dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Internationalization refactoring pass 2 : removing dependencies to

Browse Source 
previous implentation
This commit is contained in:
David Touzet 2014-09-26 08:12:44 -04:00
parent 92b317b2c9
commit 05c0c0342e
34 changed files with 3829 additions and 3372 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
View File

@ -14,7 +14,6 @@ import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
@ -30,6 +29,8 @@ import org.owasp.webgoat.session.Screen;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.session.WebgoatProperties;
import org.owasp.webgoat.util.BeanProvider;
import org.owasp.webgoat.util.LabelManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -114,6 +115,8 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
private String defaultLanguage = "en";
private LabelManager labelManager = null;
/**
* Constructor for the Lesson object
*/
@ -795,4 +798,11 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
public void setWebgoatContext(WebgoatContext webgoatContext) {
this.webgoatContext = webgoatContext;
}
protected LabelManager getLabelManager() {
if(labelManager == null) {
labelManager = BeanProvider.getBean("labelManager", LabelManager.class);
}
return labelManager;
}
}

45
src/main/java/org/owasp/webgoat/lessons/BasicAuthentication.java
View File

@ -13,7 +13,6 @@ import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -102,12 +101,12 @@ public class BasicAuthentication extends SequentialLessonAdapter
{
if (headerName.length() > 0 && !headerName.equalsIgnoreCase(AUTHORIZATION))
{
s.setMessage(WebGoatI18N.get("BasicAuthHeaderNameIncorrect"));
s.setMessage(getLabelManager().get("BasicAuthHeaderNameIncorrect"));
}
if (headerValue.length() > 0
&& !(headerValue.equals("guest:guest") || headerValue.equals("webgoat:webgoat")))
{
s.setMessage(WebGoatI18N.get("BasicAuthHeaderValueIncorrect"));
s.setMessage(getLabelManager().get("BasicAuthHeaderValueIncorrect"));
}
}
@ -121,8 +120,8 @@ public class BasicAuthentication extends SequentialLessonAdapter
TR row1 = new TR();
TR row2 = new TR();
row1.addElement(new TD(new StringElement(WebGoatI18N.get("BasicAuthenticationWhatIsNameOfHeader"))));
row2.addElement(new TD(new StringElement(WebGoatI18N.get("BasicAuthenticationWhatIsDecodedValueOfHeader"))));
row1.addElement(new TD(new StringElement(getLabelManager().get("BasicAuthenticationWhatIsNameOfHeader"))));
row2.addElement(new TD(new StringElement(getLabelManager().get("BasicAuthenticationWhatIsDecodedValueOfHeader"))));
row1.addElement(new TD(new Input(Input.TEXT, HEADER_NAME, headerName.toString())));
row2.addElement(new TD(new Input(Input.TEXT, HEADER_VALUE, headerValue.toString())));
@ -133,7 +132,7 @@ public class BasicAuthentication extends SequentialLessonAdapter
ec.addElement(t);
ec.addElement(new P());
Element b = ECSFactory.makeButton(WebGoatI18N.get("Submit"));
Element b = ECSFactory.makeButton(getLabelManager().get("Submit"));
ec.addElement(b);
} catch (Exception e)
@ -159,7 +158,7 @@ public class BasicAuthentication extends SequentialLessonAdapter
getLessonTracker(s, originalUser).setStage(1);
getLessonTracker(s, originalUser).store(s, this);
makeSuccess(s);
s.setMessage(WebGoatI18N.get("BasicAuthenticiationGreenStars1")+ originalUser + WebGoatI18N.get("BasicAuthenticationGreenStars2"));
s.setMessage(getLabelManager().get("BasicAuthenticiationGreenStars1")+ originalUser + getLabelManager().get("BasicAuthenticationGreenStars2"));
return ec;
}
else
@ -185,7 +184,7 @@ public class BasicAuthentication extends SequentialLessonAdapter
getLessonTracker(s, BASIC).store(s, this, BASIC);
}
s.setMessage(WebGoatI18N.get("BasicAuthenticationStage1Completed"));
s.setMessage(getLabelManager().get("BasicAuthenticationStage1Completed"));
// If the auth header is different but still the original user - tell the user
// that the original cookie was posted bak and basic auth uses the cookie before the
@ -193,28 +192,28 @@ public class BasicAuthentication extends SequentialLessonAdapter
if (!originalAuth.equals("") && !originalAuth.equals(s.getHeader(AUTHORIZATION)))
{
ec
.addElement(WebGoatI18N.get("BasicAuthenticationAlmostThere1")
.addElement(getLabelManager().get("BasicAuthenticationAlmostThere1")
+ AUTHORIZATION
+ WebGoatI18N.get("BasicAuthenticationAlmostThere2")
+ getLabelManager().get("BasicAuthenticationAlmostThere2")
+ s.getUserName()
+ WebGoatI18N.get("BasicAuthenticationAlmostThere3"));
+ getLabelManager().get("BasicAuthenticationAlmostThere3"));
}
else if (!originalSessionId.equals(s.getCookie(JSESSIONID)))
{
ec
.addElement(WebGoatI18N.get("BasicAuthenticationReallyClose"));
.addElement(getLabelManager().get("BasicAuthenticationReallyClose"));
}
else
{
ec.addElement(WebGoatI18N.get("BasicAuthenticationUseTheHints"));
ec.addElement(getLabelManager().get("BasicAuthenticationUseTheHints"));
}
}
} catch (Exception e)
{
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
e.printStackTrace();
}
@ -245,18 +244,18 @@ public class BasicAuthentication extends SequentialLessonAdapter
// switch ( stage )
// {
// case 1:
hints.add(WebGoatI18N.get("BasicAuthenticationHint1"));
hints.add(WebGoatI18N.get("BasicAuthenticationHint2"));
hints.add(WebGoatI18N.get("BasicAuthenticationHint3"));
hints.add(WebGoatI18N.get("BasicAuthenticationHint4"));
hints.add(getLabelManager().get("BasicAuthenticationHint1"));
hints.add(getLabelManager().get("BasicAuthenticationHint2"));
hints.add(getLabelManager().get("BasicAuthenticationHint3"));
hints.add(getLabelManager().get("BasicAuthenticationHint4"));
// break;
// case 2:
hints.add(WebGoatI18N.get("BasicAuthenticationHint5"));
hints.add(WebGoatI18N.get("BasicAuthenticationHint6"));
hints.add(WebGoatI18N.get("BasicAuthenticationHint7"));
hints.add(WebGoatI18N.get("BasicAuthenticationHint8"));
hints.add(WebGoatI18N.get("BasicAuthenticationHint9"));
hints.add(getLabelManager().get("BasicAuthenticationHint5"));
hints.add(getLabelManager().get("BasicAuthenticationHint6"));
hints.add(getLabelManager().get("BasicAuthenticationHint7"));
hints.add(getLabelManager().get("BasicAuthenticationHint8"));
hints.add(getLabelManager().get("BasicAuthenticationHint9"));
// break;
// }

14
src/main/java/org/owasp/webgoat/lessons/BypassHtmlFieldRestrictions.java
View File

@ -1,11 +1,6 @@
package org.owasp.webgoat.lessons;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
@ -17,12 +12,9 @@ import org.apache.ecs.html.Div;
import org.apache.ecs.html.IMG;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.PRE;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -197,9 +189,9 @@ public class BypassHtmlFieldRestrictions extends SequentialLessonAdapter
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("BypassHtmlFieldRestrictionsHint1"));
hints.add(WebGoatI18N.get("BypassHtmlFieldRestrictionsHint2"));
hints.add(WebGoatI18N.get("BypassHtmlFieldRestrictionsHint3"));
hints.add(getLabelManager().get("BypassHtmlFieldRestrictionsHint1"));
hints.add(getLabelManager().get("BypassHtmlFieldRestrictionsHint2"));
hints.add(getLabelManager().get("BypassHtmlFieldRestrictionsHint3"));
return hints;
}

23
src/main/java/org/owasp/webgoat/lessons/CommandInjection.java
View File

@ -16,7 +16,6 @@ import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.Exec;
import org.owasp.webgoat.util.ExecResults;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -79,7 +78,7 @@ public class CommandInjection extends LessonAdapter
}
index = index + 1;
int helpFileLen = helpFile.length() - 1; // subtract 1 for the closing quote
System.out.println(WebGoatI18N.get("Command")+" = [" + helpFile.substring(index, helpFileLen).trim().toLowerCase() + "]");
System.out.println(getLabelManager().get("Command")+" = [" + helpFile.substring(index, helpFileLen).trim().toLowerCase() + "]");
if ((osName.indexOf("Windows") != -1 && (helpFile.substring(index, helpFileLen).trim().toLowerCase()
.equals("netstat -a")
|| helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("dir")
@ -97,7 +96,7 @@ public class CommandInjection extends LessonAdapter
}
else
{
s.setMessage(WebGoatI18N.get("CommandInjectionRightTrack1"));
s.setMessage(getLabelManager().get("CommandInjectionRightTrack1"));
}
}
@ -114,7 +113,7 @@ public class CommandInjection extends LessonAdapter
}
else
{
s.setMessage(WebGoatI18N.get("CommandInjectionRightTrack2"));
s.setMessage(getLabelManager().get("CommandInjectionRightTrack2"));
}
}
else
@ -125,8 +124,8 @@ public class CommandInjection extends LessonAdapter
}
File safeDir = new File(s.getContext().getRealPath("/lesson_plans/en"));
ec.addElement(new StringElement(WebGoatI18N.get("YouAreCurrentlyViewing")+"<b>"
+ (helpFile.toString().length() == 0 ? "&lt;"+WebGoatI18N.get("SelectFileFromListBelow")+"&gt;" : helpFile.toString())
ec.addElement(new StringElement(getLabelManager().get("YouAreCurrentlyViewing")+"<b>"
+ (helpFile.toString().length() == 0 ? "&lt;"+getLabelManager().get("SelectFileFromListBelow")+"&gt;" : helpFile.toString())
+ "</b>"));
if (!illegalCommand)
@ -151,11 +150,11 @@ public class CommandInjection extends LessonAdapter
fileData = exec(s, cmd2);
}
ec.addElement(new P().addElement(WebGoatI18N.get("SelectLessonPlanToView")));
ec.addElement(new P().addElement(getLabelManager().get("SelectLessonPlanToView")));
ec.addElement(ECSFactory.makePulldown(HELP_FILE, parseResults(results.replaceAll("(?s)\\.html",
"\\.help"))));
// ec.addElement( results );
Element b = ECSFactory.makeButton(WebGoatI18N.get("View"));
Element b = ECSFactory.makeButton(getLabelManager().get("View"));
ec.addElement(b);
// Strip out some of the extra html from the "help" file
ec.addElement(new BR());
@ -271,10 +270,10 @@ public class CommandInjection extends LessonAdapter
protected List<String> getHints(WebSession s)
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("CommandInjectionHint1"));
hints.add(WebGoatI18N.get("CommandInjectionHint2"));
hints.add(WebGoatI18N.get("CommandInjectionHint3"));
hints.add(WebGoatI18N.get("CommandInjectionHint4"));
hints.add(getLabelManager().get("CommandInjectionHint1"));
hints.add(getLabelManager().get("CommandInjectionHint2"));
hints.add(getLabelManager().get("CommandInjectionHint3"));
hints.add(getLabelManager().get("CommandInjectionHint4"));
return hints;
}

