refactor: make AssignmentEndpoint an interface

2024-12-02 20:32:06 +01:00 · 2024-12-02 20:32:06 +01:00 · 67c1f622ef
commit 67c1f622ef
parent a3e0fcc9b3
97 changed files with 100 additions and 108 deletions
--- a/src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java
+++ b/src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java
@ -25,4 +25,4 @@

 package org.owasp.webgoat.container.assignments;

-public abstract class AssignmentEndpoint {}
+public interface AssignmentEndpoint {}
--- a/src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java
+++ b/src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java
@ -41,7 +41,7 @@ public class AttackResult {
  private final String assignment;
  private boolean attemptWasMade;

-  public AttackResult(
+  private AttackResult(
      boolean lessonCompleted,
      String feedback,
      String output,
--- a/src/main/java/org/owasp/webgoat/container/assignments/AttackResultBuilder.java
+++ b/src/main/java/org/owasp/webgoat/container/assignments/AttackResultBuilder.java
@ -96,14 +96,6 @@ public class AttackResultBuilder {
   * @return a builder for creating a result from a lesson
   * @param assignment
   */
-  public AttackResultBuilder oldSuccess(AssignmentEndpoint assignment) {
-    return this.lessonCompleted(true)
-        .assignmentCompleted(true)
-        .attemptWasMade()
-        .feedback("assignment.solved")
-        .assignment(assignment);
-  }
-
  public static AttackResultBuilder success(AssignmentEndpoint assignment) {
    return new AttackResultBuilder()
        .lessonCompleted(true)
--- a/src/main/java/org/owasp/webgoat/lessons/authbypass/VerifyAccount.java
+++ b/src/main/java/org/owasp/webgoat/lessons/authbypass/VerifyAccount.java
@ -49,7 +49,7 @@ import org.springframework.web.bind.annotation.RestController;
  "auth-bypass.hints.verify.3",
  "auth-bypass.hints.verify.4"
 })
-public class VerifyAccount extends AssignmentEndpoint {
+public class VerifyAccount implements AssignmentEndpoint {

  private final LessonSession userSessionData;

--- a/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFieldRestrictions.java
+++ b/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFieldRestrictions.java
@ -33,7 +33,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class BypassRestrictionsFieldRestrictions extends AssignmentEndpoint {
+public class BypassRestrictionsFieldRestrictions implements AssignmentEndpoint {

  @PostMapping("/BypassRestrictions/FieldRestrictions")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidation.java
+++ b/src/main/java/org/owasp/webgoat/lessons/bypassrestrictions/BypassRestrictionsFrontendValidation.java
@ -33,7 +33,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class BypassRestrictionsFrontendValidation extends AssignmentEndpoint {
+public class BypassRestrictionsFrontendValidation implements AssignmentEndpoint {

  @PostMapping("/BypassRestrictions/frontendValidation")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/challenges/FlagController.java
+++ b/src/main/java/org/owasp/webgoat/lessons/challenges/FlagController.java
@ -34,7 +34,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class FlagController extends AssignmentEndpoint {
+public class FlagController implements AssignmentEndpoint {

  private final Flags flags;

--- a/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java
+++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java
@ -43,7 +43,7 @@ import org.springframework.web.bind.annotation.RestController;
 * @since August 11, 2016
 */
@RestController
-public class Assignment1 extends AssignmentEndpoint {
+public class Assignment1 implements AssignmentEndpoint {

  private final Flags flags;

--- a/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java
+++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java
@ -42,7 +42,7 @@ import org.springframework.web.bind.annotation.RestController;
@RestController
@Slf4j
@RequiredArgsConstructor
-public class Assignment5 extends AssignmentEndpoint {
+public class Assignment5 implements AssignmentEndpoint {

  private final LessonDataSource dataSource;
  private final Flags flags;
--- a/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java
+++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java
@ -31,7 +31,7 @@ import org.springframework.web.client.RestTemplate;
 */
@RestController
@Slf4j
-public class Assignment7 extends AssignmentEndpoint {
+public class Assignment7 implements AssignmentEndpoint {

  public static final String ADMIN_PASSWORD_LINK = "375afe1104f4a487a73823c50a9292a2";

--- a/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java
+++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java
@ -19,7 +19,7 @@ import org.springframework.web.bind.annotation.RestController;
@RestController
@Slf4j
@RequiredArgsConstructor
-public class Assignment8 extends AssignmentEndpoint {
+public class Assignment8 implements AssignmentEndpoint {

  private static final Map<Integer, Integer> votes = new HashMap<>();

--- a/src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkDummy.java
+++ b/src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkDummy.java
@ -40,7 +40,7 @@ import org.springframework.web.bind.annotation.RestController;
 * @since 30.11.18
 */
@RestController
-public class NetworkDummy extends AssignmentEndpoint {
+public class NetworkDummy implements AssignmentEndpoint {

  private final LessonSession lessonSession;

--- a/src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkLesson.java
+++ b/src/main/java/org/owasp/webgoat/lessons/chromedevtools/NetworkLesson.java
@ -43,7 +43,7 @@ import org.springframework.web.bind.annotation.RestController;
 */
@RestController
@AssignmentHints({"networkHint1", "networkHint2"})
-public class NetworkLesson extends AssignmentEndpoint {
+public class NetworkLesson implements AssignmentEndpoint {

