dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merging changes from Daniel back into the Spring Boot structure

Browse Source 
- different js location
  - Fixed label debugging which kept on reloading and reloading the lesson
  - Changes from .jsp merged into .html
This commit is contained in:
Nanne Baars 2016-04-09 15:40:53 +02:00
parent a8ea4a16e6
commit 576333af7c
14 changed files with 31 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
View File

@ -11,6 +11,7 @@ import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.session.WebgoatContext; import org.owasp.webgoat.session.WebgoatContext;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.core.io.ClassPathResource;
import javax.servlet.ServletContext; import javax.servlet.ServletContext;
import javax.servlet.ServletException; import javax.servlet.ServletException;
@ -249,7 +250,7 @@ public class HammerHead extends HttpServlet {
logger.info("Initializing main webgoat servlet"); logger.info("Initializing main webgoat servlet");
httpDateFormat = new SimpleDateFormat("EEE, dd MMM yyyyy HH:mm:ss z", Locale.US); httpDateFormat = new SimpleDateFormat("EEE, dd MMM yyyyy HH:mm:ss z", Locale.US);
httpDateFormat.setTimeZone(TimeZone.getTimeZone("GMT")); httpDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
propertiesPath = getServletContext().getRealPath("/WEB-INF/webgoat.properties"); propertiesPath = new ClassPathResource("/WEB-INF/webgoat.properties").getPath();
} }
/** /**

10
webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java
View File

@ -29,9 +29,6 @@
*/ */
package org.owasp.webgoat.service; package org.owasp.webgoat.service;
import java.util.HashMap;
import java.util.Map;
import org.owasp.webgoat.session.LabelDebugger; import org.owasp.webgoat.session.LabelDebugger;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -44,6 +41,9 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import java.util.HashMap;
import java.util.Map;
/** /**
* <p>LabelDebugService class.</p> * <p>LabelDebugService class.</p>
* *
@ -73,7 +73,7 @@ public class LabelDebugService extends BaseService {
ResponseEntity<Map<String, Object>> checkDebuggingStatus() { ResponseEntity<Map<String, Object>> checkDebuggingStatus() {
logger.debug("Checking label debugging, it is " + labelDebugger.isEnabled()); // FIXME parameterize logger.debug("Checking label debugging, it is " + labelDebugger.isEnabled()); // FIXME parameterize
Map<String, Object> result = createResponse(labelDebugger.isEnabled()); Map<String, Object> result = createResponse(labelDebugger.isEnabled());
return new ResponseEntity<Map<String, Object>>(result, HttpStatus.OK); return new ResponseEntity<>(result, HttpStatus.OK);
} }
/** /**
@ -88,7 +88,7 @@ public class LabelDebugService extends BaseService {
logger.debug("Setting label debugging to " + labelDebugger.isEnabled()); // FIXME parameterize logger.debug("Setting label debugging to " + labelDebugger.isEnabled()); // FIXME parameterize
Map<String, Object> result = createResponse(enabled); Map<String, Object> result = createResponse(enabled);
labelDebugger.setEnabled(enabled); labelDebugger.setEnabled(enabled);
return new ResponseEntity<Map<String, Object>>(result, HttpStatus.OK); return new ResponseEntity<>(result, HttpStatus.OK);
} }
/** /**

