dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

moved global properties from lessons to container, added loading of global properties to course, updated SqlInjection lesson

Browse Source
This commit is contained in:
Bruce Mayhew
2015-02-06 08:49:06 -05:00
parent cbc58dc4fa
commit 1d7ecb0627
11 changed files with 77 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java
View File

@ -49,8 +49,8 @@ public class PluginExtractor {
return FileVisitResult.CONTINUE;
}
});
} catch (IOException io) {
new Plugin.PluginLoadingFailure(format("Unable to extract: %s", pluginArchive.getFileName()), io);
} catch (Exception e) {
new Plugin.PluginLoadingFailure(format("Unable to extract: %s", pluginArchive.getFileName()), e);
}
}
@ -62,7 +62,7 @@ public class PluginExtractor {
return this.files;
}
private FileSystem createZipFileSystem() throws IOException {
private FileSystem createZipFileSystem() throws Exception {
final URI uri = URI.create("jar:file:" + pluginArchive.toUri().getPath());
return FileSystems.newFileSystem(uri, new HashMap<String, Object>());
}

15
src/main/java/org/owasp/webgoat/plugins/PluginFileUtils.java
View File

@ -2,8 +2,11 @@ package org.owasp.webgoat.plugins;
import java.io.IOException;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.List;
public class PluginFileUtils {
@ -27,5 +30,17 @@ public class PluginFileUtils {
}
return p;
}
public static List<Path> getFilesInDirectory( Path directory) throws IOException
{
List<Path> files = new ArrayList<>();
DirectoryStream<Path> dirStream;
dirStream = Files.newDirectoryStream(directory);
for (Path entry : dirStream) {
files.add(entry);
}
dirStream.close();
return files;
}
}

21
src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
View File

@ -14,7 +14,8 @@ import java.util.List;
public class PluginsLoader implements Runnable {
private final Logger logger = LoggerFactory.getLogger(this.getClass());
protected static final String WEBGOAT_PLUGIN_EXTENSION = "jar";
private final Logger logger = LoggerFactory.getLogger(this.getClass());
private final Path pluginSource;
private Path pluginTarget;
@ -31,14 +32,16 @@ public class PluginsLoader implements Runnable {
@Override
public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException {
try {
PluginFileUtils.createDirsIfNotExists(pluginTarget);
PluginExtractor extractor = new PluginExtractor(file);
extractor.extract(pluginTarget);
Plugin plugin = new Plugin(pluginTarget);
plugin.loadClasses(extractor.getClasses());
plugin.loadFiles(extractor.getFiles(), reload);
plugin.rewritePaths(pluginTarget);
plugins.add(plugin);
if (PluginFileUtils.fileEndsWith(file, WEBGOAT_PLUGIN_EXTENSION)) {
PluginFileUtils.createDirsIfNotExists(pluginTarget);
PluginExtractor extractor = new PluginExtractor(file);
extractor.extract(pluginTarget);
Plugin plugin = new Plugin(pluginTarget);
plugin.loadClasses(extractor.getClasses());
plugin.loadFiles(extractor.getFiles(), reload);
plugin.rewritePaths(pluginTarget);
plugins.add(plugin);
}
} catch (Plugin.PluginLoadingFailure e) {
logger.error("Unable to load plugin, continue loading others...");
}

20
src/main/java/org/owasp/webgoat/session/Course.java
View File

@ -4,11 +4,13 @@ import org.owasp.webgoat.HammerHead;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.plugins.Plugin;
import org.owasp.webgoat.plugins.PluginFileUtils;
import org.owasp.webgoat.plugins.PluginsLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.ServletContext;
import java.io.File;
import java.io.IOException;
import java.nio.file.Path;
@ -175,7 +177,7 @@ public class Course {
List<String> roles = new ArrayList<String>();
roles.add(AbstractLesson.USER_ROLE);
// Category 0 is the admin function. We want the first real category
// to be returned. This is noramally the General category and the Http Basics lesson
// to be returned. This is normally the General category and the Http Basics lesson
return ((AbstractLesson) getLessons((Category) getCategories().get(0), roles).get(0));
}
@ -281,7 +283,7 @@ public class Course {
return null;
}
private void loadLessionFromPlugin(ServletContext context) {
private void loadLessonFromPlugin(ServletContext context) {
context.getContextPath();
logger.debug("Loading plugins into cache");
String pluginPath = context.getRealPath("plugin_lessons");
@ -290,8 +292,18 @@ public class Course {
logger.error("Plugins directory {} not found", pluginPath);
return;
}
// Do a one time load of the container properties
String containerPath = context.getRealPath("container//i18n");
Plugin theContainer = new Plugin(Paths.get(targetPath));
try {
theContainer.loadFiles(PluginFileUtils.getFilesInDirectory(Paths.get(containerPath)), false);
} catch (IOException io) {
logger.error("Error loading container properties: ", io);
}
Path pluginDirectory = Paths.get(pluginPath);
List<Plugin> plugins = new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).loadPlugins(false);
List<Plugin> plugins = new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).loadPlugins(true);
for (Plugin plugin : plugins) {
try {
Class<AbstractLesson> c = plugin.getLesson();
@ -326,7 +338,7 @@ public class Course {
public void loadCourses(WebgoatContext webgoatContext, ServletContext context, String path) {
logger.info("Loading courses: " + path);
this.webgoatContext = webgoatContext;
loadLessionFromPlugin(context);
loadLessonFromPlugin(context);
}
}