dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hints per lesson (#314)

Browse Source 
Squashing and merging ...

* Each assigment should have the options to have its own set of hints #278

* Updating lessons due to changes from #278

* Enable i18n client side #312

* IDOR move hints to assignment and enable i18n #312
This commit is contained in:
Nanne Baars
2017-01-24 15:34:06 +01:00
committed by misfir3
parent 6d727b98e3
commit 0779f7a3d0
56 changed files with 488 additions and 367 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
View File

@ -30,6 +30,7 @@
*/
package org.owasp.webgoat;
import com.fasterxml.jackson.annotation.JsonInclude;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.apache.catalina.Context;
@ -49,8 +50,10 @@ import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletCon
import org.springframework.boot.web.support.SpringBootServletInitializer;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
import java.io.File;
import java.util.Arrays;
@ -68,6 +71,15 @@ public class WebGoat extends SpringBootServletInitializer {
SpringApplication.run(WebGoat.class, args);
}
@Bean
@Primary
public Jackson2ObjectMapperBuilder jacksonBuilder() {
Jackson2ObjectMapperBuilder builder = new Jackson2ObjectMapperBuilder();
builder.indentOutput(true);
builder.serializationInclusion(JsonInclude.Include.NON_NULL);
return builder;
}
@Bean(name = "pluginTargetDirectory")
public File pluginTargetDirectory(@Value("${webgoat.user.directory}") final String webgoatHome) {
return new File(webgoatHome);

8
webgoat-container/src/main/java/org/owasp/webgoat/endpoints/AssignmentEndpoint.java
View File

@ -25,6 +25,9 @@
*/
package org.owasp.webgoat.endpoints;
import lombok.Getter;
import org.owasp.webgoat.i18n.LabelManager;
import org.owasp.webgoat.i18n.LabelProvider;
import org.owasp.webgoat.lessons.AttackResult;
import org.owasp.webgoat.session.UserSessionData;
import org.owasp.webgoat.session.UserTracker;
@ -50,6 +53,9 @@ public abstract class AssignmentEndpoint extends Endpoint {
private WebSession webSession;
@Autowired
private UserSessionData userSessionData;
@Autowired
@Getter
private LabelManager labelProvider;
//// TODO: 11/13/2016 events better fit?
@ -72,6 +78,6 @@ public abstract class AssignmentEndpoint extends Endpoint {
@Override
public final String getPath() {
return this.getClass().getAnnotationsByType(Path.class)[0].value();
return this.getClass().getAnnotationsByType(AssignmentPath.class)[0].value();
}
}

16
webgoat-container/src/main/java/org/owasp/webgoat/endpoints/AssignmentHints.java Normal file
View File

@ -0,0 +1,16 @@
package org.owasp.webgoat.endpoints;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* Created by nbaars on 1/14/17.
*/
@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
public @interface AssignmentHints {
String[] value() default {};
}

18
webgoat-container/src/main/java/org/owasp/webgoat/endpoints/AssignmentPath.java Normal file
View File

@ -0,0 +1,18 @@
package org.owasp.webgoat.endpoints;
import org.springframework.core.annotation.AliasFor;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* Created by nbaars on 1/14/17.
*/
@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
public @interface AssignmentPath {
String value();
}

46
webgoat-container/src/main/java/org/owasp/webgoat/i18n/LabelManager.java
View File

@ -1,6 +1,10 @@
package org.owasp.webgoat.i18n;
import org.owasp.webgoat.session.LabelDebugger;
import org.springframework.stereotype.Component;
import java.io.Serializable;
import java.util.Locale;
@ -33,22 +37,42 @@ import java.util.Locale;
* @version $Id: $Id
* @author dm
*/
public interface LabelManager
@Component
public class LabelManager
{
private static final long serialVersionUID = 1L;
private LabelProvider labelProvider;
private LabelDebugger labelDebugger;
private Locale locale = new Locale(LabelProvider.DEFAULT_LANGUAGE);
/**
* <p>setLocale.</p>
* <p>Constructor for LabelManagerImpl.</p>
*
* @param locale a {@link java.util.Locale} object.
* @param labelProvider a {@link LabelProvider} object.
*/
public void setLocale(Locale locale);
protected LabelManager(LabelProvider labelProvider, LabelDebugger labelDebugger) {
this.labelDebugger = labelDebugger;
this.labelProvider = labelProvider;
}
/**
* <p>get.</p>
*
* @param labelKey a {@link java.lang.String} object.
* @return a {@link java.lang.String} object.
*/
public String get(String labelKey);
/** {@inheritDoc} */
public void setLocale(Locale locale)
{
if (locale != null)
{
this.locale = locale;
}
}
/** {@inheritDoc} */
public String get(String labelKey, Object... params)
{
String label = labelProvider.get(locale, labelKey, params);
if (labelDebugger.isEnabled()) {
label = "<font color=\"#00CD00\">" + label + "</font>";
}
return label;
}
}

