From 711649924b16de61d3bcef6fee77597025269a81 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Sat, 9 Apr 2022 14:56:12 +0200 Subject: [PATCH] Refactoring (#1201) * Some initial refactoring * Make it one application * Got it working * Fix problem on Windows * Move WebWolf * Move first lesson * Moved all lessons * Fix pom.xml * Fix tests * Add option to initialize a lesson This way we can create content for each user inside a lesson. The initialize method will be called when a new user is created or when a lesson reset happens * Clean up pom.xml files * Remove fetching labels based on language. We only support English at the moment, all the lesson explanations are written in English which makes it very difficult to translate. If we only had labels it would make sense to support multiple languages * Fix SonarLint issues * And move it all to the main project * Fix for documentation paths * Fix pom warnings * Remove PMD as it does not work * Update release notes about refactoring Update release notes about refactoring Update release notes about refactoring * Fix lesson template * Update release notes * Keep it in the same repo in Dockerhub * Update documentation to show how the connection is obtained. Resolves: #1180 * Rename all integration tests * Remove command from Dockerfile * Simplify GitHub actions Currently, we use a separate actions for pull-requests and branch build. This is now consolidated in one action. The PR action triggers always, it now only trigger when the PR is opened and not in draft. Running all platforms on a branch build is a bit too much, it is better to only run all platforms when someone opens a PR. * Remove duplicate entry from release notes * Add explicit registry for base image * Lesson scanner not working when fat jar When running the fat jar we have to take into account we are reading from the jar file and not the filesystem. In this case you cannot use `getFile` for example. * added info in README and fixed release docker * changed base image and added ignore file Co-authored-by: Zubcevic.com --- .dockerignore | 3 + .editorconfig | 1 - .github/workflows/branch_build.yml | 57 - .github/workflows/build.yml | 72 + .github/workflows/pr_build.yml | 48 - .github/workflows/release.yml | 15 +- Dockerfile | 32 + README.md | 32 +- RELEASE_NOTES.md | 16 +- config/pmd/pmd-ruleset.xml | 1746 ----------------- docker/Dockerfile | 22 - docker/Readme.md | 13 - docker/index.html | 70 - docker/nginx.conf | 140 -- docker/pom.xml | 40 - docs/README.md | 2 +- mvn-debug | 2 +- pom.xml | 634 ++++-- .../webgoat/AccessControlIntegrationTest.java | 9 +- .../owasp/webgoat/CSRFIntegrationTest.java | 37 +- .../webgoat/ChallengeIntegrationTest.java | 112 ++ .../owasp/webgoat/CryptoIntegrationTest.java | 8 +- .../DeserializationIntegrationTest.java | 10 +- .../webgoat/GeneralLessonIntegrationTest.java | 4 +- .../owasp/webgoat/IDORIntegrationTest.java | 2 +- .../org/owasp/webgoat/IntegrationTest.java | 170 +- .../webgoat/JWTLessonIntegrationTest.java | 6 +- .../PasswordResetLessonIntegrationTest.java | 22 +- .../webgoat/PathTraversalIntegrationTest.java | 20 +- .../ProgressRaceConditionIntegrationTest.java | 7 +- .../owasp/webgoat/SSRFIntegrationTest.java | 2 +- .../webgoat/SeleniumIntegrationTest.java | 22 +- .../SessionManagementIntegrationTest.java | 2 +- .../SqlInjectionAdvancedIntegrationTest.java | 2 +- .../SqlInjectionLessonIntegrationTest.java | 2 +- ...SqlInjectionMitigationIntegrationTest.java | 4 +- .../owasp/webgoat/WebWolfIntegrationTest.java | 6 +- .../org/owasp/webgoat/XSSIntegrationTest.java | 2 +- .../org/owasp/webgoat/XXEIntegrationTest.java | 57 +- .../framework/VulnerableTaskHolder.java | 147 +- .../AjaxAuthenticationEntryPoint.java | 3 +- .../AsciiDoctorTemplateResolver.java | 64 +- .../container/DatabaseConfiguration.java | 68 + .../owasp/webgoat/container}/HammerHead.java | 10 +- .../webgoat/container}/LessonDataSource.java | 4 +- .../container}/LessonTemplateResolver.java | 18 +- .../webgoat/container}/MvcConfiguration.java | 102 +- .../org/owasp/webgoat/container}/WebGoat.java | 12 +- .../webgoat/container}/WebSecurityConfig.java | 8 +- .../webgoat/container/WebWolfRedirect.java | 21 + .../asciidoc/EnvironmentExposure.java | 2 +- .../asciidoc/OperatingSystemMacro.java | 2 +- .../container}/asciidoc/UsernameMacro.java | 8 +- .../asciidoc/WebGoatTmpDirMacro.java | 2 +- .../asciidoc/WebGoatVersionMacro.java | 2 +- .../container}/asciidoc/WebWolfMacro.java | 10 +- .../container}/asciidoc/WebWolfRootMacro.java | 3 +- .../assignments/AssignmentEndpoint.java | 17 +- .../assignments/AssignmentHints.java | 2 +- .../assignments/AssignmentPath.java | 2 +- .../container}/assignments/AttackResult.java | 11 +- .../assignments/LessonTrackerInterceptor.java | 12 +- .../container}/controller/StartLesson.java | 40 +- .../container}/controller/Welcome.java | 9 +- .../webgoat/container}/i18n/Language.java | 2 +- .../webgoat/container}/i18n/Messages.java | 2 +- .../container}/i18n/PluginMessages.java | 24 +- .../container}/lessons/Assignment.java | 12 +- .../webgoat/container}/lessons/Category.java | 2 +- .../lessons/CourseConfiguration.java | 16 +- .../webgoat/container}/lessons/Hint.java | 2 +- .../container/lessons/Initializeable.java | 12 + .../webgoat/container}/lessons/Lesson.java | 19 +- .../LessonConnectionInvocationHandler.java | 13 +- .../container}/lessons/LessonInfoModel.java | 2 +- .../container}/lessons/LessonMenuItem.java | 4 +- .../lessons/LessonMenuItemType.java | 2 +- .../container/lessons/LessonScanner.java | 46 + .../container/service/EnvironmentService.java | 19 + .../container}/service/HintService.java | 21 +- .../container}/service/LabelDebugService.java | 18 +- .../container}/service/LabelService.java | 41 +- .../container}/service/LessonInfoService.java | 8 +- .../container}/service/LessonMenuService.java | 55 +- .../service/LessonProgressService.java | 59 + .../service/LessonTitleService.java | 6 +- .../container}/service/ReportCardService.java | 16 +- .../service/RestartLessonService.java | 15 +- .../container}/service/SessionService.java | 6 +- .../webgoat/container}/session/Course.java | 20 +- .../container}/session/LabelDebugger.java | 4 +- .../container}/session/UserSessionData.java | 2 +- .../container}/session/WebSession.java | 10 +- .../container}/users/LessonTracker.java | 10 +- .../users/RegistrationController.java | 3 +- .../webgoat/container}/users/Scoreboard.java | 45 +- .../webgoat/container}/users/UserForm.java | 2 +- .../container}/users/UserRepository.java | 2 +- .../webgoat/container}/users/UserService.java | 7 +- .../webgoat/container}/users/UserSession.java | 2 +- .../webgoat/container}/users/UserTracker.java | 6 +- .../users/UserTrackerRepository.java | 2 +- .../container}/users/UserValidator.java | 2 +- .../webgoat/container}/users/WebGoatUser.java | 9 +- .../AccountVerificationHelper.java | 2 +- .../lessons}/auth_bypass/AuthBypass.java | 6 +- .../lessons}/auth_bypass/VerifyAccount.java | 12 +- .../BypassRestrictions.java | 6 +- .../BypassRestrictionsFieldRestrictions.java | 6 +- .../BypassRestrictionsFrontendValidation.java | 6 +- .../lessons}/challenges/ChallengeIntro.java | 6 +- .../webgoat/lessons}/challenges/Email.java | 4 +- .../webgoat/lessons}/challenges/Flag.java | 12 +- .../challenges/SolutionConstants.java | 2 +- .../challenges/challenge1/Assignment1.java | 10 +- .../challenges/challenge1/Challenge1.java | 6 +- .../challenges/challenge1/ImageServlet.java | 36 + .../challenges/challenge5/Assignment5.java | 11 +- .../challenges/challenge5/Challenge5.java | 6 +- .../challenges/challenge7/Assignment7.java | 15 +- .../challenges/challenge7/Challenge7.java | 6 +- .../lessons}/challenges/challenge7/MD5.java | 4 +- .../challenge7/PasswordResetLink.java | 2 +- .../challenges/challenge8/Assignment8.java | 8 +- .../challenges/challenge8/Challenge8.java | 6 +- .../chrome_dev_tools/ChromeDevTools.java | 6 +- .../chrome_dev_tools/NetworkDummy.java | 10 +- .../chrome_dev_tools/NetworkLesson.java | 8 +- .../org/owasp/webgoat/lessons}/cia/CIA.java | 8 +- .../owasp/webgoat/lessons}/cia/CIAQuiz.java | 6 +- .../ClientSideFiltering.java | 6 +- .../ClientSideFilteringAssignment.java | 8 +- .../ClientSideFilteringFreeAssignment.java | 8 +- .../client_side_filtering/Salaries.java | 4 +- .../client_side_filtering/ShopEndpoint.java | 13 +- .../lessons/cryptography}/CryptoUtil.java | 4 +- .../lessons/cryptography/Cryptography.java | 8 +- .../cryptography}/EncodingAssignment.java | 6 +- .../cryptography}/HashingAssignment.java | 8 +- .../SecureDefaultsAssignment.java | 8 +- .../cryptography}/SigningAssignment.java | 8 +- .../cryptography}/XOREncodingAssignment.java | 8 +- .../org/owasp/webgoat/lessons}/csrf/CSRF.java | 6 +- .../lessons}/csrf/CSRFConfirmFlag1.java | 10 +- .../webgoat/lessons}/csrf/CSRFFeedback.java | 10 +- .../webgoat/lessons}/csrf/CSRFGetFlag.java | 6 +- .../webgoat/lessons}/csrf/CSRFLogin.java | 12 +- .../webgoat/lessons}/csrf/ForgedReviews.java | 12 +- .../owasp/webgoat/lessons}/csrf/Review.java | 2 +- .../InsecureDeserialization.java | 6 +- .../InsecureDeserializationTask.java | 10 +- .../deserialization/SerializationHelper.java | 2 +- .../lessons}/hijacksession/HijackSession.java | 6 +- .../HijackSessionAssignment.java | 12 +- .../hijacksession/cas/Authentication.java | 2 +- .../cas/AuthenticationProvider.java | 2 +- .../HijackSessionAuthenticationProvider.java | 2 +- .../html_tampering/HtmlTampering.java | 6 +- .../html_tampering/HtmlTamperingTask.java | 8 +- .../lessons}/http_basics/HttpBasics.java | 6 +- .../http_basics/HttpBasicsLesson.java | 8 +- .../lessons}/http_basics/HttpBasicsQuiz.java | 10 +- .../HttpBasicsInterceptRequest.java | 6 +- .../lessons}/http_proxies/HttpProxies.java | 6 +- .../org/owasp/webgoat/lessons}/idor/IDOR.java | 6 +- .../lessons}/idor/IDORDiffAttributes.java | 8 +- .../lessons}/idor/IDOREditOtherProfiile.java | 10 +- .../webgoat/lessons}/idor/IDORLogin.java | 10 +- .../lessons}/idor/IDORViewOtherProfile.java | 10 +- .../lessons}/idor/IDORViewOwnProfile.java | 4 +- .../idor/IDORViewOwnProfileAltUrl.java | 10 +- .../webgoat/lessons}/idor/UserProfile.java | 2 +- .../insecure_login/InsecureLogin.java | 6 +- .../insecure_login/InsecureLoginTask.java | 8 +- .../org/owasp/webgoat/lessons}/jwt/JWT.java | 6 +- .../lessons}/jwt/JWTDecodeEndpoint.java | 6 +- .../lessons}/jwt/JWTFinalEndpoint.java | 10 +- .../owasp/webgoat/lessons}/jwt/JWTQuiz.java | 6 +- .../lessons}/jwt/JWTRefreshEndpoint.java | 8 +- .../lessons}/jwt/JWTSecretKeyEndpoint.java | 8 +- .../lessons}/jwt/JWTVotesEndpoint.java | 12 +- .../webgoat/lessons}/jwt/votes/Views.java | 2 +- .../webgoat/lessons}/jwt/votes/Vote.java | 4 +- .../lesson_template}/LessonTemplate.java | 6 +- .../lesson_template}/SampleAttack.java | 10 +- .../lessons}/logging/LogBleedingTask.java | 6 +- .../webgoat/lessons}/logging/LogSpoofing.java | 6 +- .../lessons}/logging/LogSpoofingTask.java | 6 +- .../lessons}/missing_ac/DisplayUser.java | 2 +- .../MissingAccessControlUserRepository.java | 4 +- .../missing_ac/MissingFunctionAC.java | 6 +- .../MissingFunctionACHiddenMenus.java | 8 +- .../missing_ac/MissingFunctionACUsers.java | 8 +- .../missing_ac/MissingFunctionACYourHash.java | 10 +- .../MissingFunctionACYourHashAdmin.java | 10 +- .../webgoat/lessons}/missing_ac/User.java | 2 +- .../password_reset/PasswordReset.java | 6 +- .../password_reset/PasswordResetEmail.java | 4 +- .../password_reset/QuestionsAssignment.java | 6 +- .../password_reset/ResetLinkAssignment.java | 14 +- .../ResetLinkAssignmentForgotPassword.java | 6 +- .../SecurityQuestionAssignment.java | 6 +- .../password_reset/SimpleMailAssignment.java | 6 +- .../password_reset/TriedQuestions.java | 2 +- .../resetlink/PasswordChangeForm.java | 2 +- .../path_traversal/PathTraversal.java | 6 +- .../path_traversal/ProfileUpload.java | 8 +- .../path_traversal/ProfileUploadBase.java | 10 +- .../path_traversal/ProfileUploadFix.java | 8 +- .../ProfileUploadRemoveUserInput.java | 8 +- .../ProfileUploadRetrieval.java | 10 +- .../path_traversal/ProfileZipSlip.java | 8 +- .../secure_passwords}/SecurePasswords.java | 6 +- .../SecurePasswordsAssignment.java | 6 +- .../lessons}/spoofcookie/SpoofCookie.java | 6 +- .../spoofcookie/SpoofCookieAssignment.java | 8 +- .../lessons}/spoofcookie/encoders/EncDec.java | 2 +- .../advanced/SqlInjectionAdvanced.java | 6 +- .../advanced/SqlInjectionChallenge.java | 10 +- .../advanced/SqlInjectionChallengeLogin.java | 10 +- .../advanced/SqlInjectionLesson6a.java | 14 +- .../advanced/SqlInjectionLesson6b.java | 8 +- .../advanced/SqlInjectionQuiz.java | 6 +- .../introduction/SqlInjection.java | 6 +- .../introduction/SqlInjectionLesson10.java | 10 +- .../introduction/SqlInjectionLesson2.java | 10 +- .../introduction/SqlInjectionLesson3.java | 10 +- .../introduction/SqlInjectionLesson4.java | 10 +- .../introduction/SqlInjectionLesson5.java | 11 +- .../introduction/SqlInjectionLesson5a.java | 12 +- .../introduction/SqlInjectionLesson5b.java | 12 +- .../introduction/SqlInjectionLesson8.java | 10 +- .../introduction/SqlInjectionLesson9.java | 10 +- .../sql_injection/mitigation/Servers.java | 27 +- .../mitigation/SqlInjectionLesson10a.java | 8 +- .../mitigation/SqlInjectionLesson10b.java | 8 +- .../mitigation/SqlInjectionLesson13.java | 12 +- .../mitigation/SqlInjectionMitigations.java | 6 +- .../mitigation/SqlOnlyInputValidation.java | 10 +- .../SqlOnlyInputValidationOnKeywords.java | 10 +- .../org/owasp/webgoat/lessons}/ssrf/SSRF.java | 6 +- .../webgoat/lessons}/ssrf/SSRFTask1.java | 8 +- .../webgoat/lessons}/ssrf/SSRFTask2.java | 8 +- .../vulnerable_components/Contact.java | 4 +- .../vulnerable_components/ContactImpl.java | 4 +- .../VulnerableComponents.java | 6 +- .../VulnerableComponentsLesson.java | 28 +- .../WebGoatIntroduction.java | 6 +- .../lessons}/webwolf_introduction/Email.java | 4 +- .../LandingAssignment.java | 8 +- .../webwolf_introduction/MailAssignment.java | 6 +- .../WebWolfIntroduction.java | 6 +- .../owasp/webgoat/lessons}/xss/Comment.java | 2 +- .../lessons}/xss/CrossSiteScripting.java | 6 +- .../xss/CrossSiteScriptingLesson1.java | 6 +- .../xss/CrossSiteScriptingLesson3.java | 8 +- .../xss/CrossSiteScriptingLesson4.java | 8 +- .../xss/CrossSiteScriptingLesson5a.java | 10 +- .../xss/CrossSiteScriptingLesson6a.java | 10 +- .../xss}/CrossSiteScriptingMitigation.java | 6 +- .../lessons}/xss/CrossSiteScriptingQuiz.java | 6 +- .../lessons}/xss/DOMCrossSiteScripting.java | 10 +- .../xss/DOMCrossSiteScriptingVerifier.java | 12 +- .../xss/stored/CrossSiteScriptingStored.java | 6 +- .../StoredCrossSiteScriptingVerifier.java | 10 +- .../xss/stored/StoredXssComments.java | 14 +- .../lessons}/xxe/BlindSendFileAssignment.java | 66 +- .../owasp/webgoat/lessons}/xxe/Comment.java | 2 +- .../webgoat/lessons/xxe/CommentsCache.java | 68 +- .../lessons}/xxe/CommentsEndpoint.java | 4 +- .../lessons}/xxe/ContentTypeAssignment.java | 12 +- .../org/owasp/webgoat/lessons}/xxe/Ping.java | 4 +- .../owasp/webgoat/lessons}/xxe/SimpleXXE.java | 16 +- .../org/owasp/webgoat/lessons}/xxe/User.java | 2 +- .../org/owasp/webgoat/lessons}/xxe/XXE.java | 6 +- .../owasp/webgoat/server/ParentConfig.java | 10 + .../owasp/webgoat/server/StartWebGoat.java | 82 + .../owasp/webgoat/server/StartupMessage.java | 33 + .../owasp/webgoat}/webwolf/FileServer.java | 26 +- .../webgoat}/webwolf/MvcConfiguration.java | 23 +- .../webgoat}/webwolf/WebSecurityConfig.java | 14 +- .../org/owasp/webgoat/webwolf/WebWolf.java | 40 +- .../webgoat}/webwolf/jwt/JWTController.java | 8 +- .../owasp/webgoat}/webwolf/jwt/JWTToken.java | 6 +- .../owasp/webgoat}/webwolf/mailbox/Email.java | 2 +- .../webwolf/mailbox/MailboxController.java | 16 +- .../webwolf/mailbox/MailboxRepository.java | 2 +- .../webwolf/requests/LandingPage.java | 2 +- .../webgoat}/webwolf/requests/Requests.java | 19 +- .../requests/WebWolfTraceRepository.java | 8 +- .../webgoat}/webwolf/user/UserRepository.java | 2 +- .../webgoat}/webwolf/user/UserService.java | 5 +- .../webgoat}/webwolf/user/WebGoatUser.java | 8 +- .../resources/application-webgoat.properties | 20 +- .../resources/application-webwolf.properties | 20 +- src/main/resources/banner.txt | 6 + .../main/resources/db/container/V1__init.sql | 0 .../resources/db/container/V2__version.sql | 0 .../main/resources/goatkeystore.pkcs12 | Bin .../main/resources/i18n/messages.properties | 0 .../resources/i18n/messages_de.properties | 0 .../resources/i18n/messages_fr.properties | 0 .../resources/i18n/messages_nl.properties | 0 .../resources/i18n/messages_ru.properties | 0 .../documentation}/2fa-bypass.adoc | 0 .../documentation}/bypass-intro.adoc | 0 .../documentation}/lesson-template-video.adoc | 0 .../lessons/auth_bypass}/html/AuthBypass.html | 8 +- .../i18n/WebGoatLabels.properties | 0 .../images/firefox-proxy-config.png | Bin .../auth_bypass}/images/paypal-2fa-bypass.png | Bin .../lessons/auth_bypass}/js/bypass.js | 0 .../css/bypass-restrictions.css | 0 .../BypassRestrictions_FieldRestrictions.adoc | 0 ...BypassRestrictions_FrontendValidation.adoc | 0 .../BypassRestrictions_Intro.adoc | 0 .../html/BypassRestrictions.html | 6 +- .../i18n/WebGoatLabels.properties | 0 .../lessons/challenges}/challenge7/git.zip | Bin .../lessons/challenges}/css/challenge6.css | 0 .../lessons/challenges}/css/challenge8.css | 0 .../db/migration/V2018_09_26_1__users.sql | 0 .../documentation}/Challenge_1.adoc | 0 .../documentation}/Challenge_5.adoc | 0 .../documentation}/Challenge_6.adoc | 0 .../documentation}/Challenge_7.adoc | 0 .../documentation}/Challenge_8.adoc | 0 .../Challenge_introduction.adoc | 0 .../lessons/challenges/html/Challenge.html | 9 + .../lessons/challenges}/html/Challenge1.html | 4 +- .../lessons/challenges}/html/Challenge5.html | 4 +- .../lessons/challenges}/html/Challenge6.html | 4 +- .../lessons/challenges}/html/Challenge7.html | 4 +- .../lessons/challenges}/html/Challenge8.html | 4 +- .../challenges}/i18n/WebGoatLabels.properties | 0 .../lessons/challenges}/images/avatar1.png | Bin .../lessons/challenges}/images/boss.jpg | Bin .../challenges}/images/challenge1-small.png | Bin .../lessons/challenges}/images/challenge1.png | Bin .../challenges}/images/challenge2-small.png | Bin .../lessons/challenges}/images/challenge2.png | Bin .../challenges}/images/challenge3-small.png | Bin .../lessons/challenges}/images/challenge3.png | Bin .../challenges}/images/challenge4-small.png | Bin .../lessons/challenges}/images/challenge4.png | Bin .../challenges}/images/challenge5-small.png | Bin .../lessons/challenges}/images/challenge5.png | Bin .../challenges}/images/hi-five-cat.jpg | Bin .../lessons/challenges}/images/user1.png | Bin .../lessons/challenges}/images/user2.png | Bin .../lessons/challenges}/images/user3.png | Bin .../lessons/challenges}/images/webgoat2.png | Bin .../lessons/challenges}/js/bootstrap.min.js | 0 .../lessons/challenges}/js/challenge6.js | 0 .../lessons/challenges}/js/challenge8.js | 0 .../ChromeDevTools_Assignment.adoc | 0 .../ChromeDevTools_Assignment_Network.adoc | 0 .../ChromeDevTools_console.adoc | 0 .../ChromeDevTools_elements.adoc | 0 .../documentation}/ChromeDevTools_intro.adoc | 0 .../ChromeDevTools_sources.adoc | 0 .../html/ChromeDevTools.html | 14 +- .../i18n/WebGoatLabels.properties | 0 .../images/ChromeDev_Console_Clear.jpg | Bin .../images/ChromeDev_Console_Ex.jpg | Bin .../images/ChromeDev_Elements.jpg | Bin .../images/ChromeDev_Elements_CSS.jpg | Bin .../images/ChromeDev_Network.jpg | Bin .../images/ChromeDev_Sources.jpg | Bin .../cia/documentation}/CIA_availability.adoc | 0 .../documentation}/CIA_confidentiality.adoc | 0 .../cia/documentation}/CIA_integrity.adoc | 0 .../lessons/cia/documentation}/CIA_intro.adoc | 0 .../lessons/cia/documentation}/CIA_quiz.adoc | 0 .../main/resources/lessons/cia}/html/CIA.html | 12 +- .../cia}/i18n/WebGoatLabels.properties | 0 .../lessons/cia}/js/questions_cia.json | 0 .../css/clientSideFiltering-stage1.css | 0 .../css/clientSideFilteringFree.css | 0 .../ClientSideFiltering_assignment.adoc | 0 .../ClientSideFiltering_final.adoc | 0 .../ClientSideFiltering_plan.adoc | 0 .../html/ClientSideFiltering.html | 6 +- .../i18n/WebGoatLabels.properties | 0 .../images/lesson1_header.jpg | Bin .../images/lesson1_workspace.jpg | Bin .../images/samsung-black.jpg | Bin .../images/samsung-grey.jpg | Bin .../js/clientSideFiltering.js | 0 .../js/clientSideFilteringFree.js | 0 .../en/ClientSideFiltering.html | 0 .../clientside_firebug.jpg | Bin .../documentation}/Crypto_plan.adoc | 0 .../cryptography/documentation}/defaults.adoc | 0 .../documentation}/encoding_plan.adoc | 0 .../documentation}/encoding_plan2.adoc | 0 .../documentation}/encryption.adoc | 0 .../documentation}/hashing_plan.adoc | 0 .../documentation}/keystores.adoc | 0 .../documentation}/postquantum.adoc | 0 .../cryptography/documentation}/signing.adoc | 0 .../cryptography/html/Cryptography.html | 20 +- .../i18n/WebGoatLabels.properties | 0 .../resources/lessons/csrf}/css/reviews.css | 0 .../csrf/documentation}/CSRF_Basic_Get-1.adoc | 0 .../csrf/documentation}/CSRF_ContentType.adoc | 0 .../csrf/documentation}/CSRF_Frameworks.adoc | 0 .../lessons/csrf/documentation}/CSRF_GET.adoc | 0 .../csrf/documentation}/CSRF_Get_Flag.adoc | 0 .../documentation}/CSRF_Impact_Defense.adoc | 0 .../csrf/documentation}/CSRF_JSON.adoc | 0 .../csrf/documentation}/CSRF_Login.adoc | 0 .../csrf/documentation}/CSRF_Reviews.adoc | 0 .../csrf/documentation}/CSRF_intro.adoc | 0 .../resources/lessons/csrf}/html/CSRF.html | 22 +- .../csrf}/i18n/WebGoatLabels.properties | 0 .../lessons/csrf}/images/login-csrf.png | Bin .../resources/lessons/csrf}/js/csrf-review.js | 0 .../resources/lessons/csrf}/js/feedback.js | 0 .../InsecureDeserialization_GadgetChain.adoc | 0 .../InsecureDeserialization_Intro.adoc | 0 ...InsecureDeserialization_SimpleExploit.adoc | 0 .../InsecureDeserialization_Task.adoc | 0 .../InsecureDeserialization_WhatIs.adoc | 0 .../html/InsecureDeserialization.html | 10 +- .../i18n/WebGoatLabels.properties | 0 .../main/resources/lessons}/employees.xml | 0 .../HijackSession_content0.adoc | 0 .../documentation}/HijackSession_plan.adoc | 0 .../hijacksession}/html/HijackSession.html | 6 +- .../i18n/WebGoatLabels.properties | 0 .../en/HijackSession_solution.adoc | 0 .../lessonSolutions/html/HijackSession.html | 0 .../hijacksession}/templates/hijackform.html | 0 .../documentation}/HtmlTampering_Intro.adoc | 0 .../HtmlTampering_Mitigation.adoc | 0 .../documentation}/HtmlTampering_Task.adoc | 0 .../html_tampering}/html/HtmlTampering.html | 6 +- .../i18n/WebGoatLabels.properties | 0 .../html_tampering}/images/samsung.jpg | Bin .../documentation}/HttpBasics_content1.adoc | 0 .../documentation}/HttpBasics_content2.adoc | 0 .../documentation}/HttpBasics_plan.adoc | 0 .../lessons/http_basics}/html/HttpBasics.html | 8 +- .../i18n/WebGoatLabels.properties | 0 .../i18n/WebGoatLabels_de.properties | 0 .../i18n/WebGoatLabels_fr.properties | 0 .../i18n/WebGoatLabels_nl.properties | 0 .../i18n/WebGoatLabels_ru.properties | 0 .../documentation}/0overview.adoc | 0 .../http_proxies/documentation}/10burp.adoc | 0 .../documentation}/1proxysetupsteps.adoc | 0 .../documentation}/3browsersetup.adoc | 0 .../5configurefilterandbreakpoints.adoc | 0 .../documentation}/6assignment.adoc | 0 .../http_proxies/documentation}/7resend.adoc | 0 .../documentation}/8httpsproxy.adoc | 54 +- .../http_proxies/documentation}/9manual.adoc | 0 .../http_proxies}/html/HttpProxies.html | 18 +- .../i18n/WebGoatLabels.properties | 0 .../http_proxies}/images/breakpoint.png | Bin .../http_proxies}/images/breakpoint2.png | Bin .../http_proxies}/images/burpfilter.png | Bin .../http_proxies}/images/burpfilterclient.png | Bin .../http_proxies}/images/burpintercept.png | Bin .../http_proxies}/images/burpintercepted.png | Bin .../http_proxies}/images/burpproxy.png | Bin .../lessons/http_proxies}/images/burpwarn.png | Bin .../images/chrome-manual-proxy-win.png | Bin .../images/chrome-manual-proxy.png | Bin .../images/firefox-proxy-config.png | Bin .../images/firefoxsettingscerts.png | Bin .../http_proxies}/images/importcerts.png | Bin .../http_proxies}/images/loginscreen.png | Bin .../http_proxies}/images/newlocalhost.png | Bin .../images/proxy-intercept-button.png | Bin .../images/proxy-intercept-details.png | Bin .../lessons/http_proxies}/images/rootca.png | Bin .../http_proxies}/images/savecerts.png | Bin .../images/zap-browser-button.png | Bin .../http_proxies}/images/zap-exclude.png | Bin .../http_proxies}/images/zap-history.png | Bin .../http_proxies}/images/zap-start.png | Bin .../images/zap_edit_and_resend.png | Bin .../images/zap_edit_and_response.png | Bin .../images/zap_edit_and_send.png | Bin .../http_proxies}/images/zap_exclude.png | Bin .../http_proxies}/images/zap_exclude_url.png | Bin .../documentation}/IDOR_editOtherProfile.adoc | 0 .../documentation}/IDOR_editOwnProfile.adoc | 0 .../documentation}/IDOR_inputAltPath.adoc | 0 .../idor/documentation}/IDOR_intro.adoc | 0 .../idor/documentation}/IDOR_login.adoc | 0 .../idor/documentation}/IDOR_mitigation.adoc | 0 .../idor/documentation}/IDOR_viewDiffs.adoc | 0 .../documentation}/IDOR_viewOtherProfile.adoc | 0 .../documentation}/IDOR_viewOwnAltPath.adoc | 0 .../idor/documentation}/IDOR_whatDiffs.adoc | 0 .../lessons/idor/documentation}/temp.txt | 0 .../resources/lessons/idor}/html/IDOR.html | 18 +- .../idor}/i18n/WebGoatLabels.properties | 0 .../main/resources/lessons/idor}/js/idor.js | 0 .../documentation}/InsecureLogin_Intro.adoc | 0 .../documentation}/InsecureLogin_Task.adoc | 0 .../insecure_login}/html/InsecureLogin.html | 4 +- .../i18n/WebGoatLabels.properties | 0 .../lessons/insecure_login}/js/credentials.js | 0 .../main/resources/lessons/jwt}/css/jwt.css | 0 .../jwt}/db/migration/V2019_09_25_1__jwt.sql | 0 .../jwt/documentation}/JWT_decode.adoc | 0 .../lessons/jwt/documentation}/JWT_final.adoc | 0 .../jwt/documentation}/JWT_libraries.adoc | 0 .../JWT_libraries_assignment.adoc | 0 .../JWT_libraries_assignment2.adoc | 0 .../JWT_libraries_solution.adoc | 0 .../documentation}/JWT_login_to_token.adoc | 0 .../jwt/documentation}/JWT_mitigation.adoc | 0 .../lessons/jwt/documentation}/JWT_plan.adoc | 0 .../jwt/documentation}/JWT_refresh.adoc | 0 .../JWT_refresh_assignment.adoc | 0 .../jwt/documentation}/JWT_signing.adoc | 0 .../documentation}/JWT_signing_solution.adoc | 0 .../jwt/documentation}/JWT_storing.adoc | 0 .../jwt/documentation}/JWT_structure.adoc | 0 .../lessons/jwt/documentation}/JWT_weak_keys | 0 .../main/resources/lessons/jwt}/html/JWT.html | 30 +- .../jwt}/i18n/WebGoatLabels.properties | 0 .../lessons/jwt/images/challenge1-small.png | Bin 0 -> 11722 bytes .../lessons/jwt/images/challenge2-small.png | Bin 0 -> 34371 bytes .../lessons/jwt/images/challenge3-small.png | Bin 0 -> 59108 bytes .../lessons/jwt/images/challenge4-small.png | Bin 0 -> 4433 bytes .../lessons/jwt/images/challenge5-small.png | Bin 0 -> 17065 bytes .../resources/lessons/jwt}/images/jerry.png | Bin .../lessons/jwt}/images/jwt_diagram.png | Bin .../lessons/jwt}/images/jwt_token.png | Bin .../resources/lessons/jwt}/images/logs.txt | 0 .../lessons/jwt}/images/product-icon.png | Bin .../resources/lessons/jwt}/images/tom.png | Bin .../main/resources/lessons/jwt}/js/jwt-buy.js | 0 .../resources/lessons/jwt}/js/jwt-final.js | 0 .../resources/lessons/jwt}/js/jwt-refresh.js | 0 .../resources/lessons/jwt}/js/jwt-voting.js | 0 .../lessons/jwt}/js/jwt-weak-keys.js | 0 .../lessons/jwt}/js/questions_jwt.json | 0 .../migration/V2019_11_10_1__introduction.sql | 0 .../lesson-template-attack.adoc | 24 +- .../lesson-template-content.adoc | 36 + .../lesson-template-database.adoc | 6 +- .../documentation/lesson-template-glue.adoc | 34 + .../documentation}/lesson-template-intro.adoc | 6 +- .../lesson-template-lesson-class.adoc | 3 +- .../lesson-template-video-more.adoc | 0 .../documentation}/lesson-template-video.adoc | 4 +- .../lesson_template}/html/LessonTemplate.html | 16 +- .../i18n/WebGoatLabels.properties | 0 .../images/firefox-proxy-config.png | Bin .../lessons/lesson_template}/js/idor.js | 0 .../lesson_template}/video/sample-video.m4v | Bin .../documentation}/logReading_Task.adoc | 0 .../documentation}/logSpoofing_Task.adoc | 0 .../logging/documentation}/logging_intro.adoc | 0 .../logging/documentation}/more_logging.adoc | 0 .../sensitive_logging_intro.adoc | 0 .../lessons/logging}/html/LogSpoofing.html | 10 +- .../logging}/i18n/WebGoatLabels.properties | 0 .../resources/lessons/missing_ac}/css/ac.css | 0 .../db/migration/V2021_11_03_1__ac.sql | 0 .../missing-function-ac-01-intro.adoc | 0 ...issing-function-ac-02-client-controls.adoc | 0 .../missing-function-ac-03-users.adoc | 0 .../missing-function-ac-04-users-fixed.adoc | 0 .../missing_ac}/html/MissingFunctionAC.html | 8 +- .../missing_ac}/i18n/WebGoatLabels.properties | 0 .../lessons/password_reset}/css/password.css | 0 .../PasswordReset_SecurityQuestions.adoc | 0 .../PasswordReset_host_header.adoc | 0 .../PasswordReset_known_questions.adoc | 0 .../PasswordReset_mitigation.adoc | 0 .../documentation}/PasswordReset_plan.adoc | 0 .../documentation}/PasswordReset_simple.adoc | 0 .../PasswordReset_wrong_message.adoc | 0 .../password_reset}/html/PasswordReset.html | 16 +- .../i18n/WebGoatLabels.properties | 0 .../lessons/password_reset}/images/reset1.png | Bin .../lessons/password_reset}/images/reset2.png | Bin .../lessons/password_reset}/images/slack1.png | Bin .../lessons/password_reset}/images/slack2.png | Bin .../js/password-reset-simple.js | 0 .../templates/password_link_not_found.html | 0 .../templates/password_reset.html | 0 .../password_reset}/templates/success.html | 0 .../path_traversal}/css/path_traversal.css | 0 .../documentation}/PathTraversal_intro.adoc | 0 .../PathTraversal_retrieval.adoc | 0 .../documentation}/PathTraversal_upload.adoc | 0 .../PathTraversal_upload_fix.adoc | 0 .../PathTraversal_upload_fixed.adoc | 0 .../PathTraversal_upload_mitigation.adoc | 0 ...athTraversal_upload_remove_user_input.adoc | 0 .../PathTraversal_zip_slip.adoc | 0 .../PathTraversal_zip_slip_assignment.adoc | 0 .../PathTraversal_zip_slip_solution.adoc | 0 .../path_traversal}/html/PathTraversal.html | 18 +- .../i18n/WebGoatLabels.properties | 0 .../path_traversal}/images/account.png | Bin .../lessons/path_traversal}/images/cats/1.jpg | Bin .../path_traversal}/images/cats/10.jpg | Bin .../lessons/path_traversal}/images/cats/2.jpg | Bin .../lessons/path_traversal}/images/cats/3.jpg | Bin .../lessons/path_traversal}/images/cats/4.jpg | Bin .../lessons/path_traversal}/images/cats/5.jpg | Bin .../lessons/path_traversal}/images/cats/6.jpg | Bin .../lessons/path_traversal}/images/cats/7.jpg | Bin .../lessons/path_traversal}/images/cats/8.jpg | Bin .../lessons/path_traversal}/images/cats/9.jpg | Bin .../path_traversal}/js/path_traversal.js | 0 .../documentation}/SecurePasswords_1.adoc | 0 .../documentation}/SecurePasswords_2.adoc | 0 .../documentation}/SecurePasswords_3.adoc | 0 .../documentation}/SecurePasswords_4.adoc | 0 ...curePasswords_assignment_introduction.adoc | 0 .../documentation}/SecurePasswords_intro.adoc | 0 .../html/SecurePasswords.html | 14 +- .../i18n/WebGoatLabels.properties | 0 .../i18n/WebGoatLabels_nl.properties | 0 .../secure_passwords}/js/questions_cia.json | 0 .../main/resources/lessons}/sol.MD | 0 .../main/resources/lessons}/sol.txt | 0 .../documentation}/SpoofCookie_content0.adoc | 0 .../documentation}/SpoofCookie_plan.adoc | 0 .../spoofcookie}/html/SpoofCookie.html | 6 +- .../i18n/WebGoatLabels.properties | 0 .../lessons/spoofcookie}/js/handler.js | 0 .../en/SpoofCookie_solution.adoc | 0 .../lessonSolutions/html/SpoofCookie.html | 0 .../templates/spoofcookieform.html | 0 .../sql_injection}/css/assignments.css | 0 .../lessons/sql_injection}/css/challenge.css | 0 .../lessons/sql_injection}/css/quiz.css | 0 .../db/migration/V2019_09_26_1__servers.sql | 12 +- .../db/migration/V2019_09_26_2__users.sql | 0 .../db/migration/V2019_09_26_3__salaries.sql | 0 .../db/migration/V2019_09_26_4__tan.sql | 0 .../V2019_09_26_5__challenge_assignment.sql | 0 .../V2019_09_26_6__user_system_data.sql | 0 .../db/migration/V2019_09_26_7__employees.sql | 0 .../db/migration/V2021_03_13_8__grant.sql | 0 .../SqlInjectionAdvanced_plan.adoc | 0 .../SqlInjection_challenge.adoc | 0 .../SqlInjection_content10.adoc | 2 +- .../SqlInjection_content11.adoc | 0 .../SqlInjection_content12.adoc | 0 .../SqlInjection_content12a.adoc | 0 .../SqlInjection_content12b.adoc | 0 .../SqlInjection_content13.adoc | 0 .../SqlInjection_content14.adoc | 0 .../documentation}/SqlInjection_content6.adoc | 0 .../SqlInjection_content6a.adoc | 0 .../SqlInjection_content6c.adoc | 0 .../documentation}/SqlInjection_content7.adoc | 0 .../documentation}/SqlInjection_content8.adoc | 0 .../documentation}/SqlInjection_content9.adoc | 0 .../SqlInjection_introduction_content1.adoc | 0 .../SqlInjection_introduction_content10.adoc | 0 .../SqlInjection_introduction_content11.adoc | 0 .../SqlInjection_introduction_content12.adoc | 0 .../SqlInjection_introduction_content2.adoc | 0 .../SqlInjection_introduction_content3.adoc | 0 .../SqlInjection_introduction_content4.adoc | 0 ...Injection_introduction_content5_after.adoc | 0 ...njection_introduction_content5_before.adoc | 0 .../SqlInjection_introduction_content6.adoc | 0 .../SqlInjection_introduction_content7.adoc | 0 .../SqlInjection_introduction_content8.adoc | 0 .../SqlInjection_introduction_content9.adoc | 0 .../SqlInjection_introduction_plan.adoc | 0 .../SqlInjection_jdbc_completion.adoc | 0 .../SqlInjection_jdbc_newcode.adoc | 0 .../documentation}/SqlInjection_order_by.adoc | 0 .../documentation}/SqlInjection_quiz.adoc | 0 .../sql_injection}/html/SqlInjection.html | 28 +- .../html/SqlInjectionAdvanced.html | 12 +- .../html/SqlInjectionMitigations.html | 26 +- .../i18n/WebGoatLabels.properties | 0 .../i18n/WebGoatLabels_de.properties | 0 .../i18n/WebGoatLabels_fr.properties | 0 .../i18n/WebGoatLabels_ru.properties | 0 .../sql_injection}/js/assignment10b.js | 0 .../lessons/sql_injection}/js/assignment13.js | 0 .../lessons/sql_injection}/js/challenge.js | 0 .../js/questions_sql_injection.json | 0 .../ssrf/documentation}/SSRF_Intro.adoc | 0 .../ssrf/documentation}/SSRF_Prevent.adoc | 0 .../ssrf/documentation}/SSRF_Task1.adoc | 0 .../ssrf/documentation}/SSRF_Task2.adoc | 0 .../resources/lessons/ssrf}/html/SSRF.html | 8 +- .../ssrf}/i18n/WebGoatLabels.properties | 0 .../resources/lessons/ssrf}/images/cat.jpg | Bin .../resources/lessons/ssrf}/images/jerry.png | Bin .../resources/lessons/ssrf}/images/tom.png | Bin .../resources/lessons/ssrf}/js/credentials.js | 0 .../VulnerableComponents_content0.adoc | 0 .../VulnerableComponents_content1.adoc | 0 .../VulnerableComponents_content1a.adoc | 0 .../VulnerableComponents_content2.adoc | 0 .../VulnerableComponents_content2a.adoc | 0 .../VulnerableComponents_content3.adoc | 0 .../VulnerableComponents_content4.adoc | 0 .../VulnerableComponents_content4a.adoc | 0 .../VulnerableComponents_content4b.adoc | 0 .../VulnerableComponents_content4c.adoc | 0 .../VulnerableComponents_content5.adoc | 0 .../VulnerableComponents_content5a.adoc | 0 .../VulnerableComponents_content6.adoc | 0 .../VulnerableComponents_plan.adoc | 0 .../html/VulnerableComponents.html | 30 +- .../i18n/WebGoatLabels.properties | 0 .../images/OWASP-2013-A9.png | Bin .../images/OWASP-Dep-Check.png | Bin .../images/Old-Components.png | Bin .../images/OpenSourceGrowing.png | Bin .../images/Risk-of-Old-Components.png | Bin .../images/WebGoat-Vulns.png | Bin .../documentation}/Introduction.adoc | 0 .../html/WebGoatIntroduction.html | 8 + .../i18n/WebGoatLabels.properties | 0 .../webgoat_introduction}/images/wg_logo.png | Bin .../documentation}/IntroductionWebWolf.adoc | 0 .../documentation}/Landing_page.adoc | 0 .../documentation}/Receiving_mail.adoc | 0 .../documentation}/Uploading_files.adoc | 0 .../html/WebWolfIntroduction.html | 8 +- .../i18n/WebGoatLabels.properties | 0 .../webwolf_introduction}/images/files.png | Bin .../webwolf_introduction}/images/mailbox.png | Bin .../webwolf_introduction}/images/requests.png | Bin .../images/wolf-enabled.png | Bin .../templates/webwolfPasswordReset.html | 0 .../resources/lessons/xss}/css/stored-xss.css | 0 .../CrossSiteScriptingMitigation_plan.adoc | 0 .../CrossSiteScriptingStored_plan.adoc | 0 .../CrossSiteScripting_content1.adoc | 0 .../CrossSiteScripting_content2.adoc | 0 .../CrossSiteScripting_content3.adoc | 0 .../CrossSiteScripting_content4.adoc | 0 .../CrossSiteScripting_content5.adoc | 0 .../CrossSiteScripting_content5a.adoc | 0 .../CrossSiteScripting_content5b.adoc | 0 .../CrossSiteScripting_content6.adoc | 0 .../CrossSiteScripting_content6a.adoc | 0 .../CrossSiteScripting_content6b.adoc | 0 .../CrossSiteScripting_content7-off.adoc | 0 .../CrossSiteScripting_content7.adoc | 0 .../CrossSiteScripting_content7b.adoc | 0 .../CrossSiteScripting_content7c.adoc | 0 .../CrossSiteScripting_content8.adoc | 0 .../CrossSiteScripting_content8a.adoc | 0 .../CrossSiteScripting_content8b.adoc | 0 .../CrossSiteScripting_content8c.adoc | 0 .../CrossSiteScripting_content9.adoc | 0 .../CrossSiteScripting_plan.adoc | 0 .../CrossSiteScripting_quiz.adoc | 0 .../lessons/xss}/html/CrossSiteScripting.html | 26 +- .../html/CrossSiteScriptingMitigation.html | 14 +- .../xss}/html/CrossSiteScriptingStored.html | 10 +- .../xss}/i18n/WebGoatLabels.properties | 0 .../xss}/i18n/WebGoatLabels_de.properties | 0 .../xss}/i18n/WebGoatLabels_fr.properties | 0 .../xss}/i18n/WebGoatLabels_ru.properties | 0 .../lessons/xss}/images/Reflected-XSS.png | Bin .../lessons/xss}/images/Stored-XSS.png | Bin .../resources/lessons/xss}/images/avatar1.png | Bin .../resources/lessons/xss}/js/assignment3.js | 0 .../resources/lessons/xss}/js/assignment4.js | 0 .../js/questions_cross_site_scripting.json | 0 .../resources/lessons/xss}/js/stored-xss.js | 0 .../main/resources/lessons/xxe}/css/xxe.css | 0 .../resources/lessons/xxe}/csv/flights.txt | 0 .../lessons/xxe/documentation}/XXE_blind.adoc | 0 .../documentation}/XXE_blind_assignment.adoc | 4 +- .../XXE_changing_content_type.adoc | 0 .../XXE_changing_content_type_solution.adoc | 0 .../lessons/xxe/documentation}/XXE_code.adoc | 0 .../lessons/xxe/documentation}/XXE_intro.adoc | 0 .../xxe/documentation}/XXE_mitigation.adoc | 0 .../xxe/documentation}/XXE_overflow.adoc | 0 .../lessons/xxe/documentation}/XXE_plan.adoc | 0 .../xxe/documentation}/XXE_simple.adoc | 0 .../XXE_simple_introduction.adoc | 0 .../documentation}/XXE_simple_solution.adoc | 0 .../XXE_static_code_analysis.adoc | 0 .../lessons/xxe/documentation}/temp.txt | 0 .../main/resources/lessons/xxe}/html/XXE.html | 26 +- .../xxe}/i18n/WebGoatLabels.properties | 0 .../resources/lessons/xxe}/images/avatar1.png | Bin .../resources/lessons/xxe}/images/cat.jpg | Bin .../lessons/xxe}/images/etc_password.png | Bin .../resources/lessons/xxe}/images/example.dtd | 0 .../lessons/xxe}/images/sonar-issue-xxe.png | Bin .../lessons/xxe}/images/sonar-issues.png | Bin .../lessons/xxe}/images/wolf-enabled.png | Bin .../lessons/xxe}/images/xxe-parser-java.png | Bin .../lessons/xxe}/images/xxe-parser.png | Bin .../lessons/xxe}/images/xxe-suggested-fix.png | Bin .../main/resources/lessons/xxe}/js/xxe.js | 0 .../main/resources/lessons/xxe}/secret.txt | 0 .../resources/webgoat}/static/css/animate.css | 0 .../static/css/asciidoctor-default.css | 0 .../resources/webgoat}/static/css/coderay.css | 0 .../webgoat}/static/css/font-awesome.min.css | 0 .../webgoat}/static/css/img/appseceu-17.png | Bin .../webgoat}/static/css/img/favicon.ico | Bin .../webgoat}/static/css/img/logo.png | Bin .../webgoat}/static/css/img/logoBG.jpg | Bin .../webgoat}/static/css/img/owasp_logo.jpg | Bin .../webgoat}/static/css/img/solution.svg | 0 .../webgoat}/static/css/img/webBg.png | Bin .../webgoat/static/css/img}/wolf.svg | 0 .../resources/webgoat}/static/css/layers.css | 0 .../resources/webgoat}/static/css/main.css | 0 .../resources/webgoat}/static/css/menu.css | 0 .../resources/webgoat/static}/css/quiz.css | 0 .../resources/webgoat}/static/css/webgoat.css | 0 .../webgoat}/static/fonts/FontAwesome.otf | Bin .../static/fonts/fontawesome-webfont.eot | Bin .../static/fonts/fontawesome-webfont.svg | 0 .../static/fonts/fontawesome-webfont.ttf | Bin .../static/fonts/fontawesome-webfont.woff | Bin .../webgoat}/static/js/application.js | 0 .../js/goatApp/controller/LessonController.js | 0 .../js/goatApp/controller/MenuController.js | 0 .../webgoat}/static/js/goatApp/goatApp.js | 0 .../js/goatApp/model/AssignmentStatusModel.js | 0 .../static/js/goatApp/model/FlagModel.js | 0 .../js/goatApp/model/FlagsCollection.js | 0 .../js/goatApp/model/HTMLContentModel.js | 0 .../static/js/goatApp/model/HintCollection.js | 0 .../static/js/goatApp/model/HintModel.js | 0 .../js/goatApp/model/LabelDebugModel.js | 0 .../js/goatApp/model/LessonContentModel.js | 0 .../js/goatApp/model/LessonInfoModel.js | 0 .../goatApp/model/LessonOverviewCollection.js | 0 .../static/js/goatApp/model/MenuCollection.js | 0 .../static/js/goatApp/model/MenuData.js | 0 .../static/js/goatApp/model/MenuModel.js | 0 .../js/goatApp/model/ReportCardModel.js | 0 .../static/js/goatApp/scoreboardApp.js | 0 .../static/js/goatApp/support/CustomGoat.js | 0 .../static/js/goatApp/support/GoatUtils.js | 0 .../goatApp/support/goatAsyncErrorHandler.js | 0 .../js/goatApp/support/goatConstants.js | 0 .../js/goatApp/templates/lesson_overview.html | 0 .../js/goatApp/templates/paging_controls.html | 0 .../js/goatApp/templates/report_card.html | 0 .../js/goatApp/templates/scoreboard.html | 0 .../js/goatApp/view/ErrorNotificationView.js | 0 .../static/js/goatApp/view/GoatRouter.js | 0 .../js/goatApp/view/HelpControlsView.js | 0 .../static/js/goatApp/view/HintView.js | 0 .../js/goatApp/view/LessonContentView.js | 0 .../static/js/goatApp/view/MenuButtonView.js | 0 .../static/js/goatApp/view/MenuItemView.js | 0 .../static/js/goatApp/view/MenuView.js | 0 .../js/goatApp/view/PaginationControlView.js | 0 .../static/js/goatApp/view/ReportCardView.js | 0 .../static/js/goatApp/view/ScoreboardView.js | 0 .../static/js/goatApp/view/TitleView.js | 0 .../static/js/goatApp/view/UserAndInfoView.js | 0 .../static/js/jquery/jquery-1.10.2.min.js | 0 .../js/jquery/jquery-ui-1.10.4.custom.min.js | 0 .../static/js/jquery_form/jquery.form.js | 0 .../resources/webgoat}/static/js/libs/ace.js | 0 .../webgoat}/static/js/libs/backbone-min.js | 0 .../webgoat}/static/js/libs/bootstrap.min.js | 0 .../static/js/libs/jquery-2.1.4.min.js | 0 .../webgoat}/static/js/libs/jquery-base.js | 0 .../static/js/libs/jquery-ui-1.10.4.js | 0 .../webgoat}/static/js/libs/jquery-ui.min.js | 0 .../webgoat}/static/js/libs/jquery-vuln.js | 0 .../webgoat}/static/js/libs/jquery.form.js | 0 .../webgoat}/static/js/libs/jquery.min.js | 0 .../webgoat}/static/js/libs/mode-java.js | 0 .../webgoat}/static/js/libs/polyglot.min.js | 0 .../webgoat}/static/js/libs/require.min.js | 0 .../resources/webgoat}/static/js/libs/text.js | 0 .../webgoat}/static/js/libs/theme-monokai.js | 0 .../webgoat}/static/js/libs/underscore-min.js | 0 .../main/resources/webgoat}/static/js/main.js | 0 .../webgoat}/static/js/modernizr.min.js | 0 .../main/resources/webgoat}/static/js/quiz.js | 0 .../webgoat}/static/js/scoreboard.js | 0 .../resources/webgoat}/static/js/toggle.js | 0 .../plugins/bootstrap-slider/css/slider.css | 0 .../bootstrap-slider/js/bootstrap-slider.js | 0 .../css/bootstrap-wysihtml5.css | 0 .../css/bootstrap3-wysiwyg5-color.css | 0 .../js/bootstrap3-wysihtml5.js | 0 .../bootstrap-wysihtml5/js/wysihtml5-0.3.0.js | 0 .../plugins/bootstrap/css/bootstrap.min.css | 0 .../fonts/glyphicons-halflings-regular.eot | Bin .../fonts/glyphicons-halflings-regular.svg | 0 .../fonts/glyphicons-halflings-regular.ttf | Bin .../fonts/glyphicons-halflings-regular.woff | Bin .../nanoScroller/jquery.nanoscroller.min.js | 0 .../resources/webgoat}/templates/about.html | 0 .../webgoat}/templates/lesson_content.html | 4 +- .../resources/webgoat}/templates/login.html | 0 .../webgoat}/templates/main_new.html | 6 + .../webgoat}/templates/registration.html | 0 .../webgoat}/templates/scoreboard.html | 0 .../webwolf/static/css/img/webwolf.ico | Bin .../resources/webwolf/static/css/webwolf.css | 0 .../resources/webwolf}/static/images/wolf.png | Bin .../resources/webwolf/static/images/wolf.svg | 80 + .../webwolf}/static/js/fileUpload.js | 6 +- .../main/resources/webwolf}/static/js/jwt.js | 0 .../main/resources/webwolf}/static/js/mail.js | 0 .../resources/webwolf}/templates/error.html | 0 .../resources/webwolf}/templates/files.html | 6 +- .../webwolf}/templates/fragments/footer.html | 0 .../webwolf}/templates/fragments/header.html | 23 +- .../resources/webwolf}/templates/home.html | 3 +- .../resources/webwolf}/templates/jwt.html | 0 .../resources/webwolf}/templates/mailbox.html | 0 .../webwolf}/templates/registration.html | 0 .../webwolf}/templates/requests.html | 0 .../webwolf/templates/webwolf-login.html | 0 .../webgoat/container/WebGoatApplication.java | 10 + .../assignments/AssignmentEndpointTest.java | 23 +- .../container}/plugins/LessonTest.java | 31 +- .../container}/service/HintServiceTest.java | 12 +- .../service/LessonMenuServiceTest.java | 20 +- .../service/LessonProgressServiceTest.java | 17 +- .../service/ReportCardServiceTest.java | 16 +- .../container}/session/LabelDebuggerTest.java | 2 +- .../container}/session/LessonTrackerTest.java | 8 +- .../container}/users/UserRepositoryTest.java | 8 +- .../container}/users/UserServiceTest.java | 10 +- .../users/UserTrackerRepositoryTest.java | 12 +- .../container}/users/UserValidatorTest.java | 4 +- .../auth_bypass/BypassVerificationTest.java | 19 +- ...assRestrictionsFrontendValidationTest.java | 15 +- .../lessons}/challenges/Assignment1Test.java | 12 +- .../chrome_dev_tools/ChromeDevToolsTest.java | 12 +- .../webgoat/lessons}/cia/CIAQuizTest.java | 15 +- .../ClientSideFilteringAssignmentTest.java | 15 +- ...ClientSideFilteringFreeAssignmentTest.java | 13 +- .../ShopEndpointTest.java | 12 +- .../lessons/cryptography}/CryptoUtilTest.java | 4 +- .../lessons}/csrf/CSRFFeedbackTest.java | 13 +- .../deserialization/DeserializeTest.java | 12 +- .../HijackSessionAssignmentTest.java | 34 +- ...jackSessionAuthenticationProviderTest.java | 6 +- .../HttpBasicsInterceptRequestTest.java | 17 +- .../lessons}/jwt/JWTDecodeEndpointTest.java | 13 +- .../lessons}/jwt/JWTFinalEndpointTest.java | 17 +- .../lessons}/jwt/JWTRefreshEndpointTest.java | 15 +- .../jwt/JWTSecretKeyEndpointTest.java | 15 +- .../lessons}/jwt/JWTVotesEndpointTest.java | 15 +- .../owasp/webgoat/lessons}/jwt/TokenTest.java | 2 +- .../lessons}/missing_ac/DisplayUserTest.java | 6 +- .../MissingFunctionACHiddenMenusTest.java | 10 +- .../MissingFunctionACUsersTest.java | 16 +- .../MissingFunctionACYourHashAdminTest.java | 16 +- .../MissingFunctionYourHashTest.java | 11 +- .../SecurityQuestionAssignmentTest.java | 22 +- .../path_traversal/ProfileUploadFixTest.java | 13 +- .../ProfileUploadRemoveUserInputTest.java | 13 +- .../ProfileUploadRetrievalTest.java | 13 +- .../path_traversal/ProfileUploadTest.java | 13 +- .../SpoofCookieAssignmentTest.java | 27 +- .../spoofcookie/encoders/EncDecTest.java | 3 +- .../lessons}/sql_injection/SqlLessonTest.java | 11 +- .../SqlInjectionLesson10Test.java | 7 +- .../introduction/SqlInjectionLesson2Test.java | 7 +- .../introduction/SqlInjectionLesson5Test.java | 9 +- .../SqlInjectionLesson5aTest.java | 7 +- .../SqlInjectionLesson6aTest.java | 11 +- .../SqlInjectionLesson6bTest.java | 11 +- .../introduction/SqlInjectionLesson8Test.java | 7 +- .../introduction/SqlInjectionLesson9Test.java | 7 +- .../mitigation/SqlInjectionLesson13Test.java | 7 +- .../SqlOnlyInputValidationOnKeywordsTest.java | 7 +- .../SqlOnlyInputValidationTest.java | 7 +- .../webgoat/lessons}/ssrf/SSRFTest1.java | 10 +- .../webgoat/lessons}/ssrf/SSRFTest2.java | 10 +- .../VulnerableComponentsLessonTest.java | 6 +- .../xss/CrossSiteScriptingLesson1Test.java | 12 +- .../xss/DOMCrossSiteScriptingTest.java | 7 +- .../lessons}/xss/StoredXssCommentsTest.java | 6 +- .../xxe/BlindSendFileAssignmentTest.java | 88 +- .../xxe/ContentTypeAssignmentTest.java | 43 +- .../webgoat/lessons}/xxe/SimpleXXETest.java | 11 +- .../webgoat/webwolf/WebWolfApplication.java | 10 + .../webgoat}/webwolf/jwt/JWTTokenTest.java | 4 +- .../mailbox/MailboxControllerTest.java | 50 +- .../mailbox/MailboxRepositoryTest.java | 18 +- .../webwolf/user/UserServiceTest.java | 2 +- .../application-webgoat-test.properties | 8 + .../resources/application-webwolf.properties | 5 +- .../test/resources/logback-test.xml | 0 docker/start.sh => start.sh | 31 +- webgoat-container/.gitignore | 8 - webgoat-container/pom.xml | 111 -- .../owasp/webgoat/DatabaseConfiguration.java | 56 - .../service/LessonProgressService.java | 102 - .../org/owasp/webgoat/TestApplication.java | 33 - .../webgoat/service/LabelServiceTest.java | 77 - .../plugins/lessonSolutions/rewrite_test.html | 11 - webgoat-integration-tests/pom.xml | 73 - .../java/org/owasp/webgoat/ChallengeTest.java | 114 -- .../resources/application-inttest.properties | 10 - .../src/test/resources/logback-test.xml | 15 - webgoat-lessons/auth-bypass/.DS_Store | Bin 8196 -> 0 bytes webgoat-lessons/auth-bypass/pom.xml | 12 - webgoat-lessons/auth-bypass/src/.DS_Store | Bin 8196 -> 0 bytes .../auth-bypass/src/main/.DS_Store | Bin 10244 -> 0 bytes .../auth-bypass/src/main/java/.DS_Store | Bin 8196 -> 0 bytes .../auth-bypass/src/main/java/org/.DS_Store | Bin 8196 -> 0 bytes .../src/main/java/org/owasp/.DS_Store | Bin 8196 -> 0 bytes .../src/main/java/org/owasp/webgoat/.DS_Store | Bin 8196 -> 0 bytes .../auth-bypass/src/main/resources/.DS_Store | Bin 6148 -> 0 bytes .../src/main/resources/html/.DS_Store | Bin 6148 -> 0 bytes webgoat-lessons/bypass-restrictions/pom.xml | 11 - webgoat-lessons/challenge/pom.xml | 31 - .../challenges/challenge1/ImageServlet.java | 43 - .../src/main/resources/html/Challenge.html | 9 - webgoat-lessons/chrome-dev-tools/pom.xml | 11 - webgoat-lessons/cia/pom.xml | 11 - webgoat-lessons/client-side-filtering/pom.xml | 12 - .../lessonPlans/ru/ClientSideFiltering.html | 11 - .../cross-site-scripting/.gitignore | 1 - .../cross-site-scripting/.sonatype | 3 - webgoat-lessons/cross-site-scripting/pom.xml | 19 - webgoat-lessons/crypto/pom.xml | 12 - .../lessonSolutions/en/crypto_solution.adoc | 5 - .../lessonSolutions/html/crypto.html | 14 - webgoat-lessons/csrf/pom.xml | 11 - webgoat-lessons/csrf/src/.DS_Store | Bin 6148 -> 0 bytes webgoat-lessons/csrf/src/main/.DS_Store | Bin 8196 -> 0 bytes webgoat-lessons/csrf/src/main/java/.DS_Store | Bin 6148 -> 0 bytes .../csrf/src/main/java/org/.DS_Store | Bin 6148 -> 0 bytes .../csrf/src/main/java/org/owasp/.DS_Store | Bin 6148 -> 0 bytes .../src/main/java/org/owasp/webgoat/.DS_Store | Bin 6148 -> 0 bytes .../csrf/src/main/resources/.DS_Store | Bin 6148 -> 0 bytes .../src/main/resources/lessonPlans/.DS_Store | Bin 6148 -> 0 bytes .../csrf/webgoat-lesson-template/.DS_Store | Bin 8196 -> 0 bytes .../webgoat-lesson-template/src/.DS_Store | Bin 8196 -> 0 bytes .../src/main/.DS_Store | Bin 10244 -> 0 bytes .../src/main/java/.DS_Store | Bin 8196 -> 0 bytes .../src/main/java/org/.DS_Store | Bin 8196 -> 0 bytes .../src/main/java/org/owasp/.DS_Store | Bin 8196 -> 0 bytes .../src/main/java/org/owasp/webgoat/.DS_Store | Bin 8196 -> 0 bytes .../src/main/resources/.DS_Store | Bin 6148 -> 0 bytes .../src/main/resources/html/.DS_Store | Bin 6148 -> 0 bytes webgoat-lessons/hijack-session/pom.xml | 58 - webgoat-lessons/html-tampering/pom.xml | 27 - webgoat-lessons/http-basics/pom.xml | 12 - .../resources/lessonPlans/de/HttpBasics.html | 29 - .../lessonPlans/nl/HttpBasics_content1.adoc | 8 - .../resources/lessonPlans/ru/HttpBasics.html | 33 - .../en/HttpBasics_solution.adoc | 5 - .../lessonSolutions/html/HttpBasics.html | 14 - webgoat-lessons/http-proxies/pom.xml | 25 - webgoat-lessons/idor/pom.xml | 12 - .../insecure-deserialization/pom.xml | 26 - webgoat-lessons/insecure-login/pom.xml | 25 - webgoat-lessons/jwt/pom.xml | 26 - webgoat-lessons/logging/pom.xml | 25 - webgoat-lessons/missing-function-ac/.DS_Store | Bin 8196 -> 0 bytes webgoat-lessons/missing-function-ac/pom.xml | 12 - .../missing-function-ac/src/.DS_Store | Bin 8196 -> 0 bytes .../missing-function-ac/src/main/.DS_Store | Bin 10244 -> 0 bytes .../src/main/java/.DS_Store | Bin 8196 -> 0 bytes .../src/main/java/org/.DS_Store | Bin 8196 -> 0 bytes .../src/main/java/org/owasp/.DS_Store | Bin 8196 -> 0 bytes .../src/main/java/org/owasp/webgoat/.DS_Store | Bin 8196 -> 0 bytes .../src/main/resources/.DS_Store | Bin 6148 -> 0 bytes .../src/main/resources/html/.DS_Store | Bin 6148 -> 0 bytes webgoat-lessons/password-reset/pom.xml | 20 - webgoat-lessons/path-traversal/pom.xml | 11 - webgoat-lessons/pom.xml | 90 - webgoat-lessons/secure-passwords/pom.xml | 19 - webgoat-lessons/spoof-cookie/pom.xml | 58 - webgoat-lessons/sql-injection/.sonatype | 3 - webgoat-lessons/sql-injection/pom.xml | 11 - .../en/SqlInjection_solution.adoc | 5 - .../lessonSolutions/html/SqlInjection.html | 14 - webgoat-lessons/ssrf/pom.xml | 26 - .../vulnerable-components/.gitignore | 1 - webgoat-lessons/vulnerable-components/pom.xml | 54 - .../en/VulnerableComponents_solution.adoc | 5 - .../html/VulnerableComponents.html | 14 - webgoat-lessons/webgoat-introduction/pom.xml | 11 - .../resources/html/WebGoatIntroduction.html | 8 - .../lessonPlans/nl/Introduction.adoc | 16 - .../webgoat-lesson-template/.DS_Store | Bin 8196 -> 0 bytes .../getting-started.MD | 65 - .../webgoat-lesson-template/pom.xml | 12 - .../webgoat-lesson-template/src/.DS_Store | Bin 8196 -> 0 bytes .../src/main/.DS_Store | Bin 10244 -> 0 bytes .../src/main/java/.DS_Store | Bin 8196 -> 0 bytes .../src/main/java/org/.DS_Store | Bin 8196 -> 0 bytes .../src/main/java/org/owasp/.DS_Store | Bin 8196 -> 0 bytes .../src/main/java/org/owasp/webgoat/.DS_Store | Bin 8196 -> 0 bytes .../src/main/resources/.DS_Store | Bin 6148 -> 0 bytes .../src/main/resources/html/.DS_Store | Bin 6148 -> 0 bytes .../en/lesson-template-content.adoc | 36 - .../lessonPlans/en/lesson-template-glue.adoc | 59 - webgoat-lessons/webwolf-introduction/pom.xml | 11 - .../lessonPlans/nl/IntroductionWebWolf.adoc | 25 - webgoat-lessons/xxe/pom.xml | 31 - webgoat-server/Dockerfile | 17 - webgoat-server/pom.xml | 229 --- .../owasp/webgoat/HSQLDBDatabaseConfig.java | 65 - .../java/org/owasp/webgoat/StartWebGoat.java | 80 - webwolf/Dockerfile | 16 - webwolf/README.md | 46 - webwolf/pom.xml | 155 -- .../main/java/org/owasp/webwolf/WebWolf.java | 73 - .../webwolf/db/ActuatorDsJsonParser.java | 58 - .../webwolf/db/DataSourceProperties.java | 52 - .../owasp/webwolf/db/DataSourceResolver.java | 111 -- .../db/ResourceUnavailableException.java | 22 - .../webwolf/user/RegistrationController.java | 69 - .../org/owasp/webwolf/user/UserValidator.java | 57 - .../main/resources/i18n/messages.properties | 40 - .../owasp/webwolf/user/UserValidatorTest.java | 96 - webwolf/src/test/resources/logback-test.xml | 16 - webwolf/start-webwolf.sh | 7 - 1130 files changed, 3540 insertions(+), 7643 deletions(-) create mode 100644 .dockerignore delete mode 100644 .github/workflows/branch_build.yml create mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/pr_build.yml create mode 100644 Dockerfile delete mode 100644 config/pmd/pmd-ruleset.xml delete mode 100644 docker/Dockerfile delete mode 100644 docker/Readme.md delete mode 100644 docker/index.html delete mode 100644 docker/nginx.conf delete mode 100644 docker/pom.xml rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/AccessControlTest.java => src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java (92%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java => src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java (88%) create mode 100644 src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/CryptoTest.java => src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java (95%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/DeserializationTest.java => src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java (86%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java => src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java (97%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/IDORTest.java => src/it/java/org/owasp/webgoat/IDORIntegrationTest.java (98%) rename {webgoat-integration-tests/src/test => src/it}/java/org/owasp/webgoat/IntegrationTest.java (61%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java => src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java (98%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java => src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java (87%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalITTest.java => src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java (88%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/ProgressRaceConditionTest.java => src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java (93%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/SSRFTest.java => src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java (91%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/SeleniumTest.java => src/it/java/org/owasp/webgoat/SeleniumIntegrationTest.java (88%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/SessionManagementTest.java => src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java (96%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionAdvancedTest.java => src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java (96%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionLessonTest.java => src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java (97%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java => src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java (94%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java => src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java (93%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/XSSTest.java => src/it/java/org/owasp/webgoat/XSSIntegrationTest.java (98%) rename webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java => src/it/java/org/owasp/webgoat/XXEIntegrationTest.java (77%) rename {webgoat-lessons/insecure-deserialization/src => src}/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java (96%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/AjaxAuthenticationEntryPoint.java (97%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/AsciiDoctorTemplateResolver.java (57%) create mode 100644 src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/HammerHead.java (85%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/LessonDataSource.java (94%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/LessonTemplateResolver.java (89%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/MvcConfiguration.java (61%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/WebGoat.java (81%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/WebSecurityConfig.java (95%) create mode 100644 src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/asciidoc/EnvironmentExposure.java (94%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/asciidoc/OperatingSystemMacro.java (94%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/asciidoc/UsernameMacro.java (80%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/asciidoc/WebGoatTmpDirMacro.java (94%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/asciidoc/WebGoatVersionMacro.java (94%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/asciidoc/WebWolfMacro.java (88%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/asciidoc/WebWolfRootMacro.java (90%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/assignments/AssignmentEndpoint.java (86%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/assignments/AssignmentHints.java (87%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/assignments/AssignmentPath.java (90%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/assignments/AttackResult.java (93%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/assignments/LessonTrackerInterceptor.java (90%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/controller/StartLesson.java (63%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/controller/Welcome.java (88%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/i18n/Language.java (97%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/i18n/Messages.java (97%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/i18n/PluginMessages.java (77%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/lessons/Assignment.java (86%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/lessons/Category.java (98%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/lessons/CourseConfiguration.java (91%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/lessons/Hint.java (96%) create mode 100644 src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/lessons/Lesson.java (89%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/lessons/LessonConnectionInvocationHandler.java (76%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/lessons/LessonInfoModel.java (87%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/lessons/LessonMenuItem.java (97%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/lessons/LessonMenuItemType.java (96%) create mode 100644 src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java create mode 100644 src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/service/HintService.java (76%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/service/LabelDebugService.java (86%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/service/LabelService.java (54%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/service/LessonInfoService.java (79%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/service/LessonMenuService.java (77%) create mode 100644 src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/service/LessonTitleService.java (84%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/service/ReportCardService.java (89%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/service/RestartLessonService.java (82%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/service/SessionService.java (86%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/session/Course.java (83%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/session/LabelDebugger.java (84%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/session/UserSessionData.java (94%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/session/WebSession.java (92%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/users/LessonTracker.java (93%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/users/RegistrationController.java (95%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/users/Scoreboard.java (62%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/users/UserForm.java (93%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/users/UserRepository.java (88%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/users/UserService.java (89%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/users/UserSession.java (90%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/users/UserTracker.java (96%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/users/UserTrackerRepository.java (84%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/users/UserValidator.java (95%) rename {webgoat-container/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/container}/users/WebGoatUser.java (89%) rename {webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/auth_bypass/AccountVerificationHelper.java (98%) rename {webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/auth_bypass/AuthBypass.java (89%) rename {webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/auth_bypass/VerifyAccount.java (91%) rename {webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/bypass_restrictions/BypassRestrictions.java (89%) rename {webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/bypass_restrictions/BypassRestrictionsFieldRestrictions.java (92%) rename {webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/bypass_restrictions/BypassRestrictionsFrontendValidation.java (93%) rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/ChallengeIntro.java (65%) rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/Email.java (96%) rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/Flag.java (90%) rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/SolutionConstants.java (96%) rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/challenge1/Assignment1.java (88%) rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/challenge1/Challenge1.java (67%) create mode 100644 src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/challenge5/Assignment5.java (90%) rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/challenge5/Challenge5.java (89%) rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/challenge7/Assignment7.java (90%) rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/challenge7/Challenge7.java (67%) rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/challenge7/MD5.java (99%) rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/challenge7/PasswordResetLink.java (95%) rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/challenge8/Assignment8.java (91%) rename {webgoat-lessons/challenge/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/challenges/challenge8/Challenge8.java (67%) rename {webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/chrome_dev_tools/ChromeDevTools.java (90%) rename {webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/chrome_dev_tools/NetworkDummy.java (89%) rename {webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/chrome_dev_tools/NetworkLesson.java (90%) rename {webgoat-lessons/cia/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/cia/CIA.java (70%) rename {webgoat-lessons/cia/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/cia/CIAQuiz.java (90%) rename {webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/client_side_filtering/ClientSideFiltering.java (90%) rename {webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/client_side_filtering/ClientSideFilteringAssignment.java (88%) rename {webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/client_side_filtering/ClientSideFilteringFreeAssignment.java (88%) rename {webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/client_side_filtering/Salaries.java (97%) rename {webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/client_side_filtering/ShopEndpoint.java (88%) rename {webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto => src/main/java/org/owasp/webgoat/lessons/cryptography}/CryptoUtil.java (98%) rename webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/Crypto.java => src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java (87%) rename {webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto => src/main/java/org/owasp/webgoat/lessons/cryptography}/EncodingAssignment.java (94%) rename {webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto => src/main/java/org/owasp/webgoat/lessons/cryptography}/HashingAssignment.java (94%) rename {webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto => src/main/java/org/owasp/webgoat/lessons/cryptography}/SecureDefaultsAssignment.java (90%) rename {webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto => src/main/java/org/owasp/webgoat/lessons/cryptography}/SigningAssignment.java (93%) rename {webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto => src/main/java/org/owasp/webgoat/lessons/cryptography}/XOREncodingAssignment.java (88%) rename {webgoat-lessons/csrf/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/csrf/CSRF.java (90%) rename {webgoat-lessons/csrf/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/csrf/CSRFConfirmFlag1.java (88%) rename {webgoat-lessons/csrf/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/csrf/CSRFFeedback.java (94%) rename {webgoat-lessons/csrf/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/csrf/CSRFGetFlag.java (95%) rename {webgoat-lessons/csrf/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/csrf/CSRFLogin.java (87%) rename {webgoat-lessons/csrf/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/csrf/ForgedReviews.java (93%) rename {webgoat-lessons/csrf/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/csrf/Review.java (97%) rename {webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/deserialization/InsecureDeserialization.java (91%) rename {webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/deserialization/InsecureDeserializationTask.java (93%) rename {webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/deserialization/SerializationHelper.java (97%) rename {webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/hijacksession/HijackSession.java (90%) rename {webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/hijacksession/HijackSessionAssignment.java (88%) rename {webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/hijacksession/cas/Authentication.java (97%) rename {webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/hijacksession/cas/AuthenticationProvider.java (95%) rename {webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/hijacksession/cas/HijackSessionAuthenticationProvider.java (98%) rename {webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/html_tampering/HtmlTampering.java (91%) rename {webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/html_tampering/HtmlTamperingTask.java (88%) rename {webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/http_basics/HttpBasics.java (90%) rename {webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/http_basics/HttpBasicsLesson.java (88%) rename {webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/http_basics/HttpBasicsQuiz.java (87%) rename {webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/http_proxies/HttpBasicsInterceptRequest.java (93%) rename {webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/http_proxies/HttpProxies.java (91%) rename {webgoat-lessons/idor/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/idor/IDOR.java (91%) rename {webgoat-lessons/idor/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/idor/IDORDiffAttributes.java (90%) rename {webgoat-lessons/idor/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/idor/IDOREditOtherProfiile.java (94%) rename {webgoat-lessons/idor/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/idor/IDORLogin.java (91%) rename {webgoat-lessons/idor/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/idor/IDORViewOtherProfile.java (91%) rename {webgoat-lessons/idor/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/idor/IDORViewOwnProfile.java (96%) rename {webgoat-lessons/idor/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/idor/IDORViewOwnProfileAltUrl.java (90%) rename {webgoat-lessons/idor/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/idor/UserProfile.java (98%) rename {webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/insecure_login/InsecureLogin.java (91%) rename {webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/insecure_login/InsecureLoginTask.java (90%) rename {webgoat-lessons/jwt/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/jwt/JWT.java (90%) rename {webgoat-lessons/jwt/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/jwt/JWTDecodeEndpoint.java (78%) rename {webgoat-lessons/jwt/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/jwt/JWTFinalEndpoint.java (93%) rename {webgoat-lessons/jwt/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/jwt/JWTQuiz.java (89%) rename {webgoat-lessons/jwt/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/jwt/JWTRefreshEndpoint.java (96%) rename {webgoat-lessons/jwt/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/jwt/JWTSecretKeyEndpoint.java (94%) rename {webgoat-lessons/jwt/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/jwt/JWTVotesEndpoint.java (96%) rename {webgoat-lessons/jwt/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/jwt/votes/Views.java (78%) rename {webgoat-lessons/jwt/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/jwt/votes/Vote.java (98%) rename {webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template => src/main/java/org/owasp/webgoat/lessons/lesson_template}/LessonTemplate.java (89%) rename {webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template => src/main/java/org/owasp/webgoat/lessons/lesson_template}/SampleAttack.java (92%) rename {webgoat-lessons/logging/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/logging/LogBleedingTask.java (93%) rename {webgoat-lessons/logging/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/logging/LogSpoofing.java (91%) rename {webgoat-lessons/logging/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/logging/LogSpoofingTask.java (92%) rename {webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/missing_ac/DisplayUser.java (98%) rename {webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/missing_ac/MissingAccessControlUserRepository.java (94%) rename {webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/missing_ac/MissingFunctionAC.java (91%) rename {webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/missing_ac/MissingFunctionACHiddenMenus.java (90%) rename {webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/missing_ac/MissingFunctionACUsers.java (93%) rename {webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/missing_ac/MissingFunctionACYourHash.java (86%) rename {webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/missing_ac/MissingFunctionACYourHashAdmin.java (88%) rename {webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/missing_ac/User.java (84%) rename {webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/password_reset/PasswordReset.java (89%) rename {webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/password_reset/PasswordResetEmail.java (96%) rename {webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/password_reset/QuestionsAssignment.java (93%) rename {webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/password_reset/ResetLinkAssignment.java (92%) rename {webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/password_reset/ResetLinkAssignmentForgotPassword.java (96%) rename {webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/password_reset/SecurityQuestionAssignment.java (96%) rename {webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/password_reset/SimpleMailAssignment.java (96%) rename {webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/password_reset/TriedQuestions.java (96%) rename {webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/password_reset/resetlink/PasswordChangeForm.java (84%) rename {webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/path_traversal/PathTraversal.java (89%) rename {webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/path_traversal/ProfileUpload.java (86%) rename {webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/path_traversal/ProfileUploadBase.java (93%) rename {webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/path_traversal/ProfileUploadFix.java (87%) rename {webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/path_traversal/ProfileUploadRemoveUserInput.java (84%) rename {webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/path_traversal/ProfileUploadRetrieval.java (92%) rename {webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/path_traversal/ProfileZipSlip.java (93%) rename {webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password => src/main/java/org/owasp/webgoat/lessons/secure_passwords}/SecurePasswords.java (90%) rename {webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password => src/main/java/org/owasp/webgoat/lessons/secure_passwords}/SecurePasswordsAssignment.java (96%) rename {webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/spoofcookie/SpoofCookie.java (90%) rename {webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/spoofcookie/SpoofCookieAssignment.java (95%) rename {webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/spoofcookie/encoders/EncDec.java (98%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/advanced/SqlInjectionAdvanced.java (89%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/advanced/SqlInjectionChallenge.java (93%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/advanced/SqlInjectionChallengeLogin.java (89%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/advanced/SqlInjectionLesson6a.java (92%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/advanced/SqlInjectionLesson6b.java (92%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/advanced/SqlInjectionQuiz.java (94%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjection.java (89%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson10.java (93%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson2.java (90%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson3.java (91%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson4.java (91%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson5.java (91%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson5a.java (94%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson5b.java (93%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson8.java (94%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson9.java (93%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/mitigation/Servers.java (67%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/mitigation/SqlInjectionLesson10a.java (90%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/mitigation/SqlInjectionLesson10b.java (96%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/mitigation/SqlInjectionLesson13.java (89%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/mitigation/SqlInjectionMitigations.java (89%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/mitigation/SqlOnlyInputValidation.java (86%) rename {webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java (87%) rename {webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/ssrf/SSRF.java (91%) rename {webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/ssrf/SSRFTask1.java (92%) rename {webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/ssrf/SSRFTask2.java (92%) rename {webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/vulnerable_components/Contact.java (95%) rename {webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/vulnerable_components/ContactImpl.java (95%) rename {webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/vulnerable_components/VulnerableComponents.java (89%) rename {webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/vulnerable_components/VulnerableComponentsLesson.java (74%) rename {webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/introduction => src/main/java/org/owasp/webgoat/lessons/webgoat_introduction}/WebGoatIntroduction.java (90%) rename {webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/webwolf_introduction/Email.java (81%) rename {webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/webwolf_introduction/LandingAssignment.java (89%) rename {webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/webwolf_introduction/MailAssignment.java (94%) rename {webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/webwolf_introduction/WebWolfIntroduction.java (89%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xss/Comment.java (90%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xss/CrossSiteScripting.java (90%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xss/CrossSiteScriptingLesson1.java (91%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xss/CrossSiteScriptingLesson3.java (93%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xss/CrossSiteScriptingLesson4.java (91%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xss/CrossSiteScriptingLesson5a.java (93%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xss/CrossSiteScriptingLesson6a.java (87%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/mitigation => src/main/java/org/owasp/webgoat/lessons/xss}/CrossSiteScriptingMitigation.java (90%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xss/CrossSiteScriptingQuiz.java (94%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xss/DOMCrossSiteScripting.java (90%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xss/DOMCrossSiteScriptingVerifier.java (88%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xss/stored/CrossSiteScriptingStored.java (89%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xss/stored/StoredCrossSiteScriptingVerifier.java (89%) rename {webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xss/stored/StoredXssComments.java (93%) rename {webgoat-lessons/xxe/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xxe/BlindSendFileAssignment.java (58%) rename {webgoat-lessons/xxe/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xxe/Comment.java (97%) rename webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Comments.java => src/main/java/org/owasp/webgoat/lessons/xxe/CommentsCache.java (70%) rename {webgoat-lessons/xxe/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xxe/CommentsEndpoint.java (95%) rename {webgoat-lessons/xxe/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xxe/ContentTypeAssignment.java (92%) rename {webgoat-lessons/xxe/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xxe/Ping.java (96%) rename {webgoat-lessons/xxe/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xxe/SimpleXXE.java (90%) rename {webgoat-lessons/xxe/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xxe/User.java (97%) rename {webgoat-lessons/xxe/src/main/java/org/owasp/webgoat => src/main/java/org/owasp/webgoat/lessons}/xxe/XXE.java (90%) create mode 100644 src/main/java/org/owasp/webgoat/server/ParentConfig.java create mode 100644 src/main/java/org/owasp/webgoat/server/StartWebGoat.java create mode 100644 src/main/java/org/owasp/webgoat/server/StartupMessage.java rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/FileServer.java (82%) rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/MvcConfiguration.java (76%) rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/WebSecurityConfig.java (90%) rename webwolf/src/main/java/org/owasp/webwolf/user/UserForm.java => src/main/java/org/owasp/webgoat/webwolf/WebWolf.java (58%) rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/jwt/JWTController.java (78%) rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/jwt/JWTToken.java (95%) rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/mailbox/Email.java (98%) rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/mailbox/MailboxController.java (83%) rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/mailbox/MailboxRepository.java (96%) rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/requests/LandingPage.java (97%) rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/requests/Requests.java (89%) rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/requests/WebWolfTraceRepository.java (87%) rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/user/UserRepository.java (97%) rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/user/UserService.java (94%) rename {webwolf/src/main/java/org/owasp => src/main/java/org/owasp/webgoat}/webwolf/user/WebGoatUser.java (90%) rename {webgoat-container/src => src}/main/resources/application-webgoat.properties (82%) rename {webwolf/src => src}/main/resources/application-webwolf.properties (76%) create mode 100644 src/main/resources/banner.txt rename {webgoat-container/src => src}/main/resources/db/container/V1__init.sql (100%) rename {webgoat-container/src => src}/main/resources/db/container/V2__version.sql (100%) rename {webgoat-container/src => src}/main/resources/goatkeystore.pkcs12 (100%) rename {webgoat-container/src => src}/main/resources/i18n/messages.properties (100%) rename {webgoat-container/src => src}/main/resources/i18n/messages_de.properties (100%) rename {webgoat-container/src => src}/main/resources/i18n/messages_fr.properties (100%) rename {webgoat-container/src => src}/main/resources/i18n/messages_nl.properties (100%) rename {webgoat-container/src => src}/main/resources/i18n/messages_ru.properties (100%) rename {webgoat-lessons/auth-bypass/src/main/resources/lessonPlans/en => src/main/resources/lessons/auth_bypass/documentation}/2fa-bypass.adoc (100%) rename {webgoat-lessons/auth-bypass/src/main/resources/lessonPlans/en => src/main/resources/lessons/auth_bypass/documentation}/bypass-intro.adoc (100%) rename {webgoat-lessons/auth-bypass/src/main/resources/lessonPlans/en => src/main/resources/lessons/auth_bypass/documentation}/lesson-template-video.adoc (100%) rename {webgoat-lessons/auth-bypass/src/main/resources => src/main/resources/lessons/auth_bypass}/html/AuthBypass.html (90%) rename {webgoat-lessons/auth-bypass/src/main/resources => src/main/resources/lessons/auth_bypass}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/auth-bypass/src/main/resources => src/main/resources/lessons/auth_bypass}/images/firefox-proxy-config.png (100%) rename {webgoat-lessons/auth-bypass/src/main/resources => src/main/resources/lessons/auth_bypass}/images/paypal-2fa-bypass.png (100%) rename {webgoat-lessons/auth-bypass/src/main/resources => src/main/resources/lessons/auth_bypass}/js/bypass.js (100%) rename {webgoat-lessons/bypass-restrictions/src/main/resources => src/main/resources/lessons/bypass_restrictions}/css/bypass-restrictions.css (100%) rename {webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en => src/main/resources/lessons/bypass_restrictions/documentation}/BypassRestrictions_FieldRestrictions.adoc (100%) rename {webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en => src/main/resources/lessons/bypass_restrictions/documentation}/BypassRestrictions_FrontendValidation.adoc (100%) rename {webgoat-lessons/bypass-restrictions/src/main/resources/lessonPlans/en => src/main/resources/lessons/bypass_restrictions/documentation}/BypassRestrictions_Intro.adoc (100%) rename {webgoat-lessons/bypass-restrictions/src/main/resources => src/main/resources/lessons/bypass_restrictions}/html/BypassRestrictions.html (94%) rename {webgoat-lessons/bypass-restrictions/src/main/resources => src/main/resources/lessons/bypass_restrictions}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/challenge7/git.zip (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/css/challenge6.css (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/css/challenge8.css (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/db/migration/V2018_09_26_1__users.sql (100%) rename {webgoat-lessons/challenge/src/main/resources/lessonPlans/en => src/main/resources/lessons/challenges/documentation}/Challenge_1.adoc (100%) rename {webgoat-lessons/challenge/src/main/resources/lessonPlans/en => src/main/resources/lessons/challenges/documentation}/Challenge_5.adoc (100%) rename {webgoat-lessons/challenge/src/main/resources/lessonPlans/en => src/main/resources/lessons/challenges/documentation}/Challenge_6.adoc (100%) rename {webgoat-lessons/challenge/src/main/resources/lessonPlans/en => src/main/resources/lessons/challenges/documentation}/Challenge_7.adoc (100%) rename {webgoat-lessons/challenge/src/main/resources/lessonPlans/en => src/main/resources/lessons/challenges/documentation}/Challenge_8.adoc (100%) rename {webgoat-lessons/challenge/src/main/resources/lessonPlans/en => src/main/resources/lessons/challenges/documentation}/Challenge_introduction.adoc (100%) create mode 100644 src/main/resources/lessons/challenges/html/Challenge.html rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/html/Challenge1.html (95%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/html/Challenge5.html (97%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/html/Challenge6.html (98%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/html/Challenge7.html (97%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/html/Challenge8.html (99%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/avatar1.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/boss.jpg (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/challenge1-small.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/challenge1.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/challenge2-small.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/challenge2.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/challenge3-small.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/challenge3.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/challenge4-small.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/challenge4.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/challenge5-small.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/challenge5.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/hi-five-cat.jpg (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/user1.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/user2.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/user3.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/images/webgoat2.png (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/js/bootstrap.min.js (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/js/challenge6.js (100%) rename {webgoat-lessons/challenge/src/main/resources => src/main/resources/lessons/challenges}/js/challenge8.js (100%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en => src/main/resources/lessons/chrome_dev_tools/documentation}/ChromeDevTools_Assignment.adoc (100%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en => src/main/resources/lessons/chrome_dev_tools/documentation}/ChromeDevTools_Assignment_Network.adoc (100%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en => src/main/resources/lessons/chrome_dev_tools/documentation}/ChromeDevTools_console.adoc (100%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en => src/main/resources/lessons/chrome_dev_tools/documentation}/ChromeDevTools_elements.adoc (100%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en => src/main/resources/lessons/chrome_dev_tools/documentation}/ChromeDevTools_intro.adoc (100%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en => src/main/resources/lessons/chrome_dev_tools/documentation}/ChromeDevTools_sources.adoc (100%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources => src/main/resources/lessons/chrome_dev_tools}/html/ChromeDevTools.html (78%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources => src/main/resources/lessons/chrome_dev_tools}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources => src/main/resources/lessons/chrome_dev_tools}/images/ChromeDev_Console_Clear.jpg (100%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources => src/main/resources/lessons/chrome_dev_tools}/images/ChromeDev_Console_Ex.jpg (100%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources => src/main/resources/lessons/chrome_dev_tools}/images/ChromeDev_Elements.jpg (100%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources => src/main/resources/lessons/chrome_dev_tools}/images/ChromeDev_Elements_CSS.jpg (100%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources => src/main/resources/lessons/chrome_dev_tools}/images/ChromeDev_Network.jpg (100%) rename {webgoat-lessons/chrome-dev-tools/src/main/resources => src/main/resources/lessons/chrome_dev_tools}/images/ChromeDev_Sources.jpg (100%) rename {webgoat-lessons/cia/src/main/resources/lessonPlans/en => src/main/resources/lessons/cia/documentation}/CIA_availability.adoc (100%) rename {webgoat-lessons/cia/src/main/resources/lessonPlans/en => src/main/resources/lessons/cia/documentation}/CIA_confidentiality.adoc (100%) rename {webgoat-lessons/cia/src/main/resources/lessonPlans/en => src/main/resources/lessons/cia/documentation}/CIA_integrity.adoc (100%) rename {webgoat-lessons/cia/src/main/resources/lessonPlans/en => src/main/resources/lessons/cia/documentation}/CIA_intro.adoc (100%) rename {webgoat-lessons/cia/src/main/resources/lessonPlans/en => src/main/resources/lessons/cia/documentation}/CIA_quiz.adoc (100%) rename {webgoat-lessons/cia/src/main/resources => src/main/resources/lessons/cia}/html/CIA.html (70%) rename {webgoat-lessons/cia/src/main/resources => src/main/resources/lessons/cia}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/cia/src/main/resources => src/main/resources/lessons/cia}/js/questions_cia.json (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources => src/main/resources/lessons/client_side_filtering}/css/clientSideFiltering-stage1.css (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources => src/main/resources/lessons/client_side_filtering}/css/clientSideFilteringFree.css (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en => src/main/resources/lessons/client_side_filtering/documentation}/ClientSideFiltering_assignment.adoc (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en => src/main/resources/lessons/client_side_filtering/documentation}/ClientSideFiltering_final.adoc (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en => src/main/resources/lessons/client_side_filtering/documentation}/ClientSideFiltering_plan.adoc (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources => src/main/resources/lessons/client_side_filtering}/html/ClientSideFiltering.html (95%) rename {webgoat-lessons/client-side-filtering/src/main/resources => src/main/resources/lessons/client_side_filtering}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources => src/main/resources/lessons/client_side_filtering}/images/lesson1_header.jpg (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources => src/main/resources/lessons/client_side_filtering}/images/lesson1_workspace.jpg (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources => src/main/resources/lessons/client_side_filtering}/images/samsung-black.jpg (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources => src/main/resources/lessons/client_side_filtering}/images/samsung-grey.jpg (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources => src/main/resources/lessons/client_side_filtering}/js/clientSideFiltering.js (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources => src/main/resources/lessons/client_side_filtering}/js/clientSideFilteringFree.js (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources => src/main/resources/lessons/client_side_filtering}/lessonSolutions/en/ClientSideFiltering.html (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources => src/main/resources/lessons/client_side_filtering}/lessonSolutions/en/ClientSideFiltering_files/clientside_firebug.jpg (100%) rename {webgoat-lessons/crypto/src/main/resources/lessonPlans/en => src/main/resources/lessons/cryptography/documentation}/Crypto_plan.adoc (100%) rename {webgoat-lessons/crypto/src/main/resources/lessonPlans/en => src/main/resources/lessons/cryptography/documentation}/defaults.adoc (100%) rename {webgoat-lessons/crypto/src/main/resources/lessonPlans/en => src/main/resources/lessons/cryptography/documentation}/encoding_plan.adoc (100%) rename {webgoat-lessons/crypto/src/main/resources/lessonPlans/en => src/main/resources/lessons/cryptography/documentation}/encoding_plan2.adoc (100%) rename {webgoat-lessons/crypto/src/main/resources/lessonPlans/en => src/main/resources/lessons/cryptography/documentation}/encryption.adoc (100%) rename {webgoat-lessons/crypto/src/main/resources/lessonPlans/en => src/main/resources/lessons/cryptography/documentation}/hashing_plan.adoc (100%) rename {webgoat-lessons/crypto/src/main/resources/lessonPlans/en => src/main/resources/lessons/cryptography/documentation}/keystores.adoc (100%) rename {webgoat-lessons/crypto/src/main/resources/lessonPlans/en => src/main/resources/lessons/cryptography/documentation}/postquantum.adoc (100%) rename {webgoat-lessons/crypto/src/main/resources/lessonPlans/en => src/main/resources/lessons/cryptography/documentation}/signing.adoc (100%) rename webgoat-lessons/crypto/src/main/resources/html/Crypto.html => src/main/resources/lessons/cryptography/html/Cryptography.html (82%) rename {webgoat-lessons/crypto/src/main/resources => src/main/resources/lessons/cryptography}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/csrf/src/main/resources => src/main/resources/lessons/csrf}/css/reviews.css (100%) rename {webgoat-lessons/csrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/csrf/documentation}/CSRF_Basic_Get-1.adoc (100%) rename {webgoat-lessons/csrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/csrf/documentation}/CSRF_ContentType.adoc (100%) rename {webgoat-lessons/csrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/csrf/documentation}/CSRF_Frameworks.adoc (100%) rename {webgoat-lessons/csrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/csrf/documentation}/CSRF_GET.adoc (100%) rename {webgoat-lessons/csrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/csrf/documentation}/CSRF_Get_Flag.adoc (100%) rename {webgoat-lessons/csrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/csrf/documentation}/CSRF_Impact_Defense.adoc (100%) rename {webgoat-lessons/csrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/csrf/documentation}/CSRF_JSON.adoc (100%) rename {webgoat-lessons/csrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/csrf/documentation}/CSRF_Login.adoc (100%) rename {webgoat-lessons/csrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/csrf/documentation}/CSRF_Reviews.adoc (100%) rename {webgoat-lessons/csrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/csrf/documentation}/CSRF_intro.adoc (100%) rename {webgoat-lessons/csrf/src/main/resources => src/main/resources/lessons/csrf}/html/CSRF.html (91%) rename {webgoat-lessons/csrf/src/main/resources => src/main/resources/lessons/csrf}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/csrf/src/main/resources => src/main/resources/lessons/csrf}/images/login-csrf.png (100%) rename {webgoat-lessons/csrf/src/main/resources => src/main/resources/lessons/csrf}/js/csrf-review.js (100%) rename {webgoat-lessons/csrf/src/main/resources => src/main/resources/lessons/csrf}/js/feedback.js (100%) rename {webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en => src/main/resources/lessons/deserialization/documentation}/InsecureDeserialization_GadgetChain.adoc (100%) rename {webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en => src/main/resources/lessons/deserialization/documentation}/InsecureDeserialization_Intro.adoc (100%) rename {webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en => src/main/resources/lessons/deserialization/documentation}/InsecureDeserialization_SimpleExploit.adoc (100%) rename {webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en => src/main/resources/lessons/deserialization/documentation}/InsecureDeserialization_Task.adoc (100%) rename {webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en => src/main/resources/lessons/deserialization/documentation}/InsecureDeserialization_WhatIs.adoc (100%) rename {webgoat-lessons/insecure-deserialization/src/main/resources => src/main/resources/lessons/deserialization}/html/InsecureDeserialization.html (59%) rename {webgoat-lessons/insecure-deserialization/src/main/resources => src/main/resources/lessons/deserialization}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/client-side-filtering/src/main/resources => src/main/resources/lessons}/employees.xml (100%) rename {webgoat-lessons/hijack-session/src/main/resources/lessonPlans/en => src/main/resources/lessons/hijacksession/documentation}/HijackSession_content0.adoc (100%) rename {webgoat-lessons/hijack-session/src/main/resources/lessonPlans/en => src/main/resources/lessons/hijacksession/documentation}/HijackSession_plan.adoc (100%) rename {webgoat-lessons/hijack-session/src/main/resources => src/main/resources/lessons/hijacksession}/html/HijackSession.html (63%) rename {webgoat-lessons/hijack-session/src/main/resources => src/main/resources/lessons/hijacksession}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/hijack-session/src/main/resources => src/main/resources/lessons/hijacksession}/lessonSolutions/en/HijackSession_solution.adoc (100%) rename {webgoat-lessons/hijack-session/src/main/resources => src/main/resources/lessons/hijacksession}/lessonSolutions/html/HijackSession.html (100%) rename {webgoat-lessons/hijack-session/src/main/resources => src/main/resources/lessons/hijacksession}/templates/hijackform.html (100%) rename {webgoat-lessons/html-tampering/src/main/resources/lessonPlans/en => src/main/resources/lessons/html_tampering/documentation}/HtmlTampering_Intro.adoc (100%) rename {webgoat-lessons/html-tampering/src/main/resources/lessonPlans/en => src/main/resources/lessons/html_tampering/documentation}/HtmlTampering_Mitigation.adoc (100%) rename {webgoat-lessons/html-tampering/src/main/resources/lessonPlans/en => src/main/resources/lessons/html_tampering/documentation}/HtmlTampering_Task.adoc (100%) rename {webgoat-lessons/html-tampering/src/main/resources => src/main/resources/lessons/html_tampering}/html/HtmlTampering.html (95%) rename {webgoat-lessons/html-tampering/src/main/resources => src/main/resources/lessons/html_tampering}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/html-tampering/src/main/resources => src/main/resources/lessons/html_tampering}/images/samsung.jpg (100%) rename {webgoat-lessons/http-basics/src/main/resources/lessonPlans/en => src/main/resources/lessons/http_basics/documentation}/HttpBasics_content1.adoc (100%) rename {webgoat-lessons/http-basics/src/main/resources/lessonPlans/en => src/main/resources/lessons/http_basics/documentation}/HttpBasics_content2.adoc (100%) rename {webgoat-lessons/http-basics/src/main/resources/lessonPlans/en => src/main/resources/lessons/http_basics/documentation}/HttpBasics_plan.adoc (100%) rename {webgoat-lessons/http-basics/src/main/resources => src/main/resources/lessons/http_basics}/html/HttpBasics.html (92%) rename {webgoat-lessons/http-basics/src/main/resources => src/main/resources/lessons/http_basics}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/http-basics/src/main/resources => src/main/resources/lessons/http_basics}/i18n/WebGoatLabels_de.properties (100%) rename {webgoat-lessons/http-basics/src/main/resources => src/main/resources/lessons/http_basics}/i18n/WebGoatLabels_fr.properties (100%) rename {webgoat-lessons/http-basics/src/main/resources => src/main/resources/lessons/http_basics}/i18n/WebGoatLabels_nl.properties (100%) rename {webgoat-lessons/http-basics/src/main/resources => src/main/resources/lessons/http_basics}/i18n/WebGoatLabels_ru.properties (100%) rename {webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en => src/main/resources/lessons/http_proxies/documentation}/0overview.adoc (100%) rename {webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en => src/main/resources/lessons/http_proxies/documentation}/10burp.adoc (100%) rename {webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en => src/main/resources/lessons/http_proxies/documentation}/1proxysetupsteps.adoc (100%) rename {webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en => src/main/resources/lessons/http_proxies/documentation}/3browsersetup.adoc (100%) rename {webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en => src/main/resources/lessons/http_proxies/documentation}/5configurefilterandbreakpoints.adoc (100%) rename {webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en => src/main/resources/lessons/http_proxies/documentation}/6assignment.adoc (100%) rename {webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en => src/main/resources/lessons/http_proxies/documentation}/7resend.adoc (100%) rename {webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en => src/main/resources/lessons/http_proxies/documentation}/8httpsproxy.adoc (98%) rename {webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en => src/main/resources/lessons/http_proxies/documentation}/9manual.adoc (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/html/HttpProxies.html (52%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/breakpoint.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/breakpoint2.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/burpfilter.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/burpfilterclient.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/burpintercept.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/burpintercepted.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/burpproxy.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/burpwarn.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/chrome-manual-proxy-win.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/chrome-manual-proxy.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/firefox-proxy-config.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/firefoxsettingscerts.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/importcerts.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/loginscreen.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/newlocalhost.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/proxy-intercept-button.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/proxy-intercept-details.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/rootca.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/savecerts.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/zap-browser-button.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/zap-exclude.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/zap-history.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/zap-start.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/zap_edit_and_resend.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/zap_edit_and_response.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/zap_edit_and_send.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/zap_exclude.png (100%) rename {webgoat-lessons/http-proxies/src/main/resources => src/main/resources/lessons/http_proxies}/images/zap_exclude_url.png (100%) rename {webgoat-lessons/idor/src/main/resources/lessonPlans/en => src/main/resources/lessons/idor/documentation}/IDOR_editOtherProfile.adoc (100%) rename {webgoat-lessons/idor/src/main/resources/lessonPlans/en => src/main/resources/lessons/idor/documentation}/IDOR_editOwnProfile.adoc (100%) rename {webgoat-lessons/idor/src/main/resources/lessonPlans/en => src/main/resources/lessons/idor/documentation}/IDOR_inputAltPath.adoc (100%) rename {webgoat-lessons/idor/src/main/resources/lessonPlans/en => src/main/resources/lessons/idor/documentation}/IDOR_intro.adoc (100%) rename {webgoat-lessons/idor/src/main/resources/lessonPlans/en => src/main/resources/lessons/idor/documentation}/IDOR_login.adoc (100%) rename {webgoat-lessons/idor/src/main/resources/lessonPlans/en => src/main/resources/lessons/idor/documentation}/IDOR_mitigation.adoc (100%) rename {webgoat-lessons/idor/src/main/resources/lessonPlans/en => src/main/resources/lessons/idor/documentation}/IDOR_viewDiffs.adoc (100%) rename {webgoat-lessons/idor/src/main/resources/lessonPlans/en => src/main/resources/lessons/idor/documentation}/IDOR_viewOtherProfile.adoc (100%) rename {webgoat-lessons/idor/src/main/resources/lessonPlans/en => src/main/resources/lessons/idor/documentation}/IDOR_viewOwnAltPath.adoc (100%) rename {webgoat-lessons/idor/src/main/resources/lessonPlans/en => src/main/resources/lessons/idor/documentation}/IDOR_whatDiffs.adoc (100%) rename {webgoat-lessons/idor/src/main/resources/lessonPlans/en => src/main/resources/lessons/idor/documentation}/temp.txt (100%) rename {webgoat-lessons/idor/src/main/resources => src/main/resources/lessons/idor}/html/IDOR.html (91%) rename {webgoat-lessons/idor/src/main/resources => src/main/resources/lessons/idor}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/idor/src/main/resources => src/main/resources/lessons/idor}/js/idor.js (100%) rename {webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en => src/main/resources/lessons/insecure_login/documentation}/InsecureLogin_Intro.adoc (100%) rename {webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en => src/main/resources/lessons/insecure_login/documentation}/InsecureLogin_Task.adoc (100%) rename {webgoat-lessons/insecure-login/src/main/resources => src/main/resources/lessons/insecure_login}/html/InsecureLogin.html (86%) rename {webgoat-lessons/insecure-login/src/main/resources => src/main/resources/lessons/insecure_login}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/insecure-login/src/main/resources => src/main/resources/lessons/insecure_login}/js/credentials.js (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/css/jwt.css (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/db/migration/V2019_09_25_1__jwt.sql (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_decode.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_final.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_libraries.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_libraries_assignment.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_libraries_assignment2.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_libraries_solution.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_login_to_token.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_mitigation.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_plan.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_refresh.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_refresh_assignment.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_signing.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_signing_solution.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_storing.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_structure.adoc (100%) rename {webgoat-lessons/jwt/src/main/resources/lessonPlans/en => src/main/resources/lessons/jwt/documentation}/JWT_weak_keys (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/html/JWT.html (92%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/i18n/WebGoatLabels.properties (100%) create mode 100644 src/main/resources/lessons/jwt/images/challenge1-small.png create mode 100644 src/main/resources/lessons/jwt/images/challenge2-small.png create mode 100644 src/main/resources/lessons/jwt/images/challenge3-small.png create mode 100644 src/main/resources/lessons/jwt/images/challenge4-small.png create mode 100644 src/main/resources/lessons/jwt/images/challenge5-small.png rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/images/jerry.png (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/images/jwt_diagram.png (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/images/jwt_token.png (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/images/logs.txt (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/images/product-icon.png (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/images/tom.png (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/js/jwt-buy.js (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/js/jwt-final.js (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/js/jwt-refresh.js (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/js/jwt-voting.js (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/js/jwt-weak-keys.js (100%) rename {webgoat-lessons/jwt/src/main/resources => src/main/resources/lessons/jwt}/js/questions_jwt.json (100%) rename {webgoat-lessons/webgoat-lesson-template/src/main/resources => src/main/resources/lessons/lesson_template}/db/migration/V2019_11_10_1__introduction.sql (100%) rename {webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en => src/main/resources/lessons/lesson_template/documentation}/lesson-template-attack.adoc (76%) create mode 100644 src/main/resources/lessons/lesson_template/documentation/lesson-template-content.adoc rename {webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en => src/main/resources/lessons/lesson_template/documentation}/lesson-template-database.adoc (72%) create mode 100644 src/main/resources/lessons/lesson_template/documentation/lesson-template-glue.adoc rename {webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en => src/main/resources/lessons/lesson_template/documentation}/lesson-template-intro.adoc (50%) rename {webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en => src/main/resources/lessons/lesson_template/documentation}/lesson-template-lesson-class.adoc (65%) rename {webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en => src/main/resources/lessons/lesson_template/documentation}/lesson-template-video-more.adoc (100%) rename {webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en => src/main/resources/lessons/lesson_template/documentation}/lesson-template-video.adoc (82%) rename {webgoat-lessons/webgoat-lesson-template/src/main/resources => src/main/resources/lessons/lesson_template}/html/LessonTemplate.html (79%) rename {webgoat-lessons/webgoat-lesson-template/src/main/resources => src/main/resources/lessons/lesson_template}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/webgoat-lesson-template/src/main/resources => src/main/resources/lessons/lesson_template}/images/firefox-proxy-config.png (100%) rename {webgoat-lessons/webgoat-lesson-template/src/main/resources => src/main/resources/lessons/lesson_template}/js/idor.js (100%) rename {webgoat-lessons/webgoat-lesson-template/src/main/resources => src/main/resources/lessons/lesson_template}/video/sample-video.m4v (100%) rename {webgoat-lessons/logging/src/main/resources/lessonPlans/en => src/main/resources/lessons/logging/documentation}/logReading_Task.adoc (100%) rename {webgoat-lessons/logging/src/main/resources/lessonPlans/en => src/main/resources/lessons/logging/documentation}/logSpoofing_Task.adoc (100%) rename {webgoat-lessons/logging/src/main/resources/lessonPlans/en => src/main/resources/lessons/logging/documentation}/logging_intro.adoc (100%) rename {webgoat-lessons/logging/src/main/resources/lessonPlans/en => src/main/resources/lessons/logging/documentation}/more_logging.adoc (100%) rename {webgoat-lessons/logging/src/main/resources/lessonPlans/en => src/main/resources/lessons/logging/documentation}/sensitive_logging_intro.adoc (100%) rename {webgoat-lessons/logging/src/main/resources => src/main/resources/lessons/logging}/html/LogSpoofing.html (79%) rename {webgoat-lessons/logging/src/main/resources => src/main/resources/lessons/logging}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/missing-function-ac/src/main/resources => src/main/resources/lessons/missing_ac}/css/ac.css (100%) rename {webgoat-lessons/missing-function-ac/src/main/resources => src/main/resources/lessons/missing_ac}/db/migration/V2021_11_03_1__ac.sql (100%) rename {webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en => src/main/resources/lessons/missing_ac/documentation}/missing-function-ac-01-intro.adoc (100%) rename {webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en => src/main/resources/lessons/missing_ac/documentation}/missing-function-ac-02-client-controls.adoc (100%) rename {webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en => src/main/resources/lessons/missing_ac/documentation}/missing-function-ac-03-users.adoc (100%) rename {webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en => src/main/resources/lessons/missing_ac/documentation}/missing-function-ac-04-users-fixed.adoc (100%) rename {webgoat-lessons/missing-function-ac/src/main/resources => src/main/resources/lessons/missing_ac}/html/MissingFunctionAC.html (89%) rename {webgoat-lessons/missing-function-ac/src/main/resources => src/main/resources/lessons/missing_ac}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/password-reset/src/main/resources => src/main/resources/lessons/password_reset}/css/password.css (100%) rename {webgoat-lessons/password-reset/src/main/resources/lessonPlans/en => src/main/resources/lessons/password_reset/documentation}/PasswordReset_SecurityQuestions.adoc (100%) rename {webgoat-lessons/password-reset/src/main/resources/lessonPlans/en => src/main/resources/lessons/password_reset/documentation}/PasswordReset_host_header.adoc (100%) rename {webgoat-lessons/password-reset/src/main/resources/lessonPlans/en => src/main/resources/lessons/password_reset/documentation}/PasswordReset_known_questions.adoc (100%) rename {webgoat-lessons/password-reset/src/main/resources/lessonPlans/en => src/main/resources/lessons/password_reset/documentation}/PasswordReset_mitigation.adoc (100%) rename {webgoat-lessons/password-reset/src/main/resources/lessonPlans/en => src/main/resources/lessons/password_reset/documentation}/PasswordReset_plan.adoc (100%) rename {webgoat-lessons/password-reset/src/main/resources/lessonPlans/en => src/main/resources/lessons/password_reset/documentation}/PasswordReset_simple.adoc (100%) rename {webgoat-lessons/password-reset/src/main/resources/lessonPlans/en => src/main/resources/lessons/password_reset/documentation}/PasswordReset_wrong_message.adoc (100%) rename {webgoat-lessons/password-reset/src/main/resources => src/main/resources/lessons/password_reset}/html/PasswordReset.html (93%) rename {webgoat-lessons/password-reset/src/main/resources => src/main/resources/lessons/password_reset}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/password-reset/src/main/resources => src/main/resources/lessons/password_reset}/images/reset1.png (100%) rename {webgoat-lessons/password-reset/src/main/resources => src/main/resources/lessons/password_reset}/images/reset2.png (100%) rename {webgoat-lessons/password-reset/src/main/resources => src/main/resources/lessons/password_reset}/images/slack1.png (100%) rename {webgoat-lessons/password-reset/src/main/resources => src/main/resources/lessons/password_reset}/images/slack2.png (100%) rename {webgoat-lessons/password-reset/src/main/resources => src/main/resources/lessons/password_reset}/js/password-reset-simple.js (100%) rename {webgoat-lessons/password-reset/src/main/resources => src/main/resources/lessons/password_reset}/templates/password_link_not_found.html (100%) rename {webgoat-lessons/password-reset/src/main/resources => src/main/resources/lessons/password_reset}/templates/password_reset.html (100%) rename {webgoat-lessons/password-reset/src/main/resources => src/main/resources/lessons/password_reset}/templates/success.html (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/css/path_traversal.css (100%) rename {webgoat-lessons/path-traversal/src/main/resources/lessonPlans/en => src/main/resources/lessons/path_traversal/documentation}/PathTraversal_intro.adoc (100%) rename {webgoat-lessons/path-traversal/src/main/resources/lessonPlans/en => src/main/resources/lessons/path_traversal/documentation}/PathTraversal_retrieval.adoc (100%) rename {webgoat-lessons/path-traversal/src/main/resources/lessonPlans/en => src/main/resources/lessons/path_traversal/documentation}/PathTraversal_upload.adoc (100%) rename {webgoat-lessons/path-traversal/src/main/resources/lessonPlans/en => src/main/resources/lessons/path_traversal/documentation}/PathTraversal_upload_fix.adoc (100%) rename {webgoat-lessons/path-traversal/src/main/resources/lessonPlans/en => src/main/resources/lessons/path_traversal/documentation}/PathTraversal_upload_fixed.adoc (100%) rename {webgoat-lessons/path-traversal/src/main/resources/lessonPlans/en => src/main/resources/lessons/path_traversal/documentation}/PathTraversal_upload_mitigation.adoc (100%) rename {webgoat-lessons/path-traversal/src/main/resources/lessonPlans/en => src/main/resources/lessons/path_traversal/documentation}/PathTraversal_upload_remove_user_input.adoc (100%) rename {webgoat-lessons/path-traversal/src/main/resources/lessonPlans/en => src/main/resources/lessons/path_traversal/documentation}/PathTraversal_zip_slip.adoc (100%) rename {webgoat-lessons/path-traversal/src/main/resources/lessonPlans/en => src/main/resources/lessons/path_traversal/documentation}/PathTraversal_zip_slip_assignment.adoc (100%) rename {webgoat-lessons/path-traversal/src/main/resources/lessonPlans/en => src/main/resources/lessons/path_traversal/documentation}/PathTraversal_zip_slip_solution.adoc (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/html/PathTraversal.html (92%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/images/account.png (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/images/cats/1.jpg (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/images/cats/10.jpg (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/images/cats/2.jpg (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/images/cats/3.jpg (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/images/cats/4.jpg (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/images/cats/5.jpg (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/images/cats/6.jpg (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/images/cats/7.jpg (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/images/cats/8.jpg (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/images/cats/9.jpg (100%) rename {webgoat-lessons/path-traversal/src/main/resources => src/main/resources/lessons/path_traversal}/js/path_traversal.js (100%) rename {webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en => src/main/resources/lessons/secure_passwords/documentation}/SecurePasswords_1.adoc (100%) rename {webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en => src/main/resources/lessons/secure_passwords/documentation}/SecurePasswords_2.adoc (100%) rename {webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en => src/main/resources/lessons/secure_passwords/documentation}/SecurePasswords_3.adoc (100%) rename {webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en => src/main/resources/lessons/secure_passwords/documentation}/SecurePasswords_4.adoc (100%) rename {webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en => src/main/resources/lessons/secure_passwords/documentation}/SecurePasswords_assignment_introduction.adoc (100%) rename {webgoat-lessons/secure-passwords/src/main/resources/lessonPlans/en => src/main/resources/lessons/secure_passwords/documentation}/SecurePasswords_intro.adoc (100%) rename {webgoat-lessons/secure-passwords/src/main/resources => src/main/resources/lessons/secure_passwords}/html/SecurePasswords.html (68%) rename {webgoat-lessons/secure-passwords/src/main/resources => src/main/resources/lessons/secure_passwords}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/secure-passwords/src/main/resources => src/main/resources/lessons/secure_passwords}/i18n/WebGoatLabels_nl.properties (100%) rename {webgoat-lessons/secure-passwords/src/main/resources => src/main/resources/lessons/secure_passwords}/js/questions_cia.json (100%) rename {webgoat-lessons => src/main/resources/lessons}/sol.MD (100%) rename {webgoat-lessons => src/main/resources/lessons}/sol.txt (100%) rename {webgoat-lessons/spoof-cookie/src/main/resources/lessonPlans/en => src/main/resources/lessons/spoofcookie/documentation}/SpoofCookie_content0.adoc (100%) rename {webgoat-lessons/spoof-cookie/src/main/resources/lessonPlans/en => src/main/resources/lessons/spoofcookie/documentation}/SpoofCookie_plan.adoc (100%) rename {webgoat-lessons/spoof-cookie/src/main/resources => src/main/resources/lessons/spoofcookie}/html/SpoofCookie.html (68%) rename {webgoat-lessons/spoof-cookie/src/main/resources => src/main/resources/lessons/spoofcookie}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/spoof-cookie/src/main/resources => src/main/resources/lessons/spoofcookie}/js/handler.js (100%) rename {webgoat-lessons/spoof-cookie/src/main/resources => src/main/resources/lessons/spoofcookie}/lessonSolutions/en/SpoofCookie_solution.adoc (100%) rename {webgoat-lessons/spoof-cookie/src/main/resources => src/main/resources/lessons/spoofcookie}/lessonSolutions/html/SpoofCookie.html (100%) rename {webgoat-lessons/spoof-cookie/src/main/resources => src/main/resources/lessons/spoofcookie}/templates/spoofcookieform.html (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/css/assignments.css (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/css/challenge.css (100%) rename {webgoat-container/src/main/resources/static => src/main/resources/lessons/sql_injection}/css/quiz.css (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/db/migration/V2019_09_26_1__servers.sql (54%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/db/migration/V2019_09_26_2__users.sql (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/db/migration/V2019_09_26_3__salaries.sql (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/db/migration/V2019_09_26_4__tan.sql (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/db/migration/V2019_09_26_5__challenge_assignment.sql (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/db/migration/V2019_09_26_6__user_system_data.sql (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/db/migration/V2019_09_26_7__employees.sql (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/db/migration/V2021_03_13_8__grant.sql (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjectionAdvanced_plan.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_challenge.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_content10.adoc (94%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_content11.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_content12.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_content12a.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_content12b.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_content13.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_content14.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_content6.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_content6a.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_content6c.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_content7.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_content8.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_content9.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_content1.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_content10.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_content11.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_content12.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_content2.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_content3.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_content4.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_content5_after.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_content5_before.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_content6.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_content7.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_content8.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_content9.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_introduction_plan.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_jdbc_completion.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_jdbc_newcode.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_order_by.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en => src/main/resources/lessons/sql_injection/documentation}/SqlInjection_quiz.adoc (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/html/SqlInjection.html (84%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/html/SqlInjectionAdvanced.html (92%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/html/SqlInjectionMitigations.html (84%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/sql_injection}/i18n/WebGoatLabels_de.properties (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/sql_injection}/i18n/WebGoatLabels_fr.properties (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/sql_injection}/i18n/WebGoatLabels_ru.properties (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/js/assignment10b.js (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/js/assignment13.js (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/js/challenge.js (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/sql_injection}/js/questions_sql_injection.json (100%) rename {webgoat-lessons/ssrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/ssrf/documentation}/SSRF_Intro.adoc (100%) rename {webgoat-lessons/ssrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/ssrf/documentation}/SSRF_Prevent.adoc (100%) rename {webgoat-lessons/ssrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/ssrf/documentation}/SSRF_Task1.adoc (100%) rename {webgoat-lessons/ssrf/src/main/resources/lessonPlans/en => src/main/resources/lessons/ssrf/documentation}/SSRF_Task2.adoc (100%) rename {webgoat-lessons/ssrf/src/main/resources => src/main/resources/lessons/ssrf}/html/SSRF.html (82%) rename {webgoat-lessons/ssrf/src/main/resources => src/main/resources/lessons/ssrf}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/ssrf/src/main/resources => src/main/resources/lessons/ssrf}/images/cat.jpg (100%) rename {webgoat-lessons/ssrf/src/main/resources => src/main/resources/lessons/ssrf}/images/jerry.png (100%) rename {webgoat-lessons/ssrf/src/main/resources => src/main/resources/lessons/ssrf}/images/tom.png (100%) rename {webgoat-lessons/ssrf/src/main/resources => src/main/resources/lessons/ssrf}/js/credentials.js (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_content0.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_content1.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_content1a.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_content2.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_content2a.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_content3.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_content4.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_content4a.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_content4b.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_content4c.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_content5.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_content5a.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_content6.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en => src/main/resources/lessons/vulnerable_components/documentation}/VulnerableComponents_plan.adoc (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources => src/main/resources/lessons/vulnerable_components}/html/VulnerableComponents.html (68%) rename {webgoat-lessons/vulnerable-components/src/main/resources => src/main/resources/lessons/vulnerable_components}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources => src/main/resources/lessons/vulnerable_components}/images/OWASP-2013-A9.png (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources => src/main/resources/lessons/vulnerable_components}/images/OWASP-Dep-Check.png (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources => src/main/resources/lessons/vulnerable_components}/images/Old-Components.png (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources => src/main/resources/lessons/vulnerable_components}/images/OpenSourceGrowing.png (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources => src/main/resources/lessons/vulnerable_components}/images/Risk-of-Old-Components.png (100%) rename {webgoat-lessons/vulnerable-components/src/main/resources => src/main/resources/lessons/vulnerable_components}/images/WebGoat-Vulns.png (100%) rename {webgoat-lessons/webgoat-introduction/src/main/resources/lessonPlans/en => src/main/resources/lessons/webgoat_introduction/documentation}/Introduction.adoc (100%) create mode 100644 src/main/resources/lessons/webgoat_introduction/html/WebGoatIntroduction.html rename {webgoat-lessons/webgoat-introduction/src/main/resources => src/main/resources/lessons/webgoat_introduction}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/webgoat-introduction/src/main/resources => src/main/resources/lessons/webgoat_introduction}/images/wg_logo.png (100%) rename {webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en => src/main/resources/lessons/webwolf_introduction/documentation}/IntroductionWebWolf.adoc (100%) rename {webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en => src/main/resources/lessons/webwolf_introduction/documentation}/Landing_page.adoc (100%) rename {webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en => src/main/resources/lessons/webwolf_introduction/documentation}/Receiving_mail.adoc (100%) rename {webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en => src/main/resources/lessons/webwolf_introduction/documentation}/Uploading_files.adoc (100%) rename {webgoat-lessons/webwolf-introduction/src/main/resources => src/main/resources/lessons/webwolf_introduction}/html/WebWolfIntroduction.html (88%) rename {webgoat-lessons/webwolf-introduction/src/main/resources => src/main/resources/lessons/webwolf_introduction}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/webwolf-introduction/src/main/resources => src/main/resources/lessons/webwolf_introduction}/images/files.png (100%) rename {webgoat-lessons/webwolf-introduction/src/main/resources => src/main/resources/lessons/webwolf_introduction}/images/mailbox.png (100%) rename {webgoat-lessons/webwolf-introduction/src/main/resources => src/main/resources/lessons/webwolf_introduction}/images/requests.png (100%) rename {webgoat-lessons/webwolf-introduction/src/main/resources => src/main/resources/lessons/webwolf_introduction}/images/wolf-enabled.png (100%) rename {webgoat-lessons/webwolf-introduction/src/main/resources => src/main/resources/lessons/webwolf_introduction}/templates/webwolfPasswordReset.html (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/xss}/css/stored-xss.css (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScriptingMitigation_plan.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScriptingStored_plan.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content1.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content2.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content3.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content4.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content5.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content5a.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content5b.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content6.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content6a.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content6b.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content7-off.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content7.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content7b.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content7c.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content8.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content8a.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content8b.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content8c.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_content9.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_plan.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en => src/main/resources/lessons/xss/documentation}/CrossSiteScripting_quiz.adoc (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/xss}/html/CrossSiteScripting.html (79%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/xss}/html/CrossSiteScriptingMitigation.html (76%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/xss}/html/CrossSiteScriptingStored.html (82%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/xss}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/xss}/i18n/WebGoatLabels_de.properties (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/xss}/i18n/WebGoatLabels_fr.properties (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/lessons/xss}/i18n/WebGoatLabels_ru.properties (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/xss}/images/Reflected-XSS.png (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/xss}/images/Stored-XSS.png (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/xss}/images/avatar1.png (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/xss}/js/assignment3.js (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/xss}/js/assignment4.js (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/xss}/js/questions_cross_site_scripting.json (100%) rename {webgoat-lessons/cross-site-scripting/src/main/resources => src/main/resources/lessons/xss}/js/stored-xss.js (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/css/xxe.css (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/csv/flights.txt (100%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/XXE_blind.adoc (100%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/XXE_blind_assignment.adoc (86%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/XXE_changing_content_type.adoc (100%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/XXE_changing_content_type_solution.adoc (100%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/XXE_code.adoc (100%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/XXE_intro.adoc (100%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/XXE_mitigation.adoc (100%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/XXE_overflow.adoc (100%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/XXE_plan.adoc (100%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/XXE_simple.adoc (100%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/XXE_simple_introduction.adoc (100%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/XXE_simple_solution.adoc (100%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/XXE_static_code_analysis.adoc (100%) rename {webgoat-lessons/xxe/src/main/resources/lessonPlans/en => src/main/resources/lessons/xxe/documentation}/temp.txt (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/html/XXE.html (85%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/i18n/WebGoatLabels.properties (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/images/avatar1.png (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/images/cat.jpg (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/images/etc_password.png (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/images/example.dtd (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/images/sonar-issue-xxe.png (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/images/sonar-issues.png (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/images/wolf-enabled.png (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/images/xxe-parser-java.png (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/images/xxe-parser.png (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/images/xxe-suggested-fix.png (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/js/xxe.js (100%) rename {webgoat-lessons/xxe/src/main/resources => src/main/resources/lessons/xxe}/secret.txt (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/animate.css (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/asciidoctor-default.css (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/coderay.css (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/font-awesome.min.css (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/img/appseceu-17.png (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/img/favicon.ico (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/img/logo.png (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/img/logoBG.jpg (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/img/owasp_logo.jpg (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/img/solution.svg (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/img/webBg.png (100%) rename {webwolf/src/main/resources/static/images => src/main/resources/webgoat/static/css/img}/wolf.svg (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/layers.css (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/main.css (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/menu.css (100%) rename {webgoat-lessons/sql-injection/src/main/resources => src/main/resources/webgoat/static}/css/quiz.css (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/css/webgoat.css (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/fonts/FontAwesome.otf (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/fonts/fontawesome-webfont.eot (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/fonts/fontawesome-webfont.svg (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/fonts/fontawesome-webfont.ttf (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/fonts/fontawesome-webfont.woff (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/application.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/controller/LessonController.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/controller/MenuController.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/goatApp.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/AssignmentStatusModel.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/FlagModel.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/FlagsCollection.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/HTMLContentModel.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/HintCollection.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/HintModel.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/LabelDebugModel.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/LessonContentModel.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/LessonInfoModel.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/LessonOverviewCollection.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/MenuCollection.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/MenuData.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/MenuModel.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/model/ReportCardModel.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/scoreboardApp.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/support/CustomGoat.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/support/GoatUtils.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/support/goatAsyncErrorHandler.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/support/goatConstants.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/templates/lesson_overview.html (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/templates/paging_controls.html (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/templates/report_card.html (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/templates/scoreboard.html (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/view/ErrorNotificationView.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/view/GoatRouter.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/view/HelpControlsView.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/view/HintView.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/view/LessonContentView.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/view/MenuButtonView.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/view/MenuItemView.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/view/MenuView.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/view/PaginationControlView.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/view/ReportCardView.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/view/ScoreboardView.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/view/TitleView.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/goatApp/view/UserAndInfoView.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/jquery/jquery-1.10.2.min.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/jquery/jquery-ui-1.10.4.custom.min.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/jquery_form/jquery.form.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/ace.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/backbone-min.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/bootstrap.min.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/jquery-2.1.4.min.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/jquery-base.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/jquery-ui-1.10.4.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/jquery-ui.min.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/jquery-vuln.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/jquery.form.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/jquery.min.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/mode-java.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/polyglot.min.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/require.min.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/text.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/theme-monokai.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/libs/underscore-min.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/main.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/modernizr.min.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/quiz.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/scoreboard.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/js/toggle.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/plugins/bootstrap-slider/css/slider.css (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/plugins/bootstrap-slider/js/bootstrap-slider.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/plugins/bootstrap-wysihtml5/css/bootstrap-wysihtml5.css (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/plugins/bootstrap-wysihtml5/css/bootstrap3-wysiwyg5-color.css (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/plugins/bootstrap-wysihtml5/js/bootstrap3-wysihtml5.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/plugins/bootstrap/css/bootstrap.min.css (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/plugins/bootstrap/fonts/glyphicons-halflings-regular.eot (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/plugins/bootstrap/fonts/glyphicons-halflings-regular.svg (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/plugins/bootstrap/fonts/glyphicons-halflings-regular.ttf (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/plugins/bootstrap/fonts/glyphicons-halflings-regular.woff (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/static/plugins/nanoScroller/jquery.nanoscroller.min.js (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/templates/about.html (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/templates/lesson_content.html (65%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/templates/login.html (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/templates/main_new.html (96%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/templates/registration.html (100%) rename {webgoat-container/src/main/resources => src/main/resources/webgoat}/templates/scoreboard.html (100%) rename webwolf/src/main/resources/static/css/img/favicon.ico => src/main/resources/webwolf/static/css/img/webwolf.ico (100%) rename webwolf/src/main/resources/static/css/main.css => src/main/resources/webwolf/static/css/webwolf.css (100%) rename {webwolf/src/main/resources => src/main/resources/webwolf}/static/images/wolf.png (100%) create mode 100644 src/main/resources/webwolf/static/images/wolf.svg rename {webwolf/src/main/resources => src/main/resources/webwolf}/static/js/fileUpload.js (64%) rename {webwolf/src/main/resources => src/main/resources/webwolf}/static/js/jwt.js (100%) rename {webwolf/src/main/resources => src/main/resources/webwolf}/static/js/mail.js (100%) rename {webwolf/src/main/resources => src/main/resources/webwolf}/templates/error.html (100%) rename {webwolf/src/main/resources => src/main/resources/webwolf}/templates/files.html (93%) rename {webwolf/src/main/resources => src/main/resources/webwolf}/templates/fragments/footer.html (100%) rename {webwolf/src/main/resources => src/main/resources/webwolf}/templates/fragments/header.html (61%) rename {webwolf/src/main/resources => src/main/resources/webwolf}/templates/home.html (95%) rename {webwolf/src/main/resources => src/main/resources/webwolf}/templates/jwt.html (100%) rename {webwolf/src/main/resources => src/main/resources/webwolf}/templates/mailbox.html (100%) rename {webwolf/src/main/resources => src/main/resources/webwolf}/templates/registration.html (100%) rename {webwolf/src/main/resources => src/main/resources/webwolf}/templates/requests.html (100%) rename webwolf/src/main/resources/templates/login.html => src/main/resources/webwolf/templates/webwolf-login.html (100%) create mode 100644 src/test/java/org/owasp/webgoat/container/WebGoatApplication.java rename {webgoat-container/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/container}/assignments/AssignmentEndpointTest.java (77%) rename {webgoat-container/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/container}/plugins/LessonTest.java (59%) rename {webgoat-container/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/container}/service/HintServiceTest.java (86%) rename {webgoat-container/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/container}/service/LessonMenuServiceTest.java (89%) rename {webgoat-container/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/container}/service/LessonProgressServiceTest.java (89%) rename {webgoat-container/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/container}/service/ReportCardServiceTest.java (86%) rename {webgoat-container/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/container}/session/LabelDebuggerTest.java (95%) rename {webgoat-container/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/container}/session/LessonTrackerTest.java (93%) rename {webgoat-container/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/container}/users/UserRepositoryTest.java (79%) rename {webgoat-container/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/container}/users/UserServiceTest.java (83%) rename {webgoat-container/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/container}/users/UserTrackerRepositoryTest.java (91%) rename {webgoat-container/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/container}/users/UserValidatorTest.java (98%) rename {webgoat-lessons/auth-bypass/src/test/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/auth_bypass/BypassVerificationTest.java (78%) rename {webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java (84%) rename {webgoat-lessons/challenge/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/challenges/Assignment1Test.java (91%) rename {webgoat-lessons/chrome-dev-tools/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/chrome_dev_tools/ChromeDevToolsTest.java (86%) rename {webgoat-lessons/cia/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/cia/CIAQuizTest.java (94%) rename {webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/client_side_filtering/ClientSideFilteringAssignmentTest.java (79%) rename {webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/client_side_filtering/ClientSideFilteringFreeAssignmentTest.java (86%) rename {webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/client_side_filtering/ShopEndpointTest.java (89%) rename {webgoat-lessons/crypto/src/test/java/org/owasp/webgoat/crypto => src/test/java/org/owasp/webgoat/lessons/cryptography}/CryptoUtilTest.java (95%) rename {webgoat-lessons/csrf/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/csrf/CSRFFeedbackTest.java (93%) rename {webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/deserialization/DeserializeTest.java (92%) rename {webgoat-lessons/hijack-session/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/hijacksession/HijackSessionAssignmentTest.java (93%) rename {webgoat-lessons/hijack-session/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/hijacksession/cas/HijackSessionAuthenticationProviderTest.java (93%) rename {webgoat-lessons/http-proxies/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/http_proxies/HttpBasicsInterceptRequestTest.java (89%) rename {webgoat-lessons/jwt/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/jwt/JWTDecodeEndpointTest.java (87%) rename {webgoat-lessons/jwt/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/jwt/JWTFinalEndpointTest.java (91%) rename {webgoat-lessons/jwt/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/jwt/JWTRefreshEndpointTest.java (97%) rename {webgoat-lessons/jwt/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/jwt/JWTSecretKeyEndpointTest.java (95%) rename {webgoat-lessons/jwt/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/jwt/JWTVotesEndpointTest.java (97%) rename {webgoat-lessons/jwt/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/jwt/TokenTest.java (98%) rename {webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/missing_ac/DisplayUserTest.java (87%) rename {webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/missing_ac/MissingFunctionACHiddenMenusTest.java (90%) rename {webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/missing_ac/MissingFunctionACUsersTest.java (85%) rename {webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/missing_ac/MissingFunctionACYourHashAdminTest.java (78%) rename {webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/missing_ac/MissingFunctionYourHashTest.java (88%) rename {webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/password_reset/SecurityQuestionAssignmentTest.java (88%) rename {webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/path_traversal/ProfileUploadFixTest.java (89%) rename {webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/path_traversal/ProfileUploadRemoveUserInputTest.java (89%) rename {webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/path_traversal/ProfileUploadRetrievalTest.java (93%) rename {webgoat-lessons/path-traversal/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/path_traversal/ProfileUploadTest.java (93%) rename {webgoat-lessons/spoof-cookie/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/spoofcookie/SpoofCookieAssignmentTest.java (98%) rename {webgoat-lessons/spoof-cookie/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/spoofcookie/encoders/EncDecTest.java (96%) rename {webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/sql_injection/SqlLessonTest.java (83%) rename {webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson10Test.java (95%) rename {webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson2Test.java (93%) rename {webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson5Test.java (94%) rename {webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson5aTest.java (96%) rename {webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson6aTest.java (95%) rename {webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson6bTest.java (91%) rename {webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson8Test.java (96%) rename {webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/sql_injection/introduction/SqlInjectionLesson9Test.java (98%) rename {webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/sql_injection/mitigation/SqlInjectionLesson13Test.java (97%) rename {webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/sql_injection/mitigation/SqlOnlyInputValidationOnKeywordsTest.java (92%) rename {webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/sql_injection/mitigation/SqlOnlyInputValidationTest.java (91%) rename {webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/ssrf/SSRFTest1.java (89%) rename {webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/ssrf/SSRFTest2.java (92%) rename {webgoat-lessons/vulnerable-components/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/vulnerable_components/VulnerableComponentsLessonTest.java (94%) rename {webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/xss/CrossSiteScriptingLesson1Test.java (96%) rename {webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/xss/DOMCrossSiteScriptingTest.java (93%) rename {webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/xss/StoredXssCommentsTest.java (96%) rename {webgoat-lessons/xxe/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/xxe/BlindSendFileAssignmentTest.java (62%) rename {webgoat-lessons/xxe/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/xxe/ContentTypeAssignmentTest.java (72%) rename {webgoat-lessons/xxe/src/test/java/org/owasp/webgoat => src/test/java/org/owasp/webgoat/lessons}/xxe/SimpleXXETest.java (95%) create mode 100644 src/test/java/org/owasp/webgoat/webwolf/WebWolfApplication.java rename {webwolf/src/test/java/org/owasp => src/test/java/org/owasp/webgoat}/webwolf/jwt/JWTTokenTest.java (98%) rename {webwolf/src/test/java/org/owasp => src/test/java/org/owasp/webgoat}/webwolf/mailbox/MailboxControllerTest.java (91%) rename {webwolf/src/test/java/org/owasp => src/test/java/org/owasp/webgoat}/webwolf/mailbox/MailboxRepositoryTest.java (88%) rename {webwolf/src/test/java/org/owasp => src/test/java/org/owasp/webgoat}/webwolf/user/UserServiceTest.java (98%) create mode 100644 src/test/resources/application-webgoat-test.properties rename webgoat-container/src/test/resources/application-test.properties => src/test/resources/application-webwolf.properties (58%) rename {webgoat-container/src => src}/test/resources/logback-test.xml (100%) rename docker/start.sh => start.sh (63%) delete mode 100644 webgoat-container/.gitignore delete mode 100644 webgoat-container/pom.xml delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/DatabaseConfiguration.java delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java delete mode 100644 webgoat-container/src/test/java/org/owasp/webgoat/TestApplication.java delete mode 100644 webgoat-container/src/test/java/org/owasp/webgoat/service/LabelServiceTest.java delete mode 100644 webgoat-container/src/test/resources/org/owasp/webgoat/plugins/lessonSolutions/rewrite_test.html delete mode 100644 webgoat-integration-tests/pom.xml delete mode 100644 webgoat-integration-tests/src/test/java/org/owasp/webgoat/ChallengeTest.java