Code style (#696)

* Remove Guava dependency from WebGoat

* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting

webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java

@@ -38,27 +38,28 @@ import java.io.ObjectInputStream;
 import java.util.Base64;
 
 @RestController
-@AssignmentHints({"insecure-deserialization.hints.1","insecure-deserialization.hints.2","insecure-deserialization.hints.3"})
+@AssignmentHints({"insecure-deserialization.hints.1", "insecure-deserialization.hints.2", "insecure-deserialization.hints.3"})
 public class InsecureDeserializationTask extends AssignmentEndpoint {
 
     @PostMapping("/InsecureDeserialization/task")
     @ResponseBody
     public AttackResult completed(@RequestParam String token) throws IOException {
         String b64token;
-        long before, after;
+        long before;
+        long after;
         int delay;
 
         b64token = token.replace('-', '+').replace('_', '/');
-        
+
         try (ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(Base64.getDecoder().decode(b64token)))) {
-        	before = System.currentTimeMillis();
-        	Object o = ois.readObject();
-        	if (!(o instanceof VulnerableTaskHolder)) {
-        		if (o instanceof String) {
-        			return trackProgress(failed().feedback("insecure-deserialization.stringobject").build());
-        		}
-        		return trackProgress(failed().feedback("insecure-deserialization.wrongobject").build());
-        	}
+            before = System.currentTimeMillis();
+            Object o = ois.readObject();
+            if (!(o instanceof VulnerableTaskHolder)) {
+                if (o instanceof String) {
+                    return trackProgress(failed().feedback("insecure-deserialization.stringobject").build());
+                }
+                return trackProgress(failed().feedback("insecure-deserialization.wrongobject").build());
+            }
             after = System.currentTimeMillis();
         } catch (InvalidClassException e) {
             return trackProgress(failed().feedback("insecure-deserialization.invalidversion").build());

webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java

@@ -1,54 +1,54 @@
-package org.owasp.webgoat.deserialization;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.DataOutputStream;
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.io.Serializable;
-import java.util.Base64;
-
-public class SerializationHelper {
-	
-	private final static char[] hexArray = "0123456789ABCDEF".toCharArray();
-	
-    public static Object fromString( String s ) throws IOException ,
-            ClassNotFoundException {
-        byte [] data = Base64.getDecoder().decode( s );
-        ObjectInputStream ois = new ObjectInputStream(
-                new ByteArrayInputStream(  data ) );
-        Object o  = ois.readObject();
-        ois.close();
-        return o;
-    }
-
-    public static String toString( Serializable o ) throws IOException {
-
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        ObjectOutputStream oos = new ObjectOutputStream( baos );
-        oos.writeObject( o );
-        oos.close();
-        return Base64.getEncoder().encodeToString(baos.toByteArray());
-    }
-
-    public static String show() throws IOException {
-    	ByteArrayOutputStream baos = new ByteArrayOutputStream();
-    	DataOutputStream dos = new DataOutputStream(baos);
-    	dos.writeLong(-8699352886133051976L);
-    	dos.close();
-    	byte[] longBytes = baos.toByteArray();
-    	return bytesToHex(longBytes);
-    }
-    
-    public static String bytesToHex(byte[] bytes) {
-        char[] hexChars = new char[bytes.length * 2];
-        for ( int j = 0; j < bytes.length; j++ ) {
-            int v = bytes[j] & 0xFF;
-            hexChars[j * 2] = hexArray[v >>> 4];
-            hexChars[j * 2 + 1] = hexArray[v & 0x0F];
-        }
-        return new String(hexChars);
-    }
-
-}
+package org.owasp.webgoat.deserialization;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+import java.util.Base64;
+
+public class SerializationHelper {
+
+    private static final char[] hexArray = "0123456789ABCDEF".toCharArray();
+
+    public static Object fromString(String s) throws IOException,
+            ClassNotFoundException {
+        byte[] data = Base64.getDecoder().decode(s);
+        ObjectInputStream ois = new ObjectInputStream(
+                new ByteArrayInputStream(data));
+        Object o = ois.readObject();
+        ois.close();
+        return o;
+    }
+
+    public static String toString(Serializable o) throws IOException {
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        ObjectOutputStream oos = new ObjectOutputStream(baos);
+        oos.writeObject(o);
+        oos.close();
+        return Base64.getEncoder().encodeToString(baos.toByteArray());
+    }
+
+    public static String show() throws IOException {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        DataOutputStream dos = new DataOutputStream(baos);
+        dos.writeLong(-8699352886133051976L);
+        dos.close();
+        byte[] longBytes = baos.toByteArray();
+        return bytesToHex(longBytes);
+    }
+
+    public static String bytesToHex(byte[] bytes) {
+        char[] hexChars = new char[bytes.length * 2];
+        for (int j = 0; j < bytes.length; j++) {
+            int v = bytes[j] & 0xFF;
+            hexChars[j * 2] = hexArray[v >>> 4];
+            hexChars[j * 2 + 1] = hexArray[v & 0x0F];
+        }
+        return new String(hexChars);
+    }
+
+}