Skip to content

Commit

Permalink
PR Review suggestions #3622
Browse files Browse the repository at this point in the history
winzj committed Nov 27, 2024
1 parent b05e13b commit 024e09e
Showing 6 changed files with 100 additions and 95 deletions.
Original file line number Diff line number Diff line change
@@ -3,25 +3,30 @@

import java.util.regex.Pattern;

public class JWTSupport {
class JWTSupport {

private static final Pattern JWT_PATTERN = Pattern.compile("^[A-Za-z0-9-_=]+\\.[A-Za-z0-9-_=]+\\.[A-Za-z0-9-_.+/=]*$");

/**
* Performs some tests to see if the given value is a JWT.
*
* @param value
* @param value a string which could represent a JWT token (look at
* https://jwt.io/ for detailed description about JWT content)
* @return <code>true</code> if all tests pass and the value is a JWT,
* <code>false</code> otherwise.
*/
public boolean isJWT(String value) {
boolean isJWT(String value) {
if (value == null) {
return false;
}
if (!JWT_PATTERN.matcher(value).matches()) {
return false;
}
String[] split = value.split("\\.");
// Simple way to check it is a JWT: When looking at https://jwt.io/ we can see,
// that every JWT has the structure "eyJ${someData}.eyJ${OtherData}" so we use
// this to identify JWT. Since this is only used for data extracted from HTTP
// sessions the test should be sufficient.
return split[0].startsWith("eyJ") && split[1].startsWith("eyJ");
}
}
Original file line number Diff line number Diff line change
@@ -65,7 +65,7 @@ public ScriptLoginResult executeScript(File scriptFile, ZapScanContext scanConte
LOG.info("Execute groovy login script.");
scriptEngine.eval(script, bindings);

LOG.info("Execution successful, perparing login result with session data.");
LOG.info("Execution successful, preparing login result with session data.");
loginResult.setSessionCookies(firefox.manage().getCookies());
loginResult.setSessionStorage(retrieveStorage(firefox, SESSION_STORAGE));
loginResult.setLocalStorage(retrieveStorage(firefox, LOCAL_STORAGE));
Original file line number Diff line number Diff line change
@@ -159,15 +159,15 @@ void result_contains_server_config_with_arguments_from_environment_when_command_
ZapScanContext result = factoryToTest.create(settings);

/* test */
verify(envVariableReader, times(1)).readAsInt(ZAP_PORT_ENV_VARIABLE_NAME);
verify(envVariableReader, times(1)).readAsString(ZAP_HOST_ENV_VARIABLE_NAME);
verify(envVariableReader, times(1)).readAsString(ZAP_API_KEY_ENV_VARIABLE_NAME);
verify(envVariableReader).readAsInt(ZAP_PORT_ENV_VARIABLE_NAME);
verify(envVariableReader).readAsString(ZAP_HOST_ENV_VARIABLE_NAME);
verify(envVariableReader).readAsString(ZAP_API_KEY_ENV_VARIABLE_NAME);

verify(envVariableReader, times(1)).readAsString(PROXY_HOST_ENV_VARIABLE_NAME);
verify(envVariableReader, times(1)).readAsInt(PROXY_PORT_ENV_VARIABLE_NAME);
verify(envVariableReader, times(1)).readAsString(PROXY_REALM_ENV_VARIABLE_NAME);
verify(envVariableReader, times(1)).readAsString(PROXY_USERNAME_ENV_VARIABLE_NAME);
verify(envVariableReader, times(1)).readAsString(PROXY_PASSWORD_ENV_VARIABLE_NAME);
verify(envVariableReader).readAsString(PROXY_HOST_ENV_VARIABLE_NAME);
verify(envVariableReader).readAsInt(PROXY_PORT_ENV_VARIABLE_NAME);
verify(envVariableReader).readAsString(PROXY_REALM_ENV_VARIABLE_NAME);
verify(envVariableReader).readAsString(PROXY_USERNAME_ENV_VARIABLE_NAME);
verify(envVariableReader).readAsString(PROXY_PASSWORD_ENV_VARIABLE_NAME);

ZapServerConfiguration serverConfig = result.getServerConfig();
assertNotNull(serverConfig);
@@ -330,7 +330,7 @@ void fullruleset_returned_by_provider_is_in_result() {
ZapFullRuleset fullRuleset = result.getFullRuleset();