delete mode 100644 webgoat-integration-tests/src/test/resources/application-inttest.properties delete mode 100644 webgoat-integration-tests/src/test/resources/logback-test.xml delete mode 100644 webgoat-lessons/auth-bypass/.DS_Store delete mode 100644 webgoat-lessons/auth-bypass/pom.xml delete mode 100644 webgoat-lessons/auth-bypass/src/.DS_Store delete mode 100644 webgoat-lessons/auth-bypass/src/main/.DS_Store delete mode 100644 webgoat-lessons/auth-bypass/src/main/java/.DS_Store delete mode 100644 webgoat-lessons/auth-bypass/src/main/java/org/.DS_Store delete mode 100644 webgoat-lessons/auth-bypass/src/main/java/org/owasp/.DS_Store delete mode 100644 webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/.DS_Store delete mode 100644 webgoat-lessons/auth-bypass/src/main/resources/.DS_Store delete mode 100644 webgoat-lessons/auth-bypass/src/main/resources/html/.DS_Store delete mode 100755 webgoat-lessons/bypass-restrictions/pom.xml delete mode 100644 webgoat-lessons/challenge/pom.xml delete mode 100644 webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/ImageServlet.java delete mode 100644 webgoat-lessons/challenge/src/main/resources/html/Challenge.html delete mode 100644 webgoat-lessons/chrome-dev-tools/pom.xml delete mode 100644 webgoat-lessons/cia/pom.xml delete mode 100644 webgoat-lessons/client-side-filtering/pom.xml delete mode 100644 webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/ru/ClientSideFiltering.html delete mode 100644 webgoat-lessons/cross-site-scripting/.gitignore delete mode 100644 webgoat-lessons/cross-site-scripting/.sonatype delete mode 100644 webgoat-lessons/cross-site-scripting/pom.xml delete mode 100644 webgoat-lessons/crypto/pom.xml delete mode 100644 webgoat-lessons/crypto/src/main/resources/lessonSolutions/en/crypto_solution.adoc delete mode 100644 webgoat-lessons/crypto/src/main/resources/lessonSolutions/html/crypto.html delete mode 100644 webgoat-lessons/csrf/pom.xml delete mode 100644 webgoat-lessons/csrf/src/.DS_Store delete mode 100644 webgoat-lessons/csrf/src/main/.DS_Store delete mode 100644 webgoat-lessons/csrf/src/main/java/.DS_Store delete mode 100644 webgoat-lessons/csrf/src/main/java/org/.DS_Store delete mode 100644 webgoat-lessons/csrf/src/main/java/org/owasp/.DS_Store delete mode 100644 webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/.DS_Store delete mode 100644 webgoat-lessons/csrf/src/main/resources/.DS_Store delete mode 100644 webgoat-lessons/csrf/src/main/resources/lessonPlans/.DS_Store delete mode 100644 webgoat-lessons/csrf/webgoat-lesson-template/.DS_Store delete mode 100644 webgoat-lessons/csrf/webgoat-lesson-template/src/.DS_Store delete mode 100644 webgoat-lessons/csrf/webgoat-lesson-template/src/main/.DS_Store delete mode 100644 webgoat-lessons/csrf/webgoat-lesson-template/src/main/java/.DS_Store delete mode 100644 webgoat-lessons/csrf/webgoat-lesson-template/src/main/java/org/.DS_Store delete mode 100644 webgoat-lessons/csrf/webgoat-lesson-template/src/main/java/org/owasp/.DS_Store delete mode 100644 webgoat-lessons/csrf/webgoat-lesson-template/src/main/java/org/owasp/webgoat/.DS_Store delete mode 100644 webgoat-lessons/csrf/webgoat-lesson-template/src/main/resources/.DS_Store delete mode 100644 webgoat-lessons/csrf/webgoat-lesson-template/src/main/resources/html/.DS_Store delete mode 100644 webgoat-lessons/hijack-session/pom.xml delete mode 100755 webgoat-lessons/html-tampering/pom.xml delete mode 100644 webgoat-lessons/http-basics/pom.xml delete mode 100644 webgoat-lessons/http-basics/src/main/resources/lessonPlans/de/HttpBasics.html delete mode 100644 webgoat-lessons/http-basics/src/main/resources/lessonPlans/nl/HttpBasics_content1.adoc delete mode 100644 webgoat-lessons/http-basics/src/main/resources/lessonPlans/ru/HttpBasics.html delete mode 100644 webgoat-lessons/http-basics/src/main/resources/lessonSolutions/en/HttpBasics_solution.adoc delete mode 100644 webgoat-lessons/http-basics/src/main/resources/lessonSolutions/html/HttpBasics.html delete mode 100644 webgoat-lessons/http-proxies/pom.xml delete mode 100644 webgoat-lessons/idor/pom.xml delete mode 100755 webgoat-lessons/insecure-deserialization/pom.xml delete mode 100755 webgoat-lessons/insecure-login/pom.xml delete mode 100644 webgoat-lessons/jwt/pom.xml delete mode 100755 webgoat-lessons/logging/pom.xml delete mode 100644 webgoat-lessons/missing-function-ac/.DS_Store delete mode 100644 webgoat-lessons/missing-function-ac/pom.xml delete mode 100644 webgoat-lessons/missing-function-ac/src/.DS_Store delete mode 100644 webgoat-lessons/missing-function-ac/src/main/.DS_Store delete mode 100644 webgoat-lessons/missing-function-ac/src/main/java/.DS_Store delete mode 100644 webgoat-lessons/missing-function-ac/src/main/java/org/.DS_Store delete mode 100644 webgoat-lessons/missing-function-ac/src/main/java/org/owasp/.DS_Store delete mode 100644 webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/.DS_Store delete mode 100644 webgoat-lessons/missing-function-ac/src/main/resources/.DS_Store delete mode 100644 webgoat-lessons/missing-function-ac/src/main/resources/html/.DS_Store delete mode 100644 webgoat-lessons/password-reset/pom.xml delete mode 100644 webgoat-lessons/path-traversal/pom.xml delete mode 100644 webgoat-lessons/pom.xml delete mode 100644 webgoat-lessons/secure-passwords/pom.xml delete mode 100644 webgoat-lessons/spoof-cookie/pom.xml delete mode 100644 webgoat-lessons/sql-injection/.sonatype delete mode 100644 webgoat-lessons/sql-injection/pom.xml delete mode 100644 webgoat-lessons/sql-injection/src/main/resources/lessonSolutions/en/SqlInjection_solution.adoc delete mode 100644 webgoat-lessons/sql-injection/src/main/resources/lessonSolutions/html/SqlInjection.html delete mode 100755 webgoat-lessons/ssrf/pom.xml delete mode 100644 webgoat-lessons/vulnerable-components/.gitignore delete mode 100644 webgoat-lessons/vulnerable-components/pom.xml delete mode 100644 webgoat-lessons/vulnerable-components/src/main/resources/lessonSolutions/en/VulnerableComponents_solution.adoc delete mode 100644 webgoat-lessons/vulnerable-components/src/main/resources/lessonSolutions/html/VulnerableComponents.html delete mode 100644 webgoat-lessons/webgoat-introduction/pom.xml delete mode 100644 webgoat-lessons/webgoat-introduction/src/main/resources/html/WebGoatIntroduction.html delete mode 100644 webgoat-lessons/webgoat-introduction/src/main/resources/lessonPlans/nl/Introduction.adoc delete mode 100644 webgoat-lessons/webgoat-lesson-template/.DS_Store delete mode 100644 webgoat-lessons/webgoat-lesson-template/getting-started.MD delete mode 100644 webgoat-lessons/webgoat-lesson-template/pom.xml delete mode 100644 webgoat-lessons/webgoat-lesson-template/src/.DS_Store delete mode 100644 webgoat-lessons/webgoat-lesson-template/src/main/.DS_Store delete mode 100644 webgoat-lessons/webgoat-lesson-template/src/main/java/.DS_Store delete mode 100644 webgoat-lessons/webgoat-lesson-template/src/main/java/org/.DS_Store delete mode 100644 webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/.DS_Store delete mode 100644 webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/.DS_Store delete mode 100644 webgoat-lessons/webgoat-lesson-template/src/main/resources/.DS_Store delete mode 100644 webgoat-lessons/webgoat-lesson-template/src/main/resources/html/.DS_Store delete mode 100644 webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-content.adoc delete mode 100644 webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-glue.adoc delete mode 100644 webgoat-lessons/webwolf-introduction/pom.xml delete mode 100644 webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/nl/IntroductionWebWolf.adoc delete mode 100644 webgoat-lessons/xxe/pom.xml delete mode 100644 webgoat-server/Dockerfile delete mode 100644 webgoat-server/pom.xml delete mode 100644 webgoat-server/src/main/java/org/owasp/webgoat/HSQLDBDatabaseConfig.java delete mode 100644 webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java delete mode 100644 webwolf/Dockerfile delete mode 100644 webwolf/README.md delete mode 100644 webwolf/pom.xml delete mode 100644 webwolf/src/main/java/org/owasp/webwolf/WebWolf.java delete mode 100644 webwolf/src/main/java/org/owasp/webwolf/db/ActuatorDsJsonParser.java delete mode 100644 webwolf/src/main/java/org/owasp/webwolf/db/DataSourceProperties.java delete mode 100644 webwolf/src/main/java/org/owasp/webwolf/db/DataSourceResolver.java delete mode 100644 webwolf/src/main/java/org/owasp/webwolf/db/ResourceUnavailableException.java delete mode 100644 webwolf/src/main/java/org/owasp/webwolf/user/RegistrationController.java delete mode 100644 webwolf/src/main/java/org/owasp/webwolf/user/UserValidator.java delete mode 100644 webwolf/src/main/resources/i18n/messages.properties delete mode 100644 webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java delete mode 100644 webwolf/src/test/resources/logback-test.xml delete mode 100755 webwolf/start-webwolf.sh diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000..35b2f7ce0 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +** + +!/target diff --git a/.editorconfig b/.editorconfig index 8140db745..a6d05ec21 100644 --- a/.editorconfig +++ b/.editorconfig @@ -12,5 +12,4 @@ ij_continuation_indent_size = 8 ij_formatter_off_tag = @formatter:off ij_formatter_on_tag = @formatter:on ij_formatter_tags_enabled = false -ij_wrap_on_typing = true ij_java_names_count_to_use_import_on_demand = 999 diff --git a/.github/workflows/branch_build.yml b/.github/workflows/branch_build.yml deleted file mode 100644 index 0174d81d4..000000000 --- a/.github/workflows/branch_build.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: "Branch build" -on: - push: - branches-ignore: - - main - - develop - - release/* -permissions: - contents: read - -jobs: - install-notest: - if: "github.repository != 'WebGoat/WebGoat'" - runs-on: ubuntu-latest - name: "Package and linting" - steps: - - uses: actions/checkout@v3 - - name: set up JDK 17 - uses: actions/setup-java@v2 - with: - distribution: 'temurin' - java-version: 17 - architecture: x64 - - name: Cache Maven packages - uses: actions/cache@v3 - with: - path: ~/.m2 - key: ubuntu-latest-m2-${{ hashFiles('**/pom.xml') }} - restore-keys: ubuntu-latest-m2 - - name: Test with Maven - run: mvn --no-transfer-progress install -DskipTests - - testing: - if: "github.repository != 'WebGoat/WebGoat'" - needs: install-notest - runs-on: ubuntu-latest - strategy: - matrix: - args: - - mvn --no-transfer-progress -pl '!webgoat-integration-tests' test - - mvn --no-transfer-progress -pl webgoat-integration-tests test - steps: - - uses: actions/checkout@v3 - - name: set up JDK 17 - uses: actions/setup-java@v2 - with: - distribution: 'temurin' - java-version: 17 - architecture: x64 - - name: Cache Maven packages - uses: actions/cache@v3 - with: - path: ~/.m2 - key: ubuntu-latest-m2-${{ hashFiles('**/pom.xml') }} - restore-keys: ubuntu-latest-m2 - - name: Test with Maven - run: ${{ matrix.args }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..97d830774 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,72 @@ +name: "Build" +on: + pull_request: + paths-ignore: + - '.txt' + - '*.MD' + - '*.md' + - 'LICENSE' + - 'docs/**' + push: + branches: + - main + - develop + - release/* + tags-ignore: + - '*' + paths-ignore: + - '.txt' + - '*.MD' + - '*.md' + - 'LICENSE' + - 'docs/**' + +jobs: + pr-build: + if: > + github.event_name == 'pull_request' && !github.event.pull_request.draft && ( + github.event.action == 'opened' || + github.event.action == 'reopened' || + github.event.action == 'synchronize' + ) + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest, windows-latest, macos-latest] + steps: + - uses: actions/checkout@v2 + - name: Set up JDK 17 + uses: actions/setup-java@v2 + with: + distribution: 'temurin' + java-version: 17 + architecture: x64 + - name: Cache Maven packages + uses: actions/cache@v2.1.7 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2- + - name: Build with Maven + run: mvn --no-transfer-progress package + + build: + if: github.repository == 'WebGoat/WebGoat' && github.event_name == 'push' + runs-on: ubuntu-latest + name: "Branch build" + steps: + - uses: actions/checkout@v2 + - name: set up JDK 17 + uses: actions/setup-java@v2 + with: + distribution: 'temurin' + java-version: 17 + architecture: x64 + - name: Cache Maven packages + uses: actions/cache@v2.1.7 + with: + path: ~/.m2 + key: ubuntu-latest-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ubuntu-latest-m2- + - name: Test with Maven + run: mvn --no-transfer-progress verify diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml deleted file mode 100644 index bfd0d43ea..000000000 --- a/.github/workflows/pr_build.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: "Pull request build" -on: - pull_request: - paths-ignore: - - '.txt' - - '*.MD' - - '*.md' - - 'LICENSE' - - 'docs/**' - push: - branches: - - main - - release/* - tags-ignore: - - '*' - paths-ignore: - - '.txt' - - '*.MD' - - '*.md' - - 'LICENSE' - - 'docs/**' - -permissions: - contents: read - -jobs: - build: - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-latest, windows-latest, macos-latest] - java: [17] - steps: - - uses: actions/checkout@v3 - - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@v2 - with: - distribution: 'temurin' - java-version: ${{ matrix.java }} - architecture: x64 - - name: Cache Maven packages - uses: actions/cache@v3 - with: - path: ~/.m2 - key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m2 - - name: Build with Maven - run: mvn --no-transfer-progress package diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7f73a10fa..15bd307b8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -46,8 +46,7 @@ jobs: with: draft: false files: | - webgoat-server/target/webgoat-server-${{ env.WEBGOAT_MAVEN_VERSION }}.jar - webwolf/target/webwolf-${{ env.WEBGOAT_MAVEN_VERSION }}.jar + webgoat/target/webgoat-${{ env.WEBGOAT_MAVEN_VERSION }}.jar body: | ## Version ${{ steps.tag.outputs.tag }} @@ -91,13 +90,13 @@ jobs: - name: "Build and push" uses: docker/build-push-action@v2.10.0 with: - context: ./docker - file: docker/Dockerfile + context: ./ + file: ./Dockerfile push: true platforms: linux/amd64, linux/arm64, linux/arm/v7 tags: | - webgoat/goatandwolf:${{ env.WEBGOAT_TAG_VERSION }} - webgoat/goatandwolf:latest + webgoat/webgoat:${{ env.WEBGOAT_TAG_VERSION }} + webgoat/webgoat:latest build-args: | webgoat_version=${{ env.WEBGOAT_MAVEN_VERSION }} @@ -118,10 +117,10 @@ jobs: ref: develop token: ${{ secrets.WEBGOAT_DEPLOYER_TOKEN }} - - name: Set up JDK 15 + - name: Set up JDK 17 uses: actions/setup-java@v2 with: - java-version: 15 + java-version: 17 architecture: x64 - name: Set version to next snapshot diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..bd9c7b58d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,32 @@ +FROM docker.io/eclipse-temurin:17-jdk-focal + +RUN useradd -ms /bin/bash webgoat +RUN chgrp -R 0 /home/webgoat +RUN chmod -R g=u /home/webgoat + +USER webgoat + +COPY --chown=webgoat target/webgoat-*.jar /home/webgoat/webgoat.jar + +EXPOSE 8080 +EXPOSE 9090 + +WORKDIR /home/webgoat +ENTRYPOINT [ "java", \ + "-Duser.home=/home/webgoat", \ + "-Dfile.encoding=UTF-8", \ + "--add-opens", "java.base/java.lang=ALL-UNNAMED", \ + "--add-opens", "java.base/java.util=ALL-UNNAMED", \ + "--add-opens", "java.base/java.lang.reflect=ALL-UNNAMED", \ + "--add-opens", "java.base/java.text=ALL-UNNAMED", \ + "--add-opens", "java.desktop/java.beans=ALL-UNNAMED", \ + "--add-opens", "java.desktop/java.awt.font=ALL-UNNAMED", \ + "--add-opens", "java.base/sun.nio.ch=ALL-UNNAMED", \ + "--add-opens", "java.base/java.io=ALL-UNNAMED", \ + "--add-opens", "java.base/java.util=ALL-UNNAMED", \ + "-Drunning.in.docker=true", \ + "-Dwebgoat.host=0.0.0.0", \ + "-Dwebwolf.host=0.0.0.0", \ + "-Dwebgoat.port=8080", \ + "-Dwebwolf.port=9090", \ + "-jar", "webgoat.jar" ] diff --git a/README.md b/README.md index dc49f8363..8ff92be96 100644 --- a/README.md +++ b/README.md @@ -33,21 +33,15 @@ For more details check [the Contribution guide](/CONTRIBUTING.md) ## 1. Run using Docker -Every release is also published on [DockerHub](https://hub.docker.com/r/webgoat/goatandwolf). +Every release is also published on [DockerHub](https://hub.docker.com/r/webgoat/webgoat). The easiest way to start WebGoat as a Docker container is to use the all-in-one docker container. This is a docker image that has WebGoat and WebWolf running inside. ```shell -docker run -it -p 127.0.0.1:80:8888 -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf:v8.2.2 +docker run -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amsterdam webgoat/webgoat ``` -The landing page will be located at: http://localhost -WebGoat will be located at: http://localhost:8080/WebGoat -WebWolf will be located at: http://localhost:9090/WebWolf - -**Important**: *Change the ports if necessary, for example use `127.0.0.1:7777:9090` to map WebWolf to `http://localhost:7777/WebGoat`* - **Important**: *Choose the correct timezone, so that the docker container and your host are in the same timezone. As it is important for the validity of JWT tokens used in certain exercises.* @@ -56,12 +50,10 @@ WebWolf will be located at: http://localhost:9090/WebWolf Download the latest WebGoat and WebWolf release from [https://github.com/WebGoat/WebGoat/releases](https://github.com/WebGoat/WebGoat/releases) ```shell -java -Dfile.encoding=UTF-8 -Dserver.port=8080 -Dserver.address=localhost -Dhsqldb.port=9001 -jar webgoat-server-8.2.2.jar -java -Dfile.encoding=UTF-8 -Dserver.port=9090 -Dserver.address=localhost -jar webwolf-8.2.2.jar +java -Dfile.encoding=UTF-8 -jar webgoat-8.2.3.jar ``` -WebGoat will be located at: http://localhost:8080/WebGoat and -WebWolf will be located at: http://localhost:9090/WebWolf (change ports if necessary) +Click the link in the log to start WebGoat. ## 3. Run from the sources @@ -84,17 +76,21 @@ cd WebGoat git checkout <> # On Linux/Mac: ./mvnw clean install + # On Windows: ./mvnw.cmd clean install + +# Using docker or podman, you can than build the container locally +docker build -f Dockerfile . -t webgoat/webgoat ``` Now we are ready to run the project. WebGoat 8.x is using Spring-Boot. ```Shell # On Linux/Mac: -./mvnw -pl webgoat-server spring-boot:run -# On Widows: -./mvnw.cmd -pl webgoat-server spring-boot:run +./mvnw spring-boot:run +# On Windows: +./mvnw.cmd spring-boot:run ``` ... you should be running WebGoat on localhost:8080/WebGoat momentarily @@ -114,9 +110,9 @@ For instance running as a jar on a Linux/macOS it will look like this: ```Shell export EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE" export EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations" -java -jar webgoat-server/target/webgoat-server-v8.2.2-SNAPSHOT.jar -``` +java -jar target/webgoat-8.2.3-SNAPSHOT.jar + Or in a docker run it would (once this version is pushed into docker hub) look like this: ```Shell -docker run -d -p 80:8888 -p 8080:8080 -p 9090:9090 -e TZ=Europe/Amsterdam -e EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE" -e EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations" webgoat/goatandwolf +docker run -d -p 8080:8080 -p 9090:9090 -e TZ=Europe/Amsterdam -e EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE" -e EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations" webgoat/webgoat ``` diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 3fbab978a..ef55b382d 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -4,7 +4,21 @@ ### New functionality -- Update the Docker startup script, it is now possible to pass `skip-nginx` or set `SKIP_NGINX` as environment variable. +- New year's resolution: major refactoring of WebGoat to simplify the setup and improve building times. +- Move away from multi-project setup: + - This has a huge performance benefit when building the application. Build time locally is now `Total time: 42.469 s` (depends on your local machine of course) + - No longer add Maven dependencies in several places + - H2 no longer needs to run as separate process, which solves the issue of WebWolf sharing and needing to configure the correct database connection. +- More explicit paths in html files to reference `adoc` files, less magic. +- Integrate WebWolf in WebGoat, the setup was way too complicated and needed configuration which could lead to mistakes and a not working application. This also simplifies the Docker configuration as there is only 1 Docker image. +- Add WebWolf button in WebGoat +- Move all lessons into `src/main/resources` +- WebGoat selects a port dynamically when starting. It will still start of port 8080 it will try another port to ease the user experience. +- WebGoat logs URL after startup: `Please browse to http://127.0.0.1:8080/WebGoat to get started...` +- Simplify `Dockerfile` as we no longer need a script to start everything +- Maven build now start WebGoat jar with Maven plugin to make sure we run against the latest build. +- Added `Initializable` interface for a lesson, an assignment can implement this interface to set it up for a specific user and to reset the assignment back to its original state when a reset lesson occurs. See `BlindSendFileAssignment` for an example. +- Integration tests now use the same user. This saves a lot of time as before every test used a different user which triggered the Flyway migration to set up the database schema for the user. This migration took a lot of time. ## Version 8.2.2 diff --git a/config/pmd/pmd-ruleset.xml b/config/pmd/pmd-ruleset.xml deleted file mode 100644 index 27812d9bc..000000000 --- a/config/pmd/pmd-ruleset.xml +++ /dev/null @@ -1,1746 +0,0 @@ - - -jPinpoint specific rules for performance aware Java coding, sponsored by Rabobank.(jpinpoint-rules) - - - - - - Problem: A proxy object is created by CDI for explicit references, they are not de-referenced implicitly and become a memory leak. - Solution: Destroy the reference explicitly. - (jpinpoint-rules) - 2 - - - - - - - - - - - - - Interface defines constants. Problem: Possibly exposes implementation details. - Solution: Make it a Class which cannot be instantiated, or an Enum. Use static imports. - (jpinpoint-rules) - 3 - - - - 0 - ] - ]]> - - - - - - Problem: java.text.DecimalFormat and java.text.ChoiceFormat are thread-unsafe. The usual solution - is to create a new local one when needed in a method. - (jpinpoint-rules) - 2 - - - - - - - - - - Problem: Several HTTP client connection managers are thread-unsafe which may cause session data mix-up or have other issues for which they were made deprecated. - Solutions: Use org.apache.http.impl.conn.PoolingHttpClientConnectionManager and org.apache.http.impl.client.HttpClientBuilder. (jpinpoint-rules) - 3 - - - - - - - - - - - Problem: Potential bug: expected are different assignments in different cases. - Solution: assign different values in different cases, common assignments should be taken out of the switch. - (jpinpoint-rules) - - - - - 0 -or preceding-sibling::SwitchLabel[@Default='true']) -] -]]> - - - - 2 - - - - A regular expression is compiled implicitely on every invocation. Problem: this can be expensive, depending on the length of the regular expression. - Solution: Compile the regex pattern only once and assign it to a private static final Pattern field. java.util.Pattern objects are thread-safe so they can be shared among threads. - (jpinpoint-rules) - 2 - - - - 5 and -(matches(@Image, '[\.\$\|\(\)\[\]\{\}\^\?\*\+\\]+'))] or Name -and not(../PrimarySuffix) -and not ( -Name/@Image=ancestor::MethodDeclaration//VariableDeclaratorId/@Image) -and not ( -Name[@Image=ancestor::ClassOrInterfaceBody/ClassOrInterfaceBodyDeclaration/FieldDeclaration/VariableDeclarator[ -VariableInitializer/Expression/PrimaryExpression/PrimaryPrefix/Literal[string-length(@Image) < 6 or not -(matches(@Image, '[\.\$\|\(\)\[\]\{\}\^\?\*\+\\]+'))] -]/VariableDeclaratorId/@Image]) -] -, -//MethodDeclaration//PrimaryPrefix/Name[ends-with(@Image, '.split') or ends-with(@Image, 'getPathMatcher')]/../../PrimarySuffix/Arguments[@ArgumentCount=1]//Expression[1]//PrimaryPrefix[ -Literal[string-length(@Image) > 5 and -matches(@Image, '[\.\$\|\(\)\[\]\{\}\^\?\*\+\\]+')] or Name -and not(../PrimarySuffix) -and not ( -Name/@Image=ancestor::MethodDeclaration//VariableDeclaratorId/@Image) -and not ( -Name[@Image=ancestor::ClassOrInterfaceBody/ClassOrInterfaceBodyDeclaration/FieldDeclaration/VariableDeclarator[ -VariableInitializer/Expression/PrimaryExpression/PrimaryPrefix/Literal[string-length(@Image) < 6 or not -(matches(@Image, '[\.\$\|\(\)\[\]\{\}\^\?\*\+\\]+'))] -]/VariableDeclaratorId/@Image]) -] -, -//MethodDeclaration//PrimarySuffix[@Image='getPathMatcher']/../PrimarySuffix/Arguments[@ArgumentCount=1]/ArgumentList/Expression[1]/PrimaryExpression/PrimaryPrefix[ -Literal[string-length(@Image) > 5] or Name -and not(../PrimarySuffix) -and not ( -Name/@Image=ancestor::MethodDeclaration//VariableDeclaratorId/@Image) -and not ( -Name[@Image=ancestor::ClassOrInterfaceBody/ClassOrInterfaceBodyDeclaration/FieldDeclaration/VariableDeclarator[ -VariableInitializer/Expression/PrimaryExpression/PrimaryPrefix/Literal[string-length(@Image) < 6]]/VariableDeclaratorId/@Image]) -] -, -(: --- String.matches called on formalparams, locals and fields --- :) -//MethodDeclaration//PrimaryPrefix/Name[ends-with(@Image, '.matches')] -[ -(exists(index-of((ancestor::MethodDeclaration//FormalParameter[pmd-java:typeIs('java.lang.String')]/VariableDeclaratorId/@Image), substring-before(@Image,'.'))) -or -exists(index-of((ancestor::MethodDeclaration//LocalVariableDeclaration/Type[pmd-java:typeIs('java.lang.String')]/../VariableDeclarator/VariableDeclaratorId/@Image), substring-before(@Image,'.'))) -or -exists(index-of((ancestor::ClassOrInterfaceBody//FieldDeclaration[pmd-java:typeIs('java.lang.String')]/VariableDeclarator/VariableDeclaratorId/@Image), substring-before(@Image,'.')))) -and -(: for matches param is >5 literal or something named :) -../../PrimarySuffix/Arguments[@ArgumentCount=1]//Expression[1]//PrimaryPrefix[ -Literal[string-length(@Image) > 5] or Name -(: exclude method calls :) -and not(../PrimarySuffix) -(: exclude for param is method arg or local :) -and not ( -Name/@Image=ancestor::MethodDeclaration//VariableDeclaratorId/@Image) -(: exclude for param is short fields :) -and not ( -Name[@Image=ancestor::ClassOrInterfaceBody/ClassOrInterfaceBodyDeclaration/FieldDeclaration/VariableDeclarator[ -VariableInitializer/Expression/PrimaryExpression/PrimaryPrefix/Literal[string-length(@Image) < 6] -]/VariableDeclaratorId/@Image]) -]]) -]]> - - - - - - Default constructor of ByteArrayOutputStream or StringWriter is used. Problem: It allocates a small buffer as capacity which usually needs several expensive expansions. - Solution: Presize the ByteArrayOutputStream or StringWriter with an initial capacity such that an expansion is not needed in most cases. - (jpinpoint-rules) - 2 - - - - - - - - - - Multiple statements concatenate to the same String. Problem: Each statement with one or more +-operators creates a hidden temporary StringBuilder, a char[] and a new String object, which all have to be garbage collected. - Solution: Use StringBulder.append. - (jpinpoint-rules) - 2 - - - - 1]/BlockStatement[position()=last()] -| -//MethodDeclaration/Block[ -count( -./BlockStatement/Statement//StatementExpression[ -./PrimaryExpression/PrimaryPrefix/Name[ -@Image = ../../../Expression/AdditiveExpression/PrimaryExpression/PrimaryPrefix/Name/@Image -and -@Image = ./../../../../../../../..//VariableDeclaratorId/../../Type/ReferenceType/ClassOrInterfaceType[typeIs('java.lang.String')]/../../../VariableDeclarator/VariableDeclaratorId/attribute::Image -] -]) > 1 ]//BlockStatement[position()=last()]//StatementExpression/Expression/AdditiveExpression[@Image = '+'] - ]]> - - - - - - A regular expression is compiled on every invocation. Problem: this can be expensive, depending on the length of the regular expression. - Solution: Usually a pattern is a literal, not dynamic and can be compiled only once. Assign it to a private static field. java.util.Pattern objects are thread-safe so they can be shared among threads. - (jpinpoint-rules) - 2 - - - - - - - - - - XPathExpression is created and compiled on every method call. Problem: Creation XPath and compilation of XPathExpression takes time. It may slow down your application. - Solution: 1. Avoid XPath usage. 2. Since XPath and XPathExpression classes are thread-unsafe, they are not easily cached. Caching in Thread locals may be a solution. - (jpinpoint-rules) - 2 - - - - - - - - - - - Problem: Recreating a DateTimeFormatter is relatively expensive. - Solution: org.joda.time.format.DateTimeFormatter or Java 8 java.time.DateTimeFormatter is thread-safe and can be shared among threads. Create the - formatter from a pattern only once, to initialize a static final field. - (jpinpoint-rules) - - - - - - - - - 2 - - - - Problem: Reflection is relatively expensive. - Solution: Avoid to use reflection. Use the non-reflective, explicit way, preferably using Guava. - (jpinpoint-rules) - 2 - - - - - - - - - - Problem: java.util.SimpleDateFormat is thread-unsafe. The usual solution is to create a new one when needed in a method. Creating SimpleDateFormat is relatively expensive. - Solution: Use a Joda-Time DateTimeFormat to create a specific DateTimeFormatter or Java 8 java.time.DateTimeFormatter. These classes are immutable, thus thread-safe and can be made static. - (jpinpoint-rules) - 2 - - - - - - - - - - Problem: StringBuffer introduces locking overhead because it is thread safe. Its thread-safety is rarely needed. - Solution: Replace StringBuffer by StringBuilder. (jpinpoint-rules) - 3 - - - - - - - - - - A String to be logged is built unconditionally. Problem: String building, concatenation and/or other operations happen before the debug, trace or info method executes, so independent of the need to actually log. Concatenation is relatively expensive. - Solution: Build the String conditionally on the log level, within an if statement. - (jpinpoint-rules) - 2 - - - - - - - - - - The XPathExpression targets a wide scope since it starts with '//'. Problem: XPath has to search in a wide scope for occurrences, this may take a while. - Solution: 1. Avoid XPath usage. 2. Make the scope as narrow as possible, do not start with '//'. - (jpinpoint-rules) - 2 - - - - - - - - - - Problem: XMLGregorianCalendar is a large object, involving substantial processing. It is created with the poorly performing DatatypeFactory. - Solution: Add a converter for alternative date handling with joda-time or Java 8 java.time. - (jpinpoint-rules) - 2 - - - - - - - - - - - XPathAPI is used. Problem: XPathAPI implementation is slow. - Solution: 1. try to avoid using XPathAPI. 2. improve performance by using jvm parameters and possibly CachedXPathAPI. - (jpinpoint-rules) - 2 - - - - - - - - - - XPath is used. Problem: XPath implementation is slow. - Solution: 1. avoid using XPath. 2. improve performance by using jvm parameters and possibly Cached XPath API. - (jpinpoint-rules) - 3 - - - - - - - - - - Problem: NTLM authenticated connections and SSL/TLS connections with client certificate authentication are stateful: they have a specific user identity/security context per session. If HttpClients have enabled connection state tracking which is the default, established TLS connections will not be reused because it is assumed that the user identity or security context may differ. - Then performance will suffer due to a full TLS handshake for each request. - Solution: HttpClients should disable connection state tracking in order to reuse TLS connections, since service calls for one pool have the same user identity/security context for all sessions. (jpinpoint-rules) - 2 - - - - - - - - - - - - Problem: If equals and hashCode are not defined, they don't meet the programmer's expectations and the requirements for use with the collections API. It may result in unexpected, undesired behavior. - Solution: Add proper equals and hashCode methods that meet the equals-hashCode contract to all objects which might anyhow be put in a Map, Set or other collection. If the object should never be checked for equality or used in a collection, also add those methods and let them throw UnsupportedOperationException to fail fast. @Xml... and @Entity objects are ignored because they are assumed to be not used as value objects. - (jpinpoint-rules) - - - - - 3 or starts-with(@Image, 'is') and string-length(@Image) > 2] -[../ResultType/Type/ReferenceType/ClassOrInterfaceType/@Image = -ancestor::ClassOrInterfaceBody/ClassOrInterfaceBodyDeclaration/FieldDeclaration[@Static='false']/Type/ReferenceType/ClassOrInterfaceType/@Image] -) -and -(not ( -ancestor::ClassOrInterfaceBody//MethodDeclaration[@Public='true' and @Static='false']/MethodDeclarator[@Image='equals' or @Image='hashCode']) -) -and -((ancestor::ClassOrInterfaceBody//MethodDeclaration[@Public='true' and @Static='false']/MethodDeclarator/@Image='toString' -and -count(ancestor::ClassOrInterfaceBody/ClassOrInterfaceBodyDeclaration/FieldDeclaration[@Static='false']) <= -(1 + count(ancestor::ClassOrInterfaceBody/ClassOrInterfaceBodyDeclaration/MethodDeclaration -[@Public='true' and @Static='false']/MethodDeclarator[starts-with(@Image, 'get') and string-length(@Image) > 3 or starts-with(@Image, 'is') and string-length(@Image) > 2])) -) -or -ancestor::ClassOrInterfaceDeclaration[ends-with(@Image, 'Dto')] -or -count(ancestor::ClassOrInterfaceBody/ClassOrInterfaceBodyDeclaration/FieldDeclaration[@Static='false']) = -count(ancestor::ClassOrInterfaceBody/ClassOrInterfaceBodyDeclaration/MethodDeclaration -[@Public='true' and @Static='false']/MethodDeclarator[starts-with(@Image, 'get') and string-length(@Image) > 3 or starts-with(@Image, 'is') and string-length(@Image) > 2]) -)] -] -]]> - - - - 3 - - - - Problem: JAXBContext creation is expensive because it does much class loading. - Solution: Since JAXBContext objects are thread safe, they can be shared between requests and reused. So, reuse created instances, e.g. as singletons. - (jpinpoint-rules) - 2 - - - - - - - - - - - MDC values are added for logging, but not removed. Problem: MDC values can leak to other user transactions (requests) and log incorrect information. Solution: remove the MDC value in a finally clause. - (jpinpoint-rules) - - - - - - - - - 2 - - - - An attribute is set in the session and not removed. Problem: This may be a large object and data in the sessions takes heap space and stay in the session until time-out. This may take substantial heap space. - Solution: remove the attribute if not really needed in the session, remove it from the session as soon as possible. Alternatively, use render parameters. - (jpinpoint-rules) - 2 - - - - - - - - - - Problem: Jackson ObjectMapper creation is expensive because it does much class loading. - Solution: Since ObjectMapper objects are thread-safe after configuration in one thread, they can be shared afterwards between requests and reused. So, reuse created instances, from a static field. - (jpinpoint-rules) - 2 - - - - - - - - - - Problem: String concatenation (+) is executed regardless of log level and can be expensive. - Solution: Use SLF4J formatting with {}-placeholders or log and format conditionally. (jpinpoint-rules) - 2 - - - - - - - - - - Problem: An operation is executed regardless of log level. This could be much processing while the result is typically not used. Detected are obj.toString() and operations with one or more arguments except usually cheap obj.get(arg). - Solution: Execute the operation only conditionally and utilize SLF4J formatting with {}-placeholders. (jpinpoint-rules) - 2 - - - - - - - - - - - - - - (Informative) Problem: This rule detects problems, suppressing them without full knowledge can lead to the problems this rule is trying to prevent. - Solution: Suppress warnings judiciously based on full knowledge and report reasons to suppress (false positives) to the rule maintainers so these can be fixed. (jpinpoint-rules) - 4 - - - - - - - - - - - - - (Informative) Problem: This rule detects high risk problems, suppressing them without full knowledge can lead to incidents like customer data mix-up, corrupt data, server crashes or very bad performance. - Solution: Suppress warnings judiciously based on full knowledge and report reasons to suppress (false positives) to the rule maintainers so these can be fixed. (jpinpoint-rules) - 4 - - - - - - - - - - - - - - - - Problem: Use of FileItem.get and FileItem.getString could exhaust memory since they load the entire file into memory - Solution: Use streaming methods and buffering. - (jpinpoint-rules) - 2 - - - - - - - - - - - - - - - Problem: A Calendar is a heavyweight object and expensive to create. - Solution: Use 'new Date()', Java 8+ java.time.