Package net.continuumsecurity.testng.web

Source Code of net.continuumsecurity.testng.web.TransportTest

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
package net.continuumsecurity.testng.web;

import net.continuumsecurity.Constants;
import net.continuumsecurity.Utils;
import net.continuumsecurity.web.drivers.DriverFactory;
import net.continuumsecurity.web.steps.WebApplicationSteps;

import org.jbehave.core.model.ExamplesTable;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeTest;
import org.testng.annotations.Test;

import java.util.HashMap;
import java.util.List;

import static org.testng.AssertJUnit.assertEquals;

public class TransportTest {
    protected WebApplicationSteps webAppSteps = new WebApplicationSteps();
    ExamplesTable credentialsTable;
    protected List<HashMap> authorisedTable;
    String msg = "";
    int failures = 0;

    @BeforeClass
    public void setUp() {
        webAppSteps.createApp();
        String workingDirectory = System.getProperty("user.dir");
        this.credentialsTable = new ExamplesTable(Utils.createStringFromJBehaveTable(workingDirectory + "/src/main/stories/users.table"));
        this.authorisedTable = Utils.createListOfMaps(workingDirectory + "/src/main/stories/tables/authorised.resources.table");
    }

    @AfterClass
    public void tearDown() {
        DriverFactory.quitAll();
    }

    @BeforeTest
    public void beforeScenario() {
        webAppSteps.createAppAndCredentials();
    }

    @Test
    public void http_security_headers_should_be_set () {
        webAppSteps.enableLoggingDriver();
        webAppSteps.clearProxy();
        webAppSteps.openBaseSecureUrl();
        webAppSteps.recordFirstHarEntry();
        webAppSteps.checkIfHSTSHeaderIsSet();
        webAppSteps.checkIfXFrameOptionsHeaderIsSet(Constants.SAMEORIGIN,Constants.DENY);
        webAppSteps.checkHeaderValue(Constants.XXSSPROTECTION, Constants.XXSSPROTECTION_VALUE);
        webAppSteps.checkThatAccessControlAllowOriginIsNotStar(Constants.STAR);
        webAppSteps.checkHeaderValue(Constants.XCONTENTTYPEOPTIONS, Constants.NOSNIFF);
    }

    @Test
    public void cache_controls_are_set_on_sensitive_content() {
        msg = "";
        failures = 0;
        for (HashMap item : this.authorisedTable) {
            webAppSteps.createApp();
            webAppSteps.enableLoggingDriver();
            webAppSteps.clearProxy();
            webAppSteps.openLoginPage();
            webAppSteps.setUsernameFromExamples((String) item.get("username"));
            webAppSteps.setCredentialsFromExamples((String) item.get("password"));
            webAppSteps.loginWithSetCredentials();
            webAppSteps.clearProxy();
            try {
              webAppSteps.setMethodName((String) item.get("method"));
                webAppSteps.recordSensitiveResponse((String) item.get("sensitiveData"));
                webAppSteps.checkHeaderValue("Cache-control", "no-cache, no-store, must-revalidate");
                webAppSteps.checkHeaderValue("Pragma", "no-cache");
            } catch (AssertionError e) {
                failures++;
                msg = msg + e.getMessage()+"\n";
            }
        }
        assertEquals(msg, 0, failures);
    }
}
TOP

Related Classes of net.continuumsecurity.testng.web.TransportTest

  • org.jbehave.core.model.ExamplesTable
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.