Code style (#696)

* Remove Guava dependency from WebGoat * Add Checkstyle to the project with very basic standards so we have a style across lessons. It does not interfere with basic Intellij formatting
2019-11-03 18:11:09 +01:00
parent 66bd1d8c1a
commit 1a83e2825e
94 changed files with 829 additions and 828 deletions
--- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson3.java
+++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson3.java
@ -22,13 +22,14 @@

 package org.owasp.webgoat.xss;

-
 import org.jsoup.Jsoup;
 import org.jsoup.nodes.Document;
 import org.owasp.webgoat.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.assignments.AssignmentHints;
 import org.owasp.webgoat.assignments.AttackResult;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;

 //@RestController
@Deprecated
@ -48,8 +49,8 @@ public class CrossSiteScriptingLesson3 extends AssignmentEndpoint {
            String[] lines = unescapedString.split("<html>");

            String include = (lines[0]);
-            String first_name_element = doc.select("body > table > tbody > tr:nth-child(1) > td:nth-child(2)").first().text();
-            String last_name_element = doc.select("body > table > tbody > tr:nth-child(2) > td:nth-child(2)").first().text();
+            String fistNameElement = doc.select("body > table > tbody > tr:nth-child(1) > td:nth-child(2)").first().text();
+            String lastNameElement = doc.select("body > table > tbody > tr:nth-child(2) > td:nth-child(2)").first().text();

            Boolean includeCorrect = false;
            Boolean firstNameCorrect = false;
@ -58,10 +59,10 @@ public class CrossSiteScriptingLesson3 extends AssignmentEndpoint {
            if (include.contains("<%@") && include.contains("taglib") && include.contains("uri=\"https://www.owasp.org/index.php/OWASP_Java_Encoder_Project\"") && include.contains("%>")) {
                includeCorrect = true;
            }
-            if (first_name_element.equals("${e:forHtml(param.first_name)}")) {
+            if (fistNameElement.equals("${e:forHtml(param.first_name)}")) {
                firstNameCorrect = true;
            }
-            if (last_name_element.equals("${e:forHtml(param.last_name)}")) {
+            if (lastNameElement.equals("${e:forHtml(param.last_name)}")) {
                lastNameCorrect = true;
            }

--- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/stored/StoredCrossSiteScriptingVerifier.java
+++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/stored/StoredCrossSiteScriptingVerifier.java
@ -25,7 +25,10 @@ package org.owasp.webgoat.xss.stored;
 import org.owasp.webgoat.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.assignments.AttackResult;
 import org.owasp.webgoat.session.UserSessionData;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;

 /**
 * Created by jason on 11/23/16.
@ -33,7 +36,7 @@ import org.springframework.web.bind.annotation.*;
@RestController
 public class StoredCrossSiteScriptingVerifier extends AssignmentEndpoint {

-	//TODO This assignment seems not to be in use in the UI
+    //TODO This assignment seems not to be in use in the UI
    @PostMapping("/CrossSiteScriptingStored/stored-xss-follow-up")
    @ResponseBody
    public AttackResult completed(@RequestParam String successMessage) {
--- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/stored/StoredXssComments.java
+++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/stored/StoredXssComments.java
@ -24,8 +24,6 @@ package org.owasp.webgoat.xss.stored;

 import com.beust.jcommander.internal.Lists;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.collect.EvictingQueue;
-import com.google.common.collect.Maps;
 import org.joda.time.DateTime;
 import org.joda.time.format.DateTimeFormat;
 import org.joda.time.format.DateTimeFormatter;
@ -50,8 +48,8 @@ public class StoredXssComments extends AssignmentEndpoint {
    private WebSession webSession;
    private static DateTimeFormatter fmt = DateTimeFormat.forPattern("yyyy-MM-dd, HH:mm:ss");

-    private static final Map<String, EvictingQueue<Comment>> userComments = Maps.newHashMap();
-    private static final EvictingQueue<Comment> comments = EvictingQueue.create(100);
+    private static final Map<String, List<Comment>> userComments = new HashMap<>();
+    private static final List<Comment> comments = new ArrayList<>();
    private static final String phoneHomeString = "<script>webgoat.customjs.phoneHome()</script>";


@ -82,7 +80,7 @@ public class StoredXssComments extends AssignmentEndpoint {
    public AttackResult createNewComment(@RequestBody String commentStr) {
        Comment comment = parseJson(commentStr);

-        EvictingQueue<Comment> comments = userComments.getOrDefault(webSession.getUserName(), EvictingQueue.create(100));
+        List<Comment> comments = userComments.getOrDefault(webSession.getUserName(), new ArrayList<>());
        comment.setDateTime(DateTime.now().toString(fmt));
        comment.setUser(webSession.getUserName());