Adjust lesson template (#704)
* Remove method `getId()` from all lessons as it defaults to the class name * remove clean up endpoint * remove unused class `RequestParameter` * remove unused class `PluginLoadingFailure` * Move `CourseConfiguration` to lesson package * Add more content around the lesson template lesson and make it visible as a lesson in WebGoat * Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult` * Put original solution back as well for SQL string injection * review comments * Add
This commit is contained in:
Nanne Baars
committed by
René Zubcevic
René Zubcevic
parent
f40b6ffd31
commit
5dd6b31905
@ -78,15 +78,15 @@ public class BlindSendFileAssignment extends AssignmentEndpoint {
|
||||
public AttackResult addComment(@RequestBody String commentStr) {
|
||||
//Solution is posted as a separate comment
|
||||
if (commentStr.contains(CONTENTS)) {
|
||||
return trackProgress(success().build());
|
||||
return success(this).build();
|
||||
}
|
||||
|
||||
try {
|
||||
Comment comment = comments.parseXml(commentStr);
|
||||
comments.addComment(comment, false);
|
||||
} catch (Exception e) {
|
||||
return trackProgress(failed().output(e.toString()).build());
|
||||
return failed(this).output(e.toString()).build();
|
||||
}
|
||||
return trackProgress(failed().build());
|
||||
return failed(this).build();
|
||||
}
|
||||
}
|
||||
|
||||
@ -51,11 +51,11 @@ public class ContentTypeAssignment extends AssignmentEndpoint {
|
||||
@PostMapping(path = "xxe/content-type", consumes = MediaType.ALL_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
public AttackResult createNewUser(@RequestBody String commentStr, @RequestHeader("Content-Type") String contentType) throws Exception {
|
||||
AttackResult attackResult = failed().build();
|
||||
AttackResult attackResult = failed(this).build();
|
||||
|
||||
if (APPLICATION_JSON_VALUE.equals(contentType)) {
|
||||
comments.parseJson(commentStr).ifPresent(c -> comments.addComment(c, true));
|
||||
attackResult = failed().feedback("xxe.content.type.feedback.json").build();
|
||||
attackResult = failed(this).feedback("xxe.content.type.feedback.json").build();
|
||||
}
|
||||
|
||||
if (null != contentType && contentType.contains(MediaType.APPLICATION_XML_VALUE)) {
|
||||
@ -64,15 +64,15 @@ public class ContentTypeAssignment extends AssignmentEndpoint {
|
||||
Comment comment = comments.parseXml(commentStr);
|
||||
comments.addComment(comment, false);
|
||||
if (checkSolution(comment)) {
|
||||
attackResult = success().build();
|
||||
attackResult = success(this).build();
|
||||
}
|
||||
} catch (Exception e) {
|
||||
error = org.apache.commons.lang.exception.ExceptionUtils.getFullStackTrace(e);
|
||||
attackResult = failed().feedback("xxe.content.type.feedback.xml").output(error).build();
|
||||
attackResult = failed(this).feedback("xxe.content.type.feedback.xml").output(error).build();
|
||||
}
|
||||
}
|
||||
|
||||
return trackProgress(attackResult);
|
||||
return attackResult;
|
||||
}
|
||||
|
||||
private boolean checkSolution(Comment comment) {
|
||||
|
||||
@ -69,12 +69,12 @@ public class SimpleXXE extends AssignmentEndpoint {
|
||||
Comment comment = comments.parseXml(commentStr);
|
||||
comments.addComment(comment, false);
|
||||
if (checkSolution(comment)) {
|
||||
return trackProgress(success().build());
|
||||
return success(this).build();
|
||||
}
|
||||
} catch (Exception e) {
|
||||
error = ExceptionUtils.getFullStackTrace(e);
|
||||
}
|
||||
return trackProgress(failed().output(error).build());
|
||||
return failed(this).output(error).build();
|
||||
}
|
||||
|
||||
private boolean checkSolution(Comment comment) {
|
||||
|
||||
@ -38,9 +38,4 @@ public class XXE extends Lesson {
|
||||
public String getTitle() {
|
||||
return "xxe.title";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "XXE";
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user