From eddf7a4f4ee0fa3d4bdce0e12d5ce35728cb6ace Mon Sep 17 00:00:00 2001 From: Richard Sirovic Date: Mon, 4 Dec 2023 16:04:26 +0100 Subject: [PATCH] Add next tests for PathTraversal class --- .../pathTraversal/PathTraversalTest.java | 148 +++++++++++++++++- 1 file changed, 146 insertions(+), 2 deletions(-) diff --git a/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java b/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java index 1da5e5d9..5ebc909a 100644 --- a/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java +++ b/src/test/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalTest.java @@ -32,6 +32,17 @@ void testGetVulnerablePayloadLevel1WithNullFileName() { assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel1WithWrongFileName() { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", "../"); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel1(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertTrue(response.getBody().getIsValid()); + assertNotNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel1() { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -54,6 +65,20 @@ void testGetVulnerablePayloadLevel2WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel2WithWrongURL() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("../")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel2(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel2() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -78,7 +103,20 @@ void testGetVulnerablePayloadLevel3WithNullFileName() throws URISyntaxException assertFalse(response.getBody().getIsValid()); assertNull(response.getBody().getContent()); } - + @Test + void testGetVulnerablePayloadLevel3WithWrongURL() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("..")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel3(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } @Test void testGetVulnerablePayloadLevel3() throws URISyntaxException { Map queryParams = new HashMap<>(); @@ -105,6 +143,20 @@ void testGetVulnerablePayloadLevel4WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel4WithWrongURL() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("%2f")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel4(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel4() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -130,6 +182,20 @@ void testGetVulnerablePayloadLevel5WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel5WithWrongURLAndFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("%2f/..")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel5(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel5() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -152,6 +218,17 @@ void testGetVulnerablePayloadLevel6WithNullFileName() { assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel6WithWrongFileName() { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", ".."); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel6(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel6() { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -199,6 +276,20 @@ void testGetVulnerablePayloadLevel8WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel8WithWrongURLAndFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("../")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel8(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel8() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -224,6 +315,20 @@ void testGetVulnerablePayloadLevel9WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel9WithWrongURLAndFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("..")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel9(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel9() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -249,6 +354,20 @@ void testGetVulnerablePayloadLevel10WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel10WithWrongURLAndFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("%2f/..")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel10(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel10() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -274,6 +393,20 @@ void testGetVulnerablePayloadLevel11WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel11WithWrongURLAndFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", null); + RequestEntity requestEntity = + new RequestEntity<>( + HttpMethod.GET, new URI("2f/..")); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel11(requestEntity,queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel11() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -296,6 +429,17 @@ void testGetVulnerablePayloadLevel12WithNullFileName() throws URISyntaxException assertNull(response.getBody().getContent()); } @Test + void testGetVulnerablePayloadLevel12WithWrongFileName() throws URISyntaxException { + Map queryParams = new HashMap<>(); + queryParams.put("fileName", ".."); + ResponseEntity> response = + pathTraversalVulnerability.getVulnerablePayloadLevel12(queryParams); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertNotNull(response.getBody()); + assertFalse(response.getBody().getIsValid()); + assertNull(response.getBody().getContent()); + } + @Test void testGetVulnerablePayloadLevel12() throws URISyntaxException { Map queryParams = new HashMap<>(); queryParams.put("fileName", "UserInfo.json"); @@ -303,4 +447,4 @@ void testGetVulnerablePayloadLevel12() throws URISyntaxException { pathTraversalVulnerability.getVulnerablePayloadLevel12(queryParams); assertEquals(HttpStatus.OK, response.getStatusCode()); } -} +} \ No newline at end of file