dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merging from upstream

Browse Source 
Merge remote-tracking branch 'upstream/master'
This commit is contained in:
Jason White
2015-05-07 18:15:47 -04:00
parent 7a5c8083f5 717f4a3258
commit 33dc855da7
10 changed files with 85 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
pom.xml
View File

@ -3,7 +3,7 @@
<name>WebGoat</name>
<modelVersion>4.0.0</modelVersion>
<groupId>org.owasp.webgoat</groupId>
<artifactId>WebGoat-Container</artifactId>
<artifactId>webgoat-container</artifactId>
<packaging>war</packaging>
<version>6.1.0</version>
@ -37,6 +37,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
@ -46,15 +47,15 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.4</version>
<configuration>
<!-- archiving the classes breaks the admin screen loads in course.java
the legacy lesson loader does not look in jar files for lessons -->
<archiveClasses>false</archiveClasses>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
</manifest>
<archive>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
</manifest>
<manifestEntries>
<Specification-Title>${project.name}</Specification-Title>
<Specification-Version>${project.version}</Specification-Version>
@ -64,15 +65,31 @@
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
<configuration>
<attachClasses>true</attachClasses>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>build-helper-maven-plugin</artifactId>
<version>1.7</version>
<executions>
<execution>
<id>create-jar</id>
<phase>compile</phase>
<id>attach-artifacts</id>
<phase>package</phase>
<goals>
<goal>jar</goal>
<goal>attach-artifact</goal>
</goals>
<configuration>
<artifacts>
<artifact>
<file>${project.build.directory}/WebGoat-Container-${project.version}-classes.jar</file>
<type>classes-jar</type>
</artifact>
</artifacts>
</configuration>
</execution>
</executions>
</plugin>
@ -354,8 +371,9 @@
<version>1.7.7</version>
<type>jar</type>
</dependency>
<!-- ************* END spring MVC and related dependencies ************** -->
</dependencies>
<!-- ************* END spring MVC and related dependencies ************** -->
</project>

1
src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
View File

@ -161,6 +161,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/**
* Gets the credits attribute of the AbstractLesson object
*
* @deprecated - Credits have moved to the about page
* @return The credits value
*/
public abstract Element getCredits();

2
src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
View File

@ -140,6 +140,8 @@ public abstract class LessonAdapter extends AbstractLesson {
/**
* Gets the credits attribute of the AbstractLesson object
*
* @deprecated Credits are in the about page. This method s no
* longer called from WebGoat
* @return The credits value
*/
public Element getCredits() {

5
src/main/java/org/owasp/webgoat/lessons/WelcomeScreen.java
View File

@ -112,11 +112,6 @@ public class WelcomeScreen extends Screen
return (ec);
}
public Element getCredits()
{
return new ElementContainer();
}
/**
* Gets the instructions attribute of the WelcomeScreen object
*