78
webgoat-container/src/main/java/org/owasp/webgoat/i18n/LabelManagerImpl.java
View File

@ -1,78 +0,0 @@
package org.owasp.webgoat.i18n;
import org.owasp.webgoat.session.LabelDebugger;
import org.springframework.stereotype.Component;
import java.io.Serializable;
import java.util.Locale;
/**
*************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
* free software projects.
*
* @version $Id: $Id
* @author dm
*/
@Component
public class LabelManagerImpl implements LabelManager, Serializable
{
private static final long serialVersionUID = 1L;
private LabelProvider labelProvider;
private LabelDebugger labelDebugger;
private Locale locale = new Locale(LabelProvider.DEFAULT_LANGUAGE);
/**
* <p>Constructor for LabelManagerImpl.</p>
*
* @param labelProvider a {@link LabelProvider} object.
*/
protected LabelManagerImpl(LabelProvider labelProvider, LabelDebugger labelDebugger) {
this.labelDebugger = labelDebugger;
this.labelProvider = labelProvider;
}
/** {@inheritDoc} */
public void setLocale(Locale locale)
{
if (locale != null)
{
this.locale = locale;
}
}
/** {@inheritDoc} */
public String get(String labelKey)
{
String label = labelProvider.get(locale, labelKey);
if (labelDebugger.isEnabled()) {
label = "<font color=\"#00CD00\">" + label + "</font>";
}
return label;
}
}

4
webgoat-container/src/main/java/org/owasp/webgoat/i18n/LabelProvider.java
View File

@ -97,8 +97,8 @@ public class LabelProvider {
* @param strName a {@link java.lang.String} object.
* @return a {@link java.lang.String} object.
*/
public String get(Locale locale, String strName) {
return pluginLabels.getMessage(strName, null, useLocaleOrFallbackToEnglish(locale));
public String get(Locale locale, String strName, Object... params) {
return pluginLabels.getMessage(strName, params, useLocaleOrFallbackToEnglish(locale));
}
private Locale useLocaleOrFallbackToEnglish(Locale locale) {

8
webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
View File

@ -124,13 +124,6 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
*/
protected abstract boolean getDefaultHidden();
/**
* <p>getSubmitMethod</p>
*
* @return a {@link java.lang.String} object.
*/
public abstract String getSubmitMethod();
/**
* Gets the hintCount attribute of the Lesson object
*
@ -219,4 +212,5 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
}
public abstract String getId();
}

7
webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java
View File

@ -2,8 +2,11 @@ package org.owasp.webgoat.lessons;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NonNull;
import lombok.RequiredArgsConstructor;
import java.io.Serializable;
import java.util.List;
/**
* ************************************************************************************************
@ -35,10 +38,14 @@ import java.io.Serializable;
* @since November 25, 2016
*/
@AllArgsConstructor
@RequiredArgsConstructor
@Getter
public class Assignment implements Serializable {
@NonNull
private final String name;
@NonNull
private final String path;
private List<String> hints;
}

61
webgoat-container/src/main/java/org/owasp/webgoat/lessons/Hint.java
View File

@ -26,70 +26,21 @@
*/
package org.owasp.webgoat.lessons;
import lombok.Getter;
import lombok.Setter;
/**
* <p>Hint class.</p>
*
* @author rlawson
* @version $Id: $Id
*/
@Getter
@Setter
public class Hint {
private String hint;
private String lesson;
private String assignmentPath;
private int number;
/**
* <p>Getter for the field <code>hint</code>.</p>
*
* @return the hint
*/
public String getHint() {
return hint;
}
/**
* <p>Setter for the field <code>hint</code>.</p>
*
* @param hint the hint to set
*/
public void setHint(String hint) {
this.hint = hint;
}
/**
* <p>Getter for the field <code>lesson</code>.</p>
*
* @return the lesson
*/
public String getLesson() {
return lesson;
}
/**
* <p>Setter for the field <code>lesson</code>.</p>
*
* @param lesson the lesson to set
*/
public void setLesson(String lesson) {
this.lesson = lesson;
}
/**
* <p>Getter for the field <code>number</code>.</p>
*
* @return the number
*/
public int getNumber() {
return number;
}
/**
* <p>Setter for the field <code>number</code>.</p>
*
* @param number the number to set
*/
public void setNumber(int number) {
this.number = number;
}
}