/* test */
verify(ruleProvider, times(1)).fetchFullRuleset(any());
verify(ruleProvider).fetchFullRuleset(any());
assertNotNull(fullRuleset);
assertNotNull(fullRuleset.getRules());
assertEquals("https://www.zaproxy.org/docs/alerts/", fullRuleset.getOrigin());
@@ -349,7 +349,7 @@ void rules_to_deactivate_returned_by_provider_is_inside_result() {
DeactivatedRuleReferences deactivatedRuleReferences = result.getDeactivatedRuleReferences();

/* test */
verify(ruleProvider, times(1)).fetchDeactivatedRuleReferences(any());
verify(ruleProvider).fetchDeactivatedRuleReferences(any());
assertNotNull(deactivatedRuleReferences);
assertNotNull(deactivatedRuleReferences.getDeactivatedRuleReferences());
assertEquals(2, deactivatedRuleReferences.getDeactivatedRuleReferences().size());
@@ -419,7 +419,7 @@ void rules_to_deactivate_returned_by_command_line_is_null_environment_varibale_r
factoryToTest.create(settings);

/* test */
verify(envVariableReader, times(1)).readAsString(ZAP_DEACTIVATED_RULE_REFERENCES);
verify(envVariableReader).readAsString(ZAP_DEACTIVATED_RULE_REFERENCES);
}

@Test
@@ -573,7 +573,7 @@ void no_template_data_results_in_no_template_data_set() {
ZapScanContext result = factoryToTest.create(settings);

/* test */
verify(envVariableReader, times(1)).readAsString(ZAP_GROOVY_LOGIN_SCRIPT_FILE);
verify(envVariableReader).readAsString(ZAP_GROOVY_LOGIN_SCRIPT_FILE);
assertNull(result.getGroovyScriptLoginFile());
}

@@ -609,7 +609,7 @@ void cmd_param_not_set_results_in_environment_variable_reader_being_called_as_fa
ZapScanContext result = factoryToTest.create(settings);

/* test */
verify(envVariableReader, times(1)).readAsString(ZAP_GROOVY_LOGIN_SCRIPT_FILE);
verify(envVariableReader).readAsString(ZAP_GROOVY_LOGIN_SCRIPT_FILE);
assertEquals(groovyScriptFile, result.getGroovyScriptLoginFile().getName());
}

Original file line number Diff line number Diff line change
@@ -117,11 +117,11 @@ void setup_standard_configuration_results_in_expected_calls() throws ClientApiEx
scannerToTest.setupStandardConfiguration();

/* test */
verify(clientApiWrapper, times(1)).createNewSession(scanContext.getContextName(), true);
verify(clientApiWrapper, times(1)).setMaximumAlertsForEachRuleToUnlimited();
verify(clientApiWrapper, times(1)).enableAllPassiveScannerRules();
verify(clientApiWrapper, times(1)).enableAllActiveScannerRulesForDefaultPolicy();
verify(clientApiWrapper, times(1)).setAjaxSpiderBrowserId(BROWSER_ID);
verify(clientApiWrapper).createNewSession(scanContext.getContextName(), true);
verify(clientApiWrapper).setMaximumAlertsForEachRuleToUnlimited();
verify(clientApiWrapper).enableAllPassiveScannerRules();
verify(clientApiWrapper).enableAllActiveScannerRulesForDefaultPolicy();
verify(clientApiWrapper).setAjaxSpiderBrowserId(BROWSER_ID);
}

@Test
@@ -161,7 +161,7 @@ void deactivate_rules_results_in_rules_are_deactivated() throws ClientApiExcepti
scannerToTest.deactivateRules(ruleSet, deactivatedReferences);

/* test */
verify(clientApiWrapper, times(1)).disablePassiveScannerRule(any());
verify(clientApiWrapper).disablePassiveScannerRule(any());
verify(clientApiWrapper, times(2)).disableActiveScannerRuleForDefaultPolicy(any());
}

@@ -175,7 +175,7 @@ void setup_addtional_proxy_information_with_proxy_information_null_results_in_pr
scannerToTest.setupAdditonalProxyConfiguration(null);

/* test */
verify(clientApiWrapper, times(1)).setHttpProxyEnabled(false);
verify(clientApiWrapper).setHttpProxyEnabled(false);
}

