dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merging from upstream

Browse Source 
Merge remote-tracking branch 'upstream/master'
This commit is contained in:
Jason White 2015-05-07 18:15:47 -04:00
commit 33dc855da7
10 changed files with 85 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
pom.xml
View File

@ -3,7 +3,7 @@
<name>WebGoat</name> <name>WebGoat</name>
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<groupId>org.owasp.webgoat</groupId> <groupId>org.owasp.webgoat</groupId>
<artifactId>WebGoat-Container</artifactId> <artifactId>webgoat-container</artifactId>
<packaging>war</packaging> <packaging>war</packaging>
<version>6.1.0</version> <version>6.1.0</version>
@ -37,6 +37,7 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId> <artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration> <configuration>
<source>1.7</source> <source>1.7</source>
<target>1.7</target> <target>1.7</target>
@ -46,15 +47,15 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId> <artifactId>maven-war-plugin</artifactId>
<version>2.4</version>
<configuration> <configuration>
<!-- archiving the classes breaks the admin screen loads in course.java <!-- archiving the classes breaks the admin screen loads in course.java
the legacy lesson loader does not look in jar files for lessons --> the legacy lesson loader does not look in jar files for lessons -->
<archiveClasses>false</archiveClasses> <archiveClasses>false</archiveClasses>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
</manifest>
<archive> <archive>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
</manifest>
<manifestEntries> <manifestEntries>
<Specification-Title>${project.name}</Specification-Title> <Specification-Title>${project.name}</Specification-Title>
<Specification-Version>${project.version}</Specification-Version> <Specification-Version>${project.version}</Specification-Version>
@ -64,15 +65,31 @@
</configuration> </configuration>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId>
<artifactId>maven-jar-plugin</artifactId> <version>2.6</version>
<configuration>
<attachClasses>true</attachClasses>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>build-helper-maven-plugin</artifactId>
<version>1.7</version>
<executions> <executions>
<execution> <execution>
<id>create-jar</id> <id>attach-artifacts</id>
<phase>compile</phase> <phase>package</phase>
<goals> <goals>
<goal>jar</goal> <goal>attach-artifact</goal>
</goals> </goals>
<configuration>
<artifacts>
<artifact>
<file>${project.build.directory}/WebGoat-Container-${project.version}-classes.jar</file>
<type>classes-jar</type>
</artifact>
</artifacts>
</configuration>
</execution> </execution>
</executions> </executions>
</plugin> </plugin>
@ -94,7 +111,7 @@
<phase>package</phase> <phase>package</phase>
</execution> </execution>
</executions> </executions>
</plugin> </plugin>
</plugins> </plugins>
</build> </build>
@ -190,7 +207,7 @@
<artifactId>log4j</artifactId> <artifactId>log4j</artifactId>
<version>1.2.17</version> <version>1.2.17</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>wsdl4j</groupId> <groupId>wsdl4j</groupId>
<artifactId>wsdl4j</artifactId> <artifactId>wsdl4j</artifactId>
@ -239,7 +256,7 @@
<artifactId>spring-core</artifactId> <artifactId>spring-core</artifactId>
<version>${org.springframework.version}</version> <version>${org.springframework.version}</version>
</dependency> </dependency>
<!-- Jackson --> <!-- Jackson -->
<dependency> <dependency>
<groupId>com.fasterxml.jackson.core</groupId> <groupId>com.fasterxml.jackson.core</groupId>
@ -354,8 +371,9 @@
<version>1.7.7</version> <version>1.7.7</version>
<type>jar</type> <type>jar</type>
</dependency> </dependency>
<!-- ************* END spring MVC and related dependencies ************** -->
</dependencies> </dependencies>
<!-- ************* END spring MVC and related dependencies ************** -->
</project> </project>

1
src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
View File

@ -161,6 +161,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* Gets the credits attribute of the AbstractLesson object * Gets the credits attribute of the AbstractLesson object
* *
* @deprecated - Credits have moved to the about page
* @return The credits value * @return The credits value
*/ */
public abstract Element getCredits(); public abstract Element getCredits();

