From 5ca7ed288d77468cd6ceb60b0bb275ade95f813a Mon Sep 17 00:00:00 2001 From: Tobias Hort-Giess Date: Mon, 17 Jun 2024 16:32:50 +0200 Subject: [PATCH] This commit should improve testing Although not very happy with this solution, it gives the ability to write tests against concrete implementations. Writing "plain" unit tests against the Montoya API is currently not possible because the concrete implementation to those interfaces is missing and only available during runtime. See also: https://github.com/PortSwigger/burp-extensions-montoya-api/issues/97 This commit provides a new Tab in DEBUG mode where tests can be run against concrete implementations during runtime. -> Semi-automated testing. --- build.gradle | 1 + gradle/libs.versions.toml | 2 + src/main/java/burp/BurpExtender.java | 7 ++ src/main/java/helpers/Flags.java | 5 +- src/main/java/livetesting/LiveTestingTab.java | 113 ++++++++++++++++++ .../livetesting/SamlMessageAnalyzerTest.java | 40 +++++++ src/main/java/livetesting/TestResult.java | 4 + 7 files changed, 168 insertions(+), 4 deletions(-) create mode 100644 src/main/java/livetesting/LiveTestingTab.java create mode 100644 src/main/java/livetesting/SamlMessageAnalyzerTest.java create mode 100644 src/main/java/livetesting/TestResult.java diff --git a/build.gradle b/build.gradle index cb11c99..046c9d8 100644 --- a/build.gradle +++ b/build.gradle @@ -17,6 +17,7 @@ dependencies { compileOnly libs.net.portswigger.burp.extensions.montoya.api compileOnly libs.org.bouncycastle.bcpkix.jdk15on + implementation libs.com.google.guava implementation libs.com.sun.xml.security.xml.security.impl implementation libs.org.apache.santuario.xmlsec implementation libs.xerces.xercesimpl diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 16f1c26..d38dbeb 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -1,4 +1,5 @@ [versions] +com-google-guava = "33.2.1-jre" com-sun-xml-security-xml-security-impl = "1.0" net-portswigger-burp-extensions-montoya-api = "2023.12.1" org-apache-santuario-xmlsec = "2.1.7" @@ -7,6 +8,7 @@ org-junit-jupiter = "5.10.2" xerces-xercesimpl = "2.12.2" [libraries] +com-google-guava = { module = "com.google.guava:guava", version.ref = "com-google-guava"} com-sun-xml-security-xml-security-impl = { module = "com.sun.xml.security:xml-security-impl", version.ref = "com-sun-xml-security-xml-security-impl" } net-portswigger-burp-extensions-montoya-api = { module = "net.portswigger.burp.extensions:montoya-api", version.ref = "net-portswigger-burp-extensions-montoya-api" } org-apache-santuario-xmlsec = { module = "org.apache.santuario:xmlsec", version.ref = "org-apache-santuario-xmlsec" } diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java index 8c8e385..c85ba47 100644 --- a/src/main/java/burp/BurpExtender.java +++ b/src/main/java/burp/BurpExtender.java @@ -10,8 +10,10 @@ import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpRequestEditor; import burp.api.montoya.ui.editor.extension.HttpRequestEditorProvider; import gui.CertificateTab; +import helpers.Flags; import java.io.BufferedReader; import java.io.InputStreamReader; +import livetesting.LiveTestingTab; import static java.util.Objects.requireNonNull; @@ -34,6 +36,11 @@ public void initialize(MontoyaApi api) { certificateTab.setCertificateTabController(certificateTabController); api.userInterface().registerSuiteTab(certificateTabController.getTabCaption(), certificateTabController.getUiComponent()); + if (Flags.DEBUG) { + var liveTestingTab = new