Code style (#696)

* Remove Guava dependency from WebGoat * Add Checkstyle to the project with very basic standards so we have a style across lessons. It does not interfere with basic Intellij formatting
2019-11-03 18:11:09 +01:00
parent 66bd1d8c1a
commit 1a83e2825e
94 changed files with 829 additions and 828 deletions
--- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java
+++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java
@ -22,24 +22,17 @@

 package org.owasp.webgoat.jwt;

-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
 import io.jsonwebtoken.*;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.owasp.webgoat.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.assignments.AssignmentHints;
-import org.owasp.webgoat.assignments.AssignmentPath;
 import org.owasp.webgoat.assignments.AttackResult;
-import org.owasp.webgoat.session.WebSession;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;

-import java.util.Date;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import java.util.concurrent.TimeUnit;

 /**
@ -52,7 +45,7 @@ public class JWTRefreshEndpoint extends AssignmentEndpoint {

    public static final String PASSWORD = "bm5nhSkxCXZkKRy4";
    private static final String JWT_PASSWORD = "bm5n3SkxCX4kKRy4";
-    private static final List<String> validRefreshTokens = Lists.newArrayList();
+    private static final List<String> validRefreshTokens = new ArrayList<>();

    @PostMapping(value = "/JWT/refresh/login", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
    @ResponseBody
@ -67,7 +60,7 @@ public class JWTRefreshEndpoint extends AssignmentEndpoint {
    }

    private Map<String, Object> createNewTokens(String user) {
-        Map<String, Object> claims = Maps.newHashMap();
+        Map<String, Object> claims = new HashMap<>();
        claims.put("admin", "false");
        claims.put("user", user);
        String token = Jwts.builder()
@ -75,7 +68,7 @@ public class JWTRefreshEndpoint extends AssignmentEndpoint {
                .setClaims(claims)
                .signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, JWT_PASSWORD)
                .compact();
-        Map<String, Object> tokenJson = Maps.newHashMap();
+        Map<String, Object> tokenJson = new HashMap<>();
        String refreshToken = RandomStringUtils.randomAlphabetic(20);
        validRefreshTokens.add(refreshToken);
        tokenJson.put("access_token", token);
--- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java
+++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java
@ -22,24 +22,16 @@

 package org.owasp.webgoat.jwt;

-import com.google.common.collect.Lists;
-import io.jsonwebtoken.impl.TextCodec;
-import org.owasp.webgoat.assignments.AssignmentEndpoint;
-import org.owasp.webgoat.assignments.AssignmentHints;
-import org.owasp.webgoat.assignments.AssignmentPath;
-import org.owasp.webgoat.assignments.AttackResult;
-import org.springframework.http.MediaType;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwt;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
-
-import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.bind.annotation.RestController;
+import io.jsonwebtoken.impl.TextCodec;
+import org.owasp.webgoat.assignments.AssignmentEndpoint;
+import org.owasp.webgoat.assignments.AssignmentHints;
+import org.owasp.webgoat.assignments.AttackResult;
+import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.*;

 import java.time.Instant;
 import java.util.Calendar;
@ -55,24 +47,24 @@ import java.util.Random;
@AssignmentHints({"jwt-secret-hint1", "jwt-secret-hint2", "jwt-secret-hint3"})
 public class JWTSecretKeyEndpoint extends AssignmentEndpoint {

-	public static final String[] SECRETS = {"victory","business","available", "shipping", "washington"};
+    public static final String[] SECRETS = {"victory", "business", "available", "shipping", "washington"};
    public static final String JWT_SECRET = TextCodec.BASE64.encode(SECRETS[new Random().nextInt(SECRETS.length)]);
    private static final String WEBGOAT_USER = "WebGoat";
-    private static final List<String> expectedClaims = Lists.newArrayList("iss", "iat", "exp", "aud", "sub", "username", "Email", "Role");
+    private static final List<String> expectedClaims = List.of("iss", "iat", "exp", "aud", "sub", "username", "Email", "Role");