29
src/main/java/org/owasp/webgoat/lessons/HiddenFieldTampering.java
View File

@ -22,7 +22,6 @@ import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -107,7 +106,7 @@ public class HiddenFieldTampering extends LessonAdapter
total = quantity * Float.parseFloat(price);
} catch (Exception e)
{
s.setMessage(WebGoatI18N.get("Invaild data") + this.getClass().getName());
s.setMessage(getLabelManager().get("Invaild data") + this.getClass().getName());
price = PRICE_TV;
quantity = 1.0f;
total = quantity * Float.parseFloat(PRICE_TV);
@ -116,7 +115,7 @@ public class HiddenFieldTampering extends LessonAdapter
if (price.equals(PRICE_TV))
{
ec.addElement(new Center().addElement(new H1().addElement(WebGoatI18N.get("ShoppingCart"))));
ec.addElement(new Center().addElement(new H1().addElement(getLabelManager().get("ShoppingCart"))));
ec.addElement(new BR());
Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
@ -126,10 +125,10 @@ public class HiddenFieldTampering extends LessonAdapter
}
TR tr = new TR();
tr.addElement(new TH().addElement(WebGoatI18N.get("ShoppingCartItems")).setWidth("80%"));
tr.addElement(new TH().addElement(WebGoatI18N.get("Price")).setWidth("10%"));
tr.addElement(new TH().addElement(WebGoatI18N.get("Quantity")).setWidth("3%"));
tr.addElement(new TH().addElement(WebGoatI18N.get("Total")).setWidth("7%"));
tr.addElement(new TH().addElement(getLabelManager().get("ShoppingCartItems")).setWidth("80%"));
tr.addElement(new TH().addElement(getLabelManager().get("Price")).setWidth("10%"));
tr.addElement(new TH().addElement(getLabelManager().get("Quantity")).setWidth("3%"));
tr.addElement(new TH().addElement(getLabelManager().get("Total")).setWidth("7%"));
t.addElement(tr);
tr = new TR();
@ -150,10 +149,10 @@ public class HiddenFieldTampering extends LessonAdapter
ec.addElement(new BR());
tr = new TR();
tr.addElement(new TD().addElement(WebGoatI18N.get("TotalChargedCreditCard")+":"));
tr.addElement(new TD().addElement(getLabelManager().get("TotalChargedCreditCard")+":"));
tr.addElement(new TD().addElement(money.format(total)));
tr.addElement(new TD().addElement(ECSFactory.makeButton(WebGoatI18N.get("UpdateCart"))));
tr.addElement(new TD().addElement(ECSFactory.makeButton(WebGoatI18N.get("Purchase"), "validate()")));
tr.addElement(new TD().addElement(ECSFactory.makeButton(getLabelManager().get("UpdateCart"))));
tr.addElement(new TD().addElement(ECSFactory.makeButton(getLabelManager().get("Purchase"), "validate()")));
t.addElement(tr);
ec.addElement(t);
@ -170,10 +169,10 @@ public class HiddenFieldTampering extends LessonAdapter
makeSuccess(s);
}
ec.addElement(new P().addElement(WebGoatI18N.get("TotalPriceIs")+":"));
ec.addElement(new P().addElement(getLabelManager().get("TotalPriceIs")+":"));
ec.addElement(new B("$" + total));
ec.addElement(new BR());
ec.addElement(new P().addElement(WebGoatI18N.get("ThisAmountCharged")));
ec.addElement(new P().addElement(getLabelManager().get("ThisAmountCharged")));
}
return (ec);
@ -198,9 +197,9 @@ public class HiddenFieldTampering extends LessonAdapter
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("HiddenFieldTamperingHint1"));
hints.add(WebGoatI18N.get("HiddenFieldTamperingHint2"));
hints.add(WebGoatI18N.get("HiddenFieldTamperingHint3")+ PRICE_TV +WebGoatI18N.get("HiddenFieldTamperingHint32") + PRICE_TV_HACKED );
hints.add(getLabelManager().get("HiddenFieldTamperingHint1"));
hints.add(getLabelManager().get("HiddenFieldTamperingHint2"));
hints.add(getLabelManager().get("HiddenFieldTamperingHint3")+ PRICE_TV +getLabelManager().get("HiddenFieldTamperingHint32") + PRICE_TV_HACKED );
return hints;
}

23
src/main/java/org/owasp/webgoat/lessons/HtmlClues.java
View File

@ -19,7 +19,6 @@ import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -108,7 +107,7 @@ public class HtmlClues extends LessonAdapter
{
makeSuccess(s);
s.setMessage(WebGoatI18N.get("HtmlCluesBINGO"));
s.setMessage(getLabelManager().get("HtmlCluesBINGO"));
ec.addElement(makeUser(s, "admin", "CREDENTIALS"));
}
else
@ -139,8 +138,8 @@ public class HtmlClues extends LessonAdapter
protected Element makeUser(WebSession s, String user, String method) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement(new P().addElement(WebGoatI18N.get("WelcomeUser")+ user));
ec.addElement(new P().addElement(WebGoatI18N.get("YouHaveBeenAuthenticatedWith") + method));
ec.addElement(new P().addElement(getLabelManager().get("WelcomeUser")+ user));
ec.addElement(new P().addElement(getLabelManager().get("YouHaveBeenAuthenticatedWith") + method));
return (ec);
}
@ -159,12 +158,12 @@ public class HtmlClues extends LessonAdapter
TR tr = new TR();
tr.addElement(new TH()
.addElement(WebGoatI18N.get("WeakAuthenticationCookiePleaseSignIn"))
.addElement(getLabelManager().get("WeakAuthenticationCookiePleaseSignIn"))
.setColSpan(2).setAlign("left"));
t.addElement(tr);
tr = new TR();
tr.addElement(new TD().addElement("*"+WebGoatI18N.get("RequiredFields")).setWidth("30%"));
tr.addElement(new TD().addElement("*"+getLabelManager().get("RequiredFields")).setWidth("30%"));
t.addElement(tr);
tr = new TR();
@ -173,8 +172,8 @@ public class HtmlClues extends LessonAdapter
TR row1 = new TR();
TR row2 = new TR();
row1.addElement(new TD(new B(new StringElement("*"+WebGoatI18N.get("UserName")+": "))));
row2.addElement(new TD(new B(new StringElement("*"+WebGoatI18N.get("Password")+": "))));
row1.addElement(new TD(new B(new StringElement("*"+getLabelManager().get("UserName")+": "))));
row2.addElement(new TD(new B(new StringElement("*"+getLabelManager().get("Password")+": "))));
Input input1 = new Input(Input.TEXT, USERNAME, "");
Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
@ -183,7 +182,7 @@ public class HtmlClues extends LessonAdapter
t.addElement(row1);
t.addElement(row2);
Element b = ECSFactory.makeButton(WebGoatI18N.get("Login"));
Element b = ECSFactory.makeButton(getLabelManager().get("Login"));
t.addElement(new TR(new TD(b)));
ec.addElement(t);
@ -198,9 +197,9 @@ public class HtmlClues extends LessonAdapter
protected List<String> getHints(WebSession s)
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("HtmlCluesHint1"));
hints.add(WebGoatI18N.get("HtmlCluesHint2"));
hints.add(WebGoatI18N.get("HtmlCluesHint3"));
hints.add(getLabelManager().get("HtmlCluesHint1"));
hints.add(getLabelManager().get("HtmlCluesHint2"));
hints.add(getLabelManager().get("HtmlCluesHint3"));
return hints;
}

6
src/main/java/org/owasp/webgoat/lessons/HttpBasics.java
View File

@ -2,7 +2,6 @@ package org.owasp.webgoat.lessons;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
@ -10,7 +9,6 @@ import org.apache.ecs.html.BR;
import org.apache.ecs.html.Input;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/**
* *************************************************************************************************
@ -61,7 +59,7 @@ public class HttpBasics extends LessonAdapter {
StringBuffer person = null;
try {
ec.addElement(new BR());
ec.addElement(new StringElement(WebGoatI18N.get("EnterYourName") + ": "));
ec.addElement(new StringElement(getLabelManager().get("EnterYourName") + ": "));
person = new StringBuffer(s.getParser().getStringParameter(PERSON, ""));
person.reverse();
@ -69,7 +67,7 @@ public class HttpBasics extends LessonAdapter {
Input input = new Input(Input.TEXT, PERSON, person.toString());
ec.addElement(input);
Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
Element b = ECSFactory.makeButton(getLabelManager().get("Go!"));
ec.addElement(b);
} catch (Exception e) {
s.setMessage("Error generating " + this.getClass().getName());

37
src/main/java/org/owasp/webgoat/lessons/JavaScriptValidation.java
View File

@ -14,7 +14,6 @@ import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.TextArea;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -125,28 +124,28 @@ public class JavaScriptValidation extends LessonAdapter
b.setType(Input.BUTTON);
b.setValue("Submit");
b.addAttribute("onclick", "validate();");
ec.addElement(new Div().addElement(new StringElement(WebGoatI18N.get("3LowerCase")+"("
ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("3LowerCase")+"("
+ regex1 + ")")));
ec.addElement(new Div().addElement(input1));
ec.addElement(new P());
ec.addElement(new Div().addElement(new StringElement(WebGoatI18N.get("Exactly3Digits")+"(" + regex2 + ")")));
ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("Exactly3Digits")+"(" + regex2 + ")")));
ec.addElement(new Div().addElement(input2));
ec.addElement(new P());
ec.addElement(new Div().addElement(new StringElement(WebGoatI18N.get("LettersNumbersSpaceOnly")+"(" + regex3
ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("LettersNumbersSpaceOnly")+"(" + regex3
+ ")")));
ec.addElement(new Div().addElement(input3));
ec.addElement(new P());
ec.addElement(new Div().addElement(new StringElement(WebGoatI18N.get("EnumerationOfNumbers")+" (" + regex4 + ")")));
ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("EnumerationOfNumbers")+" (" + regex4 + ")")));
ec.addElement(new Div().addElement(input4));
ec.addElement(new P());
ec.addElement(new Div().addElement(new StringElement(WebGoatI18N.get("SimpleZipCode")+ " (" + regex5 + ")")));
ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("SimpleZipCode")+ " (" + regex5 + ")")));
ec.addElement(new Div().addElement(input5));
ec.addElement(new P());
ec.addElement(new Div()
.addElement(new StringElement(WebGoatI18N.get("ZIPDashFour")+" (" + regex6 + ")")));
.addElement(new StringElement(getLabelManager().get("ZIPDashFour")+" (" + regex6 + ")")));
ec.addElement(new Div().addElement(input6));
ec.addElement(new P());
ec.addElement(new Div().addElement(new StringElement(WebGoatI18N.get("USPhoneNumber")+ " ("
ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("USPhoneNumber")+ " ("
+ regex7 + ")")));
ec.addElement(new Div().addElement(input7));
ec.addElement(new P());
@ -161,43 +160,43 @@ public class JavaScriptValidation extends LessonAdapter
if (!pattern1.matcher(param1).matches())
{
err++;
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+" Field1.";
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+" Field1.";
}
if (!pattern2.matcher(param2).matches())
{
err++;
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+" Field2.";
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+" Field2.";
}
if (!pattern3.matcher(param3).matches())
{
err++;
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+"Field3.";
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+"Field3.";
}
if (!pattern4.matcher(param4).matches())
{
err++;
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+"Field4.";
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+"Field4.";
}
if (!pattern5.matcher(param5).matches())
{
err++;
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+"Field5.";
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+"Field5.";
}
if (!pattern6.matcher(param6).matches())
{
err++;
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+"Field6.";
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+"Field6.";
}
if (!pattern7.matcher(param7).matches())
{
err++;
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+"Field7.";
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+"Field7.";
}
if (err > 0)
@ -213,7 +212,7 @@ public class JavaScriptValidation extends LessonAdapter
catch (Exception e)
{
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
e.printStackTrace();
}
@ -238,9 +237,9 @@ public class JavaScriptValidation extends LessonAdapter
protected List<String> getHints(WebSession s)
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("JavaScriptValidationHint1"));
hints.add(WebGoatI18N.get("JavaScriptValidationHint2"));
hints.add(WebGoatI18N.get("JavaScriptValidationHint3"));
hints.add(getLabelManager().get("JavaScriptValidationHint1"));
hints.add(getLabelManager().get("JavaScriptValidationHint2"));
hints.add(getLabelManager().get("JavaScriptValidationHint3"));
return hints;

