dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

joda time refactored some dep fix (#1292)

Browse Source
This commit is contained in:
René Zubcevic 2022-07-14 09:11:06 +02:00 committed by GitHub
parent b47568ed69
commit 16af4272a5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 48 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pom.xml
View File

@ -149,6 +149,13 @@
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.ow2.asm</groupId>
<artifactId>asm</artifactId>
<version>9.1</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-exec</artifactId>
@ -230,6 +237,16 @@
<artifactId>webdrivermanager</artifactId>
<version>${webdriver.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId>
<version>1.21</version>
</dependency>
<dependency>
<groupId>org.jruby</groupId>
<artifactId>jruby</artifactId>
<version>9.3.6.0</version>
</dependency>
</dependencies>
</dependencyManagement>
@ -632,6 +649,14 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>17</source>
<target>17</target>
</configuration>
</plugin>
</plugins>
</build>

17
src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java
View File

@ -23,9 +23,6 @@
package org.owasp.webgoat.lessons.csrf;
import com.google.common.collect.Lists;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;
import org.joda.time.format.DateTimeFormatter;
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
import org.owasp.webgoat.container.assignments.AssignmentHints;
import org.owasp.webgoat.container.assignments.AttackResult;
@ -38,6 +35,8 @@ import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
@ -52,7 +51,7 @@ public class ForgedReviews extends AssignmentEndpoint {
@Autowired
private WebSession webSession;
private static DateTimeFormatter fmt = DateTimeFormat.forPattern("yyyy-MM-dd, HH:mm:ss");
private static DateTimeFormatter fmt = DateTimeFormatter.ofPattern("yyyy-MM-dd, HH:mm:ss");
private static final Map<String, List<Review>> userReviews = new HashMap<>();
private static final List<Review> REVIEWS = new ArrayList<>();
@ -60,10 +59,10 @@ public class ForgedReviews extends AssignmentEndpoint {
static {
REVIEWS.add(new Review("secUriTy", DateTime.now().toString(fmt), "This is like swiss cheese", 0));
REVIEWS.add(new Review("webgoat", DateTime.now().toString(fmt), "It works, sorta", 2));
REVIEWS.add(new Review("guest", DateTime.now().toString(fmt), "Best, App, Ever", 5));
REVIEWS.add(new Review("guest", DateTime.now().toString(fmt), "This app is so insecure, I didn't even post this review, can you pull that off too?", 1));
REVIEWS.add(new Review("secUriTy", LocalDateTime.now().format(fmt), "This is like swiss cheese", 0));
REVIEWS.add(new Review("webgoat", LocalDateTime.now().format(fmt), "It works, sorta", 2));
REVIEWS.add(new Review("guest", LocalDateTime.now().format(fmt), "Best, App, Ever", 5));
REVIEWS.add(new Review("guest", LocalDateTime.now().format(fmt), "This app is so insecure, I didn't even post this review, can you pull that off too?", 1));
}
@GetMapping(path = "/csrf/review", produces = MediaType.APPLICATION_JSON_VALUE, consumes = ALL_VALUE)
@ -89,7 +88,7 @@ public class ForgedReviews extends AssignmentEndpoint {
Review review = new Review();
review.setText(reviewText);
review.setDateTime(DateTime.now().toString(fmt));
review.setDateTime(LocalDateTime.now().format(fmt));
review.setUser(webSession.getUserName());
review.setStars(stars);
var reviews = userReviews.getOrDefault(webSession.getUserName(), new ArrayList<>());

