dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adjust lesson template (#704)

Browse Source 
* Remove method `getId()` from all lessons as it defaults to the class name

* remove clean up endpoint

* remove unused class `RequestParameter`

* remove unused class `PluginLoadingFailure`

* Move `CourseConfiguration` to lesson package

* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat

* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`

* Put original solution back as well for SQL string injection

* review comments

* Add
This commit is contained in:
Nanne Baars
2019-11-17 13:39:56 +01:00
committed by René Zubcevic
parent f40b6ffd31
commit 5dd6b31905
139 changed files with 769 additions and 870 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictions.java
View File

@ -37,9 +37,4 @@ public class BypassRestrictions extends Lesson {
public String getTitle() {
return "bypass-restrictions.title";
}
@Override
public String getId() {
return "BypassRestrictions";
}
}

10
webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFieldRestrictions.java
View File

@ -36,17 +36,17 @@ public class BypassRestrictionsFieldRestrictions extends AssignmentEndpoint {
@ResponseBody
public AttackResult completed(@RequestParam String select, @RequestParam String radio, @RequestParam String checkbox, @RequestParam String shortInput) {
if (select.equals("option1") || select.equals("option2")) {
return trackProgress(failed().build());
return failed(this).build();
}
if (radio.equals("option1") || radio.equals("option2")) {
return trackProgress(failed().build());
return failed(this).build();
}
if (checkbox.equals("on") || checkbox.equals("off")) {
return trackProgress(failed().build());
return failed(this).build();
}
if (shortInput.length() <= 5) {
return trackProgress(failed().build());
return failed(this).build();
}
return trackProgress(success().build());
return success(this).build();
}
}

22
webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidation.java
View File

@ -23,13 +23,9 @@
package org.owasp.webgoat.bypass_restrictions;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
@RestController
public class BypassRestrictionsFrontendValidation extends AssignmentEndpoint {
@ -44,29 +40,29 @@ public class BypassRestrictionsFrontendValidation extends AssignmentEndpoint {
final String regex6 = "^\\d{5}(-\\d{4})?$";
final String regex7 = "^[2-9]\\d{2}-?\\d{3}-?\\d{4}$";
if (error > 0) {
return trackProgress(failed().build());
return failed(this).build();
}
if (field1.matches(regex1)) {
return trackProgress(failed().build());
return failed(this).build();
}
if (field2.matches(regex2)) {
return trackProgress(failed().build());
return failed(this).build();
}
if (field3.matches(regex3)) {
return trackProgress(failed().build());
return failed(this).build();
}
if (field4.matches(regex4)) {
return trackProgress(failed().build());
return failed(this).build();
}
if (field5.matches(regex5)) {
return trackProgress(failed().build());
return failed(this).build();
}
if (field6.matches(regex6)) {
return trackProgress(failed().build());
return failed(this).build();
}
if (field7.matches(regex7)) {
return trackProgress(failed().build());
return failed(this).build();
}
return trackProgress(success().build());
return success(this).build();
}
}