tobyash86 · tobyash86 · Dec 12, 2022 · Dec 12, 2022 · Jan 13, 2023 · Jan 13, 2023
diff --git a/.github/workflows/dottest_sa.yml b/.github/workflows/dottest_sa.yml
@@ -31,7 +31,7 @@ jobs:
         id: dottest_min_sa
         # You may pin to the exact commit or the version.
         # uses: tobyash86/run-dottest-analyzer-proto@1bc4be095189f455793afdb10b47127e06ae25ff
-        uses: parasoft/run-dottest-analyzer@master
+        uses: parasoft/run-dottest-analyzer@2.0.0
         with:
           # Path to working directory.
           installDir: c:\Program Files\Parasoft\dotTEST\2022.2
@@ -47,7 +47,7 @@ jobs:
       # ---------------------------------------------------------------
       # Upload the findings into the GitHub code scanning alert section
       - name: Upload static results to GitHub
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: ${{ steps.dottest_min_sa.outputs.report }}
 

diff --git a/.github/workflows/dottest_tia.yml b/.github/workflows/dottest_tia.yml
@@ -37,7 +37,7 @@ jobs:
         id: dottest_ut
         # You may pin to the exact commit or the version.
         # uses: tobyash86/run-dottest-analyzer-proto@1bc4be095189f455793afdb10b47127e06ae25ff
-        uses: parasoft/run-dottest-analyzer@master
+        uses: parasoft/run-dottest-analyzer@2.0.0
         with:
           # Path to working directory.
           installDir: c:\Program Files\Parasoft\dotTEST\2022.2
@@ -48,7 +48,7 @@ jobs:
       # ---------------------------------------------------------------
       # Upload the findings into the GitHub code scanning alert section
       - name: Upload TIA results to GitHub
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: ${{ steps.dottest_ut.outputs.report }}
 

diff --git a/.github/workflows/dottest_ut.yml b/.github/workflows/dottest_ut.yml
@@ -48,7 +48,7 @@ jobs:
       # ---------------------------------------------------------------
       # Upload the findings into the GitHub code scanning alert section
       - name: Upload TIA results to GitHub
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: ${{ steps.dottest_ut.outputs.report }}
 

