Hints per lesson (#314)

Squashing and merging ... * Each assigment should have the options to have its own set of hints #278 * Updating lessons due to changes from #278 * Enable i18n client side #312 * IDOR move hints to assignment and enable i18n #312
2017-01-24 15:34:06 +01:00
parent 6d727b98e3
commit 0779f7a3d0
56 changed files with 488 additions and 367 deletions
--- a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/plugin/HttpBasics.java
+++ b/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/plugin/HttpBasics.java
@ -43,12 +43,7 @@ public class HttpBasics extends NewLesson {

    @Override
    public List<String> getHints() {
-        return Lists.newArrayList("Type in your name and press 'go'",
-                "Turn on Show Parameters or other features",
-                "Try to intercept the request with <a href='https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project' title='Link to ZAP'>OWASP ZAP</a>",
-                "Press the Show Lesson Plan button to view a lesson summary",
-                "Press the Show Solution button to view a lesson solution",
-                "Use OWASP ZAP to intercept the request and see the type of HTTP command");
+        return Lists.newArrayList();
    }

    @Override
@ -58,7 +53,7 @@ public class HttpBasics extends NewLesson {

    @Override
    public String getTitle() {
-        return "HTTP Basics";
+        return "http-basics.title";
    }

    @Override
--- a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/plugin/HttpBasicsLesson.java
+++ b/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/plugin/HttpBasicsLesson.java
@ -1,6 +1,9 @@
 package org.owasp.webgoat.plugin;

+import com.beust.jcommander.internal.Lists;
 import org.owasp.webgoat.endpoints.AssignmentEndpoint;
+import org.owasp.webgoat.endpoints.AssignmentHints;
+import org.owasp.webgoat.endpoints.AssignmentPath;
 import org.owasp.webgoat.lessons.AttackResult;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@ -10,6 +13,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Path;
 import java.io.IOException;
+import java.util.List;

 /**
 * *************************************************************************************************
@ -44,15 +48,16 @@ import java.io.IOException;
 * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created October 28, 2003
 */
-@Path("/HttpBasics/attack1")
+@AssignmentPath("/HttpBasics/attack1")
+@AssignmentHints({"http-basics.hints.http_basics_lesson.1"})
 public class HttpBasicsLesson extends AssignmentEndpoint {

 	@RequestMapping(method = RequestMethod.POST)
-	public @ResponseBody AttackResult completed(@RequestParam String person, HttpServletRequest request) throws IOException {
+	public @ResponseBody AttackResult completed(@RequestParam String person) throws IOException {
 	    if (!person.toString().equals("")) {
-	        return trackProgress(AttackResult.success("The server has reversed your name: " + new StringBuffer(person).reverse().toString()));
+	        return trackProgress(AttackResult.success(getLabelProvider().get("http-basics.reversed", new StringBuffer(person).reverse().toString())));
 	    } else {
-	        return trackProgress(AttackResult.failed("You are close, try again"));
+	        return trackProgress(AttackResult.failed(getLabelProvider().get("http-basics.close")));
 	    }
 	}
 }
--- a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/plugin/HttpBasicsQuiz.java
+++ b/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/plugin/HttpBasicsQuiz.java
@ -1,6 +1,9 @@
 package org.owasp.webgoat.plugin;

+import com.beust.jcommander.internal.Lists;
 import org.owasp.webgoat.endpoints.AssignmentEndpoint;
+import org.owasp.webgoat.endpoints.AssignmentHints;
+import org.owasp.webgoat.endpoints.AssignmentPath;
 import org.owasp.webgoat.lessons.AttackResult;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@ -10,6 +13,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Path;
 import java.io.IOException;
+import java.util.List;

 /**
 * *************************************************************************************************
@ -44,7 +48,8 @@ import java.io.IOException;
 * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created October 28, 2003
 */
-@Path("/HttpBasics/attack2")
+@AssignmentPath("/HttpBasics/attack2")
+@AssignmentHints({"http-basics.hints.http_basic_quiz.1", "http-basics.hints.http_basic_quiz.2"})
 public class HttpBasicsQuiz extends AssignmentEndpoint {

 	@RequestMapping(method = RequestMethod.POST)
@ -54,12 +59,12 @@ public class HttpBasicsQuiz extends AssignmentEndpoint {
 	    } else {
 	    	StringBuffer message = new StringBuffer();
 	    	if (!"POST".equals(answer.toUpperCase())) {
-	    		message.append("The HTTP Command is incorrect.  ");
+	    		message.append(getLabelProvider().get("http-basics.incorrect"));
 			}
 	    	if (!magic_answer.equals(magic_num)){
-	    		message.append("The magic number is incorrect.  ");
+	    		message.append(getLabelProvider().get("http-basics.magic"));
 	    	}
-	        return trackProgress(AttackResult.failed("You are close, try again.  " + message.toString()));
+	        return trackProgress(AttackResult.failed(getLabelProvider().get("http-basics.close", message.toString())));
 	    }
 	}
 }
--- a/webgoat-lessons/http-basics/src/main/resources/plugin/i18n/WebGoatLabels.properties
+++ b/webgoat-lessons/http-basics/src/main/resources/plugin/i18n/WebGoatLabels.properties
@ -1,2 +1,15 @@
-EnterYourName=Enter your Name
-Go!=Go!
+http-basics.EnterYourName=Enter your Name
+http-basics.Go!=Go!
+http-basics.title=HTTP Basics
+
+
+http-basics.hints.http_basics_lesson.1=Type in your name and press 'go'
+http-basics.hints.http_basic_quiz.1=Turn on Show Parameters or other features
+http-basics.hints.http_basic_quiz.2=Try to intercept the request with <a href='https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project' title='Link to ZAP'>OWASP ZAP</a>
+
+
+http-basics.reversed=The server has reversed your name: {0}
+
+http-basics.close=You are close, try again: {0}
+http-basics.incorrect=the HTTP Command is incorrect.
+http-basics.magic=the magic number is incorrect.
--- a/webgoat-lessons/http-basics/src/main/resources/plugin/i18n/WebGoatLabels_nl.properties
+++ b/webgoat-lessons/http-basics/src/main/resources/plugin/i18n/WebGoatLabels_nl.properties
@ -0,0 +1,16 @@
+http-basics.EnterYourName=Voer je naam in
+http-basics.Go!=Go!
+http-basics.title=HTTP Basics
+
+
+
+http-basics.hints.http_basics_lesson.1=Type je naam in en druk op 'Go'
+http-basics.hints.http_basic_quiz.1=Schakel 'Toon paramaters of andere eigenschappen' in
+http-basics.hints.http_basic_quiz.2=Probeer het verzoek te onderscheppen met <a href='https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project' title='Link to ZAP'>OWASP ZAP</a>
+
+
+http-basics.reversed=De server heeft je naam omgedraaid: {0}
+
+http-basics.close=Je bent er bijna, probeer nog eens: {0}
+http-basics.incorrect=het HTTP commando is niet correct.
+http-basics.magic=het magische getal is niet correct.