Extract method for CsfrCountermeasuresScanRuleUnitTest

zaproxy · Sep 8, 2023 · 95a09aa · 95a09aa
1 parent 92667c7
commit 95a09aa
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/addOns/pscanrules/CHANGELOG.md b/addOns/pscanrules/CHANGELOG.md
@@ -13,7 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - The alerts of the Hash Disclosure scan rule no longer have the evidence duplicated in the Other Info field.
 
 ### Fixed
-- The Absence of Anti-CSRF Tokens Scan Rule now skips responses that are not HTML (Issue 7890)
+- The Absence of Anti-CSRF Tokens Scan Rule now skips responses that are not HTML (Issue 7890).
 
 ## [50] - 2023-07-11
 ### Added

diff --git a/...c/test/java/org/zaproxy/zap/extension/pscanrules/CsrfCountermeasuresScanRuleUnitTest.java b/...c/test/java/org/zaproxy/zap/extension/pscanrules/CsrfCountermeasuresScanRuleUnitTest.java
@@ -115,9 +115,8 @@ void shouldReturnExpectedMappings() {
     @Test
     void shouldNotRaiseAlertIfContentTypeIsNotHTML() {
         // Given
-        HttpMessage msg = new HttpMessage();
-        msg.getResponseHeader().addHeader(HttpHeader.CONTENT_TYPE, "application/json");
-        msg.setResponseBody("no html");
+        msg.getResponseHeader().setHeader(HttpHeader.CONTENT_TYPE, "application/json");
+        formWithoutAntiCsrfToken();
         // When
         scanHttpResponseReceive(msg);
         // Then
@@ -158,8 +157,7 @@ void shouldNotRaiseAlertIfFormHasNoParent() {
     @Test
     void shouldRaiseAlertIfThereIsNoCSRFTokenFound() {
         // Given
-        msg.setResponseBody(
-                "<html><head></head><body><form id=\"no_csrf_token\"><input type=\"text\"/><input type=\"submit\"/></form></body></html>");
+        formWithoutAntiCsrfToken();
         // When
         scanHttpResponseReceive(msg);
         // Then
@@ -432,6 +430,11 @@ void shouldRaiseAlertWhenThresholdLowAndMessageOutOfScope() throws URIException
         assertEquals(1, alertsRaised.size());
     }
 
+    void formWithoutAntiCsrfToken() {
+        msg.setResponseBody(
+                "<html><head></head><body><form id=\"no_csrf_token\"><input type=\"text\"/><input type=\"submit\"/></form></body></html>");
+    }
+
     private HttpMessage createScopedMessage(boolean isInScope) throws URIException {
         HttpMessage newMsg =
                 new HttpMessage() {