@Test
@@ -193,9 +193,9 @@ void setup_addtional_proxy_information_results_in_proxy_enabled() throws ClientA
scannerToTest.setupAdditonalProxyConfiguration(proxyInformation);

/* test */
verify(clientApiWrapper, times(1)).configureHttpProxy(proxyInformation);
verify(clientApiWrapper, times(1)).setHttpProxyEnabled(true);
verify(clientApiWrapper, times(1)).setHttpProxyAuthEnabled(false);
verify(clientApiWrapper).configureHttpProxy(proxyInformation);
verify(clientApiWrapper).setHttpProxyEnabled(true);
verify(clientApiWrapper).setHttpProxyAuthEnabled(false);
}

@Test
@@ -210,7 +210,7 @@ void create_context_results_in_expected_calls() throws ClientApiException {
/* test */
assertEquals(expectedContextId, contextId);
verify(scanContext, times(2)).getContextName();
verify(clientApiWrapper, times(1)).createNewContext(CONTEXT_NAME);
verify(clientApiWrapper).createNewContext(CONTEXT_NAME);
}

@Test
@@ -318,8 +318,8 @@ void add_replacer_rules_for_headers_with_data_section_results_add_replacer_rule_
scannerToTest.addReplacerRulesForHeaders();

/* test */
verify(clientApiWrapper, times(1)).addReplacerRule("Key", true, "REQ_HEADER", false, "Key", "header-token", null, null);
verify(clientApiWrapper, times(1)).addReplacerRule("Other", true, "REQ_HEADER", false, "Other", "token", null, null);
verify(clientApiWrapper).addReplacerRule("Key", true, "REQ_HEADER", false, "Key", "header-token", null, null);
verify(clientApiWrapper).addReplacerRule("Other", true, "REQ_HEADER", false, "Other", "token", null, null);
}

@ParameterizedTest
@@ -397,7 +397,7 @@ void import_openapi_file_api_support_is_called_once(String sechubConfigFile) thr
scannerToTest.loadApiDefinitions(contextId);

/* test */
verify(clientApiWrapper, times(1)).importOpenApiFile(any(), any(), anyInt());
verify(clientApiWrapper).importOpenApiFile(any(), any(), anyInt());
}

@ParameterizedTest
@@ -417,7 +417,7 @@ void import_openapi_defintion_from_url_api_support_is_called_once(String sechubC

/* test */
verify(clientApiWrapper, never()).importOpenApiFile(any(), any(), anyInt());
verify(clientApiWrapper, times(1)).importOpenApiDefintionFromUrl(any(), any(), anyInt());
verify(clientApiWrapper).importOpenApiDefintionFromUrl(any(), any(), anyInt());
}

@ParameterizedTest
@@ -440,8 +440,8 @@ void import_openapi_from_file_and_from_url_api_support_is_called_once(String sec
scannerToTest.loadApiDefinitions(contextId);

/* test */
verify(clientApiWrapper, times(1)).importOpenApiFile(any(), any(), anyInt());
verify(clientApiWrapper, times(1)).importOpenApiDefintionFromUrl(any(), any(), anyInt());
verify(clientApiWrapper).importOpenApiFile(any(), any(), anyInt());
verify(clientApiWrapper).importOpenApiDefintionFromUrl(any(), any(), anyInt());
}

@Test
@@ -516,7 +516,7 @@ void import_client_certificate_file_api_support_is_called_once() throws ClientAp
scannerToTest.importClientCertificate();

/* test */
verify(clientApiWrapper, times(1)).importPkcs12ClientCertificate(any(), any());
verify(clientApiWrapper).importPkcs12ClientCertificate(any(), any());
}

@Test
@@ -549,7 +549,7 @@ void import_client_certificate_file_but_without_password_api_support_is_called_o
scannerToTest.importClientCertificate();

/* test */
verify(clientApiWrapper, times(1)).importPkcs12ClientCertificate(any(), any());
verify(clientApiWrapper).importPkcs12ClientCertificate(any(), any());
}