20
webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonInfoModel.java
View File

@ -1,5 +1,6 @@
package org.owasp.webgoat.lessons;
import lombok.AllArgsConstructor;
import lombok.Getter;
import org.owasp.webgoat.session.WebSession;
@ -9,30 +10,13 @@ import org.owasp.webgoat.session.WebSession;
* @author dm
* @version $Id: $Id
*/
//// TODO: 11/5/2016 this can be removed???
@Getter
@AllArgsConstructor
public class LessonInfoModel {
private String lessonTitle;
private int numberHints;
private boolean hasSource;
private boolean hasSolution;
private boolean hasPlan;
private String submitMethod;
/**
* <p>Constructor for LessonInfoModel.</p>
*
* @param webSession a {@link org.owasp.webgoat.session.WebSession} object.
*/
public LessonInfoModel(WebSession webSession) {
AbstractLesson lesson = webSession.getCurrentLesson();
//TODO make these first class citizens of the lesson itself; and stop passing the session all over ... and generally tighten the checks up
this.hasSource = false;
this.hasPlan = false;
this.hasSolution = false;
this.lessonTitle = lesson.getTitle();
this.numberHints = lesson.getHintCount();
this.submitMethod = lesson.getSubmitMethod();
}
}

1
webgoat-container/src/main/java/org/owasp/webgoat/lessons/NewLesson.java
View File

@ -34,7 +34,6 @@ import java.util.List;
public abstract class NewLesson extends LessonAdapter {
@Override
public abstract Category getDefaultCategory();

13
webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java
View File

@ -4,6 +4,8 @@ import com.google.common.base.Optional;
import com.google.common.collect.Lists;
import lombok.Getter;
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
import org.owasp.webgoat.endpoints.AssignmentHints;
import org.owasp.webgoat.endpoints.AssignmentPath;
import org.owasp.webgoat.endpoints.Endpoint;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Assignment;
@ -114,12 +116,17 @@ public class Plugin {
private List<Assignment> createAssignment(List<Class<AssignmentEndpoint>> endpoints) {
return endpoints.stream().map(e -> new Assignment(e.getSimpleName(), getPath(e))).collect(toList());
return endpoints.stream().map(e -> new Assignment(e.getSimpleName(), getPath(e), getHints(e))).collect(toList());
}
private String getPath(Class<AssignmentEndpoint> e) {
return e.getAnnotationsByType(javax.ws.rs.Path.class)[0].value();
return e.getAnnotationsByType(AssignmentPath.class)[0].value();
}
private List<String> getHints(Class<AssignmentEndpoint> e) {
if (e.isAnnotationPresent(AssignmentHints.class)) {
return Lists.newArrayList(e.getAnnotationsByType(AssignmentHints.class)[0].value());
}
return Lists.newArrayList();
}
}

59
webgoat-container/src/main/java/org/owasp/webgoat/service/HintService.java
View File

