diff --git a/src/main/java/org/owasp/webgoat/plugins/Plugin.java b/src/main/java/org/owasp/webgoat/plugins/Plugin.java index e56c67e50..77827910f 100644 --- a/src/main/java/org/owasp/webgoat/plugins/Plugin.java +++ b/src/main/java/org/owasp/webgoat/plugins/Plugin.java @@ -10,6 +10,7 @@ import java.io.File; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; +import java.nio.file.Paths; import java.nio.file.StandardOpenOption; import java.util.HashMap; import java.util.List; @@ -112,6 +113,21 @@ public class Plugin { } } + public void rewritePaths(Path pluginTarget) { + try { + for (Map.Entry html : solutionLanguageFiles.entrySet()) { + byte[] htmlFileAsBytes = Files.readAllBytes(Paths.get(html.getValue().toURI())); + String htmlFile = new String(htmlFileAsBytes); + htmlFile = htmlFile.replaceAll(this.lesson.getSimpleName() + "_files", pluginTarget.getFileName().toString() + "/lessons/plugin/SqlStringInjection/lessonSolutions/en/" + this.lesson.getSimpleName() + "_files"); + Files.write(Paths.get(html.getValue().toURI()), htmlFile.getBytes(), StandardOpenOption.CREATE, + StandardOpenOption.TRUNCATE_EXISTING); + } + } catch (IOException e) { + throw new PluginLoadingFailure("Unable to rewrite the paths in the solutions", e); + } + } + + public Class getLesson() { return lesson; } diff --git a/src/main/java/org/owasp/webgoat/plugins/PluginBackgroundLoader.java b/src/main/java/org/owasp/webgoat/plugins/PluginBackgroundLoader.java index 6649fbcbb..e2d59002f 100644 --- a/src/main/java/org/owasp/webgoat/plugins/PluginBackgroundLoader.java +++ b/src/main/java/org/owasp/webgoat/plugins/PluginBackgroundLoader.java @@ -16,8 +16,9 @@ public class PluginBackgroundLoader implements ServletContextListener { @Override public void contextInitialized(ServletContextEvent event) { String pluginPath = event.getServletContext().getRealPath("plugin_lessons"); + String targetPath = event.getServletContext().getRealPath("plugin_extracted"); scheduler = Executors.newSingleThreadScheduledExecutor(); - scheduler.scheduleAtFixedRate(new PluginsLoader(Paths.get(pluginPath)), 0, 5, TimeUnit.MINUTES); + scheduler.scheduleAtFixedRate(new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)), 0, 5, TimeUnit.MINUTES); } @Override diff --git a/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java b/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java index 36936fb24..a9a2f1043 100644 --- a/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java +++ b/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java @@ -26,22 +26,15 @@ import static org.owasp.webgoat.plugins.PluginFileUtils.createDirsIfNotExists; */ public class PluginExtractor { - private static final String DIRECTORY = "webgoat"; private final Path pluginArchive; - private final Map classes = new HashMap(); + private final Map classes = new HashMap<>(); private final List files = new ArrayList<>(); - private Path baseDirectory; public PluginExtractor(Path pluginArchive) { this.pluginArchive = pluginArchive; - try { - baseDirectory = createDirsIfNotExists(Paths.get(System.getProperty("java.io.tmpdir"), DIRECTORY)); - } catch (IOException io) { - new Plugin.PluginLoadingFailure(format("Unable to create base directory: {}", pluginArchive.getFileName()), io); - } } - public void extract() { + public void extract(final Path target) { try (FileSystem zip = createZipFileSystem()) { final Path root = zip.getPath("/"); Files.walkFileTree(root, new SimpleFileVisitor() { @@ -52,7 +45,7 @@ public class PluginExtractor { Files.copy(file, bos); classes.put(file.toString(), bos.toByteArray()); } - files.add(Files.copy(file, createDirsIfNotExists(Paths.get(baseDirectory.toString(), file.toString())), REPLACE_EXISTING)); + files.add(Files.copy(file, createDirsIfNotExists(Paths.get(target.toString(), file.toString())), REPLACE_EXISTING)); return FileVisitResult.CONTINUE; } }); @@ -69,10 +62,6 @@ public class PluginExtractor { return this.files; } - public Path getBaseDirectory() { - return