@ParameterizedTest
@@ -603,12 +603,12 @@ void configure_login_inside_zap_using_basic_auth_results_in_expected_calls() thr

verify(scanContext, times(2)).getTargetUrl();

verify(clientApiWrapper, times(1)).setAuthenticationMethod(eq(contextId), eq(zapAuthenticationMethod), any());
verify(clientApiWrapper, times(1)).setSessionManagementMethod(eq(contextId), eq(zapSessionManagementMethod), any());
verify(clientApiWrapper, times(1)).createNewUser(contextId, userName);
verify(clientApiWrapper, times(1)).configureAuthenticationCredentials(eq(contextId), eq(userId), any());
verify(clientApiWrapper, times(1)).setForcedUser(contextId, userId);
verify(clientApiWrapper, times(1)).setForcedUserModeEnabled(true);
verify(clientApiWrapper).setAuthenticationMethod(eq(contextId), eq(zapAuthenticationMethod), any());
verify(clientApiWrapper).setSessionManagementMethod(eq(contextId), eq(zapSessionManagementMethod), any());
verify(clientApiWrapper).createNewUser(contextId, userName);
verify(clientApiWrapper).configureAuthenticationCredentials(eq(contextId), eq(userId), any());
verify(clientApiWrapper).setForcedUser(contextId, userId);
verify(clientApiWrapper).setForcedUserModeEnabled(true);
}

@Test
@@ -645,7 +645,7 @@ void configure_login_inside_zap_using_script_auth_without_script_file_results_in
/* test */
assertNull(userInformation);
verify(scriptLogin, never()).login(scanContext, clientApiWrapper);
verify(scanContext, times(1)).getGroovyScriptLoginFile();
verify(scanContext).getGroovyScriptLoginFile();
}

@Test
@@ -682,15 +682,15 @@ void configure_login_inside_zap_using_script_auth_with_existing_script_file_resu
assertEquals(userName, userInformation.userName());
assertEquals(userId, userInformation.zapuserId());

verify(scriptLogin, times(1)).login(scanContext, clientApiWrapper);
verify(scanContext, times(1)).getGroovyScriptLoginFile();
verify(scriptLogin).login(scanContext, clientApiWrapper);
verify(scanContext).getGroovyScriptLoginFile();

verify(clientApiWrapper, times(1)).setManualAuthenticationMethod(contextId);
verify(clientApiWrapper, times(1)).setCookieBasedSessionManagementMethod(contextId);
verify(clientApiWrapper, times(1)).createNewUser(contextId, userName);
verify(clientApiWrapper, times(1)).configureAuthenticationCredentials(eq(contextId), eq(userId), any());
verify(clientApiWrapper, times(1)).setForcedUser(contextId, userId);
verify(clientApiWrapper, times(1)).setForcedUserModeEnabled(true);
verify(clientApiWrapper).setManualAuthenticationMethod(contextId);
verify(clientApiWrapper).setCookieBasedSessionManagementMethod(contextId);
verify(clientApiWrapper).createNewUser(contextId, userName);
verify(clientApiWrapper).configureAuthenticationCredentials(eq(contextId), eq(userId), any());
verify(clientApiWrapper).setForcedUser(contextId, userId);
verify(clientApiWrapper).setForcedUserModeEnabled(true);
}

@Test
@@ -706,7 +706,7 @@ void generate_report_calls_api_support_once() throws ClientApiException {
scannerToTest.generateZapReport();

/* test */
verify(clientApiWrapper, times(1)).generateReport(any(), any(), any(), any(), any(), any(), any(), any(),
verify(clientApiWrapper).generateReport(any(), any(), any(), any(), any(), any(), any(), any(),
any(), any(), any(), any(), any());
}

@@ -721,8 +721,8 @@ void cleanup_after_scan() throws ClientApiException {
scannerToTest.cleanUp();

/* test */
verify(clientApiWrapper, times(1)).removeReplacerRule(ZapScanner.X_SECHUB_DAST_HEADER_NAME);
verify(scriptLogin, times(1)).cleanUpScriptLoginData(scanContext.getTargetUrlAsString(), clientApiWrapper);
verify(clientApiWrapper).removeReplacerRule(ZapScanner.X_SECHUB_DAST_HEADER_NAME);
verify(scriptLogin).cleanUpScriptLoginData(scanContext.getTargetUrlAsString(), clientApiWrapper);
}

@ParameterizedTest
@@ -739,9 +739,9 @@ void cleanup_after_scan_without_onylForUrls_headers_set_cleans_up_all_replacer_r