-    @RequestMapping(path="/JWT/secret/gettoken",produces=MediaType.TEXT_HTML_VALUE)
+    @RequestMapping(path = "/JWT/secret/gettoken", produces = MediaType.TEXT_HTML_VALUE)
    @ResponseBody
    public String getSecretToken() {
-    	return Jwts.builder()
-    		.setIssuer("WebGoat Token Builder")
-    		.setAudience("webgoat.org")
-    		.setIssuedAt(Calendar.getInstance().getTime())
-    		.setExpiration(Date.from(Instant.now().plusSeconds(60)))
-    		.setSubject("tom@webgoat.org")
-    		.claim("username", "Tom")
-    		.claim("Email", "tom@webgoat.org")
-    		.claim("Role", new String[] {"Manager", "Project Administrator"})
-    		.signWith(SignatureAlgorithm.HS256, JWT_SECRET).compact();
+        return Jwts.builder()
+                .setIssuer("WebGoat Token Builder")
+                .setAudience("webgoat.org")
+                .setIssuedAt(Calendar.getInstance().getTime())
+                .setExpiration(Date.from(Instant.now().plusSeconds(60)))
+                .setSubject("tom@webgoat.org")
+                .claim("username", "Tom")
+                .claim("Email", "tom@webgoat.org")
+                .claim("Role", new String[]{"Manager", "Project Administrator"})
+                .signWith(SignatureAlgorithm.HS256, JWT_SECRET).compact();
    }

    @PostMapping("/JWT/secret")
@ -93,7 +85,7 @@ public class JWTSecretKeyEndpoint extends AssignmentEndpoint {
                }
            }
        } catch (Exception e) {
-        	e.printStackTrace();
+            e.printStackTrace();
            return trackProgress(failed().feedback("jwt-invalid-token").output(e.getMessage()).build());
        }
    }
--- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java
+++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java
@ -22,7 +22,6 @@

 package org.owasp.webgoat.jwt;

-import com.google.common.collect.Maps;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwt;
 import io.jsonwebtoken.JwtException;
@ -46,6 +45,7 @@ import javax.servlet.http.HttpServletResponse;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.Map;

 import static java.util.Comparator.comparingLong;
@ -64,7 +64,7 @@ public class JWTVotesEndpoint extends AssignmentEndpoint {
    private static String validUsers = "TomJerrySylvester";

    private static int totalVotes = 38929;
-    private Map<String, Vote> votes = Maps.newHashMap();
+    private Map<String, Vote> votes = new HashMap<>();

    @PostConstruct
    public void initVotes() {
--- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java
+++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java
@ -1,6 +1,5 @@
 package org.owasp.webgoat.jwt;

-import com.google.common.collect.Maps;
 import io.jsonwebtoken.Jwts;
 import org.hamcrest.CoreMatchers;
 import org.junit.Before;
@ -8,12 +7,12 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.owasp.webgoat.plugins.LessonTest;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.core.AutoConfigureCache;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;

 import java.util.Date;
+import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;

@ -39,7 +38,7 @@ public class JWTFinalEndpointTest extends LessonTest {
    @Test
    public void solveAssignment() throws Exception {
        String key = "deletingTom";
-        Map<String, Object> claims = Maps.newHashMap();
+        Map<String, Object> claims = new HashMap<>();
        claims.put("username", "Tom");
        String token = Jwts.builder()
                .setHeaderParam("kid", "hacked' UNION select '" + key + "' from INFORMATION_SCHEMA.SYSTEM_USERS --")
--- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java
+++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java
@ -23,7 +23,6 @@
 package org.owasp.webgoat.jwt;

 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.collect.Maps;
 import org.hamcrest.CoreMatchers;
 import org.junit.Before;
 import org.junit.Test;
@ -36,6 +35,7 @@ import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;