2
src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
View File

@ -140,6 +140,8 @@ public abstract class LessonAdapter extends AbstractLesson {
/** /**
* Gets the credits attribute of the AbstractLesson object * Gets the credits attribute of the AbstractLesson object
* *
* @deprecated Credits are in the about page. This method s no
* longer called from WebGoat
* @return The credits value * @return The credits value
*/ */
public Element getCredits() { public Element getCredits() {

5
src/main/java/org/owasp/webgoat/lessons/WelcomeScreen.java
View File

@ -112,11 +112,6 @@ public class WelcomeScreen extends Screen
return (ec); return (ec);
} }
public Element getCredits()
{
return new ElementContainer();
}
/** /**
* Gets the instructions attribute of the WelcomeScreen object * Gets the instructions attribute of the WelcomeScreen object
* *

37
src/main/java/org/owasp/webgoat/plugins/Plugin.java
View File

@ -50,27 +50,24 @@ public class Plugin {
} }
public void loadClasses(Map<String, byte[]> classes) { public void loadClasses(Map<String, byte[]> classes) {
ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
PluginClassLoader pluginClassLoader = new PluginClassLoader(contextClassLoader);
for (Map.Entry<String, byte[]> clazz : classes.entrySet()) { for (Map.Entry<String, byte[]> clazz : classes.entrySet()) {
loadClass(clazz.getKey(), clazz.getValue()); loadClass(pluginClassLoader, clazz.getKey(), clazz.getValue());
} }
if (lesson == null) { if (lesson == null) {
throw new PluginLoadingFailure(String throw new PluginLoadingFailure(String
.format("Lesson class not found, following classes were detected in the plugin: %s", .format("Lesson class not found, following classes were detected in the plugin: %s",
StringUtils.collectionToCommaDelimitedString(classes.keySet()))); StringUtils.collectionToCommaDelimitedString(classes.keySet())));
} }
} }
private void loadClass(String name, byte[] classFile) { private void loadClass(PluginClassLoader pluginClassLoader, String name, byte[] classFile) {
ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader(); String realClassName = name.replaceFirst("/", "").replaceAll("/", ".").replaceAll(".class", "");
PluginClassLoader pluginClassLoader = new PluginClassLoader(contextClassLoader, name, classFile);
try { Class clazz = pluginClassLoader.loadClass(realClassName, classFile);
String realClassName = name.replaceFirst("/", "").replaceAll("/", ".").replaceAll(".class", ""); if (AbstractLesson.class.isAssignableFrom(clazz)) {
Class clazz = pluginClassLoader.loadClass(realClassName); this.lesson = clazz;
if (AbstractLesson.class.isAssignableFrom(clazz)) {
this.lesson = clazz;
}
} catch (ClassNotFoundException e) {
logger.error("Unable to load class {}", name);
} }
} }
@ -97,7 +94,7 @@ public class Plugin {
Files.copy(file, bos); Files.copy(file, bos);
Path propertiesPath = createPropertiesDirectory(); Path propertiesPath = createPropertiesDirectory();
ResourceBundleClassLoader.setPropertiesPath(propertiesPath); ResourceBundleClassLoader.setPropertiesPath(propertiesPath);
if ( reload ) { if (reload) {
Files.write(propertiesPath.resolve(file.getFileName()), bos.toByteArray(), CREATE, APPEND); Files.write(propertiesPath.resolve(file.getFileName()), bos.toByteArray(), CREATE, APPEND);
} else { } else {
Files.write(propertiesPath.resolve(file.getFileName()), bos.toByteArray(), CREATE, TRUNCATE_EXISTING); Files.write(propertiesPath.resolve(file.getFileName()), bos.toByteArray(), CREATE, TRUNCATE_EXISTING);
@ -117,8 +114,14 @@ public class Plugin {
public void rewritePaths(Path pluginTarget) { public void rewritePaths(Path pluginTarget) {
try { try {
PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files", pluginTarget.getFileName().toString() + "/plugin/" + this.lesson.getSimpleName() + "/lessonSolutions/en/" + this.lesson.getSimpleName() + "_files", solutionLanguageFiles.values()); PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files",
PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files", pluginTarget.getFileName().toString() + "/plugin/" + this.lesson.getSimpleName() + "/lessonPlans/en/" + this.lesson.getSimpleName() + "_files", lessonPlansLanguageFiles.values()); pluginTarget.getFileName().toString() + "/plugin/" + this.lesson
.getSimpleName() + "/lessonSolutions/en/" + this.lesson.getSimpleName() + "_files",
solutionLanguageFiles.values());
PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files",
pluginTarget.getFileName().toString() + "/plugin/" + this.lesson
.getSimpleName() + "/lessonPlans/en/" + this.lesson.getSimpleName() + "_files",
lessonPlansLanguageFiles.values());
} catch (IOException e) { } catch (IOException e) {
throw new PluginLoadingFailure("Unable to rewrite the paths in the solutions", e); throw new PluginLoadingFailure("Unable to rewrite the paths in the solutions", e);
} }