diff --git a/WebGoat.NET.Tests/BlogRespRepositoryTests/BlogResponsesTests.cs b/WebGoat.NET.Tests/BlogRespRepositoryTests/BlogResponsesTests.cs
@@ -0,0 +1,38 @@
+using Moq;
+using NUnit.Framework;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using WebGoatCore.Data;
+using WebGoatCore.Models;
+
+namespace WebGoat.NET.Tests.BlogRespRepositoryTests
+{
+    [TestFixture]
+    public class BlogResponsesTests
+    {
+        Mock<NorthwindContext> _context;
+
+        [SetUp]
+        public void Setup()
+        {
+            _context = ContextSetup.CreateContext();
+        }
+
+        [Test]
+        public void CreateBlogRespTest()
+        {
+            var blogEntryRepo = new BlogEntryRepository(_context.Object);
+            var entry1 = blogEntryRepo.GetBlogEntry(1);
+
+            var respRepo = new BlogResponseRepository(_context.Object);
+            var resp = new BlogResponse() { Author = "admin", Contents = "Test", Id = 4, ResponseDate = DateTime.Now, BlogEntry = entry1, BlogEntryId = entry1.Id };
+
+            respRepo.CreateBlogResponse(resp);
+
+            Assert.That(_context.Object.BlogResponses.Count(), Is.EqualTo(4));
+        }
+    }
+}
diff --git a/WebGoat.NET.Tests/BlogRespRepositoryTests/ContextSetup.cs b/WebGoat.NET.Tests/BlogRespRepositoryTests/ContextSetup.cs
@@ -0,0 +1,67 @@
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.ChangeTracking;
+using Microsoft.EntityFrameworkCore.ChangeTracking.Internal;
+using Microsoft.EntityFrameworkCore.Metadata;
+using Moq;
+using System;
+using System.Collections.Generic;
+using System.Data.Entity;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using WebGoatCore.Data;
+using WebGoatCore.Models;
+
+namespace WebGoat.NET.Tests.BlogRespRepositoryTests
+{
+    internal static class ContextSetup
+    {
+        internal static Mock<NorthwindContext> CreateContext()
+        {
+            // create test DB
+            var context = BlogRepositoryTests.ContextSetup.CreateContext();
+
+            var blogEntryRepo = new BlogEntryRepository(context.Object);
+
+            var entry1 = blogEntryRepo.GetBlogEntry(1);
+
+            var r1 = new BlogResponse() { Author = "admin", Contents = "Test Content", Id = 1, ResponseDate = DateTime.Now, BlogEntry = entry1, BlogEntryId = entry1.Id };
+            var r2 = new BlogResponse() { Author = "kmitnick", Contents = "KM Test Content", Id = 2, ResponseDate = DateTime.Now, BlogEntry = entry1, BlogEntryId = entry1.Id };
+            var r3 = new BlogResponse() { Author = "me", Contents = "ME Test Content", Id = 3, ResponseDate = DateTime.Now, BlogEntry = entry1, BlogEntryId = entry1.Id };
+
+            entry1.Responses.Add(r1);
+            entry1.Responses.Add(r2);
+            entry1.Responses.Add(r3);
+
+            var entriesList = new List<BlogResponse> {
+                r1, r2, r3
+            };
+            var initialBlogEntries = entriesList.AsQueryable();
+
+            Func<BlogResponse, EntityEntry<BlogResponse>> mockEntityEntry = (BlogResponse data) =>
+            {
+                var internalEntityEntry = new InternalEntityEntry(
+                    new Mock<IStateManager>().Object,
+                    new RuntimeEntityType(nameof(BlogResponse), typeof(BlogResponse), false, null, null, null, ChangeTrackingStrategy.Snapshot, null, false),
+                    data);
+
+                var entityEntry = new EntityEntry<BlogResponse>(internalEntityEntry);
+                return entityEntry;
+            };
+
+            var mockSet = DbSetTestUtil.CreateDbSetMock(initialBlogEntries);
+
+            mockSet.Setup(m => m.Add(It.IsAny<BlogResponse>())).Returns((BlogResponse b) => 
+            {
+                entriesList.Add(b);
+                return mockEntityEntry(b); 
+            });
+
+            context.SetupGet(c => c.BlogResponses).Returns(mockSet.Object);
+
+            return context;
+        }
+
+
+    }
+}
diff --git a/WebGoat.NET/Data/CategoryRepository.cs b/WebGoat.NET/Data/CategoryRepository.cs
@@ -1,6 +1,8 @@
 using WebGoatCore.Models;
 using System.Collections.Generic;
 using System.Linq;
+using System;
+using WebGoat.NET.Logger;
 
 namespace WebGoatCore.Data
 {
@@ -15,7 +17,17 @@ public CategoryRepository(NorthwindContext context)
 
         public List<Category> GetAllCategories()
         {
-            return _context.Categories.OrderBy(c => c.CategoryId).ToList();
+            DummyLogger.Log("Calling" + nameof(GetAllCategories) + "()");
+            try
+            {
+                return _context.Categories.OrderBy(c => c.CategoryId).ToList();
+            }
+            catch (Exception e)
+            {
+                DummyLogger.Log("Exception: " + e.Message);
+                DummyLogger.Log("Trace: " + e.StackTrace);
+                throw;
+            }
         }
 
         public Category? GetById(int id)

diff --git a/readme.md b/readme.md
@@ -113,5 +113,3 @@ The WebGoat.NET projects ships with scripts that allow you to conveniently run t
 
 1. The latest OWASP Top 10 is not covered. The uncovered vulnerabilities need to be added to the code base.
 2. Educational documents/trainings for any categories of the latest OWASP Top 10 are not available.
-
-