dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

secure password assignment first draft

Browse Source
This commit is contained in:
PhilippeSteinbach 2018-12-03 15:53:21 +01:00 committed by Nanne Baars
parent 30b2c8b4d6
commit 49e0f75fb5
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswordsAssignment.java
View File

@ -1,11 +1,11 @@
package org.owasp.webgoat.plugin; package org.owasp.webgoat.plugin;
import com.nulabinc.zxcvbn.Feedback; import com.nulabinc.zxcvbn.Feedback;
import com.nulabinc.zxcvbn.Strength; import com.nulabinc.zxcvbn.Strength;
import com.nulabinc.zxcvbn.Zxcvbn; import com.nulabinc.zxcvbn.Zxcvbn;
import org.jruby.RubyProcess; import org.jruby.RubyProcess;
import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentHints;
import org.owasp.webgoat.assignments.AssignmentPath; import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.assignments.AttackResult;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
@ -22,12 +22,12 @@ import java.text.DecimalFormatSymbols;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Locale; import java.util.Locale;
import java.util.ResourceBundle;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
@AssignmentPath("SecurePasswords/assignment") @AssignmentPath("SecurePasswords/assignment")
//@AssignmentHints(value = {"xss-mitigation-3-hint1", "xss-mitigation-3-hint2", "xss-mitigation-3-hint3", "xss-mitigation-3-hint4"})
public class SecurePasswordsAssignment extends AssignmentEndpoint { public class SecurePasswordsAssignment extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST) @RequestMapping(method = RequestMethod.POST)
@ -60,6 +60,8 @@ public class SecurePasswordsAssignment extends AssignmentEndpoint {
for(String sug: strength.getFeedback().getSuggestions()) output.append("<li>"+sug+"</li>"); for(String sug: strength.getFeedback().getSuggestions()) output.append("<li>"+sug+"</li>");
output.append("</ul></br>"); output.append("</ul></br>");
} }
output.append("<b>Score: </b>" + strength.getScore()+ "/5 </br>");
output.append("<b>Estimated cracking time in seconds: </b>" + calculateTime((long) strength.getCrackTimeSeconds().getOnlineNoThrottling10perSecond()));
if(strength.getScore() >= 4) if(strength.getScore() >= 4)
return trackProgress(success().feedback("securepassword-success").output(output.toString()).build()); return trackProgress(success().feedback("securepassword-success").output(output.toString()).build());