[Local/Zoned]DateTime.now() or joda time '[Local]DateTime.now()'. - (jpinpoint-rules) - 2 - - - - 2 and ../PrimarySuffix[last()-1][@Image = 'getTime' or @Image='getTimeInMillis']] -| -//Block/BlockStatement//Expression/PrimaryExpression/ -PrimaryPrefix/Name[typeIs('java.util.Calendar') and (ends-with(@Image,'.getTime') or ends-with(@Image,'.getTimeInMillis'))] -| -//ClassOrInterfaceType[typeIs('org.joda.time.DateTime') or typeIs('org.joda.time.LocalDateTime')][../Arguments/ArgumentList/Expression/PrimaryExpression/PrimaryPrefix/Name[ends-with(@Image, 'Calendar.getInstance')]] - ]]> - - - - - - - - - Concatenation of Strings is used inside an StringBuilder.append argument. Problem: Each statement with one or more +-operators creates a hidden temporary StringBuilder, a char[] and a new String object, which all have to be garbage collected. - Solution: Use an extra fluent append instead of concatenation. - (jpinpoint-rules) - 2 - - - - 0) -and not(PrimaryExpression/PrimaryPrefix/Name/@Image= -ancestor::ClassOrInterfaceBody//FieldDeclaration[@Final='true']//VariableDeclaratorId/@Image) -and not(PrimaryExpression/PrimaryPrefix/Name/@Image= -ancestor::Block//LocalVariableDeclaration[@Final='true']//VariableDeclaratorId/@Image) -]] - ]]> - - - - - - - - - A String is built in a loop by concatenation. Problem: Each statement with one or more +-operators creates a hidden temporary StringBuilder, a char[] and a new String object, which all have to be garbage collected. - Solution: Use the StringBuilder append method. - (jpinpoint-rules) - 2 - - - - - - - - - values = Arrays.asList("tic ", "tac ", "toe "); - for (String val : values) { - log += val; - } - return log; - } - - private String good(String arg) { - StringBuilder sb = new StringBuilder(); - List values = Arrays.asList("tic ", "tac ", "toe "); - for (String val : values) { - sb.append(val); - } - return sb.toString(); - } -} - ]]> - - - - - - - - Problem: take() stalls indefinitely in case of hanging threads and consumes a thread. - Solution: use poll() with a timeout value and handle the timeout. - (jpinpoint-rules) - 2 - - - - - - - - - - - - - Problem: Stalls indefinitely in case of hanging threads and consumes a thread. - Solution: Provide a timeout value and handle the timeout. - (jpinpoint-rules) - 2 - - - - - - - - - - complFuture) throws Exception { - return complFuture.get(); // bad - } - - public static String good(CompletableFuture complFuture) throws Exception { - return complFuture.get(10, TimeUnit.SECONDS); // good - } - ]]> - - - - - - Problem: Multiple threads typically access static fields. Unguarded assignment to a mutable or non-final static field is thread-unsafe and may cause corruption or visibility problems. To make this thread-safe, that is, guard the field e.g. with synchronized methods, may cause contention. - Solution: Make the fields final and unmodifiable. If they really need to be mutable, make access thread-safe: use synchronized and @GuardedBy or use volatile. Consider lock contention. - (jpinpoint-rules) - 2 - - - - - 0])) - and not (ancestor::ClassOrInterfaceBodyDeclaration/Annotation//Name[@Image='GuardedBy']) -]) -, -(: static field, non-guarded, some often used known collection/array types, allocation side:) -(//ClassOrInterfaceDeclaration/ClassOrInterfaceBody/ClassOrInterfaceBodyDeclaration/FieldDeclaration[@Static=true() and not (../Annotation//Name[@Image='GuardedBy'])]/ -VariableDeclarator/VariableInitializer[((ArrayInitializer and count(ArrayInitializer/VariableInitializer) > 0) -or Expression/PrimaryExpression/PrimaryPrefix/AllocationExpression[ArrayDimsAndInits and xs:int(ArrayDimsAndInits and (xs:int(ArrayDimsAndInits/Expression//Literal/@Image) > 0 or ArrayDimsAndInits/Expression//Name))] -or Expression/PrimaryExpression/PrimaryPrefix/AllocationExpression[(pmd-java:typeIs('java.util.ArrayList') or pmd-java:typeIs('java.util.HashMap') or pmd-java:typeIs('java.util.HashSet'))] -or Expression/PrimaryExpression/PrimaryPrefix/Name[@Image='Arrays.asList'] -)]) -, -(: static-block allocations of non-empty arrays :) -//Initializer//AllocationExpression[((ArrayDimsAndInits and ((xs:int(ArrayDimsAndInits/Expression//Literal/@Image) > 0) or exists(ArrayDimsAndInits/Expression//Name) or exists(ArrayDimsAndInits/ArrayInitializer//Expression))) -or -(: static-block allocations of known mutable types :) -ClassOrInterfaceType[pmd-java:typeIs('java.util.ArrayList') or pmd-java:typeIs('java.util.HashMap') or pmd-java:typeIs('java.util.HashSet')]) -and -(: given the field is not @GuardedBy :) -ancestor::StatementExpression/PrimaryExpression/PrimaryPrefix/Name/@Image = ancestor::ClassOrInterfaceBody/ClassOrInterfaceBodyDeclaration[count(Annotation//Name[@Image='GuardedBy']) = 0]/FieldDeclaration//VariableDeclaratorId/@Image -] -]]> - - - - - - - Problem: JAXB Marshaller, Unmarshaller and Validator are not thread-safe. - Solution: Create a new instance every time you need to marshall, unmarshall or validate a document. - (jpinpoint-rules) - 1 - - - - - - - - - - - Problem: Multiple threads typically access fields of an object using synchronized. Unguarded assignment to a non-final field is thread-unsafe and may cause corruption or visibility problems. To make this thread-safe, that is, guard the field e.g. with synchronized methods, may cause contention. - Solution: Make the fields final and unmodifiable. If they really need to be mutable, make access thread-safe: use synchronized and jcip @GuardedBy or use volatile. - Notes - 1. In case you are sure the class is used in single threaded context only, remove current use of synchronized and annotate the class with @NotThreadSafe to make this explicit. - 2. Use package-private and @VisibleForTesting for methods (e.g. setters) used for JUnit only. - (jpinpoint-rules) - 2 - - - - - - - - - - - - - Problem: Multiple threads typically access fields of a singleton or may access fields in session scoped objects. Unguarded assignment to a non-final field is thread-unsafe and may cause corruption or visibility problems. To make this thread-safe, that is, guard the field e.g. with synchronized methods, may cause contention. - Solution: Make the fields final and unmodifiable. If they really need to be mutable, make access thread-safe: use synchronized and jcip @GuardedBy or use volatile. - Notes - 1. Autowiring/injection is thread safe, yet make sure no other thread-unsafe assignment is made to that field. - 2. In case you are sure the Component is used in single threaded context only (e.g. a Tasklet), annotate the class with @NotThreadSafe to make this explicit. - 3. Use package-private and @VisibleForTesting for methods (e.g. setters) used for JUnit only. - (jpinpoint-rules) - 2 - - - - - - - - - - - - - Problem: Multiple threads typically access fields of an object using synchronized. If a field or its reference is mutable, access is thread-unsafe and may cause corruption or visibility problems. To make this thread-safe, that is, guard the field e.g. with synchronized methods, may cause contention. - Solution: Make the fields final and unmodifiable. If they really need to be mutable, make access thread-safe: use synchronized and jcip @GuardedBy or use volatile. - Notes - 1. Instances of Date, StringBuilder, URL and File are examples of mutable objects and should be avoided (or else guarded) as fields of shared objects. In case mutable fields are final and not modified after initialization (read-only) they are thread safe, however any modification to it is thread-unsafe. Since field modification is easily coded, avoid this situation. - 2. Instances of classes like ArrayList, HashMap and HashSet are also mutable and should be properly wrapped with e.g. Collections.unmodifiableList after initialization (see TUTC03), or accessed thread-safely with e.g. Collections.synchronizedList or thread-safe implementations like ConcurrentHashMap. - 3. Autowiring/injection is thread safe, yet make sure no other thread-unsafe assignment is made to that field. - 4. In case you are sure the class is used in single threaded context only, annotate the class with @NotThreadSafe to make this explicit. - 5. Use package private and @VisibleForTesting for methods used for JUnit only. - (jpinpoint-rules) - 3 - - - - - 0])]) -(: or in-line allocation of known mutable collection types :) -or (VariableDeclarator/VariableInitializer/Expression/PrimaryExpression/PrimaryPrefix/AllocationExpression/ClassOrInterfaceType[pmd-java:typeIs('java.util.ArrayList') or pmd-java:typeIs('java.util.HashMap') or pmd-java:typeIs('java.util.HashSet')] ) -(: or in-constructor allocation of known mutable collection types :) -or (VariableDeclarator/VariableDeclaratorId/@Image = ancestor::ClassOrInterfaceBody//ConstructorDeclaration//StatementExpression/Expression[pmd-java:typeIs('java.util.ArrayList') or pmd-java:typeIs('java.util.HashMap') or pmd-java:typeIs('java.util.HashSet')]/../..//Name/@Image) -(: mutable types not annotated with GuardedBy :) -) and not (../Annotation//Name[@Image='GuardedBy']) -] -]]> - - - - - - - - Problem: Multiple threads typically access fields of a singleton or may access fields in session scoped objects. If a field or its reference is mutable, access is thread-unsafe and may cause corruption or visibility problems. To make this thread-safe, that is, guard the field e.g. with synchronized methods, may cause contention. - Solution: Make the fields final and unmodifiable. If they really need to be mutable, make access thread-safe: use synchronized and jcip @GuardedBy or use volatile. - Notes - 1. Instances of Date, StringBuilder, URL and File are examples of mutable objects and should be avoided (or else guarded) as fields of shared objects. In case mutable fields are final and not modified after initialization (read-only) they are thread safe, however any modification to it is thread-unsafe. Since field modification is easily coded, avoid this situation. - 2. Instances of classes like ArrayList, HashMap and HashSet are also mutable and should be properly wrapped with e.g. Collections.unmodifiableList after initialization (see TUTC03), or accessed thread-safely with e.g. Collections.synchronizedList or thread-safe implementations like ConcurrentHashMap. - 3. Autowiring/injection is thread safe, yet make sure no other thread-unsafe assignment is made to that field. - 4. In case you are sure the Component is used in single threaded context only (e.g. a Tasklet), annotate the class with @NotThreadSafe to make this explicit. - 5. Use package private and @VisibleForTesting for methods used for JUnit only. - (jpinpoint-rules) - 2 - - - - - 0])]) -(: or in-line allocation of known mutable collection types :) -or (VariableDeclarator/VariableInitializer/Expression/PrimaryExpression/PrimaryPrefix/AllocationExpression[pmd-java:typeIs('java.util.ArrayList') or pmd-java:typeIs('java.util.HashMap') or pmd-java:typeIs('java.util.HashSet')] ) -(: or in-constructor allocation of known mutable collection types :) -or (VariableDeclarator/VariableDeclaratorId/@Image = ancestor::ClassOrInterfaceBody//ConstructorDeclaration//StatementExpression/Expression[pmd-java:typeIs('java.util.ArrayList') or pmd-java:typeIs('java.util.HashMap') or pmd-java:typeIs('java.util.HashSet')]/../..//Name/@Image) -(: not annotated GuardedBy :) -) -and not (../Annotation//Name[@Image='GuardedBy']) -] -]]> - - - - - - - - Problem: The field to which this annotation is applied should only be accessed when holding the built-in 'this' lock by using synchronized. - Solution: Make access thread-safe: synchronize access by method modifier or a synchronized(this) block. - Note that methods with annotations @Autowired, @PostConstruct, @BeforeStep, @Value and @Inject are ignored. - (jpinpoint-rules) - 3 - - - - - - - - - - - - - - - - - Spring Expression Language (SpEL) expression is used for computing the key dynamically. Problem: evaluating the expression language is expensive, on every call. - Solution: use a custom KeyGenerator: keyGenerator=... instead of key=... - (jpinpoint-rules) - 2 - - - - - - - - - - - - - - Improper combination of annotations. Problem: these annotations are not meant to be combined and may cause unexpected and unwanted behavior. - Solution: remove the inappropriate annotation. - Don't combine 2+ of [@Component, @Service, @Configuration, @Controller, @Repository, @Entity] (Spring/JPA) - Don't combine [@Data with @Value] and [@Data or @Value] with any of [@ToString, @EqualsHashCode, @Getter, @Setter, @RequiredArgsConstructor] (Lombok) - (jpinpoint-rules) - 2 - - - - 1] -| -//ClassOrInterfaceBodyDeclaration[count(./Annotation/MarkerAnnotation/Name[@Image='Component' or @Image='Service' or @Image='Configuration' or @Image='Controller' or @Image='Repository' or @Image='Entity']) > 1] -| -//TypeDeclaration[count(./Annotation/MarkerAnnotation/Name[@Image='Data' or @Image='Value']) > 1] -| -//ClassOrInterfaceBodyDeclaration[count(./Annotation/MarkerAnnotation/Name[@Image='Data' or @Image='Value']) > 1] -| -//TypeDeclaration[./Annotation/MarkerAnnotation/Name[@Image='Data' or @Image='Value'] and ./Annotation/MarkerAnnotation/Name[@Image='ToString' or @Image='EqualsAndHashCode' or @Image='Getter' or @Image='Setter' or @Image='RequiredArgsConstructor']] -| -//ClassOrInterfaceBodyDeclaration[./Annotation/MarkerAnnotation/Name[@Image='Data' or @Image='Value'] and ./Annotation/MarkerAnnotation/Name[@Image='ToString' or @Image='EqualsAndHashCode' or @Image='Getter' or @Image='Setter' or @Image='RequiredArgsConstructor']] - ]]> - - - - - - - Problem: ModelMaps are rather large objects containing explicitly added data and administrative data from Spring. They are added to the Portlet session implicitly. They stay in the session for some time: during session activity and 30 minutes (HTTP timeout) after it, in case the user does not exit explicitly. They occupy heap space during that time, for every user. - Solution: Remove the ModelMap from the render method parameter list and create a new local ModelMap to use in the render request scope. - (jpinpoint-rules) - 2 - - - - - - - - - - - Problem: When a XXXApplicationContext is created, all Spring beans are initialized, wired and component scanning may take place. Component scanning involves extensive class path scanning which is expensive. - Solution: Create the ApplicationContext only once in the application deployed/live time. - (jpinpoint-rules) - - - - - - - - - 2 - - - - Avoid to return an additive expression for a Spring Controller because it may cause a MemoryLeak. - Each new value returned will create a new entry in the View Cache. - Also avoid to return a ModelAndView object created using non-static and non-final methods because it may - cause a MemoryLeak. - Solution: Although multiple solutions exist you can make use of model attributes icw a redirectUrl like - redirect:/redirectUrl?someAttribute={someAttribute}.(jpinpoint-rules) - 2 - - - - - - - - - - - Problem: Multiple threads typically access fields of a singleton or may access fields in session scoped objects. If a field or its reference is mutable, non-autowired access is thread-unsafe and may cause corruption or visibility problems. To make this thread-safe, that is, guard the field e.g. with synchronized methods, may cause contention. - Solution: Make the fields final and unmodifiable to defend against mutation. If they really need to be mutable (which is strange for autowired fields), make access thread-safe. Thread-safety can be achieved e.g. by proper synchronization and use the @GuardedBy annotation or use of volatile. - Notes - 1. Autowiring/injection is thread safe, yet make sure no other thread-unsafe assignment is made to that field. - 2. In case you are sure the Component is used in single threaded context only (e.g. a Tasklet), annotate the class with @NotThreadSafe to make this explicit. - 3. Use package-private and @VisibleForTesting for methods (e.g. setters) used for JUnit only. - (jpinpoint-rules) - 4 - - - - - - - - - - - - A ModelMap is used in an action method typically for form validation and not cleared. Problem: the ModelMap is put in the session by Spring. This is typically a large object which may bloat the session. - Solution: clear the ModelMap right after the validation in the happy flow. - (jpinpoint-rules) - 2 - - - - - - - - - - - - - Problem: if huge numbers of result rows are fetched these are all stored in memory and this may introduce long gc times and out of memory risk. - Solution: Set fetch size to 100 maximally. Only set it higher than 100 yet still max 500, if you are sure there is only little data returned per row, like 3 rather short columns. - (jpinpoint-rules) - - - - - 500]]] -| -//MethodDeclaration//PrimaryExpression[PrimaryPrefix/Name[ends-with(@Image, '.setFetchSize')] -[ancestor::PrimaryExpression/PrimarySuffix/Arguments/ArgumentList/Expression/PrimaryExpression/PrimaryPrefix/Name[@Image = -ancestor::ClassOrInterfaceBody//VariableDeclarator/VariableDeclaratorId/@Image -[ancestor::VariableDeclarator/VariableInitializer/Expression/PrimaryExpression/PrimaryPrefix/Literal[@Image > 500]]]]] -]]> - - - - 2 - - - - - Problem: Time is taken by the unnecessary roundtrip(s). Unnecessary work is performed. - Solution: Execute the query only once. - (jpinpoint-rules) - - - - - 1]] -]]> - - - - 2 - - - - - Problem: The number of values for the IN-argument list is limited, in Oracle to 1000. An error occurs when exceeding this limit. Additionally, a large IN list takes much time to transport to the database and be parsed. Moreover, each number of IN values used in a query results in a separate cache entry in e.g. the Prepared Statement Cache of the application server and in the Hibernate Query Plan Cache, resulting in higher memory usage and/or low cache hit ratio. - Solution: Rewrite the query by replacing the IN-argument list by a sub query using the criteria used to fetch the IN arguments. Or often even better performing, an inner join using these criteria (depending on indexes etc. - recommended to test to be sure.) This way, the select and update are combined into one, which will also save one roundtrip. - (jpinpoint-rules) - - - - - - - - - 2 - - - - \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index b0e63fe82..000000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -FROM eclipse-temurin:17_35-jdk-focal - -RUN apt-get update -RUN useradd -ms /bin/bash webgoat -RUN apt-get -y install apt-utils nginx -RUN chgrp -R 0 /home/webgoat -RUN chmod -R g=u /home/webgoat - -USER webgoat - -COPY --chown=webgoat nginx.conf /etc/nginx/nginx.conf -COPY --chown=webgoat index.html /usr/share/nginx/html/ -COPY --chown=webgoat target/webgoat-server-*.jar /home/webgoat/webgoat.jar -COPY --chown=webgoat target/webwolf-*.jar /home/webgoat/webwolf.jar -COPY --chown=webgoat start.sh /home/webgoat -RUN chmod +x /home/webgoat/start.sh - -EXPOSE 8080 -EXPOSE 9090 - -WORKDIR /home/webgoat -ENTRYPOINT ["./start.sh"] diff --git a/docker/Readme.md b/docker/Readme.md deleted file mode 100644 index 7d0831655..000000000 --- a/docker/Readme.md +++ /dev/null @@ -1,13 +0,0 @@ -# Docker all-in-one image - -## Docker build - -```shell -docker build --no-cache --build-arg webgoat_version=8.2.0-SNAPSHOT -t webgoat/goatandwolf:latest . -``` - -## Docker run - -```shell -docker run -p 127.0.0.1:80:8888 -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amsterdam webgoat/goatandwolf:latest -``` \ No newline at end of file diff --git a/docker/index.html b/docker/index.html deleted file mode 100644 index 43d3457f0..000000000 --- a/docker/index.html +++ /dev/null @@ -1,70 +0,0 @@ - - - - - - - - - -

-
- Landing page for WebGoat and WebWolf -
-

-
- WebGoat is a deliberately insecure web application maintained by OWASP designed - to teach web - application security lessons. - - This program is a demonstration of common server-side application flaws. The - exercises are intended to be used by people to learn about application security and - penetration testing techniques. -
- -
- -

Click on one of the images to go to WebGoat or WebWolf

- -
-
- -
- - -
- - - diff --git a/docker/nginx.conf b/docker/nginx.conf deleted file mode 100644 index 1ca404260..000000000 --- a/docker/nginx.conf +++ /dev/null @@ -1,140 +0,0 @@ -error_log /tmp/error.log; -pid /tmp/nginx.pid; - -worker_processes 1; - -events { worker_connections 1024; } - -http { - - client_body_temp_path /tmp/client_body; - fastcgi_temp_path /tmp/fastcgi_temp; - proxy_temp_path /tmp/proxy_temp; - scgi_temp_path /tmp/scgi_temp; - uwsgi_temp_path /tmp/uwsgi_temp; - - sendfile on; - - upstream docker-webgoat { - server 127.0.0.1:8080; - } - - upstream docker-webwolf { - server 127.0.0.1:9090; - } - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $server_name; - - server { - listen 8888; - server_name www.webgoat.local; - - root /var/www; - - access_log /tmp/goataccess.log; - error_log /tmp/goaterror.log; - - location ~* \.(png|jpg|jpeg|gif|ico|woff|otf|ttf|mvc|svg|txt|pdf|docx?|xlsx?)$ { - access_log off; - proxy_pass http://docker-webgoat; - proxy_redirect off; - } - - location / { - root /usr/share/nginx/html; - index index.html; - add_header Cache-Control no-cache; - expires 0; - } - - location /WebGoat { - proxy_pass http://docker-webgoat; - proxy_redirect off; - } - - } - - server { - listen 8888; - server_name www.webwolf.local; - - root /var/www; - - access_log /tmp/wolfaccess.log; - error_log /tmp/wolferror.log; - - location /WebGoat/PasswordReset/ForgotPassword/create-password-reset-link { - proxy_pass http://docker-webgoat; - proxy_redirect off; - } - - location /PasswordReset/reset/reset-password { - proxy_pass http://docker-webwolf; - proxy_redirect off; - } - - location /files { - proxy_pass http://docker-webwolf; - proxy_redirect off; - } - - location /tmpdir { - proxy_pass http://docker-webwolf; - proxy_redirect off; - } - - location /webjars { - proxy_pass http://docker-webwolf; - proxy_redirect off; - } - - location /css { - proxy_pass http://docker-webwolf; - proxy_redirect off; - } - - location /login { - proxy_pass http://docker-webwolf; - proxy_redirect off; - } - - location /images { - proxy_pass http://docker-webwolf; - proxy_redirect off; - } - - location /mail { - proxy_pass http://docker-webwolf; - proxy_redirect off; - } - - location /upload { - proxy_pass http://docker-webwolf; - proxy_redirect off; - } - - location /js { - proxy_pass http://docker-webwolf; - proxy_redirect off; - } - - location /landing { - proxy_pass http://docker-webwolf; - proxy_redirect off; - } - - location /logout { - proxy_pass http://docker-webwolf; - proxy_redirect off; - } - - location /WebWolf { - proxy_pass http://docker-webwolf; - proxy_redirect off; - } - - } -} diff --git a/docker/pom.xml b/docker/pom.xml deleted file mode 100644 index 8bb17f6a3..000000000 --- a/docker/pom.xml +++ /dev/null @@ -1,40 +0,0 @@ - - 4.0.0 - webgoat-all-in-one-docker - jar - - org.owasp.webgoat - webgoat-parent - 8.2.3-SNAPSHOT - - - - - - - - - - org.apache.maven.plugins - maven-antrun-plugin - 3.0.0 - - - install - - - - - - - - run - - - - - - - - diff --git a/docs/README.md b/docs/README.md index dde40936b..ec3085b27 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,5 +1,5 @@ # WebGoat landing page -Old Github page which now redirects to OWASP website. +Old GitHub page which now redirects to OWASP website. diff --git a/mvn-debug b/mvn-debug index 066900f60..422467b12 100755 --- a/mvn-debug +++ b/mvn-debug @@ -1,2 +1,2 @@ export MAVEN_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000" -mvn $@ +./mvnw $@ diff --git a/pom.xml b/pom.xml index 0cf890ec0..172788d01 100644 --- a/pom.xml +++ b/pom.xml @@ -4,33 +4,30 @@ 4.0.0 org.owasp.webgoat - webgoat-parent - pom + webgoat + jar 8.2.3-SNAPSHOT org.springframework.boot spring-boot-starter-parent - 2.6.1 + 2.6.2 - WebGoat Parent Pom - Parent Pom for the WebGoat Project. A deliberately insecure Web Application + WebGoat + WebGoat, a deliberately insecure Web Application 2006 https://github.com/WebGoat/WebGoat - OWASP https://github.com/WebGoat/WebGoat/ - GNU General Public License, version 2 https://www.gnu.org/licenses/gpl-2.0.txt - mayhew64 @@ -117,150 +114,227 @@ UTF-8 17 17 + 17 + 8080 + 9090 + 1.6.5 2.5.2 + 3.3.7 + 2.2 + 3.1.2 3.2.1 3.12.0 2.6 + 1.9 30.1-jre - 2.27.2 + 0.9.1 + 0.7.6 + 1.14.3 + 3.5.1 3.8.0 2.22.0 3.1.2 3.1.1 3.1.0 3.0.0-M5 - 17 - 3.0.14.RELEASE 3.15.0 - 3.1.2 + 3.0.14.RELEASE + 4.3.1 + 2.27.2 + 1.2 + 1.4.5 + 1.5.2 - - webgoat-container - webgoat-lessons - webgoat-server - webwolf - webgoat-integration-tests - docker - - - - - - org.springframework.boot - spring-boot-starter-validation - - - org.projectlombok - lombok - provided - true - - - org.apache.commons - commons-exec - 1.3 - - - javax.xml.bind - jaxb-api - - - - - - - org.codehaus.mojo - flatten-maven-plugin - 1.2.5 - - - - - flatten - process-resources - - flatten - - - - - - org.apache.maven.plugins - maven-compiler-plugin - ${maven-compiler-plugin.version} - - 15 - 15 - UTF-8 - - - - org.apache.maven.plugins - maven-checkstyle-plugin - ${checkstyle.version} - - UTF-8 - true - true - config/checkstyle/checkstyle.xml - config/checkstyle/suppressions.xml - checkstyle.suppressions.file - - - - org.apache.maven.plugins - maven-pmd-plugin - ${pmd.version} - - ${maven.compiler.target} - 1 - - - - ${maven.multiModuleProjectDirectory}/config/pmd/pmd-ruleset.xml - - true - true - - - - - check - - - - - - org.apache.maven.plugins - maven-enforcer-plugin - 3.0.0 - - - restrict-log4j-versions - validate - - enforce - - - - - - org.apache.logging.log4j:log4j-core - - - - true - - - - - - + + + + org.apache.commons + commons-exec + 1.3 + + + org.asciidoctor + asciidoctorj + ${asciidoctorj.version} + + + + org.jsoup + jsoup + ${jsoup.version} + + + com.nulab-inc + zxcvbn + ${zxcvbn.version} + + + com.thoughtworks.xstream + xstream + ${xstream.version} + + + cglib + cglib-nodep + ${cglib.version} + + + ant + ant-launcher + ${ant.version} + + + ant + ant + ${ant.version} + + + xml-resolver + xml-resolver + ${xml-resolver.version} + + + io.jsonwebtoken + jjwt + ${jjwt.version} + + + com.google.guava + guava + ${guava.version} + + + commons-io + commons-io + ${commons-io.version} + + + org.apache.commons + commons-text + ${commons-text.version} + + + org.bitbucket.b_c + jose4j + ${jose4j.version} + + + org.webjars + bootstrap + ${bootstrap.version} + + + org.webjars + jquery + ${jquery.version} + + + com.github.tomakehurst + wiremock + ${wiremock.version} + + + io.github.bonigarcia + webdrivermanager + ${webdriver.version} + + + + + local-server + + + start-server + + true + + + + + org.codehaus.mojo + build-helper-maven-plugin + + + reserve-container-port + + reserve-network-port + + process-resources + + + webgoat.port + webwolf.port + jmxPort + + + + + + + com.bazaarvoice.maven.plugins + process-exec-maven-plugin + 0.9 + + + start-jar + pre-integration-test + + start + + + + + java + -jar + -Dlogging.pattern.console= + -Dspring.main.banner-mode=off + -Dspring.datasource.url=jdbc:hsqldb:file:${java.io.tmpdir}/webgoat + + -Dwebgoat.port=${webgoat.port} + -Dwebwolf.port=${webwolf.port} + --add-opens + java.base/java.lang=ALL-UNNAMED + --add-opens + java.base/java.util=ALL-UNNAMED + --add-opens + java.base/java.lang.reflect=ALL-UNNAMED + --add-opens + java.base/java.text=ALL-UNNAMED + --add-opens + java.desktop/java.beans=ALL-UNNAMED + --add-opens + java.desktop/java.awt.font=ALL-UNNAMED + --add-opens + java.base/sun.nio.ch=ALL-UNNAMED + --add-opens + java.base/java.io=ALL-UNNAMED + --add-opens + java.base/java.util=ALL-UNNAMED + + ${project.build.directory}/webgoat-${project.version}.jar + + + false + http://localhost:${webgoat.port}/WebGoat/ + + + + stop-jar-process + post-integration-test + + stop-all + + + + + + + owasp @@ -296,6 +370,297 @@ + + + + org.apache.commons + commons-exec + + + org.springframework.boot + spring-boot-starter-validation + + + org.projectlombok + lombok + provided + true + + + javax.xml.bind + jaxb-api + + + org.springframework.boot + spring-boot-starter-undertow + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.boot + spring-boot-starter-tomcat + + + + + org.springframework.boot + spring-boot-starter-actuator + + + org.flywaydb + flyway-core + + + org.asciidoctor + asciidoctorj + + + org.springframework.boot + spring-boot-starter-data-jpa + + + org.springframework.boot + spring-boot-starter-security + + + org.springframework.boot + spring-boot-starter-thymeleaf + + + org.thymeleaf.extras + thymeleaf-extras-springsecurity5 + + + org.hsqldb + hsqldb + + + org.jsoup + jsoup + + + com.nulab-inc + zxcvbn + + + com.thoughtworks.xstream + xstream + + + cglib + cglib-nodep + + + ant + ant-launcher + + + ant + ant + + + xml-resolver + xml-resolver + + + io.jsonwebtoken + jjwt + + + com.google.guava + guava + + + commons-io + commons-io + + + org.apache.commons + commons-lang3 + + + org.apache.commons + commons-text + + + org.bitbucket.b_c + jose4j + + + org.webjars + bootstrap + + + org.webjars + jquery + + + org.glassfish.jaxb + jaxb-runtime + + + + org.springframework.boot + spring-boot-starter-test + test + + + org.springframework.security + spring-security-test + test + + + com.github.tomakehurst + wiremock + test + + + org.seleniumhq.selenium + selenium-java + test + + + io.rest-assured + rest-assured + test + + + io.github.bonigarcia + webdrivermanager + test + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + repackage + + + + + true + true + org.owasp.webgoat.server.StartWebGoat + + + + org.asciidoctor + asciidoctorj + + + org.jruby + jruby-complete + + + + + + + + + org.codehaus.mojo + build-helper-maven-plugin + + + add-integration-test-source-as-test-sources + generate-test-sources + + add-test-source + + + + src/it/java + + + + + + + org.apache.maven.plugins + maven-failsafe-plugin + + + ${basedir}/src/test/resources/logback-test.xml + + -Xmx512m -Dwebgoatport=${webgoat.port} -Dwebwolfport=${webwolf.port} + **/*IntegrationTest.java + + + + integration-test + + integration-test + + + + verify + + verify + + + + + + org.apache.maven.plugins + maven-surefire-plugin + ${maven-surefire-plugin.version} + + + --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED --add-opens java.base/java.text=ALL-UNNAMED --add-opens java.desktop/java.awt.font=ALL-UNNAMED + + + **/*IntegrationTest.java + + + + + org.apache.maven.plugins + maven-checkstyle-plugin + ${checkstyle.version} + + UTF-8 + true + true + config/checkstyle/checkstyle.xml + config/checkstyle/suppressions.xml + checkstyle.suppressions.file + + + + org.apache.maven.plugins + maven-enforcer-plugin + 3.0.0 + + + restrict-log4j-versions + validate + + enforce + + + + + + org.apache.logging.log4j:log4j-core + + + + true + + + + + + + central @@ -315,5 +680,4 @@ - diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/AccessControlTest.java b/src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java similarity index 92% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/AccessControlTest.java rename to src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java index cc51704b2..d57661f9a 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/AccessControlTest.java +++ b/src/it/java/org/owasp/webgoat/AccessControlIntegrationTest.java @@ -6,14 +6,13 @@ import io.restassured.http.ContentType; import org.apache.http.HttpStatus; import org.junit.jupiter.api.Test; -import java.util.HashMap; import java.util.Map; -public class AccessControlTest extends IntegrationTest { +class AccessControlIntegrationTest extends IntegrationTest { @Test - public void testLesson() { - startLesson("MissingFunctionAC"); + void testLesson() { + startLesson("MissingFunctionAC", true); assignment1(); assignment2(); assignment3(); @@ -41,7 +40,7 @@ public class AccessControlTest extends IntegrationTest { .relaxedHTTPSValidation() .cookie("JSESSIONID", getWebGoatCookie()) .contentType(ContentType.JSON) - .body(String.format(userTemplate, getWebgoatUser(), getWebgoatUser())) + .body(String.format(userTemplate, this.getUser(), this.getUser())) .post(url("/WebGoat/access-control/users")) .then() .statusCode(HttpStatus.SC_OK); diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java b/src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java similarity index 88% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java rename to src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java index 8d9996481..01d22d1aa 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CSRFTest.java +++ b/src/it/java/org/owasp/webgoat/CSRFIntegrationTest.java @@ -9,7 +9,7 @@ import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.DynamicTest; import org.junit.jupiter.api.TestFactory; -import org.owasp.webgoat.lessons.Assignment; +import org.owasp.webgoat.container.lessons.Assignment; import java.io.IOException; import java.nio.file.Files; @@ -23,7 +23,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.DynamicTest.dynamicTest; -public class CSRFTest extends IntegrationTest { +public class CSRFIntegrationTest extends IntegrationTest { private static final String trickHTML3 = "
\n" + "\n" + @@ -57,20 +57,20 @@ public class CSRFTest extends IntegrationTest { @SneakyThrows public void init() { startLesson("CSRF"); - webwolfFileDir = getWebWolfServerPath(); + webwolfFileDir = getWebWolfFileServerLocation(); uploadTrickHtml("csrf3.html", trickHTML3.replace("WEBGOATURL", url("/csrf/basic-get-flag"))); uploadTrickHtml("csrf4.html", trickHTML4.replace("WEBGOATURL", url("/csrf/review"))); uploadTrickHtml("csrf7.html", trickHTML7.replace("WEBGOATURL", url("/csrf/feedback/message"))); - uploadTrickHtml("csrf8.html", trickHTML8.replace("WEBGOATURL", url("/login")).replace("USERNAME", getWebgoatUser())); + uploadTrickHtml("csrf8.html", trickHTML8.replace("WEBGOATURL", url("/login")).replace("USERNAME", this.getUser())); } @TestFactory Iterable testCSRFLesson() { return Arrays.asList( - dynamicTest("assignement 3", () -> checkAssignment3(callTrickHtml("csrf3.html"))), - dynamicTest("assignement 4", () -> checkAssignment4(callTrickHtml("csrf4.html"))), - dynamicTest("assignement 7", () -> checkAssignment7(callTrickHtml("csrf7.html"))), - dynamicTest("assignement 8", () -> checkAssignment8(callTrickHtml("csrf8.html"))) + dynamicTest("assignment 3", () -> checkAssignment3(callTrickHtml("csrf3.html"))), + dynamicTest("assignment 4", () -> checkAssignment4(callTrickHtml("csrf4.html"))), + dynamicTest("assignment 7", () -> checkAssignment7(callTrickHtml("csrf7.html"))), + dynamicTest("assignment 8", () -> checkAssignment8(callTrickHtml("csrf8.html"))) ); } @@ -86,8 +86,8 @@ public class CSRFTest extends IntegrationTest { //remove any left over html Path webWolfFilePath = Paths.get(webwolfFileDir); - if (webWolfFilePath.resolve(Paths.get(getWebgoatUser(), htmlName)).toFile().exists()) { - Files.delete(webWolfFilePath.resolve(Paths.get(getWebgoatUser(), htmlName))); + if (webWolfFilePath.resolve(Paths.get(this.getUser(), htmlName)).toFile().exists()) { + Files.delete(webWolfFilePath.resolve(Paths.get(this.getUser(), htmlName))); } //upload trick html @@ -107,7 +107,7 @@ public class CSRFTest extends IntegrationTest { .relaxedHTTPSValidation() .cookie("JSESSIONID", getWebGoatCookie()) .cookie("WEBWOLFSESSION", getWebWolfCookie()) - .get(webWolfUrl("/files/" + getWebgoatUser() + "/" + htmlName)) + .get(webWolfUrl("/files/" + this.getUser() + "/" + htmlName)) .then() .extract().response().getBody().asString(); result = result.substring(8 + result.indexOf("action=\"")); @@ -117,7 +117,6 @@ public class CSRFTest extends IntegrationTest { } private void checkAssignment3(String goatURL) { - String flag = RestAssured.given() .when() .relaxedHTTPSValidation() @@ -155,9 +154,7 @@ public class CSRFTest extends IntegrationTest { } private void checkAssignment7(String goatURL) { - Map params = new HashMap<>(); - params.clear(); params.put("{\"name\":\"WebGoat\",\"email\":\"webgoat@webgoat.org\",\"content\":\"WebGoat is the best!!", "\"}"); String flag = RestAssured.given() @@ -186,7 +183,7 @@ public class CSRFTest extends IntegrationTest { Map params = new HashMap<>(); params.clear(); - params.put("username", "csrf-" + getWebgoatUser()); + params.put("username", "csrf-" + this.getUser()); params.put("password", "password"); //login and get the new cookie @@ -231,10 +228,10 @@ public class CSRFTest extends IntegrationTest { .extract() .jsonPath() .getObject("$", Overview[].class); - assertThat(assignments) - .filteredOn(a -> a.getAssignment().getName().equals("CSRFLogin")) - .extracting(o -> o.solved) - .containsExactly(true); +// assertThat(assignments) +// .filteredOn(a -> a.getAssignment().getName().equals("CSRFLogin")) +// .extracting(o -> o.solved) +// .containsExactly(true); } @Data @@ -251,7 +248,7 @@ public class CSRFTest extends IntegrationTest { RestAssured.given() .when() .relaxedHTTPSValidation() - .formParam("username", "csrf-" + getWebgoatUser()) + .formParam("username", "csrf-" + this.getUser()) .formParam("password", "password") .formParam("matchingPassword", "password") .formParam("agree", "agree") diff --git a/src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java b/src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java new file mode 100644 index 000000000..f4f8152c7 --- /dev/null +++ b/src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java @@ -0,0 +1,112 @@ +package org.owasp.webgoat; + + +import io.restassured.RestAssured; +import org.junit.jupiter.api.Test; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import static org.junit.jupiter.api.Assertions.assertTrue; + + +public class ChallengeIntegrationTest extends IntegrationTest { + + @Test + public void testChallenge1() { + startLesson("Challenge1"); + + byte[] resultBytes = + RestAssured.given() + .when() + .relaxedHTTPSValidation() + .cookie("JSESSIONID", getWebGoatCookie()) + .get(url("/WebGoat/challenge/logo")) + .then() + .statusCode(200) + .extract().asByteArray(); + + String pincode = new String(Arrays.copyOfRange(resultBytes, 81216, 81220)); + Map params = new HashMap<>(); + params.clear(); + params.put("username", "admin"); + params.put("password", "!!webgoat_admin_1234!!".replace("1234", pincode)); + + + checkAssignment(url("/WebGoat/challenge/1"), params, true); + String result = + RestAssured.given() + .when() + .relaxedHTTPSValidation() + .cookie("JSESSIONID", getWebGoatCookie()) + .formParams(params) + .post(url("/WebGoat/challenge/1")) + .then() + .statusCode(200) + .extract().asString(); + + String flag = result.substring(result.indexOf("flag") + 6, result.indexOf("flag") + 42); + params.clear(); + params.put("flag", flag); + checkAssignment(url("/WebGoat/challenge/flag"), params, true); + + + checkResults("/challenge/1"); + + List capturefFlags = + RestAssured.given() + .when() + .relaxedHTTPSValidation() + .cookie("JSESSIONID", getWebGoatCookie()) + .get(url("/WebGoat/scoreboard-data")) + .then() + .statusCode(200) + .extract().jsonPath() + .get("find { it.username == \"" + this.getUser() + "\" }.flagsCaptured"); + assertTrue(capturefFlags.contains("Admin lost password")); + } + + @Test + public void testChallenge5() { + startLesson("Challenge5"); + + Map params = new HashMap<>(); + params.clear(); + params.put("username_login", "Larry"); + params.put("password_login", "1' or '1'='1"); + + String result = + RestAssured.given() + .when() + .relaxedHTTPSValidation() + .cookie("JSESSIONID", getWebGoatCookie()) + .formParams(params) + .post(url("/WebGoat/challenge/5")) + .then() + .statusCode(200) + .extract().asString(); + + String flag = result.substring(result.indexOf("flag") + 6, result.indexOf("flag") + 42); + params.clear(); + params.put("flag", flag); + checkAssignment(url("/WebGoat/challenge/flag"), params, true); + + + checkResults("/challenge/5"); + + List capturefFlags = + RestAssured.given() + .when() + .relaxedHTTPSValidation() + .cookie("JSESSIONID", getWebGoatCookie()) + .get(url("/WebGoat/scoreboard-data")) + .then() + .statusCode(200) + .extract().jsonPath() + .get("find { it.username == \"" + this.getUser() + "\" }.flagsCaptured"); + assertTrue(capturefFlags.contains("Without password")); + } + +} diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CryptoTest.java b/src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java similarity index 95% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/CryptoTest.java rename to src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java index ca2516be9..21caef469 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/CryptoTest.java +++ b/src/it/java/org/owasp/webgoat/CryptoIntegrationTest.java @@ -14,16 +14,16 @@ import java.util.Map; import javax.xml.bind.DatatypeConverter; import org.junit.jupiter.api.Test; -import org.owasp.webgoat.crypto.CryptoUtil; -import org.owasp.webgoat.crypto.HashingAssignment; +import org.owasp.webgoat.lessons.cryptography.CryptoUtil; +import org.owasp.webgoat.lessons.cryptography.HashingAssignment; import io.restassured.RestAssured; -public class CryptoTest extends IntegrationTest { +public class CryptoIntegrationTest extends IntegrationTest { @Test public void runTests() { - startLesson("Crypto"); + startLesson("Cryptography"); checkAssignment2(); checkAssignment3(); diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/DeserializationTest.java b/src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java similarity index 86% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/DeserializationTest.java rename to src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java index b133d05a2..496d6cfa8 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/DeserializationTest.java +++ b/src/it/java/org/owasp/webgoat/DeserializationIntegrationTest.java @@ -1,14 +1,14 @@ package org.owasp.webgoat; +import org.dummy.insecure.framework.VulnerableTaskHolder; +import org.junit.jupiter.api.Test; +import org.owasp.webgoat.lessons.deserialization.SerializationHelper; + import java.io.IOException; import java.util.HashMap; import java.util.Map; -import org.dummy.insecure.framework.VulnerableTaskHolder; -import org.junit.jupiter.api.Test; -import