dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added cookies service

Browse Source 
updated license info
This commit is contained in:
lawson89@gmail.com 2014-08-09 20:39:38 -04:00
parent 1430be8686
commit 16803b1130
12 changed files with 320 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
java/org/owasp/webgoat/HammerHead.java
View File

@ -207,8 +207,8 @@ public class HammerHead extends HttpServlet {
session.setAttribute(WELCOMED, "true");
page = "/webgoat.jsp";
} else {
//page = "/main.jsp";
page = "/lesson_content.jsp";
page = "/main.jsp";
//page = "/lesson_content.jsp";
}
return page;
@ -400,6 +400,9 @@ public class HammerHead extends HttpServlet {
}
session.update(request, response, this.getServletName());
// update last attack request info (cookies, parms)
// this is so the REST services can have access to them via the session
session.updateLastAttackRequestInfo(request);
// to authenticate
// System.out.println( "HH Leaving Session_id: " + hs.getId() );

30
java/org/owasp/webgoat/lessons/model/Hint.java
View File

@ -1,7 +1,29 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
package org.owasp.webgoat.lessons.model;

27
java/org/owasp/webgoat/lessons/model/HttpBasicsModel.java
View File

@ -1,3 +1,30 @@
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
package org.owasp.webgoat.lessons.model;
/**

30
java/org/owasp/webgoat/lessons/model/LessonMenuItem.java
View File

@ -1,7 +1,29 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
package org.owasp.webgoat.lessons.model;

30
java/org/owasp/webgoat/lessons/model/LessonMenuItemType.java
View File

@ -1,7 +1,29 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
package org.owasp.webgoat.lessons.model;

42
java/org/owasp/webgoat/service/BaseService.java
View File

@ -1,11 +1,35 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
package org.owasp.webgoat.service;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.owasp.webgoat.session.WebSession;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;
@ -31,4 +55,14 @@ public abstract class BaseService {
return response;
}
public WebSession getWebSesion(HttpSession session) {
WebSession ws;
Object o = session.getAttribute(WebSession.SESSION);
if (o == null || !(o instanceof WebSession)) {
throw new IllegalArgumentException("No valid session object found, has session timed out?");
}
ws = (WebSession) o;
return ws;
}
}

65
java/org/owasp/webgoat/service/CookieService.java Normal file
View File

@ -0,0 +1,65 @@
/**
* *************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository
* for free software projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
package org.owasp.webgoat.service;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpSession;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.model.Hint;
import org.owasp.webgoat.session.WebSession;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
/**
*
* @author rlawson
*/
@Controller
public class CookieService extends BaseService {
/**
* Returns hints for current lesson
*
* @param session
* @return
*/
@RequestMapping(value = "/cookie.mvc", produces = "application/json")
public @ResponseBody
List<Cookie> showCookies(HttpSession session) {
List<Hint> listHints = new ArrayList<Hint>();
WebSession ws = getWebSesion(session);
List<Cookie> cookies = ws.getCookiesOnLastRequest();
return cookies;
}
}

30
java/org/owasp/webgoat/service/DummyService.java
View File

@ -1,7 +1,29 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
package org.owasp.webgoat.service;

30
java/org/owasp/webgoat/service/ExceptionInfo.java
View File

@ -1,7 +1,29 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
package org.owasp.webgoat.service;

7
java/org/owasp/webgoat/service/HintService.java
View File

@ -32,12 +32,7 @@ public class HintService extends BaseService {
public @ResponseBody
List<Hint> showHint(HttpSession session) {
List<Hint> listHints = new ArrayList<Hint>();
WebSession ws;
Object o = session.getAttribute(WebSession.SESSION);
if (o == null || !(o instanceof WebSession)) {
throw new IllegalArgumentException("No valid session object found, has session timed out?");
}
ws = (WebSession) o;
WebSession ws = getWebSesion(session);
AbstractLesson l = ws.getCurrentLesson();
if (l == null) {
return listHints;

38
java/org/owasp/webgoat/service/LessonMenuService.java
View File

@ -1,7 +1,29 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
package org.owasp.webgoat.service;
@ -36,13 +58,7 @@ public class LessonMenuService extends BaseService {
public @ResponseBody
List<LessonMenuItem> showLeftNav(HttpSession session) {
List<LessonMenuItem> menu = new ArrayList<LessonMenuItem>();
WebSession ws;
Object o = session.getAttribute(WebSession.SESSION);
if (o == null || !(o instanceof WebSession)) {
throw new IllegalArgumentException("No valid session object found, has session timed out?");
}
ws = (WebSession) o;
AbstractLesson l = ws.getCurrentLesson();
WebSession ws = getWebSesion(session);
// Get the categories, these are the main menu items
Course course = ((Course) session.getAttribute("course"));
List<Category> categories = course.getCategories();

27
java/org/owasp/webgoat/session/WebSession.java
View File

@ -205,6 +205,8 @@ public class WebSession {
private String currentLanguage = null;
private List<Cookie> cookiesOnLastRequest;
/**
* Constructor for the WebSession object
*
@ -894,6 +896,17 @@ public class WebSession {
}
}
public void updateLastAttackRequestInfo(HttpServletRequest request) {
// store cookies
Cookie[] cookies = request.getCookies();
if (cookies == null) {
this.cookiesOnLastRequest = new ArrayList<Cookie>();
} else {
this.cookiesOnLastRequest = Arrays.asList(cookies);
}
}
private void restartLesson(int lessonId) {
AbstractLesson al = getLesson(lessonId);
System.out.println("Restarting lesson: " + al);
@ -982,4 +995,18 @@ public class WebSession {
return currentLanguage;
}
/**
* @return the cookiesOnLastRequest
*/
public List<Cookie> getCookiesOnLastRequest() {
return cookiesOnLastRequest;
}
/**
* @param cookiesOnLastRequest the cookiesOnLastRequest to set
*/
public void setCookiesOnLastRequest(List<Cookie> cookiesOnLastRequest) {
this.cookiesOnLastRequest = cookiesOnLastRequest;
}
}