17
src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java
View File

@ -24,9 +24,6 @@ package org.owasp.webgoat.lessons.xss.stored;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.Lists;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;
import org.joda.time.format.DateTimeFormatter;
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
import org.owasp.webgoat.container.assignments.AttackResult;
import org.owasp.webgoat.container.session.WebSession;
@ -40,6 +37,8 @@ import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import java.io.IOException;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@ -55,7 +54,7 @@ public class StoredXssComments extends AssignmentEndpoint {
@Autowired
private WebSession webSession;
private static DateTimeFormatter fmt = DateTimeFormat.forPattern("yyyy-MM-dd, HH:mm:ss");
private static DateTimeFormatter fmt = DateTimeFormatter.ofPattern("yyyy-MM-dd, HH:mm:ss");
private static final Map<String, List<Comment>> userComments = new HashMap<>();
private static final List<Comment> comments = new ArrayList<>();
@ -63,10 +62,10 @@ public class StoredXssComments extends AssignmentEndpoint {
static {
comments.add(new Comment("secUriTy", DateTime.now().toString(fmt), "<script>console.warn('unit test me')</script>Comment for Unit Testing"));
comments.add(new Comment("webgoat", DateTime.now().toString(fmt), "This comment is safe"));
comments.add(new Comment("guest", DateTime.now().toString(fmt), "This one is safe too."));
comments.add(new Comment("guest", DateTime.now().toString(fmt), "Can you post a comment, calling webgoat.customjs.phoneHome() ?"));
comments.add(new Comment("secUriTy", LocalDateTime.now().format(fmt), "<script>console.warn('unit test me')</script>Comment for Unit Testing"));
comments.add(new Comment("webgoat", LocalDateTime.now().format(fmt), "This comment is safe"));
comments.add(new Comment("guest", LocalDateTime.now().format(fmt), "This one is safe too."));
comments.add(new Comment("guest", LocalDateTime.now().format(fmt), "Can you post a comment, calling webgoat.customjs.phoneHome() ?"));
}
//TODO This assignment seems not to be in use in the UI
@ -90,7 +89,7 @@ public class StoredXssComments extends AssignmentEndpoint {
Comment comment = parseJson(commentStr);
List<Comment> comments = userComments.getOrDefault(webSession.getUserName(), new ArrayList<>());
comment.setDateTime(DateTime.now().toString(fmt));
comment.setDateTime(LocalDateTime.now().format(fmt));
comment.setUser(webSession.getUserName());
comments.add(comment);

15
src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java
View File

@ -23,9 +23,6 @@
package org.owasp.webgoat.lessons.xxe;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat;
import org.joda.time.format.DateTimeFormatter;
import org.owasp.webgoat.container.session.WebSession;
import org.owasp.webgoat.container.users.WebGoatUser;
import org.springframework.context.annotation.Scope;
@ -38,6 +35,8 @@ import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import java.io.IOException;
import java.io.StringReader;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashMap;
@ -59,7 +58,7 @@ public class CommentsCache {
private static final Comments comments = new Comments();
private static final Map<WebGoatUser, Comments> userComments = new HashMap<>();
private static final DateTimeFormatter fmt = DateTimeFormat.forPattern("yyyy-MM-dd, HH:mm:ss");
private static final DateTimeFormatter fmt = DateTimeFormatter.ofPattern("yyyy-MM-dd, HH:mm:ss");
private final WebSession webSession;
@ -69,9 +68,9 @@ public class CommentsCache {
}
void initDefaultComments() {
comments.add(new Comment("webgoat", DateTime.now().toString(fmt), "Silly cat...."));
comments.add(new Comment("guest", DateTime.now().toString(fmt), "I think I will use this picture in one of my projects."));
comments.add(new Comment("guest", DateTime.now().toString(fmt), "Lol!! :-)."));
comments.add(new Comment("webgoat", LocalDateTime.now().format(fmt), "Silly cat...."));
comments.add(new Comment("guest", LocalDateTime.now().format(fmt), "I think I will use this picture in one of my projects."));
comments.add(new Comment("guest", LocalDateTime.now().format(fmt), "Lol!! :-)."));
}
protected Comments getComments() {
@ -116,7 +115,7 @@ public class CommentsCache {
}
public void addComment(Comment comment, boolean visibleForAllUsers) {
comment.setDateTime(DateTime.now().toString(fmt));
comment.setDateTime(LocalDateTime.now().format(fmt));
comment.setUser(webSession.getUserName());
if (visibleForAllUsers) {
comments.add(comment);