#272 Fix lesson client side filtering
- Endpoint now returns proper json and no longer uses ecs.
This commit is contained in:
		| @ -4,12 +4,11 @@ package org.owasp.webgoat.plugin; | ||||
|  * | ||||
|  */ | ||||
|  | ||||
| import org.apache.ecs.html.TD; | ||||
| import org.apache.ecs.html.TR; | ||||
| import org.apache.ecs.html.Table; | ||||
| import com.google.common.collect.Lists; | ||||
| import com.google.common.collect.Maps; | ||||
| import org.owasp.webgoat.lessons.Endpoint; | ||||
| import org.springframework.web.bind.annotation.RequestMapping; | ||||
| import org.springframework.web.bind.annotation.RequestMethod; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import org.w3c.dom.Node; | ||||
| import org.w3c.dom.NodeList; | ||||
| import org.xml.sax.InputSource; | ||||
| @ -24,11 +23,14 @@ import javax.xml.xpath.XPathFactory; | ||||
| import java.io.File; | ||||
| import java.io.FileInputStream; | ||||
| import java.io.IOException; | ||||
| import java.util.List; | ||||
| import java.util.Map; | ||||
|  | ||||
| public class Salaries extends Endpoint { | ||||
|  | ||||
|     @RequestMapping(method = RequestMethod.GET) | ||||
|     public void invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { | ||||
|     @RequestMapping(produces = {"application/json"}) | ||||
|     @ResponseBody | ||||
|     public List<Map<String, Object>> invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { | ||||
|         String userId = req.getParameter("userId"); | ||||
|         NodeList nodes = null; | ||||
|         File d = new File(getPluginDirectory(), "ClientSideFiltering/html/employees.xml"); | ||||
| @ -52,49 +54,18 @@ public class Salaries extends Endpoint { | ||||
|         } catch (XPathExpressionException e) { | ||||
|             e.printStackTrace(); | ||||
|         } | ||||
|         int nodesLength = nodes.getLength(); | ||||
|  | ||||
|  | ||||
|         TR tr; | ||||
|  | ||||
|         int COLUMNS = 5; | ||||
|  | ||||
|         Table t2 = null; | ||||
|         if (nodesLength > 0) { | ||||
|             t2 = new Table().setCellSpacing(0).setCellPadding(0) | ||||
|                     .setBorder(1).setWidth("90%").setAlign("center"); | ||||
|             tr = new TR(); | ||||
|             tr.addElement(new TD().addElement("UserID")); | ||||
|             tr.addElement(new TD().addElement("First Name")); | ||||
|             tr.addElement(new TD().addElement("Last Name")); | ||||
|             tr.addElement(new TD().addElement("SSN")); | ||||
|             tr.addElement(new TD().addElement("Salary")); | ||||
|             t2.addElement(tr); | ||||
|         } | ||||
|  | ||||
|         tr = new TR(); | ||||
|  | ||||
|         for (int i = 0; i < nodesLength; i++) { | ||||
|         List json = Lists.newArrayList(); | ||||
|         java.util.Map<String, Object> employeeJson = Maps.newHashMap(); | ||||
|         for (int i = 0; i < nodes.getLength(); i++) { | ||||
|             if (i != 0 && i % COLUMNS == 0) { | ||||
|                 employeeJson = Maps.newHashMap(); | ||||
|                 json.add(employeeJson); | ||||
|             } | ||||
|             Node node = nodes.item(i); | ||||
|  | ||||
|             if (i % COLUMNS == 0) { | ||||
|                 tr = new TR(); | ||||
|                 tr.setID(node.getTextContent()); | ||||
|                 //tr.setStyle("display: none"); | ||||
|             } | ||||
|  | ||||
|             tr.addElement(new TD().addElement(node.getTextContent())); | ||||
|  | ||||
|             if (i % COLUMNS == (COLUMNS - 1)) { | ||||
|                 t2.addElement(tr); | ||||
|             } | ||||
|         } | ||||
|  | ||||
|         if (t2 != null) { | ||||
|             resp.getWriter().println(t2.toString()); | ||||
|         } else { | ||||
|             resp.getWriter().println("No Results"); | ||||
|             employeeJson.put(node.getNodeName(), node.getTextContent()); | ||||
|         } | ||||
|         return json; | ||||
|     } | ||||
|  | ||||
|     @Override | ||||
|  | ||||
| @ -1,6 +1,6 @@ | ||||
| <?xml version="1.0" encoding="UTF-8"?> | ||||
| <Employees> | ||||
|     <Employee > | ||||
|     <Employee> | ||||
|         <UserID>101</UserID> | ||||
|         <FirstName>Larry</FirstName> | ||||
|         <LastName>Stooge</LastName> | ||||
| @ -19,7 +19,7 @@ | ||||
|             <Manager>102</Manager> | ||||
|             <Manager>111</Manager> | ||||
|             <Manager>112</Manager> | ||||
|         </Managers>  | ||||
|         </Managers> | ||||
|     </Employee> | ||||
|     <Employee> | ||||
|         <UserID>102</UserID> | ||||
| @ -37,8 +37,8 @@ | ||||
|         <DisciplinaryExplanation>Hit Curly over head</DisciplinaryExplanation> | ||||
|         <DisciplinaryDate>101013</DisciplinaryDate> | ||||
|         <Managers> | ||||
| 			<Manager>112</Manager> | ||||
| 		</Managers>  | ||||
|             <Manager>112</Manager> | ||||
|         </Managers> | ||||