  @PostMapping(
      value = "/ChromeDevTools/network",
--- a/src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java
+++ b/src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java
@ -12,7 +12,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class CIAQuiz extends AssignmentEndpoint {
+public class CIAQuiz implements AssignmentEndpoint {

  private final String[] solutions = {"Solution 3", "Solution 1", "Solution 4", "Solution 2"};
  boolean[] guesses = new boolean[solutions.length];
--- a/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringAssignment.java
@ -40,7 +40,7 @@ import org.springframework.web.bind.annotation.RestController;
  "ClientSideFilteringHint3",
  "ClientSideFilteringHint4"
 })
-public class ClientSideFilteringAssignment extends AssignmentEndpoint {
+public class ClientSideFilteringAssignment implements AssignmentEndpoint {

  @PostMapping("/clientSideFiltering/attack1")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignment.java
@ -43,7 +43,7 @@ import org.springframework.web.bind.annotation.RestController;
  "client.side.filtering.free.hint2",
  "client.side.filtering.free.hint3"
 })
-public class ClientSideFilteringFreeAssignment extends AssignmentEndpoint {
+public class ClientSideFilteringFreeAssignment implements AssignmentEndpoint {
  public static final String SUPER_COUPON_CODE = "get_it_for_free";

  @PostMapping("/clientSideFiltering/getItForFree")
--- a/src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java
@ -38,7 +38,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class EncodingAssignment extends AssignmentEndpoint {
+public class EncodingAssignment implements AssignmentEndpoint {

  public static String getBasicAuth(String username, String password) {
    return Base64.getEncoder().encodeToString(username.concat(":").concat(password).getBytes());
--- a/src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java
@ -42,7 +42,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints({"crypto-hashing.hints.1", "crypto-hashing.hints.2"})
-public class HashingAssignment extends AssignmentEndpoint {
+public class HashingAssignment implements AssignmentEndpoint {
  public static final String[] SECRETS = {"secret", "admin", "password", "123456", "passw0rd"};

  @RequestMapping(path = "/crypto/hashing/md5", produces = MediaType.TEXT_HTML_VALUE)
--- a/src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java
@ -40,7 +40,7 @@ import org.springframework.web.bind.annotation.RestController;
  "crypto-secure-defaults.hints.2",
  "crypto-secure-defaults.hints.3"
 })
-public class SecureDefaultsAssignment extends AssignmentEndpoint {
+public class SecureDefaultsAssignment implements AssignmentEndpoint {

  @PostMapping("/crypto/secure/defaults")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java
@ -50,7 +50,7 @@ import org.springframework.web.bind.annotation.RestController;
  "crypto-signing.hints.4"
 })
@Slf4j
-public class SigningAssignment extends AssignmentEndpoint {
+public class SigningAssignment implements AssignmentEndpoint {

  @RequestMapping(path = "/crypto/signing/getprivate", produces = MediaType.TEXT_HTML_VALUE)
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java
@ -35,7 +35,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints({"crypto-encoding-xor.hints.1"})
-public class XOREncodingAssignment extends AssignmentEndpoint {
+public class XOREncodingAssignment implements AssignmentEndpoint {

  @PostMapping("/crypto/encoding/xor")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java
+++ b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java
@ -36,7 +36,7 @@ import org.springframework.web.bind.annotation.RestController;
 /** Created by jason on 9/29/17. */
@RestController
@AssignmentHints({"csrf-get.hint1", "csrf-get.hint2", "csrf-get.hint3", "csrf-get.hint4"})
-public class CSRFConfirmFlag1 extends AssignmentEndpoint {
+public class CSRFConfirmFlag1 implements AssignmentEndpoint {

  private final LessonSession userSessionData;

--- a/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java
+++ b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java
@ -46,7 +46,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints({"csrf-feedback-hint1", "csrf-feedback-hint2", "csrf-feedback-hint3"})
-public class CSRFFeedback extends AssignmentEndpoint {
+public class CSRFFeedback implements AssignmentEndpoint {

  private final LessonSession userSessionData;
  private final ObjectMapper objectMapper;
--- a/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java
+++ b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java
@ -35,7 +35,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints({"csrf-login-hint1", "csrf-login-hint2", "csrf-login-hint3"})
-public class CSRFLogin extends AssignmentEndpoint {
+public class CSRFLogin implements AssignmentEndpoint {

  @PostMapping(
      path = "/csrf/login",
--- a/src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java
+++ b/src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java
@ -47,7 +47,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints({"csrf-review-hint1", "csrf-review-hint2", "csrf-review-hint3"})
-public class ForgedReviews extends AssignmentEndpoint {
+public class ForgedReviews implements AssignmentEndpoint {

  private static DateTimeFormatter fmt = DateTimeFormatter.ofPattern("yyyy-MM-dd, HH:mm:ss");

--- a/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java
+++ b/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java
@ -45,7 +45,7 @@ import org.springframework.web.bind.annotation.RestController;
  "insecure-deserialization.hints.2",
  "insecure-deserialization.hints.3"
 })
-public class InsecureDeserializationTask extends AssignmentEndpoint {
+public class InsecureDeserializationTask implements AssignmentEndpoint {

