#272 Fix lesson client side filtering

- Endpoint now returns proper json and no longer uses ecs.

webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/plugin/Salaries.java

@@ -4,12 +4,11 @@ package org.owasp.webgoat.plugin;
  *
  */
 
-import org.apache.ecs.html.TD;
+import com.google.common.collect.Lists;
-import org.apache.ecs.html.TR;
+import com.google.common.collect.Maps;
-import org.apache.ecs.html.Table;
 import org.owasp.webgoat.lessons.Endpoint;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.xml.sax.InputSource;
@@ -24,11 +23,14 @@ import javax.xml.xpath.XPathFactory;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
+import java.util.List;
+import java.util.Map;
 
 public class Salaries extends Endpoint {
 
-    @RequestMapping(method = RequestMethod.GET)
+    @RequestMapping(produces = {"application/json"})
-    public void invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+    @ResponseBody
+    public List<Map<String, Object>> invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         String userId = req.getParameter("userId");
         NodeList nodes = null;
         File d = new File(getPluginDirectory(), "ClientSideFiltering/html/employees.xml");
@@ -52,49 +54,18 @@ public class Salaries extends Endpoint {
         } catch (XPathExpressionException e) {
             e.printStackTrace();
         }
-        int nodesLength = nodes.getLength();
-
-
-        TR tr;
-
         int COLUMNS = 5;
-
+        List json = Lists.newArrayList();
-        Table t2 = null;
+        java.util.Map<String, Object> employeeJson = Maps.newHashMap();
-        if (nodesLength > 0) {
+        for (int i = 0; i < nodes.getLength(); i++) {
-            t2 = new Table().setCellSpacing(0).setCellPadding(0)
+            if (i != 0 && i % COLUMNS == 0) {
-                    .setBorder(1).setWidth("90%").setAlign("center");
+                employeeJson = Maps.newHashMap();
-            tr = new TR();
+                json.add(employeeJson);
-            tr.addElement(new TD().addElement("UserID"));
+            }
-            tr.addElement(new TD().addElement("First Name"));
-            tr.addElement(new TD().addElement("Last Name"));
-            tr.addElement(new TD().addElement("SSN"));
-            tr.addElement(new TD().addElement("Salary"));
-            t2.addElement(tr);
-        }
-
-        tr = new TR();
-
-        for (int i = 0; i < nodesLength; i++) {
             Node node = nodes.item(i);
-
+            employeeJson.put(node.getNodeName(), node.getTextContent());
-            if (i % COLUMNS == 0) {
-                tr = new TR();
-                tr.setID(node.getTextContent());
-                //tr.setStyle("display: none");
-            }
-
-            tr.addElement(new TD().addElement(node.getTextContent()));
-
-            if (i % COLUMNS == (COLUMNS - 1)) {
-                t2.addElement(tr);
-            }
-        }
-
-        if (t2 != null) {
-            resp.getWriter().println(t2.toString());
-        } else {
-            resp.getWriter().println("No Results");
         }
+        return json;
     }
 
     @Override

webgoat-lessons/client-side-filtering/src/main/resources/plugin/ClientSideFiltering/html/employees.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Employees>
-    <Employee >
+    <Employee>
         <UserID>101</UserID>
         <FirstName>Larry</FirstName>
         <LastName>Stooge</LastName>
@@ -37,8 +37,8 @@
         <DisciplinaryExplanation>Hit Curly over head</DisciplinaryExplanation>
         <DisciplinaryDate>101013</DisciplinaryDate>
         <Managers>
-			<Manager>112</Manager>
+            <Manager>112</Manager>
-		</Managers> 
+        </Managers>
     </Employee>
     <Employee>
         <UserID>103</UserID>
@@ -248,7 +248,7 @@
         <DisciplinaryExplanation></DisciplinaryExplanation>
         <DisciplinaryDate>112005</DisciplinaryDate>
         <Managers>
-		<Manager>112</Manager>
+            <Manager>112</Manager>
-	</Managers>
+        </Managers>
     </Employee>
 </Employees>

webgoat-lessons/client-side-filtering/src/main/resources/plugin/ClientSideFiltering/js/clientSideFiltering.js

@@ -15,8 +15,27 @@ function fetchUserData() {
 
 function ajaxFunction(userId) {
     $.get("clientSideFiltering/salaries?userId=" + userId, function (result, status) {
+        var html = "<table border = '1' width = '90%' align = 'center'";
+        html = html + '<tr>';
+        html = html + '<td>UserID</td>';
+        html = html + '<td>First Name</td>';
+        html = html + '<td>Last Name</td>';
+        html = html + '<td>SSN</td>';
+        html = html + '<td>Salary</td>';
+
+        for (var i = 0; i < result.length; i++) {
+            html = html + '<tr id = "' + result[i].UserID + '"</tr>';
+            html = html + '<td>' + result[i].UserID + '</td>';
+            html = html + '<td>' + result[i].FirstName + '</td>';
+            html = html + '<td>' + result[i].LastName + '</td>';
+            html = html + '<td>' + result[i].SSN + '</td>';
+            html = html + '<td>' + result[i].Salary + '</td>';
+            html = html + '</tr>';
+        }
+        html = html + '</tr></table>';
+
         var newdiv = document.createElement("div");
-        newdiv.innerHTML = result;
+        newdiv.innerHTML = html;
         var container = document.getElementById("hiddenEmployeeRecords");
         container.appendChild(newdiv);
     });