dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

show lesson solution

Browse Source
This commit is contained in:
lawson89@gmail.com 2014-08-27 21:59:29 -04:00
parent ff76644664
commit 5cf9b4752a
12 changed files with 238 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/main/java/org/owasp/webgoat/HammerHead.java
View File

@ -129,6 +129,7 @@ public class HammerHead extends HttpServlet {
// FIXME: If a response is written by updateSession(), do not // FIXME: If a response is written by updateSession(), do not
// call makeScreen() and writeScreen() // call makeScreen() and writeScreen()
mySession = updateSession(request, response, context); mySession = updateSession(request, response, context);
if (response.isCommitted()) { if (response.isCommitted()) {
logger.debug("Response already committed, exiting"); logger.debug("Response already committed, exiting");
return; return;

22
src/main/java/org/owasp/webgoat/service/CookieService.java
View File

@ -30,13 +30,16 @@
*/ */
package org.owasp.webgoat.service; package org.owasp.webgoat.service;
import java.util.Collections;
import java.util.List; import java.util.List;
import javax.servlet.http.Cookie; import javax.servlet.http.Cookie;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.owasp.webgoat.lessons.model.RequestParameter;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
/** /**
* *
@ -58,4 +61,23 @@ public class CookieService extends BaseService {
List<Cookie> cookies = ws.getCookiesOnLastRequest(); List<Cookie> cookies = ws.getCookiesOnLastRequest();
return cookies; return cookies;
} }
/**
* Returns cookies and params for current lesson
*
* @param session
* @return
*/
@RequestMapping(value = "/cookies_widget.mvc", produces = "text/html")
public ModelAndView showCookiesAndParamsAsHtml(HttpSession session) {
ModelAndView model = new ModelAndView();
WebSession ws = getWebSession(session);
List<Cookie> cookies = ws.getCookiesOnLastRequest();
List<RequestParameter> listParms = ws.getParmsOnLastRequest();
Collections.sort(listParms);
model.addObject("wgcookies", cookies);
model.addObject("wgparams", listParms);
model.setViewName("widgets/cookies_and_params");
return model;
}
} }

30
src/main/java/org/owasp/webgoat/service/HintService.java
View File

@ -14,6 +14,7 @@ import org.owasp.webgoat.session.WebSession;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
/** /**
* *
@ -53,4 +54,33 @@ public class HintService extends BaseService {
} }
return listHints; return listHints;
} }
@RequestMapping(value = "/hint_widget.mvc", produces = "text/html")
public
ModelAndView showHintsAsHtml(HttpSession session) {
ModelAndView model = new ModelAndView();
List<Hint> listHints = new ArrayList<Hint>();
model.addObject("hints", listHints);
WebSession ws = getWebSession(session);
AbstractLesson l = ws.getCurrentLesson();
if (l == null) {
return model;
}
List<String> hints;
hints = l.getHintsPublic(ws);
if (hints == null) {
return model;
}
int idx = 0;
for (String h : hints) {
Hint hint = new Hint();
hint.setHint(h);
hint.setLesson(l.getName());
hint.setNumber(idx);
listHints.add(hint);
idx++;
}
model.setViewName("widgets/hints");
return model;
}
} }

27
src/main/java/org/owasp/webgoat/service/LessonPlanService.java
View File

@ -54,14 +54,15 @@ public class LessonPlanService extends BaseService {
* @param session * @param session
* @return * @return
*/ */
@RequestMapping(value = "/lessonplan.mvc", produces = "application/json") @RequestMapping(value = "/lessonplan.mvc", produces = "application/html")
public @ResponseBody public @ResponseBody
SourceListing showSource(HttpSession session) { String showPlan(HttpSession session) {
WebSession ws = getWebSession(session); WebSession ws = getWebSession(session);
String source = getSource(ws); String plan = getPlan(ws);
SourceListing sl = new SourceListing(); return plan;
sl.setSource(source); //SourceListing sl = new SourceListing();
return sl; //sl.setSource(source);
//return sl;
} }
/** /**
@ -70,9 +71,9 @@ public class LessonPlanService extends BaseService {
* @param s Description of the Parameter * @param s Description of the Parameter
* @return Description of the Return Value * @return Description of the Return Value
*/ */
protected String getSource(WebSession s) { protected String getPlan(WebSession s) {
String source = null; String plan = null;
int scr = s.getCurrentScreen(); int scr = s.getCurrentScreen();
Course course = s.getCourse(); Course course = s.getCourse();
@ -81,14 +82,12 @@ public class LessonPlanService extends BaseService {
AbstractLesson lesson = course.getLesson(s, scr, AbstractLesson.USER_ROLE); AbstractLesson lesson = course.getLesson(s, scr, AbstractLesson.USER_ROLE);
if (lesson != null) { if (lesson != null) {
source = lesson.getRawSource(s); plan = lesson.getLessonPlan(s);
} }
} }
if (source == null) { if (plan == null) {
return "Source code is not available. Contact " plan = "Plan is not available for this lesson.";
+ s.getWebgoatContext().getFeedbackAddressHTML();
} }
return (source.replaceAll("(?s)" + START_SOURCE_SKIP + ".*" + END_SOURCE_SKIP, return plan;
"Code Section Deliberately Omitted"));
} }
} }

