From 779aa75c037282dca6a1e3c5526b818b24f25062 Mon Sep 17 00:00:00 2001 From: Tobiasz Tomczyk Date: Mon, 12 Dec 2022 14:49:07 +0100 Subject: [PATCH 1/8] adding log and tests --- .../BlogResponsesTests.cs | 38 +++++++++++ .../BlogRespRepositoryTests/ContextSetup.cs | 67 +++++++++++++++++++ WebGoat.NET/Data/CategoryRepository.cs | 4 +- 3 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 WebGoat.NET.Tests/BlogRespRepositoryTests/BlogResponsesTests.cs create mode 100644 WebGoat.NET.Tests/BlogRespRepositoryTests/ContextSetup.cs diff --git a/WebGoat.NET.Tests/BlogRespRepositoryTests/BlogResponsesTests.cs b/WebGoat.NET.Tests/BlogRespRepositoryTests/BlogResponsesTests.cs new file mode 100644 index 0000000..3e17f73 --- /dev/null +++ b/WebGoat.NET.Tests/BlogRespRepositoryTests/BlogResponsesTests.cs @@ -0,0 +1,38 @@ +using Moq; +using NUnit.Framework; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; +using WebGoatCore.Data; +using WebGoatCore.Models; + +namespace WebGoat.NET.Tests.BlogRespRepositoryTests +{ + [TestFixture] + public class BlogResponsesTests + { + Mock _context; + + [SetUp] + public void Setup() + { + _context = ContextSetup.CreateContext(); + } + + [Test] + public void CreateBlogRespTest() + { + var blogEntryRepo = new BlogEntryRepository(_context.Object); + var entry1 = blogEntryRepo.GetBlogEntry(1); + + var respRepo = new BlogResponseRepository(_context.Object); + var resp = new BlogResponse() { Author = "admin", Contents = "Test", Id = 4, ResponseDate = DateTime.Now, BlogEntry = entry1, BlogEntryId = entry1.Id }; + + respRepo.CreateBlogResponse(resp); + + Assert.That(_context.Object.BlogResponses.Count(), Is.EqualTo(4)); + } + } +} diff --git a/WebGoat.NET.Tests/BlogRespRepositoryTests/ContextSetup.cs b/WebGoat.NET.Tests/BlogRespRepositoryTests/ContextSetup.cs new file mode 100644 index 0000000..c203deb --- /dev/null +++ b/WebGoat.NET.Tests/BlogRespRepositoryTests/ContextSetup.cs @@ -0,0 +1,67 @@ +using Microsoft.EntityFrameworkCore; +using Microsoft.EntityFrameworkCore.ChangeTracking; +using Microsoft.EntityFrameworkCore.ChangeTracking.Internal; +using Microsoft.EntityFrameworkCore.Metadata; +using Moq; +using System; +using System.Collections.Generic; +using System.Data.Entity; +using System.Linq; +using System.Text; +using System.Threading.Tasks; +using WebGoatCore.Data; +using WebGoatCore.Models; + +namespace WebGoat.NET.Tests.BlogRespRepositoryTests +{ + internal static class ContextSetup + { + internal static Mock CreateContext() + { + // create test DB + var context = BlogRepositoryTests.ContextSetup.CreateContext(); + + var blogEntryRepo = new BlogEntryRepository(context.Object); + + var entry1 = blogEntryRepo.GetBlogEntry(1); + + var r1 = new BlogResponse() { Author = "admin", Contents = "Test Content", Id = 1, ResponseDate = DateTime.Now, BlogEntry = entry1, BlogEntryId = entry1.Id }; + var r2 = new BlogResponse() { Author = "kmitnick", Contents = "KM Test Content", Id = 2, ResponseDate = DateTime.Now, BlogEntry = entry1, BlogEntryId = entry1.Id }; + var r3 = new BlogResponse() { Author = "me", Contents = "ME Test Content", Id = 3, ResponseDate = DateTime.Now, BlogEntry = entry1, BlogEntryId = entry1.Id }; + + entry1.Responses.Add(r1); + entry1.Responses.Add(r2); + entry1.Responses.Add(r3); + + var entriesList = new List { + r1, r2, r3 + }; + var initialBlogEntries = entriesList.AsQueryable(); + + Func> mockEntityEntry = (BlogResponse data) => + { + var internalEntityEntry = new InternalEntityEntry( + new Mock().Object, + new RuntimeEntityType(nameof(BlogResponse), typeof(BlogResponse), false, null, null, null, ChangeTrackingStrategy.Snapshot, null, false), + data); + + var entityEntry = new EntityEntry(internalEntityEntry); + return