dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Travis now builds Docker and create a Github release.

Browse Source 
Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
This commit is contained in:
Nanne Baars
2017-10-13 23:30:22 +02:00
parent 50543a9b55
commit 3ee1a1ca16
43 changed files with 291 additions and 453 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Email.java Normal file
View File

@ -0,0 +1,22 @@
package org.owasp.webgoat.plugin;
import lombok.Builder;
import lombok.Data;
import java.io.Serializable;
import java.time.LocalDateTime;
/**
* @author nbaars
* @since 8/20/17.
*/
@Builder
@Data
public class Email implements Serializable {
private LocalDateTime time;
private String contents;
private String sender;
private String title;
private String recipient;
}

13
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge7/Assignment7.java
View File

@ -5,16 +5,17 @@ import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.mail.IncomingMailEvent;
import org.owasp.webgoat.plugin.Email;
import org.owasp.webgoat.plugin.SolutionConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.jms.core.JmsTemplate;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.client.RestTemplate;
import javax.servlet.http.HttpServletRequest;
import java.net.URI;
@ -43,7 +44,9 @@ public class Assignment7 extends AssignmentEndpoint {
"Kind regards, \nTeam WebGoat";
@Autowired
private JmsTemplate jmsTemplate;
private RestTemplate restTemplate;
@Value("${webworf.url.mail}")
private String webWolfMailURL;
@GetMapping("/reset-password/{link}")
public ResponseEntity<String> resetPassword(@PathVariable(value = "link") String link) {
@ -62,13 +65,13 @@ public class Assignment7 extends AssignmentEndpoint {
String username = email.substring(0, email.indexOf("@"));
if (StringUtils.hasText(username)) {
URI uri = new URI(request.getRequestURL().toString());
IncomingMailEvent mail = IncomingMailEvent.builder()
Email mail = Email.builder()
.title("Your password reset link for challenge 7")
.contents(String.format(TEMPLATE, uri.getScheme() + "://" + uri.getHost(), new PasswordResetLink().createPasswordReset(username, "webgoat")))
.sender("password-reset@webgoat-cloud.net")
.recipient(username)
.time(LocalDateTime.now()).build();
jmsTemplate.convertAndSend("mailbox", mail);
restTemplate.postForEntity(webWolfMailURL, mail, Object.class);
}
}
return success().feedback("email.send").feedbackArgs(email).build();

12
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge9/Assignment9.java
View File

@ -7,14 +7,14 @@ import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.mail.IncomingMailEvent;
import org.owasp.webgoat.plugin.Email;
import org.owasp.webgoat.users.UserRepository;
import org.owasp.webgoat.users.WebGoatUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.jms.core.JmsTemplate;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.validation.BindingResult;
@ -53,9 +53,11 @@ public class Assignment9 extends AssignmentEndpoint {
"Kind regards, \nTeam WebGoat";
@Autowired
private JmsTemplate jmsTemplate;
private RestTemplate restTemplate;
@Autowired
private UserRepository userRepository;
@Value("${webwolf.url}")
private String webWolfURL;
@RequestMapping(method = POST, value = "/create-password-reset-link")
@ResponseBody
@ -79,13 +81,13 @@ public class Assignment9 extends AssignmentEndpoint {
WebGoatUser webGoatUser = userRepository.findByUsername(email.substring(0, email.indexOf("@")));
if (webGoatUser != null) {
username = webGoatUser.getUsername();
IncomingMailEvent mail = IncomingMailEvent.builder()
Email mail = Email.builder()
.title("Your password reset link for challenge 9")
.contents(String.format(TEMPLATE, host, resetLink))
.sender("password-reset@webgoat-cloud.net")
.recipient(username)
.time(LocalDateTime.now()).build();
jmsTemplate.convertAndSend("mailbox", mail);
restTemplate.postForEntity(webWolfURL + "/WebWolf/mail", mail, Object.class);
}
}

10
webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/MissingFunctionACUsers.java
View File

@ -1,13 +1,13 @@
package org.owasp.webgoat.plugin;
import com.sun.corba.se.spi.activation.EndPointInfo;
import org.owasp.webgoat.assignments.*;
import org.owasp.webgoat.session.UserSessionData;
import org.owasp.webgoat.users.UserService;
import org.owasp.webgoat.users.WebGoatUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
@ -26,7 +26,7 @@ public class MissingFunctionACUsers {
@Autowired
private UserService userService;
@RequestMapping(path = {"users", "/"}, method = RequestMethod.GET)
@RequestMapping(path = {"users"}, method = RequestMethod.GET)
public ModelAndView listUsers(HttpServletRequest request) {
ModelAndView model = new ModelAndView();

18
webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/plugin/Email.java Normal file
View File

@ -0,0 +1,18 @@
package org.owasp.webgoat.plugin;
import lombok.Builder;
import lombok.Data;
import java.io.Serializable;
import java.time.LocalDateTime;
@Builder
@Data
public class Email implements Serializable {
private LocalDateTime time;
private String contents;
private String sender;
private String title;
private String recipient;
}

19
webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/plugin/MailAssignment.java
View File

@ -1,15 +1,14 @@
package org.owasp.webgoat.plugin;
import lombok.AllArgsConstructor;
import org.apache.commons.lang3.StringUtils;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.mail.IncomingMailEvent;
import org.springframework.jms.core.JmsTemplate;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.client.RestTemplate;
import java.time.LocalDateTime;
@ -18,29 +17,33 @@ import java.time.LocalDateTime;
* @since 8/20/17.
*/
@AssignmentPath("/WebWolf/mail")
@AllArgsConstructor
public class MailAssignment extends AssignmentEndpoint {
private JmsTemplate jmsTemplate;
private final String webWolfURL;
private RestTemplate restTemplate;
public MailAssignment(RestTemplate restTemplate, @Value("${webwolf.url}") String webWolfURL) {
this.restTemplate = restTemplate;
this.webWolfURL = webWolfURL;
}
@PostMapping("send")
@ResponseBody
public AttackResult sendEmail(@RequestParam String email) {
String username = email.substring(0, email.indexOf("@"));
if (username.equals(getWebSession().getUserName())) {
IncomingMailEvent mailEvent = IncomingMailEvent.builder()
Email mailEvent = Email.builder()
.recipient(username)
.title("Test messages from WebWolf")
.time(LocalDateTime.now())
.contents("This is a test message from WebWolf, your unique code is" + StringUtils.reverse(username))
.sender("webgoat@owasp.org")
.build();
jmsTemplate.convertAndSend("mailbox", mailEvent);
restTemplate.postForEntity(webWolfURL + "/WebWolf/mail", mailEvent, Object.class);
return informationMessage().feedback("webwolf.email_send").feedbackArgs(email).build();
} else {
return informationMessage().feedback("webwolf.email_mismatch").feedbackArgs(username).build();
}
}
@PostMapping

7
webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/Introduction.adoc
View File

@ -17,5 +17,12 @@ are not using the Docker image you will need to download the jar file and start
java -jar webwolf-<<version>>.jar
```
WebWolf is also available as a Docker container:
```
docker pull webwolf/webwolf-8.0
docker run -it 8081:8081 /home/webwolf/run.sh
```
This will start the application on port 8081, in your browser type: `http://localhost:8081/WebWolf`
You will be redirected to the login page where you need to login with your WebGoat username and password