  @PostMapping("/InsecureDeserialization/task")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java
@ -53,7 +53,7 @@ import org.springframework.web.bind.annotation.RestController;
  "hijacksession.hints.4",
  "hijacksession.hints.5"
 })
-public class HijackSessionAssignment extends AssignmentEndpoint {
+public class HijackSessionAssignment implements AssignmentEndpoint {
  private static final String COOKIE_NAME = "hijack_cookie";

  private final HijackSessionAuthenticationProvider provider;
--- a/src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTamperingTask.java
+++ b/src/main/java/org/owasp/webgoat/lessons/htmltampering/HtmlTamperingTask.java
@ -35,7 +35,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints({"hint1", "hint2", "hint3"})
-public class HtmlTamperingTask extends AssignmentEndpoint {
+public class HtmlTamperingTask implements AssignmentEndpoint {

  @PostMapping("/HtmlTampering/task")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsLesson.java
+++ b/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsLesson.java
@ -35,7 +35,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints({"http-basics.hints.http_basics_lesson.1"})
-public class HttpBasicsLesson extends AssignmentEndpoint {
+public class HttpBasicsLesson implements AssignmentEndpoint {

  @PostMapping("/HttpBasics/attack1")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java
+++ b/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java
@ -37,7 +37,7 @@ import org.springframework.web.bind.annotation.RestController;
@RestController
@AssignmentHints({"http-basics.hints.http_basic_quiz.1", "http-basics.hints.http_basic_quiz.2"})
@AssignmentPath("HttpBasics/attack2")
-public class HttpBasicsQuiz extends AssignmentEndpoint {
+public class HttpBasicsQuiz implements AssignmentEndpoint {

  @PostMapping("/HttpBasics/attack2")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequest.java
+++ b/src/main/java/org/owasp/webgoat/lessons/httpproxies/HttpBasicsInterceptRequest.java
@ -37,7 +37,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class HttpBasicsInterceptRequest extends AssignmentEndpoint {
+public class HttpBasicsInterceptRequest implements AssignmentEndpoint {

  @RequestMapping(
      path = "/HttpProxies/intercept-request",
--- a/src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java
+++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java
@ -40,7 +40,7 @@ import org.springframework.web.bind.annotation.RestController;
  "idor.hints.idorDiffAttributes2",
  "idor.hints.idorDiffAttributes3"
 })
-public class IDORDiffAttributes extends AssignmentEndpoint {
+public class IDORDiffAttributes implements AssignmentEndpoint {

  @PostMapping("/IDOR/diff-attributes")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfile.java
+++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfile.java
@ -48,7 +48,7 @@ import org.springframework.web.bind.annotation.RestController;
  "idor.hints.otherProfile8",
  "idor.hints.otherProfile9"
 })
-public class IDOREditOtherProfile extends AssignmentEndpoint {
+public class IDOREditOtherProfile implements AssignmentEndpoint {

  private final LessonSession userSessionData;

--- a/src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java
+++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java
@ -39,7 +39,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints({"idor.hints.idor_login"})
-public class IDORLogin extends AssignmentEndpoint {
+public class IDORLogin implements AssignmentEndpoint {
  private final LessonSession lessonSession;

  public IDORLogin(LessonSession lessonSession) {
--- a/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java
+++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java
@ -47,7 +47,7 @@ import org.springframework.web.bind.annotation.RestController;
  "idor.hints.otherProfile8",
  "idor.hints.otherProfile9"
 })
-public class IDORViewOtherProfile extends AssignmentEndpoint {
+public class IDORViewOtherProfile implements AssignmentEndpoint {

  private final LessonSession userSessionData;

--- a/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java
+++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java
@ -41,7 +41,7 @@ import org.springframework.web.bind.annotation.RestController;
  "idor.hints.ownProfileAltUrl2",
  "idor.hints.ownProfileAltUrl3"
 })
-public class IDORViewOwnProfileAltUrl extends AssignmentEndpoint {
+public class IDORViewOwnProfileAltUrl implements AssignmentEndpoint {
  private final LessonSession userSessionData;

  public IDORViewOwnProfileAltUrl(LessonSession userSessionData) {
--- a/src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java
+++ b/src/main/java/org/owasp/webgoat/lessons/insecurelogin/InsecureLoginTask.java
@ -31,7 +31,7 @@ import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;

@RestController
-public class InsecureLoginTask extends AssignmentEndpoint {
+public class InsecureLoginTask implements AssignmentEndpoint {

  @PostMapping("/InsecureLogin/task")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java
+++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java
@ -11,7 +11,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class JWTDecodeEndpoint extends AssignmentEndpoint {
+public class JWTDecodeEndpoint implements AssignmentEndpoint {

