInfo.json");
@@ -152,6 +218,17 @@ void testGetVulnerablePayloadLevel6WithNullFileName() {
         assertNull(response.getBody().getContent());
     }
     @Test
+    void testGetVulnerablePayloadLevel6WithWrongFileName() {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("fileName", "..");
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                pathTraversalVulnerability.getVulnerablePayloadLevel6(queryParams);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertNotNull(response.getBody());
+        assertFalse(response.getBody().getIsValid());
+        assertNull(response.getBody().getContent());
+    }
+    @Test
     void testGetVulnerablePayloadLevel6() {
         Map<String, String> queryParams = new HashMap<>();
         queryParams.put("fileName", "UserInfo.json");
@@ -199,6 +276,20 @@ void testGetVulnerablePayloadLevel8WithNullFileName() throws URISyntaxException
         assertNull(response.getBody().getContent());
     }
     @Test
+    void testGetVulnerablePayloadLevel8WithWrongURLAndFileName() throws URISyntaxException {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("fileName", null);
+        RequestEntity<String> requestEntity =
+                new RequestEntity<>(
+                        HttpMethod.GET, new URI("../"));
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                pathTraversalVulnerability.getVulnerablePayloadLevel8(requestEntity,queryParams);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertNotNull(response.getBody());
+        assertFalse(response.getBody().getIsValid());
+        assertNull(response.getBody().getContent());
+    }
+    @Test
     void testGetVulnerablePayloadLevel8() throws URISyntaxException {
         Map<String, String> queryParams = new HashMap<>();
         queryParams.put("fileName", "UserInfo.json");
@@ -224,6 +315,20 @@ void testGetVulnerablePayloadLevel9WithNullFileName() throws URISyntaxException
         assertNull(response.getBody().getContent());
     }
     @Test
+    void testGetVulnerablePayloadLevel9WithWrongURLAndFileName() throws URISyntaxException {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("fileName", null);
+        RequestEntity<String> requestEntity =
+                new RequestEntity<>(
+                        HttpMethod.GET, new URI(".."));
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                pathTraversalVulnerability.getVulnerablePayloadLevel9(requestEntity,queryParams);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertNotNull(response.getBody());
+        assertFalse(response.getBody().getIsValid());
+        assertNull(response.getBody().getContent());
+    }
+    @Test
     void testGetVulnerablePayloadLevel9() throws URISyntaxException {
         Map<String, String> queryParams = new HashMap<>();
         queryParams.put("fileName", "UserInfo.json");
@@ -249,6 +354,20 @@ void testGetVulnerablePayloadLevel10WithNullFileName() throws URISyntaxException
         assertNull(response.getBody().getContent());
     }
     @Test
+    void testGetVulnerablePayloadLevel10WithWrongURLAndFileName() throws URISyntaxException {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("fileName", null);
+        RequestEntity<String> requestEntity =
+                new RequestEntity<>(
+                        HttpMethod.GET, new URI("%2f/.."));
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                pathTraversalVulnerability.getVulnerablePayloadLevel10(requestEntity,queryParams);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertNotNull(response.getBody());
+        assertFalse(response.getBody().getIsValid());
+        assertNull(response.getBody().getContent());
+    }
+    @Test
     void testGetVulnerablePayloadLevel10() throws URISyntaxException {
         Map<String, String> queryParams = new HashMap<>();
         queryParams.put("fileName", "UserInfo.json");
@@ -274,6 +393,20 @@ void testGetVulnerablePayloadLevel11WithNullFileName() throws URISyntaxException
         assertNull(response.getBody().getContent());
     }
     @Test
+    void testGetVulnerablePayloadLevel11WithWrongURLAndFileName() throws URISyntaxException {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("fileName", null);
+        RequestEntity<String> requestEntity =
+                new RequestEntity<>(
+                        HttpMethod.GET, new URI("2f/.."));
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                pathTraversalVulnerability.getVulnerablePayloadLevel11(requestEntity,queryParams);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertNotNull(response.getBody());
+        assertFalse(response.getBody().getIsValid());
+        assertNull(response.getBody().getContent());
+    }
+    @Test
     void testGetVulnerablePayloadLevel11() throws URISyntaxException {
         Map<String, String> queryParams = new HashMap<>();
         queryParams.put("fileName", "UserInfo.json");
@@ -296,11 +429,22 @@ void testGetVulnerablePayloadLevel12WithNullFileName() throws URISyntaxException
         assertNull(response.getBody().getContent());
     }
     @Test
+    void testGetVulnerablePayloadLevel12WithWrongFileName() throws URISyntaxException {
+        Map<String, String> queryParams = new HashMap<>();
+        queryParams.put("fileName", "..");
+        ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
+                pathTraversalVulnerability.getVulnerablePayloadLevel12(queryParams);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertNotNull(response.getBody());
+        assertFalse(response.getBody().getIsValid());
+        assertNull(response.getBody().getContent());
+    }
+    @Test
     void testGetVulnerablePayloadLevel12() throws URISyntaxException {
         Map<String, String> queryParams = new HashMap<>();
         queryParams.put("fileName", "UserInfo.json");
         ResponseEntity<GenericVulnerabilityResponseBean<String>> response =
                 pathTraversalVulnerability.getVulnerablePayloadLevel12(queryParams);
         assertEquals(HttpStatus.OK, response.getStatusCode());
     }
-}
+}