Project Date
Cucumber Audit 15 Sep 2023, 07:24

Tag Report

Steps Scenarios Features
Tag Passed Failed Skipped Pending Undefined Total Passed Failed Total Duration Status
@ElevationOfPrivilege 10 1 0 0 0 11 0 1 1 0.912 Failed
0.912
Scenario Hostile Linking
An authorization granted to the application should not be a stateless mechanism. An attacker can prepare a link that automatically authorizes the application without any user action. The authorization should only be valid when done by the user.
Before io.github.multicatch.cucumber.audit.NavigationStepDefs.<init>(NavigationStepDefs.kt:14) 0.000
Steps
Given I go to "http://localhost.:8000/consumer" 0.168
And I click on "a.btn-primary" 0.239
And I enter "demo" into a field selected by "#id_username" 0.091
And I enter "easypassword" into a field selected by "#id_password" 0.023
And I click on "input[type=submit]" 0.254
And the response headers are under inspection 0.000
When I use a "POST" HTTP method 0.000
And I add a "Content-Type" header with value "application/x-www-form-urlencoded" 0.000
And the request body is "csrfmiddlewaretoken=wrong_csrf&redirect_uri=http%3A%2F%2Fhttpbin.org%2F&scope=read+write&client_id=Qv6vn7hxGGNyGuLxOU7DHtvPAykevYe1fKwy0eEP&state=4564382&response_type=code&code_challenge=&code_challenge_method=&allow=Authorize" 0.000
And I make a request to "http://localhost.:8000/oauth2/authorize/?response_type=code&state=4564382&client_id=Qv6vn7hxGGNyGuLxOU7DHtvPAykevYe1fKwy0eEP" 0.129
Then the response code should be 403 0.004
java.lang.AssertionError: 
Expecting ArrayList:
  []
to contain:
  [403]
but could not find the following element(s):
  [403]

	at io.github.multicatch.cucumber.audit.ResponseInspectionStepDefs._init_$lambda$37(ResponseInspectionStepDefs.kt:134)
	at ✽.the response code should be 403(classpath:io/github/multicatch/cucumber/audit/Authentication_Request.feature:32)