Hints per lesson (#314)
Squashing and merging ... * Each assigment should have the options to have its own set of hints #278 * Updating lessons due to changes from #278 * Enable i18n client side #312 * IDOR move hints to assignment and enable i18n #312
This commit is contained in:
Nanne Baars
misfir3
@ -1,6 +1,8 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentHints;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
@ -39,7 +41,7 @@ import java.io.IOException;
|
||||
* @version $Id: $Id
|
||||
* @since August 11, 2016
|
||||
*/
|
||||
@Path("/clientSideFiltering/attack1")
|
||||
@AssignmentPath("/clientSideFiltering/attack1")
|
||||
public class Attack extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
|
||||
@ -7,6 +7,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
@ -45,7 +46,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/CrossSiteScripting/attack1")
|
||||
@AssignmentPath("/CrossSiteScripting/attack1")
|
||||
public class CrossSiteScriptingLesson1 extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
|
||||
@ -7,6 +7,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
@ -45,7 +46,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/CrossSiteScripting/attack5a")
|
||||
@AssignmentPath("/CrossSiteScripting/attack5a")
|
||||
public class CrossSiteScriptingLesson5a extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
|
||||
@ -13,6 +13,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -52,7 +53,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/CrossSiteScripting/attack5b")
|
||||
@AssignmentPath("/CrossSiteScripting/attack5b")
|
||||
public class CrossSiteScriptingLesson5b extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
|
||||
@ -12,6 +12,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -51,7 +52,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/CrossSiteScripting/attack6a")
|
||||
@AssignmentPath("/CrossSiteScripting/attack6a")
|
||||
public class CrossSiteScriptingLesson6a extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
|
||||
@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -50,7 +51,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/CrossSiteScripting/attack6b")
|
||||
@AssignmentPath("/CrossSiteScripting/attack6b")
|
||||
public class CrossSiteScriptingLesson6b extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
@ -14,7 +15,7 @@ import java.io.IOException;
|
||||
/**
|
||||
* Created by jason on 11/23/16.
|
||||
*/
|
||||
@Path("/CrossSiteScripting/dom-xss")
|
||||
@AssignmentPath("/CrossSiteScripting/dom-xss")
|
||||
public class DOMCrossSiteScripting extends AssignmentEndpoint {
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public @ResponseBody
|
||||
|
||||
@ -43,12 +43,7 @@ public class HttpBasics extends NewLesson {
|
||||
|
||||
@Override
|
||||
public List<String> getHints() {
|
||||
return Lists.newArrayList("Type in your name and press 'go'",
|
||||
"Turn on Show Parameters or other features",
|
||||
"Try to intercept the request with <a href='https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project' title='Link to ZAP'>OWASP ZAP</a>",
|
||||
"Press the Show Lesson Plan button to view a lesson summary",
|
||||
"Press the Show Solution button to view a lesson solution",
|
||||
"Use OWASP ZAP to intercept the request and see the type of HTTP command");
|
||||
return Lists.newArrayList();
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -58,7 +53,7 @@ public class HttpBasics extends NewLesson {
|
||||
|
||||
@Override
|
||||
public String getTitle() {
|
||||
return "HTTP Basics";
|
||||
return "http-basics.title";
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -1,6 +1,9 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import com.beust.jcommander.internal.Lists;
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentHints;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
@ -10,6 +13,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* *************************************************************************************************
|
||||
@ -44,15 +48,16 @@ import java.io.IOException;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/HttpBasics/attack1")
