Adjust lesson template (#704)
* Remove method `getId()` from all lessons as it defaults to the class name * remove clean up endpoint * remove unused class `RequestParameter` * remove unused class `PluginLoadingFailure` * Move `CourseConfiguration` to lesson package * Add more content around the lesson template lesson and make it visible as a lesson in WebGoat * Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult` * Put original solution back as well for SQL string injection * review comments * Add
This commit is contained in:
Nanne Baars
committed by
René Zubcevic
René Zubcevic
parent
f40b6ffd31
commit
5dd6b31905
@ -37,9 +37,4 @@ public class PasswordReset extends Lesson {
|
||||
public String getTitle() {
|
||||
return "password-reset.title";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "PasswordReset";
|
||||
}
|
||||
}
|
||||
|
||||
@ -57,15 +57,15 @@ public class QuestionsAssignment extends AssignmentEndpoint {
|
||||
String username = (String) json.getOrDefault("username", "");
|
||||
|
||||
if ("webgoat".equalsIgnoreCase(username.toLowerCase())) {
|
||||
return trackProgress(failed().feedback("password-questions-wrong-user").build());
|
||||
return failed(this).feedback("password-questions-wrong-user").build();
|
||||
}
|
||||
|
||||
String validAnswer = COLORS.get(username.toLowerCase());
|
||||
if (validAnswer == null) {
|
||||
return trackProgress(failed().feedback("password-questions-unknown-user").feedbackArgs(username).build());
|
||||
return failed(this).feedback("password-questions-unknown-user").feedbackArgs(username).build();
|
||||
} else if (validAnswer.equals(securityQuestion)) {
|
||||
return trackProgress(success().build());
|
||||
return success(this).build();
|
||||
}
|
||||
return trackProgress(failed().build());
|
||||
return failed(this).build();
|
||||
}
|
||||
}
|
||||
|
||||
@ -67,12 +67,12 @@ public class ResetLinkAssignment extends AssignmentEndpoint {
|
||||
if (TOM_EMAIL.equals(email)) {
|
||||
String passwordTom = usersToTomPassword.getOrDefault(getWebSession().getUserName(), PASSWORD_TOM_9);
|
||||
if (passwordTom.equals(PASSWORD_TOM_9)) {
|
||||
return trackProgress(failed().feedback("login_failed").build());
|
||||
return failed(this).feedback("login_failed").build();
|
||||
} else if (passwordTom.equals(password)) {
|
||||
return trackProgress(success().build());
|
||||
return success(this).build();
|
||||
}
|
||||
}
|
||||
return trackProgress(failed().feedback("login_failed.tom").build());
|
||||
return failed(this).feedback("login_failed.tom").build();
|
||||
}
|
||||
|
||||
@GetMapping("/PasswordReset/reset/reset-password/{link}")
|
||||
|
||||
@ -68,11 +68,11 @@ public class ResetLinkAssignmentForgotPassword extends AssignmentEndpoint {
|
||||
try {
|
||||
sendMailToUser(email, host, resetLink);
|
||||
} catch (Exception e) {
|
||||
return failed().output("E-mail can't be send. please try again.").build();
|
||||
return failed(this).output("E-mail can't be send. please try again.").build();
|
||||
}
|
||||
}
|
||||
}
|
||||
return success().feedback("email.send").feedbackArgs(email).build();
|
||||
return success(this).feedback("email.send").feedbackArgs(email).build();
|
||||
}
|
||||
|
||||
private void sendMailToUser(String email, String host, String resetLink) {
|
||||
|
||||
@ -71,10 +71,10 @@ public class SecurityQuestionAssignment extends AssignmentEndpoint {
|
||||
if (answer.isPresent()) {
|
||||
triedQuestions.incr(question);
|
||||
if (triedQuestions.isComplete()) {
|
||||
return trackProgress(success().output("<b>" + answer + "</b>").build());
|
||||
return success(this).output("<b>" + answer + "</b>").build();
|
||||
}
|
||||
}
|
||||
return informationMessage()
|
||||
return informationMessage(this)
|
||||
.feedback("password-questions-one-successful")
|
||||
.output(answer.orElse("Unknown question, please try again..."))
|
||||
.build();
|
||||
|
||||
@ -60,9 +60,9 @@ public class SimpleMailAssignment extends AssignmentEndpoint {
|
||||
String username = extractUsername(emailAddress);
|
||||
|
||||
if (username.equals(getWebSession().getUserName()) && StringUtils.reverse(username).equals(password)) {
|
||||
return trackProgress(success().build());
|
||||
return success(this).build();
|
||||
} else {
|
||||
return trackProgress(failed().feedbackArgs("password-reset-simple.password_incorrect").build());
|
||||
return failed(this).feedbackArgs("password-reset-simple.password_incorrect").build();
|
||||
}
|
||||
}
|
||||
|
||||
@ -90,11 +90,11 @@ public class SimpleMailAssignment extends AssignmentEndpoint {
|
||||
try {
|
||||
restTemplate.postForEntity(webWolfURL, mailEvent, Object.class);
|
||||
} catch (RestClientException e) {
|
||||
return informationMessage().feedback("password-reset-simple.email_failed").output(e.getMessage()).build();
|
||||
return informationMessage(this).feedback("password-reset-simple.email_failed").output(e.getMessage()).build();
|
||||
}
|
||||
return informationMessage().feedback("password-reset-simple.email_send").feedbackArgs(email).build();
|
||||
return informationMessage(this).feedback("password-reset-simple.email_send").feedbackArgs(email).build();
|
||||
} else {
|
||||
return informationMessage().feedback("password-reset-simple.email_mismatch").feedbackArgs(username).build();
|
||||
return informationMessage(this).feedback("password-reset-simple.email_mismatch").feedbackArgs(username).build();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user