Moving forward cleaning up some unnecessary lesson super classes which we

do not need to support anymore in 8.0:

- Introduced DI thoughout the code base
- Removed most superclasses of a lesson
- Hammerhead is now simplified to only one line of code
- Cleaned up WebSession
- Removed code which dealt with user roles, lesson fetching, username etc
- LessonTracker improvements
- Removed almost all code from the Screen class
- Removed ECS from the container project
- Removed adminstration pages, contained a lot of ECS codes which is much
  simpler to just rewrite when necessary
This commit is contained in:
Nanne Baars
2016-10-31 17:32:34 +01:00
parent 8c231bbd6d
commit 0bec575913
125 changed files with 764 additions and 13515 deletions

View File

@ -1,6 +1,6 @@
package org.owasp.webgoat.plugin;
import org.owasp.webgoat.lessons.LessonEndpoint;
import org.owasp.webgoat.lessons.AssignmentEndpoint;
import org.owasp.webgoat.lessons.LessonEndpointMapping;
import org.owasp.webgoat.lessons.model.AttackResult;
import org.springframework.web.bind.annotation.RequestMapping;
@ -40,7 +40,7 @@ import java.io.IOException;
* @since August 11, 2016
*/
@LessonEndpointMapping
public class Attack extends LessonEndpoint {
public class Attack extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)
public @ResponseBody AttackResult completed(@RequestParam String answer) throws IOException {

View File

@ -3,7 +3,6 @@ package org.owasp.webgoat.plugin;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.session.WebSession;
import java.util.List;
@ -44,7 +43,7 @@ public class ClientSideFiltering extends NewLesson {
}
@Override
public List<String> getHints(WebSession webSession) {
public List<String> getHints() {
return Lists.newArrayList("Many sites attempt to restrict access to resources by role.",
"Developers frequently make mistakes implementing this scheme.",
"Attempt combinations of users, roles, and resources.");

View File

@ -7,7 +7,7 @@ package org.owasp.webgoat.plugin;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.lessons.LessonEndpoint;
import org.owasp.webgoat.lessons.AssignmentEndpoint;
import org.owasp.webgoat.lessons.LessonEndpointMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@ -27,7 +27,7 @@ import java.io.FileInputStream;
import java.io.IOException;
@LessonEndpointMapping
public class Salaries extends LessonEndpoint {
public class Salaries extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.GET)
public void invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

View File

@ -3,7 +3,6 @@ package org.owasp.webgoat.plugin;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.session.WebSession;
import java.util.List;
@ -43,7 +42,7 @@ public class HttpBasics extends NewLesson {
}
@Override
public List<String> getHints(WebSession webSession) {
public List<String> getHints() {
return Lists.newArrayList("Type in your name and press 'go'",
"Turn on Show Parameters or other features",
"Try to intercept the request with <a href='https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project' title='Link to ZAP'>OWASP ZAP</a>",

View File

@ -1,6 +1,6 @@
package org.owasp.webgoat.plugin;
import org.owasp.webgoat.lessons.LessonEndpoint;
import org.owasp.webgoat.lessons.AssignmentEndpoint;
import org.owasp.webgoat.lessons.LessonEndpointMapping;
import org.owasp.webgoat.lessons.model.AttackResult;
import org.springframework.web.bind.annotation.RequestMapping;
@ -46,14 +46,14 @@ import java.io.IOException;
*/
@LessonEndpointMapping
public class HttpBasicsLesson extends LessonEndpoint {
public class HttpBasicsLesson extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)
public @ResponseBody AttackResult completed(@RequestParam String person, HttpServletRequest request) throws IOException {
if (!person.toString().equals("")) {
return AttackResult.success("The server has reversed your name: " + new StringBuffer(person).reverse().toString());
return trackProgress(AttackResult.success("The server has reversed your name: " + new StringBuffer(person).reverse().toString()));
} else {
return AttackResult.failed("You are close, try again");
return trackProgress(AttackResult.failed("You are close, try again"));
}
}

View File

@ -4,7 +4,7 @@ import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import org.owasp.webgoat.lessons.LessonEndpoint;
import org.owasp.webgoat.lessons.AssignmentEndpoint;
import org.owasp.webgoat.lessons.LessonEndpointMapping;
import org.owasp.webgoat.lessons.model.AttackResult;
import org.springframework.web.bind.annotation.RequestMapping;
@ -47,7 +47,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
*/
@LessonEndpointMapping
public class HttpBasicsQuiz extends LessonEndpoint {
public class HttpBasicsQuiz extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)
public @ResponseBody AttackResult completed(@RequestParam String answer, @RequestParam String magic_answer, @RequestParam String magic_num, HttpServletRequest request) throws IOException {