From: Felix Dörre Date: Sat, 5 Jul 2014 00:11:15 +0000 (+0200) Subject: Implement test for Wrong CSRF-Token in assurance Form. X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=b576475249cd96b5672e4144cff0124cbaec1342 Implement test for Wrong CSRF-Token in assurance Form. --- diff --git a/tests/org/cacert/gigi/pages/wot/TestAssurance.java b/tests/org/cacert/gigi/pages/wot/TestAssurance.java index 769767cd..cedbcde6 100644 --- a/tests/org/cacert/gigi/pages/wot/TestAssurance.java +++ b/tests/org/cacert/gigi/pages/wot/TestAssurance.java @@ -2,6 +2,7 @@ package org.cacert.gigi.pages.wot; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URL; import java.net.URLConnection; @@ -77,9 +78,29 @@ public class TestAssurance extends ManagedTest { assertTrue(error, error.startsWith("")); } + @Test + public void testAssureFormNoCSRF() throws IOException { + // override csrf + HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false); + uc.getOutputStream() + .write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10") + .getBytes()); + uc.getOutputStream().flush(); + assertEquals(500, uc.getResponseCode()); + } + @Test + public void testAssureFormWrongCSRF() throws IOException { + // override csrf + HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false); + uc.getOutputStream() + .write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10&csrf=aragc") + .getBytes()); + uc.getOutputStream().flush(); + assertEquals(500, uc.getResponseCode()); + } @Test public void testAssureFormRace() throws IOException, SQLException { - URLConnection uc = buildupAssureFormConnection(); + URLConnection uc = buildupAssureFormConnection(true); PreparedStatement ps = DatabaseConnection.getInstance().prepare( "UPDATE `users` SET email='changed' WHERE id=?"); ps.setInt(1, assuree); @@ -129,13 +150,13 @@ public class TestAssurance extends ManagedTest { } private String getError(String query) throws MalformedURLException, IOException { - URLConnection uc = buildupAssureFormConnection(); + URLConnection uc = buildupAssureFormConnection(true); uc.getOutputStream().write((query).getBytes()); uc.getOutputStream().flush(); String error = fetchStartErrorMessage(IOUtils.readURL(uc)); return error; } - private URLConnection buildupAssureFormConnection() + private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException { URL u = new URL("https://" + getServerName() + AssurePage.PATH + "/" + assuree); @@ -145,7 +166,9 @@ public class TestAssurance extends ManagedTest { uc = u.openConnection(); uc.addRequestProperty("Cookie", cookie); uc.setDoOutput(true); - uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes()); + if (doCSRF) { + uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes()); + } return uc; }