|
||||
@AssignmentPath("/HttpBasics/attack1")
|
||||
@AssignmentHints({"http-basics.hints.http_basics_lesson.1"})
|
||||
public class HttpBasicsLesson extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public @ResponseBody AttackResult completed(@RequestParam String person, HttpServletRequest request) throws IOException {
|
||||
public @ResponseBody AttackResult completed(@RequestParam String person) throws IOException {
|
||||
if (!person.toString().equals("")) {
|
||||
return trackProgress(AttackResult.success("The server has reversed your name: " + new StringBuffer(person).reverse().toString()));
|
||||
return trackProgress(AttackResult.success(getLabelProvider().get("http-basics.reversed", new StringBuffer(person).reverse().toString())));
|
||||
} else {
|
||||
return trackProgress(AttackResult.failed("You are close, try again"));
|
||||
return trackProgress(AttackResult.failed(getLabelProvider().get("http-basics.close")));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,9 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import com.beust.jcommander.internal.Lists;
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentHints;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
@ -10,6 +13,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* *************************************************************************************************
|
||||
@ -44,7 +48,8 @@ import java.io.IOException;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/HttpBasics/attack2")
|
||||
@AssignmentPath("/HttpBasics/attack2")
|
||||
@AssignmentHints({"http-basics.hints.http_basic_quiz.1", "http-basics.hints.http_basic_quiz.2"})
|
||||
public class HttpBasicsQuiz extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@ -54,12 +59,12 @@ public class HttpBasicsQuiz extends AssignmentEndpoint {
|
||||
} else {
|
||||
StringBuffer message = new StringBuffer();
|
||||
if (!"POST".equals(answer.toUpperCase())) {
|
||||
message.append("The HTTP Command is incorrect. ");
|
||||
message.append(getLabelProvider().get("http-basics.incorrect"));
|
||||
}
|
||||
if (!magic_answer.equals(magic_num)){
|
||||
message.append("The magic number is incorrect. ");
|
||||
message.append(getLabelProvider().get("http-basics.magic"));
|
||||
}
|
||||
return trackProgress(AttackResult.failed("You are close, try again. " + message.toString()));
|
||||
return trackProgress(AttackResult.failed(getLabelProvider().get("http-basics.close", message.toString())));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,2 +1,15 @@
|
||||
EnterYourName=Enter your Name
|
||||
Go!=Go!
|
||||
http-basics.EnterYourName=Enter your Name
|
||||
http-basics.Go!=Go!
|
||||
http-basics.title=HTTP Basics
|
||||
|
||||
|
||||
http-basics.hints.http_basics_lesson.1=Type in your name and press 'go'
|
||||
http-basics.hints.http_basic_quiz.1=Turn on Show Parameters or other features
|
||||
http-basics.hints.http_basic_quiz.2=Try to intercept the request with <a href='https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project' title='Link to ZAP'>OWASP ZAP</a>
|
||||
|
||||
|
||||
http-basics.reversed=The server has reversed your name: {0}
|
||||
|
||||
http-basics.close=You are close, try again: {0}
|
||||
http-basics.incorrect=the HTTP Command is incorrect.
|
||||
http-basics.magic=the magic number is incorrect.
|
||||
@ -0,0 +1,16 @@
|
||||
http-basics.EnterYourName=Voer je naam in
|
||||
http-basics.Go!=Go!
|
||||
http-basics.title=HTTP Basics
|
||||
|
||||
|
||||
|
||||
http-basics.hints.http_basics_lesson.1=Type je naam in en druk op 'Go'
|
||||
http-basics.hints.http_basic_quiz.1=Schakel 'Toon paramaters of andere eigenschappen' in
|
||||
http-basics.hints.http_basic_quiz.2=Probeer het verzoek te onderscheppen met <a href='https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project' title='Link to ZAP'>OWASP ZAP</a>
|
||||
|
||||
|
||||
http-basics.reversed=De server heeft je naam omgedraaid: {0}
|
||||
|
||||
http-basics.close=Je bent er bijna, probeer nog eens: {0}
|
||||
http-basics.incorrect=het HTTP commando is niet correct.
|
||||
http-basics.magic=het magische getal is niet correct.