15
webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java
View File

@ -29,13 +29,6 @@
*/ */
package org.owasp.webgoat.service; package org.owasp.webgoat.service;
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpSession;
import org.owasp.webgoat.plugins.PluginsLoader;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -46,6 +39,10 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpSession;
import java.util.HashMap;
import java.util.Map;
/** /**
* <p>PluginReloadService class.</p> * <p>PluginReloadService class.</p>
* *
@ -71,12 +68,12 @@ public class PluginReloadService extends BaseService {
logger.debug("Loading plugins into cache"); logger.debug("Loading plugins into cache");
String pluginPath = session.getServletContext().getRealPath("plugin_lessons"); String pluginPath = session.getServletContext().getRealPath("plugin_lessons");
String targetPath = session.getServletContext().getRealPath("plugin_extracted"); String targetPath = session.getServletContext().getRealPath("plugin_extracted");
new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).copyJars(); //new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).copyJars();
webSession.getCourse().loadLessonFromPlugin(session.getServletContext()); webSession.getCourse().loadLessonFromPlugin(session.getServletContext());
Map<String, Object> result = new HashMap<String, Object>(); Map<String, Object> result = new HashMap<String, Object>();
result.put("success", true); result.put("success", true);
result.put("message", "Plugins reloaded"); result.put("message", "Plugins reloaded");
return new ResponseEntity<Map<String, Object>>(result, HttpStatus.OK); return new ResponseEntity<>(result, HttpStatus.OK);
} }
} }

2
webgoat-container/src/main/resources/application.properties
View File

@ -5,7 +5,7 @@
#server.jsp-servlet.registered=true #server.jsp-servlet.registered=true
server.error.include-stacktrace=always server.error.include-stacktrace=always
logging.level.org.springframework=DEBUG logging.level.org.springframework=INFO
logging.level.org.hibernate=ERROR logging.level.org.hibernate=ERROR
spring.thymeleaf.cache=false spring.thymeleaf.cache=false
security.enable-csrf=false security.enable-csrf=false

5
webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js
View File

@ -11,6 +11,7 @@ define(['jquery',
'goatApp/view/CookieView', 'goatApp/view/CookieView',
'goatApp/view/ParamView', 'goatApp/view/ParamView',
'goatApp/model/ParamModel', 'goatApp/model/ParamModel',
'goatApp/view/DeveloperControlsView',
'goatApp/support/GoatUtils', 'goatApp/support/GoatUtils',
'goatApp/view/UserAndInfoView', 'goatApp/view/UserAndInfoView',
'goatApp/view/MenuButtonView', 'goatApp/view/MenuButtonView',
@ -32,6 +33,7 @@ define(['jquery',
CookieView, CookieView,
ParamView, ParamView,
ParamModel, ParamModel,
DeveloperControlsView,
GoatUtils, GoatUtils,
UserAndInfoView, UserAndInfoView,
MenuButtonView, MenuButtonView,
@ -49,6 +51,7 @@ define(['jquery',
this.lessonProgressModel = new LessonProgressModel(); this.lessonProgressModel = new LessonProgressModel();
this.lessonProgressView = new LessonProgressView(this.lessonProgressModel); this.lessonProgressView = new LessonProgressView(this.lessonProgressModel);
this.lessonView = options.lessonView; this.lessonView = options.lessonView;
this.developerControlsView = new DeveloperControlsView();
_.extend(Controller.prototype,Backbone.Events); _.extend(Controller.prototype,Backbone.Events);
@ -103,6 +106,7 @@ define(['jquery',
this.listenTo(this.helpControlsView,'hints:show',this.onShowHints) this.listenTo(this.helpControlsView,'hints:show',this.onShowHints)
this.listenTo(this.helpControlsView,'source:show',this.hideShowHelps); this.listenTo(this.helpControlsView,'source:show',this.hideShowHelps);
this.listenTo(this.helpControlsView,'lesson:restart',this.restartLesson); this.listenTo(this.helpControlsView,'lesson:restart',this.restartLesson);
this.listenTo(this.developerControlsView, 'dev:labels', this.restartLesson);
this.helpControlsView.render(); this.helpControlsView.render();
@ -124,6 +128,7 @@ define(['jquery',
this.lessonHintView = new HintView(); this.lessonHintView = new HintView();
this.cookieView = new CookieView(); this.cookieView = new CookieView();
//TODO: instantiate model with values (not sure why was not working before) //TODO: instantiate model with values (not sure why was not working before)
var paramModel = new ParamModel({}); var paramModel = new ParamModel({});
paramModel.set('scrParam',this.lessonContent.get('scrParam')); paramModel.set('scrParam',this.lessonContent.get('scrParam'));