this.baseDirectory; - } - private FileSystem createZipFileSystem() throws IOException { final URI uri = URI.create("jar:file:" + pluginArchive.toUri().getPath()); return FileSystems.newFileSystem(uri, new HashMap()); diff --git a/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java index 9feceb4af..87ffc3669 100644 --- a/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java +++ b/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java @@ -15,25 +15,29 @@ import java.util.List; public class PluginsLoader implements Runnable { private final Logger logger = LoggerFactory.getLogger(this.getClass()); - private final Path path; + private final Path pluginSource; + private Path pluginTarget; - public PluginsLoader(Path path) { - this.path = path; + public PluginsLoader(Path pluginSource, Path pluginTarget) { + this.pluginSource = pluginSource; + this.pluginTarget = pluginTarget; } public List loadPlugins(final boolean reload) { final List plugins = new ArrayList(); try { - Files.walkFileTree(path, new SimpleFileVisitor() { + Files.walkFileTree(pluginSource, new SimpleFileVisitor() { @Override public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException { try { + PluginFileUtils.createDirsIfNotExists(pluginTarget); PluginExtractor extractor = new PluginExtractor(file); - extractor.extract(); - Plugin plugin = new Plugin(extractor.getBaseDirectory()); + extractor.extract(pluginTarget); + Plugin plugin = new Plugin(pluginTarget); plugin.loadClasses(extractor.getClasses()); plugin.loadFiles(extractor.getFiles(), reload); + plugin.rewritePaths(pluginTarget); plugins.add(plugin); } catch (Plugin.PluginLoadingFailure e) { logger.error("Unable to load plugin, continue loading others..."); diff --git a/src/main/java/org/owasp/webgoat/session/Course.java b/src/main/java/org/owasp/webgoat/session/Course.java index db60cb9d3..6f4abd4e5 100644 --- a/src/main/java/org/owasp/webgoat/session/Course.java +++ b/src/main/java/org/owasp/webgoat/session/Course.java @@ -281,42 +281,17 @@ public class Course { return null; } - /** - * Load all of the filenames into a temporary cache - * - * @param context - * @param path - */ - private void loadFiles(ServletContext context, String path) { - logger.debug("Loading files into cache, path: " + path); - Set resourcePaths = context.getResourcePaths(path); - if (resourcePaths == null) { - logger.error("Unable to load file cache for courses, this is probably a bug or configuration issue"); - return; - } - Iterator itr = resourcePaths.iterator(); - - while (itr.hasNext()) { - String file = (String) itr.next(); - - if (file.length() != 1 && file.endsWith("/")) { - loadFiles(context, file); - } else { - files.add(file); - } - } - } - private void loadLessionFromPlugin(ServletContext context) { + context.getContextPath(); logger.debug("Loading plugins into cache"); - String path = context.getRealPath("plugin_lessons"); - if (path == null) { - logger.error("Plugins directory {} not found", path); + String pluginPath = context.getRealPath("plugin_lessons"); + String targetPath = context.getRealPath("plugin_extracted"); + if (pluginPath == null) { + logger.error("Plugins directory {} not found", pluginPath); return; } - Path pluginDirectory = Paths.get(path); - webgoatContext.setPluginDirectory(pluginDirectory); - List plugins = new PluginsLoader(pluginDirectory).loadPlugins(false); + Path pluginDirectory = Paths.get(pluginPath); + List plugins = new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).loadPlugins(false); for (Plugin plugin : plugins) { try { Class c = plugin.getLesson(); @@ -341,85 +316,6 @@ public class Course { } } - /** - * Instantiate all the lesson objects into a cache - * - * @deprecated should be removed if everything is loaded with plugins - * @param path - */ - private void loadLessons(String path) { - for (String file : files) { - String className = getClassFile(file, path); - - if (className != null && !className.endsWith("_i")) { - try { - Class c = Class.forName(className); - Object