LiveTestingTab(); + api.userInterface().registerSuiteTab(liveTestingTab.caption(), liveTestingTab); + } + this.samlHighlighter = new SAMLHighlighter(this.certificateTab::getSamlRequestParameterName, this.certificateTab::getSamlResponseParameterName); api.http().registerHttpHandler(samlHighlighter); diff --git a/src/main/java/helpers/Flags.java b/src/main/java/helpers/Flags.java index 7a19dd8..b8b26d5 100644 --- a/src/main/java/helpers/Flags.java +++ b/src/main/java/helpers/Flags.java @@ -1,8 +1,5 @@ package helpers; public class Flags { - - // Write SAMLRaiderDebug.log and load example certificates - public static final boolean DEBUG = false; - + public static final boolean DEBUG = true; } diff --git a/src/main/java/livetesting/LiveTestingTab.java b/src/main/java/livetesting/LiveTestingTab.java new file mode 100644 index 0000000..56c61d3 --- /dev/null +++ b/src/main/java/livetesting/LiveTestingTab.java @@ -0,0 +1,113 @@ +package livetesting; + +import burp.BurpExtender; +import com.google.common.reflect.ClassPath; +import java.awt.BorderLayout; +import java.awt.Color; +import java.awt.Font; +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; +import java.util.Arrays; +import java.util.stream.Collectors; +import javax.swing.JButton; +import javax.swing.JPanel; +import javax.swing.JScrollPane; +import javax.swing.JTextPane; +import javax.swing.border.EmptyBorder; +import javax.swing.text.BadLocationException; +import javax.swing.text.SimpleAttributeSet; +import javax.swing.text.StyleConstants; + +public class LiveTestingTab extends JPanel { + + public LiveTestingTab() { + setBorder(new EmptyBorder(10, 10, 10, 10)); + var textPane = new JTextPane(); + textPane.setEditable(false); + textPane.setBackground(Color.BLACK); + textPane.setForeground(Color.WHITE); + textPane.setFont(new Font(Font.MONOSPACED, Font.PLAIN, 14)); + + var button = new JButton("Run tests"); + + setLayout(new BorderLayout(10, 10)); + add(new JScrollPane(textPane), BorderLayout.CENTER); + add(button, BorderLayout.SOUTH); + + button.addActionListener(listener -> { + textPane.setText(""); + + var document = textPane.getStyledDocument(); + + var inRed = new SimpleAttributeSet(); + inRed.addAttribute(StyleConstants.Foreground, Color.RED); + + var inGreen = new SimpleAttributeSet(); + inGreen.addAttribute(StyleConstants.Foreground, Color.GREEN); + + try { + var classLoader = this.getClass().getClassLoader(); + + var testClasses = + ClassPath.from(classLoader) + .getTopLevelClassesRecursive("livetesting") + .stream() + .filter(classInfo -> classInfo.getName().endsWith("Test")) + .map(ClassPath.ClassInfo::load) + .collect(Collectors.toSet()); + + for (var testClass : testClasses) { + document.insertString(document.getLength(), "%s\n".formatted(testClass.getSimpleName()), null); + var testInstance = testClass.getDeclaredConstructor().newInstance(); + + var testMethods = Arrays.stream(testClass.getDeclaredMethods()) + .filter(method -> method.canAccess(testInstance)) + .filter(method -> method.getReturnType().equals(TestResult.class)) + .collect(Collectors.toSet()); + + for (var testMethod : testMethods) { + document.insertString(document.getLength(), " %s... ".formatted(testMethod.getName()), null); + var result = (TestResult) testMethod.invoke(testInstance); + document.insertString( + document.getLength(), + result.success() ? "success" : "failed", + result.success() ? inGreen : inRed); + if (result.message() != null) { + document.insertString( + document.getLength(), + "\n%s".formatted(result.message()), + inRed); + } + if (result.throwable() != null) { + var byteArrayOutputStream = new ByteArrayOutputStream(); + var printStream = new PrintStream(byteArrayOutputStream); + result.throwable().printStackTrace(printStream); + document.insertString( + document.getLength(), + "\n%s".formatted(byteArrayOutputStream.toString()), + inRed); + } + document.insertString(document.getLength(), "\n", null); + } + } + } catch (Exception exc) { + BurpExtender.api.logging().logToError(exc); + var byteArrayOutputStream = new ByteArrayOutputStream(); + var printStream = new PrintStream(byteArrayOutputStream); + exc.printStackTrace(printStream); + try { + document.insertString( + document.getLength(), + "\n%s".formatted(byteArrayOutputStream.toString()), + inRed); + } catch (BadLocationException exc1) { + BurpExtender.api.logging().logToError(exc1); + } + } + }); + } + + public String caption() { + return "SAML Raider Live Testing"; + } +} diff --git a/src/main/java/livetesting/SamlMessageAnalyzerTest.java b/src/main/java/livetesting/SamlMessageAnalyzerTest.java new file mode 100644 index 0000000..5eb4722 --- /dev/null +++ b/src/main/java/livetesting/SamlMessageAnalyzerTest.java @@ -0,0 +1,40 @@ +package livetesting; + +import application.SamlMessageAnalyzer; +import burp.api.montoya.http.message.requests.HttpRequest; + +public class SamlMessageAnalyzerTest { + + public TestResult isSAMLMessage() { + var raw = """ + POST /api/oauth/saml HTTP/1.1 + Host: sso.eu.boxyhq.com + Content-Length: 9984 + Cache-Control: max-age=0 + Sec-Ch-Ua: "Chromium";v="125", "Not.A/Brand";v="24" + Sec-Ch-Ua-Mobile: ?0 + Sec-Ch-Ua-Platform: "Linux" + Upgrade-Insecure-Requests: 1 + Origin: https://mocksaml.com + Content-Type: application/x-www-form-urlencoded + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.112 Safari/537.36 + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 + Sec-Fetch-Site: cross-site + Sec-Fetch-Mode: navigate + Sec-Fetch-User: ?1 + Sec-Fetch-Dest: document + Referer: https://mocksaml.com/ + Accept-Encoding: gzip, deflate, br + Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 + Priority: u=0, i + Connection: keep-alive + + RelayState=undefined&SAMLResponse=PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6UmVzcG9uc2UgRGVzdGluYXRpb249Imh0dHBzOi8vc3NvLmV1LmJveHlocS5jb20vYXBpL29hdXRoL3NhbWwiIElEPSJfNjhiYmM3NDlmM2Q5Nzc4Yzg4MDAiIElzc3VlSW5zdGFudD0iMjAyNC0wNi0xN1QwODo0OTo1NS40NzhaIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI%2BPHNhbWw6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5IiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL3NhbWwuZXhhbXBsZS5jb20vZW50aXR5aWQ8L3NhbWw6SXNzdWVyPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8%2BPFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48UmVmZXJlbmNlIFVSST0iI182OGJiYzc0OWYzZDk3NzhjODgwMCI%2BPFRyYW5zZm9ybXM%2BPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8%2BPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8%2BPERpZ2VzdFZhbHVlPlJXdzlOL2pVK2w5WldUUjZ2dDJxeDNSYm1lNERyY1lvakFCb3I1RjRNdVE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8%2BPFNpZ25hdHVyZVZhbHVlPkdxa0FOY3FyWGZTNDF3dDhMQXRIVDAwWFpUVFZUQlhJSTZHSzZlaldIUVVkMkMrL2cwcjZHSWh0bmxyWDB4U1hpNUtQdG1yV1JiTEpjWU5VVW4rWEx5L21Ic2VLaDBlWXJVWXQxaDA2WHVMSk5NQitMSjBGZGxqSzEzZUZxOFFTR2lWemRWd1lKVWtnZjFNNlByUXZLNVVMOVpiaXhCU2VIcFFaS1FWYjNPN3grNG5UOG5Da3NuUFFjaElxME9Za1plOWhYTW9FZ2hDSG1jQ3Qwa2ZaZjAwMWdJSmZVTGhLM3R1c25KSGM3aktTL21oNVQ5MWlvUWpkNy