Adjust lesson template (#704)
* Remove method `getId()` from all lessons as it defaults to the class name * remove clean up endpoint * remove unused class `RequestParameter` * remove unused class `PluginLoadingFailure` * Move `CourseConfiguration` to lesson package * Add more content around the lesson template lesson and make it visible as a lesson in WebGoat * Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult` * Put original solution back as well for SQL string injection * review comments * Add
This commit is contained in:
Nanne Baars
committed by
René Zubcevic
René Zubcevic
parent
f40b6ffd31
commit
5dd6b31905
@ -38,10 +38,4 @@ public class MissingFunctionAC extends Lesson {
|
||||
public String getTitle() {
|
||||
return "missing-function-access-control.title";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "MissingFunctionAC";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -47,22 +47,22 @@ public class MissingFunctionACHiddenMenus extends AssignmentEndpoint {
|
||||
public AttackResult completed(String hiddenMenu1, String hiddenMenu2) {
|
||||
//overly simple example for success. See other existing lesssons for ways to detect 'success' or 'failure'
|
||||
if (hiddenMenu1.equals("Users") && hiddenMenu2.equals("Config")) {
|
||||
return trackProgress(success()
|
||||
return success(this)
|
||||
.output("")
|
||||
.feedback("access-control.hidden-menus.success")
|
||||
.build());
|
||||
.build();
|
||||
}
|
||||
|
||||
if (hiddenMenu1.equals("Config") && hiddenMenu2.equals("Users")) {
|
||||
return trackProgress(failed()
|
||||
return failed(this)
|
||||
.output("")
|
||||
.feedback("access-control.hidden-menus.close")
|
||||
.build());
|
||||
.build();
|
||||
}
|
||||
|
||||
return trackProgress(failed()
|
||||
return failed(this)
|
||||
.feedback("access-control.hidden-menus.failure")
|
||||
.output("")
|
||||
.build());
|
||||
.build();
|
||||
}
|
||||
}
|
||||
|
||||
@ -24,7 +24,6 @@ package org.owasp.webgoat.missing_ac;
|
||||
|
||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.assignments.AssignmentHints;
|
||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
||||
import org.owasp.webgoat.assignments.AttackResult;
|
||||
import org.owasp.webgoat.users.UserService;
|
||||
import org.owasp.webgoat.users.WebGoatUser;
|
||||
@ -49,9 +48,9 @@ public class MissingFunctionACYourHash extends AssignmentEndpoint {
|
||||
WebGoatUser user = userService.loadUserByUsername(currentUser);
|
||||
DisplayUser displayUser = new DisplayUser(user);
|
||||
if (userHash.equals(displayUser.getUserHash())) {
|
||||
return trackProgress(success().feedback("access-control.hash.success").build());
|
||||
return success(this).feedback("access-control.hash.success").build();
|
||||
} else {
|
||||
return trackProgress(failed().feedback("access-control.hash.close").build());
|
||||
return failed(this).feedback("access-control.hash.close").build();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -44,7 +44,6 @@ public class MissingFunctionACHiddenMenusTest extends AssignmentEndpointTest {
|
||||
public void setup() {
|
||||
MissingFunctionACHiddenMenus hiddenMenus = new MissingFunctionACHiddenMenus();
|
||||
init(hiddenMenus);
|
||||
when(webSession.getCurrentLesson()).thenReturn(new MissingFunctionAC());
|
||||
this.mockMvc = standaloneSetup(hiddenMenus).build();
|
||||
}
|
||||
|
||||
|
||||
@ -57,7 +57,6 @@ public class MissingFunctionYourHashTest extends AssignmentEndpointTest {
|
||||
this.mockDisplayUser = new DisplayUser(new WebGoatUser("user", "userPass"));
|
||||
ReflectionTestUtils.setField(yourHashTest, "userService", userService);
|
||||
when(userService.loadUserByUsername(any())).thenReturn(new WebGoatUser("user", "userPass"));
|
||||
when(webSession.getCurrentLesson()).thenReturn(new MissingFunctionAC());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
Reference in New Issue
Block a user