@ -5,14 +5,16 @@
*/
package org.owasp.webgoat.service;
import com.google.common.collect.Lists;
import org.owasp.webgoat.i18n.LabelManager;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.lessons.Hint;
import org.owasp.webgoat.session.WebSession;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import java.util.ArrayList;
import java.util.List;
import static java.util.stream.Collectors.toList;
@ -23,9 +25,10 @@ import static java.util.stream.Collectors.toList;
* @author rlawson
* @version $Id: $Id
*/
@Controller
@RestController
public class HintService {
public static final String URL_HINTS_MVC = "/service/hint.mvc";
private final WebSession webSession;
public HintService(WebSession webSession) {
@ -37,30 +40,44 @@ public class HintService {
*
* @return a {@link java.util.List} object.
*/
@RequestMapping(path = "/service/hint.mvc", produces = "application/json")
public
@GetMapping(path = URL_HINTS_MVC, produces = "application/json")
@ResponseBody
List<Hint> showHint() {
List<Hint> listHints = new ArrayList<Hint>();
public List<Hint> showHint() {
AbstractLesson l = webSession.getCurrentLesson();
if (l == null) {
return listHints;
}
List<String> hints = l.getHints();
List<Hint> hints = createLessonHints(l);
hints.addAll(createAssignmentHints(l));
return hints;
if (hints == null) {
return listHints;
}
int idx = 0;
return hints.stream().map(h -> createHint(h, l.getName(), idx)).collect(toList());
}
private Hint createHint(String hintText, String lesson, int idx) {
private List<Hint> createLessonHints(AbstractLesson l) {
if ( l != null ) {
return l.getHints().stream().map(h -> createHint(h, l.getName(), null)).collect(toList());
}
return Lists.newArrayList();
}
private List<Hint> createAssignmentHints(AbstractLesson l) {
List<Hint> hints = Lists.newArrayList();
if ( l != null) {
List<Assignment> assignments = l.getAssignments();
assignments.stream().forEach(a -> { a.getHints(); createHints(a, hints);});
}
return hints;
}
private void createHints(Assignment a, List<Hint> hints) {
hints.addAll(a.getHints().stream().map(h -> createHint(h, null, a.getPath())).collect(toList()));
}
private Hint createHint(String hintText, String lesson, String assignmentName) {
Hint hint = new Hint();
hint.setHint(hintText);
hint.setLesson(lesson);
hint.setNumber(idx);
if (lesson != null) {
hint.setLesson(lesson);
} else {
hint.setAssignmentPath(assignmentName);
}
return hint;
}
}

13
webgoat-container/src/main/java/org/owasp/webgoat/service/LessonInfoService.java
View File

@ -1,24 +1,30 @@
package org.owasp.webgoat.service;
import org.owasp.webgoat.i18n.LabelManager;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.LessonInfoModel;
import org.owasp.webgoat.session.WebSession;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
@Controller
/**
* <p>LessonInfoService class.</p>
*
* @author dm
* @version $Id: $Id
*/
@RestController
public class LessonInfoService {
private final WebSession webSession;
private final LabelManager labelManager;
public LessonInfoService(WebSession webSession) {
public LessonInfoService(WebSession webSession, LabelManager labelManager) {
this.webSession = webSession;
this.labelManager = labelManager;
}
/**
@ -29,7 +35,8 @@ public class LessonInfoService {
@RequestMapping(path = "/service/lessoninfo.mvc", produces = "application/json")
public @ResponseBody
LessonInfoModel getLessonInfo() {
return new LessonInfoModel(webSession);
AbstractLesson lesson = webSession.getCurrentLesson();
return new LessonInfoModel(labelManager.get(lesson.getTitle()), false, false, false);
}
}

1
webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java
View File

@ -56,7 +56,6 @@ public class LessonMenuService {
private final Course course;
private UserTracker userTracker;
private final WebSession webSession;
/**
* Returns the lesson menu which is used to build the left nav

25
webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js
View File

@ -72,6 +72,7 @@ define(['jquery',
if (this.name === name) {
this.lessonContentView.navToPage(pageNum);
this.lessonHintView.hideHints();
this.titleView.render(this.lessonInfoModel.get('lessonTitle'));
return;
}
@ -80,9 +81,7 @@ define(['jquery',
if (typeof(name) === 'undefined' || name === null) {
//TODO: implement lesson not found or return to welcome page?
}
this.lessonContent.loadData({
'name':name
});
this.lessonContent.loadData({'name':name});
this.planView = {};
this.solutionView = {};
this.sourceView = {};
@ -94,23 +93,20 @@ define(['jquery',
this.helpControlsView = new HelpControlsView({
hasPlan:this.lessonInfoModel.get('hasPlan'),
hasSolution:this.lessonInfoModel.get('hasSolution'),
hasSource:this.lessonInfoModel.get('hasSource'),
hasHints:(this.lessonInfoModel.get('numberHints') > 0)
//hasAttack:this.lessonInfo.get('hasAttack') // TODO: add attack options
hasSource:this.lessonInfoModel.get('hasSource')
});
this.listenTo(this.helpControlsView,'hints:show',this.showHints);
this.listenTo(this.helpControlsView,'lessonOverview:show',this.showLessonOverview)
this.listenTo(this.helpControlsView,'attack:show',this.hideShowAttack);
this.listenTo(this.helpControlsView,'solution:show',this.hideShowHelps);
this.listenTo(this.helpControlsView,'source:show',this.hideShowHelps);
this.listenTo(this.helpControlsView,'lesson:restart',this.restartLesson);
this.listenTo(this.developerControlsView, 'dev:labels', this.restartLesson);
this.listenTo(this,'hints:show',this.onShowHints);
this.helpControlsView.render();
this.lessonOverview.hideLessonOverview();
this.titleView.render(this.lessonInfoModel.get('lessonTitle'));
this.helpControlsView.showHideHintsButton({});
};
this.updateMenu = function() {
@ -191,19 +187,6 @@ define(['jquery',
this.lessonOverviewModel.fetch().then(this.lessonOverview.render());
};
this.hideShowAttack = function (options) { // will likely expand this to encompass
if (options.show) {
$('#attack-container').show();
$('#attack-container div.modal-header button.close, #about-modal div.modal-footer button').unbind('click').on('click', function() {
$('#attack-container').hide(200);
});
if (this.lessonInfoModel.get('numberHints') > 0) {
this.lessonContentView.$el.find('#show-hints-button').unbind().on('click',_.bind(this.showHints,this)).show();
}
}
};
this.restartLesson = function() {
var self=this;
$.ajax({