9qUzBRcUVpWDFnMjdvUzEwaEhONDlLK0d2ZVdGOXB4U2kwaDFrVG52dzFlc0NnYTBud25QVm9QRGJJelcxS1hXTXJEajVyd2VEVHZ5WmFBRGs4WUJQMFNzR1hLdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE%2BPFg1MDlDZXJ0aWZpY2F0ZT5NSUlDNGpDQ0Fjb0NDUUMzM3dueWJUNVFaREFOQmdrcWhraUc5dzBCQVFzRkFEQXlNUXN3Q1FZRFZRUUdFd0pWClN6RVBNQTBHQTFVRUNnd0dRbTk0ZVVoUk1SSXdFQVlEVlFRRERBbE5iMk5ySUZOQlRVd3dJQmNOTWpJd01qSTQKTWpFME5qTTRXaGdQTXpBeU1UQTNNREV5TVRRMk16aGFNREl4Q3pBSkJnTlZCQVlUQWxWTE1ROHdEUVlEVlFRSwpEQVpDYjNoNVNGRXhFakFRQmdOVkJBTU1DVTF2WTJzZ1UwRk5URENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBTEdmWWV0dE1zY3QxVDZ0VlV3VHVkTkpINVBuYjlHR25rWGk5WncvZTZ4NDVERDAKUnVST05iRmxKMlQ0UmpBRS91RytBalh4WFE4bzJTWmZiOStHZ21DSHVUSkZOZ0hvWjFuRlZYQ21iL0hnOEhwZAo0dk9BR1huZGl4YVJlT2lxM0VINVh2cE1qTWtKMys4KzlWWU16TVpPamtnUXRBcU8zNmVBRkZmTktYN2RUajNWCnB3TGt2ejYvS0ZDcThPQXdZK0FVaTRlWm01SjU3RDMxR3pqSHdmakg5V1RlWDBNeW5kbW5OQjFxVjc1cVFSM2IKMi9XNXNHSFJ2KzlBYXJnZ0prRitwdFVrWG9MdFZBNTF3Y2ZZbTZoSUxwdHBkZTVGUUM4UldZMVlyc3dCV0FFWgpOZnlyUjRKZVN3ZUVsTkhnNE5WT3M0VHdHak9Qd1dHcXpUZmdUbEVDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBQVlSbFlmbFNYQVdvWnBGZndOaUNRVkU1ZDl6WjBEUHpOZFdoQXliWGNUeU1mMHo1bURmNkZXQlcKNUd5b2k5dTNFTUVEbnpMY0pOa3dKQUFjMzlBcGE0STIvdG1sK0p5MjlkazhiVHlYNm05M25nbUNnZExoNVphNApraHVVM0FNM0w2M2c3VmV4Q3VPN2t3a2poLytMcWRjSVhzVkdPNlhEZnUyUU9zMVhwZTl6SXpMcHdtL1JOWWVYClVqYlNqNWNlL2pla3BBdzdxeVZWTDR4T3loOEF0VVcxZWszd0l3MU1KdkVnRVB0MGQxNm9zaFdKcG9TMU9UOEwKci8yMlN2WUVvM0VtU0dkVFZHZ2szeDNzK0EwcVdBcVRjeWpyN1E0cy9HS1lSRmZvbUd3ejBUWjRJdzFaTjk5TQptMGVvMlVTbFNSVFZsN1FIUlR1aXVTVGhIcExLUVE9PTwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE%2BPC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxzYW1scDpTdGF0dXMgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI%2BPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiBJRD0iX2ZmYzM2NmY2ZTgxMWVjNjA3YTA1IiBJc3N1ZUluc3RhbnQ9IjIwMjQtMDYtMTdUMDg6NDk6NTUuNDc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiPjxzYW1sOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2BaHR0cHM6Ly9zYW1sLmV4YW1wbGUuY29tL2VudGl0eWlkPC9zYW1sOklzc3Vlcj48U2lnbmF0dXJlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48U2lnbmVkSW5mbz48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8%2BPFJlZmVyZW5jZSBVUkk9IiNfZmZjMzY2ZjZlODExZWM2MDdhMDUiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L1RyYW5zZm9ybXM%2BPERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxEaWdlc3RWYWx1ZT54a1NLdTRyeTFkUkw0cHlZb1RXR3hBNnc0bHBybVkybkxiemk1TXM3Vkw4PTwvRGlnZXN0VmFsdWU%2BPC9SZWZlcmVuY2U%2BPC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5laVh3b0hJRWJjN3paMHZ6YnhXdHNORXNaWDZsRnlNMTZQbXlKWk9mR3dkN1hqaSs5WXRTeDJxeGcxOWNaMUFnL1JzS3FNc1R5SmxOaUVMNU9CN0lzdGF6dmU4K29QY050ZXNnMEpBWTg1SHFRQnZXYmRxem9tSkF2OUVRakg3SkpBQk80azM4eUwvYWtLM3Z4Ky8yNWc3K2dESWNyNUxHc2thQkVTdnlDeTA2dVVtSjNVdDlTMWpIbzVkV3BZeEEvK3VKUmVBcHVGWE1mYUhpdmZ3bkhocldlZ3J4VDY4bGFnUXdzQU42NStTV0p3TFdlVDdLVk5XWVJGZUNweDVOWEpvaUovRkcxcm94MndSSUtRZHVDeHFpT0FDcXdnY0F5M1BDaExWK0k5Q3g1aUFZc0N2ZXZZVUhPcXNpU1JpNUVmeWVZWEtIeHV4dmRwYkJnTU43Wmc9PTwvU2lnbmF0dXJlVmFsdWU%2BPEtleUluZm8%2BPFg1MDlEYXRhPjxYNTA5Q2VydGlmaWNhdGU%2BTUlJQzRqQ0NBY29DQ1FDMzN3bnliVDVRWkRBTkJna3Foa2lHOXcwQkFRc0ZBREF5TVFzd0NRWURWUVFHRXdKVgpTekVQTUEwR0ExVUVDZ3dHUW05NGVVaFJNUkl3RUFZRFZRUUREQWxOYjJOcklGTkJUVXd3SUJjTk1qSXdNakk0Ck1qRTBOak00V2hnUE16QXlNVEEzTURFeU1UUTJNemhhTURJeEN6QUpCZ05WQkFZVEFsVkxNUTh3RFFZRFZRUUsKREFaQ2IzaDVTRkV4RWpBUUJnTlZCQU1NQ1Uxdlkyc2dVMEZOVERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0VQQURDQ0FRb0NnZ0VCQUxHZllldHRNc2N0MVQ2dFZVd1R1ZE5KSDVQbmI5R0dua1hpOVp3L2U2eDQ1REQwClJ1Uk9OYkZsSjJUNFJqQUUvdUcrQWpYeFhROG8yU1pmYjkrR2dtQ0h1VEpGTmdIb1oxbkZWWENtYi9IZzhIcGQKNHZPQUdYbmRpeGFSZU9pcTNFSDVYdnBNak1rSjMrOCs5VllNek1aT2prZ1F0QXFPMzZlQUZGZk5LWDdkVGozVgpwd0xrdno2L0tGQ3E4T0F3WStBVWk0ZVptNUo1N0QzMUd6akh3ZmpIOVdUZVgwTXluZG1uTkIxcVY3NXFRUjNiCjIvVzVzR0hSdis5QWFyZ2dKa0YrcHRVa1hvTHRWQTUxd2NmWW02aElMcHRwZGU1RlFDOFJXWTFZcnN3QldBRVoKTmZ5clI0SmVTd2VFbE5IZzROVk9zNFR3R2pPUHdXR3F6VGZnVGxFQ0F3RUFBVEFOQmdrcWhraUc5dzBCQVFzRgpBQU9DQVFFQUFZUmxZZmxTWEFXb1pwRmZ3TmlDUVZFNWQ5elowRFB6TmRXaEF5YlhjVHlNZjB6NW1EZjZGV0JXCjVHeW9pOXUzRU1FRG56TGNKTmt3SkFBYzM5QXBhNEkyL3RtbCtKeTI5ZGs4YlR5WDZtOTNuZ21DZ2RMaDVaYTQKa2h1VTNBTTNMNjNnN1ZleEN1Tzdrd2tqaC8rTHFkY0lYc1ZHTzZYRGZ1MlFPczFYcGU5ekl6THB3bS9STlllWApVamJTajVjZS9qZWtwQXc3cXlWVkw0eE95aDhBdFVXMWVrM3dJdzFNSnZFZ0VQdDBkMTZvc2hXSnBvUzFPVDhMCnIvMjJTdllFbzNFbVNHZFRWR2drM3gzcytBMHFXQXFUY3lqcjdRNHMvR0tZUkZmb21Hd3owVFo0SXcxWk45OU0KbTBlbzJVU2xTUlRWbDdRSFJUdWl1U1RoSHBMS1FRPT08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjwvS2V5SW5mbz48L1NpZ25hdHVyZT48c2FtbDpTdWJqZWN0IHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI%2BamFja3NvbkBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ%2BPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyNC0wNi0xN1QwODo1NDo1NS40NzhaIiBSZWNpcGllbnQ9Imh0dHBzOi8vc3NvLmV1LmJveHlocS5jb20vYXBpL29hdXRoL3NhbWwiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyNC0wNi0xN1QwODo0NDo1NS40NzhaIiBOb3RPbk9yQWZ0ZXI9IjIwMjQtMDYtMTdUMDg6NTQ6NTUuNDc4WiIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2BPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL3NhbWwuYm94eWhxLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMjQtMDYtMTdUMDg6NDk6NTUuNDc4WiIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2BPHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ%2BPC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudCB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iaWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dW5zcGVjaWZpZWQiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI%2BMWRkYTlmYjQ5MWRjMDFiZDI0ZDI0MjNiYTJmMjJhZTU2MWY1NmRkZjIzNzZiMjlhMTFjODAyODFkMjEyMDFmOTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlbWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1bnNwZWNpZmllZCI%2BPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5qYWNrc29uQGV4YW1wbGUuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU%2BPHNhbWw6QXR0cmlidXRlIE5hbWU9ImZpcnN0TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1bnNwZWNpZmllZCI%2BPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5qYWNrc29uPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU%2BPHNhbWw6QXR0cmlidXRlIE5hbWU9Imxhc3ROYW1lIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVuc3BlY2lmaWVkIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmphY2tzb248L3NhbWw6QXR0cmlidXRlVmFsdWU%2BPC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24%2BPC9zYW1scDpSZXNwb25zZT4%3D"""; + + var request = HttpRequest.httpRequest(raw); + var analysis = SamlMessageAnalyzer.analyze(request, "SAMLRequest", "SAMLResponse"); + var success = analysis.isSAMLMessage(); + return new TestResult(success, null, null); + } + +} diff --git a/src/main/java/livetesting/TestResult.java b/src/main/java/livetesting/TestResult.java new file mode 100644 index 0000000..9ecc8e3 --- /dev/null +++ b/src/main/java/livetesting/TestResult.java @@ -0,0 +1,4 @@ +package livetesting; + +public record TestResult(boolean success, String message, Throwable throwable) { +}