dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improvements for challenge 3

Browse Source
This commit is contained in:
Nanne Baars 2017-05-02 14:26:50 +02:00
parent 344b1f9beb
commit 1edf091c4e
4 changed files with 34 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/Assignment3.java
View File

@ -1,9 +1,12 @@
package org.owasp.webgoat.plugin.challenge3; package org.owasp.webgoat.plugin.challenge3;
import com.beust.jcommander.internal.Lists;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.EvictingQueue; import com.google.common.collect.EvictingQueue;
import com.google.common.collect.Maps;
import com.google.common.io.Files; import com.google.common.io.Files;
import lombok.SneakyThrows; import lombok.SneakyThrows;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime; import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat; import org.joda.time.format.DateTimeFormat;
import org.joda.time.format.DateTimeFormatter; import org.joda.time.format.DateTimeFormatter;
@ -30,6 +33,7 @@ import java.io.IOException;
import java.io.StringReader; import java.io.StringReader;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.util.Collection; import java.util.Collection;
import java.util.Map;
import static org.springframework.http.MediaType.ALL_VALUE; import static org.springframework.http.MediaType.ALL_VALUE;
import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE; import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
@ -49,13 +53,14 @@ public class Assignment3 extends AssignmentEndpoint {
private WebSession webSession; private WebSession webSession;
private static DateTimeFormatter fmt = DateTimeFormat.forPattern("yyyy-MM-dd, HH:mm:ss"); private static DateTimeFormatter fmt = DateTimeFormat.forPattern("yyyy-MM-dd, HH:mm:ss");
private static final Map<String, EvictingQueue<Comment>> userComments = Maps.newHashMap();
private static final EvictingQueue<Comment> comments = EvictingQueue.create(100); private static final EvictingQueue<Comment> comments = EvictingQueue.create(100);
private static final String secretContents = "Congratulations you may now collect your flag"; private static final String secretContents = "Congratulations you may now collect your flag";
static { static {
comments.add(new Comment("webgoat", DateTime.now().toString(fmt), "Silly cat....")); comments.add(new Comment("webgoat", DateTime.now().toString(fmt), "Silly cat...."));
comments.add(new Comment("guest", DateTime.now().toString(fmt), "I think I will use this picture in one of my projects.")); comments.add(new Comment("guest", DateTime.now().toString(fmt), "I think I will use this picture in one of my projects."));
comments.add(new Comment("guest", DateTime.now().toString(), "Lol!! :-).")); comments.add(new Comment("guest", DateTime.now().toString(fmt), "Lol!! :-)."));
} }
@PostConstruct @PostConstruct
@ -68,11 +73,16 @@ public class Assignment3 extends AssignmentEndpoint {
Files.write(secretContents, new File(targetDirectory, "secret.txt"), Charset.defaultCharset()); Files.write(secretContents, new File(targetDirectory, "secret.txt"), Charset.defaultCharset());
} }
@RequestMapping(method = GET, produces = MediaType.APPLICATION_JSON_VALUE)
@RequestMapping(method = GET, produces = APPLICATION_JSON_VALUE)
@ResponseBody @ResponseBody
public Collection<Comment> retrieveComments() { public Collection<Comment> retrieveComments() {
return comments; Collection<Comment> allComments = Lists.newArrayList();
Collection<Comment> xmlComments = userComments.get(webSession.getUserName());
if (xmlComments != null) {
allComments.addAll(xmlComments);
}
allComments.addAll(comments);
return allComments;
} }
@RequestMapping(method = POST, consumes = ALL_VALUE, produces = APPLICATION_JSON_VALUE) @RequestMapping(method = POST, consumes = ALL_VALUE, produces = APPLICATION_JSON_VALUE)
@ -82,27 +92,29 @@ public class Assignment3 extends AssignmentEndpoint {
AttackResult attackResult = failed().build(); AttackResult attackResult = failed().build();
if (APPLICATION_JSON_VALUE.equals(contentType)) { if (APPLICATION_JSON_VALUE.equals(contentType)) {
comment = parseJson(commentStr); comment = parseJson(commentStr);
comment.setDateTime(DateTime.now().toString()); comment.setDateTime(DateTime.now().toString(fmt));
comment.setUser(webSession.getUserName()); comment.setUser(webSession.getUserName());
comments.add(comment);
} }
if (MediaType.APPLICATION_XML_VALUE.equals(contentType)) { if (MediaType.APPLICATION_XML_VALUE.equals(contentType)) {
//Do not show these comments to all users
comment = parseXml(commentStr); comment = parseXml(commentStr);
comment.setDateTime(DateTime.now().toString(fmt)); comment.setDateTime(DateTime.now().toString(fmt));
comment.setUser(webSession.getUserName()); comment.setUser(webSession.getUserName());
} EvictingQueue<Comment> comments = userComments.getOrDefault(webSession.getUserName(), EvictingQueue.create(100));
if (comment != null) {
comments.add(comment); comments.add(comment);
userComments.put(webSession.getUserName(), comments);
}
if (checkSolution(comment)) { if (checkSolution(comment)) {
attackResult = success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(2)).build(); attackResult = success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(2)).build();
} }
}
return attackResult; return attackResult;
} }
private boolean checkSolution(Comment comment) { private boolean checkSolution(Comment comment) {
if (comment.getComment().contains(secretContents)) { if (StringUtils.equals(comment.getText(), secretContents)) {
comment.setComment("Congratulations to " + webSession.getUserName() + " for finding the flag!!"); comment.setText("Congratulations to " + webSession.getUserName() + " for finding the flag!!");
comments.add(comment);
return true; return true;
} }
return false; return false;

