Moving forward cleaning up some unnecessary lesson super classes which we
do not need to support anymore in 8.0: - Introduced DI thoughout the code base - Removed most superclasses of a lesson - Hammerhead is now simplified to only one line of code - Cleaned up WebSession - Removed code which dealt with user roles, lesson fetching, username etc - LessonTracker improvements - Removed almost all code from the Screen class - Removed ECS from the container project - Removed adminstration pages, contained a lot of ECS codes which is much simpler to just rewrite when necessary
This commit is contained in:
@ -1,6 +1,6 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.lessons.LessonEndpoint;
|
||||
import org.owasp.webgoat.lessons.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.lessons.LessonEndpointMapping;
|
||||
import org.owasp.webgoat.lessons.model.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -40,7 +40,7 @@ import java.io.IOException;
|
||||
* @since August 11, 2016
|
||||
*/
|
||||
@LessonEndpointMapping
|
||||
public class Attack extends LessonEndpoint {
|
||||
public class Attack extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public @ResponseBody AttackResult completed(@RequestParam String answer) throws IOException {
|
||||
|
@ -3,7 +3,6 @@ package org.owasp.webgoat.plugin;
|
||||
import com.google.common.collect.Lists;
|
||||
import org.owasp.webgoat.lessons.Category;
|
||||
import org.owasp.webgoat.lessons.NewLesson;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@ -44,7 +43,7 @@ public class ClientSideFiltering extends NewLesson {
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> getHints(WebSession webSession) {
|
||||
public List<String> getHints() {
|
||||
return Lists.newArrayList("Many sites attempt to restrict access to resources by role.",
|
||||
"Developers frequently make mistakes implementing this scheme.",
|
||||
"Attempt combinations of users, roles, and resources.");
|
||||
|
@ -7,7 +7,7 @@ package org.owasp.webgoat.plugin;
|
||||
import org.apache.ecs.html.TD;
|
||||
import org.apache.ecs.html.TR;
|
||||
import org.apache.ecs.html.Table;
|
||||
import org.owasp.webgoat.lessons.LessonEndpoint;
|
||||
import org.owasp.webgoat.lessons.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.lessons.LessonEndpointMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
@ -27,7 +27,7 @@ import java.io.FileInputStream;
|
||||
import java.io.IOException;
|
||||
|
||||
@LessonEndpointMapping
|
||||
public class Salaries extends LessonEndpoint {
|
||||
public class Salaries extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.GET)
|
||||
public void invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
|
||||
|
@ -3,7 +3,6 @@ package org.owasp.webgoat.plugin;
|
||||
import com.beust.jcommander.internal.Lists;
|
||||
import org.owasp.webgoat.lessons.Category;
|
||||
import org.owasp.webgoat.lessons.NewLesson;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@ -43,7 +42,7 @@ public class HttpBasics extends NewLesson {
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> getHints(WebSession webSession) {
|
||||
public List<String> getHints() {
|
||||
return Lists.newArrayList("Type in your name and press 'go'",
|
||||
"Turn on Show Parameters or other features",
|
||||
"Try to intercept the request with <a href='https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project' title='Link to ZAP'>OWASP ZAP</a>",
|
||||
|
@ -1,6 +1,6 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.lessons.LessonEndpoint;
|
||||
import org.owasp.webgoat.lessons.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.lessons.LessonEndpointMapping;
|
||||
import org.owasp.webgoat.lessons.model.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -46,14 +46,14 @@ import java.io.IOException;
|
||||
*/
|
||||
|
||||
@LessonEndpointMapping
|
||||
public class HttpBasicsLesson extends LessonEndpoint {
|
||||
public class HttpBasicsLesson extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public @ResponseBody AttackResult completed(@RequestParam String person, HttpServletRequest request) throws IOException {
|
||||
if (!person.toString().equals("")) {
|
||||
return AttackResult.success("The server has reversed your name: " + new StringBuffer(person).reverse().toString());
|
||||
return trackProgress(AttackResult.success("The server has reversed your name: " + new StringBuffer(person).reverse().toString()));
|
||||
} else {
|
||||
return AttackResult.failed("You are close, try again");
|
||||
return trackProgress(AttackResult.failed("You are close, try again"));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -4,7 +4,7 @@ import java.io.IOException;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.owasp.webgoat.lessons.LessonEndpoint;
|
||||
import org.owasp.webgoat.lessons.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.lessons.LessonEndpointMapping;
|
||||
import org.owasp.webgoat.lessons.model.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -47,7 +47,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
*/
|
||||
|
||||
@LessonEndpointMapping
|
||||
public class HttpBasicsQuiz extends LessonEndpoint {
|
||||
public class HttpBasicsQuiz extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public @ResponseBody AttackResult completed(@RequestParam String answer, @RequestParam String magic_answer, @RequestParam String magic_num, HttpServletRequest request) throws IOException {
|
||||
|
Reference in New Issue
Block a user