28
webgoat-container/src/main/resources/static/js/goatApp/goatApp.js
View File

@ -1,13 +1,15 @@
define(['jquery','underscore','backbone','goatApp/view/GoatRouter', 'goatApp/support/goatAsyncErrorHandler'],
function($,_,Backbone,Router, asyncErrorHandler){
'use strict'
//var goatRouter = new Router();
return {
initApp: function() {
asyncErrorHandler.init();
//TODO: add query/ability to load from where they left off
var goatRouter = new Router();
goatRouter.init();
}
};
});
define(['jquery', 'underscore', 'backbone', 'polyglot', 'goatApp/view/GoatRouter', 'goatApp/support/goatAsyncErrorHandler'],
function ($, _, Backbone, Polyglot, Router, asyncErrorHandler) {
'use strict'
return {
initApp: function () {
var locale = localStorage.getItem('locale') || 'en';
$.getJSON('service/labels.mvc?lang=' + locale, function(data) {
window.polyglot = new Polyglot({phrases: data});
asyncErrorHandler.init();
var goatRouter = new Router();
});
}
};
});

13
webgoat-container/src/main/resources/static/js/goatApp/model/HintCollection.js
View File

@ -1,7 +1,7 @@
define(['jquery',
'underscore',
'backbone',
'goatApp/model/HintModel'],
'goatApp/model/HintModel'],
function($,
_,
@ -25,8 +25,17 @@ define(['jquery',
checkNullModel:function() {
if (this.models[0].indexOf('There are no hints defined.') > -1) {
this.reset([]);
//return this.models;
}
},
getHintsForAssignment: function(assignmentPath) {
var assignmentHints = new Array();
this.models.forEach(function(hint) {
if (assignmentPath.includes(hint.get('assignmentPath'))) {
assignmentHints.push(hint);
}
});
return assignmentHints;
}
});
});

76
webgoat-container/src/main/resources/static/js/goatApp/view/GoatRouter.js
View File

