From 2cc6c232e2a3bad0410d64d42a6652860ded71a6 Mon Sep 17 00:00:00 2001 From: nbaars Date: Mon, 15 Jan 2018 20:56:59 +0100 Subject: [PATCH] Added macro for asciidoc to produce the WebWolf link dynamically depending on configuration --- .../webgoat/AsciiDoctorTemplateResolver.java | 5 +++ .../webgoat/asciidoc/EnvironmentExposure.java | 25 +++++++++++++ .../owasp/webgoat/asciidoc/WebWolfMacro.java | 36 +++++++++++++++++++ .../lessonPlans/en/IntroductionWebWolf.adoc | 4 +-- 4 files changed, 68 insertions(+), 2 deletions(-) create mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/EnvironmentExposure.java create mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java b/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java index 8510906f5..7bb02b98d 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java @@ -34,6 +34,8 @@ import com.google.common.collect.Maps; import com.google.common.collect.Sets; import lombok.extern.slf4j.Slf4j; import org.asciidoctor.Asciidoctor; +import org.asciidoctor.extension.JavaExtensionRegistry; +import org.owasp.webgoat.asciidoc.WebWolfMacro; import org.owasp.webgoat.i18n.Language; import org.thymeleaf.TemplateProcessingParameters; import org.thymeleaf.resourceresolver.IResourceResolver; @@ -82,6 +84,9 @@ public class AsciiDoctorTemplateResolver extends TemplateResolver { return new ByteArrayInputStream(new byte[0]); } else { StringWriter writer = new StringWriter(); + JavaExtensionRegistry extensionRegistry = asciidoctor.javaExtensionRegistry(); + extensionRegistry.inlineMacro("webWolfLink", WebWolfMacro.class); + asciidoctor.convert(new InputStreamReader(is), writer, createAttributes()); return new ByteArrayInputStream(writer.getBuffer().toString().getBytes(UTF_8)); } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/EnvironmentExposure.java b/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/EnvironmentExposure.java new file mode 100644 index 000000000..141740523 --- /dev/null +++ b/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/EnvironmentExposure.java @@ -0,0 +1,25 @@ +package org.owasp.webgoat.asciidoc; + +import org.springframework.beans.BeansException; +import org.springframework.context.ApplicationContext; +import org.springframework.context.ApplicationContextAware; +import org.springframework.core.env.Environment; +import org.springframework.stereotype.Component; + +/** + * Make environment available in the asciidoc code (which you cannot inject because it is handled by the framework) + */ +@Component +public class EnvironmentExposure implements ApplicationContextAware { + + private static ApplicationContext context; + + public static Environment getEnv() { + return context.getEnvironment(); + } + + @Override + public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { + context = applicationContext; + } +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java b/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java new file mode 100644 index 000000000..88b2ab5fb --- /dev/null +++ b/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java @@ -0,0 +1,36 @@ +package org.owasp.webgoat.asciidoc; + +import org.asciidoctor.ast.AbstractBlock; +import org.asciidoctor.extension.InlineMacroProcessor; +import org.springframework.core.env.Environment; +import org.springframework.util.StringUtils; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import javax.servlet.http.HttpServletRequest; +import java.util.Map; + +public class WebWolfMacro extends InlineMacroProcessor { + + public WebWolfMacro(String macroName, Map config) { + super(macroName, config); + } + + @Override + protected String process(AbstractBlock parent, String target, Map attributes) { + Environment env = EnvironmentExposure.getEnv(); + String hostname = determineHost(env.getProperty("webwolf.host"), env.getProperty("webwolf.port")); + return "" + target + ""; + } + + /** + * Look at the remote address from received from the browser first. This way it will also work if you run + * the browser in a Docker container and WebGoat on your local machine. + */ + private String determineHost(String host, String port) { + HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest(); + String ip = request.getRemoteAddr(); + String hostname = StringUtils.hasText(ip) ? ip : host; + return "http://" + hostname + ":" + port + "/WebWolf"; + } +} diff --git a/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc b/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc index 16f5bafc2..37ee96c81 100644 --- a/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc +++ b/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc @@ -27,5 +27,5 @@ docker pull webwolf/webwolf-8.0 docker run -it 8081:8081 /home/webwolf/run.sh ``` -This will start the application on port 8081, in your browser type: `http://localhost:8081/WebWolf` -You will be redirected to the login page where you need to login with your WebGoat username and password \ No newline at end of file +This will start the application on port 8081, click webWolfLink:here[] to open WebWolf. +First thing you need to do is register a new user within WebWolf. \ No newline at end of file