/// <summary>
/// Initializer for the test plugin - the test manager will invoke this at the start of a test
/// run. Tests that override this method must be sure to call the base.Init function, to ensure
/// that the base class has the context, target, and results objects created and available, and
/// if using the default DoTests function would add test case objects to the test cases collection
/// (which the default DoTests function will use).
/// </summary>
/// <param name="currentcontext">
/// The current context.
/// </param>
/// <param name="target">
/// The target.
/// </param>
/// <seealso cref="M:BackScatterScannerLib.Engine.TestBase.Init(IContext,ITarget)"/>
public override void Init(IContext currentcontext, ITarget target)
{
base.Init(currentcontext, target);
TestCases.Add(new TestCase
{
TestName = "Open Redirect",
InjectionString = TestBaseHelper.LoadTestCase("OpenRedirectTester", Context).ToArray()
});
}
/// <summary>
/// The init.
/// </summary>
/// <param name="currentcontext">
/// The current context.
/// </param>
/// <param name="target">
/// The target.
/// </param>
public override void Init(IContext currentcontext, ITarget target)
{
base.Init(currentcontext, target);
TestCases.Add(new TestCase
{
TestName = "Possible null injection",
InjectionString = TestBaseHelper.LoadTestCase("NullInjectionTester", Context).ToArray()
});
}
/// <inheritdoc/>
public override void Init(IContext context, ITarget target)
{
base.Init(context, target);
TestCases.AddRange(TestBaseHelper.XssTestCases(target, context));
this.inspectPostPage = new InspectUserInteractionPage(
context,
new[] { "//input[@type!='hidden' and @type!='submit']" });
}
/// <summary>
/// Initializer for the test plugin - the test manager will invoke this at the start of a test
/// run. Tests that override this method must be sure to call the base.Init function, to ensure
/// that the base class has the context, target, and results objects created and available, and
/// if using the default DoTests function would add test case objects to the test cases collection
/// (which the default DoTests function will use).
/// </summary>
/// <param name="currentcontext">
/// The current context.
/// </param>
/// <param name="target">
/// The target.
/// </param>
/// <seealso cref="M:BackScatterScannerLib.Engine.TestBase.Init(IContext,ITarget)"/>
public override void Init(IContext currentcontext, ITarget target)
{
base.Init(currentcontext, target);
TestCases.Add(new TestCase
{
TestName = "DT Injection",
InjectionString = TestBaseHelper.LoadTestCase("DirectoryTraversalTest", Context).ToArray(),
FilterResponseContentType = new[] { "text/html" }
});
}
/// <summary>
/// The init.
/// </summary>
/// <param name="currentcontext">
/// The current context.
/// </param>
/// <param name="target">
/// The target.
/// </param>
public override void Init(IContext currentcontext, ITarget target)
{
base.Init(currentcontext, target);
// the vulns will be catch by the error detector, so no action for check vulns in this test
TestCases.Add(new TestCase
{
TestName = "Integer overflow - MaxInt+1/MaxLong+1",
InjectionString = TestBaseHelper.LoadTestCase("IntOverflowTester", Context).ToArray(),
FuzzOnlyNumericParam = true
});
}
/// <summary>
/// Initializer for the test plugin - the test manager will invoke this at the start of a test
/// run. Tests that override this method must be sure to call the base.Init function, to ensure
/// that the base class has the context, target, and results objects created and available, and
/// if using the default DoTests function would add test case objects to the test cases collection
/// (which the default DoTests function will use).
/// </summary>
/// <param name="currentcontext">
/// The current context.
/// </param>
/// <param name="target">
/// The target.
/// </param>
/// <seealso cref="M:BackScatterScannerLib.Engine.TestBase.Init(IContext,ITarget)"/>
public override void Init(IContext currentcontext, ITarget target)
{
base.Init(currentcontext, target);
TestCases.Add(
new TestCase
{
TestName = SqlErrorTestCase,
InjectionString = TestBaseHelper.LoadTestCase("SqlInjectionErrorTestCase", Context).ToArray(),
FilterResponseContentType = new[] { "text/html" }
});
// time delay 14s choose based on the http request timeout that we have now in the system
TestCases.Add(
new TestCase
{
TestName = TimingTestCase,
InjectionString = TestBaseHelper.LoadTestCase("SqlInjectionTimingTestCase", Context).ToArray(),
FilterResponseContentType = new[] { "text/html" }
});
}
/// <inheritdoc/>
public override void Init(IContext context, ITarget target)
{
base.Init(context, target);
TestCases.AddRange(TestBaseHelper.XssTestCases(target, context));
}
static void Main(string[] args)
{
// provide collection url of tfs
var collectionUri = "http://*****:*****@"C: \Users\pankagar\Downloads\Canvas.png", FileMode.Open, FileAccess.Read);
var attachmentObject = _witClient.CreateAttachmentAsync(uploadStream, "Canvas.png", "Simple").Result;
// create a patchdocument object