37
src/main/java/org/owasp/webgoat/plugins/Plugin.java
View File

@ -50,27 +50,24 @@ public class Plugin {
}
public void loadClasses(Map<String, byte[]> classes) {
ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
PluginClassLoader pluginClassLoader = new PluginClassLoader(contextClassLoader);
for (Map.Entry<String, byte[]> clazz : classes.entrySet()) {
loadClass(clazz.getKey(), clazz.getValue());
loadClass(pluginClassLoader, clazz.getKey(), clazz.getValue());
}
if (lesson == null) {
throw new PluginLoadingFailure(String
.format("Lesson class not found, following classes were detected in the plugin: %s",
StringUtils.collectionToCommaDelimitedString(classes.keySet())));
.format("Lesson class not found, following classes were detected in the plugin: %s",
StringUtils.collectionToCommaDelimitedString(classes.keySet())));
}
}
private void loadClass(String name, byte[] classFile) {
ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
PluginClassLoader pluginClassLoader = new PluginClassLoader(contextClassLoader, name, classFile);
try {
String realClassName = name.replaceFirst("/", "").replaceAll("/", ".").replaceAll(".class", "");
Class clazz = pluginClassLoader.loadClass(realClassName);
if (AbstractLesson.class.isAssignableFrom(clazz)) {
this.lesson = clazz;
}
} catch (ClassNotFoundException e) {
logger.error("Unable to load class {}", name);
private void loadClass(PluginClassLoader pluginClassLoader, String name, byte[] classFile) {
String realClassName = name.replaceFirst("/", "").replaceAll("/", ".").replaceAll(".class", "");
Class clazz = pluginClassLoader.loadClass(realClassName, classFile);
if (AbstractLesson.class.isAssignableFrom(clazz)) {
this.lesson = clazz;
}
}
@ -97,7 +94,7 @@ public class Plugin {
Files.copy(file, bos);
Path propertiesPath = createPropertiesDirectory();
ResourceBundleClassLoader.setPropertiesPath(propertiesPath);
if ( reload ) {
if (reload) {
Files.write(propertiesPath.resolve(file.getFileName()), bos.toByteArray(), CREATE, APPEND);
} else {
Files.write(propertiesPath.resolve(file.getFileName()), bos.toByteArray(), CREATE, TRUNCATE_EXISTING);
@ -117,8 +114,14 @@ public class Plugin {
public void rewritePaths(Path pluginTarget) {
try {
PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files", pluginTarget.getFileName().toString() + "/plugin/" + this.lesson.getSimpleName() + "/lessonSolutions/en/" + this.lesson.getSimpleName() + "_files", solutionLanguageFiles.values());
PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files", pluginTarget.getFileName().toString() + "/plugin/" + this.lesson.getSimpleName() + "/lessonPlans/en/" + this.lesson.getSimpleName() + "_files", lessonPlansLanguageFiles.values());
PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files",
pluginTarget.getFileName().toString() + "/plugin/" + this.lesson
.getSimpleName() + "/lessonSolutions/en/" + this.lesson.getSimpleName() + "_files",
solutionLanguageFiles.values());
PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files",
pluginTarget.getFileName().toString() + "/plugin/" + this.lesson
.getSimpleName() + "/lessonPlans/en/" + this.lesson.getSimpleName() + "_files",
lessonPlansLanguageFiles.values());
} catch (IOException e) {
throw new PluginLoadingFailure("Unable to rewrite the paths in the solutions", e);
}

34
src/main/java/org/owasp/webgoat/plugins/PluginClassLoader.java
View File

@ -1,22 +1,42 @@
package org.owasp.webgoat.plugins;
import com.google.common.base.Optional;
import com.google.common.base.Predicate;
import com.google.common.collect.FluentIterable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.ArrayList;
import java.util.List;
public class PluginClassLoader extends ClassLoader {
private final List<Class<?>> classes = new ArrayList<>();
private final Logger logger = LoggerFactory.getLogger(Plugin.class);
private final byte[] classFile;
public PluginClassLoader(ClassLoader parent, String nameOfClass, byte[] classFile) {
super(parent);
logger.debug("Creating class loader for {}", nameOfClass);
this.classFile = classFile;
public Class<?> loadClass(String nameOfClass, byte[] classFile) {
Class<?> clazz = defineClass(nameOfClass, classFile, 0, classFile.length);
classes.add(clazz);
return clazz;
}
public Class findClass(String name) {
public PluginClassLoader(ClassLoader contextClassLoader) {
super(contextClassLoader);
}
public Class findClass(final String name) throws ClassNotFoundException {
logger.debug("Finding class " + name);
return defineClass(name, classFile, 0, classFile.length);
Optional<Class<?>> foundClass = FluentIterable.from(classes)
.firstMatch(new Predicate<Class<?>>() {
@Override
public boolean apply(Class<?> clazz) {
return clazz.getName().equals(name);
}
});
if (foundClass.isPresent()) {
return foundClass.get();
}
throw new ClassNotFoundException("Class " + name + " not found");
}
}

2
src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
View File

@ -43,7 +43,7 @@ public class PluginsLoader implements Runnable {
plugins.add(plugin);
}
} catch (Plugin.PluginLoadingFailure e) {
logger.error("Unable to load plugin, continue loading others...");
logger.error("Unable to load plugin, continue loading others...", e);
}
return FileVisitResult.CONTINUE;
}

5
src/main/java/org/owasp/webgoat/session/ErrorScreen.java
View File

@ -209,11 +209,6 @@ public class ErrorScreen extends Screen
return (new Small().addElement(list));
}
public Element getCredits()
{
return new ElementContainer();
}
/**
* Description of the Method
*

6
src/main/java/org/owasp/webgoat/session/Screen.java
View File

@ -79,12 +79,6 @@ public abstract class Screen {
*/
protected abstract Element createContent(WebSession s);
/**
* Gets the credits attribute of the Screen object
*
* @return The credits value
*/
public abstract Element getCredits();
/**
* Creates a new lessonTracker object.

3
src/main/webapp/main.jsp
View File

@ -278,9 +278,6 @@
<%
}
%>
<div id="credits">
<% out.println(currentLesson.getCredits());%>
</div>
</div>
</div>