dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Code style (#696)

Browse Source 
* Remove Guava dependency from WebGoat

* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting
This commit is contained in:
Nanne Baars
2019-11-03 18:11:09 +01:00
committed by René Zubcevic
parent 66bd1d8c1a
commit 1a83e2825e
94 changed files with 829 additions and 828 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java
View File

@ -39,36 +39,36 @@ public class SecurePasswordsAssignment extends AssignmentEndpoint {
@ResponseBody
public AttackResult completed(@RequestParam String password) {
Zxcvbn zxcvbn = new Zxcvbn();
Strength strength = zxcvbn.measure(password);
StringBuffer output = new StringBuffer();
DecimalFormat df = new DecimalFormat("0", DecimalFormatSymbols.getInstance(Locale.ENGLISH));
df.setMaximumFractionDigits(340);
Strength strength = zxcvbn.measure(password);
output.append("<b>Your Password: *******</b></br>");
output.append("<b>Length: </b>" + password.length()+ "</br>");
output.append("<b>Estimated guesses needed to crack your password: </b>" + df.format(strength.getGuesses())+ "</br>");
output.append("<div style=\"float: left;padding-right: 10px;\"><b>Score: </b>" + strength.getScore()+ "/4 </div>");
if(strength.getScore()<=1){
output.append("<b>Length: </b>" + password.length() + "</br>");
output.append("<b>Estimated guesses needed to crack your password: </b>" + df.format(strength.getGuesses()) + "</br>");
output.append("<div style=\"float: left;padding-right: 10px;\"><b>Score: </b>" + strength.getScore() + "/4 </div>");
if (strength.getScore() <= 1) {
output.append("<div style=\"background-color:red;width: 200px;border-radius: 12px;float: left;\">&nbsp;</div></br>");
} else if(strength.getScore()<=3){
} else if (strength.getScore() <= 3) {
output.append("<div style=\"background-color:orange;width: 200px;border-radius: 12px;float: left;\">&nbsp;</div></br>");
} else{
} else {
output.append("<div style=\"background-color:green;width: 200px;border-radius: 12px;float: left;\">&nbsp;</div></br>");
}
output.append("<b>Estimated cracking time: </b>" + calculateTime((long) strength.getCrackTimeSeconds().getOnlineNoThrottling10perSecond()));
if(strength.getFeedback().getWarning().length() != 0)
if (strength.getFeedback().getWarning().length() != 0)
output.append("</br><b>Warning: </b>" + strength.getFeedback().getWarning());
// possible feedback: https://github.com/dropbox/zxcvbn/blob/master/src/feedback.coffee
// maybe ask user to try also weak passwords to see and understand feedback?
if(strength.getFeedback().getSuggestions().size() != 0){
if (strength.getFeedback().getSuggestions().size() != 0) {
output.append("</br><b>Suggestions:</b></br><ul>");
for(String sug: strength.getFeedback().getSuggestions()) output.append("<li>"+sug+"</li>");
for (String sug : strength.getFeedback().getSuggestions()) output.append("<li>" + sug + "</li>");
output.append("</ul></br>");
}
output.append("<b>Score: </b>" + strength.getScore()+ "/5 </br>");
output.append("<b>Score: </b>" + strength.getScore() + "/5 </br>");
output.append("<b>Estimated cracking time in seconds: </b>" + calculateTime((long) strength.getCrackTimeSeconds().getOnlineNoThrottling10perSecond()));
if(strength.getScore() >= 4)
if (strength.getScore() >= 4)
return trackProgress(success().feedback("securepassword-success").output(output.toString()).build());
else
return trackProgress(failed().feedback("securepassword-failed").output(output.toString()).build());
@ -76,16 +76,16 @@ public class SecurePasswordsAssignment extends AssignmentEndpoint {
public static String calculateTime(long seconds) {
int s = 1;
int min = (60*s);
int hr = (60*min);
int d = (24*hr);
int yr = (365*d);
int min = (60 * s);
int hr = (60 * min);
int d = (24 * hr);
int yr = (365 * d);
long years = seconds/(d)/365;
long days = (seconds%yr)/(d);
long hours = (seconds%d)/(hr);
long minutes = (seconds%hr)/(min);
long sec = (seconds%min*s);
long years = seconds / (d) / 365;
long days = (seconds % yr) / (d);
long hours = (seconds % d) / (hr);
long minutes = (seconds % hr) / (min);
long sec = (seconds % min * s);
return (years + " years " + days + " days " + hours + " hours " + minutes + " minutes " + sec + " seconds");
}