Hints per lesson (#314)
Squashing and merging ... * Each assigment should have the options to have its own set of hints #278 * Updating lessons due to changes from #278 * Enable i18n client side #312 * IDOR move hints to assignment and enable i18n #312
This commit is contained in:
Nanne Baars
misfir3
@ -44,7 +44,7 @@ public class IDOR extends NewLesson {
|
||||
|
||||
@Override
|
||||
public List<String> getHints() {
|
||||
return Lists.newArrayList("log in first");
|
||||
return Lists.newArrayList();
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -54,7 +54,7 @@ public class IDOR extends NewLesson {
|
||||
|
||||
@Override
|
||||
public String getTitle() {
|
||||
return "Insecure Direct Object References";
|
||||
return "idor.title";
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -62,6 +62,4 @@ public class IDOR extends NewLesson {
|
||||
return "IDOR";
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
@ -41,7 +42,7 @@ import java.io.IOException;
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@Path("IDOR/diff-attributes")
|
||||
@AssignmentPath("IDOR/diff-attributes")
|
||||
public class IDORDiffAttributes extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.UserSessionData;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@ -42,7 +43,7 @@ import java.util.Map;
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@Path("IDOR/profile/{userId}")
|
||||
@AssignmentPath("IDOR/profile/{userId}")
|
||||
public class IDOREditOtherProfiile extends AssignmentEndpoint {
|
||||
|
||||
@Autowired
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentHints;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
|
||||
import org.owasp.webgoat.session.UserSessionData;
|
||||
@ -42,29 +44,32 @@ import java.util.Map;
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@Path("/IDOR/login")
|
||||
@AssignmentPath("/IDOR/login")
|
||||
@AssignmentHints({"idor.hints.idor_login"})
|
||||
public class IDORLogin extends AssignmentEndpoint {
|
||||
|
||||
private Map<String,Map<String,String>> idorUserInfo = new HashMap<>();
|
||||
private Map<String, Map<String, String>> idorUserInfo = new HashMap<>();
|
||||
|
||||
public void initIDORInfo() {
|
||||
|
||||
idorUserInfo.put("tom",new HashMap<String,String>());
|
||||
idorUserInfo.get("tom").put("password","cat");
|
||||
idorUserInfo.get("tom").put("id","2342384");
|
||||
idorUserInfo.get("tom").put("color","yellow");
|
||||
idorUserInfo.get("tom").put("size","small");
|
||||
idorUserInfo.put("tom", new HashMap<String, String>());
|
||||
idorUserInfo.get("tom").put("password", "cat");
|
||||
idorUserInfo.get("tom").put("id", "2342384");
|
||||
idorUserInfo.get("tom").put("color", "yellow");
|
||||
idorUserInfo.get("tom").put("size", "small");
|
||||
|
||||
idorUserInfo.put("bill",new HashMap<String,String>());
|
||||
idorUserInfo.get("bill").put("password","buffalo");
|
||||
idorUserInfo.get("bill").put("id","2342388");
|
||||
idorUserInfo.get("bill").put("color","brown");
|
||||
idorUserInfo.get("bill").put("size","large");
|
||||
idorUserInfo.put("bill", new HashMap<String, String>());
|
||||
idorUserInfo.get("bill").put("password", "buffalo");
|
||||
idorUserInfo.get("bill").put("id", "2342388");
|
||||
idorUserInfo.get("bill").put("color", "brown");
|
||||
idorUserInfo.get("bill").put("size", "large");
|
||||
|
||||
}
|
||||
|
||||
@PostMapping
|
||||
public @ResponseBody AttackResult completed(@RequestParam String username, @RequestParam String password) {
|
||||
public
|
||||
@ResponseBody
|
||||
AttackResult completed(@RequestParam String username, @RequestParam String password) {
|
||||
initIDORInfo();
|
||||
UserSessionData userSessionData = getUserSessionData();
|
||||
|
||||
|
||||
@ -2,6 +2,7 @@ package org.owasp.webgoat.plugin;
|
||||
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.endpoints.Endpoint;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.UserSessionData;
|
||||
@ -49,7 +50,7 @@ import java.util.Map;
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@Path("IDOR/profile/{userId}")
|
||||
@AssignmentPath("IDOR/profile/{userId}")
|
||||
public class IDORViewOtherProfile extends AssignmentEndpoint{
|
||||
|
||||
@Autowired
|
||||
|
||||
@ -2,6 +2,7 @@ package org.owasp.webgoat.plugin;
|
||||
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.endpoints.Endpoint;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.UserSessionData;
|
||||
@ -46,7 +47,7 @@ import java.util.Map;
|
||||
* @since January 3, 2017
|
||||
*/
|
||||
|
||||
@Path("IDOR/profile/alt-path")
|
||||
@AssignmentPath("IDOR/profile/alt-path")
|
||||
public class IDORViewOwnProfileAltUrl extends AssignmentEndpoint{
|
||||
|
||||
@Autowired
|
||||
|
||||
@ -2,6 +2,7 @@ package org.owasp.webgoat.plugin;
|
||||
|
||||
import com.google.common.collect.Lists;
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.session.UserSessionData;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@ -22,7 +23,7 @@ import java.util.Map;
|
||||
* Created by jason on 1/5/17.
|
||||
*/
|
||||
|
||||
@Path("/IDOR/viewprofile/{id}")
|
||||
@AssignmentPath("/IDOR/viewprofile/{id}")
|
||||
public class ViewOtherUserProfile extends AssignmentEndpoint {
|
||||
|
||||
private String color;
|
||||
|
||||
@ -0,0 +1,3 @@
|
||||
idor.title=Insecure Direct Object References
|
||||
|
||||
idor.hints.idor_login=Log in first
|
||||
Reference in New Issue
Block a user