  @PostMapping("/JWT/decode")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java
+++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java
@ -12,7 +12,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class JWTQuiz extends AssignmentEndpoint {
+public class JWTQuiz implements AssignmentEndpoint {

  private final String[] solutions = {"Solution 1", "Solution 2"};
  private final boolean[] guesses = new boolean[solutions.length];
--- a/src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java
+++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java
@ -58,7 +58,7 @@ import org.springframework.web.bind.annotation.RestController;
  "jwt-refresh-hint3",
  "jwt-refresh-hint4"
 })
-public class JWTRefreshEndpoint extends AssignmentEndpoint {
+public class JWTRefreshEndpoint implements AssignmentEndpoint {

  public static final String PASSWORD = "bm5nhSkxCXZkKRy4";
  private static final String JWT_PASSWORD = "bm5n3SkxCX4kKRy4";
--- a/src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java
+++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java
@ -47,7 +47,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints({"jwt-secret-hint1", "jwt-secret-hint2", "jwt-secret-hint3"})
-public class JWTSecretKeyEndpoint extends AssignmentEndpoint {
+public class JWTSecretKeyEndpoint implements AssignmentEndpoint {

  public static final String[] SECRETS = {
    "victory", "business", "available", "shipping", "washington"
--- a/src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java
+++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java
@ -68,7 +68,7 @@ import org.springframework.web.bind.annotation.RestController;
  "jwt-change-token-hint4",
  "jwt-change-token-hint5"
 })
-public class JWTVotesEndpoint extends AssignmentEndpoint {
+public class JWTVotesEndpoint implements AssignmentEndpoint {

  public static final String JWT_PASSWORD = TextCodec.BASE64.encode("victory");
  private static String validUsers = "TomJerrySylvester";
--- a/src/main/java/org/owasp/webgoat/lessons/jwt/claimmisuse/JWTHeaderJKUEndpoint.java
+++ b/src/main/java/org/owasp/webgoat/lessons/jwt/claimmisuse/JWTHeaderJKUEndpoint.java
@ -31,7 +31,7 @@ import org.springframework.web.bind.annotation.RestController;
  "jwt-jku-hint4",
  "jwt-jku-hint5"
 })
-public class JWTHeaderJKUEndpoint extends AssignmentEndpoint {
+public class JWTHeaderJKUEndpoint implements AssignmentEndpoint {

  @PostMapping("jku/follow/{user}")
  public @ResponseBody String follow(@PathVariable("user") String user) {
--- a/src/main/java/org/owasp/webgoat/lessons/jwt/claimmisuse/JWTHeaderKIDEndpoint.java
+++ b/src/main/java/org/owasp/webgoat/lessons/jwt/claimmisuse/JWTHeaderKIDEndpoint.java
@ -56,7 +56,7 @@ import org.springframework.web.bind.annotation.RestController;
  "jwt-kid-hint6"
 })
@RequestMapping("/JWT/")
-public class JWTHeaderKIDEndpoint extends AssignmentEndpoint {
+public class JWTHeaderKIDEndpoint implements AssignmentEndpoint {
  private final LessonDataSource dataSource;

  private JWTHeaderKIDEndpoint(LessonDataSource dataSource) {
--- a/src/main/java/org/owasp/webgoat/lessons/lessontemplate/SampleAttack.java
+++ b/src/main/java/org/owasp/webgoat/lessons/lessontemplate/SampleAttack.java
@ -41,7 +41,7 @@ import org.springframework.web.bind.annotation.RestController;
 /** Created by jason on 1/5/17. */
@RestController
@AssignmentHints({"lesson-template.hints.1", "lesson-template.hints.2", "lesson-template.hints.3"})
-public class SampleAttack extends AssignmentEndpoint {
+public class SampleAttack implements AssignmentEndpoint {
  private static final String secretValue = "secr37Value";

  private final LessonSession userSessionData;
--- a/src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java
+++ b/src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java
@ -39,7 +39,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class LogBleedingTask extends AssignmentEndpoint {
+public class LogBleedingTask implements AssignmentEndpoint {

  private static final Logger log = LoggerFactory.getLogger(LogBleedingTask.class);
  private final String password;
--- a/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java
+++ b/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java
@ -34,7 +34,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class LogSpoofingTask extends AssignmentEndpoint {
+public class LogSpoofingTask implements AssignmentEndpoint {

  @PostMapping("/LogSpoofing/log-spoofing")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenus.java
+++ b/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenus.java
@ -39,7 +39,7 @@ import org.springframework.web.bind.annotation.RestController;
  "access-control.hidden-menus.hint2",
  "access-control.hidden-menus.hint3"
 })
-public class MissingFunctionACHiddenMenus extends AssignmentEndpoint {
+public class MissingFunctionACHiddenMenus implements AssignmentEndpoint {

  @PostMapping(
      path = "/access-control/hidden-menu",
--- a/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHash.java
+++ b/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHash.java
@ -41,7 +41,7 @@ import org.springframework.web.bind.annotation.RestController;
  "access-control.hash.hint4",
  "access-control.hash.hint5"
 })
-public class MissingFunctionACYourHash extends AssignmentEndpoint {
+public class MissingFunctionACYourHash implements AssignmentEndpoint {

  private final MissingAccessControlUserRepository userRepository;

--- a/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdmin.java
+++ b/src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdmin.java
@ -44,7 +44,7 @@ import org.springframework.web.bind.annotation.RestController;
  "access-control.hash.hint12",
  "access-control.hash.hint13"
 })
-public class MissingFunctionACYourHashAdmin extends AssignmentEndpoint {
+public class MissingFunctionACYourHashAdmin implements AssignmentEndpoint {

  private final MissingAccessControlUserRepository userRepository;

--- a/src/main/java/org/owasp/webgoat/lessons/passwordreset/QuestionsAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/passwordreset/QuestionsAssignment.java
@ -40,7 +40,7 @@ import org.springframework.web.bind.annotation.RestController;
 * @since 8/20/17.
 */
@RestController
-public class QuestionsAssignment extends AssignmentEndpoint {
+public class QuestionsAssignment implements AssignmentEndpoint {

  private static final Map<String, String> COLORS = new HashMap<>();

