dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/webgoat-container' into webgoat-container

Browse Source 
Conflicts:
	src/main/java/org/owasp/webgoat/session/Course.java
This commit is contained in:
nbaars 2015-02-23 20:33:22 +01:00
commit 6e25026391
3 changed files with 606 additions and 332 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pom.xml
View File

@ -48,7 +48,9 @@
<artifactId>maven-war-plugin</artifactId> <artifactId>maven-war-plugin</artifactId>
<configuration> <configuration>
<archiveClasses>true</archiveClasses> <!-- archiving the classes breaks the admin screen loads in course.java
the legacy lesson loader does not look in jar files for lessons -->
<archiveClasses>false</archiveClasses>
<manifest> <manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries> <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
</manifest> </manifest>

259
src/main/java/org/owasp/webgoat/plugins/LegacyLoader.java Normal file
View File

@ -0,0 +1,259 @@
package org.owasp.webgoat.plugins;
import java.io.File;
import java.io.IOException;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.servlet.ServletContext;
import org.owasp.webgoat.HammerHead;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.session.WebgoatProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* *************************************************************************************************
* <p/>
* <p/>
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
* <p/>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p/>
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
* <p/>
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
* <p/>
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
* <p/>
* Getting Source ==============
* <p/>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
* for free software projects.
* <p/>
* For details, please see http://webgoat.github.io
*
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
public class LegacyLoader {
final Logger logger = LoggerFactory.getLogger(LegacyLoader.class);
private final List<String> files = new LinkedList<String>();
public LegacyLoader() {
}
/**
* Take an absolute file and return the filename.
* <p/>
* Ex. /etc/password becomes password
*
* @param s
* @return the file name
*/
private static String getFileName(String s) {
String fileName = new File(s).getName();
if (fileName.contains("/")) {
fileName = fileName.substring(fileName.lastIndexOf("/"), fileName.length());
}
if (fileName.contains(".")) {
fileName = fileName.substring(0, fileName.indexOf("."));
}
return fileName;
}
/**
* Take a class name and return the equivalent file name
* <p/>
* Ex. org.owasp.webgoat becomes org/owasp/webgoat.java
*
* @param className
* @return
*/
private static String getSourceFile(String className) {
StringBuilder sb = new StringBuilder();
sb.append(className.replace(".", "/"));
sb.append(".java");
return sb.toString();
}
/**
* Takes a file name and builds the class file name
*
* @param fileName Description of the Parameter
* @param path Description of the Parameter
* @return Description of the Return Value
*/
private static String getClassFile(String fileName, String path) {
String ext = ".class";
fileName = fileName.trim();
/**
* We do not handle directories. We do not handle files with different
* extensions
*/
if (fileName.endsWith("/") || !fileName.endsWith(ext)) {
return null;
}
// skip over plugins and/or extracted plugins
if ( fileName.indexOf("lessons/plugin") >= 0 || fileName.indexOf("plugin_extracted") >= 0) {
return null;
}
// if the file is in /WEB-INF/classes strip the dir info off
int index = fileName.indexOf("/WEB-INF/classes/");
if (index != -1) {
fileName = fileName.substring(index + "/WEB-INF/classes/".length(), fileName.length() - ext.length());
fileName = fileName.replace('/', '.');
fileName = fileName.replace('\\', '.');
} else {
// Strip off the leading path info
fileName = fileName.substring(path.length(), fileName.length() - ext.length());
}
return fileName;
}
/**
* Load all of the filenames into a temporary cache
*
* @param context
* @param path
*/
public void loadFiles(ServletContext context, String path) {
logger.debug("Loading files into cache, path: " + path);
Set resourcePaths = context.getResourcePaths(path);
if (resourcePaths == null) {