|     </Employee> | ||||
|     <Employee> | ||||
|         <UserID>103</UserID> | ||||
| @ -59,7 +59,7 @@ | ||||
|             <Manager>102</Manager> | ||||
|             <Manager>111</Manager> | ||||
|             <Manager>112</Manager> | ||||
|         </Managers>   | ||||
|         </Managers> | ||||
|     </Employee> | ||||
|     <Employee> | ||||
|         <UserID>104</UserID> | ||||
| @ -81,7 +81,7 @@ | ||||
|             <Manager>102</Manager> | ||||
|             <Manager>111</Manager> | ||||
|             <Manager>112</Manager> | ||||
|         </Managers>  | ||||
|         </Managers> | ||||
|     </Employee> | ||||
|     <Employee> | ||||
|         <UserID>105</UserID> | ||||
| @ -103,7 +103,7 @@ | ||||
|             <Manager>102</Manager> | ||||
|             <Manager>111</Manager> | ||||
|             <Manager>112</Manager> | ||||
|         </Managers>  | ||||
|         </Managers> | ||||
|     </Employee> | ||||
|     <Employee> | ||||
|         <UserID>106</UserID> | ||||
| @ -124,7 +124,7 @@ | ||||
|             <Manager>102</Manager> | ||||
|             <Manager>111</Manager> | ||||
|             <Manager>112</Manager> | ||||
|         </Managers>   | ||||
|         </Managers> | ||||
|     </Employee> | ||||
|     <Employee> | ||||
|         <UserID>107</UserID> | ||||
| @ -145,7 +145,7 @@ | ||||
|             <Manager>102</Manager> | ||||
|             <Manager>111</Manager> | ||||
|             <Manager>112</Manager> | ||||
|         </Managers>          | ||||
|         </Managers> | ||||
|     </Employee> | ||||
|     <Employee> | ||||
|         <UserID>108</UserID> | ||||
| @ -167,7 +167,7 @@ | ||||
|             <Manager>102</Manager> | ||||
|             <Manager>111</Manager> | ||||
|             <Manager>112</Manager> | ||||
|         </Managers>         | ||||
|         </Managers> | ||||
|     </Employee> | ||||
|     <Employee> | ||||
|         <UserID>109</UserID> | ||||
| @ -189,7 +189,7 @@ | ||||
|             <Manager>102</Manager> | ||||
|             <Manager>111</Manager> | ||||
|             <Manager>112</Manager> | ||||
|         </Managers>         | ||||
|         </Managers> | ||||
|     </Employee> | ||||
|     <Employee> | ||||
|         <UserID>110</UserID> | ||||
| @ -211,7 +211,7 @@ | ||||
|             <Manager>102</Manager> | ||||
|             <Manager>111</Manager> | ||||
|             <Manager>112</Manager> | ||||
|         </Managers>  | ||||
|         </Managers> | ||||
|     </Employee> | ||||
|     <Employee> | ||||
|         <UserID>111</UserID> | ||||
| @ -230,7 +230,7 @@ | ||||
|         <DisciplinaryDate>112005</DisciplinaryDate> | ||||
|         <Managers> | ||||
|             <Manager>112</Manager> | ||||
|         </Managers>    | ||||
|         </Managers> | ||||
|     </Employee> | ||||
|     <Employee> | ||||
|         <UserID>112</UserID> | ||||
| @ -246,9 +246,9 @@ | ||||
|         <Limit>300</Limit> | ||||
|         <Comments></Comments> | ||||
|         <DisciplinaryExplanation></DisciplinaryExplanation> | ||||
|         <DisciplinaryDate>112005</DisciplinaryDate>         | ||||
|         <DisciplinaryDate>112005</DisciplinaryDate> | ||||
|         <Managers> | ||||
| 		<Manager>112</Manager> | ||||
| 	</Managers> | ||||
|             <Manager>112</Manager> | ||||
|         </Managers> | ||||
|     </Employee> | ||||
| </Employees> | ||||
|  | ||||
| @ -15,8 +15,27 @@ function fetchUserData() { | ||||
|  | ||||
| function ajaxFunction(userId) { | ||||
|     $.get("clientSideFiltering/salaries?userId=" + userId, function (result, status) { | ||||
|         var html = "<table border = '1' width = '90%' align = 'center'"; | ||||
|         html = html + '<tr>'; | ||||
|         html = html + '<td>UserID</td>'; | ||||
|         html = html + '<td>First Name</td>'; | ||||
|         html = html + '<td>Last Name</td>'; | ||||
|         html = html + '<td>SSN</td>'; | ||||
|         html = html + '<td>Salary</td>'; | ||||
|  | ||||
|         for (var i = 0; i < result.length; i++) { | ||||
|             html = html + '<tr id = "' + result[i].UserID + '"</tr>'; | ||||
|             html = html + '<td>' + result[i].UserID + '</td>'; | ||||
|             html = html + '<td>' + result[i].FirstName + '</td>'; | ||||
|             html = html + '<td>' + result[i].LastName + '</td>'; | ||||
|             html = html + '<td>' + result[i].SSN + '</td>'; | ||||
|             html = html + '<td>' + result[i].Salary + '</td>'; | ||||
|             html = html + '</tr>'; | ||||
|         } | ||||
|         html = html + '</tr></table>'; | ||||
|  | ||||
|         var newdiv = document.createElement("div"); | ||||
|         newdiv.innerHTML = result; | ||||
|         newdiv.innerHTML = html; | ||||
|         var container = document.getElementById("hiddenEmployeeRecords"); | ||||
|         container.appendChild(newdiv); | ||||
|     }); | ||||
|  | ||||
		Reference in New Issue
	
	Block a user