--- a/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignment.java
@ -60,7 +60,7 @@ import org.springframework.web.servlet.ModelAndView;
  "password-reset-hint5",
  "password-reset-hint6"
 })
-public class ResetLinkAssignment extends AssignmentEndpoint {
+public class ResetLinkAssignment implements AssignmentEndpoint {

  private static final String VIEW_FORMATTER = "lessons/passwordreset/templates/%s.html";
  static final String PASSWORD_TOM_9 =
--- a/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java
+++ b/src/main/java/org/owasp/webgoat/lessons/passwordreset/ResetLinkAssignmentForgotPassword.java
@ -47,7 +47,7 @@ import org.springframework.web.client.RestTemplate;
 * @since 8/20/17.
 */
@RestController
-public class ResetLinkAssignmentForgotPassword extends AssignmentEndpoint {
+public class ResetLinkAssignmentForgotPassword implements AssignmentEndpoint {

  private final RestTemplate restTemplate;
  private final String webWolfHost;
--- a/src/main/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/passwordreset/SecurityQuestionAssignment.java
@ -42,7 +42,7 @@ import org.springframework.web.bind.annotation.RestController;
 * @since 11.12.18
 */
@RestController
-public class SecurityQuestionAssignment extends AssignmentEndpoint {
+public class SecurityQuestionAssignment implements AssignmentEndpoint {

  private final TriedQuestions triedQuestions;

--- a/src/main/java/org/owasp/webgoat/lessons/passwordreset/SimpleMailAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/passwordreset/SimpleMailAssignment.java
@ -46,7 +46,7 @@ import org.springframework.web.client.RestTemplate;
 * @since 8/20/17.
 */
@RestController
-public class SimpleMailAssignment extends AssignmentEndpoint {
+public class SimpleMailAssignment implements AssignmentEndpoint {
  private final String webWolfURL;
  private RestTemplate restTemplate;

--- a/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java
+++ b/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java
@ -25,7 +25,7 @@ import org.springframework.util.StringUtils;
 import org.springframework.web.multipart.MultipartFile;

@Getter
-public class ProfileUploadBase extends AssignmentEndpoint {
+public class ProfileUploadBase implements AssignmentEndpoint {

  private final String webGoatHomeDirectory;

--- a/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java
+++ b/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRetrieval.java
@ -43,7 +43,7 @@ import org.springframework.web.bind.annotation.RestController;
  "path-traversal-profile-retrieve.hint6"
 })
@Slf4j
-public class ProfileUploadRetrieval extends AssignmentEndpoint {
+public class ProfileUploadRetrieval implements AssignmentEndpoint {
  private final File catPicturesDirectory;

  public ProfileUploadRetrieval(@Value("${webgoat.server.directory}") String webGoatHomeDirectory) {
--- a/src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswordsAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/securepasswords/SecurePasswordsAssignment.java
@ -38,7 +38,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class SecurePasswordsAssignment extends AssignmentEndpoint {
+public class SecurePasswordsAssignment implements AssignmentEndpoint {

  @PostMapping("SecurePasswords/assignment")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java
@ -52,7 +52,7 @@ import org.springframework.web.bind.annotation.RestController;

@AssignmentHints({"spoofcookie.hint1", "spoofcookie.hint2", "spoofcookie.hint3"})
@RestController
-public class SpoofCookieAssignment extends AssignmentEndpoint {
+public class SpoofCookieAssignment implements AssignmentEndpoint {

  private static final String COOKIE_NAME = "spoof_auth";
  private static final String COOKIE_INFO =
--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java
@ -45,7 +45,7 @@ import org.springframework.web.bind.annotation.RestController;
@AssignmentHints(
    value = {"SqlInjectionChallenge1", "SqlInjectionChallenge2", "SqlInjectionChallenge3"})
@Slf4j
-public class SqlInjectionChallenge extends AssignmentEndpoint {
+public class SqlInjectionChallenge implements AssignmentEndpoint {

  private final LessonDataSource dataSource;

--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallengeLogin.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallengeLogin.java
@ -42,7 +42,7 @@ import org.springframework.web.bind.annotation.RestController;
      "SqlInjectionChallengeHint3",
      "SqlInjectionChallengeHint4"
    })
-public class SqlInjectionChallengeLogin extends AssignmentEndpoint {
+public class SqlInjectionChallengeLogin implements AssignmentEndpoint {
  private final LessonDataSource dataSource;

  public SqlInjectionChallengeLogin(LessonDataSource dataSource) {
--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java
@ -49,7 +49,7 @@ import org.springframework.web.bind.annotation.RestController;
      "SqlStringInjectionHint-advanced-6a-4",
      "SqlStringInjectionHint-advanced-6a-5"
    })
-public class SqlInjectionLesson6a extends AssignmentEndpoint {
+public class SqlInjectionLesson6a implements AssignmentEndpoint {
  private final LessonDataSource dataSource;
  private static final String YOUR_QUERY_WAS = "<br> Your query was: ";

