CSRFController.java

1
package edu.ucsb.cs156.rec.controllers;
2
3
import org.springframework.context.annotation.Profile;
4
import org.springframework.security.web.csrf.CsrfToken;
5
import org.springframework.web.bind.annotation.GetMapping;
6
import org.springframework.web.bind.annotation.RestController;
7
8
  
9
import io.swagger.v3.oas.annotations.Operation;
10
import io.swagger.v3.oas.annotations.tags.Tag;
11
12
/**
13
 * The CSRF controller is used to get a CSRF token. 
14
 * This is only enabled in the development profile, 
15
 * and is used to test APIs with Postman or swagger.ui/
16
 * 
17
 * For more information on CSRF, do a web search on "Cross-Site Request Forgery".
18
 */
19
20
@Profile("development")
21
@Tag(name = "CSRF (enabled only in development; can be used with Postman to test APIs)")
22
@RestController
23
public class CSRFController {
24
25
  /**
26
   * This method returns a CSRF token.
27
   * @param token the CSRF token, injected by Spring automatically
28
   * @return the CSRF token
29
   */
30
  @Operation(summary= "Get a CSRF Token")
31
  @GetMapping("/csrf")
32
  public CsrfToken csrf(CsrfToken token) {
33 1 1. csrf : replaced return value with null for edu/ucsb/cs156/rec/controllers/CSRFController::csrf → KILLED
    return token;
34
  }
35
}

Mutations

33

1.1
Location : csrf
Killed by : edu.ucsb.cs156.rec.controllers.CSRFControllerTests.[engine:junit-jupiter]/[class:edu.ucsb.cs156.rec.controllers.CSRFControllerTests]/[method:csrf_returns_ok()]
replaced return value with null for edu/ucsb/cs156/rec/controllers/CSRFController::csrf → KILLED

Active mutators

Tests examined


Report generated by PIT 1.17.0