34
src/main/java/org/owasp/webgoat/plugins/PluginClassLoader.java
View File

@ -1,22 +1,42 @@
package org.owasp.webgoat.plugins; package org.owasp.webgoat.plugins;
import com.google.common.base.Optional;
import com.google.common.base.Predicate;
import com.google.common.collect.FluentIterable;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import java.util.ArrayList;
import java.util.List;
public class PluginClassLoader extends ClassLoader { public class PluginClassLoader extends ClassLoader {
private final List<Class<?>> classes = new ArrayList<>();
private final Logger logger = LoggerFactory.getLogger(Plugin.class); private final Logger logger = LoggerFactory.getLogger(Plugin.class);
private final byte[] classFile;
public PluginClassLoader(ClassLoader parent, String nameOfClass, byte[] classFile) { public Class<?> loadClass(String nameOfClass, byte[] classFile) {
super(parent); Class<?> clazz = defineClass(nameOfClass, classFile, 0, classFile.length);
logger.debug("Creating class loader for {}", nameOfClass); classes.add(clazz);
this.classFile = classFile; return clazz;
} }
public Class findClass(String name) { public PluginClassLoader(ClassLoader contextClassLoader) {
super(contextClassLoader);
}
public Class findClass(final String name) throws ClassNotFoundException {
logger.debug("Finding class " + name); logger.debug("Finding class " + name);
return defineClass(name, classFile, 0, classFile.length); Optional<Class<?>> foundClass = FluentIterable.from(classes)
.firstMatch(new Predicate<Class<?>>() {
@Override
public boolean apply(Class<?> clazz) {
return clazz.getName().equals(name);
}
});
if (foundClass.isPresent()) {
return foundClass.get();
}
throw new ClassNotFoundException("Class " + name + " not found");
} }
} }

2
src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
View File

@ -43,7 +43,7 @@ public class PluginsLoader implements Runnable {
plugins.add(plugin); plugins.add(plugin);
} }
} catch (Plugin.PluginLoadingFailure e) { } catch (Plugin.PluginLoadingFailure e) {
logger.error("Unable to load plugin, continue loading others..."); logger.error("Unable to load plugin, continue loading others...", e);
} }
return FileVisitResult.CONTINUE; return FileVisitResult.CONTINUE;
} }

5
src/main/java/org/owasp/webgoat/session/ErrorScreen.java
View File

@ -209,11 +209,6 @@ public class ErrorScreen extends Screen
return (new Small().addElement(list)); return (new Small().addElement(list));
} }
public Element getCredits()
{
return new ElementContainer();
}
/** /**
* Description of the Method * Description of the Method
* *

6
src/main/java/org/owasp/webgoat/session/Screen.java
View File

@ -79,12 +79,6 @@ public abstract class Screen {
*/ */
protected abstract Element createContent(WebSession s); protected abstract Element createContent(WebSession s);
/**
* Gets the credits attribute of the Screen object
*
* @return The credits value
*/
public abstract Element getCredits();
/** /**
* Creates a new lessonTracker object. * Creates a new lessonTracker object.

3
src/main/webapp/main.jsp
View File

@ -278,9 +278,6 @@
<% <%
} }
%> %>
<div id="credits">
<% out.println(currentLesson.getCredits());%>
</div>
</div> </div>
</div> </div>