--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6b.java
@ -39,7 +39,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class SqlInjectionLesson6b extends AssignmentEndpoint {
+public class SqlInjectionLesson6b implements AssignmentEndpoint {
  private final LessonDataSource dataSource;

  public SqlInjectionLesson6b(LessonDataSource dataSource) {
--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionQuiz.java
@ -40,7 +40,7 @@ import org.springframework.web.bind.annotation.RestController;
 * implement the quiz go to the quiz.js file in webgoat-container -> js
 */
@RestController
-public class SqlInjectionQuiz extends AssignmentEndpoint {
+public class SqlInjectionQuiz implements AssignmentEndpoint {

  String[] solutions = {"Solution 4", "Solution 3", "Solution 2", "Solution 3", "Solution 4"};
  boolean[] guesses = new boolean[solutions.length];
--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java
@ -48,7 +48,7 @@ import org.springframework.web.bind.annotation.RestController;
      "SqlStringInjectionHint.10.5",
      "SqlStringInjectionHint.10.6"
    })
-public class SqlInjectionLesson10 extends AssignmentEndpoint {
+public class SqlInjectionLesson10 implements AssignmentEndpoint {

  private final LessonDataSource dataSource;

--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java
@ -47,7 +47,7 @@ import org.springframework.web.bind.annotation.RestController;
      "SqlStringInjectionHint2-3",
      "SqlStringInjectionHint2-4"
    })
-public class SqlInjectionLesson2 extends AssignmentEndpoint {
+public class SqlInjectionLesson2 implements AssignmentEndpoint {

  private final LessonDataSource dataSource;

--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java
@ -42,7 +42,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints(value = {"SqlStringInjectionHint3-1", "SqlStringInjectionHint3-2"})
-public class SqlInjectionLesson3 extends AssignmentEndpoint {
+public class SqlInjectionLesson3 implements AssignmentEndpoint {

  private final LessonDataSource dataSource;

--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java
@ -43,7 +43,7 @@ import org.springframework.web.bind.annotation.RestController;
@RestController
@AssignmentHints(
    value = {"SqlStringInjectionHint4-1", "SqlStringInjectionHint4-2", "SqlStringInjectionHint4-3"})
-public class SqlInjectionLesson4 extends AssignmentEndpoint {
+public class SqlInjectionLesson4 implements AssignmentEndpoint {

  private final LessonDataSource dataSource;

--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java
@ -46,7 +46,7 @@ import org.springframework.web.bind.annotation.RestController;
      "SqlStringInjectionHint5-3",
      "SqlStringInjectionHint5-4"
    })
-public class SqlInjectionLesson5 extends AssignmentEndpoint {
+public class SqlInjectionLesson5 implements AssignmentEndpoint {

  private final LessonDataSource dataSource;

--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java
@ -37,7 +37,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints(value = {"SqlStringInjectionHint5a1"})
-public class SqlInjectionLesson5a extends AssignmentEndpoint {
+public class SqlInjectionLesson5a implements AssignmentEndpoint {

  private static final String EXPLANATION =
      "<br> Explanation: This injection works, because <span style=\"font-style: italic\">or '1' ="
--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java
@ -44,7 +44,7 @@ import org.springframework.web.bind.annotation.RestController;
      "SqlStringInjectionHint5b3",
      "SqlStringInjectionHint5b4"
    })
-public class SqlInjectionLesson5b extends AssignmentEndpoint {
+public class SqlInjectionLesson5b implements AssignmentEndpoint {

  private final LessonDataSource dataSource;

--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java
@ -48,7 +48,7 @@ import org.springframework.web.bind.annotation.RestController;
      "SqlStringInjectionHint.8.4",
      "SqlStringInjectionHint.8.5"
    })
-public class SqlInjectionLesson8 extends AssignmentEndpoint {
+public class SqlInjectionLesson8 implements AssignmentEndpoint {

  private final LessonDataSource dataSource;

--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java
@ -49,7 +49,7 @@ import org.springframework.web.bind.annotation.RestController;
      "SqlStringInjectionHint.9.4",
      "SqlStringInjectionHint.9.5"
    })
-public class SqlInjectionLesson9 extends AssignmentEndpoint {
+public class SqlInjectionLesson9 implements AssignmentEndpoint {

  private final LessonDataSource dataSource;

--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10a.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10a.java
@ -38,7 +38,7 @@ import org.springframework.web.bind.annotation.RestController;
@Slf4j
@AssignmentHints(
    value = {"SqlStringInjectionHint-mitigation-10a-1", "SqlStringInjectionHint-mitigation-10a-2"})
-public class SqlInjectionLesson10a extends AssignmentEndpoint {
+public class SqlInjectionLesson10a implements AssignmentEndpoint {

  private static final String[] results = {
    "getConnection", "PreparedStatement", "prepareStatement", "?", "?", "setString", "setString"
--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson10b.java
@ -55,7 +55,7 @@ import org.springframework.web.bind.annotation.RestController;
      "SqlStringInjectionHint-mitigation-10b-4",
      "SqlStringInjectionHint-mitigation-10b-5"
    })
-public class SqlInjectionLesson10b extends AssignmentEndpoint {
+public class SqlInjectionLesson10b implements AssignmentEndpoint {

  @PostMapping("/SqlInjectionMitigations/attack10b")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlInjectionLesson13.java
@ -48,7 +48,7 @@ import org.springframework.web.bind.annotation.RestController;
      "SqlStringInjectionHint-mitigation-13-4"
    })
@Slf4j
-public class SqlInjectionLesson13 extends AssignmentEndpoint {
+public class SqlInjectionLesson13 implements AssignmentEndpoint {

  private final LessonDataSource dataSource;

