dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Renamed to vulnerablecomponents

Browse Source
This commit is contained in:
Àngel Ollé Blázquez 2022-07-30 22:41:26 +02:00
parent b93c935d6c
commit 256c1dd3aa
28 changed files with 24 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java
View File

@ -65,7 +65,7 @@ public class GeneralLessonIntegrationTest extends IntegrationTest {
@Test @Test
public void vulnerableComponents() { public void vulnerableComponents() {
String solution = "<contact class='dynamic-proxy'>\n" + String solution = "<contact class='dynamic-proxy'>\n" +
"<interface>org.owasp.webgoat.lessons.vulnerable_components.Contact</interface>\n" + "<interface>org.owasp.webgoat.lessons.vulnerablecomponents.Contact</interface>\n" +
" <handler class='java.beans.EventHandler'>\n" + " <handler class='java.beans.EventHandler'>\n" +
" <target class='java.lang.ProcessBuilder'>\n" + " <target class='java.lang.ProcessBuilder'>\n" +
" <command>\n" + " <command>\n" +

2
src/main/java/org/owasp/webgoat/lessons/vulnerable_components/Contact.java → src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/Contact.java
View File

@ -20,7 +20,7 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.vulnerable_components; package org.owasp.webgoat.lessons.vulnerablecomponents;
public interface Contact { public interface Contact {

2
src/main/java/org/owasp/webgoat/lessons/vulnerable_components/ContactImpl.java → src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/ContactImpl.java
View File

@ -20,7 +20,7 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.vulnerable_components; package org.owasp.webgoat.lessons.vulnerablecomponents;
import lombok.Data; import lombok.Data;

2
src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponents.java → src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponents.java
View File

@ -20,7 +20,7 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.vulnerable_components; package org.owasp.webgoat.lessons.vulnerablecomponents;
import org.owasp.webgoat.container.lessons.Category; import org.owasp.webgoat.container.lessons.Category;
import org.owasp.webgoat.container.lessons.Lesson; import org.owasp.webgoat.container.lessons.Lesson;

2
src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponentsLesson.java → src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java
View File

@ -20,7 +20,7 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.vulnerable_components; package org.owasp.webgoat.lessons.vulnerablecomponents;
import com.thoughtworks.xstream.XStream; import com.thoughtworks.xstream.XStream;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;

0
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_content0.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content0.adoc
View File

0
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_content1.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content1.adoc
View File

0
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_content1a.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content1a.adoc
View File

0
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_content2.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content2.adoc
View File

0
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_content2a.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content2a.adoc
View File

0
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_content3.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content3.adoc
View File

0
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_content4.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content4.adoc
View File

0
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_content4a.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content4a.adoc
View File

0
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_content4b.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content4b.adoc
View File

0
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_content4c.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content4c.adoc
View File

0
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_content5.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content5.adoc
View File

2
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_content5a.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content5a.adoc
View File

@ -13,6 +13,6 @@ WebGoat uses an XML document to add contacts to a contacts database.
</contact> </contact>
---- ----
The java interface that you need for the exercise is: org.owasp.webgoat.vulnerable_components.Contact. The java interface that you need for the exercise is: org.owasp.webgoat.vulnerablecomponents.Contact.
Start by sending the above contact to see what the normal response would be and then read the CVE vulnerability documentation (search the Internet) and try to trigger the vulnerability. Start by sending the above contact to see what the normal response would be and then read the CVE vulnerability documentation (search the Internet) and try to trigger the vulnerability.
For this example, we will let you enter the XML directly versus intercepting the request and modifying the data. You provide the XML representation of a contact and WebGoat will convert it a Contact object using `XStream.fromXML(xml)`. For this example, we will let you enter the XML directly versus intercepting the request and modifying the data. You provide the XML representation of a contact and WebGoat will convert it a Contact object using `XStream.fromXML(xml)`.