@ -17,11 +17,6 @@ define(['jquery',
DeveloperControlsView,
TitleView) {
var lessonContentView = new LessonContentView();
var menuView = new MenuView();
var developerControlsView = new DeveloperControlsView();
var titleView = new TitleView();
function getContentElement() {
return $('#main-content');
};
@ -38,7 +33,8 @@ define(['jquery',
};
var GoatAppRouter = Backbone.Router.extend({
routes: {
routes: {
'welcome': 'welcomeRoute',
'lesson/:name': 'lessonRoute',
'lesson/:name/:pageNum': 'lessonPageRoute',
@ -46,14 +42,9 @@ define(['jquery',
'reportCard': 'reportCard'
},
lessonController: new LessonController({
lessonContentView: lessonContentView,
titleView: titleView
}),
menuController: new MenuController({
menuView: menuView
}),
lessonController: null,
menuController : null,
titleView: null,
setUpCustomJS: function () {
webgoat.customjs.jquery = $; //passing jquery into custom js scope ... still klunky, but works for now
@ -75,54 +66,45 @@ define(['jquery',
}
},
init: function () {
goatRouter = new GoatAppRouter();
initialize: function () {
this.menuController = new MenuController({menuView: new MenuView()});
this.titleView = new TitleView();
this.lessonController = new LessonController({lessonContentView: new LessonContentView(), titleView: this.titleView}),
this.lessonController.start();
// this.menuController.initMenu();
webgoat = {};
webgoat.customjs = {};
this.setUpCustomJS();
goatRouter.on('route:lessonRoute', function (name) {
render();
this.lessonController.loadLesson(name, 0);
//TODO - update menu code from below
this.menuController.updateMenu(name);
});
goatRouter.on('route:lessonPageRoute', function (name, pageNum) {
render();
pageNum = (_.isNumber(parseInt(pageNum))) ? parseInt(pageNum) : 0;
this.lessonController.loadLesson(name, pageNum);
//TODO - update menu code from below
this.menuController.updateMenu(name);
});
goatRouter.on('route:welcomeRoute', function () {
render();
this.lessonController.loadWelcome();
});
goatRouter.on('route:testRoute', function (param) {
render();
this.lessonController.testHandler(param);
});
goatRouter.on("route", function (route, params) {
});
Backbone.history.start();
this.listenTo(this.lessonController, 'menu:reload', this.reloadMenu)
},
lessonRoute: function(name) {
render();
this.lessonController.loadLesson(name, 0);
this.menuController.updateMenu(name);
},
lessonPageRoute: function (name, pageNum) {
render();
pageNum = (_.isNumber(parseInt(pageNum))) ? parseInt(pageNum) : 0;
this.lessonController.loadLesson(name, pageNum);
this.menuController.updateMenu(name);
},
welcomeRoute: function () {
render();
this.lessonController.loadWelcome();
},
reloadMenu: function (curLesson) {
this.menuController.updateMenu();
},
reportCard : function () {
var self = this;
require(['goatApp/view/ReportCardView'], function (ReportCardView) {
titleView.render('Report card');
self.titleView.render('Report card');
render(new ReportCardView());
});
},

29
webgoat-container/src/main/resources/static/js/goatApp/view/HelpControlsView.js
View File

@ -12,33 +12,34 @@ function($,_,Backbone) {
this.hasPlan = options.hasPlan;
this.hasSolution = options.hasSolution;
this.hasSource = options.hasSource;
this.hasHints = options.hasHints;
var self = this;
Backbone.on('navigatedToPage', function(nav) {
self.showHideHintsButton(nav)
});
},
showHideHintsButton: function(nav) {
if (typeof nav['assignmentPath'] !== 'undefined') {
this.$el.find('#show-hints-button').unbind().on('click',this.showHints.bind(this)).show();
} else {
$('#show-hints-button').hide();
}
},
render:function(title) {
//this.$el.html();
// if still showing, hide
$('#show-source-button').hide();
$('#show-solution-button').hide();
$('#show-plan-button').hide();
$('#show-hints-button').hide();
if (this.hasSource) {
this.$el.find('#show-source-button').unbind().on('click',_.bind(this.showSource,this)).show();
}
if (this.hasHints) {
this.$el.find('#show-hints-button').unbind().on('click',this.showHints.bind(this)).show();
}
if (this.hasSolution) {
this.$el.find('#show-solution-button').unbind().on('click',_.bind(this.showSolution,this)).show();
}
if (true) { //FIXME: change to this.hasAttack
this.$el.find('#show-attack-button').unbind().on('click',_.bind(this.showAttack,this)).show();
}
this.$el.find('#show-lesson-overview-button').unbind().on('click', _.bind(this.showLessonOverview, this)).show();
this.$el.find('#restart-lesson-button').unbind().on('click',_.bind(this.restartLesson,this)).show();
//this.$el.append(this.helpButtons.restartLesson);
},
showHints: function() {
@ -53,10 +54,6 @@ function($,_,Backbone) {
this.trigger('solution:show','solution');
},
showAttack: function() {
this.trigger('attack:show',{show:true});
},
restartLesson: function() {
this.trigger('lesson:restart');
},

38
webgoat-container/src/main/resources/static/js/goatApp/view/HintView.js
View File