--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java
@ -36,7 +36,7 @@ import org.springframework.web.bind.annotation.RestController;
@RestController
@AssignmentHints(
    value = {"SqlOnlyInputValidation-1", "SqlOnlyInputValidation-2", "SqlOnlyInputValidation-3"})
-public class SqlOnlyInputValidation extends AssignmentEndpoint {
+public class SqlOnlyInputValidation implements AssignmentEndpoint {

  private final SqlInjectionLesson6a lesson6a;

--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java
@ -40,7 +40,7 @@ import org.springframework.web.bind.annotation.RestController;
      "SqlOnlyInputValidationOnKeywords-2",
      "SqlOnlyInputValidationOnKeywords-3"
    })
-public class SqlOnlyInputValidationOnKeywords extends AssignmentEndpoint {
+public class SqlOnlyInputValidationOnKeywords implements AssignmentEndpoint {

  private final SqlInjectionLesson6a lesson6a;

--- a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java
+++ b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java
@ -35,7 +35,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints({"ssrf.hint1", "ssrf.hint2"})
-public class SSRFTask1 extends AssignmentEndpoint {
+public class SSRFTask1 implements AssignmentEndpoint {

  @PostMapping("/SSRF/task1")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java
+++ b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java
@ -40,7 +40,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints({"ssrf.hint3"})
-public class SSRFTask2 extends AssignmentEndpoint {
+public class SSRFTask2 implements AssignmentEndpoint {

  @PostMapping("/SSRF/task2")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java
+++ b/src/main/java/org/owasp/webgoat/lessons/vulnerablecomponents/VulnerableComponentsLesson.java
@ -37,7 +37,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints({"vulnerable.hint"})
-public class VulnerableComponentsLesson extends AssignmentEndpoint {
+public class VulnerableComponentsLesson implements AssignmentEndpoint {

  @PostMapping("/VulnerableComponents/attack1")
  public @ResponseBody AttackResult completed(@RequestParam String payload) {
--- a/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/LandingAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/LandingAssignment.java
@ -41,7 +41,7 @@ import org.springframework.web.servlet.ModelAndView;
 * @since 8/20/17.
 */
@RestController
-public class LandingAssignment extends AssignmentEndpoint {
+public class LandingAssignment implements AssignmentEndpoint {
  private final String landingPageUrl;

  public LandingAssignment(@Value("${webwolf.landingpage.url}") String landingPageUrl) {
--- a/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/MailAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/webwolfintroduction/MailAssignment.java
@ -43,7 +43,7 @@ import org.springframework.web.client.RestTemplate;
 * @since 8/20/17.
 */
@RestController
-public class MailAssignment extends AssignmentEndpoint {
+public class MailAssignment implements AssignmentEndpoint {

  private final String webWolfURL;
  private RestTemplate restTemplate;
--- a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java
@ -33,7 +33,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class CrossSiteScriptingLesson1 extends AssignmentEndpoint {
+public class CrossSiteScriptingLesson1 implements AssignmentEndpoint {

  @PostMapping("/CrossSiteScripting/attack1")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java
@ -44,7 +44,7 @@ import org.springframework.web.bind.annotation.RestController;
      "xss-reflected-5a-hint-3",
      "xss-reflected-5a-hint-4"
    })
-public class CrossSiteScriptingLesson5a extends AssignmentEndpoint {
+public class CrossSiteScriptingLesson5a implements AssignmentEndpoint {

  public static final Predicate<String> XSS_PATTERN =
      Pattern.compile(
--- a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java
@ -42,7 +42,7 @@ import org.springframework.web.bind.annotation.RestController;
      "xss-reflected-6a-hint-3",
      "xss-reflected-6a-hint-4"
    })
-public class CrossSiteScriptingLesson6a extends AssignmentEndpoint {
+public class CrossSiteScriptingLesson6a implements AssignmentEndpoint {
  private final LessonSession userSessionData;

  public CrossSiteScriptingLesson6a(LessonSession userSessionData) {
--- a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java
@ -35,7 +35,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class CrossSiteScriptingQuiz extends AssignmentEndpoint {
+public class CrossSiteScriptingQuiz implements AssignmentEndpoint {

  private static final String[] solutions = {
    "Solution 4", "Solution 3", "Solution 1", "Solution 2", "Solution 4"
--- a/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java
@ -36,7 +36,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class DOMCrossSiteScripting extends AssignmentEndpoint {
+public class DOMCrossSiteScripting implements AssignmentEndpoint {

  private final LessonSession lessonSession;

--- a/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingVerifier.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScriptingVerifier.java
@ -45,7 +45,7 @@ import org.springframework.web.bind.annotation.RestController;
      "xss-dom-message-hint-5",
      "xss-dom-message-hint-6"
    })
-public class DOMCrossSiteScriptingVerifier extends AssignmentEndpoint {
+public class DOMCrossSiteScriptingVerifier implements AssignmentEndpoint {

  private final LessonSession lessonSession;

