dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added improved quiz for cia-triad and xss

Browse Source
This commit is contained in:
Benedikt - Desktop 2019-01-22 17:36:33 +01:00 committed by Nanne Baars
parent 27a61f0f70
commit 2be2de8ce1
4 changed files with 52 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
webgoat-lessons/cia/src/main/java/org/owasp/webgoat/plugin/CIAQuiz.java
View File

@ -15,41 +15,41 @@ import java.sql.ResultSet;
import java.sql.SQLException; import java.sql.SQLException;
import java.sql.Statement; import java.sql.Statement;
/**
* @TODO: Get JSON from file not from hardcoded string
* add a question: 1. Append new question to JSON string
* 2. add right solution to solutions array
* 3. add Request param with name of question to method head
*/
@AssignmentPath("/cia/quiz") @AssignmentPath("/cia/quiz")
public class CIAQuiz extends AssignmentEndpoint { public class CIAQuiz extends AssignmentEndpoint {
String[] solutions = {"Solution 3", "Solution 1", "Solution 4", "Solution 2"}; String[] solutions = {"Solution 3", "Solution 1", "Solution 4", "Solution 2"};
boolean[] guesses = new boolean[solutions.length];
@RequestMapping(method = RequestMethod.POST) @RequestMapping(method = RequestMethod.POST)
@ResponseBody @ResponseBody
public AttackResult completed(@RequestParam String[] question_0_solution, @RequestParam String[] question_1_solution, @RequestParam String[] question_2_solution, @RequestParam String[] question_3_solution) throws IOException { public AttackResult completed(@RequestParam String[] question_0_solution, @RequestParam String[] question_1_solution, @RequestParam String[] question_2_solution, @RequestParam String[] question_3_solution) throws IOException {
boolean correct = false; int correctAnswers = 0;
String[][] solutionsInput = {question_0_solution, question_1_solution, question_2_solution, question_3_solution};
int counter = 0; String[] givenAnswers = {question_0_solution[0], question_1_solution[0], question_2_solution[0], question_3_solution[0]};
for(String[] sa : solutionsInput) {
for(String s : sa) { for(int i = 0; i < solutions.length; i++) {
if(sa.length == 1 && s.contains(this.solutions[counter])) { if (givenAnswers[i].contains(solutions[i])) {
correct = true; // answer correct
break; correctAnswers++;
guesses[i] = true;
} else { } else {
correct = false; // answer incorrect
continue; guesses[i] = false;
} }
} }
if(!correct) break;
counter++; if(correctAnswers == solutions.length) {
}
if(correct) {
return trackProgress(success().build()); return trackProgress(success().build());
} else { } else {
return trackProgress(failed().build()); return trackProgress(failed().build());
} }
} }
@RequestMapping(method = RequestMethod.GET)
@ResponseBody
public boolean[] getResults() {
return this.guesses;
}
} }

1
webgoat-lessons/cia/src/main/resources/html/CIA.html
View File

@ -20,6 +20,7 @@
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<span id="quiz_id" data-quiz_id="cia"></span> <span id="quiz_id" data-quiz_id="cia"></span>
<link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}"/>
<script th:src="@{/js/quiz.js}" language="JavaScript"></script> <script th:src="@{/js/quiz.js}" language="JavaScript"></script>
<link rel="import" type="application/json" th:href="@{/lesson_js/questions.json}"/> <link rel="import" type="application/json" th:href="@{/lesson_js/questions.json}"/>
<div class="adoc-content" th:replace="doc:CIA_quiz.adoc"></div> <div class="adoc-content" th:replace="doc:CIA_quiz.adoc"></div>

41
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingQuiz.java
View File

@ -10,42 +10,41 @@ import org.springframework.web.bind.annotation.ResponseBody;
import java.io.IOException; import java.io.IOException;
/**
* @TODO: Get JSON from file not from hardcoded string
* add a question: 1. Append new question to JSON string
* 2. add right solution to solutions array
* 3. add Request param with name of question to method head
*/
@AssignmentPath("/cross-site-scripting/quiz") @AssignmentPath("/cross-site-scripting/quiz")
public class CrossSiteScriptingQuiz extends AssignmentEndpoint { public class CrossSiteScriptingQuiz extends AssignmentEndpoint {
String[] solutions = {"Solution 4", "Solution 3", "Solution 1", "Solution 2", "Solution 4"}; String[] solutions = {"Solution 4", "Solution 3", "Solution 1", "Solution 2", "Solution 4"};
boolean[] guesses = new boolean[solutions.length];
@RequestMapping(method = RequestMethod.POST) @RequestMapping(method = RequestMethod.POST)
@ResponseBody @ResponseBody
public AttackResult completed(@RequestParam String[] question_0_solution, @RequestParam String[] question_1_solution, @RequestParam String[] question_2_solution, @RequestParam String[] question_3_solution, @RequestParam String[] question_4_solution) throws IOException { public AttackResult completed(@RequestParam String[] question_0_solution, @RequestParam String[] question_1_solution, @RequestParam String[] question_2_solution, @RequestParam String[] question_3_solution, @RequestParam String[] question_4_solution) throws IOException {
boolean correct = false; int correctAnswers = 0;
String[][] solutionsInput = {question_0_solution, question_1_solution, question_2_solution, question_3_solution, question_4_solution};
int counter = 0; String[] givenAnswers = {question_0_solution[0], question_1_solution[0], question_2_solution[0], question_3_solution[0], question_4_solution[0]};
for(String[] sa : solutionsInput) {
for(String s : sa) { for(int i = 0; i < solutions.length; i++) {
if(sa.length == 1 && s.contains(this.solutions[counter])) { if (givenAnswers[i].contains(solutions[i])) {
correct = true; // answer correct
break; correctAnswers++;
guesses[i] = true;
} else { } else {
correct = false; // answer incorrect
continue; guesses[i] = false;
} }
} }
if(!correct) break;
counter++; if(correctAnswers == solutions.length) {
}
if(correct) {
return trackProgress(success().build()); return trackProgress(success().build());
} else { } else {
return trackProgress(failed().build()); return trackProgress(failed().build());
} }
} }
@RequestMapping(method = RequestMethod.GET)
@ResponseBody
public boolean[] getResults() {
return this.guesses;
}
} }

1
webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScripting.html
View File

@ -173,6 +173,7 @@
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<span id="quiz_id" data-quiz_id="cross_site_scripting"></span> <span id="quiz_id" data-quiz_id="cross_site_scripting"></span>
<link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}"/>
<script th:src="@{/js/quiz.js}" language="JavaScript"></script> <script th:src="@{/js/quiz.js}" language="JavaScript"></script>
<link rel="import" type="application/json" th:href="@{/lesson_js/questions.json}"/> <link rel="import" type="application/json" th:href="@{/lesson_js/questions.json}"/>
<div class="adoc-content" th:replace="doc:CrossSiteScripting_quiz.adoc"></div> <div class="adoc-content" th:replace="doc:CrossSiteScripting_quiz.adoc"></div>