4
src/main/java/org/owasp/webgoat/service/ParameterService.java
View File

@ -33,7 +33,6 @@ package org.owasp.webgoat.service;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.owasp.webgoat.lessons.model.RequestParameter; import org.owasp.webgoat.lessons.model.RequestParameter;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
@ -61,9 +60,8 @@ public class ParameterService extends BaseService {
@RequestMapping(value = "/parameter.mvc", produces = "application/json") @RequestMapping(value = "/parameter.mvc", produces = "application/json")
public @ResponseBody public @ResponseBody
List<RequestParameter> showParameters(HttpSession session) { List<RequestParameter> showParameters(HttpSession session) {
List<RequestParameter> listParms = new ArrayList<RequestParameter>();
WebSession ws = getWebSession(session); WebSession ws = getWebSession(session);
listParms = ws.getParmsOnLastRequest(); List<RequestParameter> listParms = ws.getParmsOnLastRequest();
Collections.sort(listParms); Collections.sort(listParms);
return listParms; return listParms;
} }

18
src/main/java/org/owasp/webgoat/service/SourceService.java
View File

@ -34,7 +34,6 @@ import javax.servlet.http.HttpSession;
import static org.owasp.webgoat.LessonSource.END_SOURCE_SKIP; import static org.owasp.webgoat.LessonSource.END_SOURCE_SKIP;
import static org.owasp.webgoat.LessonSource.START_SOURCE_SKIP; import static org.owasp.webgoat.LessonSource.START_SOURCE_SKIP;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.model.SourceListing;
import org.owasp.webgoat.session.Course; import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
@ -54,14 +53,18 @@ public class SourceService extends BaseService {
* @param session * @param session
* @return * @return
*/ */
@RequestMapping(value = "/source.mvc", produces = "application/json") @RequestMapping(value = "/source.mvc", produces = "application/text")
public @ResponseBody public @ResponseBody
SourceListing showSource(HttpSession session) { String showSource(HttpSession session) {
WebSession ws = getWebSession(session); WebSession ws = getWebSession(session);
String source = getSource(ws); String source = getSource(ws);
SourceListing sl = new SourceListing(); if (source == null) {
sl.setSource(source); source = "No source listing found";
return sl; }
return source;
//SourceListing sl = new SourceListing();
//sl.setSource(source);
//return sl;
} }
/** /**
@ -85,8 +88,7 @@ public class SourceService extends BaseService {
} }
} }
if (source == null) { if (source == null) {
return "Source code is not available. Contact " return "Source code is not available for this lesson.";
+ s.getWebgoatContext().getFeedbackAddressHTML();
} }
return (source.replaceAll("(?s)" + START_SOURCE_SKIP + ".*" + END_SOURCE_SKIP, return (source.replaceAll("(?s)" + START_SOURCE_SKIP + ".*" + END_SOURCE_SKIP,
"Code Section Deliberately Omitted")); "Code Section Deliberately Omitted"));

