dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adjusted WebWolfMacro

Browse Source
This commit is contained in:
René Zubcevic
2019-12-20 19:21:50 +01:00
committed by Nanne Baars
parent b6aa677594
commit 59076fc9ef
3 changed files with 39 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java
View File

@ -38,14 +38,23 @@ public class WebWolfMacro extends InlineMacroProcessor {
} }
/** /**
* Look at the remote address from received from the browser first. This way it will also work if you run * Determine the host from the hostname and ports that were used.
* the browser in a Docker container and WebGoat on your local machine. * The purpose is to make it possible to use the application behind a reverse proxy. For instance in the docker
* compose/stack version with webgoat webwolf and nginx proxy.
* You do not have to use the indicated hostname, but if you do, you should define two hosts aliases
* 127.0.0.1 www.webgoat.local www.webwolf.locaal
*/ */
private String determineHost(String host, String port) { private String determineHost(String host, String port) {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest(); HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
String ip = request.getRemoteAddr(); host = request.getHeader("Host");
String hostname = StringUtils.hasText(ip) ? ip : host; int semicolonIndex = host.indexOf(":");
return "http://" + hostname + ":" + port + (includeWebWolfContext() ? "/WebWolf" : ""); if (semicolonIndex==-1 || host.endsWith(":80")) {
host = host.replace(":80", "").replace("www.webgoat.local", "www.webwolf.local");
} else {
host = host.substring(0, semicolonIndex);
host = host.concat(":").concat(port);
}
return "http://" + host + (includeWebWolfContext() ? "/WebWolf" : "");
} }
protected boolean includeWebWolfContext() { protected boolean includeWebWolfContext() {

24
webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java
View File

@ -22,8 +22,19 @@ public abstract class IntegrationTest {
protected static int WG_PORT = 8080; protected static int WG_PORT = 8080;
protected static int WW_PORT = 9090; protected static int WW_PORT = 9090;
private static String WEBGOAT_URL = "http://127.0.0.1:" + WG_PORT + "/WebGoat/"; private static String WEBGOAT_HOSTNAME = "127.0.0.1";//"www.webgoat.local";
private static String WEBWOLF_URL = "http://127.0.0.1:" + WW_PORT + "/"; private static String WEBWOLF_HOSTNAME = "127.0.0.1";//"www.webwolf.local";
/*
* To test docker compose/stack solution:
* add localhost settings in hosts file: 127.0.0.1 www.webgoat.local www.webwolf.local
* Then set the above values to the specified host names and set the port to 80
*/
private static String WEBGOAT_HOSTHEADER = WEBGOAT_HOSTNAME +":"+WG_PORT;
private static String WEBWOLF_HOSTHEADER = WEBWOLF_HOSTNAME +":"+WW_PORT;
private static String WEBGOAT_URL = "http://" + WEBGOAT_HOSTHEADER + "/WebGoat/";
private static String WEBWOLF_URL = "http://" + WEBWOLF_HOSTHEADER + "/";
private static boolean WG_SSL = false;//enable this if you want to run the test on ssl private static boolean WG_SSL = false;//enable this if you want to run the test on ssl
@Getter @Getter
@ -178,6 +189,7 @@ public abstract class IntegrationTest {
.formParams(params) .formParams(params)
.post(url) .post(url)
.then() .then()
.log().all()
.statusCode(200) .statusCode(200)
.extract().path("lessonCompleted"), CoreMatchers.is(expectedResult)); .extract().path("lessonCompleted"), CoreMatchers.is(expectedResult));
} }
@ -278,5 +290,13 @@ public abstract class IntegrationTest {
return result; return result;
} }
/**
* In order to facilitate tests with
* @return
*/
public String getWebWolfHostHeader() {
return WEBWOLF_HOSTHEADER;
}
} }

4
webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java
View File

@ -46,6 +46,7 @@ public class PasswordResetLessonTest extends IntegrationTest {
.formParams("resetLink", link, "password", "123456") .formParams("resetLink", link, "password", "123456")
.post(url("PasswordReset/reset/change-password")) .post(url("PasswordReset/reset/change-password"))
.then() .then()
.log().all()
.statusCode(200); .statusCode(200);
} }
@ -56,6 +57,7 @@ public class PasswordResetLessonTest extends IntegrationTest {
.cookie("WEBWOLFSESSION", getWebWolfCookie()) .cookie("WEBWOLFSESSION", getWebWolfCookie())
.get(webWolfUrl("WebWolf/requests")) .get(webWolfUrl("WebWolf/requests"))
.then() .then()
.log().all()
.extract().response().getBody().asString(); .extract().response().getBody().asString();
int startIndex = responseBody.lastIndexOf("/PasswordReset/reset/reset-password/"); int startIndex = responseBody.lastIndexOf("/PasswordReset/reset/reset-password/");
var link = responseBody.substring(startIndex + "/PasswordReset/reset/reset-password/".length(), responseBody.indexOf(",", startIndex) - 1); var link = responseBody.substring(startIndex + "/PasswordReset/reset/reset-password/".length(), responseBody.indexOf(",", startIndex) - 1);
@ -65,7 +67,7 @@ public class PasswordResetLessonTest extends IntegrationTest {
private void clickForgotEmailLink(String user) { private void clickForgotEmailLink(String user) {
RestAssured.given() RestAssured.given()
.when() .when()
.header("host", "localhost:9090") .header("host", getWebWolfHostHeader())
.relaxedHTTPSValidation() .relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie()) .cookie("JSESSIONID", getWebGoatCookie())
.formParams("email", user) .formParams("email", user)