0
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_content6.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_content6.adoc
View File

0
src/main/resources/lessons/vulnerable_components/documentation/VulnerableComponents_plan.adoc → src/main/resources/lessons/vulnerablecomponents/documentation/VulnerableComponents_plan.adoc
View File

28
src/main/resources/lessons/vulnerable_components/html/VulnerableComponents.html → src/main/resources/lessons/vulnerablecomponents/html/VulnerableComponents.html
View File

@ -4,20 +4,20 @@
<link rel="stylesheet" type="text/css" href="http://code.jquery.com/ui/1.9.1/themes/base/jquery-ui.css" /> <link rel="stylesheet" type="text/css" href="http://code.jquery.com/ui/1.9.1/themes/base/jquery-ui.css" />
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_plan.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_plan.adoc"></div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_content0.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content0.adoc"></div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_content1.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content1.adoc"></div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_content1a.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content1a.adoc"></div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_content2.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content2.adoc"></div>
<div class="attack-container"> <div class="attack-container">
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat --> <!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
<div id="lessonContent"> <div id="lessonContent">
@ -45,7 +45,7 @@
</div> </div>
</div> </div>
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_content2a.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content2a.adoc"></div>
<div class="attack-container"> <div class="attack-container">
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat --> <!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
<div id="lessonContent"> <div id="lessonContent">
@ -75,26 +75,26 @@
</div> </div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_content3.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content3.adoc"></div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_content4.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content4.adoc"></div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_content4a.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content4a.adoc"></div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_content4b.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content4b.adoc"></div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_content4c.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content4c.adoc"></div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_content5.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content5.adoc"></div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_content5a.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content5a.adoc"></div>
<div class="attack-container"> <div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN" <form class="attack-form" accept-charset="UNKNOWN"
@ -120,7 +120,7 @@
</div> </div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/vulnerable_components/documentation/VulnerableComponents_content6.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/vulnerablecomponents/documentation/VulnerableComponents_content6.adoc"></div>
</div> </div>
</html> </html>

0
src/main/resources/lessons/vulnerable_components/i18n/WebGoatLabels.properties → src/main/resources/lessons/vulnerablecomponents/i18n/WebGoatLabels.properties
View File

0
src/main/resources/lessons/vulnerable_components/images/OWASP-2013-A9.png → src/main/resources/lessons/vulnerablecomponents/images/OWASP-2013-A9.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.0 MiB

After

Width:  |  Height:  |  Size: 1.0 MiB

0
src/main/resources/lessons/vulnerable_components/images/OWASP-Dep-Check.png → src/main/resources/lessons/vulnerablecomponents/images/OWASP-Dep-Check.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 116 KiB

After

Width:  |  Height:  |  Size: 116 KiB

0
src/main/resources/lessons/vulnerable_components/images/Old-Components.png → src/main/resources/lessons/vulnerablecomponents/images/Old-Components.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 28 KiB

After

Width:  |  Height:  |  Size: 28 KiB

0
src/main/resources/lessons/vulnerable_components/images/OpenSourceGrowing.png → src/main/resources/lessons/vulnerablecomponents/images/OpenSourceGrowing.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 148 KiB

After

Width:  |  Height:  |  Size: 148 KiB

0
src/main/resources/lessons/vulnerable_components/images/Risk-of-Old-Components.png → src/main/resources/lessons/vulnerablecomponents/images/Risk-of-Old-Components.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 32 KiB

0
src/main/resources/lessons/vulnerable_components/images/WebGoat-Vulns.png → src/main/resources/lessons/vulnerablecomponents/images/WebGoat-Vulns.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 105 KiB

After

Width:  |  Height:  |  Size: 105 KiB

6
src/test/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponentsLessonTest.java → src/test/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLessonTest.java
View File

@ -20,12 +20,14 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.vulnerable_components; package org.owasp.webgoat.lessons.vulnerablecomponents;
import com.thoughtworks.xstream.XStream; import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.io.StreamException; import com.thoughtworks.xstream.io.StreamException;
import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.owasp.webgoat.lessons.vulnerablecomponents.Contact;
import org.owasp.webgoat.lessons.vulnerablecomponents.ContactImpl;
import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertThrows;
@ -34,7 +36,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
public class VulnerableComponentsLessonTest { public class VulnerableComponentsLessonTest {
String strangeContact = "<contact class='dynamic-proxy'>\n" + String strangeContact = "<contact class='dynamic-proxy'>\n" +
"<interface>org.owasp.webgoat.vulnerable_components.Contact</interface>\n" + "<interface>org.owasp.webgoat.vulnerablecomponents.Contact</interface>\n" +
" <handler class='java.beans.EventHandler'>\n" + " <handler class='java.beans.EventHandler'>\n" +
" <target class='java.lang.ProcessBuilder'>\n" + " <target class='java.lang.ProcessBuilder'>\n" +
" <command>\n" + " <command>\n" +