logger.error("Unable to load file cache for courses, this is probably a bug or configuration issue");
return;
}
Iterator itr = resourcePaths.iterator();
while (itr.hasNext()) {
String file = (String) itr.next();
if (file.length() != 1 && file.endsWith("/")) {
loadFiles(context, file);
} else {
files.add(file);
}
}
}
/**
* Instantiate all the lesson objects into a cache
*
* @param path
* @param context
*/
public List<AbstractLesson> loadLessons(WebgoatContext webgoatContext, ServletContext context, String path, WebgoatProperties properties ) {
loadFiles(context, path);
List<AbstractLesson> lessons = new LinkedList<AbstractLesson>();
for (String file : files) {
String className = getClassFile(file, path);
if (className != null && !className.endsWith("_i")) {
try {
Class c = Class.forName(className);
Object o = c.newInstance();
if (o instanceof AbstractLesson) {
AbstractLesson lesson = (AbstractLesson) o;
lesson.setWebgoatContext(webgoatContext);
lesson.update(properties);
if (lesson.getHidden() == false) {
lessons.add(lesson);
}
}
} catch (Exception e) {
// Bruce says:
// I don't think we want to log the exception here. We could
// be potentially showing a lot of exceptions that don't matter.
// We would only care if the lesson extended AbstractLesson and we
// can't tell that because it threw the exception. Catch 22
// logger.error("Error in loadLessons: ", e);
}
}
}
loadResources(lessons);
return lessons;
}
private String getLanguageFromFileName(String first, String absoluteFile) {
int p1 = absoluteFile.indexOf("/", absoluteFile.indexOf(first) + 1);
int p2 = absoluteFile.indexOf("/", p1 + 1);
String langStr = absoluteFile.substring(p1 + 1, p2);
return langStr;
}
/**
* For each lesson, set the source file and lesson file
* @param lessons
*/
public void loadResources(List<AbstractLesson> lessons ) {
for (AbstractLesson lesson : lessons) {
logger.info("Loading resources for lesson -> " + lesson.getName());
String className = lesson.getClass().getName();
String classFile = getSourceFile(className);
logger.info("Lesson classname: " + className);
logger.info("Lesson java file: " + classFile);
for (String absoluteFile : files) {
String fileName = getFileName(absoluteFile);
//logger.debug("Course: looking at file: " + absoluteFile);
if (absoluteFile.endsWith(classFile)) {
logger.info("Set source file for " + classFile);
lesson.setSourceFileName(absoluteFile);
}
if (absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html")
&& className.endsWith(fileName)) {
logger.info("setting lesson plan file " + absoluteFile + " for lesson "
+ lesson.getClass().getName());
logger.info("fileName: " + fileName + " == className: " + className);
String language = getLanguageFromFileName("/lesson_plans", absoluteFile);
lesson.setLessonPlanFileName(language, absoluteFile);
}
if (absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html")
&& className.endsWith(fileName)) {
logger.info("setting lesson solution file " + absoluteFile + " for lesson "
+ lesson.getClass().getName());
logger.info("fileName: " + fileName + " == className: " + className);
lesson.setLessonSolutionFileName(absoluteFile);
}
}
}
}
}

15
src/main/java/org/owasp/webgoat/session/Course.java
View File

@ -18,7 +18,18 @@ import java.util.Collections;
import java.util.Iterator; import java.util.Iterator;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map
import javax.servlet.ServletContext;
import org.owasp.webgoat.HammerHead;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.plugins.GlobalProperties;
import org.owasp.webgoat.plugins.LegacyLoader;
import org.owasp.webgoat.plugins.Plugin;
import org.owasp.webgoat.plugins.PluginsLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** /**
* ************************************************************************************************* * *************************************************************************************************
@ -326,6 +337,8 @@ public class Course {
logger.info("Loading courses: " + path); logger.info("Loading courses: " + path);
this.webgoatContext = webgoatContext; this.webgoatContext = webgoatContext;
loadLessonFromPlugin(context); loadLessonFromPlugin(context);
LegacyLoader loader = new LegacyLoader();
lessons.addAll(loader.loadLessons(webgoatContext, context, path, properties));
} }
} }