+import java.util.HashMap;
 import java.util.Map;

 import static org.hamcrest.Matchers.is;
@ -62,9 +62,7 @@ public class JWTRefreshEndpointTest extends LessonTest {
        ObjectMapper objectMapper = new ObjectMapper();

        //First login to obtain tokens for Jerry
-        Map<String, Object> loginJson = Maps.newHashMap();
-        loginJson.put("user", "Jerry");
-        loginJson.put("password", PASSWORD);
+        var loginJson = Map.of("user", "Jerry", "password", PASSWORD);
        MvcResult result = mockMvc.perform(MockMvcRequestBuilders.post("/JWT/refresh/login")
                .contentType(MediaType.APPLICATION_JSON)
                .content(objectMapper.writeValueAsString(loginJson)))
@ -76,7 +74,7 @@ public class JWTRefreshEndpointTest extends LessonTest {

        //Now create a new refresh token for Tom based on Toms old access token and send the refresh token of Jerry
        String accessTokenTom = "eyJhbGciOiJIUzUxMiJ9.eyJpYXQiOjE1MjYxMzE0MTEsImV4cCI6MTUyNjIxNzgxMSwiYWRtaW4iOiJmYWxzZSIsInVzZXIiOiJUb20ifQ.DCoaq9zQkyDH25EcVWKcdbyVfUL4c9D4jRvsqOqvi9iAd4QuqmKcchfbU8FNzeBNF9tLeFXHZLU4yRkq-bjm7Q";
-        Map<String, Object> refreshJson = Maps.newHashMap();
+        Map<String, Object> refreshJson = new HashMap<>();
        refreshJson.put("refresh_token", refreshToken);
        result = mockMvc.perform(MockMvcRequestBuilders.post("/JWT/refresh/newToken")
                .contentType(MediaType.APPLICATION_JSON)
@ -116,9 +114,7 @@ public class JWTRefreshEndpointTest extends LessonTest {
    public void flowForJerryAlwaysWorks() throws Exception {
        ObjectMapper objectMapper = new ObjectMapper();

-        Map<String, Object> loginJson = Maps.newHashMap();
-        loginJson.put("user", "Jerry");
-        loginJson.put("password", PASSWORD);
+        var loginJson = Map.of("user", "Jerry", "password", PASSWORD);
        MvcResult result = mockMvc.perform(MockMvcRequestBuilders.post("/JWT/refresh/login")
                .contentType(MediaType.APPLICATION_JSON)
                .content(objectMapper.writeValueAsString(loginJson)))
@ -137,9 +133,7 @@ public class JWTRefreshEndpointTest extends LessonTest {
    public void loginShouldNotWorkForJerryWithWrongPassword() throws Exception {
        ObjectMapper objectMapper = new ObjectMapper();

-        Map<String, Object> loginJson = Maps.newHashMap();
-        loginJson.put("user", "Jerry");
-        loginJson.put("password", PASSWORD + "wrong");
+        var loginJson = Map.of("user", "Jerry", "password", PASSWORD + "wrong");
        mockMvc.perform(MockMvcRequestBuilders.post("/JWT/refresh/login")
                .contentType(MediaType.APPLICATION_JSON)
                .content(objectMapper.writeValueAsString(loginJson)))
@ -150,9 +144,7 @@ public class JWTRefreshEndpointTest extends LessonTest {
    public void loginShouldNotWorkForTom() throws Exception {
        ObjectMapper objectMapper = new ObjectMapper();