86
src/main/webapp/WEB-INF/pages/main_new.jsp
View File

@ -117,7 +117,55 @@
</div> </div>
</div> </div>
</div> </div>
<div class="row" id="lesson_cookies_row">
<div class="col-md-12">
<h4>Lesson Parameters and Cookies</h4>
<div class="panel" >
<div class="panel-body" id="lesson_cookies">
</div>
</div>
</div>
</div>
<div class="row" id="lesson_hint_row">
<div class="col-md-12">
<h4>Lesson Hints</h4>
<div class="panel" >
<div class="panel-body" id="lesson_hint">
</div>
</div>
</div>
</div>
<div class="row" id="lesson_plan_row">
<div class="col-md-12">
<h4>Lesson Plan</h4>
<div class="panel" >
<div class="panel-body" id="lesson_plan">
</div>
</div>
</div>
</div>
<div class="row" id="lesson_solution_row">
<div class="col-md-12">
<h4>Lesson Solution</h4>
<div class="panel" >
<div class="panel-body" id="lesson_solution">
</div>
</div>
</div>
</div>
<div class="row" id="lesson_source_row">
<div class="col-md-12">
<h4>Lesson Source Code</h4>
<div class="panel" >
<div class="panel-body" id="lesson_source">
</div>
</div>
</div>
</div>
</section> </section>
</section> </section>
@ -140,6 +188,7 @@
event.preventDefault(); event.preventDefault();
$.get(this.href, {}, function(reply) { $.get(this.href, {}, function(reply) {
$("#lesson_content").html(reply); $("#lesson_content").html(reply);
goat.utils.showLessonSource();
}, "html"); }, "html");
}); });
app.init(); app.init();
@ -196,40 +245,13 @@
alert('status: ' + statusText + '\n\nresponseText: \n' + responseText + alert('status: ' + statusText + '\n\nresponseText: \n' + responseText +
'\n\nThe output div should have already been updated with the responseText.'); '\n\nThe output div should have already been updated with the responseText.');
} }
// JASON - SEE THIS HOOK
// update lesson cookies and params
// make any embedded forms ajaxy
goat.utils.showLessonCookiesAndParams();
goat.utils.makeFormsAjax(); goat.utils.makeFormsAjax();
} }
</script> </script>
</body> </body>
<!-- Modals -->
<script type="text/ng-template" id="showSource.html">
<div class="modal-header">
<button class="btn btn-primary pull-right" ng-click="ok()">Close</button>
<h3 class="modal-title">Lesson Source</h3>
</div>
<div class="modal-body">
<pre>{{lessonSource}}</pre>
</div>
<div class="modal-footer">
<button class="btn btn-primary" ng-click="ok()">Close</button>
</div>
</script>
<script type="text/ng-template" id="showSolution.html">
<div class="modal-header">
<button class="btn btn-primary pull-right" ng-click="ok()">Close</button>
<h3 class="modal-title">Lesson Solution</h3>
</div>
<div class="modal-body" ng-include="lessonSolutionUrl">
</div>
<div class="modal-footer">
<button class="btn btn-primary" ng-click="ok()">Close</button>
</div>
</script>
</html> </html>

39
src/main/webapp/WEB-INF/pages/widgets/cookies_and_params.jsp Normal file
View File

@ -0,0 +1,39 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%--
Document : hints
Created on : Aug 27, 2014, 3:41:46 PM
Author : rlawson
--%>
<%@page contentType="text/html" pageEncoding="windows-1252"%>
<div class="col-md-6">
<table class="table table-condensed table-striped">
<caption><span class="label label-default">Parameters</span></caption>
<thead>
<tr><th>Name</th><th>Value</th></tr>
</thead>
<tbody>
<c:forEach var="wgparam" items="${wgparams}" varStatus="status">
<tr><td><span class="label label-info">${wgparam.name}</span></td><td>${wgparam.value}</td></tr>
</c:forEach>
</tbody>
</table>
</div>
<div class="col-md-6">
<table class="table table-condensed table-striped">
<caption><span class="label label-default">Cookies</span></caption>
<thead>
<tr><th>Name</th><th>Value</th></tr>
</thead>
<tbody>
<c:forEach var="wgcookie" items="${wgcookies}" varStatus="status">
<tr><td><span class="label label-info">${wgcookie.name}</span></td><td>${wgcookie.value}</td></tr>
</c:forEach>
</tbody>
</table>
</div>

27
src/main/webapp/WEB-INF/pages/widgets/hints.jsp Normal file
View File

@ -0,0 +1,27 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%--
Document : hints
Created on : Aug 27, 2014, 3:41:46 PM
Author : rlawson
--%>
<%@page contentType="text/html" pageEncoding="windows-1252"%>
<div class="panel-group" id="accordion">
<c:forEach var="hint" items="${hints}" varStatus="status">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">
<a data-toggle="collapse" data-parent="#accordion" href="#collapse_${hint.number}">
Hint-${hint.number}
</a>
</h3>
</div>
<div id="collapse_${hint.number}" class="panel-collapse collapse">
<div class="panel-body">
${hint.hint}
</div>
</div>
</div>
</c:forEach>
</div>