3
src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
View File

@ -15,7 +15,6 @@ import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/**
* *************************************************************************************************
@ -220,7 +219,7 @@ public abstract class LessonAdapter extends AbstractLesson {
protected Element makeSuccess(WebSession s) {
getLessonTracker(s).setCompleted(true);
s.setMessage(WebGoatI18N.get("LessonCompleted"));
s.setMessage(getLabelManager().get("LessonCompleted"));
return (null);
}

17
src/main/java/org/owasp/webgoat/lessons/LogSpoofing.java
View File

@ -18,7 +18,6 @@ import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -75,15 +74,15 @@ public class LogSpoofing extends LessonAdapter
TR row2 = new TR();
TR row3 = new TR();
row1.addElement(new TD(new StringElement(WebGoatI18N.get("UserName")+":")));
row1.addElement(new TD(new StringElement(getLabelManager().get("UserName")+":")));
Input username = new Input(Input.TEXT, USERNAME, "");
row1.addElement(new TD(username));
row2.addElement(new TD(new StringElement(WebGoatI18N.get("Password")+": ")));
row2.addElement(new TD(new StringElement(getLabelManager().get("Password")+": ")));
Input password = new Input(Input.PASSWORD, PASSWORD, "");
row2.addElement(new TD(password));
Element b = ECSFactory.makeButton(WebGoatI18N.get("Login"));
Element b = ECSFactory.makeButton(getLabelManager().get("Login"));
row3.addElement(new TD(new StringElement("&nbsp; ")));
row3.addElement(new TD(b)).setAlign("right");
@ -105,7 +104,7 @@ public class LogSpoofing extends LessonAdapter
Table t2 = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
TR row4 = new TR();
row4.addElement(new TD(new PRE(WebGoatI18N.get("LoginFailedForUserName")+": " + inputUsername))).setBgColor(HtmlColor.GRAY);
row4.addElement(new TD(new PRE(getLabelManager().get("LoginFailedForUserName")+": " + inputUsername))).setBgColor(HtmlColor.GRAY);
t2.addElement(row4);
@ -134,10 +133,10 @@ public class LogSpoofing extends LessonAdapter
protected List<String> getHints(WebSession s)
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("LogSpoofingHint1"));
hints.add(WebGoatI18N.get("LogSpoofingHint2"));
hints.add(WebGoatI18N.get("LogSpoofingHint3"));
hints.add(WebGoatI18N.get("LogSpoofingHint4"));
hints.add(getLabelManager().get("LogSpoofingHint1"));
hints.add(getLabelManager().get("LogSpoofingHint2"));
hints.add(getLabelManager().get("LogSpoofingHint3"));
hints.add(getLabelManager().get("LogSpoofingHint4"));
return hints;
}

51
src/main/java/org/owasp/webgoat/lessons/PathBasedAccessControl.java
View File

@ -16,7 +16,6 @@ import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -78,8 +77,8 @@ public class PathBasedAccessControl extends LessonAdapter
}
String[] list = d.list();
String listing = " <p><B>"+WebGoatI18N.get("CurrentDirectory")+"</B> " + Encoding.urlDecode(dir)
+ "<br><br>"+WebGoatI18N.get("ChooseFileToView")+"</p>";
String listing = " <p><B>"+getLabelManager().get("CurrentDirectory")+"</B> " + Encoding.urlDecode(dir)
+ "<br><br>"+getLabelManager().get("ChooseFileToView")+"</p>";
TR tr = new TR();
tr.addElement(new TD().setColSpan(2).addElement(new StringElement(listing)));
@ -87,7 +86,7 @@ public class PathBasedAccessControl extends LessonAdapter
tr = new TR();
tr.addElement(new TD().setWidth("35%").addElement(ECSFactory.makePulldown(FILE, list, "", 15)));
tr.addElement(new TD().addElement(ECSFactory.makeButton(WebGoatI18N.get("ViewFile"))));
tr.addElement(new TD().addElement(ECSFactory.makeButton(getLabelManager().get("ViewFile"))));
t.addElement(tr);
ec.addElement(t);
@ -106,13 +105,13 @@ public class PathBasedAccessControl extends LessonAdapter
// file
if (upDirCount(file) == 3 && !file.endsWith("LICENSE"))
{
s.setMessage(WebGoatI18N.get("AccessDenied"));
s.setMessage(WebGoatI18N.get("ItAppears1"));
s.setMessage(getLabelManager().get("AccessDenied"));
s.setMessage(getLabelManager().get("ItAppears1"));
}
else if (upDirCount(file) > 3)
{
s.setMessage(WebGoatI18N.get("AccessDenied"));
s.setMessage(WebGoatI18N.get("ItAppears2"));
s.setMessage(getLabelManager().get("AccessDenied"));
s.setMessage(getLabelManager().get("ItAppears2"));
}
else
{
@ -131,13 +130,13 @@ public class PathBasedAccessControl extends LessonAdapter
if (s.isDebug())
{
s.setMessage(WebGoatI18N.get("File") + file);
s.setMessage(WebGoatI18N.get("Dir")+ dir);
s.setMessage(getLabelManager().get("File") + file);
s.setMessage(getLabelManager().get("Dir")+ dir);
// s.setMessage("File URI: " + "file:///" +
// (Encoding.urlEncode(dir) + "\\" +
// Encoding.urlEncode(file)).replaceAll("\\\\","/"));
s.setMessage(WebGoatI18N.get("IsFile")+ f.isFile());
s.setMessage(WebGoatI18N.get("Exists") + f.exists());
s.setMessage(getLabelManager().get("IsFile")+ f.isFile());
s.setMessage(getLabelManager().get("Exists") + f.exists());
}
if (!illegalCommand)
{
@ -147,21 +146,21 @@ public class PathBasedAccessControl extends LessonAdapter
// directory listing we gave them.
if (upDirCount(file) >= 1)
{
s.setMessage(WebGoatI18N.get("CongratsAccessToFileAllowed"));
s.setMessage(getLabelManager().get("CongratsAccessToFileAllowed"));
s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath()));
makeSuccess(s);
}
else
{
s.setMessage(WebGoatI18N.get("FileInAllowedDirectory"));
s.setMessage(getLabelManager().get("FileInAllowedDirectory"));
s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath()));
}
}
else if (file != null && file.length() != 0)
{
s
.setMessage(WebGoatI18N.get("AccessToFileDenied1") + Encoding.urlDecode(f.getCanonicalPath())
+ WebGoatI18N.get("AccessToFileDenied2"));
.setMessage(getLabelManager().get("AccessToFileDenied1") + Encoding.urlDecode(f.getCanonicalPath())
+ getLabelManager().get("AccessToFileDenied2"));
}
else
{
@ -175,11 +174,11 @@ public class PathBasedAccessControl extends LessonAdapter
ec.addElement(new BR());
ec.addElement(new BR());
ec.addElement(new HR().setWidth("100%"));
ec.addElement(WebGoatI18N.get("ViewingFile")+ f.getCanonicalPath());
ec.addElement(getLabelManager().get("ViewingFile")+ f.getCanonicalPath());
ec.addElement(new HR().setWidth("100%"));
if (f.length() > 80000) { throw new Exception(WebGoatI18N.get("FileTooLarge")); }
if (f.length() > 80000) { throw new Exception(getLabelManager().get("FileTooLarge")); }
String fileData = getFileText(new BufferedReader(new FileReader(f)), false);
if (fileData.indexOf(0x00) != -1) { throw new Exception(WebGoatI18N.get("FileBinary")); }
if (fileData.indexOf(0x00) != -1) { throw new Exception(getLabelManager().get("FileBinary")); }
ec.addElement(new StringElement(fileData.replaceAll(System.getProperty("line.separator"), "<br>")
.replaceAll("(?s)<!DOCTYPE.*/head>", "").replaceAll("<br><br>", "<br>")
.replaceAll("<br>\\s<br>", "<br>").replaceAll("<\\?", "&lt;").replaceAll("<(r|u|t)",
@ -187,13 +186,13 @@ public class PathBasedAccessControl extends LessonAdapter
} catch (Exception e)
{
ec.addElement(new BR());
ec.addElement(WebGoatI18N.get("TheFollowingError"));
ec.addElement(getLabelManager().get("TheFollowingError"));
ec.addElement(e.getMessage());
}
}
} catch (Exception e)
{
s.setMessage(WebGoatI18N.get("ErrorGenerating")+ this.getClass().getName());
s.setMessage(getLabelManager().get("ErrorGenerating")+ this.getClass().getName());
e.printStackTrace();
}
@ -230,10 +229,10 @@ public class PathBasedAccessControl extends LessonAdapter
protected List<String> getHints(WebSession s)
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("PathBasedAccessControlHint1"));
hints.add(WebGoatI18N.get("PathBasedAccessControlHint2"));
hints.add(WebGoatI18N.get("PathBasedAccessControlHint3"));
hints.add(WebGoatI18N.get("PathBasedAccessControlHint4"));
hints.add(getLabelManager().get("PathBasedAccessControlHint1"));
hints.add(getLabelManager().get("PathBasedAccessControlHint2"));
hints.add(getLabelManager().get("PathBasedAccessControlHint3"));
hints.add(getLabelManager().get("PathBasedAccessControlHint4"));
return hints;
}
@ -245,7 +244,7 @@ public class PathBasedAccessControl extends LessonAdapter
*/
public String getInstructions(WebSession s)
{
String instructions = WebGoatI18N.get("PathBasedAccessControlInstr1")+ s.getUserName() + WebGoatI18N.get("PathBasedAccessControlInstr2");
String instructions = getLabelManager().get("PathBasedAccessControlInstr1")+ s.getUserName() + getLabelManager().get("PathBasedAccessControlInstr2");
return (instructions);
}