@ -15,8 +15,13 @@ function($,
initialize: function() {
this.curHint=0;
this.collection = new HintCollection();
this.hintsToShow = new Array();
this.listenTo(this.collection,'loaded',this.onModelLoaded);
this.hideHints();
var self = this;
Backbone.on('navigatedToPage', function(nav){
self.selectHints(nav)
});
},
isVisible: function() {
@ -34,19 +39,38 @@ function($,
render:function() {
if (this.isVisible()) {
this.$el.hide(350);
} else {
} else if (this.hintsToShow.length > 0) {
this.$el.show(350);
}
this.toggleLabel()
if (this.collection.length > 0) {
if (this.hintsToShow.length > 0) {
this.hideShowPrevNextButtons();
}
this.displayHint(this.curHint);
},
/**
* Select the hints, we get '/WebGoat/HttpBasics/attack1' in the json (nav) we need to select all the hints
* from the model where the assignment name is contained in the assignmentPath. We do this not to mess
* with contextRoots etc and try to select the name from the url.
*
* @todo we can of course try to add the assigment name to the html form as attribute.
*
* @param nav the json structure for navigating
*/
selectHints: function(nav) {
this.curHint = 0;
var assignmentPath = nav['assignmentPath'];
if (assignmentPath != null) {
this.hintsToShow = this.collection.getHintsForAssignment(assignmentPath);
} else {
this.hintsToShow = new Array();
}
},
onModelLoaded: function() {
this.trigger('hints:loaded',{'helpElement':'hints','value':true})
},
@ -58,7 +82,7 @@ function($,
},
showNextHint: function() {
this.curHint = (this.curHint < this.collection.length -1) ? this.curHint+1 : this.curHint;
this.curHint = (this.curHint < this.hintsToShow.length -1) ? this.curHint+1 : this.curHint;
this.hideShowPrevNextButtons();
this.displayHint(this.curHint);
},
@ -70,11 +94,15 @@ function($,
},
displayHint: function(curHint) {
this.$el.find('#lesson-hint-content').html(this.collection.models[curHint].get('hint'));
if(this.hintsToShow.length == 0) {
this.hideHints();
} else {
this.$el.find('#lesson-hint-content').html(polyglot.t(this.hintsToShow[curHint].get('hint')));
}
},
hideShowPrevNextButtons: function() {
if (this.curHint === this.collection.length -1) {
if (this.curHint === this.hintsToShow.length -1) {
this.$el.find('#show-next-hint').css('visibility','hidden');
} else {
this.$el.find('#show-next-hint').css('visibility','visible');

13
webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js
View File

@ -189,7 +189,7 @@ define(['jquery',
if (this.currentPage < this.numPages -1) {
this.currentPage++;
window.location.href = this.model.get('lessonUrl') + '/' + this.currentPage;
//this.showCurContentPage(true);
//this.showCurContentPage(true);Con
}
if (this.currentPage > 0) {
@ -225,10 +225,21 @@ define(['jquery',
this.$el.find(this.$contentPages[this.currentPage]).show();
},
findAssigmentEndpointOnPage: function(pageNumber) {
var contentPage = this.$contentPages[this.currentPage];
var form = $('form.attack-form', contentPage);
var action = form.attr('action')
if (action !== undefined) {
return action;
}
},
navToPage: function (pageNum) {
this.setCurrentPage(pageNum);//provides validation
this.showCurContentPage(this.currentPage);
this.hideShowNavButtons();
var assignmentPath = this.findAssigmentEndpointOnPage(pageNum);
Backbone.trigger('navigatedToPage',{'pageNumber':pageNum, 'assignmentPath' : assignmentPath});
},
hideShowNavButtons: function () {

14
webgoat-container/src/main/resources/static/js/goatApp/view/MenuButtonView.js
View File

@ -7,13 +7,13 @@ function($,
_,
Backbone) {
return Backbone.View.extend({
el:'#toggle-menu', //Check this,
el:'#toggle-menu',
initialize: function() {
this.$el.on('click',this.toggleMenu);
},
toggleMenu: function() {
events: {
"click": "toggleMenu"
},
toggleMenu: function(e) {
//left
if (!$('.sidebarRight').hasClass('.sidebar-toggle-right')) {
$('.sidebarRight').removeClass('sidebar-toggle-right');
@ -21,7 +21,7 @@ function($,
}
$('.sidebar').toggleClass('sidebar-toggle');
$('.main-content-wrapper').toggleClass('main-content-toggle-left');
//e.stopPropagation();
e.stopImmediatePropagation();
}
});
});

2
webgoat-container/src/main/resources/static/js/goatApp/view/MenuView.js
View File