5
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge3/Comment.java
View File

@ -5,6 +5,8 @@ import lombok.Getter;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
import lombok.Setter; import lombok.Setter;
import javax.xml.bind.annotation.XmlRootElement;
/** /**
* @author nbaars * @author nbaars
* @since 4/8/17. * @since 4/8/17.
@ -13,9 +15,10 @@ import lombok.Setter;
@Setter @Setter
@AllArgsConstructor @AllArgsConstructor
@NoArgsConstructor @NoArgsConstructor
@XmlRootElement
public class Comment { public class Comment {
private String user; private String user;
private String dateTime; private String dateTime;
private String comment; private String text;
} }

4
webgoat-lessons/challenge/src/main/resources/html/Challenge3.html
View File

@ -10,7 +10,7 @@
<div class="attack-container"> <div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="container"> <div class="container-fluid">
<div class="panel post"> <div class="panel post">
<div class="post-heading"> <div class="post-heading">
<div class="pull-left image"> <div class="pull-left image">
@ -48,7 +48,7 @@
</div> </div>
</div> </div>
<form class="attack-form form-inline" method="POST" name="form" action="/WebGoat/challenge/flag"> <form class="attack-form" method="POST" name="form" action="/WebGoat/challenge/flag">
<div class="form-group"> <div class="form-group">
<div class="input-group"> <div class="input-group">
<div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true" <div class="input-group-addon"><i class="fa fa-flag-checkered" aria-hidden="true"

6
webgoat-lessons/challenge/src/main/resources/js/challenge3.js
View File

@ -4,7 +4,7 @@ $(document).ready(function () {
$.ajax({ $.ajax({
type: 'POST', type: 'POST',
url: 'challenge/3', url: 'challenge/3',
data: JSON.stringify({comment: commentInput}), data: JSON.stringify({text: commentInput}),
contentType: "application/json", contentType: "application/json",
dataType: 'json' dataType: 'json'
}).then( }).then(
@ -17,7 +17,7 @@ $(document).ready(function () {
var html = '<li class="comment">' + var html = '<li class="comment">' +
'<div class="pull-left">' + '<div class="pull-left">' +
'<img class="avatar" src="http://bootdey.com/img/Content/avatar/avatar1.png" alt="avatar"/>' + '<img class="avatar" src="images/avatar1.png" alt="avatar"/>' +
'</div>' + '</div>' +
'<div class="comment-body">' + '<div class="comment-body">' +
'<div class="comment-heading">' + '<div class="comment-heading">' +
@ -36,7 +36,7 @@ $(document).ready(function () {
for (var i = 0; i < result.length; i++) { for (var i = 0; i < result.length; i++) {
var comment = html.replace('USER', result[i].user); var comment = html.replace('USER', result[i].user);
comment = comment.replace('DATETIME', result[i].dateTime); comment = comment.replace('DATETIME', result[i].dateTime);
comment = comment.replace('COMMENT', result[i].comment); comment = comment.replace('COMMENT', result[i].text);
$("#list").append(comment); $("#list").append(comment);
} }