Fix XXE lesson, the exact .webgoat directory including version number will be put in the lesson.

2018-04-24 20:44:05 +02:00 · 2018-04-24 20:44:05 +02:00 · 245ba2c3d1
commit 245ba2c3d1
parent 672d78eebc
4 changed files with 33 additions and 9 deletions
--- a/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
@ -35,6 +35,7 @@ import com.google.common.collect.Sets;
 import lombok.extern.slf4j.Slf4j;
 import org.asciidoctor.Asciidoctor;
 import org.asciidoctor.extension.JavaExtensionRegistry;
+import org.owasp.webgoat.asciidoc.WebGoatVersionMacro;
 import org.owasp.webgoat.asciidoc.WebWolfMacro;
 import org.owasp.webgoat.i18n.Language;
 import org.thymeleaf.TemplateProcessingParameters;
@ -86,6 +87,7 @@ public class AsciiDoctorTemplateResolver extends TemplateResolver {
                    StringWriter writer = new StringWriter();
                    JavaExtensionRegistry extensionRegistry = asciidoctor.javaExtensionRegistry();
                    extensionRegistry.inlineMacro("webWolfLink", WebWolfMacro.class);
+                    extensionRegistry.inlineMacro("webGoatVersion", WebGoatVersionMacro.class);

                    asciidoctor.convert(new InputStreamReader(is), writer, createAttributes());
                    return new ByteArrayInputStream(writer.getBuffer().toString().getBytes(UTF_8));
--- a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebGoatVersionMacro.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebGoatVersionMacro.java
@ -0,0 +1,23 @@
+package org.owasp.webgoat.asciidoc;
+
+import org.asciidoctor.ast.AbstractBlock;
+import org.asciidoctor.extension.InlineMacroProcessor;
+import org.springframework.core.env.Environment;
+import org.springframework.util.StringUtils;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Map;
+
+public class WebGoatVersionMacro extends InlineMacroProcessor {
+
+    public WebGoatVersionMacro(String macroName, Map<String, Object> config) {
+        super(macroName, config);
+    }
+
+    @Override
+    protected String process(AbstractBlock parent, String target, Map<String, Object> attributes) {
+        return EnvironmentExposure.getEnv().getProperty("webgoat.build.version");
+    }
+}
--- a/webgoat-container/src/main/resources/templates/main_new.html
+++ b/webgoat-container/src/main/resources/templates/main_new.html
@ -76,14 +76,13 @@
                    </a>
                    </li>
                    <li role="presentation" class="divider"></li>
-                    <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#"
-                                                                th:text="#{version}">Version: <span
-                            th:text="${@environment.getProperty('webgoat.build.version')}"></span></a>
+                    <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">
+                        <span th:text="#{version}">Version:</span><span>: </span>
+                        <span th:text="${@environment.getProperty('webgoat.build.version')}"></span></a>
                    </li>
-                    <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#"
-                                                                th:text="#{build}">Build:
+                    <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">
+                        <span th:text="#{build}">Build:</span><span>: </span>
                        <span th:text="${@environment.getProperty('webgoat.build.number')}"></span></a></li>
-
                </ul>
            </div>
            <div style="display:inline" id="settings">
--- a/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_blind_assignment.adoc
+++ b/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_blind_assignment.adoc
@ -9,13 +9,13 @@ DTD.
 |OS |Location

 |Linux
-|`/home/USER/.webgoat/XXE/secret.txt`
+|`/home/USER/.webgoat-webGoatVersion:version[]/XXE/secret.txt`

 |Windows
-|`c:/Users/USER/.webgoat/XXE/secret.txt`
+|`c:/Users/USER/.webgoat-webGoatVersion:version[]/XXE/secret.txt`

 |Docker
-|`/home/webgoat/.webgoat/XXE/secret.txt`
+|`/home/webgoat/.webgoat-webGoatVersion:version[]/XXE/secret.txt`
 |===

 Try to upload this file using WebWolf landing page for example: `http://localhost:8081/WebWolf/landing?text=[contents_file]`