35
src/main/java/org/owasp/webgoat/lessons/ReflectedXSS.java
View File

@ -19,7 +19,6 @@ import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.HtmlEncoder;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -88,13 +87,13 @@ public class ReflectedXSS extends LessonAdapter
makeSuccess(s);
}
s.setMessage(WebGoatI18N.get("ReflectedXSSWhoops1")+ param1 + WebGoatI18N.get("ReflectedXSSWhoops2"));
s.setMessage(getLabelManager().get("ReflectedXSSWhoops1")+ param1 + getLabelManager().get("ReflectedXSSWhoops2"));
}
// FIXME: encode output of field2, then s.setMessage( field2 );
ec.addElement(new HR().setWidth("90%"));
ec.addElement(new Center().addElement(new H1().addElement(WebGoatI18N.get("ShoppingCart"))));
ec.addElement(new Center().addElement(new H1().addElement(getLabelManager().get("ShoppingCart"))));
Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
if (s.isColor())
@ -103,10 +102,10 @@ public class ReflectedXSS extends LessonAdapter
}
TR tr = new TR();
tr.addElement(new TH().addElement(WebGoatI18N.get("ShoppingCartItems")).setWidth("80%"));
tr.addElement(new TH().addElement(WebGoatI18N.get("Price")).setWidth("10%"));
tr.addElement(new TH().addElement(WebGoatI18N.get("Quantity")).setWidth("3%"));
tr.addElement(new TH().addElement(WebGoatI18N.get("Total")).setWidth("7%"));
tr.addElement(new TH().addElement(getLabelManager().get("ShoppingCartItems")).setWidth("80%"));
tr.addElement(new TH().addElement(getLabelManager().get("Price")).setWidth("10%"));
tr.addElement(new TH().addElement(getLabelManager().get("Quantity")).setWidth("3%"));
tr.addElement(new TH().addElement(getLabelManager().get("Total")).setWidth("7%"));
t.addElement(tr);
tr = new TR();
@ -171,24 +170,24 @@ public class ReflectedXSS extends LessonAdapter
ec.addElement(new BR());
tr = new TR();
tr.addElement(new TD().addElement(WebGoatI18N.get("TotalChargedCreditCard")+":"));
tr.addElement(new TD().addElement(getLabelManager().get("TotalChargedCreditCard")+":"));
tr.addElement(new TD().addElement(money.format(runningTotal)));
tr.addElement(new TD().addElement(ECSFactory.makeButton(WebGoatI18N.get("UpdateCart"))));
tr.addElement(new TD().addElement(ECSFactory.makeButton(getLabelManager().get("UpdateCart"))));
t.addElement(tr);
tr = new TR();
tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
t.addElement(tr);
tr = new TR();
tr.addElement(new TD().addElement(WebGoatI18N.get("EnterCreditCard")+":"));
tr.addElement(new TD().addElement(getLabelManager().get("EnterCreditCard")+":"));
tr.addElement(new TD().addElement(new Input(Input.TEXT, "field2", param2)));
t.addElement(tr);
tr = new TR();
tr.addElement(new TD().addElement(WebGoatI18N.get("Enter3DigitCode")+":"));
tr.addElement(new TD().addElement(getLabelManager().get("Enter3DigitCode")+":"));
tr.addElement(new TD().addElement("<input name='field1' type='TEXT' value='" + param1 + "'>"));
// tr.addElement(new TD().addElement(new Input(Input.TEXT, "field1",param1)));
t.addElement(tr);
Element b = ECSFactory.makeButton(WebGoatI18N.get("Purchase"));
Element b = ECSFactory.makeButton(getLabelManager().get("Purchase"));
tr = new TR();
tr.addElement(new TD().addElement(b).setColSpan(2).setAlign("center"));
t.addElement(tr);
@ -198,7 +197,7 @@ public class ReflectedXSS extends LessonAdapter
ec.addElement(new HR().setWidth("90%"));
} catch (Exception e)
{
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
e.printStackTrace();
}
return (ec);
@ -222,11 +221,11 @@ public class ReflectedXSS extends LessonAdapter
protected List<String> getHints(WebSession s)
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("ReflectedXSSHint1"));
hints.add(WebGoatI18N.get("ReflectedXSSHint2"));
hints.add(WebGoatI18N.get("ReflectedXSSHint3"));
hints.add(WebGoatI18N.get("ReflectedXSSHint4"));
hints.add(WebGoatI18N.get("ReflectedXSSHint5"));
hints.add(getLabelManager().get("ReflectedXSSHint1"));
hints.add(getLabelManager().get("ReflectedXSSHint2"));
hints.add(getLabelManager().get("ReflectedXSSHint3"));
hints.add(getLabelManager().get("ReflectedXSSHint4"));
hints.add(getLabelManager().get("ReflectedXSSHint5"));
return hints;
}

11
src/main/java/org/owasp/webgoat/lessons/RemoteAdminFlaw.java
View File

@ -6,7 +6,6 @@ import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -79,11 +78,11 @@ public class RemoteAdminFlaw extends LessonAdapter
public List<String> getHints(WebSession s)
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("RemoteAdminFlawHint1"));
hints.add(WebGoatI18N.get("RemoteAdminFlawHint2"));
hints.add(WebGoatI18N.get("RemoteAdminFlawHint3"));
hints.add(WebGoatI18N.get("RemoteAdminFlawHint4"));
hints.add(WebGoatI18N.get("RemoteAdminFlawHint5"));
hints.add(getLabelManager().get("RemoteAdminFlawHint1"));
hints.add(getLabelManager().get("RemoteAdminFlawHint2"));
hints.add(getLabelManager().get("RemoteAdminFlawHint3"));
hints.add(getLabelManager().get("RemoteAdminFlawHint4"));
hints.add(getLabelManager().get("RemoteAdminFlawHint5"));
return hints;
}

19
src/main/java/org/owasp/webgoat/lessons/SqlAddData.java
View File

@ -19,7 +19,6 @@ import org.apache.ecs.html.PRE;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -109,7 +108,7 @@ public class SqlAddData extends SequentialLessonAdapter
}
else
{
ec.addElement(WebGoatI18N.get("NoResultsMatched"));
ec.addElement(getLabelManager().get("NoResultsMatched"));
}
// see if the number of rows in the table has changed
@ -131,7 +130,7 @@ public class SqlAddData extends SequentialLessonAdapter
}
} catch (Exception e)
{
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
e.printStackTrace();
}
@ -143,13 +142,13 @@ public class SqlAddData extends SequentialLessonAdapter
protected Element makeAccountLine(WebSession s)
{
ElementContainer ec = new ElementContainer();
ec.addElement(new P().addElement(WebGoatI18N.get("EnterUserid")));
ec.addElement(new P().addElement(getLabelManager().get("EnterUserid")));
userid = s.getParser().getRawParameter(USERID, "jsmith");
Input input = new Input(Input.TEXT, USERID, userid.toString());
ec.addElement(input);
Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
Element b = ECSFactory.makeButton(getLabelManager().get("Go!"));
ec.addElement(b);
return ec;
@ -185,11 +184,11 @@ public class SqlAddData extends SequentialLessonAdapter
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("SqlAddDataHint1"));
hints.add(WebGoatI18N.get("SqlAddDataHint2"));
hints.add(WebGoatI18N.get("SqlAddDataHint3"));
hints.add(WebGoatI18N.get("SqlAddDataHint4"));
hints.add(WebGoatI18N.get("SqlAddDataHint5"));
hints.add(getLabelManager().get("SqlAddDataHint1"));
hints.add(getLabelManager().get("SqlAddDataHint2"));
hints.add(getLabelManager().get("SqlAddDataHint3"));
hints.add(getLabelManager().get("SqlAddDataHint4"));
hints.add(getLabelManager().get("SqlAddDataHint5"));
return hints;
}

19
src/main/java/org/owasp/webgoat/lessons/SqlModifyData.java
View File

@ -19,7 +19,6 @@ import org.apache.ecs.html.PRE;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -117,7 +116,7 @@ public class SqlModifyData extends SequentialLessonAdapter
}
else
{
ec.addElement(WebGoatI18N.get("NoResultsMatched"));
ec.addElement(getLabelManager().get("NoResultsMatched"));
}
// see if target data was modified
@ -149,7 +148,7 @@ public class SqlModifyData extends SequentialLessonAdapter
}
} catch (Exception e)
{
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
e.printStackTrace();
}
@ -161,13 +160,13 @@ public class SqlModifyData extends SequentialLessonAdapter
protected Element makeAccountLine(WebSession s)
{
ElementContainer ec = new ElementContainer();
ec.addElement(new P().addElement(WebGoatI18N.get("EnterUserid")));
ec.addElement(new P().addElement(getLabelManager().get("EnterUserid")));
userid = s.getParser().getRawParameter(USERID, "jsmith");
Input input = new Input(Input.TEXT, USERID, userid.toString());
ec.addElement(input);
Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
Element b = ECSFactory.makeButton(getLabelManager().get("Go!"));
ec.addElement(b);
return ec;
@ -203,11 +202,11 @@ public class SqlModifyData extends SequentialLessonAdapter
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("SqlModifyDataHint1"));
hints.add(WebGoatI18N.get("SqlModifyDataHint2"));
hints.add(WebGoatI18N.get("SqlModifyDataHint3"));
hints.add(WebGoatI18N.get("SqlModifyDataHint4"));
hints.add(WebGoatI18N.get("SqlModifyDataHint5"));
hints.add(getLabelManager().get("SqlModifyDataHint1"));
hints.add(getLabelManager().get("SqlModifyDataHint2"));
hints.add(getLabelManager().get("SqlModifyDataHint3"));
hints.add(getLabelManager().get("SqlModifyDataHint4"));
hints.add(getLabelManager().get("SqlModifyDataHint5"));
return hints;
}

25
src/main/java/org/owasp/webgoat/lessons/SqlNumericInjection.java
View File

@ -22,7 +22,6 @@ import org.apache.ecs.html.Select;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -131,14 +130,14 @@ public class SqlNumericInjection extends SequentialLessonAdapter
getLessonTracker(s).setStage(2);
StringBuffer msg = new StringBuffer();
msg.append(WebGoatI18N.get("NumericSqlInjectionSecondStage"));
msg.append(getLabelManager().get("NumericSqlInjectionSecondStage"));
s.setMessage(msg.toString());
}
}
else
{
ec.addElement(WebGoatI18N.get("NoResultsMatched"));
ec.addElement(getLabelManager().get("NoResultsMatched"));
}
} catch (SQLException sqle)
@ -147,7 +146,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
}
} catch (Exception e)
{
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
e.printStackTrace();
}
@ -158,7 +157,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
{
ElementContainer ec = new ElementContainer();
ec.addElement(WebGoatI18N.get("NumericSqlInjectionSecondStage2"));
ec.addElement(getLabelManager().get("NumericSqlInjectionSecondStage2"));
// if ( s.getParser().getRawParameter( ACCT_NUM, "101" ).equals("restart"))
// {
// getLessonTracker(s).setStage(1);
@ -202,14 +201,14 @@ public class SqlNumericInjection extends SequentialLessonAdapter
}
else
{
ec.addElement(WebGoatI18N.get("NoResultsMatched"));
ec.addElement(getLabelManager().get("NoResultsMatched"));
}
} catch (SQLException sqle)
{
ec.addElement(new P().addElement(sqle.getMessage()));
} catch (NumberFormatException npe)
{
ec.addElement(new P().addElement(WebGoatI18N.get("ErrorParsingAsNumber") + npe.getMessage()));
ec.addElement(new P().addElement(getLabelManager().get("ErrorParsingAsNumber") + npe.getMessage()));
}
} catch (Exception e)
{
@ -224,7 +223,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
{
ElementContainer ec = new ElementContainer();
ec.addElement(new P().addElement(WebGoatI18N.get("SelectYourStation")));
ec.addElement(new P().addElement(getLabelManager().get("SelectYourStation")));
Map<String, String> stations = getStations(s);
Select select = new Select(STATION_ID);
@ -237,7 +236,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
ec.addElement(select);
ec.addElement(new P());
Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
Element b = ECSFactory.makeButton(getLabelManager().get("Go!"));
ec.addElement(b);
return ec;
@ -307,10 +306,10 @@ public class SqlNumericInjection extends SequentialLessonAdapter
protected List<String> getHints(WebSession s)
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("SqlNumericInjectionHint1"));
hints.add(WebGoatI18N.get("SqlNumericInjectionHint2"));
hints.add(WebGoatI18N.get("SqlNumericInjectionHint3"));
hints.add(WebGoatI18N.get("SqlNumericInjectionHint4"));
hints.add(getLabelManager().get("SqlNumericInjectionHint1"));
hints.add(getLabelManager().get("SqlNumericInjectionHint2"));
hints.add(getLabelManager().get("SqlNumericInjectionHint3"));
hints.add(getLabelManager().get("SqlNumericInjectionHint4"));