68
src/main/webapp/js/goatControllers.js
View File

@ -31,65 +31,21 @@ goat.controller('goatLesson', function($scope, $http, $modal, $log, $templateCac
if ($('div.panel-body').height() > 400) { if ($('div.panel-body').height() > 400) {
$('#leftside-navigation').height($(window).height()); $('#leftside-navigation').height($(window).height());
} }
// hook into our pseudo service calls
// @TODO make these real services during phase 2
// show cookies and params
goat.utils.showLessonCookiesAndParams();
// show hints
goat.utils.showLessonHint();
// show plan
goat.utils.showLessonPlan();
// show solution
goat.utils.showLessonSolution();
// show source
goat.utils.showLessonSource();
} }
); );
}; };
//TODO: Move show Source into it's own angular controller
/*
* Function to load lesson source
* @returns {undefined}
*/
$scope.showSource = function(size) {
// fetch source from web service
$http.get('service/source.mvc').success(function(data) {
$scope.lessonSource = data.source;
$scope.openSourceModal(size);
}).error(function(data) {
$scope.lessonSource = data.message;
console.log("LessonSource = '" + data.message + "'");
$scope.openSourceModal(size);
});
};
$scope.openSourceModal = function(size) {
var modalInstance = $modal.open({
templateUrl: 'showSource.html',
controller: showSourceController,
size: size,
resolve: {
lessonSource: function() {
return $scope.lessonSource;
}
}
});
modalInstance.result.then(function() {
$log.info('Modal dismissed at: ' + new Date());
});
};
/*
* Function to load lesson solution
* @returns {undefined}
*/
$scope.showSolution = function(size) {
$scope.lessonSolutionUrl = "service/solution.mvc";
// clear the template cache otherwise we display stale lesson solutions
$templateCache.remove($scope.lessonSolutionUrl);
var modalInstance = $modal.open({
templateUrl: 'showSolution.html',
controller: showSolutionController,
size: size,
resolve: {
lessonSolutionUrl: function() {
return $scope.lessonSolutionUrl;
}
}
});
modalInstance.result.then(function() {
$log.info('Modal dismissed at: ' + new Date());
});
};
}).animation('.slideDown', function() { }).animation('.slideDown', function() {
var NgHideClassName = 'ng-hide'; var NgHideClassName = 'ng-hide';
return { return {

31
src/main/webapp/js/goatUtil.js
View File

@ -18,11 +18,36 @@ goat.utils = {
/**goatApp.extractLessonTitle /**goatApp.extractLessonTitle
*pulls lesson title from html fragment returned (looks for it in h1 element) *pulls lesson title from html fragment returned (looks for it in h1 element)
*@param - html rendered to object passed in *@param - html rendered to object passed in
*/ */
extractLessonTitle:function (el) { extractLessonTitle: function(el) {
var title = $('h1',el).text(); var title = $('h1', el).text();
return title; return title;
}, },
showLessonCookiesAndParams: function() {
$.get("service/cookies_widget.mvc", {}, function(reply) {
$("#lesson_cookies").html(reply);
}, "html");
},
showLessonHint: function() {
$.get("service/hint_widget.mvc", {}, function(reply) {
$("#lesson_hint").html(reply);
}, "html");
},
showLessonSource: function() {
$.get("service/source.mvc", {}, function(reply) {
$("#lesson_source").html(reply);
}, "html");
},
showLessonSolution: function() {
$.get("service/solution.mvc", {}, function(reply) {
$("#lesson_solution").html(reply);
}, "html");
},
showLessonPlan: function() {
$.get("service/lessonplan.mvc", {}, function(reply) {
$("#lesson_plan").html(reply);
}, "html");
}
}; };
// ### GLOBAL FUNCTIONS ## // // ### GLOBAL FUNCTIONS ## //

14
src/main/webapp/lesson_content.jsp
View File

@ -1,6 +1,7 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java" <%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.Category, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.util.*, java.util.*" import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.Category, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.util.*, java.util.*"
errorPage="" %> errorPage="" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<% <%
WebSession webSession = ((WebSession) session.getAttribute(WebSession.SESSION)); WebSession webSession = ((WebSession) session.getAttribute(WebSession.SESSION));
Course course = webSession.getCourse(); Course course = webSession.getCourse();
@ -11,19 +12,6 @@
<!-- HTML fragment correpsonding to the lesson content --> <!-- HTML fragment correpsonding to the lesson content -->
<%@page import="org.owasp.webgoat.lessons.RandomLessonAdapter"%> <%@page import="org.owasp.webgoat.lessons.RandomLessonAdapter"%>
<!--
<link rel="stylesheet" href="css/webgoat.css" type="text/css" />
<link rel="stylesheet" href="css/lesson.css" type="text/css" />
<link rel="stylesheet" href="css/menu.css" type="text/css" />
<link rel="stylesheet" href="css/layers.css" type="text/css" />
<script language="JavaScript1.2" src="javascript/javascript.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/menu_system.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/lessonNav.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/makeWindow.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/toggle.js" type="text/javascript"></script>
-->
<div id="lessonContent"> <div id="lessonContent">
<% <%
AbstractLesson lesson = webSession.getCurrentLesson(); AbstractLesson lesson = webSession.getCurrentLesson();