diff --git a/.github/workflows/dottest_sa.yml b/.github/workflows/dottest_sa.yml index d7d784a..0f812f9 100644 --- a/.github/workflows/dottest_sa.yml +++ b/.github/workflows/dottest_sa.yml @@ -31,7 +31,7 @@ jobs: id: dottest_min_sa # You may pin to the exact commit or the version. # uses: tobyash86/run-dottest-analyzer-proto@1bc4be095189f455793afdb10b47127e06ae25ff - uses: parasoft/run-dottest-analyzer@master + uses: parasoft/run-dottest-analyzer@2.0.0 with: # Path to working directory. installDir: c:\Program Files\Parasoft\dotTEST\2022.2 @@ -47,7 +47,7 @@ jobs: # --------------------------------------------------------------- # Upload the findings into the GitHub code scanning alert section - name: Upload static results to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.dottest_min_sa.outputs.report }} diff --git a/.github/workflows/dottest_tia.yml b/.github/workflows/dottest_tia.yml index c0c91cf..eeec3fd 100644 --- a/.github/workflows/dottest_tia.yml +++ b/.github/workflows/dottest_tia.yml @@ -37,7 +37,7 @@ jobs: id: dottest_ut # You may pin to the exact commit or the version. # uses: tobyash86/run-dottest-analyzer-proto@1bc4be095189f455793afdb10b47127e06ae25ff - uses: parasoft/run-dottest-analyzer@master + uses: parasoft/run-dottest-analyzer@2.0.0 with: # Path to working directory. installDir: c:\Program Files\Parasoft\dotTEST\2022.2 @@ -48,7 +48,7 @@ jobs: # --------------------------------------------------------------- # Upload the findings into the GitHub code scanning alert section - name: Upload TIA results to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.dottest_ut.outputs.report }} diff --git a/.github/workflows/dottest_ut.yml b/.github/workflows/dottest_ut.yml index 5ebccf8..63d8728 100644 --- a/.github/workflows/dottest_ut.yml +++ b/.github/workflows/dottest_ut.yml @@ -48,7 +48,7 @@ jobs: # --------------------------------------------------------------- # Upload the findings into the GitHub code scanning alert section - name: Upload TIA results to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.dottest_ut.outputs.report }} diff --git a/WebGoat.NET.Tests/BlogRespRepositoryTests/BlogResponsesTests.cs b/WebGoat.NET.Tests/BlogRespRepositoryTests/BlogResponsesTests.cs new file mode 100644 index 0000000..3e17f73 --- /dev/null +++ b/WebGoat.NET.Tests/BlogRespRepositoryTests/BlogResponsesTests.cs @@ -0,0 +1,38 @@ +using Moq; +using NUnit.Framework; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; +using WebGoatCore.Data; +using WebGoatCore.Models; + +namespace WebGoat.NET.Tests.BlogRespRepositoryTests +{ + [TestFixture] + public class BlogResponsesTests + { + Mock _context; + + [SetUp] + public void Setup() + { + _context = ContextSetup.CreateContext(); + } + + [Test] + public void CreateBlogRespTest() + { + var blogEntryRepo = new BlogEntryRepository(_context.Object); + var entry1 = blogEntryRepo.GetBlogEntry(1); + + var respRepo = new BlogResponseRepository(_context.Object); + var resp = new BlogResponse() { Author = "admin", Contents = "Test", Id = 4, ResponseDate = DateTime.Now, BlogEntry = entry1, BlogEntryId = entry1.Id }; + + respRepo.CreateBlogResponse(resp); + + Assert.That(_context.Object.BlogResponses.Count(), Is.EqualTo(4)); + } + } +} diff --git a/WebGoat.NET.Tests/BlogRespRepositoryTests/ContextSetup.cs b/WebGoat.NET.Tests/BlogRespRepositoryTests/ContextSetup.cs new file mode 100644 index 0000000..c203deb --- /dev/null +++ b/WebGoat.NET.Tests/BlogRespRepositoryTests/ContextSetup.cs @@ -0,0 +1,67 @@ +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.ChangeTracking; +using Microsoft.EntityFrameworkCore.ChangeTracking.Internal; +using Microsoft.EntityFrameworkCore.Metadata; +using Moq; +using System; +using System.Collections.Generic; +using System.Data.Entity; +using System.Linq; +using System.Text; +using System.Threading.Tasks; +using WebGoatCore.Data; +using WebGoatCore.Models; + +namespace WebGoat.NET.Tests.BlogRespRepositoryTests +{ + internal static class ContextSetup + { + internal static Mock CreateContext() + { + // create test DB + var context = BlogRepositoryTests.ContextSetup.CreateContext(); + + var blogEntryRepo = new BlogEntryRepository(context.Object); + + var entry1 = blogEntryRepo.GetBlogEntry(1); + + var r1 = new BlogResponse() { Author = "admin", Contents = "Test Content", Id = 1, ResponseDate = DateTime.Now, BlogEntry = entry1, BlogEntryId = entry1.Id }; + var r2 = new BlogResponse() { Author = "kmitnick", Contents = "KM Test Content", Id = 2, ResponseDate = DateTime.Now, BlogEntry = entry1, BlogEntryId = entry1.Id }; + var r3 = new BlogResponse() { Author = "me", Contents = "ME Test Content", Id = 3, ResponseDate = DateTime.Now, BlogEntry = entry1, BlogEntryId = entry1.Id }; + + entry1.Responses.Add(r1); + entry1.Responses.Add(r2); + entry1.Responses.Add(r3); + + var entriesList = new List { + r1, r2, r3 + }; + var initialBlogEntries = entriesList.AsQueryable(); + + Func> mockEntityEntry = (BlogResponse data) => + { + var internalEntityEntry = new InternalEntityEntry( + new Mock().Object, + new RuntimeEntityType(nameof(BlogResponse), typeof(BlogResponse), false, null, null, null, ChangeTrackingStrategy.Snapshot, null, false), + data); + + var entityEntry = new EntityEntry(internalEntityEntry); + return entityEntry; + }; + + var mockSet = DbSetTestUtil.CreateDbSetMock(initialBlogEntries); + + mockSet.Setup(m => m.Add(It.IsAny())).Returns((BlogResponse b) => + { + entriesList.Add(b); + return mockEntityEntry(b); + }); + + context.SetupGet(c => c.BlogResponses).Returns(mockSet.Object); + + return context; + } + + + } +} diff --git a/WebGoat.NET/Data/CategoryRepository.cs b/WebGoat.NET/Data/CategoryRepository.cs index 8bb76d7..b29044d 100644 --- a/WebGoat.NET/Data/CategoryRepository.cs +++ b/WebGoat.NET/Data/CategoryRepository.cs @@ -1,6 +1,8 @@ using WebGoatCore.Models; using System.Collections.Generic; using System.Linq; +using System; +using WebGoat.NET.Logger; namespace WebGoatCore.Data { @@ -15,7 +17,17 @@ public CategoryRepository(NorthwindContext context) public List GetAllCategories() { - return _context.Categories.OrderBy(c => c.CategoryId).ToList(); + DummyLogger.Log("Calling" + nameof(GetAllCategories) + "()"); + try + { + return _context.Categories.OrderBy(c => c.CategoryId).ToList(); + } + catch (Exception e) + { + DummyLogger.Log("Exception: " + e.Message); + DummyLogger.Log("Trace: " + e.StackTrace); + throw; + } } public Category? GetById(int id) diff --git a/readme.md b/readme.md index b8dde46..fe91dfc 100644 --- a/readme.md +++ b/readme.md @@ -113,5 +113,3 @@ The WebGoat.NET projects ships with scripts that allow you to conveniently run t 1. The latest OWASP Top 10 is not covered. The uncovered vulnerabilities need to be added to the code base. 2. Educational documents/trainings for any categories of the latest OWASP Top 10 are not available. - -