/* test */
int times = sechubWebScanConfig.getHeaders().get().size();
verify(clientApiWrapper, times(1)).removeReplacerRule(ZapScanner.X_SECHUB_DAST_HEADER_NAME);
verify(clientApiWrapper).removeReplacerRule(ZapScanner.X_SECHUB_DAST_HEADER_NAME);
verify(clientApiWrapper, times(times + 1)).removeReplacerRule(any());
verify(scriptLogin, times(1)).cleanUpScriptLoginData(scanContext.getTargetUrlAsString(), clientApiWrapper);
verify(scriptLogin).cleanUpScriptLoginData(scanContext.getTargetUrlAsString(), clientApiWrapper);
}

@ParameterizedTest
@@ -764,9 +764,9 @@ void cleanup_after_scan_with_onylForUrls_headers_set_cleans_up_all_replacer_rule
times += header.getOnlyForUrls().get().size() - 1;
}
}
verify(clientApiWrapper, times(1)).removeReplacerRule(ZapScanner.X_SECHUB_DAST_HEADER_NAME);
verify(clientApiWrapper).removeReplacerRule(ZapScanner.X_SECHUB_DAST_HEADER_NAME);
verify(clientApiWrapper, times(times + 1)).removeReplacerRule(any());
verify(scriptLogin, times(1)).cleanUpScriptLoginData(scanContext.getTargetUrlAsString(), clientApiWrapper);
verify(scriptLogin).cleanUpScriptLoginData(scanContext.getTargetUrlAsString(), clientApiWrapper);
}

@Test
@@ -786,7 +786,7 @@ void wait_for_ajaxSpider_scan_is_cancelled_results_in_exception_with_dedicated_e
/* test */
assertEquals(ZapWrapperExitCode.SCAN_JOB_CANCELLED, exception.getExitCode());
verify(zapPDSEventHandler, times(2)).isScanCancelled();
verify(clientApiWrapper, times(1)).stopAjaxSpider();
verify(clientApiWrapper).stopAjaxSpider();
}

@Test
@@ -802,7 +802,7 @@ void wait_for_ajaxSpider_scan_ended_results_in_expected_calls() throws ClientApi

/* test */
verify(clientApiWrapper, times(2)).getAjaxSpiderStatus();
verify(clientApiWrapper, times(1)).stopAjaxSpider();
verify(clientApiWrapper).stopAjaxSpider();
}

@Test
@@ -822,7 +822,7 @@ void wait_for_spider_scan_is_cancelled_results_in_exception_with_dedicated_exit_
/* test */
assertEquals(ZapWrapperExitCode.SCAN_JOB_CANCELLED, exception.getExitCode());
verify(zapPDSEventHandler, times(2)).isScanCancelled();
verify(clientApiWrapper, times(1)).stopSpiderScan(scanId);
verify(clientApiWrapper).stopSpiderScan(scanId);
}

@Test
@@ -858,7 +858,7 @@ void wait_for_passiveScan_scan_is_ended_results_in_expected_calls() throws Clien
scannerToTest.runAndWaitForPassiveScan();

/* test */
verify(clientApiWrapper, times(1)).getNumberOfPassiveScannerRecordsToScan();
verify(clientApiWrapper).getNumberOfPassiveScannerRecordsToScan();
}

@Test
@@ -880,7 +880,7 @@ void wait_for_activeScan_scan_is_cancelled_results_in_exception_with_dedicated_e
assertEquals(ZapWrapperExitCode.SCAN_JOB_CANCELLED, exception.getExitCode());
verify(zapPDSEventHandler, times(2)).isScanCancelled();
verify(clientApiWrapper, never()).getActiveScannerStatusForScan(scanId);
verify(clientApiWrapper, times(1)).stopActiveScan(scanId);
verify(clientApiWrapper).stopActiveScan(scanId);
}

@Test
@@ -897,7 +897,7 @@ void wait_for_activeScan_scan_is_ended_results_in_expected_calls() throws Client

/* test */
verify(clientApiWrapper, atLeast(1)).getActiveScannerStatusForScan(scanId);
verify(clientApiWrapper, times(1)).stopActiveScan(scanId);
verify(clientApiWrapper).stopActiveScan(scanId);
}

@Test
@@ -913,7 +913,7 @@ void run_ajaxSpider_scan_ended_results_in_expected_calls() throws ClientApiExcep