25
src/main/java/org/owasp/webgoat/lessons/SqlStringInjection.java
View File

@ -18,7 +18,6 @@ import org.apache.ecs.html.PRE;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -114,14 +113,14 @@ public class SqlStringInjection extends SequentialLessonAdapter
StringBuffer msg = new StringBuffer();
msg.append(WebGoatI18N.get("StringSqlInjectionSecondStage"));
msg.append(getLabelManager().get("StringSqlInjectionSecondStage"));
s.setMessage(msg.toString());
}
}
else
{
ec.addElement(WebGoatI18N.get("NoResultsMatched"));
ec.addElement(getLabelManager().get("NoResultsMatched"));
}
} catch (SQLException sqle)
{
@ -130,7 +129,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
}
} catch (Exception e)
{
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
e.printStackTrace();
}
@ -141,7 +140,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
{
ElementContainer ec = new ElementContainer();
ec.addElement(WebGoatI18N.get("StringSqlInjectionSecondStage"));
ec.addElement(getLabelManager().get("StringSqlInjectionSecondStage"));
if (s.getParser().getRawParameter(ACCT_NAME, "YOUR_NAME").equals("restart"))
{
getLessonTracker(s).getLessonProperties().setProperty(STAGE, "1");
@ -180,7 +179,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
}
else
{
ec.addElement(WebGoatI18N.get("NoResultsMatched"));
ec.addElement(getLabelManager().get("NoResultsMatched"));
}
} catch (SQLException sqle)
{
@ -188,7 +187,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
}
} catch (Exception e)
{
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
e.printStackTrace();
}
@ -198,13 +197,13 @@ public class SqlStringInjection extends SequentialLessonAdapter
protected Element makeAccountLine(WebSession s)
{
ElementContainer ec = new ElementContainer();
ec.addElement(new P().addElement(WebGoatI18N.get("EnterLastName")));
ec.addElement(new P().addElement(getLabelManager().get("EnterLastName")));
accountName = s.getParser().getRawParameter(ACCT_NAME, "Your Name");
Input input = new Input(Input.TEXT, ACCT_NAME, accountName.toString());
ec.addElement(input);
Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
Element b = ECSFactory.makeButton(getLabelManager().get("Go!"));
ec.addElement(b);
return ec;
@ -230,10 +229,10 @@ public class SqlStringInjection extends SequentialLessonAdapter
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("SqlStringInjectionHint1"));
hints.add(WebGoatI18N.get("SqlStringInjectionHint2"));
hints.add(WebGoatI18N.get("SqlStringInjectionHint3"));
hints.add(WebGoatI18N.get("SqlStringInjectionHint4"));
hints.add(getLabelManager().get("SqlStringInjectionHint1"));
hints.add(getLabelManager().get("SqlStringInjectionHint2"));
hints.add(getLabelManager().get("SqlStringInjectionHint3"));
hints.add(getLabelManager().get("SqlStringInjectionHint4"));
return hints;
}

33
src/main/java/org/owasp/webgoat/lessons/StoredXss.java
View File

@ -21,7 +21,6 @@ import org.apache.ecs.html.Table;
import org.apache.ecs.html.TextArea;
import org.owasp.webgoat.session.*;
import org.owasp.webgoat.util.HtmlEncoder;
import org.owasp.webgoat.util.WebGoatI18N;
/**
* *************************************************************************************************
@ -110,7 +109,7 @@ public class StoredXss extends LessonAdapter {
// that could be trapped here but we will let them try. One error would be something
// like "Characters found after end of SQL statement."
if (e.getMessage().indexOf("No ResultSet was produced") == -1) {
s.setMessage(WebGoatI18N.get("CouldNotAddMessage"));
s.setMessage(getLabelManager().get("CouldNotAddMessage"));
}
e.printStackTrace();
}
@ -151,10 +150,10 @@ public class StoredXss extends LessonAdapter {
*/
protected List<String> getHints(WebSession s) {
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("StoredXssHint1"));
hints.add(WebGoatI18N.get("StoredXssHint2"));
hints.add(WebGoatI18N.get("StoredXssHint3"));
hints.add(WebGoatI18N.get("StoredXssHint4"));
hints.add(getLabelManager().get("StoredXssHint1"));
hints.add(getLabelManager().get("StoredXssHint2"));
hints.add(getLabelManager().get("StoredXssHint3"));
hints.add(getLabelManager().get("StoredXssHint4"));
return hints;
}
@ -201,14 +200,14 @@ public class StoredXss extends LessonAdapter {
ResultSet results = statement.executeQuery();
if ((results != null) && results.first()) {
ec.addElement(new H1(WebGoatI18N.get("MessageContentsFor") + ": " + results.getString(TITLE_COL)));
ec.addElement(new H1(getLabelManager().get("MessageContentsFor") + ": " + results.getString(TITLE_COL)));
Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
TR row1 = new TR(new TD(new B(new StringElement(WebGoatI18N.get("Title") + ":"))));
TR row1 = new TR(new TD(new B(new StringElement(getLabelManager().get("Title") + ":"))));
row1.addElement(new TD(new StringElement(results.getString(TITLE_COL))));
t.addElement(row1);
String messageData = results.getString(MESSAGE_COL);
TR row2 = new TR(new TD(new B(new StringElement(WebGoatI18N.get("Message") + ":"))));
TR row2 = new TR(new TD(new B(new StringElement(getLabelManager().get("Message") + ":"))));
row2.addElement(new TD(new StringElement(messageData)));
t.addElement(row2);
@ -217,7 +216,7 @@ public class StoredXss extends LessonAdapter {
// if users use a cross site request forgery or XSS to make another user post a
// message,
// they can see that the message is attributed to that user
TR row3 = new TR(new TD(new StringElement(WebGoatI18N.get("PostedBy") + ":")));
TR row3 = new TR(new TD(new StringElement(getLabelManager().get("PostedBy") + ":")));
row3.addElement(new TD(new StringElement(results.getString(USER_COL))));
t.addElement(row3);
@ -232,11 +231,11 @@ public class StoredXss extends LessonAdapter {
} else {
if (messageNum != 0) {
ec.addElement(new P().addElement(WebGoatI18N.get("CouldNotFindMessage") + messageNum));
ec.addElement(new P().addElement(getLabelManager().get("CouldNotFindMessage") + messageNum));
}
}
} catch (Exception e) {
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
e.printStackTrace();
}
@ -253,14 +252,14 @@ public class StoredXss extends LessonAdapter {
Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
TR row1 = new TR();
TR row2 = new TR();
row1.addElement(new TD(new StringElement(WebGoatI18N.get("Title") + ": ")));
row1.addElement(new TD(new StringElement(getLabelManager().get("Title") + ": ")));
Input inputTitle = new Input(Input.TEXT, TITLE, "");
row1.addElement(new TD(inputTitle));
TD item1 = new TD();
item1.setVAlign("TOP");
item1.addElement(new StringElement(WebGoatI18N.get("Message") + ": "));
item1.addElement(new StringElement(getLabelManager().get("Message") + ": "));
row2.addElement(item1);
TD item2 = new TD();
@ -270,7 +269,7 @@ public class StoredXss extends LessonAdapter {
t.addElement(row1);
t.addElement(row2);
Element b = ECSFactory.makeButton(WebGoatI18N.get("Submit"));
Element b = ECSFactory.makeButton(getLabelManager().get("Submit"));
ElementContainer ec = new ElementContainer();
ec.addElement(t);
ec.addElement(new P().addElement(b));
@ -312,11 +311,11 @@ public class StoredXss extends LessonAdapter {
}
}
} catch (Exception e) {
s.setMessage(WebGoatI18N.get("ErrorGeneratingMessageList"));
s.setMessage(getLabelManager().get("ErrorGeneratingMessageList"));
}
ElementContainer ec = new ElementContainer();
ec.addElement(new H1(WebGoatI18N.get("MessageList")));
ec.addElement(new H1(getLabelManager().get("MessageList")));
ec.addElement(t);
return (ec);

39
src/main/java/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java
View File

@ -18,7 +18,6 @@ import org.apache.ecs.html.TH;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.*;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
@ -104,7 +103,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
}
else
{
s.setMessage(WebGoatI18N.get("InvalidCookie"));
s.setMessage(getLabelManager().get("InvalidCookie"));
s.eatCookies();
}
}
@ -142,14 +141,14 @@ public class WeakAuthenticationCookie extends LessonAdapter
if (loginID != "")
{
Cookie newCookie = new Cookie(AUTHCOOKIE, loginID);
s.setMessage(WebGoatI18N.get("IdentityRemembered"));
s.setMessage(getLabelManager().get("IdentityRemembered"));
s.getResponse().addCookie(newCookie);
return (username);
}
else
{
s.setMessage(WebGoatI18N.get("InvalidUsernameAndPassword"));
s.setMessage(getLabelManager().get("InvalidUsernameAndPassword"));
}
}
@ -169,7 +168,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
if (logout)
{
s.setMessage(WebGoatI18N.get("PasswordForgotten"));
s.setMessage(getLabelManager().get("PasswordForgotten"));
s.eatCookies();
return (makeLogin(s));
@ -186,7 +185,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
if ((user != null) && (user.length() > 0)) { return (makeUser(s, user, "PARAMETERS")); }
} catch (Exception e)
{
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
e.printStackTrace();
}
@ -251,10 +250,10 @@ public class WeakAuthenticationCookie extends LessonAdapter
protected List<String> getHints(WebSession s)
{
List<String> hints = new ArrayList<String>();
hints.add(WebGoatI18N.get("WeakAuthenticationCookieHints1"));
hints.add(WebGoatI18N.get("WeakAuthenticationCookieHints2"));
hints.add(WebGoatI18N.get("WeakAuthenticationCookieHints3"));
hints.add(WebGoatI18N.get("WeakAuthenticationCookieHints4"));
hints.add(getLabelManager().get("WeakAuthenticationCookieHints1"));
hints.add(getLabelManager().get("WeakAuthenticationCookieHints2"));
hints.add(getLabelManager().get("WeakAuthenticationCookieHints3"));
hints.add(getLabelManager().get("WeakAuthenticationCookieHints4"));
return hints;
@ -290,7 +289,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
{
ElementContainer ec = new ElementContainer();
ec.addElement(new H1().addElement(WebGoatI18N.get("SignIn")));
ec.addElement(new H1().addElement(getLabelManager().get("SignIn")));
Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
if (s.isColor())
@ -300,12 +299,12 @@ public class WeakAuthenticationCookie extends LessonAdapter
TR tr = new TR();
tr.addElement(new TH()
.addElement(WebGoatI18N.get("WeakAuthenticationCookiePleaseSignIn"))
.addElement(getLabelManager().get("WeakAuthenticationCookiePleaseSignIn"))
.setColSpan(2).setAlign("left"));
t.addElement(tr);
tr = new TR();
tr.addElement(new TD().addElement("*"+WebGoatI18N.get("RequiredFields")).setWidth("30%"));
tr.addElement(new TD().addElement("*"+getLabelManager().get("RequiredFields")).setWidth("30%"));
t.addElement(tr);
tr = new TR();
@ -314,8 +313,8 @@ public class WeakAuthenticationCookie extends LessonAdapter
TR row1 = new TR();
TR row2 = new TR();
row1.addElement(new TD(new B(new StringElement("*"+WebGoatI18N.get("UserName")))));
row2.addElement(new TD(new B(new StringElement("*"+WebGoatI18N.get("Password")))));
row1.addElement(new TD(new B(new StringElement("*"+getLabelManager().get("UserName")))));
row2.addElement(new TD(new B(new StringElement("*"+getLabelManager().get("Password")))));
Input input1 = new Input(Input.TEXT, USERNAME, "");
Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
@ -324,7 +323,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
t.addElement(row1);
t.addElement(row2);
Element b = ECSFactory.makeButton(WebGoatI18N.get("Login"));
Element b = ECSFactory.makeButton(getLabelManager().get("Login"));
t.addElement(new TR(new TD(b)));
ec.addElement(t);
@ -347,10 +346,10 @@ public class WeakAuthenticationCookie extends LessonAdapter
protected Element makeUser(WebSession s, String user, String method) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement(new P().addElement(WebGoatI18N.get("WelcomeUser") + user));
ec.addElement(new P().addElement(WebGoatI18N.get("YouHaveBeenAuthenticatedWith") + method));
ec.addElement(new P().addElement(ECSFactory.makeLink(WebGoatI18N.get("Logout"), LOGOUT, true)));
ec.addElement(new P().addElement(ECSFactory.makeLink(WebGoatI18N.get("Refresh"), "", "")));
ec.addElement(new P().addElement(getLabelManager().get("WelcomeUser") + user));
ec.addElement(new P().addElement(getLabelManager().get("YouHaveBeenAuthenticatedWith") + method));
ec.addElement(new P().addElement(ECSFactory.makeLink(getLabelManager().get("Logout"), LOGOUT, true)));
ec.addElement(new P().addElement(ECSFactory.makeLink(getLabelManager().get("Refresh"), "", "")));
return (ec);
}

