added cookies service
updated license info
This commit is contained in:
lawson89@gmail.com
@ -1,11 +1,35 @@
|
||||
/*
|
||||
* To change this license header, choose License Headers in Project Properties.
|
||||
* To change this template file, choose Tools | Templates
|
||||
* and open the template in the editor.
|
||||
/***************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
||||
* please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 2007 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
||||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
||||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with this program; if
|
||||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||
* 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at code.google.com, a repository for free software
|
||||
* projects.
|
||||
*
|
||||
* For details, please see http://code.google.com/p/webgoat/
|
||||
*/
|
||||
package org.owasp.webgoat.service;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.web.bind.annotation.ExceptionHandler;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -31,4 +55,14 @@ public abstract class BaseService {
|
||||
return response;
|
||||
}
|
||||
|
||||
public WebSession getWebSesion(HttpSession session) {
|
||||
WebSession ws;
|
||||
Object o = session.getAttribute(WebSession.SESSION);
|
||||
if (o == null || !(o instanceof WebSession)) {
|
||||
throw new IllegalArgumentException("No valid session object found, has session timed out?");
|
||||
}
|
||||
ws = (WebSession) o;
|
||||
return ws;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
65
java/org/owasp/webgoat/service/CookieService.java
Normal file
65
java/org/owasp/webgoat/service/CookieService.java
Normal file
@ -0,0 +1,65 @@
|
||||
/**
|
||||
* *************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project
|
||||
* utility. For details, please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 2007 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under
|
||||
* the terms of the GNU General Public License as published by the Free Software
|
||||
* Foundation; either version 2 of the License, or (at your option) any later
|
||||
* version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
* details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with
|
||||
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
|
||||
* Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at code.google.com, a repository
|
||||
* for free software projects.
|
||||
*
|
||||
* For details, please see http://code.google.com/p/webgoat/
|
||||
*/
|
||||
package org.owasp.webgoat.service;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||
import org.owasp.webgoat.lessons.model.Hint;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author rlawson
|
||||
*/
|
||||
@Controller
|
||||
public class CookieService extends BaseService {
|
||||
|
||||
/**
|
||||
* Returns hints for current lesson
|
||||
*
|
||||
* @param session
|
||||
* @return
|
||||
*/
|
||||
@RequestMapping(value = "/cookie.mvc", produces = "application/json")
|
||||
public @ResponseBody
|
||||
List<Cookie> showCookies(HttpSession session) {
|
||||
List<Hint> listHints = new ArrayList<Hint>();
|
||||
WebSession ws = getWebSesion(session);
|
||||
List<Cookie> cookies = ws.getCookiesOnLastRequest();
|
||||
return cookies;
|
||||
}
|
||||
}
|
||||
@ -1,7 +1,29 @@
|
||||
/*
|
||||
* To change this license header, choose License Headers in Project Properties.
|
||||
* To change this template file, choose Tools | Templates
|
||||
* and open the template in the editor.
|
||||
/***************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
||||
* please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 2007 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
||||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
||||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with this program; if
|
||||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||
* 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at code.google.com, a repository for free software
|
||||
* projects.
|
||||
*
|
||||
* For details, please see http://code.google.com/p/webgoat/
|
||||
*/
|
||||
package org.owasp.webgoat.service;
|
||||
|
||||
|
||||
@ -1,7 +1,29 @@
|
||||
/*
|
||||
* To change this license header, choose License Headers in Project Properties.
|
||||
* To change this template file, choose Tools | Templates
|
||||
* and open the template in the editor.
|
||||
/***************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
||||
* please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 2007 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
||||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
||||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with this program; if
|
||||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||
* 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at code.google.com, a repository for free software
|
||||
* projects.
|
||||
*
|
||||
* For details, please see http://code.google.com/p/webgoat/
|
||||
*/
|
||||
package org.owasp.webgoat.service;
|
||||
|
||||
|
||||
@ -32,12 +32,7 @@ public class HintService extends BaseService {
|
||||
public @ResponseBody
|
||||
List<Hint> showHint(HttpSession session) {
|
||||
List<Hint> listHints = new ArrayList<Hint>();
|
||||
WebSession ws;
|
||||
Object o = session.getAttribute(WebSession.SESSION);
|
||||
if (o == null || !(o instanceof WebSession)) {
|
||||
throw new IllegalArgumentException("No valid session object found, has session timed out?");
|
||||
}
|
||||
ws = (WebSession) o;
|
||||
WebSession ws = getWebSesion(session);
|
||||
AbstractLesson l = ws.getCurrentLesson();
|
||||
if (l == null) {
|
||||
return listHints;
|
||||
|
||||
@ -1,7 +1,29 @@
|
||||
/*
|
||||
* To change this license header, choose License Headers in Project Properties.
|
||||
* To change this template file, choose Tools | Templates
|
||||
* and open the template in the editor.
|
||||
/***************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
||||
* please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 2007 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
||||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
||||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with this program; if
|
||||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||
* 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at code.google.com, a repository for free software
|
||||
* projects.
|
||||
*
|
||||
* For details, please see http://code.google.com/p/webgoat/
|
||||
*/
|
||||
package org.owasp.webgoat.service;
|
||||
|
||||
@ -36,13 +58,7 @@ public class LessonMenuService extends BaseService {
|
||||
public @ResponseBody
|
||||
List<LessonMenuItem> showLeftNav(HttpSession session) {
|
||||
List<LessonMenuItem> menu = new ArrayList<LessonMenuItem>();
|
||||
WebSession ws;
|
||||
Object o = session.getAttribute(WebSession.SESSION);
|
||||
if (o == null || !(o instanceof WebSession)) {
|
||||
throw new IllegalArgumentException("No valid session object found, has session timed out?");
|
||||
}
|
||||
ws = (WebSession) o;
|
||||
AbstractLesson l = ws.getCurrentLesson();
|
||||
WebSession ws = getWebSesion(session);
|
||||
// Get the categories, these are the main menu items
|
||||
Course course = ((Course) session.getAttribute("course"));
|
||||
List<Category> categories = course.getCategories();
|
||||
|
||||
Reference in New Issue
Block a user