/* test */
verify(clientApiWrapper, times(2)).getAjaxSpiderStatus();
verify(clientApiWrapper, times(1)).stopAjaxSpider();
verify(clientApiWrapper).stopAjaxSpider();
}

@Test
@@ -934,11 +934,11 @@ void run_spider_scan_ended_results_in_expected_calls() throws ClientApiException
scannerToTest.runAndWaitForSpider();

/* test */
verify(scanContext, times(1)).getZapProductMessageHelper();
verify(scanContext).getZapProductMessageHelper();
verify(clientApiWrapper, times(2)).getSpiderStatusForScan(scanId);
verify(clientApiWrapper, times(1)).stopSpiderScan(scanId);
verify(clientApiWrapper, times(1)).logFullSpiderResults(scanId);
verify(clientApiWrapper, times(1)).startSpiderScan(any(), any(), anyBoolean(), any(), anyBoolean());
verify(clientApiWrapper).stopSpiderScan(scanId);
verify(clientApiWrapper).logFullSpiderResults(scanId);
verify(clientApiWrapper).startSpiderScan(any(), any(), anyBoolean(), any(), anyBoolean());
}

@Test
@@ -956,9 +956,9 @@ void run_activeScan_scan_is_ended_results_in_expected_calls() throws ClientApiEx
scannerToTest.runAndWaitActiveScan(scanId);

/* test */
verify(clientApiWrapper, times(1)).getActiveScannerStatusForScan(scanId);
verify(clientApiWrapper, times(1)).stopActiveScan(scanId);
verify(clientApiWrapper, times(1)).startActiveScan(any(), anyBoolean(), anyBoolean(), any(), any(), any(), anyInt());
verify(clientApiWrapper).getActiveScannerStatusForScan(scanId);
verify(clientApiWrapper).stopActiveScan(scanId);
verify(clientApiWrapper).startActiveScan(any(), anyBoolean(), anyBoolean(), any(), any(), any(), anyInt());
}

static Stream<Arguments> headerPartWithoutOnlyForUrlsTestNamedArguments() {
Original file line number Diff line number Diff line change
@@ -66,16 +66,16 @@ void one_cookie_and_one_jwt_results_in_each_mock_called_once() throws ClientApiE
sessionConfiguratorToTest.passSessionDataToZAP(loginResult, TARGET_URL, clientApiWrapper);

/* test */
verify(clientApiWrapper, times(1)).removeHTTPSession(eq(TARGET_URL), any());
verify(clientApiWrapper, times(1)).removeHTTPSessionToken(eq(TARGET_URL), any());
verify(clientApiWrapper, times(1)).removeReplacerRule(any());
verify(clientApiWrapper, times(1)).addHTTPSessionToken(eq(TARGET_URL), any());
verify(clientApiWrapper, times(1)).createEmptyHTTPSession(eq(TARGET_URL), any());
verify(clientApiWrapper, times(1)).setHTTPSessionTokenValue(eq(TARGET_URL), any(), eq(cookie.getName()), eq(cookie.getValue()));
verify(clientApiWrapper, times(1)).setActiveHTTPSession(eq(TARGET_URL), any());
verify(clientApiWrapper, times(1)).addReplacerRule(any(), anyBoolean(), any(), anyBoolean(), any(), any(), any(), any());

verify(clientApiWrapper, times(1)).accessUrlViaZap(TARGET_URL, FOLLOW_REDIRECTS);
verify(clientApiWrapper).removeHTTPSession(eq(TARGET_URL), any());
verify(clientApiWrapper).removeHTTPSessionToken(eq(TARGET_URL), any());
verify(clientApiWrapper).removeReplacerRule(any());
verify(clientApiWrapper).addHTTPSessionToken(eq(TARGET_URL), any());
verify(clientApiWrapper).createEmptyHTTPSession(eq(TARGET_URL), any());
verify(clientApiWrapper).setHTTPSessionTokenValue(eq(TARGET_URL), any(), eq(cookie.getName()), eq(cookie.getValue()));
verify(clientApiWrapper).setActiveHTTPSession(eq(TARGET_URL), any());
verify(clientApiWrapper).addReplacerRule(any(), anyBoolean(), any(), anyBoolean(), any(), any(), any(), any());

