From 59076fc9ef21091788be9a03c0990e1e6703bbc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Zubcevic?= Date: Fri, 20 Dec 2019 19:21:50 +0100 Subject: [PATCH] adjusted WebWolfMacro --- .../owasp/webgoat/asciidoc/WebWolfMacro.java | 19 +++++++++++---- .../org/owasp/webgoat/IntegrationTest.java | 24 +++++++++++++++++-- .../webgoat/PasswordResetLessonTest.java | 4 +++- 3 files changed, 39 insertions(+), 8 deletions(-) diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java b/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java index 82ea258f4..28572c26b 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java @@ -38,14 +38,23 @@ public class WebWolfMacro extends InlineMacroProcessor { } /** - * Look at the remote address from received from the browser first. This way it will also work if you run - * the browser in a Docker container and WebGoat on your local machine. + * Determine the host from the hostname and ports that were used. + * The purpose is to make it possible to use the application behind a reverse proxy. For instance in the docker + * compose/stack version with webgoat webwolf and nginx proxy. + * You do not have to use the indicated hostname, but if you do, you should define two hosts aliases + * 127.0.0.1 www.webgoat.local www.webwolf.locaal */ private String determineHost(String host, String port) { HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest(); - String ip = request.getRemoteAddr(); - String hostname = StringUtils.hasText(ip) ? ip : host; - return "http://" + hostname + ":" + port + (includeWebWolfContext() ? "/WebWolf" : ""); + host = request.getHeader("Host"); + int semicolonIndex = host.indexOf(":"); + if (semicolonIndex==-1 || host.endsWith(":80")) { + host = host.replace(":80", "").replace("www.webgoat.local", "www.webwolf.local"); + } else { + host = host.substring(0, semicolonIndex); + host = host.concat(":").concat(port); + } + return "http://" + host + (includeWebWolfContext() ? "/WebWolf" : ""); } protected boolean includeWebWolfContext() { diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java index 4d1c41bd5..128116aa5 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java +++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java @@ -22,8 +22,19 @@ public abstract class IntegrationTest { protected static int WG_PORT = 8080; protected static int WW_PORT = 9090; - private static String WEBGOAT_URL = "http://127.0.0.1:" + WG_PORT + "/WebGoat/"; - private static String WEBWOLF_URL = "http://127.0.0.1:" + WW_PORT + "/"; + private static String WEBGOAT_HOSTNAME = "127.0.0.1";//"www.webgoat.local"; + private static String WEBWOLF_HOSTNAME = "127.0.0.1";//"www.webwolf.local"; + + /* + * To test docker compose/stack solution: + * add localhost settings in hosts file: 127.0.0.1 www.webgoat.local www.webwolf.local + * Then set the above values to the specified host names and set the port to 80 + */ + + private static String WEBGOAT_HOSTHEADER = WEBGOAT_HOSTNAME +":"+WG_PORT; + private static String WEBWOLF_HOSTHEADER = WEBWOLF_HOSTNAME +":"+WW_PORT; + private static String WEBGOAT_URL = "http://" + WEBGOAT_HOSTHEADER + "/WebGoat/"; + private static String WEBWOLF_URL = "http://" + WEBWOLF_HOSTHEADER + "/"; private static boolean WG_SSL = false;//enable this if you want to run the test on ssl @Getter @@ -178,6 +189,7 @@ public abstract class IntegrationTest { .formParams(params) .post(url) .then() + .log().all() .statusCode(200) .extract().path("lessonCompleted"), CoreMatchers.is(expectedResult)); } @@ -277,6 +289,14 @@ public abstract class IntegrationTest { result = result.replace("%20", " "); return result; } + + /** + * In order to facilitate tests with + * @return + */ + public String getWebWolfHostHeader() { + return WEBWOLF_HOSTHEADER; + } } diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java index 9cfb21dde..b0a6f576b 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java +++ b/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java @@ -46,6 +46,7 @@ public class PasswordResetLessonTest extends IntegrationTest { .formParams("resetLink", link, "password", "123456") .post(url("PasswordReset/reset/change-password")) .then() + .log().all() .statusCode(200); } @@ -56,6 +57,7 @@ public class PasswordResetLessonTest extends IntegrationTest { .cookie("WEBWOLFSESSION", getWebWolfCookie()) .get(webWolfUrl("WebWolf/requests")) .then() + .log().all() .extract().response().getBody().asString(); int startIndex = responseBody.lastIndexOf("/PasswordReset/reset/reset-password/"); var link = responseBody.substring(startIndex + "/PasswordReset/reset/reset-password/".length(), responseBody.indexOf(",", startIndex) - 1); @@ -65,7 +67,7 @@ public class PasswordResetLessonTest extends IntegrationTest { private void clickForgotEmailLink(String user) { RestAssured.given() .when() - .header("host", "localhost:9090") + .header("host", getWebWolfHostHeader()) .relaxedHTTPSValidation() .cookie("JSESSIONID", getWebGoatCookie()) .formParams("email", user)