@ -60,7 +60,7 @@ define(['jquery',
var categoryLessonList = $('<ul>',{class:'slideDown lessonsAndStages',id:catId}); //keepOpen
for (var j=0; j < lessons.length;j++) {
var lessonItem = $('<li>',{class:'lesson'});
var lessonName = lessons[j].name;
var lessonName = polyglot.t(lessons[j].name);
var lessonId = catId + '-' + GoatUtils.makeId(lessonName);
if (this.curLessonLinkId === lessonId) {
lessonItem.addClass('selected');

17
webgoat-container/src/main/resources/static/js/libs/polyglot.min.js vendored Normal file
View File

@ -0,0 +1,17 @@
// (c) 2012 Airbnb, Inc.
//
// polyglot.js may be freely distributed under the terms of the BSD
// license. For all licensing information, details, and documention:
// http://airbnb.github.com/polyglot.js
//
//
// Polyglot.js is an I18n helper library written in JavaScript, made to
// work both in the browser and in Node. It provides a simple solution for
// interpolation and pluralization, based off of Airbnb's
// experience adding I18n functionality to its Backbone.js and Node apps.
//
// Polylglot is agnostic to your translation backend. It doesn't perform any
// translation; it simply gives you a way to manage translated phrases from
// your client- or server-side JavaScript application.
//
(function(e,t){typeof define=="function"&&define.amd?define([],function(){return t(e)}):typeof exports=="object"?module.exports=t(e):e.Polyglot=t(e)})(this,function(e){"use strict";function t(e){e=e||{},this.phrases={},this.extend(e.phrases||{}),this.currentLocale=e.locale||"en",this.allowMissing=!!e.allowMissing,this.warn=e.warn||c}function s(e){var t,n,r,i={};for(t in e)if(e.hasOwnProperty(t)){n=e[t];for(r in n)i[n[r]]=t}return i}function o(e){var t=/^\s+|\s+$/g;return e.replace(t,"")}function u(e,t,r){var i,s,u;return r!=null&&e?(s=e.split(n),u=s[f(t,r)]||s[0],i=o(u)):i=e,i}function a(e){var t=s(i);return t[e]||t.en}function f(e,t){return r[a(e)](t)}function l(e,t){for(var n in t)n!=="_"&&t.hasOwnProperty(n)&&(e=e.replace(new RegExp("%\\{"+n+"\\}","g"),t[n]));return e}function c(t){e.console&&e.console.warn&&e.console.warn("WARNING: "+t)}function h(e){var t={};for(var n in e)t[n]=e[n];return t}t.VERSION="0.4.3",t.prototype.locale=function(e){return e&&(this.currentLocale=e),this.currentLocale},t.prototype.extend=function(e,t){var n;for(var r in e)e.hasOwnProperty(r)&&(n=e[r],t&&(r=t+"."+r),typeof n=="object"?this.extend(n,r):this.phrases[r]=n)},t.prototype.clear=function(){this.phrases={}},t.prototype.replace=function(e){this.clear(),this.extend(e)},t.prototype.t=function(e,t){var n,r;return t=t==null?{}:t,typeof t=="number"&&(t={smart_count:t}),typeof this.phrases[e]=="string"?n=this.phrases[e]:typeof t._=="string"?n=t._:this.allowMissing?n=e:(this.warn('Missing translation for key: "'+e+'"'),r=e),typeof n=="string"&&(t=h(t),r=u(n,this.currentLocale,t.smart_count),r=l(r,t)),r},t.prototype.has=function(e){return e in this.phrases};var n="||||",r={chinese:function(e){return 0},german:function(e){return e!==1?1:0},french:function(e){return e>1?1:0},russian:function(e){return e%10===1&&e%100!==11?0:e%10>=2&&e%10<=4&&(e%100<10||e%100>=20)?1:2},czech:function(e){return e===1?0:e>=2&&e<=4?1:2},polish:function(e){return e===1?0:e%10>=2&&e%10<=4&&(e%100<10||e%100>=20)?1:2},icelandic:function(e){return e%10!==1||e%100===11?1:0}},i={chinese:["fa","id","ja","ko","lo","ms","th","tr","zh"],german:["da","de","en","es","fi","el","he","hu","it","nl","no","pt","sv"],french:["fr","tl","pt-br"],russian:["hr","ru"],czech:["cs"],polish:["pl"],icelandic:["is"]};return t});

1
webgoat-container/src/main/resources/static/js/main.js
View File

@ -18,6 +18,7 @@ require.config({
backbone: 'libs/backbone-min',
text: 'libs/text',
templates: 'goatApp/templates',
polyglot: 'libs/polyglot.min'
},
shim: {
underscore: {