1
src/main/java/org/owasp/webgoat/session/Course.java
View File

@ -368,7 +368,6 @@ public class Course {
logger.info("fileName: " + fileName + " == className: " + className);
String language = getLanguageFromFileName("/lesson_plans", absoluteFile);
lesson.setLessonPlanFileName(language, absoluteFile);
WebGoatI18N.loadLanguage(language);
}
if (absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html")
&& className.endsWith(fileName)) {

11
src/main/java/org/owasp/webgoat/session/WebSession.java
View File

@ -12,6 +12,7 @@ import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Vector;
import javax.servlet.ServletContext;
@ -23,7 +24,8 @@ import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.RandomLessonAdapter;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.lessons.model.RequestParameter;
import org.owasp.webgoat.util.WebGoatI18N;
import org.owasp.webgoat.util.BeanProvider;
import org.owasp.webgoat.util.LabelManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -773,9 +775,10 @@ public class WebSession {
myParser.update(request);
}
if (myParser.getRawParameter(LANGUAGE, null) != null) {
this.currentLanguage = new String(myParser.getRawParameter(LANGUAGE, null));
WebGoatI18N.setCurrentLanguage(this.currentLanguage);
Locale locale = request.getLocale();
if(locale != null) {
LabelManager labelManager = BeanProvider.getBean("labelManager", LabelManager.class);
labelManager.setLocale(locale);
}
// System.out.println("Current Screen 1: " + currentScreen );

15
src/main/java/org/owasp/webgoat/session/WebgoatContext.java
View File

@ -1,8 +1,6 @@
package org.owasp.webgoat.session;
import javax.servlet.http.HttpServlet;
import org.owasp.webgoat.util.WebGoatI18N;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -82,8 +80,6 @@ public class WebgoatContext {
private String defaultLanguage;
private WebGoatI18N webgoati18n = null;
public WebgoatContext(HttpServlet servlet) {
this.servlet = servlet;
databaseConnectionString = getParameter(servlet, DATABASE_CONNECTION_STRING);
@ -108,9 +104,6 @@ public class WebgoatContext {
isDebug = "true".equals(getParameter(servlet, DEBUG));
servletName = servlet.getServletName();
defaultLanguage = getParameter(servlet, DEFAULTLANGUAGE) != null ? new String(getParameter(servlet, DEFAULTLANGUAGE)) : new String("en");
webgoati18n = new WebGoatI18N(this);
}
private String getParameter(HttpServlet servlet, String key) {
@ -220,12 +213,4 @@ public class WebgoatContext {
return defaultLanguage;
}
public void setWebgoatiI18N(WebGoatI18N webgoati18n) {
this.webgoati18n = webgoati18n;
}
public WebGoatI18N getWebgoatI18N() {
return webgoati18n;
}
}

63
src/main/java/org/owasp/webgoat/util/BeanProvider.java Normal file
View File

@ -0,0 +1,63 @@
package org.owasp.webgoat.util;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.stereotype.Component;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
* free software projects.
*
* For details, please see http://webgoat.github.io
*/
@Component
public class BeanProvider implements ApplicationContextAware
{
private static ApplicationContext ctx;
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
{
ctx = applicationContext;
}
/**
* Get access to managed beans from id.
*
* @param beanName
* the id of the searched bean
* @param beanClass
* the type of tye searched bean
* @return
*/
@SuppressWarnings("unchecked")
public static <T> T getBean(final String beanName, final Class<T> beanClass)
{
return (T) ctx.getBean(beanName);
}
}

41
src/main/java/org/owasp/webgoat/util/LabelManager.java Normal file
View File

@ -0,0 +1,41 @@
package org.owasp.webgoat.util;
import java.util.Locale;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
* free software projects.
*
* For details, please see http://webgoat.github.io
*/
public interface LabelManager
{
public void setLocale(Locale locale);
public String get(String labelKey);
}

61
src/main/java/org/owasp/webgoat/util/LabelManagerImpl.java Normal file
View File

@ -0,0 +1,61 @@
package org.owasp.webgoat.util;
import java.util.Locale;
import javax.annotation.Resource;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.stereotype.Component;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
* free software projects.
*
* For details, please see http://webgoat.github.io
*/
@Component("labelManager")
@Scope(value="session", proxyMode=ScopedProxyMode.INTERFACES)
public class LabelManagerImpl implements LabelManager
{
@Resource
private LabelProvider labelProvider;
/** Locale mapped with current session. */
private Locale locale = new Locale(LabelProvider.DEFAULT_LANGUAGE);
public void setLocale(Locale locale)
{
if (locale != null)
{
this.locale = locale;
}
}
public String get(String labelKey)
{
return labelProvider.get(locale, labelKey);
}
}

67
src/main/java/org/owasp/webgoat/util/LabelProvider.java Normal file
View File

@ -0,0 +1,67 @@
package org.owasp.webgoat.util;
import java.util.HashMap;
import java.util.Locale;
import java.util.ResourceBundle;
import org.springframework.stereotype.Component;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
* free software projects.
*
* For details, please see http://webgoat.github.io
*/
@Component
public class LabelProvider
{
public final static String DEFAULT_LANGUAGE = "en";
private final HashMap<Locale, ResourceBundle> labels = new HashMap<Locale, ResourceBundle>();
private final WebGoatResourceBundleController localeController = new WebGoatResourceBundleController();
public String get(Locale locale, String strName)
{
if (!labels.containsKey(locale))
{
ResourceBundle resBundle = ResourceBundle.getBundle("WebGoatLabels", locale, localeController);
labels.put(locale, resBundle);
}
return labels.get(locale).getString(strName);
}
private class WebGoatResourceBundleController extends ResourceBundle.Control
{
private final Locale fallbackLocale = new Locale(DEFAULT_LANGUAGE);
@Override
public Locale getFallbackLocale(String baseName, Locale locale)
{
if (!fallbackLocale.equals(locale)) { return fallbackLocale; }
return Locale.ROOT;
}
}
}

67
src/main/java/org/owasp/webgoat/util/WebGoatI18N.java
View File

@ -6,36 +6,61 @@ import java.util.ResourceBundle;
import org.owasp.webgoat.session.WebgoatContext;
public class WebGoatI18N {
@Deprecated
public class WebGoatI18N
{
private static HashMap<String,ResourceBundle> labels= new HashMap<String,ResourceBundle>();
private static String defaultLanguage ;
private static String currentLanguage;
private static HashMap<Locale, ResourceBundle> labels = new HashMap<Locale, ResourceBundle>();
private static Locale currentLocale;
private static WebGoatResourceBundleController localeController;
public WebGoatI18N(WebgoatContext context){
Locale l = new Locale(context.getDefaultLanguage());
WebGoatI18N.defaultLanguage=context.getDefaultLanguage();
labels.put(context.getDefaultLanguage(),ResourceBundle.getBundle("WebGoatLabels_english",l));
public WebGoatI18N(WebgoatContext context)
{
currentLocale = new Locale(context.getDefaultLanguage());
localeController = new WebGoatResourceBundleController(currentLocale);
}
public static void loadLanguage(String language){
Locale l = new Locale(language);
labels.put(language, ResourceBundle.getBundle("WebGoatLabels_english",l));
@Deprecated
public static void loadLanguage(String language)
{
// Do nothing
}
public static void setCurrentLanguage(String language){
WebGoatI18N.currentLanguage=language;
}
public static String get(String strName) {
if(labels.containsKey(WebGoatI18N.currentLanguage)){
return labels.get(WebGoatI18N.currentLanguage).getString(strName);
}
else {
return labels.get(WebGoatI18N.defaultLanguage).getString(strName);
public static void setCurrentLocale(Locale locale)
{
if (!currentLocale.equals(locale))
{
if (!labels.containsKey(locale))
{
ResourceBundle resBundle = ResourceBundle.getBundle("WebGoatLabels", locale, localeController);
labels.put(locale, resBundle);
}
WebGoatI18N.currentLocale = locale;
}
}
public static String get(String strName)
{
return labels.get(WebGoatI18N.currentLocale).getString(strName);
}
private static class WebGoatResourceBundleController extends ResourceBundle.Control
{
private Locale fallbackLocale;
public WebGoatResourceBundleController(Locale l)
{
fallbackLocale = l;
}
@Override
public Locale getFallbackLocale(String baseName, Locale locale)
{
if(! fallbackLocale.equals(locale)) {
return fallbackLocale;
}
return Locale.ROOT;
}
}
}

0
src/main/resources/WebGoatLabels_english.properties → src/main/resources/WebGoatLabels.properties
View File

0
src/main/resources/WebGoatLabels_german.properties → src/main/resources/WebGoatLabels_de.properties
View File