2
webgoat-container/src/main/resources/static/js/goatApp/view/DeveloperControlsView.js
View File

@ -24,7 +24,7 @@ function(
onLabelsLoaded: function(model) { onLabelsLoaded: function(model) {
this.models[1] = model; this.models[1] = model;
this.render(); this.render();
Backbone.history.loadUrl(Backbone.history.getFragment()); this.trigger('dev:labels')
}, },
initialize: function(options) { initialize: function(options) {

11
webgoat-container/src/main/resources/templates/main_new.html
View File

@ -41,7 +41,7 @@
<header id="header"> <header id="header">
<!--logo start--> <!--logo start-->
<div class="brand"> <div class="brand">
<a href="${pageContext.request.contextPath}/start.mvc" class="logo"><span>Web</span>Goat</a> <a href="${pageContext.request.contextPath}/welcome.mvc" class="logo"><span>Web</span>Goat</a>
</div> </div>
<!--logo end--> <!--logo end-->
<div class="toggle-navigation toggle-left"> <div class="toggle-navigation toggle-left">
@ -66,6 +66,8 @@
<li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">Role: ${role}</a> <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">Role: ${role}</a>
</li> </li>
<li role="presentation" class="divider"></li> <li role="presentation" class="divider"></li>
<li role="presentation"><a role="menuitem" tabindex="-1" href="#developer-controls">Show developer
controls</a></li>
<li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">${version}</a> <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">${version}</a>
</li> </li>
<li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">Build: <li role="presentation" class="disabled"><a role="menuitem" tabindex="-1" href="#">Build:
@ -150,6 +152,13 @@
<h4>Params</h4> <h4>Params</h4>
</div> </div>
</div> </div>
<div align="left">
<h3>Developer controls</h3>
</div>
<hr />
<div id="developer-controls">
</div>
</div> </div>
</div> </div>
</div> </div>

2
webgoat-container/src/main/resources/webgoat.properties
View File

@ -6,7 +6,7 @@
# lesson.BlindScript.hidden=true; # lesson.BlindScript.hidden=true;
# #
# These lesson need to be refactored # These lesson need to be refactored
lesson.BasicAuthentication.hidden=true lesson.BasicAuthentication.hidden=false
lesson.BlindScript.hidden=true lesson.BlindScript.hidden=true
lesson.RemoteAdminFlaw.hidden=true lesson.RemoteAdminFlaw.hidden=true
lesson.HttpSplitting.hidden=true lesson.HttpSplitting.hidden=true

18
webgoat-container/src/main/webapp/WEB-INF/webgoat.properties
View File

@ -1,18 +0,0 @@
#lesson.BufferOverflow.hidden=true
#
#
# Hide lessons using name of source file,
# For Example: BlindScript.java
# lesson.BlindScript.hidden=true;
#
# These lesson need to be refactored
lesson.BasicAuthentication.hidden=true
lesson.BlindScript.hidden=true
lesson.RemoteAdminFlaw.hidden=true
lesson.HttpSplitting.hidden=true
lesson.SameOriginPolicyProtection.hidden=true
lesson.SilentTransactions.hidden=true
lesson.TraceXSS.hidden=true
lesson.DBSQLInjection.hidden=true
lesson.DBCrossSiteScripting.hidden=true
lesson.ForcedBrowsing.hidden=true

39
webgoat-container/src/main/webapp/js/goatApp/model/LabelDebugModel.js
View File

@ -1,39 +0,0 @@
define([
'backbone'],
function(
Backbone) {
return Backbone.Model.extend({
id: 'label-status',
url: 'service/debug/labels.mvc',
label: '',
labels: {
enable: 'Enable label debugging',
disable: 'Disable label debugging'
},
initialize: function() {
this.load();
},
fetch: function(options) {
options || (options = {});
var data = (options.data || {});
if(this.enabled != undefined) {
options.data = { enabled: !this.enabled };
}
return Backbone.Collection.prototype.fetch.call(this, options);
},
load: function () {
this.fetch().then(this.labelStatusLoaded.bind(this));
},
labelStatusLoaded: function(data) {
this.enabled = data.enabled;
this.label = this.enabled ? this.labels['disable'] : this.labels['enable'];
this.trigger('plugins:loaded', this, data);
}
});
});