|
||||
@ -44,7 +44,7 @@ public class IDOR extends NewLesson {
|
||||
|
||||
@Override
|
||||
public List<String> getHints() {
|
||||
return Lists.newArrayList("log in first");
|
||||
return Lists.newArrayList();
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -54,7 +54,7 @@ public class IDOR extends NewLesson {
|
||||
|
||||
@Override
|
||||
public String getTitle() {
|
||||
return "Insecure Direct Object References";
|
||||
return "idor.title";
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -62,6 +62,4 @@ public class IDOR extends NewLesson {
|
||||
return "IDOR";
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
@ -41,7 +42,7 @@ import java.io.IOException;
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@Path("IDOR/diff-attributes")
|
||||
@AssignmentPath("IDOR/diff-attributes")
|
||||
public class IDORDiffAttributes extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.UserSessionData;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@ -42,7 +43,7 @@ import java.util.Map;
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@Path("IDOR/profile/{userId}")
|
||||
@AssignmentPath("IDOR/profile/{userId}")
|
||||
public class IDOREditOtherProfiile extends AssignmentEndpoint {
|
||||
|
||||
@Autowired
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentHints;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
|
||||
import org.owasp.webgoat.session.UserSessionData;
|
||||
@ -42,29 +44,32 @@ import java.util.Map;
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@Path("/IDOR/login")
|
||||
@AssignmentPath("/IDOR/login")
|
||||
@AssignmentHints({"idor.hints.idor_login"})
|
||||
public class IDORLogin extends AssignmentEndpoint {
|
||||
|
||||
private Map<String,Map<String,String>> idorUserInfo = new HashMap<>();
|
||||
private Map<String, Map<String, String>> idorUserInfo = new HashMap<>();
|
||||
|
||||
public void initIDORInfo() {
|
||||
|
||||
idorUserInfo.put("tom",new HashMap<String,String>());
|
||||
idorUserInfo.get("tom").put("password","cat");
|
||||
idorUserInfo.get("tom").put("id","2342384");
|
||||
idorUserInfo.get("tom").put("color","yellow");
|
||||
idorUserInfo.get("tom").put("size","small");
|
||||
idorUserInfo.put("tom", new HashMap<String, String>());
|
||||
idorUserInfo.get("tom").put("password", "cat");
|
||||
idorUserInfo.get("tom").put("id", "2342384");
|
||||
idorUserInfo.get("tom").put("color", "yellow");
|
||||
idorUserInfo.get("tom").put("size", "small");
|
||||
|
||||
idorUserInfo.put("bill",new HashMap<String,String>());
|
||||
idorUserInfo.get("bill").put("password","buffalo");
|
||||
idorUserInfo.get("bill").put("id","2342388");
|
||||
idorUserInfo.get("bill").put("color","brown");
|
||||
idorUserInfo.get("bill").put("size","large");
|
||||
idorUserInfo.put("bill", new HashMap<String, String>());
|
||||
idorUserInfo.get("bill").put("password", "buffalo");
|
||||
idorUserInfo.get("bill").put("id", "2342388");
|
||||
idorUserInfo.get("bill").put("color", "brown");
|
||||
idorUserInfo.get("bill").put("size", "large");
|
||||
|
||||
}
|
||||
|
||||
@PostMapping
|
||||
public @ResponseBody AttackResult completed(@RequestParam String username, @RequestParam String password) {
|
||||
public
|
||||
@ResponseBody
|
||||
AttackResult completed(@RequestParam String username, @RequestParam String password) {
|
||||
initIDORInfo();
|
||||
UserSessionData userSessionData = getUserSessionData();
|
||||
|
||||
|
||||
@ -2,6 +2,7 @@ package org.owasp.webgoat.plugin;
|
||||
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.endpoints.Endpoint;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.UserSessionData;
|
||||
@ -49,7 +50,7 @@ import java.util.Map;
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@Path("IDOR/profile/{userId}")
|
||||
@AssignmentPath("IDOR/profile/{userId}")
|
||||
public class IDORViewOtherProfile extends AssignmentEndpoint{
|
||||
|
||||
@Autowired
|
||||
|
||||
@ -2,6 +2,7 @@ package org.owasp.webgoat.plugin;
|
||||
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.endpoints.Endpoint;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.UserSessionData;
|
||||
@ -46,7 +47,7 @@ import java.util.Map;
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@Path("IDOR/profile/alt-path")
|
||||
@AssignmentPath("IDOR/profile/alt-path")
|
||||
public class IDORViewOwnProfileAltUrl extends AssignmentEndpoint{
|
||||
|
||||
@Autowired
|
||||
|
||||
@ -2,6 +2,7 @@ package org.owasp.webgoat.plugin;
|
||||
|
||||
import com.google.common.collect.Lists;
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.UserSessionData;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@ -22,7 +23,7 @@ import java.util.Map;
|
||||
* Created by jason on 1/5/17.
