Skip to content

Commit 33bb795

Browse files
committed
Add e2e tests for the v2.7 app
1 parent 6ea5ac2 commit 33bb795

2 files changed

Lines changed: 23 additions & 0 deletions

File tree

.github/workflows/end2end.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ jobs:
4444
- { name: SpringMVCPostgresGroovy, test_file: end2end/spring_mvc_postgres_groovy.py }
4545
- { name: JavalinPostgres, test_file: end2end/javalin_postgres.py }
4646
- { name: JavalinMySQLKotlin, test_file: end2end/javalin_mysql_kotlin.py }
47+
- { name: SpringBoot2.7Postgres, test_file: end2end/spring_boot_2.7_postgres.py }
4748
java-version: [17, 18, 19, 20, 21]
4849
steps:
4950
- name: Download build artifacts
Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
from utils import App, Request
2+
3+
spring_boot_postgres_app = App(8104)
4+
5+
spring_boot_postgres_app.add_payload("sql",
6+
safe_request=Request("/api/pets/create", body={"name": "Bobby"}),
7+
unsafe_request=Request("/api/pets/create", body={"name": "Malicious Pet', 'Gru from the Minions') -- "})
8+
)
9+
spring_boot_postgres_app.add_payload("command injection",
10+
safe_request=Request("/api/commands/execute/Johnny", method='GET'),
11+
unsafe_request=Request("/api/commands/execute/%27%3B%20sleep%202%3B%20%23%20", method='GET'),
12+
)
13+
spring_boot_postgres_app.add_payload("server-side request forgery",
14+
safe_request=Request("/api/requests/get", data_type='form', body={"url": "https://aikido.dev/"}),
15+
unsafe_request=Request("/api/requests/get", data_type='form', body={"url": "http://localhost:5000"})
16+
)
17+
spring_boot_postgres_app.add_payload("path traversal",
18+
safe_request=Request("/api/files/read", data_type='form', body={"fileName": "README.md"}),
19+
unsafe_request=Request("/api/files/read", data_type='form', body={"fileName": "./../databases/docker-compose.yml"})
20+
)
21+
22+
spring_boot_postgres_app.test_all_payloads()

0 commit comments

Comments
 (0)