Adjust lesson template (#704)

* Remove method `getId()` from all lessons as it defaults to the class name * remove clean up endpoint * remove unused class `RequestParameter` * remove unused class `PluginLoadingFailure` * Move `CourseConfiguration` to lesson package * Add more content around the lesson template lesson and make it visible as a lesson in WebGoat * Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult` * Put original solution back as well for SQL string injection * review comments * Add
2019-11-17 13:39:56 +01:00
parent f40b6ffd31
commit 5dd6b31905
139 changed files with 769 additions and 870 deletions
--- a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRF.java
+++ b/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRF.java
@ -44,9 +44,4 @@ public class SSRF extends Lesson {
    public String getTitle() {
        return "ssrf.title";
    }
-
-    @Override
-    public String getId() {
-        return "SSRF";
-    }
 }
--- a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask1.java
+++ b/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask1.java
@ -24,19 +24,11 @@ package org.owasp.webgoat.ssrf;

 import org.owasp.webgoat.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.assignments.AssignmentHints;
-import org.owasp.webgoat.assignments.AssignmentPath;
 import org.owasp.webgoat.assignments.AttackResult;
-import org.springframework.web.bind.annotation.*;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.sun.net.httpserver.Authenticator.Success;
-
-import java.io.*;
-import java.net.URL;
-import java.net.URLConnection;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;


@RestController
@ -55,28 +47,28 @@ public class SSRFTask1 extends AssignmentEndpoint {

            if (url.matches("images/tom.png")) {
                html.append("<img class=\"image\" alt=\"Tom\" src=\"images/tom.png\" width=\"25%\" height=\"25%\">");
-                return trackProgress(failed()
+                return failed(this)
                        .feedback("ssrf.tom")
                        .output(html.toString())
-                        .build());
+                        .build();
            } else if (url.matches("images/jerry.png")) {
                html.append("<img class=\"image\" alt=\"Jerry\" src=\"images/jerry.png\" width=\"25%\" height=\"25%\">");
-                return trackProgress(success()
+                return success(this)
                        .feedback("ssrf.success")
                        .output(html.toString())
-                        .build());
+                        .build();
            } else {
                html.append("<img class=\"image\" alt=\"Silly Cat\" src=\"images/cat.jpg\">");
-                return trackProgress(failed()
+                return failed(this)
                        .feedback("ssrf.failure")
                        .output(html.toString())
-                        .build());
+                        .build();
            }
        } catch (Exception e) {
            e.printStackTrace();
-            return trackProgress(failed()
+            return failed(this)
                    .output(e.getMessage())
-                    .build());
+                    .build();
        }
    }
 }
--- a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java
+++ b/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java
@ -24,17 +24,14 @@ package org.owasp.webgoat.ssrf;

 import org.owasp.webgoat.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.assignments.AssignmentHints;
-import org.owasp.webgoat.assignments.AssignmentPath;
 import org.owasp.webgoat.assignments.AttackResult;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;

-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.sun.net.httpserver.Authenticator.Success;
-
-import java.io.*;
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
 import java.net.URL;
 import java.net.URLConnection;

@ -64,22 +61,22 @@ public class SSRFTask2 extends AssignmentEndpoint {
                }
                in.close();

-                return trackProgress(success()
+                return success(this)
                        .feedback("ssrf.success")
                        .output(html.toString())
-                        .build());
+                        .build();
            } else {
                html.append("<img class=\"image\" alt=\"image post\" src=\"images/cat.jpg\">");
-                return trackProgress(failed()
+                return failed(this)
                        .feedback("ssrf.failure")
                        .output(html.toString())
-                        .build());
+                        .build();
            }
        } catch (Exception e) {
            e.printStackTrace();
-            return trackProgress(failed()
+            return failed(this)
                    .output(e.getMessage())
-                    .build());
+                    .build();
        }
    }
 }