JsonPatchDocument json = new JsonPatchDocument();
// create a new patch operation for title field
JsonPatchOperation patchDocument1 = new JsonPatchOperation();
patchDocument1.Operation = Operation.Add;
patchDocument1.Path = "/fields/System.Title";
patchDocument1.Value = "Testing Rest Api";
json.Add(patchDocument1);
// create a new patch operation for priority field
JsonPatchOperation patchDocument2 = new JsonPatchOperation();
patchDocument2.Operation = Operation.Add;
patchDocument2.Path = "/fields/Microsoft.VSTS.Common.Priority";
patchDocument2.Value = "2";
json.Add(patchDocument2);
// create testbasehelper object
TestBaseHelper helper = new TestBaseHelper();
// create testbase object to utilize teststep helpers
ITestBase tb = helper.Create();
// create 2 test steps ts1 and ts2
ITestStep ts1 = tb.CreateTestStep();
ITestStep ts2 = tb.CreateTestStep();
ts1.Title = "title -> title1";
ts2.Title = "title -> title2";
ts1.ExpectedResult = "expected1";
ts2.ExpectedResult = "expected2";
ts1.Description = "description1";
ts2.Description = "description2";
// adding attachment to step1
ts1.Attachments.Add(ts1.CreateAttachment(attachmentObject.Url, "CanvasImage"));
// add your steps actions to testbase object
tb.Actions.Add(ts1);
tb.Actions.Add(ts2);
// update json based on all actions (including teststeps and teststep attachemnts)
json = tb.SaveActions(json);
var xml = "";
/* getting xml for teststeps
* xml = tb.GenerateXmlFromActions();
*/
// create Test Case work item using all test steps: ts1 and ts2
var testCaseObject = _witClient.CreateWorkItemAsync(json, projectName, "Test Case").Result;
int testCaseId = Convert.ToInt32(testCaseObject.Id);
// get Test Case using all relations
testCaseObject = _witClient.GetWorkItemAsync(testCaseId, null, null, WorkItemExpand.Relations).Result;
// update Test Case
if (testCaseObject.Fields.ContainsKey("Microsoft.VSTS.TCM.Steps"))
{
xml = testCaseObject.Fields["Microsoft.VSTS.TCM.Steps"].ToString();
tb = helper.Create();
// create tcmattachemntlink object from workitem relation, teststep helper will use this
IList <TestAttachmentLink> tcmlinks = new List <TestAttachmentLink>();
foreach (WorkItemRelation rel in testCaseObject.Relations)
{
TestAttachmentLink tcmlink = new TestAttachmentLink();
tcmlink.Url = rel.Url;
tcmlink.Attributes = rel.Attributes;
tcmlink.Rel = rel.Rel;
tcmlinks.Add(tcmlink);
}
// load teststep xml and attachemnt links
tb.LoadActions(xml, tcmlinks);
ITestStep ts;
//updating 1st test step
ts = (ITestStep)tb.Actions[0];
ts.Title = "title -> title11";
ts.ExpectedResult = "expected11";
//removing 2ns test step
tb.Actions.RemoveAt(1);
//adding new test step
ITestStep ts3 = tb.CreateTestStep();
ts3.Title = "title -> title3";
ts3.ExpectedResult = "expected3";
tb.Actions.Add(ts3);
JsonPatchDocument json2 = new JsonPatchDocument();
// update json based on all new changes ( updated step xml and attachments)
json2 = tb.SaveActions(json2);
// update testcase wit using new json
testCaseObject = _witClient.UpdateWorkItemAsync(json2, testCaseId).Result;
/* Note : If you want to remove attachment then create new patchOperation, details are available here :
* https://www.visualstudio.com/en-us/docs/integrate/api/wit/work-items#remove-an-attachment
*/
}
}
public JsonPatchDocument BuildJsonPatchDocument(TestCase testCase)
{
var jsonPatchDocument = new JsonPatchDocument();
var jsonPatchOperations = new List <JsonPatchOperation>();
TestBaseHelper helper = new TestBaseHelper();
ITestBase testBase = helper.Create();
testCase.Steps.ForEach(x =>
{
ITestStep testStep = testBase.CreateTestStep();
testStep.Title = x.Action ?? string.Empty;
testStep.ExpectedResult = x.ExpectedResult ?? string.Empty;
testStep.Description = x.Action ?? string.Empty;
testBase.Actions.Add(testStep);
});
var properties = typeof(TestCase).GetProperties();
foreach (var propertyInfo in properties.Where(x => x.Name != "Steps"))
{
object[] attrs = propertyInfo.GetCustomAttributes(true);
foreach (object attr in attrs)
{
AzDevFieldReferenceAttribute azDevFieldReferenceAttribute = attr as AzDevFieldReferenceAttribute;
if (azDevFieldReferenceAttribute != null)
{
var data = testCase.GetType().GetProperty(propertyInfo.Name).GetValue(testCase, null);
if (propertyInfo.Name.Contains("AttachmentReferences"))
{
var castedData = data as List <AttachmentReference>;
castedData.ForEach(x =>
{
jsonPatchOperations.Add(new JsonPatchOperation
{
Operation = Microsoft.VisualStudio.Services.WebApi.Patch.Operation.Add,
Path = azDevFieldReferenceAttribute.AzDevFieldReference,
Value = new { rel = "AttachedFile", url = x.Url }
});
});
}
else
{
if (!string.IsNullOrWhiteSpace(data as string))
{
jsonPatchOperations.Add(new JsonPatchOperation
{
Operation = Microsoft.VisualStudio.Services.WebApi.Patch.Operation.Add,
Path = azDevFieldReferenceAttribute.AzDevFieldReference,
Value = data
});
}
}
}
}
}
jsonPatchDocument.AddRange(jsonPatchOperations);
jsonPatchDocument = testBase.SaveActions(jsonPatchDocument);
return(jsonPatchDocument);
}
