xxe path info (#670)

* xxe path info aid added

* xxe path info aid added

*  changes to template file and hints

* added ssl test support for XXE

* added ssl test support for XXE

* restconfig replaced by httpsrelaxed

* processed review comments on hints and example

webwolf/src/main/java/org/owasp/webwolf/FileServer.java

@@ -31,17 +31,23 @@ import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.io.FileUtils;
 import org.owasp.webwolf.user.WebGoatUser;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.MediaType;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.view.RedirectView;
 
 import javax.servlet.http.HttpServletRequest;
+
+import static org.springframework.http.MediaType.ALL_VALUE;
+
 import java.io.File;
 import java.util.List;
 
@@ -53,18 +59,23 @@ import java.util.List;
 public class FileServer {
 
     @Value("${webwolf.fileserver.location}")
-    private String fileLocatation;
+    private String fileLocation;
     @Value("${server.address}")
     private String server;
     @Value("${server.port}")
     private int port;
 
+    @RequestMapping(path="/tmpdir",consumes = ALL_VALUE, produces=MediaType.TEXT_PLAIN_VALUE)
+    @ResponseBody
+    public String getFileLocation() {
+    	return fileLocation;
+    }
 
     @PostMapping(value = "/WebWolf/fileupload")
     @SneakyThrows
     public ModelAndView importFile(@RequestParam("file") MultipartFile myFile) {
         WebGoatUser user = (WebGoatUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
-        File destinationDir = new File(fileLocatation, user.getUsername());
+        File destinationDir = new File(fileLocation, user.getUsername());
         destinationDir.mkdirs();
         myFile.transferTo(new File(destinationDir, myFile.getOriginalFilename()));
         log.debug("File saved to {}", new File(destinationDir, myFile.getOriginalFilename()));
@@ -90,7 +101,7 @@ public class FileServer {
     public ModelAndView getFiles(HttpServletRequest request) {
         WebGoatUser user = (WebGoatUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
         String username = user.getUsername();
-        File destinationDir = new File(fileLocatation, username);
+        File destinationDir = new File(fileLocation, username);
 
         ModelAndView modelAndView = new ModelAndView();
         modelAndView.setViewName("files");