-        Map<String, Object> loginJson = Maps.newHashMap();
-        loginJson.put("user", "Tom");
-        loginJson.put("password", PASSWORD);
+        var loginJson = Map.of("user", "Tom", "password", PASSWORD);
        mockMvc.perform(MockMvcRequestBuilders.post("/JWT/refresh/login")
                .contentType(MediaType.APPLICATION_JSON)
                .content(objectMapper.writeValueAsString(loginJson)))
@ -162,7 +154,7 @@ public class JWTRefreshEndpointTest extends LessonTest {
    @Test
    public void newTokenShouldWorkForJerry() throws Exception {
        ObjectMapper objectMapper = new ObjectMapper();
-        Map<String, Object> loginJson = Maps.newHashMap();
+        Map<String, Object> loginJson = new HashMap<>();
        loginJson.put("user", "Jerry");
        loginJson.put("password", PASSWORD);
        MvcResult result = mockMvc.perform(MockMvcRequestBuilders.post("/JWT/refresh/login")
@ -174,8 +166,7 @@ public class JWTRefreshEndpointTest extends LessonTest {
        String accessToken = tokens.get("access_token");
        String refreshToken = tokens.get("refresh_token");

-        Map<String, Object> refreshJson = Maps.newHashMap();
-        refreshJson.put("refresh_token", refreshToken);
+        var refreshJson = Map.of("refresh_token", refreshToken);
        mockMvc.perform(MockMvcRequestBuilders.post("/JWT/refresh/newToken")
                .contentType(MediaType.APPLICATION_JSON)
                .header("Authorization", "Bearer " + accessToken)
@ -186,7 +177,7 @@ public class JWTRefreshEndpointTest extends LessonTest {
    @Test
    public void unknownRefreshTokenShouldGiveUnauthorized() throws Exception {
        ObjectMapper objectMapper = new ObjectMapper();
-        Map<String, Object> loginJson = Maps.newHashMap();
+        Map<String, Object> loginJson = new HashMap<>();
        loginJson.put("user", "Jerry");
        loginJson.put("password", PASSWORD);
        MvcResult result = mockMvc.perform(MockMvcRequestBuilders.post("/JWT/refresh/login")
@ -197,8 +188,7 @@ public class JWTRefreshEndpointTest extends LessonTest {
        Map<String, String> tokens = objectMapper.readValue(result.getResponse().getContentAsString(), Map.class);
        String accessToken = tokens.get("access_token");

-        Map<String, Object> refreshJson = Maps.newHashMap();
-        refreshJson.put("refresh_token", "wrong_refresh_token");
+        var refreshJson = Map.of("refresh_token", "wrong_refresh_token");
        mockMvc.perform(MockMvcRequestBuilders.post("/JWT/refresh/newToken")
                .contentType(MediaType.APPLICATION_JSON)
                .header("Authorization", "Bearer " + accessToken)
--- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/TokenTest.java
+++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/TokenTest.java
@ -22,16 +22,12 @@

 package org.owasp.webgoat.jwt;

-import com.google.common.base.Charsets;
-import com.google.common.collect.Maps;
 import io.jsonwebtoken.*;
 import io.jsonwebtoken.impl.TextCodec;
 import org.junit.Test;

 import java.time.Duration;
 import java.time.Instant;
-import java.time.LocalDateTime;
-import java.time.Period;
 import java.util.Date;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
@ -41,10 +37,7 @@ public class TokenTest {
    @Test
    public void test() {
        String key = "qwertyqwerty1234";
-        Map<String, Object> claims = Maps.newHashMap();
-        claims.put("username", "Jerry");
-        claims.put("aud", "webgoat.org");
-        claims.put("email", "jerry@webgoat.com");
+        Map<String, Object> claims = Map.of("username", "Jerry", "aud", "webgoat.org", "email", "jerry@webgoat.com");
        String token = Jwts.builder()
                .setHeaderParam("kid", "webgoat_key")
                .setIssuedAt(new Date(System.currentTimeMillis() + TimeUnit.DAYS.toDays(10)))
@ -52,7 +45,7 @@ public class TokenTest {
                .signWith(io.jsonwebtoken.SignatureAlgorithm.HS512, key).compact();
        System.out.println(token);
        Jwt jwt = Jwts.parser().setSigningKey("qwertyqwerty1234").parse(token);
-        jwt = Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter(){
+        jwt = Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
            @Override
            public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
                return TextCodec.BASE64.decode(key);