|
||||
*/
|
||||
|
||||
@Path("/IDOR/viewprofile/{id}")
|
||||
@AssignmentPath("/IDOR/viewprofile/{id}")
|
||||
public class ViewOtherUserProfile extends AssignmentEndpoint {
|
||||
|
||||
private String color;
|
||||
|
||||
@ -0,0 +1,3 @@
|
||||
idor.title=Insecure Direct Object References
|
||||
|
||||
idor.hints.idor_login=Log in first
|
||||
@ -12,6 +12,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -51,7 +52,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/SqlInjection/attack5a")
|
||||
@AssignmentPath("/SqlInjection/attack5a")
|
||||
public class SqlInjectionLesson5a extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
|
||||
@ -13,6 +13,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -52,7 +53,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/SqlInjection/attack5b")
|
||||
@AssignmentPath("/SqlInjection/attack5b")
|
||||
public class SqlInjectionLesson5b extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
|
||||
@ -12,6 +12,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -51,7 +52,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/SqlInjection/attack6a")
|
||||
@AssignmentPath("/SqlInjection/attack6a")
|
||||
public class SqlInjectionLesson6a extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
|
||||
@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -50,7 +51,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/SqlInjection/attack6b")
|
||||
@AssignmentPath("/SqlInjection/attack6b")
|
||||
public class SqlInjectionLesson6b extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
|
||||
@ -3,6 +3,7 @@ package org.owasp.webgoat.plugin;
|
||||
import com.google.common.base.Joiner;
|
||||
import org.apache.commons.lang.exception.ExceptionUtils;
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
@ -47,7 +48,7 @@ import static org.owasp.webgoat.plugin.SimpleXXE.parseXml;
|
||||
* @version $Id: $Id
|
||||
* @since November 18, 2016
|
||||
*/
|
||||
@Path("XXE/blind")
|
||||
@AssignmentPath("XXE/blind")
|
||||
public class BlindSendFileAssignment extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.ALL_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
|
||||
@ -2,6 +2,7 @@ package org.owasp.webgoat.plugin;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
@ -45,7 +46,7 @@ import static org.owasp.webgoat.plugin.SimpleXXE.parseXml;
|
||||
* @version $Id: $Id
|
||||
* @since November 17, 2016
|
||||
*/
|
||||
@Path("XXE/content-type")
|
||||
@AssignmentPath("XXE/content-type")
|
||||
public class ContentTypeAssignment extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.ALL_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
|
||||
@ -2,6 +2,7 @@ package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.apache.commons.exec.OS;
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
@ -45,7 +46,7 @@ import java.io.StringReader;
|
||||
* @version $Id: $Id
|
||||
* @since November 17, 2016
|
||||
*/
|
||||
@Path("XXE/simple")
|
||||
@AssignmentPath("XXE/simple")
|
||||
public class SimpleXXE extends AssignmentEndpoint {
|
||||
|
||||
private final static String[] DEFAULT_LINUX_DIRECTORIES = {"usr", "opt", "var"};
|
||||
|
||||
Reference in New Issue
Block a user