entityEntry; + }; + + var mockSet = DbSetTestUtil.CreateDbSetMock(initialBlogEntries); + + mockSet.Setup(m => m.Add(It.IsAny())).Returns((BlogResponse b) => + { + entriesList.Add(b); + return mockEntityEntry(b); + }); + + context.SetupGet(c => c.BlogResponses).Returns(mockSet.Object); + + return context; + } + + + } +} diff --git a/WebGoat.NET/Data/CategoryRepository.cs b/WebGoat.NET/Data/CategoryRepository.cs index 8bb76d7..a9b7635 100644 --- a/WebGoat.NET/Data/CategoryRepository.cs +++ b/WebGoat.NET/Data/CategoryRepository.cs @@ -1,7 +1,8 @@ using WebGoatCore.Models; using System.Collections.Generic; using System.Linq; - +using WebGoat.NET.Logger; + namespace WebGoatCore.Data { public class CategoryRepository @@ -15,6 +16,7 @@ public CategoryRepository(NorthwindContext context) public List GetAllCategories() { + DummyLogger.Log("Calling" + nameof(GetAllCategories) + "()"); return _context.Categories.OrderBy(c => c.CategoryId).ToList(); } From c72456de782e052a98631dc89ef048f57b7e0c7d Mon Sep 17 00:00:00 2001 From: Tobiasz Tomczyk Date: Mon, 12 Dec 2022 15:54:18 +0100 Subject: [PATCH 2/8] add dummy error handling --- WebGoat.NET/Data/CategoryRepository.cs | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/WebGoat.NET/Data/CategoryRepository.cs b/WebGoat.NET/Data/CategoryRepository.cs index a9b7635..b29044d 100644 --- a/WebGoat.NET/Data/CategoryRepository.cs +++ b/WebGoat.NET/Data/CategoryRepository.cs @@ -1,8 +1,9 @@ using WebGoatCore.Models; using System.Collections.Generic; using System.Linq; -using WebGoat.NET.Logger; - +using System; +using WebGoat.NET.Logger; + namespace WebGoatCore.Data { public class CategoryRepository @@ -17,7 +18,16 @@ public CategoryRepository(NorthwindContext context) public List GetAllCategories() { DummyLogger.Log("Calling" + nameof(GetAllCategories) + "()"); - return _context.Categories.OrderBy(c => c.CategoryId).ToList(); + try + { + return _context.Categories.OrderBy(c => c.CategoryId).ToList(); + } + catch (Exception e) + { + DummyLogger.Log("Exception: " + e.Message); + DummyLogger.Log("Trace: " + e.StackTrace); + throw; + } } public Category? GetById(int id) From 7850d24f9265c045a2d4d66045900a1909c19229 Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Fri, 13 Jan 2023 08:44:05 +0100 Subject: [PATCH 3/8] Update readme.md --- readme.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/readme.md b/readme.md index b8dde46..02e5f8b 100644 --- a/readme.md +++ b/readme.md @@ -114,4 +114,6 @@ The WebGoat.NET projects ships with scripts that allow you to conveniently run t 1. The latest OWASP Top 10 is not covered. The uncovered vulnerabilities need to be added to the code base. 2. Educational documents/trainings for any categories of the latest OWASP Top 10 are not available. +--- TEST BRANCH + From ceaf3e58aaef1e4ecf4ecc7c189013725c0eb5fe Mon Sep 17 00:00:00 2001 From: Tobiasz Tomczyk Date: Fri, 13 Jan 2023 16:26:03 +0100 Subject: [PATCH 4/8] Update codeqa action version --- .github/workflows/dottest_sa.yml | 2 +- .github/workflows/dottest_tia.yml | 2 +- .github/workflows/dottest_ut.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dottest_sa.yml b/.github/workflows/dottest_sa.yml index d7d784a..aa1aea8 100644 --- a/.github/workflows/dottest_sa.yml +++ b/.github/workflows/dottest_sa.yml @@ -47,7 +47,7 @@ jobs: # --------------------------------------------------------------- # Upload the findings into the GitHub code scanning alert section - name: Upload static results to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.dottest_min_sa.outputs.report }} diff --git a/.github/workflows/dottest_tia.yml b/.github/workflows/dottest_tia.yml index c0c91cf..b677fb0 100644 --- a/.github/workflows/dottest_tia.yml +++ b/.github/workflows/dottest_tia.yml @@ -48,7 +48,7 @@ jobs: # --------------------------------------------------------------- # Upload the findings into the GitHub code scanning alert section - name: Upload TIA results to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.dottest_ut.outputs.report }} diff --git a/.github/workflows/dottest_ut.yml b/.github/workflows/dottest_ut.yml index 5ebccf8..63d8728 100644 --- a/.github/workflows/dottest_ut.yml +++ b/.github/workflows/dottest_ut.yml @@ -48,7 +48,7 @@ jobs: # --------------------------------------------------------------- # Upload the findings into the GitHub code scanning alert section - name: Upload TIA results to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.dottest_ut.outputs.report }} From 8a88488999513428d2b404058c9675e3e529416b Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Tue, 17 Jan 2023 18:43:13 +0100 Subject: [PATCH 5/8] Update dottest_sa.yml --- .github/workflows/dottest_sa.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dottest_sa.yml b/.github/workflows/dottest_sa.yml index aa1aea8..0f812f9 100644 --- a/.github/workflows/dottest_sa.yml +++ b/.github/workflows/dottest_sa.yml @@ -31,7 +31,7 @@ jobs: id: dottest_min_sa # You may pin to the exact commit or the version. # uses: tobyash86/run-dottest-analyzer-proto@1bc4be095189f455793afdb10b47127e06ae25ff - uses: parasoft/run-dottest-analyzer@master + uses: parasoft/run-dottest-analyzer@2.0.0 with: # Path to working directory. installDir: c:\Program Files\Parasoft\dotTEST\2022.2 From e64fe670683e9e02c38762e3a15aa50710b6fff4 Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Tue, 17 Jan 2023 18:43:36 +0100 Subject: [PATCH 6/8] Update dottest_tia.yml --- .github/workflows/dottest_tia.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dottest_tia.yml b/.github/workflows/dottest_tia.yml index b677fb0..7249775 100644 --- a/.github/workflows/dottest_tia.yml +++ b/.github/workflows/dottest_tia.yml @@ -37,7 +37,7 @@ jobs: id: dottest_ut # You may pin to the exact commit or the version. # uses: tobyash86/run-dottest-analyzer-proto@1bc4be095189f455793afdb10b47127e06ae25ff - uses: parasoft/run-dottest-analyzer@master + uses: parasoft/run-dottest-analyzer@v2 with: # Path to working directory. installDir: c:\Program Files\Parasoft\dotTEST\2022.2 From 0c3f21c98cbc0b0e9092c9594fdc9e04dc1ce135 Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Tue, 17 Jan 2023 18:46:44 +0100 Subject: [PATCH 7/8] Update readme.md --- readme.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/readme.md b/readme.md index 02e5f8b..fe91dfc 100644 --- a/readme.md +++ b/readme.md @@ -113,7 +113,3 @@ The WebGoat.NET projects ships with scripts that allow you to conveniently run t 1. The latest OWASP Top 10 is not covered. The uncovered vulnerabilities need to be added to the code base. 2. Educational documents/trainings for any categories of the latest OWASP Top 10 are not available. - ---- TEST BRANCH - - From 9558abb1e5697bef2f09fea2b47d26a3451676dd Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Tue, 17 Jan 2023 18:52:22 +0100 Subject: [PATCH 8/8] Update dottest_tia.yml --- .github/workflows/dottest_tia.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dottest_tia.yml b/.github/workflows/dottest_tia.yml index 7249775..eeec3fd 100644 --- a/.github/workflows/dottest_tia.yml +++ b/.github/workflows/dottest_tia.yml @@ -37,7 +37,7 @@ jobs: id: dottest_ut # You may pin to the exact commit or the version. # uses: tobyash86/run-dottest-analyzer-proto@1bc4be095189f455793afdb10b47127e06ae25ff - uses: parasoft/run-dottest-analyzer@v2 + uses: parasoft/run-dottest-analyzer@2.0.0 with: # Path to working directory. installDir: c:\Program Files\Parasoft\dotTEST\2022.2