--- a/src/main/java/org/owasp/webgoat/lessons/xss/mitigation/CrossSiteScriptingLesson3.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/mitigation/CrossSiteScriptingLesson3.java
@ -44,7 +44,7 @@ import org.springframework.web.bind.annotation.RestController;
      "xss-mitigation-3-hint3",
      "xss-mitigation-3-hint4"
    })
-public class CrossSiteScriptingLesson3 extends AssignmentEndpoint {
+public class CrossSiteScriptingLesson3 implements AssignmentEndpoint {

  @PostMapping("/CrossSiteScripting/attack3")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/xss/mitigation/CrossSiteScriptingLesson4.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/mitigation/CrossSiteScriptingLesson4.java
@ -35,7 +35,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints(value = {"xss-mitigation-4-hint1"})
-public class CrossSiteScriptingLesson4 extends AssignmentEndpoint {
+public class CrossSiteScriptingLesson4 implements AssignmentEndpoint {

  @PostMapping("/CrossSiteScripting/attack4")
  @ResponseBody
--- a/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java
@ -35,7 +35,7 @@ import org.springframework.web.bind.annotation.RestController;

 /** Created by jason on 11/23/16. */
@RestController
-public class StoredCrossSiteScriptingVerifier extends AssignmentEndpoint {
+public class StoredCrossSiteScriptingVerifier implements AssignmentEndpoint {

  private final LessonSession lessonSession;

--- a/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java
@ -49,7 +49,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

@RestController
-public class StoredXssComments extends AssignmentEndpoint {
+public class StoredXssComments implements AssignmentEndpoint {

  private static final DateTimeFormatter fmt = DateTimeFormatter.ofPattern("yyyy-MM-dd, HH:mm:ss");

--- a/src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xxe/BlindSendFileAssignment.java
@ -60,7 +60,7 @@ import org.springframework.web.bind.annotation.RestController;
  "xxe.blind.hints.4",
  "xxe.blind.hints.5"
 })
-public class BlindSendFileAssignment extends AssignmentEndpoint implements Initializable {
+public class BlindSendFileAssignment implements AssignmentEndpoint, Initializable {

  private final String webGoatHomeDirectory;
  private final CommentsCache comments;
--- a/src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xxe/ContentTypeAssignment.java
@ -47,7 +47,7 @@ import org.springframework.web.bind.annotation.RestController;

@RestController
@AssignmentHints({"xxe.hints.content.type.xxe.1", "xxe.hints.content.type.xxe.2"})
-public class ContentTypeAssignment extends AssignmentEndpoint {
+public class ContentTypeAssignment implements AssignmentEndpoint {

  private static final String[] DEFAULT_LINUX_DIRECTORIES = {"usr", "etc", "var"};
  private static final String[] DEFAULT_WINDOWS_DIRECTORIES = {
--- a/src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xxe/SimpleXXE.java
@ -50,7 +50,7 @@ import org.springframework.web.bind.annotation.RestController;
  "xxe.hints.simple.xxe.5",
  "xxe.hints.simple.xxe.6"
 })
-public class SimpleXXE extends AssignmentEndpoint {
+public class SimpleXXE implements AssignmentEndpoint {

  private static final String[] DEFAULT_LINUX_DIRECTORIES = {"usr", "etc", "var"};
  private static final String[] DEFAULT_WINDOWS_DIRECTORIES = {
--- a/src/main/resources/lessons/lessontemplate/documentation/lesson-template-attack.adoc
+++ b/src/main/resources/lessons/lessontemplate/documentation/lesson-template-attack.adoc
@ -1,13 +1,13 @@
 === Step 4: Add an assignment to your lesson

 With an assignment, a user can practice within a lesson. A lesson can consist of multiple assignments, each assignment
-needs to extend the class `AssignmentEndpoint`, let's look at an example:
+needs to implement the class `AssignmentEndpoint`, let's look at an example:

 [source,java]
 ----
-@RestController // <1>
+import org.owasp.webgoat.container.assignments.AssignmentEndpoint;@RestController // <1>
@AssignmentHints({"lesson-template.hints.1", "lesson-template.hints.2", "lesson-template.hints.3"}) // <2>
-public class SampleAttack extends AssignmentEndpoint { // <3>
+public class SampleAttack implements AssignmentEndpoint { // <3>

    private final String secretValue = "secr37Value";

@ -32,7 +32,7 @@ public class SampleAttack extends AssignmentEndpoint { // <3>
        }

        // else
-        return builder.failed(this) // <8>
+        return failed(this) // <8>
                .feedback("lesson-template.sample-attack.failure-2")
                .output("Custom output for this failure scenario, usually html that will get rendered directly ... yes, you can self-xss if you want")
                .build();
@ -40,7 +40,7 @@ public class SampleAttack extends AssignmentEndpoint { // <3>
 ----
 <1> Every assignment is just a Spring RestController
 <2> Each assignment can have a list of hints. The actual text needs to be placed in `WebGoatLabels.properties` in the folder `src/main/resources/{lessonName}/i18n`
-<3> Each assignment needs to extend the class `AssignmentEndpoint`, giving you some helpful methods you need when you want to mark an assignment as complete
+<3> Each assignment needs to implement the interface `AssignmentEndpoint`. This is a marker interface, so no methods need to be implemented
 <4> As the assignment is a Spring-based class, you can auto wire every component managed by Spring necessary for the assignment
 <5> Each assignment should at least have one mapping with the method signature (see 6)
 <6> When the user tries to solve an assignment, you need return an `AttackResult`