13
webgoat-container/src/main/webapp/js/goatApp/model/LessonProgressModel.js
View File

@ -1,13 +0,0 @@
define(['jquery',
'underscore',
'backbone'],
function ($,
_,
Backbone) {
return Backbone.Model.extend({
url: 'service/lessonprogress.mvc',
completed: function () {
this.fetch();
}
});
});

19
webgoat-container/src/main/webapp/js/goatApp/model/PluginReloadModel.js
View File

@ -1,19 +0,0 @@
define([
'backbone'],
function(
Backbone) {
return Backbone.Model.extend({
url: 'service/reloadplugins.mvc',
id: 'reload-plugins',
label: 'Reload plugins',
load: function () {
this.fetch().then(this.pluginsLoaded.bind(this));
},
pluginsLoaded: function(data) {
this.trigger('plugins:loaded', this, data);
}
});
});

77
webgoat-container/src/main/webapp/js/goatApp/view/DeveloperControlsView.js
View File

@ -1,77 +0,0 @@
define(['jquery',
'underscore',
'backbone',
'goatApp/model/PluginReloadModel',
'goatApp/model/LabelDebugModel'],
function(
$,
_,
Backbone,
PluginReloadModel,
LabelDebugModel) {
return Backbone.View.extend({
el: '#developer-controls',
onControlClick: function(model) {
$('#' + model.id).find('td').text('Loading...');
model.load();
},
onPluginsLoaded: function(model) {
window.location.href = 'welcome.mvc';
},
onLabelsLoaded: function(model) {
this.models[1] = model;
this.render();
Backbone.history.loadUrl(Backbone.history.getFragment());
},
initialize: function(options) {
this.addMenuListener();
this.models = [new PluginReloadModel(), new LabelDebugModel()];
this.listenTo(this.models[0], 'plugins:loaded', this.onPluginsLoaded);
this.listenTo(this.models[1], 'plugins:loaded', this.onLabelsLoaded);
this.render();
},
addMenuListener: function() {
var showHandler = function(e) {
e.preventDefault();
$('#developer-control-container').show();
$(this).text('Hide developer controls').off().on('click', hideHandler);
};
var hideHandler = function(e) {
e.preventDefault();
$('#developer-control-container').hide();
$(this).text('Show developer controls').off().on('click', showHandler);
};
$('a[href="#developer-controls"]').click(showHandler);
},
render: function() {
this.$el.html('');
var table = $('<table>',{'class':'developer-controls-table table-nonfluid'});
var self = this;
_.each(this.models, function(model) {
var newRow = $('<tr>', { id: model.id });
var headerCell = $('<th>')
var statusCell = $('<td>')
var link = $('<a>', {
'text': model.label,
'title': model.label
});
link.click(_.bind(self.onControlClick, self, model));
newRow.append(headerCell.append(link));
newRow.append(statusCell);
table.append(newRow);
});
this.$el.append(table);
}
});
});

26
webgoat-container/src/main/webapp/js/goatApp/view/LessonProgressView.js
View File

@ -1,26 +0,0 @@
define(['jquery',
'underscore',
'backbone',
'goatApp/model/LessonProgressModel'],
function ($,
_,
Backbone,
LessonProgressModel) {
return Backbone.View.extend({
el: '#lesson-progress',
initialize: function (lessonProgressModel) {
this.model = lessonProgressModel;
if (this.model) {
this.listenTo(this.model, 'change', this.render);
}
},
render: function () {
if (this.model.get("lessonCompleted")) {
this.$el.html(this.model.get('successMessage'));
} else {
this.$el.html("");
}
}
});
});