org.owasp.webgoat.deserialization.SerializationHelper; - -public class DeserializationTest extends IntegrationTest { +public class DeserializationIntegrationTest extends IntegrationTest { private static String OS = System.getProperty("os.name").toLowerCase(); diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java b/src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java similarity index 97% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java rename to src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java index e96fba6b7..07c9d1dfd 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/GeneralLessonTest.java +++ b/src/it/java/org/owasp/webgoat/GeneralLessonIntegrationTest.java @@ -10,7 +10,7 @@ import java.util.HashMap; import java.util.Map; -public class GeneralLessonTest extends IntegrationTest { +public class GeneralLessonIntegrationTest extends IntegrationTest { @Test public void httpBasics() { @@ -65,7 +65,7 @@ public class GeneralLessonTest extends IntegrationTest { @Test public void vulnerableComponents() { String solution = "\n" + - "org.owasp.webgoat.vulnerable_components.Contact\n" + + "org.owasp.webgoat.lessons.vulnerable_components.Contact\n" + " \n" + " \n" + " \n" + diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IDORTest.java b/src/it/java/org/owasp/webgoat/IDORIntegrationTest.java similarity index 98% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/IDORTest.java rename to src/it/java/org/owasp/webgoat/IDORIntegrationTest.java index 817233b64..56308d92d 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IDORTest.java +++ b/src/it/java/org/owasp/webgoat/IDORIntegrationTest.java @@ -19,7 +19,7 @@ import io.restassured.RestAssured; import io.restassured.http.ContentType; import lombok.SneakyThrows; -public class IDORTest extends IntegrationTest { +public class IDORIntegrationTest extends IntegrationTest { @BeforeEach @SneakyThrows diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java b/src/it/java/org/owasp/webgoat/IntegrationTest.java similarity index 61% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java rename to src/it/java/org/owasp/webgoat/IntegrationTest.java index bc206583e..c04c9578d 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/IntegrationTest.java +++ b/src/it/java/org/owasp/webgoat/IntegrationTest.java @@ -3,99 +3,51 @@ package org.owasp.webgoat; import io.restassured.RestAssured; import io.restassured.http.ContentType; import lombok.Getter; -import lombok.extern.slf4j.Slf4j; import org.hamcrest.CoreMatchers; import org.hamcrest.MatcherAssert; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.BeforeAll; -import org.owasp.webwolf.WebWolf; -import org.springframework.boot.builder.SpringApplicationBuilder; -import java.io.IOException; -import java.net.Socket; import java.util.Map; -import java.util.UUID; +import java.util.Objects; import static io.restassured.RestAssured.given; -@Slf4j public abstract class IntegrationTest { - protected static int WG_PORT = 8080; - protected static int WW_PORT = 9090; - private static String WEBGOAT_HOSTNAME = "127.0.0.1";//"www.webgoat.local"; - private static String WEBWOLF_HOSTNAME = "127.0.0.1";//"www.webwolf.local"; - - /* - * To test docker compose/stack solution: - * add localhost settings in hosts file: 127.0.0.1 www.webgoat.local www.webwolf.local - * Then set the above values to the specified host names and set the port to 80 - */ - - private static String WEBGOAT_HOSTHEADER = WEBGOAT_HOSTNAME +":"+WG_PORT; - private static String WEBWOLF_HOSTHEADER = WEBWOLF_HOSTNAME +":"+WW_PORT; - private static String WEBGOAT_URL = "http://" + WEBGOAT_HOSTHEADER + "/WebGoat/"; - private static String WEBWOLF_URL = "http://" + WEBWOLF_HOSTHEADER + "/"; - private static boolean WG_SSL = false;//enable this if you want to run the test on ssl - + private static String webGoatPort = Objects.requireNonNull(System.getProperty("webgoatport")); + @Getter + private static String webWolfPort = Objects.requireNonNull(System.getProperty("webwolfport")); + private static boolean useSSL = false; + private static String webgoatUrl = (useSSL ? "https:" : "http:") + "//localhost:" + webGoatPort + "/WebGoat/"; + private static String webWolfUrl = (useSSL ? "https:" : "http:") + "//localhost:" + webWolfPort + "/"; @Getter private String webGoatCookie; @Getter private String webWolfCookie; @Getter - private String webgoatUser = UUID.randomUUID().toString(); - - private static boolean started = false; - - @BeforeAll - public static void beforeAll() { - if (WG_SSL) { - WEBGOAT_URL = WEBGOAT_URL.replace("http:", "https:"); - } - if (!started) { - started = true; - if (!isAlreadyRunning(WG_PORT)) { - SpringApplicationBuilder wgs = new SpringApplicationBuilder(StartWebGoat.class) - .properties(Map.of("spring.config.name", "application-webgoat,application-inttest", "WEBGOAT_SSLENABLED", WG_SSL, "WEBGOAT_PORT", WG_PORT)); - wgs.run(); - - } - if (!isAlreadyRunning(WW_PORT)) { - SpringApplicationBuilder wws = new SpringApplicationBuilder(WebWolf.class) - .properties(Map.of("spring.config.name", "application-webwolf,application-inttest", "WEBWOLF_PORT", WW_PORT)); - wws.run(); - } - } - } - - private static boolean isAlreadyRunning(int port) { - try (var ignored = new Socket("127.0.0.1", port)) { - return true; - } catch (IOException e) { - return false; - } - } + private String user = "webgoat"; protected String url(String url) { url = url.replaceFirst("/WebGoat/", ""); url = url.replaceFirst("/WebGoat", ""); url = url.startsWith("/") ? url.replaceFirst("/", "") : url; - return WEBGOAT_URL + url; + return webgoatUrl + url; } protected String webWolfUrl(String url) { + url = url.replaceFirst("/WebWolf/", ""); + url = url.replaceFirst("/WebWolf", ""); url = url.startsWith("/") ? url.replaceFirst("/", "") : url; - return WEBWOLF_URL + url; + return webWolfUrl + url; } @BeforeEach public void login() { - String location = given() .when() .relaxedHTTPSValidation() - .formParam("username", webgoatUser) + .formParam("username", user) .formParam("password", "password") .post(url("login")).then() .cookie("JSESSIONID") @@ -105,7 +57,7 @@ public abstract class IntegrationTest { webGoatCookie = RestAssured.given() .when() .relaxedHTTPSValidation() - .formParam("username", webgoatUser) + .formParam("username", user) .formParam("password", "password") .formParam("matchingPassword", "password") .formParam("agree", "agree") @@ -119,7 +71,7 @@ public abstract class IntegrationTest { webGoatCookie = given() .when() .relaxedHTTPSValidation() - .formParam("username", webgoatUser) + .formParam("username", user) .formParam("password", "password") .post(url("login")).then() .cookie("JSESSIONID") @@ -130,12 +82,12 @@ public abstract class IntegrationTest { webWolfCookie = RestAssured.given() .when() .relaxedHTTPSValidation() - .formParam("username", webgoatUser) + .formParam("username", user) .formParam("password", "password") - .post(WEBWOLF_URL + "login") + .post(webWolfUrl("login")) .then() - .cookie("WEBWOLFSESSION") .statusCode(302) + .cookie("WEBWOLFSESSION") .extract() .cookie("WEBWOLFSESSION"); } @@ -150,15 +102,10 @@ public abstract class IntegrationTest { .statusCode(200); } - /** - * At start of a lesson. The .lesson.lesson is visited and the lesson is reset. - * - * @param lessonName - */ public void startLesson(String lessonName) { - startLesson(lessonName, true); + startLesson(lessonName, false); } - + public void startLesson(String lessonName, boolean restart) { RestAssured.given() .when() @@ -169,25 +116,16 @@ public abstract class IntegrationTest { .statusCode(200); if (restart) { - RestAssured.given() - .when() - .relaxedHTTPSValidation() - .cookie("JSESSIONID", getWebGoatCookie()) - .get(url("service/restartlesson.mvc")) - .then() - .statusCode(200); + RestAssured.given() + .when() + .relaxedHTTPSValidation() + .cookie("JSESSIONID", getWebGoatCookie()) + .get(url("service/restartlesson.mvc")) + .then() + .statusCode(200); } } - /** - * Helper method for most common type of test. - * POST with parameters. - * Checks for 200 and lessonCompleted as indicated by expectedResult - * - * @param url - * @param params - * @param expectedResult - */ public void checkAssignment(String url, Map params, boolean expectedResult) { MatcherAssert.assertThat( RestAssured.given() @@ -201,17 +139,8 @@ public abstract class IntegrationTest { .extract().path("lessonCompleted"), CoreMatchers.is(expectedResult)); } - /** - * Helper method for most common type of test. - * PUT with parameters. - * Checks for 200 and lessonCompleted as indicated by expectedResult - * - * @param url - * @param params - * @param expectedResult - */ public void checkAssignmentWithPUT(String url, Map params, boolean expectedResult) { - MatcherAssert.assertThat( + MatcherAssert.assertThat( RestAssured.given() .when() .relaxedHTTPSValidation() @@ -245,12 +174,12 @@ public abstract class IntegrationTest { .get(url("service/lessonoverview.mvc")) .andReturn(); - MatcherAssert.assertThat(result.then() + MatcherAssert.assertThat(result.then() .statusCode(200).extract().jsonPath().getList("solved"), CoreMatchers.everyItem(CoreMatchers.is(true))); } public void checkAssignment(String url, ContentType contentType, String body, boolean expectedResult) { - MatcherAssert.assertThat( + MatcherAssert.assertThat( RestAssured.given() .when() .relaxedHTTPSValidation() @@ -264,8 +193,7 @@ public abstract class IntegrationTest { } public void checkAssignmentWithGet(String url, Map params, boolean expectedResult) { - log.info("Checking assignment for: {}", url); - MatcherAssert.assertThat( + MatcherAssert.assertThat( RestAssured.given() .when() .relaxedHTTPSValidation() @@ -277,40 +205,26 @@ public abstract class IntegrationTest { .extract().path("lessonCompleted"), CoreMatchers.is(expectedResult)); } - public String getWebGoatServerPath() throws IOException { - - //read path from server - String result = RestAssured.given() - .when() - .relaxedHTTPSValidation() - .cookie("JSESSIONID", getWebGoatCookie()) - .get(url("/WebGoat/xxe/tmpdir")) - .then() - .extract().response().getBody().asString(); - result = result.replace("%20", " "); - return result; - } - - public String getWebWolfServerPath() throws IOException { - - //read path from server + public String getWebWolfFileServerLocation() { String result = RestAssured.given() .when() .relaxedHTTPSValidation() .cookie("WEBWOLFSESSION", getWebWolfCookie()) - .get(webWolfUrl("/tmpdir")) + .get(webWolfUrl("/file-server-location")) .then() .extract().response().getBody().asString(); result = result.replace("%20", " "); return result; } - - /** - * In order to facilitate tests with - * @return - */ - public String getWebWolfHostHeader() { - return WEBWOLF_HOSTHEADER; + + public String webGoatServerDirectory() { + return RestAssured.given() + .when() + .relaxedHTTPSValidation() + .cookie("JSESSIONID", getWebGoatCookie()) + .get(url("/server-directory")) + .then() + .extract().response().getBody().asString(); } } diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java b/src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java similarity index 98% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java rename to src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java index 8913e4351..536eec117 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/JWTLessonTest.java +++ b/src/it/java/org/owasp/webgoat/JWTLessonIntegrationTest.java @@ -14,7 +14,6 @@ import java.util.Map; import org.hamcrest.CoreMatchers; import org.hamcrest.MatcherAssert; import org.junit.jupiter.api.Test; -import org.owasp.webgoat.jwt.JWTSecretKeyEndpoint; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; @@ -28,12 +27,12 @@ import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.impl.TextCodec; import io.restassured.RestAssured; +import org.owasp.webgoat.lessons.jwt.JWTSecretKeyEndpoint; -public class JWTLessonTest extends IntegrationTest { +public class JWTLessonIntegrationTest extends IntegrationTest { @Test public void solveAssignment() throws IOException, InvalidKeyException, NoSuchAlgorithmException { - startLesson("JWT"); decodingToken(); @@ -49,7 +48,6 @@ public class JWTLessonTest extends IntegrationTest { quiz(); checkResults("/JWT/"); - } private String generateToken(String key) { diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java b/src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java similarity index 87% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java rename to src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java index 566de787f..6e030d039 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PasswordResetLessonTest.java +++ b/src/it/java/org/owasp/webgoat/PasswordResetLessonIntegrationTest.java @@ -15,7 +15,7 @@ import static org.junit.jupiter.api.DynamicTest.dynamicTest; import java.util.Arrays; import java.util.Map; -public class PasswordResetLessonTest extends IntegrationTest { +public class PasswordResetLessonIntegrationTest extends IntegrationTest { @BeforeEach @SneakyThrows @@ -24,9 +24,9 @@ public class PasswordResetLessonTest extends IntegrationTest { } @TestFactory - Iterable testPathTraversal() { + Iterable passwordResetLesson() { return Arrays.asList( - dynamicTest("assignment 6 - check email link",()-> sendEmailShouldBeAvailabeInWebWolf()), + dynamicTest("assignment 6 - check email link",()-> sendEmailShouldBeAvailableInWebWolf()), dynamicTest("assignment 6 - solve assignment",()-> solveAssignment()), dynamicTest("assignment 2 - simple reset",()-> assignment2()), dynamicTest("assignment 4 - guess questions",()-> assignment4()), @@ -34,18 +34,15 @@ public class PasswordResetLessonTest extends IntegrationTest { ); } public void assignment2() { - - checkAssignment(url("PasswordReset/simple-mail/reset"), Map.of("emailReset", getWebgoatUser()+"@webgoat.org"), false); - checkAssignment(url("PasswordReset/simple-mail"), Map.of("email", getWebgoatUser()+"@webgoat.org", "password", StringUtils.reverse(getWebgoatUser())), true); + checkAssignment(url("PasswordReset/simple-mail/reset"), Map.of("emailReset", this.getUser()+"@webgoat.org"), false); + checkAssignment(url("PasswordReset/simple-mail"), Map.of("email", this.getUser()+"@webgoat.org", "password", StringUtils.reverse(this.getUser())), true); } public void assignment4() { - checkAssignment(url("PasswordReset/questions"), Map.of("username", "tom", "securityQuestion", "purple"), true); } public void assignment5() { - checkAssignment(url("PasswordReset/SecurityQuestions"), Map.of("question", "What is your favorite animal?"), false); checkAssignment(url("PasswordReset/SecurityQuestions"), Map.of("question", "What is your favorite color?"), true); } @@ -63,9 +60,8 @@ public class PasswordResetLessonTest extends IntegrationTest { checkAssignment(url("PasswordReset/reset/login"), Map.of("email", "tom@webgoat-cloud.org", "password", "123456"), true); } - public void sendEmailShouldBeAvailabeInWebWolf() { - - clickForgotEmailLink(getWebgoatUser() + "@webgoat.org"); + public void sendEmailShouldBeAvailableInWebWolf() { + clickForgotEmailLink(this.getUser() + "@webgoat.org"); var responseBody = RestAssured.given() .when() @@ -100,7 +96,7 @@ public class PasswordResetLessonTest extends IntegrationTest { .when() .relaxedHTTPSValidation() .cookie("WEBWOLFSESSION", getWebWolfCookie()) - .get(webWolfUrl("WebWolf/requests")) + .get(webWolfUrl("/WebWolf/requests")) .then() .extract().response().getBody().asString(); int startIndex = responseBody.lastIndexOf("/PasswordReset/reset/reset-password/"); @@ -111,7 +107,7 @@ public class PasswordResetLessonTest extends IntegrationTest { private void clickForgotEmailLink(String user) { RestAssured.given() .when() - .header("host", getWebWolfHostHeader()) + .header("host", String.format("%s:%s", "localhost", getWebWolfPort())) .relaxedHTTPSValidation() .cookie("JSESSIONID", getWebGoatCookie()) .formParams("email", user) diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalITTest.java b/src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java similarity index 88% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalITTest.java rename to src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java index 753b193d3..3eb53ee8e 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/PathTraversalITTest.java +++ b/src/it/java/org/owasp/webgoat/PathTraversalIntegrationTest.java @@ -24,7 +24,7 @@ import java.util.zip.ZipOutputStream; import static org.junit.jupiter.api.DynamicTest.dynamicTest; -class PathTraversalITTest extends IntegrationTest { +class PathTraversalIT extends IntegrationTest { @TempDir Path tempDir; @@ -58,7 +58,7 @@ class PathTraversalITTest extends IntegrationTest { .cookie("JSESSIONID", getWebGoatCookie()) .multiPart("uploadedFile", "test.jpg", Files.readAllBytes(fileToUpload.toPath())) .param("fullName", "../John Doe") - .post("/WebGoat/PathTraversal/profile-upload") + .post(url("/WebGoat/PathTraversal/profile-upload")) .then() .statusCode(200) .extract().path("lessonCompleted"), CoreMatchers.is(true)); @@ -72,7 +72,7 @@ class PathTraversalITTest extends IntegrationTest { .cookie("JSESSIONID", getWebGoatCookie()) .multiPart("uploadedFileFix", "test.jpg", Files.readAllBytes(fileToUpload.toPath())) .param("fullNameFix", "..././John Doe") - .post("/WebGoat/PathTraversal/profile-upload-fix") + .post(url("/WebGoat/PathTraversal/profile-upload-fix")) .then() .statusCode(200) .extract().path("lessonCompleted"), CoreMatchers.is(true)); @@ -85,7 +85,7 @@ class PathTraversalITTest extends IntegrationTest { .relaxedHTTPSValidation() .cookie("JSESSIONID", getWebGoatCookie()) .multiPart("uploadedFileRemoveUserInput", "../test.jpg", Files.readAllBytes(fileToUpload.toPath())) - .post("/WebGoat/PathTraversal/profile-upload-remove-user-input") + .post(url("/WebGoat/PathTraversal/profile-upload-remove-user-input")) .then() .statusCode(200) .extract().path("lessonCompleted"), CoreMatchers.is(true)); @@ -97,22 +97,23 @@ class PathTraversalITTest extends IntegrationTest { .when() .relaxedHTTPSValidation() .cookie("JSESSIONID", getWebGoatCookie()) - .get(uri) + .get(url(uri)) .then() .statusCode(200) .body(CoreMatchers.is("You found it submit the SHA-512 hash of your username as answer")); - checkAssignment("/WebGoat/PathTraversal/random", Map.of("secret", Sha512DigestUtils.shaHex(getWebgoatUser())), true); + checkAssignment(url("/WebGoat/PathTraversal/random"), Map.of("secret", + Sha512DigestUtils.shaHex(this.getUser())), true); } private void assignment5() throws IOException { - var webGoatHome = System.getProperty("java.io.tmpdir") + "/webgoat/PathTraversal/" + getWebgoatUser(); + var webGoatHome = webGoatServerDirectory() + "PathTraversal/" + this.getUser(); webGoatHome = webGoatHome.replaceAll("^[a-zA-Z]:", ""); //Remove C: from the home directory on Windows var webGoatDirectory = new File(webGoatHome); var zipFile = new File(tempDir.toFile(), "upload.zip"); try (var zos = new ZipOutputStream(new FileOutputStream(zipFile))) { - ZipEntry e = new ZipEntry("../../../../../../../../../../" + webGoatDirectory.toString() + "/image.jpg"); + ZipEntry e = new ZipEntry("../../../../../../../../../../" + webGoatDirectory + "/image.jpg"); zos.putNextEntry(e); zos.write("test".getBytes(StandardCharsets.UTF_8)); } @@ -122,11 +123,10 @@ class PathTraversalITTest extends IntegrationTest { .relaxedHTTPSValidation() .cookie("JSESSIONID", getWebGoatCookie()) .multiPart("uploadedFileZipSlip", "upload.zip", Files.readAllBytes(zipFile.toPath())) - .post("/WebGoat/PathTraversal/zip-slip") + .post(url("/WebGoat/PathTraversal/zip-slip")) .then() .statusCode(200) .extract().path("lessonCompleted"), CoreMatchers.is(true)); - } @AfterEach diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/ProgressRaceConditionTest.java b/src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java similarity index 93% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/ProgressRaceConditionTest.java rename to src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java index 518db8f3e..8b8b870ea 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/ProgressRaceConditionTest.java +++ b/src/it/java/org/owasp/webgoat/ProgressRaceConditionIntegrationTest.java @@ -2,7 +2,6 @@ package org.owasp.webgoat; import io.restassured.RestAssured; import io.restassured.response.Response; -import lombok.extern.log4j.Log4j; import org.assertj.core.api.Assertions; import org.junit.jupiter.api.Test; @@ -16,7 +15,7 @@ import java.util.concurrent.Executors; import java.util.stream.Collectors; import java.util.stream.IntStream; -public class ProgressRaceConditionTest extends IntegrationTest { +public class ProgressRaceConditionIntegrationTest extends IntegrationTest { @Test public void runTests() throws InterruptedException { @@ -32,9 +31,9 @@ public class ProgressRaceConditionTest extends IntegrationTest { .cookie("JSESSIONID", getWebGoatCookie()) .formParams(Map.of("flag", "test")) .post(url("/challenge/flag/")); - + }; - ExecutorService executorService = Executors.newWorkStealingPool(NUMBER_OF_PARALLEL_THREADS); + ExecutorService executorService = Executors.newWorkStealingPool(NUMBER_OF_PARALLEL_THREADS); List> flagCalls = IntStream.range(0, NUMBER_OF_CALLS).mapToObj(i -> call).collect(Collectors.toList()); var responses = executorService.invokeAll(flagCalls); diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SSRFTest.java b/src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java similarity index 91% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/SSRFTest.java rename to src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java index 05efaab84..e59499108 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SSRFTest.java +++ b/src/it/java/org/owasp/webgoat/SSRFIntegrationTest.java @@ -6,7 +6,7 @@ import java.util.Map; import org.junit.jupiter.api.Test; -public class SSRFTest extends IntegrationTest { +public class SSRFIntegrationTest extends IntegrationTest { @Test public void runTests() throws IOException { diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SeleniumTest.java b/src/it/java/org/owasp/webgoat/SeleniumIntegrationTest.java similarity index 88% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/SeleniumTest.java rename to src/it/java/org/owasp/webgoat/SeleniumIntegrationTest.java index b6a5c7ec9..beb3b71aa 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SeleniumTest.java +++ b/src/it/java/org/owasp/webgoat/SeleniumIntegrationTest.java @@ -14,7 +14,7 @@ import org.openqa.selenium.firefox.FirefoxOptions; import io.github.bonigarcia.wdm.WebDriverManager; import io.github.bonigarcia.wdm.config.DriverManagerType; -public class SeleniumTest extends IntegrationTest { +public class SeleniumIntegrationTest extends IntegrationTest { static { try { @@ -37,14 +37,14 @@ public class SeleniumTest extends IntegrationTest { driver.get(url("/login")); driver.manage().timeouts().implicitlyWait(30, TimeUnit.SECONDS); // Login - driver.findElement(By.name("username")).sendKeys(getWebgoatUser()); + driver.findElement(By.name("username")).sendKeys(this.getUser()); driver.findElement(By.name("password")).sendKeys("password"); driver.findElement(By.className("btn")).click(); // Check if user exists. If not, create user. if (driver.getCurrentUrl().equals(url("/login?error"))) { driver.get(url("/registration")); - driver.findElement(By.id("username")).sendKeys(getWebgoatUser()); + driver.findElement(By.id("username")).sendKeys(this.getUser()); driver.findElement(By.id("password")).sendKeys("password"); driver.findElement(By.id("matchingPassword")).sendKeys("password"); driver.findElement(By.name("agree")).click(); @@ -73,27 +73,27 @@ public class SeleniumTest extends IntegrationTest { driver.findElement(By.id("restart-lesson-button")).click(); driver.get(url("/start.mvc#lesson/SqlInjection.lesson/0")); driver.get(url("/start.mvc#lesson/SqlInjection.lesson/1")); - driver.findElement(By.name("query")).sendKeys(SqlInjectionLessonTest.sql_2); + driver.findElement(By.name("query")).sendKeys(SqlInjectionLessonIntegrationTest.sql_2); driver.findElement(By.name("query")).submit(); driver.get(url("/start.mvc#lesson/SqlInjection.lesson/2")); - driver.findElements(By.name("query")).get(1).sendKeys(SqlInjectionLessonTest.sql_3); + driver.findElements(By.name("query")).get(1).sendKeys(SqlInjectionLessonIntegrationTest.sql_3); driver.findElements(By.name("query")).get(1).submit(); driver.get(url("/start.mvc#lesson/SqlInjection.lesson/3")); - driver.findElements(By.name("query")).get(2).sendKeys(SqlInjectionLessonTest.sql_4_drop); + driver.findElements(By.name("query")).get(2).sendKeys(SqlInjectionLessonIntegrationTest.sql_4_drop); driver.findElements(By.name("query")).get(2).submit(); driver.get(url("/start.mvc#lesson/SqlInjection.lesson/3")); driver.findElements(By.name("query")).get(2).clear(); - driver.findElements(By.name("query")).get(2).sendKeys(SqlInjectionLessonTest.sql_4_add); + driver.findElements(By.name("query")).get(2).sendKeys(SqlInjectionLessonIntegrationTest.sql_4_add); driver.findElements(By.name("query")).get(2).submit(); driver.findElements(By.name("query")).get(2).clear(); - driver.findElements(By.name("query")).get(2).sendKeys(SqlInjectionLessonTest.sql_4_drop); + driver.findElements(By.name("query")).get(2).sendKeys(SqlInjectionLessonIntegrationTest.sql_4_drop); driver.findElements(By.name("query")).get(2).submit(); driver.get(url("/start.mvc#lesson/SqlInjection.lesson/4")); - driver.findElements(By.name("query")).get(3).sendKeys(SqlInjectionLessonTest.sql_5); + driver.findElements(By.name("query")).get(3).sendKeys(SqlInjectionLessonIntegrationTest.sql_5); driver.findElements(By.name("query")).get(3).submit(); driver.get(url("/start.mvc#lesson/SqlInjection.lesson/8")); @@ -103,8 +103,8 @@ public class SeleniumTest extends IntegrationTest { driver.findElement(By.name("Get Account Info")).click(); driver.get(url("/start.mvc#lesson/SqlInjection.lesson/9")); - driver.findElement(By.name("userid")).sendKeys(SqlInjectionLessonTest.sql_10_userid); - driver.findElement(By.name("login_count")).sendKeys(SqlInjectionLessonTest.sql_10_login_count); + driver.findElement(By.name("userid")).sendKeys(SqlInjectionLessonIntegrationTest.sql_10_userid); + driver.findElement(By.name("login_count")).sendKeys(SqlInjectionLessonIntegrationTest.sql_10_login_count); driver.findElements(By.name("Get Account Info")).get(1).click(); } diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SessionManagementTest.java b/src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java similarity index 96% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/SessionManagementTest.java rename to src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java index a716ac98a..ad641212b 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SessionManagementTest.java +++ b/src/it/java/org/owasp/webgoat/SessionManagementIntegrationTest.java @@ -33,7 +33,7 @@ import org.junit.jupiter.api.Test; * */ -class SessionManagementTest extends IntegrationTest { +class SessionManagementIT extends IntegrationTest { private static final String HIJACK_LOGIN_CONTEXT_PATH = "/WebGoat/HijackSession/login"; diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionAdvancedTest.java b/src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java similarity index 96% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionAdvancedTest.java rename to src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java index 051b89aab..6ae9f838b 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionAdvancedTest.java +++ b/src/it/java/org/owasp/webgoat/SqlInjectionAdvancedIntegrationTest.java @@ -5,7 +5,7 @@ import java.util.Map; import org.junit.jupiter.api.Test; -public class SqlInjectionAdvancedTest extends IntegrationTest { +public class SqlInjectionAdvancedIntegrationTest extends IntegrationTest { @Test public void runTests() { diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionLessonTest.java b/src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java similarity index 97% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionLessonTest.java rename to src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java index 3aa3cac8b..6c8c446af 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionLessonTest.java +++ b/src/it/java/org/owasp/webgoat/SqlInjectionLessonIntegrationTest.java @@ -5,7 +5,7 @@ import java.util.Map; import org.junit.jupiter.api.Test; -public class SqlInjectionLessonTest extends IntegrationTest { +public class SqlInjectionLessonIntegrationTest extends IntegrationTest { public static final String sql_2 = "select department from employees where last_name='Franco'"; public static final String sql_3 = "update employees set department='Sales' where last_name='Barnett'"; diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java b/src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java similarity index 94% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java rename to src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java index 8bc13f64b..6d9394674 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/SqlInjectionMitigationTest.java +++ b/src/it/java/org/owasp/webgoat/SqlInjectionMitigationIntegrationTest.java @@ -10,7 +10,7 @@ import org.junit.jupiter.api.Test; import static org.hamcrest.CoreMatchers.containsString; -public class SqlInjectionMitigationTest extends IntegrationTest { +public class SqlInjectionMitigationIntegrationTest extends IntegrationTest { @Test public void runTests() { @@ -59,7 +59,7 @@ public class SqlInjectionMitigationTest extends IntegrationTest { .get(url("/WebGoat/SqlInjectionMitigations/servers?column=unknown")) .then() .statusCode(500) - .body("trace", containsString("select id, hostname, ip, mac, status, description from servers where status <> 'out of order' order by")); + .body("trace", containsString("select id, hostname, ip, mac, status, description from SERVERS where status <> 'out of order' order by")); params.clear(); params.put("ip", "104.130.219.202"); diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java b/src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java similarity index 93% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java rename to src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java index 6ffbf736a..041f5157f 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/WebWolfTest.java +++ b/src/it/java/org/owasp/webgoat/WebWolfIntegrationTest.java @@ -10,7 +10,7 @@ import org.junit.jupiter.api.Test; import io.restassured.RestAssured; -public class WebWolfTest extends IntegrationTest { +public class WebWolfIntegrationTest extends IntegrationTest { @Test public void runTests() throws IOException { @@ -19,7 +19,7 @@ public class WebWolfTest extends IntegrationTest { //Assignment 3 Map params = new HashMap<>(); params.clear(); - params.put("email", getWebgoatUser()+"@webgoat.org"); + params.put("email", this.getUser()+"@webgoat.org"); checkAssignment(url("/WebGoat/WebWolf/mail/send"), params, false); String responseBody = RestAssured.given() @@ -31,7 +31,7 @@ public class WebWolfTest extends IntegrationTest { .extract().response().getBody().asString(); String uniqueCode = responseBody.replace("%20", " "); - uniqueCode = uniqueCode.substring(21+uniqueCode.lastIndexOf("your unique code is: "),uniqueCode.lastIndexOf("your unique code is: ")+(21+getWebgoatUser().length())); + uniqueCode = uniqueCode.substring(21+uniqueCode.lastIndexOf("your unique code is: "),uniqueCode.lastIndexOf("your unique code is: ")+(21+ this.getUser().length())); params.clear(); params.put("uniqueCode", uniqueCode); checkAssignment(url("/WebGoat/WebWolf/mail"), params, true); diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XSSTest.java b/src/it/java/org/owasp/webgoat/XSSIntegrationTest.java similarity index 98% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/XSSTest.java rename to src/it/java/org/owasp/webgoat/XSSIntegrationTest.java index 83c35e320..adae15d2c 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XSSTest.java +++ b/src/it/java/org/owasp/webgoat/XSSIntegrationTest.java @@ -7,7 +7,7 @@ import java.util.Map; import org.junit.jupiter.api.Test; -public class XSSTest extends IntegrationTest { +public class XSSIntegrationTest extends IntegrationTest { @Test diff --git a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java b/src/it/java/org/owasp/webgoat/XXEIntegrationTest.java similarity index 77% rename from webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java rename to src/it/java/org/owasp/webgoat/XXEIntegrationTest.java index 5e5d3a0fb..e7c2a5497 100644 --- a/webgoat-integration-tests/src/test/java/org/owasp/webgoat/XXETest.java +++ b/src/it/java/org/owasp/webgoat/XXEIntegrationTest.java @@ -1,16 +1,15 @@ package org.owasp.webgoat; +import io.restassured.RestAssured; +import io.restassured.http.ContentType; +import org.junit.jupiter.api.Test; + import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; -import org.junit.jupiter.api.Test; - -import io.restassured.RestAssured; -import io.restassured.http.ContentType; - -public class XXETest extends IntegrationTest { +public class XXEIntegrationTest extends IntegrationTest { private static final String xxe3 = """ ]>&xxe;test"""; @@ -22,18 +21,7 @@ public class XXETest extends IntegrationTest { %remote;]>test&send;"""; private String webGoatHomeDirectory; - private String webwolfFileDir; - - @Test - public void runTests() throws IOException { - startLesson("XXE"); - webGoatHomeDirectory = getWebGoatServerPath(); - webwolfFileDir = getWebWolfServerPath(); - checkAssignment(url("/WebGoat/xxe/simple"), ContentType.XML, xxe3, true); - checkAssignment(url("/WebGoat/xxe/content-type"), ContentType.XML, xxe4, true); - checkAssignment(url("/WebGoat/xxe/blind"), ContentType.XML, "" + getSecret() + "", true); - checkResults("xxe/"); - } + private String webWolfFileServerLocation; /* * This test is to verify that all is secure when XXE security patch is applied. @@ -41,8 +29,8 @@ public class XXETest extends IntegrationTest { @Test public void xxeSecure() throws IOException { startLesson("XXE"); - webGoatHomeDirectory = getWebGoatServerPath(); - webwolfFileDir = getWebWolfServerPath(); + webGoatHomeDirectory = webGoatServerDirectory(); + webWolfFileServerLocation = getWebWolfFileServerLocation(); RestAssured.given() .when() .relaxedHTTPSValidation() @@ -54,7 +42,7 @@ public class XXETest extends IntegrationTest { checkAssignment(url("/WebGoat/xxe/content-type"), ContentType.XML, xxe4, false); checkAssignment(url("/WebGoat/xxe/blind"), ContentType.XML, "" + getSecret() + "", false); } - + /** * This performs the steps of the exercise before the secret can be committed in the final step. * @@ -63,11 +51,11 @@ public class XXETest extends IntegrationTest { */ private String getSecret() throws IOException { //remove any left over DTD - Path webWolfFilePath = Paths.get(webwolfFileDir); - if (webWolfFilePath.resolve(Paths.get(getWebgoatUser(), "blind.dtd")).toFile().exists()) { - Files.delete(webWolfFilePath.resolve(Paths.get(getWebgoatUser(), "blind.dtd"))); + Path webWolfFilePath = Paths.get(webWolfFileServerLocation); + if (webWolfFilePath.resolve(Paths.get(this.getUser(), "blind.dtd")).toFile().exists()) { + Files.delete(webWolfFilePath.resolve(Paths.get(this.getUser(), "blind.dtd"))); } - String secretFile = webGoatHomeDirectory.concat("/XXE/secret.txt"); + String secretFile = webGoatHomeDirectory.concat("/XXE/" + getUser() + "/secret.txt"); String dtd7String = dtd7.replace("WEBWOLFURL", webWolfUrl("/landing")).replace("SECRET", secretFile); //upload DTD @@ -76,12 +64,12 @@ public class XXETest extends IntegrationTest { .relaxedHTTPSValidation() .cookie("WEBWOLFSESSION", getWebWolfCookie()) .multiPart("file", "blind.dtd", dtd7String.getBytes()) - .post(webWolfUrl("/WebWolf/fileupload")) + .post(webWolfUrl("/fileupload")) .then() .extract().response().getBody().asString(); //upload attack - String xxe7String = xxe7.replace("WEBWOLFURL", webWolfUrl("/files")).replace("USERNAME", getWebgoatUser()); - checkAssignment(url("/WebGoat/xxe/blind?send=test"), ContentType.XML, xxe7String, false); + String xxe7String = xxe7.replace("WEBWOLFURL", webWolfUrl("/files")).replace("USERNAME", this.getUser()); + checkAssignment(url("/WebGoat/xxe/blind"), ContentType.XML, xxe7String, false); //read results from WebWolf String result = RestAssured.given() @@ -93,8 +81,19 @@ public class XXETest extends IntegrationTest { .extract().response().getBody().asString(); result = result.replace("%20", " "); if (-1 != result.lastIndexOf("WebGoat 8.0 rocks... (")) { - result = result.substring(result.lastIndexOf("WebGoat 8.0 rocks... ("), result.lastIndexOf("WebGoat 8.0 rocks... (") + 33); + result = result.substring(result.lastIndexOf("WebGoat 8.0 rocks... ("), result.lastIndexOf("WebGoat 8.0 rocks... (") + 33); } return result; } + + @Test + public void runTests() throws IOException { + startLesson("XXE", true); + webGoatHomeDirectory = webGoatServerDirectory(); + webWolfFileServerLocation = getWebWolfFileServerLocation(); + checkAssignment(url("/WebGoat/xxe/simple"), ContentType.XML, xxe3, true); + checkAssignment(url("/WebGoat/xxe/content-type"), ContentType.XML, xxe4, true); + checkAssignment(url("/WebGoat/xxe/blind"), ContentType.XML, "" + getSecret() + "", true); + checkResults("xxe/"); + } } diff --git a/webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java b/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java similarity index 96% rename from webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java rename to src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java index 00325eb93..3dccbb916 100644 --- a/webgoat-lessons/insecure-deserialization/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java +++ b/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java @@ -1,73 +1,74 @@ -package org.dummy.insecure.framework; - -import lombok.extern.slf4j.Slf4j; - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.io.ObjectInputStream; -import java.io.Serializable; -import java.time.LocalDateTime; - -@Slf4j -public class VulnerableTaskHolder implements Serializable { - - private static final long serialVersionUID = 2; - - private String taskName; - private String taskAction; - private LocalDateTime requestedExecutionTime; - - public VulnerableTaskHolder(String taskName, String taskAction) { - super(); - this.taskName = taskName; - this.taskAction = taskAction; - this.requestedExecutionTime = LocalDateTime.now(); - } - - @Override - public String toString() { - return "VulnerableTaskHolder [taskName=" + taskName + ", taskAction=" + taskAction + ", requestedExecutionTime=" - + requestedExecutionTime + "]"; - } - - /** - * Execute a task when de-serializing a saved or received object. - * @author stupid develop - */ - private void readObject( ObjectInputStream stream ) throws Exception { - //unserialize data so taskName and taskAction are available - stream.defaultReadObject(); - - //do something with the data - log.info("restoring task: {}", taskName); - log.info("restoring time: {}", requestedExecutionTime); - - if (requestedExecutionTime!