From a63bf006d620996f3fbd95b231c9cfba0911d534 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Sun, 16 Apr 2017 07:52:30 +0200
Subject: [PATCH] Language of the browser not english will crash WebGoat during
 loading of the asciidoc. This is due to the fact we always presume the lesson
 plan is available in the browser language. It now falls back to 'en' whenever
 the lesson cannot be found with the language obtained from the browser.

---
 .../webgoat/AsciiDoctorTemplateResolver.java    | 17 +++++++++++------
 .../org/owasp/webgoat/MvcConfiguration.java     |  3 +--
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java b/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
index a54baf21e..0a0148b58 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
@@ -54,11 +54,9 @@ public class AsciiDoctorTemplateResolver extends TemplateResolver {
 
     private static final Asciidoctor asciidoctor = create();
     private static final String PREFIX = "doc:";
-    private final File pluginTargetDirectory;
     private final Language language;
 
-    public AsciiDoctorTemplateResolver(File pluginTargetDirectory, Language language) {
-        this.pluginTargetDirectory = pluginTargetDirectory;
+    public AsciiDoctorTemplateResolver(Language language) {
         this.language = language;
 
         setResourceResolver(new AdocResourceResolver());
@@ -75,7 +73,7 @@ public class AsciiDoctorTemplateResolver extends TemplateResolver {
 
         @Override
         public InputStream getResourceAsStream(TemplateProcessingParameters params, String resourceName) {
-            InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(computeResourceName(resourceName));
+            InputStream is = readInputStreamOrFallbackToEnglish(resourceName, language);
             try {
                 StringWriter writer = new StringWriter();
                 asciidoctor.convert(new InputStreamReader(is), writer, createAttributes());
@@ -90,10 +88,17 @@ public class AsciiDoctorTemplateResolver extends TemplateResolver {
          * The resource name is for example HttpBasics_content1.adoc. This is always located in the following directory:
          * <code>plugin/HttpBasics/lessonPlans/en/HttpBasics_content1.adoc</code>
          */
-        private String computeResourceName(String resourceName) {
-            return String.format("lessonPlans/%s/%s", language.getLocale().getLanguage(), resourceName);
+        private String computeResourceName(String resourceName, String language) {
+            return String.format("lessonPlans/%s/%s", language, resourceName);
         }
 
+        private InputStream readInputStreamOrFallbackToEnglish(String resourceName, Language language) {
+            InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(computeResourceName(resourceName, language.getLocale().getLanguage()));
+            if (is == null) {
+                is = Thread.currentThread().getContextClassLoader().getResourceAsStream(computeResourceName(resourceName, "en"));
+            }
+            return is;
+        }
 
         private Map<String, Object> createAttributes() {
             Map<String, Object> attributes = Maps.newHashMap();
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
index b119beaab..514492360 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
@@ -95,7 +95,7 @@ public class MvcConfiguration extends WebMvcConfigurerAdapter {
 
     @Bean
     public AsciiDoctorTemplateResolver asciiDoctorTemplateResolver(Language language) {
-        AsciiDoctorTemplateResolver resolver = new AsciiDoctorTemplateResolver(pluginTargetDirectory, language);
+        AsciiDoctorTemplateResolver resolver = new AsciiDoctorTemplateResolver(language);
         resolver.setCacheable(false);
         resolver.setOrder(3);
         return resolver;
@@ -120,7 +120,6 @@ public class MvcConfiguration extends WebMvcConfigurerAdapter {
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
         registry.addResourceHandler("/plugin_lessons/**").addResourceLocations("file:///" + pluginTargetDirectory.toString() + "/");
-        //registry.addResourceHandler("/images/**").addResourceLocations("classpath:/plugin/VulnerableComponents/images/");
         registry.addResourceHandler("/images/**").addResourceLocations("classpath:/images/");
         registry.addResourceHandler("/lesson_js/**").addResourceLocations("classpath:/js/");
         registry.addResourceHandler("/lesson_css/**").addResourceLocations("classpath:/css/");