dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added macro for asciidoc to produce the WebWolf link dynamically depending on configuration

Browse Source
This commit is contained in:
nbaars 2018-01-15 20:56:59 +01:00
parent dec55d52ca
commit 2cc6c232e2
4 changed files with 68 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
View File

@ -34,6 +34,8 @@ import com.google.common.collect.Maps;
import com.google.common.collect.Sets; import com.google.common.collect.Sets;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.asciidoctor.Asciidoctor; import org.asciidoctor.Asciidoctor;
import org.asciidoctor.extension.JavaExtensionRegistry;
import org.owasp.webgoat.asciidoc.WebWolfMacro;
import org.owasp.webgoat.i18n.Language; import org.owasp.webgoat.i18n.Language;
import org.thymeleaf.TemplateProcessingParameters; import org.thymeleaf.TemplateProcessingParameters;
import org.thymeleaf.resourceresolver.IResourceResolver; import org.thymeleaf.resourceresolver.IResourceResolver;
@ -82,6 +84,9 @@ public class AsciiDoctorTemplateResolver extends TemplateResolver {
return new ByteArrayInputStream(new byte[0]); return new ByteArrayInputStream(new byte[0]);
} else { } else {
StringWriter writer = new StringWriter(); StringWriter writer = new StringWriter();
JavaExtensionRegistry extensionRegistry = asciidoctor.javaExtensionRegistry();
extensionRegistry.inlineMacro("webWolfLink", WebWolfMacro.class);
asciidoctor.convert(new InputStreamReader(is), writer, createAttributes()); asciidoctor.convert(new InputStreamReader(is), writer, createAttributes());
return new ByteArrayInputStream(writer.getBuffer().toString().getBytes(UTF_8)); return new ByteArrayInputStream(writer.getBuffer().toString().getBytes(UTF_8));
} }

25
webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/EnvironmentExposure.java Normal file
View File

@ -0,0 +1,25 @@
package org.owasp.webgoat.asciidoc;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
/**
* Make environment available in the asciidoc code (which you cannot inject because it is handled by the framework)
*/
@Component
public class EnvironmentExposure implements ApplicationContextAware {
private static ApplicationContext context;
public static Environment getEnv() {
return context.getEnvironment();
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
context = applicationContext;
}
}

36
webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java Normal file
View File

@ -0,0 +1,36 @@
package org.owasp.webgoat.asciidoc;
import org.asciidoctor.ast.AbstractBlock;
import org.asciidoctor.extension.InlineMacroProcessor;
import org.springframework.core.env.Environment;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.util.Map;
public class WebWolfMacro extends InlineMacroProcessor {
public WebWolfMacro(String macroName, Map<String, Object> config) {
super(macroName, config);
}
@Override
protected String process(AbstractBlock parent, String target, Map<String, Object> attributes) {
Environment env = EnvironmentExposure.getEnv();
String hostname = determineHost(env.getProperty("webwolf.host"), env.getProperty("webwolf.port"));
return "<a href=\"" + hostname + "\" target=\"_blank\">" + target + "</a>";
}
/**
* Look at the remote address from received from the browser first. This way it will also work if you run
* the browser in a Docker container and WebGoat on your local machine.
*/
private String determineHost(String host, String port) {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
String ip = request.getRemoteAddr();
String hostname = StringUtils.hasText(ip) ? ip : host;
return "http://" + hostname + ":" + port + "/WebWolf";
}
}

4
webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc
View File

@ -27,5 +27,5 @@ docker pull webwolf/webwolf-8.0
docker run -it 8081:8081 /home/webwolf/run.sh docker run -it 8081:8081 /home/webwolf/run.sh
``` ```
This will start the application on port 8081, in your browser type: `http://localhost:8081/WebWolf` This will start the application on port 8081, click webWolfLink:here[] to open WebWolf.
You will be redirected to the login page where you need to login with your WebGoat username and password First thing you need to do is register a new user within WebWolf.