222
src/main/resources/WebGoatLabels_fr.properties Normal file
View File

@ -0,0 +1,222 @@
#General
LessonCompleted=F\u00e9licitations. Vous avez termin\u00e9 cette le\u00e7on avec succ\u00e9s.
RestartLesson=Recommencer cette le\u00e7on
SolutionVideos=Solution vid\u00e9os
ErrorGenerating=Error generating
InvalidData=Donn\u00e9e invalide
#HttpBasics.java
EnterYourName=Entrez votre nom
Go!=Go!
#BasicAuthentication.java
BasicAuthHeaderNameIncorrect=Le nom de l'en-t\u00eate d'authentification Basic est incorrect.
BasicAuthHeaderValueIncorrect=La valeur de l'en-t\u00eate d'authentification Basic est incorrecte.
BasicAuthenticationWhatIsNameOfHeader=Quel est le nom de l'en-t\u00eate d'authentification ?
BasicAuthenticationWhatIsDecodedValueOfHeader=Quelle est la valeur d\u00e9cod\u00e9e de l'en-t\u00eate d'authentification ?
Submit=Envoyer
BasicAuthenticationGreenStars1=Fermer votre navigateur et connectez-vous en tant que
BasicAuthenticationGreenStars2= afin de retrouver vos \u00e9toiles vertes.
BasicAuthenticationStage1Completed=F\u00e9licitations, vous avez compris la m\u00e9canique de l'authentification Basic.&nbsp;&nbsp;- Vous devez maintenant faire en sorte que WebGoat vous r\u00e9authentifie en tant que: &nbsp;&nbsp;&nbsp;&nbsp;- username: basic &nbsp;&nbsp;&nbsp;&nbsp;- password: basic. Utilisez le menu Basic Authentication pour d\u00e9marrer \u00e0 la page de connexion.
BasicAuthenticationAlmostThere1=Vous y \u00eates presque ! Vous avez modifi\u00e9 l'en-t\u00eate
BasicAuthenticationAlmostThere2= mais vous \u00eates toujours connect\u00e9 en tant que
BasicAuthenticationAlmostThere3=. Etudiez la requ\u00eate soumise apr\u00e8s la saisie des identifiants 'basic' d'utilisateur. Souvenez-vous de l'ordre des \u00e9v\u00e9nements intervenant durant l'authentification Basic.
BasicAuthenticationReallyClose=Vous touchez au but ! Changer le cookie de session contraint le serveur \u00e0 vous assigner une nouvelle session. Cela ne contraint pas le serveur \u00e0 vous r\u00e9authentifier. Quand vous aurez d\u00e9termin\u00e9 comment forcer le serveur \u00e0 op\u00e9rer une requ\u00eate d'authentification, vous devrez vous authentifier en tant que:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;user name: basic<br> &nbsp;&nbsp;&nbsp;&nbsp;password: basic<br>
BasicAuthenticationUseTheHints=Utiliez les indices ! Un \u00e0 la fois...
BasicAuthenticationHint1=L'authentification Basic utilise un cookie pour transmettre les donn\u00e9es d'identification. Utilisez un proxy pour intercepter la requ\u00eate. Etudiez les cookies.
BasicAuthenticationHint2=L'authentification Basic utilise l'encodage Base64 pour 'brouiller' the " + "user's login credentials.
BasicAuthenticationHint3=L'authentification Basic utilise 'Authorization' comme nom de cookie pour " + "store the user's credentials.
BasicAuthenticationHint4=Utiliez WebScarab -> Tools -> Transcoder to Base64 decode the value in the Authorization cookie.
BasicAuthenticationHint5=L'authentification Basic utilise un cookie pour transmettre les donn\u00e9es d'identification. Utilisez un proxy pour intercepter la requ\u00eate. Etudiez les cookies.
BasicAuthenticationHint6=Avant que le serveur web ne requiert une identification du client, la validit\u00e9 de la session courante est contr\u00f4l\u00e9e.
BasicAuthenticationHint7=Si la session est invalide, le serveur web utilisera les identifiants d'authentification Basic
BasicAuthenticationHint8=Si la session est invalide et que les identifiants d'authentification Basic sont \u00e9galement invalides, de nouveaux identifiants seront r\u00e9clam\u00e9s au client.
BasicAuthenticationHint9=Interceptez la requ\u00eate et falsifiez le JSESSIONID et l'en-t\u00eate d'Authorization.
#WeakAuthenticationCookie.java
InvalidCookie=Cookie invalide
IdentityRemembered=Votre identit\u00e9 a \u00e9t\u00e9 m\u00e9moris\u00e9e
InvalidUsernameAndPassword=Nom d'utilisateur et mot de passe saisis invalides.
UserName=Nom d'utilisateur
Password=Mot de passe
Login=Login
RequiredFields=Champs obligatoires
WeakAuthenticationCookiePleaseSignIn=Veuillez vous connecter \u00e0 votre compte. Contactez l'admin OWASP si vous n'avez pas de compte.
SignIn=Connexion
PasswordForgotten=Au revoir ! Votre mot de passe a \u00e9t\u00e9 oubli\u00e9
WelcomeUser=Bienvenue,
YouHaveBeenAuthenticatedWith=Vous avez \u00e9t\u00e9 authentifi\u00e9 par
Logout=D\u00e9connexion
Refresh=Rafraichir
WeakAuthenticationCookieHints1=Le serveur authentifie l'utilisateur au moyen d'un cookie, si vous envoyez le bon cookie.
WeakAuthenticationCookieHints2=La valeur AuthCookie peut-elle \u00eatre d\u00e9duite du nom d'utilisateur et du mot de passe ?
WeakAuthenticationCookieHints3=Ajoutez 'AuthCookie=********;' \u00e0 l'en-t\u00eate Cookie: header en utilisant <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">ZAP</A>.
WeakAuthenticationCookieHints4=Apr\u00e8s s'\u00eatre connect\u00e9 \u00e0 en tant que webgoat, un cookie est ajout\u00e9. 65432ubphcfx<br/>Apr\u00e8s s'\u00eatre connect\u00e9 en tant que aspect, un cookie est ajout\u00e9. 65432udfqtb<br/>Existe-t-il des similarit\u00e9s entre le cookie et les noms de login ?
#RemoteAdminFlaw.java
RemoteAdminFlawHint1=WebGoat a 2 interfaces d'admin.
RemoteAdminFlawHint2=WebGoat a une interface d'admin qui est contr\u00f4l\u00e9e via un param\u00e8tre d'URL et est 'attaquable'
RemoteAdminFlawHint3=WebGoat a une interface d'admin qui est contr\u00f4l\u00e9e par des contraintes de s\u00e9curit\u00e9 c\u00f4t\u00e9 serveur, et ne devrait pas \u00eatre 'attaquable'
RemoteAdminFlawHint4=Follow the Source!
RemoteAdminFlawHint5=En cas de succ\u00e8s, vous verrez appara\u00eetre de nouveaux sous-menus sous l'entr\u00e9e 'Admin Functions'
#PathBasedAccessControl.java
CurrentDirectory=R\u00e9pertoire courant :
ChooseFileToView=Choisissez le fichier \u00e0 visualiser :
ViewFile=Voir le fichier
AccessDenied=Acc\u00e8s refus\u00e9
ItAppears1=Vous \u00eates sur la bonne voie. Les commandes pouvant compromettre le syst\u00e8me d'exploitation ont \u00e9t\u00e9 d\u00e9sactiv\u00e9es. Vous \u00eates seulement autoris\u00e9 \u00e0 visualiser un fichier dans ce r\u00e9pertoire.
ItAppears2=Vous \u00eates sur la bonne voie. Les commandes pouvant compromettre le syst\u00e8me d'exploitation ont \u00e9t\u00e9 d\u00e9sactiv\u00e9es. Vous \u00eates seulement autoris\u00e9 \u00e0 visualiser les fichiers dans le r\u00e9pertoire webgoat.
CongratsAccessToFileAllowed=F\u00e9licitations ! Acc\u00e8s au fichier autoris\u00e9
FileInAllowedDirectory=Le fichier est d\u00e9j\u00e0 dans un r\u00e9pertoire autoris\u00e9 - essayez \u00e0 nouveau !
AccessToFileDenied1=Acc\u00e8s au fichier/r\u00e9pertoire "
AccessToFileDenied2=" refus\u00e9
FileTooLarge=Le fichier est trop volumineux
FileBinary=Le fichier est binaire
TheFollowingError=L'erreur suivante est intervenue lors de l'acc\u00e8s au fichier : <
PathBasedAccessControlInstr1=L'utilisateur '
PathBasedAccessControlInstr2=' a acc\u00e8s \u00e0 tous les fichiers du r\u00e9pertoire lesson_plans/English directory. Essayez de tromper le m\u00e9canisme de contr\u00f4le d'acc\u00e8s et d'acc\u00e9der \u00e0 une ressource ext\u00e9rieure au r\u00e9pertoire list\u00e9. Un ressource int\u00e9ressante \u00e0 obtenir peut \u00eatre un fichier tel que tomcat/conf/tomcat-users.xml. Souvenez-vous que les chemins d'acc\u00e8s seront diff\u00e9rents si vous utilisez les sources WebGoat.
ErrorGenerating=Error generating
ViewingFile=Fichier visualis\u00e9:
File=Fichier:
Dir=R\u00e9pertoire :
IsFile= - isFile() :
Exists= - exists() :
PathBasedAccessControlHint1=La plupart des syst\u00e8mes d'exploitation autorise les caract\u00e8res sp\u00e9ciaux dans un chemin.
PathBasedAccessControlHint2=Utilisez un explorateur de fichiers pour trouver the tomcat\\webapps\\WebGoat\\lesson_plans directory");
PathBasedAccessControlHint3=Essayez .. dans le chemin
PathBasedAccessControlHint4=Essayez ..\\..\\..\\LICENSE
#CommandInjection.java
Command=Commande
CommandInjectionRightTrack1=Vous \u00eates sur la bonne voie. Les commandes pouvant compromettre le syst\u00e8me d'exploitation ont \u00e9t\u00e9 d\u00e9sactiv\u00e9es. Les commandes suivantes sont autoris\u00e9es : netstat -a, dir, ls, ifconfig, and ipconfig.
CommandInjectionRightTrack2=Vous \u00eates sur la bonne voie. Les commandes pouvant compromettre le syst\u00e8me d'exploitation ont \u00e9t\u00e9 d\u00e9sactiv\u00e9es. Cette le\u00e7on est une le\u00e7on sur l'injection de commande, pas sur le contr\u00f4le d'acc\u00e8s.
YouAreCurrentlyViewing=Vous \u00eates en train de visualiser :
SelectFileFromListBelow=S\u00e9lectionnez un fichier depuis la liste ci-dessous
SelectLessonPlanToView=S\u00e9lectionnez le plan de le\u00e7on \u00e0 visualiser :
View=Voir
CommandInjectionHint1=L'application utilise une commande syst\u00e8me pour retourner le contenu d'un fichier.
CommandInjectionHint2=L'esperluette(&) s\u00e9pare les commandes dans le shell de commandes de Windows 2000. Sous Unix, le s\u00e9parateur est g\u00e9n\u00e9ralement un point-virgule(;)
CommandInjectionHint3=Utilisez un proxy pour ins\u00e9rer & netstat -a sous Windows or ;netstat -a sous Unix.
CommandInjectionHint4=Notez que le serveur peut encadrer le fichier soumis par des guillements
#NumericSqlInjection.java
NumericSqlInjectionSecondStage=Pas capable de r\u00e9ussir \u00e0 nouveau ! La le\u00e7on a d\u00e9tect\u00e9 votre attaque r\u00e9ussie et a maintenant bascul\u00e9 en mode d\u00e9fensif. Essayez \u00e0 nouveau d'attaquer une requ\u00eate param\u00e9tr\u00e9e.
NoResultsMatched=Aucun r\u00e9sultat retourn\u00e9. Essayez \u00e0 nouveau.
NumericSqlInjectionSecondStage2=Maintenant que vous avez r\u00e9alis\u00e9 une injection SQL avec succ\u00e8s, essayer le m\u00eame type d'attaque sur une requ\u00eate param\u00e9tr\u00e9e.
ErrorParsingAsNumber=Erreur lors de l'interpr\u00e9tation de station comme valeur num\u00e9rique :
SelectYourStation=S\u00e9lectionnez votre station m\u00e9t\u00e9o locale :
SqlNumericInjectionHint1=L'application r\u00e9cup\u00e8re la valeur sp\u00e9cifi\u00e9e depuis la liste d\u00e9roulante et l'ins\u00e8re \u00e0 la fin d'une commande SQL pr\u00e9-form\u00e9e.
SqlNumericInjectionHint2=Voici le code de la requ\u00eate assembl\u00e9e et ex\u00e9cut\u00e9e par WebGoat :<br><br>"SELECT * FROM weather_data WHERE station = " + station
SqlNumericInjectionHint3=Les commandes SQL compos\u00e9es peuvent \u00eatre assembl\u00e9es en associant de multiples conditions au moyen de mots-cl\u00e9 tels que AND et OR. Essayez d'assembler une commande qui sera toujours r\u00e9solue \u00e0 vrai.
SqlNumericInjectionHint4=Essayez d'intercepter la requ\u00eate post avec ZAP, et remplacez la valeur du param\u00e8tre station par [ 101 OR 1 = 1 ].
#StringSqlInjection.java
StringSqlInjectionSecondStage=Maintenant que vous avez r\u00e9alis\u00e9 une injection SQL avec succ\u00e8s, essayer le m\u00eame type d'attaque sur une requ\u00eate param\u00e9tr\u00e9e. Red\u00e9marrez la le\u00e7on si vous souhaitez revenir \u00e0 la requ\u00eate injectable.
EnterLastName=Entrez votre nom :
NoResultsMatched=Aucun r\u00e9sultat correspondant. Essayez encore.
SqlStringInjectionHint1=L'application r\u00e9cup\u00e8re votre saisie et l'ins\u00e8re \u00e0 la fin d'une commande SQL pr\u00e9-form\u00e9e.
SqlStringInjectionHint2=Voici le code de la requ\u00eate assembl\u00e9e et ex\u00e9cut\u00e9e par WebGoat :<br><br> "SELECT * FROM user_data WHERE last_name = "accountName"
SqlStringInjectionHint3=Les commandes SQL compos\u00e9es peuvent \u00eatre assembl\u00e9es en associant de multiples conditions au moyen de mots-cl\u00e9 tels que AND et OR. Essayez d'assembler une condition qui sera toujours r\u00e9solue \u00e0 vrai.
SqlStringInjectionHint4=Essayez de saisir [ smith' OR '1' = '1 ].
#LogSpoofing.java
LoginFailedForUserName=Login failed for username
LoginSucceededForUserName=LOGIN SUCCEEDED FOR USERNAME
LogSpoofingHint1=Essayez de tromper l'\u0153il humain en utilisant de nouvelles lignes.
LogSpoofingHint2=Utilisez CR (%0d) et LF (%0a) pour une nouvelle ligne.
LogSpoofingHint3=Essayez : Smith%0d%0aLogin Succeeded for username: admin
LogSpoofingHint4=Essayez : Smith%0d%0aLogin Succeeded for username: admin&lt;script&gt;alert(document.cookie)&lt;/script&gt;
#StoredXss.java
StoredXssHint1=Vous pouvez utiliser des tags HTML dans votre message.
StoredXssHint1=Dissimulez un tag SCRIPT dns le message afin d'attaquer quiconque le lira.
StoredXssHint1=Entrez : &lt;script language=\"javascript\" type=\"text/javascript\"&gt;alert(\"Ha Ha Ha\");&lt;/script&gt; dans le champ message.
StoredXssHint1=Entrez : &lt;script&gt;alert(document.cookie);&lt;/script&gt; dans le champ message.
MessageContentsFor=Contenu du message pour
Title=Titre
PostedBy=Post\u00e9 par
CouldNotFindMessage=Impossible de trouver ce message
Message=Message
MessageList=Liste de Messages
CouldNotAddMessage=Impossible d'ajouter un message \u00e0 la base de donn\u00e9es
ErroGeneratingMessageList=Erreur lors de la r\u00e9cup\u00e9ration de la liste de messages.
#ReflectedXSS.java
ReflectedXSSWhoops1=Whoops! Vous avez saisi
ReflectedXSSWhoops2= au lieu de votre code de trois digits. Veuillez essayez \u00e0 nouveau.
ShoppingCart=Panier
ShoppingCartItems=Articles du panier -- To Buy Now
Price=Prix
Quantity=Quantit\u00e9
Total=Total
TotalChargedCreditCard=Le montant pr\u00e9lev\u00e9 sur votre carte de cr\u00e9dit
UpdateCart=UpdateCart
EnterCreditCard=Entrez votre num\u00e9ro de carte de cr\u00e9dit
Enter3DigitCode=Entrez votre code d'acc\u00e8s de trois digits
Purchase=Acheter
ReflectedXSSHint1=Un script simple est &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;.
ReflectedXSSHint2=Pouvez-vous r\u00e9v\u00e9ler le cookie JSESSIONID au moyen du script ?
ReflectedXSSHint3=Vous pouvez utiliser &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; pour acc\u00e9der au session id du cookie
ReflectedXSSHint4=Pouvez-vous acc\u00e9der au champ carte de cr\u00e9dit du formulaire depuis le script ?
ReflectedXSSHint5=Essayez une commande de cross site trace (XST) :<br>&lt;script type=\"text/javascript\"&gt;if ( navigator.appName.indexOf(\"Microsoft\") !=-1){var xmlHttp = new ActiveXObject(\"Microsoft.XMLHTTP\");xmlHttp.open(\"TRACE\", \"./\", false); xmlHttp.send();str1=xmlHttp.responseText; while (str1.indexOf(\"\\n\") > -1) str1 = str1.replace(\"\\n\",\"&lt;br&gt;\"); document.write(str1);}&lt;/script&gt;");
#HtmlClues.java
HtmlCluesBINGO=BINGO -- admin authentifi\u00e9
HtmlCluesHint1=Vous pouvez visualiser les sources HTML en s\u00e9lectionnant 'Afficher le code source' depuis les menus du navigateur.
HtmlCluesHint2=De nombreux indices sont pr\u00e9sents dans le code HTML
HtmlCluesHint3=Recherchez le mot HIDDEN, \u00e9tudiez les URL, recherchez les commentaires.
#JavaScriptValidation.java
3LowerCase=Champ1 : exactement trois caract\u00e8res miniscules
Exactly3Digits=Champ2 : exactement trois digits
LettersNumbersSpaceOnly=Champ3 : lettres, nombres et espace seulement
EnumerationOfNumbers=Champ4 : \u00e9numeration de nombres
SimpleZipCode=Champ5 : code postal simple
ZIPDashFour=Champ6 : zip with optional dash four
USPhoneNumber=Champ7 : num\u00e9ro de t\u00e9l\u00e9phone US avec ou sans tiret(s)
ServerSideValidationViolation=Violation de la validation c\u00f4t\u00e9 serveur : You succeeded for
JavaScriptValidationHint1=La validation s'op\u00e8re dans votre navigateur.
JavaScriptValidationHint2=Essayez de modifier les valeurs au moyen d'un proxy apr\u00e8s soumission depuis le navigateur
JavaScriptValidationHint3=Une autre approche est de supprimer le JavaScript avant de visualiser la page.
#HiddenFieldTampering.java
TotalPriceIs=Votre montant total est de
ThisAmountCharged=Ce montant sera d\u00e9bit\u00e9 sur votre carte de cr\u00e9dit imm\u00e9diatement.
HiddenFieldTamperingHint1=Cette application utilise des champs cach\u00e9s pour transmettre des informations de tarification au serveur.
HiddenFieldTamperingHint2=Utilisez un programme pour intercepter et modifier la valeur du champ cach\u00e9.
HiddenFieldTamperingHint3=Utilisez <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">ZAP</A> pour modifier le prix de la TV de "
HiddenFieldTamperingHint32= \u00e0
# Modify data with SQL Injection
EnterUserid=Entrez votre userid :
SqlModifyDataHint1=Vous pouvez utiliser l'injection SQL pour ex\u00e9cuter plus d'une instruction SQL.
SqlModifyDataHint2=Utilisez le point-virgule (;) pour s\u00e9parer les instructions SQL.
SqlModifyDataHint3=Modifiez les donn\u00e9es en utilisant une instruction SQL UPDATE.
SqlModifyDataHint4=Pour des d\u00e9tails et des exemples d'utilisation d'instructions SQL UPDATE, consultez <A href=\"http://www.w3schools.com/SQl/sql_update.asp\">http://www.w3schools.com/SQl/sql_update.asp</A>
SqlModifyDataHint5=SOLUTION :<br/>foo'; UPDATE salaries SET salary=9999999 WHERE userid='jsmith
# Modify data with SQL Injection
SqlAddDataHint1=Vous pouvez utiliser l'injection SQL pour ex\u00e9cuter plus d'une instruction SQL.
SqlAddDataHint2=Utilisez le point-virgule (;) pour s\u00e9parer les instructions SQL. Vous aurez \u00e9galement besoin de commenter certains caract\u00e8res pr\u00e9sents apr\u00e8s l'injection avec un double tiret (--).
SqlAddDataHint3=Modifiez les donn\u00e9es en utilisant une instruction SQL INSERT.
SqlAddDataHint4=Pour des d\u00e9tails et des exemples d'utilisation d'instructions SQL INSERT, consultez <A href=\"http://www.w3schools.com/SQl/sql_insert.asp\">http://www.w3schools.com/SQl/sql_insert.asp</A>
SqlAddDataHint5=SOLUTION :<br/>bar'; INSERT INTO salaries VALUES ('cwillis', 999999); --
# Bypass Html Field Restrictions
BypassHtmlFieldRestrictionsHint1=Vous devez r\u00e9activer le champ de formulaire d\u00e9sactiv\u00e9 ou ajouter manuellement le param\u00e8tre correspondant \u00e0 votre requ\u00eate.
BypassHtmlFieldRestrictionsHint2=Vous pouvez utiliser <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">ZAP</A> pour intercepter et modifier les requ\u00eates.
BypassHtmlFieldRestrictionsHint3=Plut\u00f4t que d'utiliser <A href=\"https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project \">ZAP</A>, vous pouvez utiliser <A href=\"http://chrispederick.com/work/web-developer/\">Web Developer</a> et/ou l'extension Firefox <A href=\"https://addons.mozilla.org/en-US/firefox/addon/hackbar/\">Hackbar</a> pour mener \u00e0 bien cette le\u00e7on.