verify(clientApiWrapper).accessUrlViaZap(TARGET_URL, FOLLOW_REDIRECTS);
}

@Test
@@ -97,14 +97,14 @@ void no_cookie_and_no_jwt_results_clienapiwrapper_not_adding_replacer_rule() thr
// no cookie can be added
verify(clientApiWrapper, never()).setHTTPSessionTokenValue(eq(TARGET_URL), any(), any(), any());

verify(clientApiWrapper, times(1)).removeHTTPSession(eq(TARGET_URL), any());
verify(clientApiWrapper, times(1)).removeHTTPSessionToken(eq(TARGET_URL), any());
verify(clientApiWrapper, times(1)).removeReplacerRule(any());
verify(clientApiWrapper, times(1)).addHTTPSessionToken(eq(TARGET_URL), any());
verify(clientApiWrapper, times(1)).createEmptyHTTPSession(eq(TARGET_URL), any());
verify(clientApiWrapper, times(1)).setActiveHTTPSession(eq(TARGET_URL), any());
verify(clientApiWrapper).removeHTTPSession(eq(TARGET_URL), any());
verify(clientApiWrapper).removeHTTPSessionToken(eq(TARGET_URL), any());
verify(clientApiWrapper).removeReplacerRule(any());
verify(clientApiWrapper).addHTTPSessionToken(eq(TARGET_URL), any());
verify(clientApiWrapper).createEmptyHTTPSession(eq(TARGET_URL), any());
verify(clientApiWrapper).setActiveHTTPSession(eq(TARGET_URL), any());

verify(clientApiWrapper, times(1)).accessUrlViaZap(TARGET_URL, FOLLOW_REDIRECTS);
verify(clientApiWrapper).accessUrlViaZap(TARGET_URL, FOLLOW_REDIRECTS);
}

@Test
Original file line number Diff line number Diff line change
@@ -53,8 +53,8 @@ void script_login_execution_is_perfomed_as_expected() throws Exception {
scriptLoginToTest.login(scanContext, clientApiWrapper);

/* test */
verify(groovyScriptExecutor, times(1)).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext);
verify(sessionConfigurator, times(1)).passSessionDataToZAP(loginResult, scanContext.getTargetUrlAsString(), clientApiWrapper);
verify(groovyScriptExecutor).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext);
verify(sessionConfigurator).passSessionDataToZAP(loginResult, scanContext.getTargetUrlAsString(), clientApiWrapper);
}

@Test
@@ -71,7 +71,7 @@ void script_can_not_be_read_results_in_firefox_closed_and_session_configurator_n
assertThrows(ZapWrapperRuntimeException.class, () -> scriptLoginToTest.login(scanContext, clientApiWrapper));

/* test */
verify(groovyScriptExecutor, times(1)).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext);
verify(groovyScriptExecutor).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext);
verify(sessionConfigurator, never()).passSessionDataToZAP(loginResult, scanContext.getTargetUrlAsString(), clientApiWrapper);
}

@@ -89,7 +89,7 @@ void script_login_execution_fails_results_in_firefox_closed_and_session_configur
assertThrows(ZapWrapperRuntimeException.class, () -> scriptLoginToTest.login(scanContext, clientApiWrapper));

/* test */
verify(groovyScriptExecutor, times(1)).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext);
verify(groovyScriptExecutor).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext);
verify(sessionConfigurator, never()).passSessionDataToZAP(loginResult, scanContext.getTargetUrlAsString(), clientApiWrapper);
}

@@ -106,8 +106,8 @@ void session_configurator_fails_results_in_excpetion_thrown() throws Exception {
assertThrows(ZapWrapperRuntimeException.class, () -> scriptLoginToTest.login(scanContext, clientApiWrapper));

/* test */
verify(groovyScriptExecutor, times(1)).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext);
verify(sessionConfigurator, times(1)).passSessionDataToZAP(loginResult, scanContext.getTargetUrlAsString(), clientApiWrapper);
verify(groovyScriptExecutor).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext);
verify(sessionConfigurator).passSessionDataToZAP(loginResult, scanContext.getTargetUrlAsString(), clientApiWrapper);
}

private ZapScanContext createValidZapScanContext() throws MalformedURLException, URISyntaxException {

0 comments on commit 024e09e

Please sign in to comment.