o = c.newInstance(); - - if (o instanceof AbstractLesson) { - AbstractLesson lesson = (AbstractLesson) o; - lesson.setWebgoatContext(webgoatContext); - - lesson.update(properties); - - if (lesson.getHidden() == false) { - lessons.add(lesson); - } - } - } catch (Exception e) { - logger.error("Error in loadLessons: ", e); - } - } - } - } - - private String getLanguageFromFileName(String first, String absoluteFile) { - int p1 = absoluteFile.indexOf("/", absoluteFile.indexOf(first) + 1); - int p2 = absoluteFile.indexOf("/", p1 + 1); - String langStr = absoluteFile.substring(p1 + 1, p2); - - return langStr; - } - - /** - * For each lesson, set the source file and lesson file - */ - private void loadResources() { - for (AbstractLesson lesson : lessons) { - logger.info("Loading resources for lesson -> " + lesson.getName()); - String className = lesson.getClass().getName(); - String classFile = getSourceFile(className); - logger.info("Lesson classname: " + className); - logger.info("Lesson java file: " + classFile); - - for (String absoluteFile : files) { - String fileName = getFileName(absoluteFile); - //logger.debug("Course: looking at file: " + absoluteFile); - - if (absoluteFile.endsWith(classFile)) { - logger.info("Set source file for " + classFile); - lesson.setSourceFileName(absoluteFile); - } - - if (absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html") && className - .endsWith(fileName)) { - logger.info( - "setting lesson plan file " + absoluteFile + " for lesson " + lesson.getClass().getName()); - logger.info("fileName: " + fileName + " == className: " + className); - String language = getLanguageFromFileName("/lesson_plans", absoluteFile); - lesson.setLessonPlanFileName(language, absoluteFile); - } - if (absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html") && className - .endsWith(fileName)) { - logger.info( - "setting lesson solution file " + absoluteFile + " for lesson " + lesson.getClass().getName()); - logger.info("fileName: " + fileName + " == className: " + className); - lesson.setLessonSolutionFileName(absoluteFile); - } - } - } - } - /** * Description of the Method * @@ -431,10 +327,6 @@ public class Course { logger.info("Loading courses: " + path); this.webgoatContext = webgoatContext; loadLessionFromPlugin(context); - loadFiles(context, path); - //loadLessons(path); - loadResources(); - } } diff --git a/src/main/java/org/owasp/webgoat/session/WebgoatContext.java b/src/main/java/org/owasp/webgoat/session/WebgoatContext.java index 9cb27494f..8c9ce4549 100644 --- a/src/main/java/org/owasp/webgoat/session/WebgoatContext.java +++ b/src/main/java/org/owasp/webgoat/session/WebgoatContext.java @@ -4,7 +4,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.servlet.http.HttpServlet; -import java.nio.file.Path; public class WebgoatContext { @@ -216,13 +215,4 @@ public class WebgoatContext { public String getDefaultLanguage() { return defaultLanguage; } - - public Path getPluginDirectory() { - return pluginDirectory; - } - - public void setPluginDirectory(Path pluginDirectory) { - this.pluginDirectory = pluginDirectory; - } - } diff --git a/src/main/java/org/owasp/webgoat/util/LabelProvider.java b/src/main/java/org/owasp/webgoat/util/LabelProvider.java index d788e1ede..e2861096d 100644 --- a/src/main/java/org/owasp/webgoat/util/LabelProvider.java +++ b/src/main/java/org/owasp/webgoat/util/LabelProvider.java @@ -55,10 +55,6 @@ public class LabelProvider return labels.get(locale).getString(strName); } - public void addLabels() { - - } - private class WebGoatResourceBundleController extends ResourceBundle.Control { private final Locale fallbackLocale = new Locale(DEFAULT_LANGUAGE); diff --git a/src/main/webapp/plugin_lessons/SqlStringInjection-1.0.jar b/src/main/webapp/plugin_lessons/SqlStringInjection-1.0.jar index 680e478eb..d032bb12c 100644 Binary files a/src/main/webapp/plugin_lessons/SqlStringInjection-1.0.jar and b/src/main/webapp/plugin_lessons/SqlStringInjection-1.0.jar differ