Adjust lesson template (#704)
* Remove method `getId()` from all lessons as it defaults to the class name * remove clean up endpoint * remove unused class `RequestParameter` * remove unused class `PluginLoadingFailure` * Move `CourseConfiguration` to lesson package * Add more content around the lesson template lesson and make it visible as a lesson in WebGoat * Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult` * Put original solution back as well for SQL string injection * review comments * Add
This commit is contained in:
Nanne Baars
committed by
René Zubcevic
René Zubcevic
parent
f40b6ffd31
commit
5dd6b31905
@ -18,9 +18,4 @@ public class ChallengeIntro extends Lesson {
|
||||
public String getTitle() {
|
||||
return "challenge0.title";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "Challenge";
|
||||
}
|
||||
}
|
||||
|
||||
@ -48,11 +48,11 @@ public class Assignment1 extends AssignmentEndpoint {
|
||||
boolean ipAddressKnown = true;
|
||||
boolean passwordCorrect = "admin".equals(username) && PASSWORD.equals(password);
|
||||
if (passwordCorrect && ipAddressKnown) {
|
||||
return success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(1)).build();
|
||||
return success(this).feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(1)).build();
|
||||
} else if (passwordCorrect) {
|
||||
return failed().feedback("ip.address.unknown").build();
|
||||
return failed(this).feedback("ip.address.unknown").build();
|
||||
}
|
||||
return failed().build();
|
||||
return failed(this).build();
|
||||
}
|
||||
|
||||
public static boolean containsHeader(HttpServletRequest request) {
|
||||
|
||||
@ -20,9 +20,4 @@ public class Challenge1 extends Lesson {
|
||||
public String getTitle() {
|
||||
return "challenge1.title";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "Challenge1";
|
||||
}
|
||||
}
|
||||
|
||||
@ -50,19 +50,19 @@ public class Assignment5 extends AssignmentEndpoint {
|
||||
@ResponseBody
|
||||
public AttackResult login(@RequestParam String username_login, @RequestParam String password_login) throws Exception {
|
||||
if (!StringUtils.hasText(username_login) || !StringUtils.hasText(password_login)) {
|
||||
return failed().feedback("required4").build();
|
||||
return failed(this).feedback("required4").build();
|
||||
}
|
||||
if (!"Larry".equals(username_login)) {
|
||||
return failed().feedback("user.not.larry").feedbackArgs(username_login).build();
|
||||
return failed(this).feedback("user.not.larry").feedbackArgs(username_login).build();
|
||||
}
|
||||
try (var connection = dataSource.getConnection()) {
|
||||
PreparedStatement statement = connection.prepareStatement("select password from challenge_users where userid = '" + username_login + "' and password = '" + password_login + "'");
|
||||
ResultSet resultSet = statement.executeQuery();
|
||||
|
||||
if (resultSet.next()) {
|
||||
return success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(5)).build();
|
||||
return success(this).feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(5)).build();
|
||||
} else {
|
||||
return failed().feedback("challenge.close").build();
|
||||
return failed(this).feedback("challenge.close").build();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -42,9 +42,4 @@ public class Challenge5 extends Lesson {
|
||||
public String getTitle() {
|
||||
return "challenge5.title";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "Challenge5";
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
package org.owasp.webgoat.challenges.challenge7;
|
||||
|
||||
import lombok.SneakyThrows;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.assignments.AttackResult;
|
||||
@ -71,7 +70,7 @@ public class Assignment7 extends AssignmentEndpoint {
|
||||
restTemplate.postForEntity(webWolfMailURL, mail, Object.class);
|
||||
}
|
||||
}
|
||||
return success().feedback("email.send").feedbackArgs(email).build();
|
||||
return success(this).feedback("email.send").feedbackArgs(email).build();
|
||||
}
|
||||
|
||||
@GetMapping(value = "/challenge/7/.git", produces = MediaType.APPLICATION_OCTET_STREAM_VALUE)
|
||||
|
||||
@ -20,9 +20,4 @@ public class Challenge7 extends Lesson {
|
||||
public String getTitle() {
|
||||
return "challenge7.title";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "Challenge7";
|
||||
}
|
||||
}
|
||||
|
||||
@ -20,9 +20,4 @@ public class Challenge8 extends Lesson {
|
||||
public String getTitle() {
|
||||
return "challenge8.title";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "Challenge8";
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user