0
src/main/resources/WebGoatLabels_russian.properties → src/main/resources/WebGoatLabels_ru.properties
View File

2
src/main/webapp/WEB-INF/mvc-dispatcher-servlet.xml
View File

@ -11,7 +11,7 @@
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd">
<context:component-scan base-package="org.owasp.webgoat.controller, org.owasp.webgoat.lessons, org.owasp.webgoat.service" />
<context:component-scan base-package="org.owasp.webgoat" />
<!--
put custom validators here. E.g.:

6
src/main/webapp/WEB-INF/web.xml
View File

@ -162,10 +162,12 @@
-->
<param-value>jdbc:hsqldb:mem:${USER}</param-value>
</init-param>
<!--
<init-param>
<param-name>DefaultLanguage</param-name>
<param-value>en</param-value>
</init-param>
-->
<!-- Load this servlet at server startup time -->
<load-on-startup>5</load-on-startup>
</servlet>
@ -201,6 +203,10 @@
<description>Spring context init</description>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<description>Spring context init</description>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<description>WebGoat application init</description>
<listener-class>org.owasp.webgoat.application.WebGoatServletListener</listener-class>

5
src/main/webapp/main.jsp
View File

@ -5,6 +5,7 @@
WebSession webSession = ((WebSession) session.getAttribute(WebSession.SESSION));
Course course = webSession.getCourse();
AbstractLesson currentLesson = webSession.getCurrentLesson();
LabelManager labelManager = BeanProvider.getBean("labelManager", LabelManager.class);
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@ -215,8 +216,8 @@
if (currentLesson != null) {
%>
<div id="training_wrap">
<div id="training" class="info"><a href="http://yehg.net/lab/pr0js/training/webgoat.php" target="_blank"><%=WebGoatI18N.get("SolutionVideos")%></a></div>
<div id="reset" class="info"><a href="<%=webSession.getRestartLink()%>"><%=WebGoatI18N.get("RestartLesson")%></a></div>
<div id="training" class="info"><a href="http://yehg.net/lab/pr0js/training/webgoat.php" target="_blank"><%=labelManager.get("SolutionVideos")%></a></div>
<div id="reset" class="info"><a href="<%=webSession.getRestartLink()%>"><%=labelManager.get("RestartLesson")%></a></div>
</div>
<%
}