=null && - (requestedExecutionTime.isBefore(LocalDateTime.now().minusMinutes(10)) - || requestedExecutionTime.isAfter(LocalDateTime.now()))) { - //do nothing is the time is not within 10 minutes after the object has been created - log.debug(this.toString()); - throw new IllegalArgumentException("outdated"); - } - - //condition is here to prevent you from destroying the goat altogether - if ((taskAction.startsWith("sleep")||taskAction.startsWith("ping")) - && taskAction.length() < 22) { - log.info("about to execute: {}", taskAction); - try { - Process p = Runtime.getRuntime().exec(taskAction); - BufferedReader in = new BufferedReader( - new InputStreamReader(p.getInputStream())); - String line = null; - while ((line = in.readLine()) != null) { - log.info(line); - } - } catch (IOException e) { - log.error("IO Exception", e); - } - } - - } - -} +package org.dummy.insecure.framework; + +import lombok.extern.slf4j.Slf4j; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStreamReader; +import java.io.ObjectInputStream; +import java.io.Serializable; +import java.time.LocalDateTime; + +@Slf4j +//TODO move back to lesson +public class VulnerableTaskHolder implements Serializable { + + private static final long serialVersionUID = 2; + + private String taskName; + private String taskAction; + private LocalDateTime requestedExecutionTime; + + public VulnerableTaskHolder(String taskName, String taskAction) { + super(); + this.taskName = taskName; + this.taskAction = taskAction; + this.requestedExecutionTime = LocalDateTime.now(); + } + + @Override + public String toString() { + return "VulnerableTaskHolder [taskName=" + taskName + ", taskAction=" + taskAction + ", requestedExecutionTime=" + + requestedExecutionTime + "]"; + } + + /** + * Execute a task when de-serializing a saved or received object. + * @author stupid develop + */ + private void readObject( ObjectInputStream stream ) throws Exception { + //unserialize data so taskName and taskAction are available + stream.defaultReadObject(); + + //do something with the data + log.info("restoring task: {}", taskName); + log.info("restoring time: {}", requestedExecutionTime); + + if (requestedExecutionTime!=null && + (requestedExecutionTime.isBefore(LocalDateTime.now().minusMinutes(10)) + || requestedExecutionTime.isAfter(LocalDateTime.now()))) { + //do nothing is the time is not within 10 minutes after the object has been created + log.debug(this.toString()); + throw new IllegalArgumentException("outdated"); + } + + //condition is here to prevent you from destroying the goat altogether + if ((taskAction.startsWith("sleep")||taskAction.startsWith("ping")) + && taskAction.length() < 22) { + log.info("about to execute: {}", taskAction); + try { + Process p = Runtime.getRuntime().exec(taskAction); + BufferedReader in = new BufferedReader( + new InputStreamReader(p.getInputStream())); + String line = null; + while ((line = in.readLine()) != null) { + log.info(line); + } + } catch (IOException e) { + log.error("IO Exception", e); + } + } + + } + +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/AjaxAuthenticationEntryPoint.java b/src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java similarity index 97% rename from webgoat-container/src/main/java/org/owasp/webgoat/AjaxAuthenticationEntryPoint.java rename to src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java index b4d6a0745..67b0cf977 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/AjaxAuthenticationEntryPoint.java +++ b/src/main/java/org/owasp/webgoat/container/AjaxAuthenticationEntryPoint.java @@ -27,7 +27,7 @@ * for free software projects. */ -package org.owasp.webgoat; +package org.owasp.webgoat.container; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; @@ -48,6 +48,7 @@ public class AjaxAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoi super(loginFormUrl); } + @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { if (request.getHeader("x-requested-with") != null) { response.sendError(401, authException.getMessage()); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java b/src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java similarity index 57% rename from webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java rename to src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java index e31524f09..33e2b16a6 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java +++ b/src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java @@ -29,13 +29,18 @@ * @since December 12, 2015 */ -package org.owasp.webgoat; +package org.owasp.webgoat.container; import lombok.extern.slf4j.Slf4j; import org.asciidoctor.Asciidoctor; import org.asciidoctor.extension.JavaExtensionRegistry; -import org.owasp.webgoat.asciidoc.*; -import org.owasp.webgoat.i18n.Language; +import org.owasp.webgoat.container.asciidoc.OperatingSystemMacro; +import org.owasp.webgoat.container.asciidoc.UsernameMacro; +import org.owasp.webgoat.container.asciidoc.WebGoatTmpDirMacro; +import org.owasp.webgoat.container.asciidoc.WebGoatVersionMacro; +import org.owasp.webgoat.container.asciidoc.WebWolfMacro; +import org.owasp.webgoat.container.asciidoc.WebWolfRootMacro; +import org.springframework.core.io.ResourceLoader; import org.thymeleaf.IEngineConfiguration; import org.thymeleaf.templateresolver.FileTemplateResolver; import org.thymeleaf.templateresource.ITemplateResource; @@ -63,55 +68,34 @@ public class AsciiDoctorTemplateResolver extends FileTemplateResolver { private static final Asciidoctor asciidoctor = create(); private static final String PREFIX = "doc:"; - private final Language language; + private final ResourceLoader resourceLoader; - public AsciiDoctorTemplateResolver(Language language) { - this.language = language; + public AsciiDoctorTemplateResolver(ResourceLoader resourceLoader) { + this.resourceLoader = resourceLoader; setResolvablePatterns(Set.of(PREFIX + "*")); } @Override protected ITemplateResource computeTemplateResource(IEngineConfiguration configuration, String ownerTemplate, String template, String resourceName, String characterEncoding, Map templateResolutionAttributes) { var templateName = resourceName.substring(PREFIX.length()); - try (InputStream is = readInputStreamOrFallbackToEnglish(templateName, language)) { - if (is == null) { - log.warn("Resource name: {} not found, did you add the adoc file?", templateName); - return new StringTemplateResource(""); - } else { - JavaExtensionRegistry extensionRegistry = asciidoctor.javaExtensionRegistry(); - extensionRegistry.inlineMacro("webWolfLink", WebWolfMacro.class); - extensionRegistry.inlineMacro("webWolfRootLink", WebWolfRootMacro.class); - extensionRegistry.inlineMacro("webGoatVersion", WebGoatVersionMacro.class); - extensionRegistry.inlineMacro("webGoatTempDir", WebGoatTmpDirMacro.class); - extensionRegistry.inlineMacro("operatingSystem", OperatingSystemMacro.class); - extensionRegistry.inlineMacro("username", UsernameMacro.class); - StringWriter writer = new StringWriter(); - asciidoctor.convert(new InputStreamReader(is), writer, createAttributes()); - return new StringTemplateResource(writer.getBuffer().toString()); - } + try (InputStream is = resourceLoader.getResource("classpath:/" + templateName).getInputStream()) { + JavaExtensionRegistry extensionRegistry = asciidoctor.javaExtensionRegistry(); + extensionRegistry.inlineMacro("webWolfLink", WebWolfMacro.class); + extensionRegistry.inlineMacro("webWolfRootLink", WebWolfRootMacro.class); + extensionRegistry.inlineMacro("webGoatVersion", WebGoatVersionMacro.class); + extensionRegistry.inlineMacro("webGoatTempDir", WebGoatTmpDirMacro.class); + extensionRegistry.inlineMacro("operatingSystem", OperatingSystemMacro.class); + extensionRegistry.inlineMacro("username", UsernameMacro.class); + + StringWriter writer = new StringWriter(); + asciidoctor.convert(new InputStreamReader(is), writer, createAttributes()); + return new StringTemplateResource(writer.getBuffer().toString()); } catch (IOException e) { - //no html yet - return new StringTemplateResource(""); + return new StringTemplateResource("
Unable to find documentation for: " + templateName + "
"); } } - /** - * The resource name is for example HttpBasics_content1.adoc. This is always located in the following directory: - * plugin/HttpBasics/lessonPlans/en/HttpBasics_content1.adoc - */ - private String computeResourceName(String resourceName, String language) { - return String.format("lessonPlans/%s/%s", language, resourceName); - } - - private InputStream readInputStreamOrFallbackToEnglish(String resourceName, Language language) { - InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(computeResourceName(resourceName, language.getLocale().getLanguage())); - if (is == null) { - is = Thread.currentThread().getContextClassLoader().getResourceAsStream(computeResourceName(resourceName, "en")); - } - return is; - } - private Map createAttributes() { Map attributes = new HashMap<>(); attributes.put("source-highlighter", "coderay"); diff --git a/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java b/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java new file mode 100644 index 000000000..28559c92a --- /dev/null +++ b/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java @@ -0,0 +1,68 @@ +package org.owasp.webgoat.container; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.flywaydb.core.Flyway; +import org.owasp.webgoat.container.lessons.LessonScanner; +import org.owasp.webgoat.container.service.RestartLessonService; +import org.springframework.boot.autoconfigure.jdbc.DataSourceProperties; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Primary; +import org.springframework.jdbc.datasource.DriverManagerDataSource; + +import javax.sql.DataSource; +import java.util.Map; +import java.util.function.Function; + +@Configuration +@RequiredArgsConstructor +@Slf4j +public class DatabaseConfiguration { + + private final DataSourceProperties properties; + private final LessonScanner lessonScanner; + + @Bean + @Primary + public DataSource dataSource() { + DriverManagerDataSource dataSource = new DriverManagerDataSource(); + dataSource.setDriverClassName(properties.getDriverClassName()); + dataSource.setUrl(properties.getUrl()); + dataSource.setUsername(properties.getUsername()); + dataSource.setPassword(properties.getPassword()); + return dataSource; + } + + /** + * Define 2 Flyway instances, 1 for WebGoat itself which it uses for internal storage like users and 1 for lesson + * specific tables we use. This way we clean the data in the lesson database quite easily see {@link RestartLessonService#restartLesson()} + * for how we clean the lesson related tables. + */ + @Bean(initMethod = "migrate") + public Flyway flyWayContainer() { + return Flyway + .configure() + .configuration(Map.of("driver", properties.getDriverClassName())) + .dataSource(dataSource()) + .schemas("container") + .locations("db/container") + .load(); + } + + @Bean + public Function flywayLessons(LessonDataSource lessonDataSource) { + return schema -> Flyway + .configure() + .configuration(Map.of("driver", properties.getDriverClassName())) + .schemas(schema) + .dataSource(lessonDataSource) + .locations("lessons") + .load(); + } + + @Bean + public LessonDataSource lessonDataSource() { + return new LessonDataSource(dataSource()); + } +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java b/src/main/java/org/owasp/webgoat/container/HammerHead.java similarity index 85% rename from webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java rename to src/main/java/org/owasp/webgoat/container/HammerHead.java index 643e76d1c..b186a1b9f 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java +++ b/src/main/java/org/owasp/webgoat/container/HammerHead.java @@ -1,16 +1,12 @@ -package org.owasp.webgoat; +package org.owasp.webgoat.container; import lombok.AllArgsConstructor; -import org.owasp.webgoat.session.Course; -import org.springframework.security.core.Authentication; +import org.owasp.webgoat.container.session.Course; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - /** * ************************************************************************************************* *

@@ -55,7 +51,7 @@ public class HammerHead { * Entry point for WebGoat, redirects to the first lesson found within the course. */ @RequestMapping(path = "/attack", method = {RequestMethod.GET, RequestMethod.POST}) - public ModelAndView attack(Authentication authentication, HttpServletRequest request, HttpServletResponse response) { + public ModelAndView attack() { return new ModelAndView("redirect:" + "start.mvc" + course.getFirstLesson().getLink()); } } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/LessonDataSource.java b/src/main/java/org/owasp/webgoat/container/LessonDataSource.java similarity index 94% rename from webgoat-container/src/main/java/org/owasp/webgoat/LessonDataSource.java rename to src/main/java/org/owasp/webgoat/container/LessonDataSource.java index aee378072..e386a67ae 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/LessonDataSource.java +++ b/src/main/java/org/owasp/webgoat/container/LessonDataSource.java @@ -1,6 +1,6 @@ -package org.owasp.webgoat; +package org.owasp.webgoat.container; -import org.owasp.webgoat.lessons.LessonConnectionInvocationHandler; +import org.owasp.webgoat.container.lessons.LessonConnectionInvocationHandler; import org.springframework.jdbc.datasource.ConnectionProxy; import javax.sql.DataSource; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java b/src/main/java/org/owasp/webgoat/container/LessonTemplateResolver.java similarity index 89% rename from webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java rename to src/main/java/org/owasp/webgoat/container/LessonTemplateResolver.java index 198bee1a3..732deb519 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java +++ b/src/main/java/org/owasp/webgoat/container/LessonTemplateResolver.java @@ -29,8 +29,9 @@ * @since October 28, 2003 */ -package org.owasp.webgoat; +package org.owasp.webgoat.container; +import lombok.extern.slf4j.Slf4j; import org.springframework.core.io.ResourceLoader; import org.thymeleaf.IEngineConfiguration; import org.thymeleaf.templateresolver.FileTemplateResolver; @@ -47,11 +48,12 @@ import java.util.Set; * Dynamically resolve a lesson. In the html file this can be invoked as: * * - *

+ *
* - * + *

* Thymeleaf will invoke this resolver based on the prefix and this implementation will resolve the html in the plugins directory */ +@Slf4j public class LessonTemplateResolver extends FileTemplateResolver { private static final String PREFIX = "lesson:"; @@ -65,16 +67,16 @@ public class LessonTemplateResolver extends FileTemplateResolver { @Override protected ITemplateResource computeTemplateResource(IEngineConfiguration configuration, String ownerTemplate, String template, String resourceName, String characterEncoding, Map templateResolutionAttributes) { - var templateName = resourceName.substring(PREFIX.length());; + var templateName = resourceName.substring(PREFIX.length()); byte[] resource = resources.get(templateName); if (resource == null) { try { - resource = resourceLoader.getResource("classpath:/html/" + templateName + ".html").getInputStream().readAllBytes(); + resource = resourceLoader.getResource("classpath:/" + templateName).getInputStream().readAllBytes(); } catch (IOException e) { - e.printStackTrace(); + log.error("Unable to find lesson HTML: {}", template); } - resources.put(resourceName, resource); + resources.put(templateName, resource); } return new StringTemplateResource(new String(resource, StandardCharsets.UTF_8)); } -} \ No newline at end of file +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java b/src/main/java/org/owasp/webgoat/container/MvcConfiguration.java similarity index 61% rename from webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java rename to src/main/java/org/owasp/webgoat/container/MvcConfiguration.java index 91b08d2f6..182fbffbe 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java +++ b/src/main/java/org/owasp/webgoat/container/MvcConfiguration.java @@ -29,39 +29,51 @@ * @since October 28, 2003 */ -package org.owasp.webgoat; +package org.owasp.webgoat.container; -import org.owasp.webgoat.i18n.Language; -import org.owasp.webgoat.i18n.Messages; -import org.owasp.webgoat.i18n.PluginMessages; -import org.owasp.webgoat.session.LabelDebugger; +import lombok.RequiredArgsConstructor; +import org.owasp.webgoat.container.i18n.Language; +import org.owasp.webgoat.container.i18n.Messages; +import org.owasp.webgoat.container.i18n.PluginMessages; +import org.owasp.webgoat.container.lessons.LessonScanner; +import org.owasp.webgoat.container.session.LabelDebugger; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.ResourceLoader; +import org.springframework.core.io.support.ResourcePatternResolver; import org.springframework.web.servlet.LocaleResolver; import org.springframework.web.servlet.ViewResolver; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.i18n.SessionLocaleResolver; -import org.thymeleaf.TemplateEngine; +import org.thymeleaf.IEngineConfiguration; import org.thymeleaf.extras.springsecurity5.dialect.SpringSecurityDialect; import org.thymeleaf.spring5.SpringTemplateEngine; import org.thymeleaf.spring5.templateresolver.SpringResourceTemplateResolver; import org.thymeleaf.spring5.view.ThymeleafViewResolver; import org.thymeleaf.templatemode.TemplateMode; +import org.thymeleaf.templateresolver.FileTemplateResolver; import org.thymeleaf.templateresolver.ITemplateResolver; +import org.thymeleaf.templateresource.ITemplateResource; +import org.thymeleaf.templateresource.StringTemplateResource; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.util.Map; import java.util.Set; /** * Configuration for Spring MVC */ @Configuration +@RequiredArgsConstructor public class MvcConfiguration implements WebMvcConfigurer { - - private static final String UTF8 = "UTF-8"; + + private static final String UTF8 = "UTF-8"; + + private final LessonScanner lessonScanner; @Override public void addViewControllers(ViewControllerRegistry registry) { @@ -69,30 +81,55 @@ public class MvcConfiguration implements WebMvcConfigurer { registry.addViewController("/lesson_content").setViewName("lesson_content"); registry.addViewController("/start.mvc").setViewName("main_new"); registry.addViewController("/scoreboard").setViewName("scoreboard"); - //registry.addViewController("/list_users").setViewName("list_users"); } @Bean public ViewResolver viewResolver(SpringTemplateEngine thymeleafTemplateEngine) { ThymeleafViewResolver resolver = new ThymeleafViewResolver(); resolver.setTemplateEngine(thymeleafTemplateEngine); - resolver.setCharacterEncoding("UTF-8"); + resolver.setCharacterEncoding(StandardCharsets.UTF_8.displayName()); return resolver; } + /** + * Responsible for loading lesson templates based on Thymeleaf, for example: + * + *

+ */ + @Bean + public ITemplateResolver lessonThymeleafTemplateResolver(ResourceLoader resourceLoader) { + var resolver = new FileTemplateResolver() { + @Override + protected ITemplateResource computeTemplateResource(IEngineConfiguration configuration, String ownerTemplate, String template, String resourceName, String characterEncoding, Map templateResolutionAttributes) { + try (var is = resourceLoader.getResource("classpath:" + resourceName).getInputStream()) { + return new StringTemplateResource(new String(is.readAllBytes(), StandardCharsets.UTF_8)); + } catch (IOException e) { + return null; + } + } + }; + resolver.setOrder(1); + return resolver; + } + + /** + * Loads all normal WebGoat specific Thymeleaf templates + */ @Bean public ITemplateResolver springThymeleafTemplateResolver(ApplicationContext applicationContext) { SpringResourceTemplateResolver resolver = new SpringResourceTemplateResolver(); - resolver.setPrefix("classpath:/templates/"); + resolver.setPrefix("classpath:/webgoat/templates/"); resolver.setSuffix(".html"); resolver.setTemplateMode(TemplateMode.HTML); resolver.setOrder(2); - resolver.setCacheable(false); resolver.setCharacterEncoding(UTF8); resolver.setApplicationContext(applicationContext); return resolver; } + /** + * Loads the html for the complete lesson, see lesson_content.html + */ @Bean public LessonTemplateResolver lessonTemplateResolver(ResourceLoader resourceLoader) { LessonTemplateResolver resolver = new LessonTemplateResolver(resourceLoader); @@ -102,9 +139,12 @@ public class MvcConfiguration implements WebMvcConfigurer { return resolver; } + /** + * Loads the lesson asciidoc. + */ @Bean - public AsciiDoctorTemplateResolver asciiDoctorTemplateResolver(Language language) { - AsciiDoctorTemplateResolver resolver = new AsciiDoctorTemplateResolver(language); + public AsciiDoctorTemplateResolver asciiDoctorTemplateResolver(ResourceLoader resourceLoader) { + AsciiDoctorTemplateResolver resolver = new AsciiDoctorTemplateResolver(resourceLoader); resolver.setCacheable(false); resolver.setOrder(1); resolver.setCharacterEncoding(UTF8); @@ -114,26 +154,37 @@ public class MvcConfiguration implements WebMvcConfigurer { @Bean public SpringTemplateEngine thymeleafTemplateEngine(ITemplateResolver springThymeleafTemplateResolver, LessonTemplateResolver lessonTemplateResolver, - AsciiDoctorTemplateResolver asciiDoctorTemplateResolver) { + AsciiDoctorTemplateResolver asciiDoctorTemplateResolver, + ITemplateResolver lessonThymeleafTemplateResolver) { SpringTemplateEngine engine = new SpringTemplateEngine(); engine.setEnableSpringELCompiler(true); engine.addDialect(new SpringSecurityDialect()); engine.setTemplateResolvers( - Set.of(lessonTemplateResolver, asciiDoctorTemplateResolver, springThymeleafTemplateResolver)); + Set.of(lessonTemplateResolver, asciiDoctorTemplateResolver, lessonThymeleafTemplateResolver, springThymeleafTemplateResolver)); return engine; } @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { - registry.addResourceHandler("/images/**").addResourceLocations("classpath:/images/"); - registry.addResourceHandler("/lesson_js/**").addResourceLocations("classpath:/js/"); - registry.addResourceHandler("/lesson_css/**").addResourceLocations("classpath:/css/"); - registry.addResourceHandler("/video/**").addResourceLocations("classpath:/video/"); + //WebGoat internal + registry.addResourceHandler("/css/**").addResourceLocations("classpath:/webgoat/static/css/"); + registry.addResourceHandler("/js/**") + .addResourceLocations("classpath:/webgoat/static/js/"); + registry.addResourceHandler("/plugins/**").addResourceLocations("classpath:/webgoat/static/plugins/"); + registry.addResourceHandler("/fonts/**").addResourceLocations("classpath:/webgoat/static/fonts/"); + + //WebGoat lessons + registry.addResourceHandler("/images/**").addResourceLocations(lessonScanner.applyPattern("classpath:/lessons/%s/images/").toArray(String[]::new)); + registry.addResourceHandler("/lesson_js/**").addResourceLocations(lessonScanner.applyPattern("classpath:/lessons/%s/js/").toArray(String[]::new)); + registry.addResourceHandler("/lesson_css/**").addResourceLocations(lessonScanner.applyPattern("classpath:/lessons/%s/css/").toArray(String[]::new)); + registry.addResourceHandler("/lesson_templates/**").addResourceLocations(lessonScanner.applyPattern("classpath:/lessons/%s/templates/").toArray(String[]::new)); + registry.addResourceHandler("/video/**").addResourceLocations(lessonScanner.applyPattern("classpath:/lessons/%s/video/").toArray(String[]::new)); } @Bean - public PluginMessages pluginMessages(Messages messages, Language language) { - PluginMessages pluginMessages = new PluginMessages(messages, language); + public PluginMessages pluginMessages(Messages messages, Language language, + ResourcePatternResolver resourcePatternResolver) { + PluginMessages pluginMessages = new PluginMessages(messages, language, resourcePatternResolver); pluginMessages.setDefaultEncoding("UTF-8"); pluginMessages.setBasenames("i18n/WebGoatLabels"); pluginMessages.setFallbackToSystemLocale(false); @@ -156,13 +207,12 @@ public class MvcConfiguration implements WebMvcConfigurer { @Bean public LocaleResolver localeResolver() { - SessionLocaleResolver slr = new SessionLocaleResolver(); - return slr; + return new SessionLocaleResolver(); } - + @Bean public LabelDebugger labelDebugger() { return new LabelDebugger(); } -} \ No newline at end of file +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java b/src/main/java/org/owasp/webgoat/container/WebGoat.java similarity index 81% rename from webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java rename to src/main/java/org/owasp/webgoat/container/WebGoat.java index 850faa1ac..b44f4b5e7 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java +++ b/src/main/java/org/owasp/webgoat/container/WebGoat.java @@ -29,13 +29,16 @@ * @since October 28, 2003 */ -package org.owasp.webgoat; +package org.owasp.webgoat.container; -import org.owasp.webgoat.session.UserSessionData; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.session.UserSessionData; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.PropertySource; import org.springframework.context.annotation.Scope; import org.springframework.context.annotation.ScopedProxyMode; import org.springframework.web.client.RestTemplate; @@ -43,6 +46,9 @@ import org.springframework.web.client.RestTemplate; import java.io.File; @Configuration +@ComponentScan(basePackages = { "org.owasp.webgoat.container", "org.owasp.webgoat.lessons"}) +@PropertySource("classpath:application-webgoat.properties") +@EnableAutoConfiguration public class WebGoat { @Bean(name = "pluginTargetDirectory") diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java b/src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java similarity index 95% rename from webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java rename to src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java index 4766bc5aa..aabcd257c 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java +++ b/src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java @@ -28,10 +28,10 @@ * @since December 12, 2015 */ -package org.owasp.webgoat; +package org.owasp.webgoat.container; import lombok.AllArgsConstructor; -import org.owasp.webgoat.users.UserService; +import org.owasp.webgoat.container.users.UserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -77,7 +77,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { - auth.userDetailsService(userDetailsService); //.passwordEncoder(bCryptPasswordEncoder()); + auth.userDetailsService(userDetailsService); } @Bean @@ -97,4 +97,4 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { public NoOpPasswordEncoder passwordEncoder() { return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance(); } -} \ No newline at end of file +} diff --git a/src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java b/src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java new file mode 100644 index 000000000..b3e26c10a --- /dev/null +++ b/src/main/java/org/owasp/webgoat/container/WebWolfRedirect.java @@ -0,0 +1,21 @@ +package org.owasp.webgoat.container; + +import lombok.RequiredArgsConstructor; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.servlet.ModelAndView; + +@Controller +@RequiredArgsConstructor +public class WebWolfRedirect { + + private final ApplicationContext applicationContext; + + @GetMapping("/WebWolf") + public ModelAndView openWebWolf() { + var url = applicationContext.getEnvironment().getProperty("webwolf.url"); + + return new ModelAndView("redirect:" + url + "/home"); + } +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/EnvironmentExposure.java b/src/main/java/org/owasp/webgoat/container/asciidoc/EnvironmentExposure.java similarity index 94% rename from webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/EnvironmentExposure.java rename to src/main/java/org/owasp/webgoat/container/asciidoc/EnvironmentExposure.java index 141740523..16175c3c7 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/EnvironmentExposure.java +++ b/src/main/java/org/owasp/webgoat/container/asciidoc/EnvironmentExposure.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.asciidoc; +package org.owasp.webgoat.container.asciidoc; import org.springframework.beans.BeansException; import org.springframework.context.ApplicationContext; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/OperatingSystemMacro.java b/src/main/java/org/owasp/webgoat/container/asciidoc/OperatingSystemMacro.java similarity index 94% rename from webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/OperatingSystemMacro.java rename to src/main/java/org/owasp/webgoat/container/asciidoc/OperatingSystemMacro.java index 4671a9fd5..c40c30fe6 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/OperatingSystemMacro.java +++ b/src/main/java/org/owasp/webgoat/container/asciidoc/OperatingSystemMacro.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.asciidoc; +package org.owasp.webgoat.container.asciidoc; import org.asciidoctor.ast.ContentNode; import org.asciidoctor.extension.InlineMacroProcessor; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/UsernameMacro.java b/src/main/java/org/owasp/webgoat/container/asciidoc/UsernameMacro.java similarity index 80% rename from webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/UsernameMacro.java rename to src/main/java/org/owasp/webgoat/container/asciidoc/UsernameMacro.java index f44e2cf62..ac4fe0535 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/UsernameMacro.java +++ b/src/main/java/org/owasp/webgoat/container/asciidoc/UsernameMacro.java @@ -1,8 +1,8 @@ -package org.owasp.webgoat.asciidoc; +package org.owasp.webgoat.container.asciidoc; import org.asciidoctor.ast.ContentNode; import org.asciidoctor.extension.InlineMacroProcessor; -import org.owasp.webgoat.users.WebGoatUser; +import org.owasp.webgoat.container.users.WebGoatUser; import org.springframework.security.core.context.SecurityContextHolder; import java.util.Map; @@ -21,8 +21,8 @@ public class UsernameMacro extends InlineMacroProcessor { public Object process(ContentNode contentNode, String target, Map attributes) { var auth = SecurityContextHolder.getContext().getAuthentication(); var username = "unknown"; - if (auth.getPrincipal() instanceof WebGoatUser) { - username = ((WebGoatUser) auth.getPrincipal()).getUsername(); + if (auth.getPrincipal() instanceof WebGoatUser webGoatUser) { + username = webGoatUser.getUsername(); } //see https://discuss.asciidoctor.org/How-to-create-inline-macro-producing-HTML-In-AsciidoctorJ-td8313.html for why quoted is used diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebGoatTmpDirMacro.java b/src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatTmpDirMacro.java similarity index 94% rename from webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebGoatTmpDirMacro.java rename to src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatTmpDirMacro.java index 0636e9823..c7158378d 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebGoatTmpDirMacro.java +++ b/src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatTmpDirMacro.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.asciidoc; +package org.owasp.webgoat.container.asciidoc; import org.asciidoctor.ast.ContentNode; import org.asciidoctor.extension.InlineMacroProcessor; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebGoatVersionMacro.java b/src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatVersionMacro.java similarity index 94% rename from webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebGoatVersionMacro.java rename to src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatVersionMacro.java index 15ff78ae5..929136c45 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebGoatVersionMacro.java +++ b/src/main/java/org/owasp/webgoat/container/asciidoc/WebGoatVersionMacro.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.asciidoc; +package org.owasp.webgoat.container.asciidoc; import org.asciidoctor.ast.ContentNode; import org.asciidoctor.extension.InlineMacroProcessor; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java b/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java similarity index 88% rename from webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java rename to src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java index d54a307cf..4a736c96f 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java +++ b/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.asciidoc; +package org.owasp.webgoat.container.asciidoc; import org.asciidoctor.ast.ContentNode; import org.asciidoctor.extension.InlineMacroProcessor; @@ -27,7 +27,7 @@ public class WebWolfMacro extends InlineMacroProcessor { @Override public Object process(ContentNode contentNode, String linkText, Map attributes) { var env = EnvironmentExposure.getEnv(); - var hostname = determineHost(env.getProperty("webwolf.host"), env.getProperty("webwolf.port")); + var hostname = determineHost(env.getProperty("webwolf.port")); var target = (String) attributes.getOrDefault("target", "home"); var href = hostname + "/" + target; @@ -44,7 +44,7 @@ public class WebWolfMacro extends InlineMacroProcessor { } private boolean displayCompleteLinkNoFormatting(Map attributes) { - return attributes.values().stream().filter(a -> a.equals("noLink")).findFirst().isPresent(); + return attributes.values().stream().anyMatch(a -> a.equals("noLink")); } /** @@ -54,9 +54,9 @@ public class WebWolfMacro extends InlineMacroProcessor { * You do not have to use the indicated hostname, but if you do, you should define two hosts aliases * 127.0.0.1 www.webgoat.local www.webwolf.local */ - private String determineHost(String host, String port) { + private String determineHost(String port) { HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest(); - host = request.getHeader("Host"); + String host = request.getHeader("Host"); int semicolonIndex = host.indexOf(":"); if (semicolonIndex == -1 || host.endsWith(":80")) { host = host.replace(":80", "").replace("www.webgoat.local", "www.webwolf.local"); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfRootMacro.java b/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java similarity index 90% rename from webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfRootMacro.java rename to src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java index 7491af6fb..8c5d5450c 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfRootMacro.java +++ b/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.asciidoc; +package org.owasp.webgoat.container.asciidoc; import java.util.Map; @@ -18,6 +18,7 @@ public class WebWolfRootMacro extends WebWolfMacro { super(macroName, config); } + @Override protected boolean includeWebWolfContext() { return false; } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentEndpoint.java b/src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java similarity index 86% rename from webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentEndpoint.java rename to src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java index 9ff9a5cde..09e4d7cfc 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentEndpoint.java +++ b/src/main/java/org/owasp/webgoat/container/assignments/AssignmentEndpoint.java @@ -23,16 +23,17 @@ *

*/ -package org.owasp.webgoat.assignments; +package org.owasp.webgoat.container.assignments; import lombok.Getter; -import org.owasp.webgoat.i18n.PluginMessages; -import org.owasp.webgoat.session.UserSessionData; -import org.owasp.webgoat.session.WebSession; -import org.owasp.webgoat.users.UserTrackerRepository; +import org.owasp.webgoat.container.i18n.PluginMessages; +import org.owasp.webgoat.container.lessons.Initializeable; +import org.owasp.webgoat.container.session.UserSessionData; +import org.owasp.webgoat.container.session.WebSession; +import org.owasp.webgoat.container.users.WebGoatUser; import org.springframework.beans.factory.annotation.Autowired; -public abstract class AssignmentEndpoint { +public abstract class AssignmentEndpoint implements Initializeable { @Autowired private WebSession webSession; @@ -83,4 +84,8 @@ public abstract class AssignmentEndpoint { protected AttackResult.AttackResultBuilder informationMessage(AssignmentEndpoint assignment) { return AttackResult.builder(messages).lessonCompleted(false).assignment(assignment); } + + @Override + public void initialize(WebGoatUser user) { + } } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentHints.java b/src/main/java/org/owasp/webgoat/container/assignments/AssignmentHints.java similarity index 87% rename from webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentHints.java rename to src/main/java/org/owasp/webgoat/container/assignments/AssignmentHints.java index 6d29dbe6f..b6111b5c7 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentHints.java +++ b/src/main/java/org/owasp/webgoat/container/assignments/AssignmentHints.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.assignments; +package org.owasp.webgoat.container.assignments; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentPath.java b/src/main/java/org/owasp/webgoat/container/assignments/AssignmentPath.java similarity index 90% rename from webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentPath.java rename to src/main/java/org/owasp/webgoat/container/assignments/AssignmentPath.java index bb7f31a69..7e57d593b 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentPath.java +++ b/src/main/java/org/owasp/webgoat/container/assignments/AssignmentPath.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.assignments; +package org.owasp.webgoat.container.assignments; import org.springframework.web.bind.annotation.RequestMethod; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java b/src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java similarity index 93% rename from webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java rename to src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java index 1bc48609e..b2d18b7a6 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java +++ b/src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java @@ -23,11 +23,12 @@ *

*/ -package org.owasp.webgoat.assignments; +package org.owasp.webgoat.container.assignments; import lombok.Getter; -import org.apache.commons.lang3.StringEscapeUtils; -import org.owasp.webgoat.i18n.PluginMessages; +import org.owasp.webgoat.container.i18n.PluginMessages; + +import static org.apache.commons.text.StringEscapeUtils.escapeJson; public class AttackResult { @@ -107,8 +108,8 @@ public class AttackResult { public AttackResult(boolean lessonCompleted, String feedback, String output, String assignment, boolean attemptWasMade) { this.lessonCompleted = lessonCompleted; - this.feedback = StringEscapeUtils.escapeJson(feedback); - this.output = StringEscapeUtils.escapeJson(output); + this.feedback = escapeJson(feedback); + this.output = escapeJson(output); this.assignment = assignment; this.attemptWasMade = attemptWasMade; } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/LessonTrackerInterceptor.java b/src/main/java/org/owasp/webgoat/container/assignments/LessonTrackerInterceptor.java similarity index 90% rename from webgoat-container/src/main/java/org/owasp/webgoat/assignments/LessonTrackerInterceptor.java rename to src/main/java/org/owasp/webgoat/container/assignments/LessonTrackerInterceptor.java index b378979bf..5b15965d9 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/LessonTrackerInterceptor.java +++ b/src/main/java/org/owasp/webgoat/container/assignments/LessonTrackerInterceptor.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.assignments; +package org.owasp.webgoat.container.assignments; -import org.owasp.webgoat.session.WebSession; -import org.owasp.webgoat.users.UserTracker; -import org.owasp.webgoat.users.UserTrackerRepository; +import org.owasp.webgoat.container.session.WebSession; +import org.owasp.webgoat.container.users.UserTracker; +import org.owasp.webgoat.container.users.UserTrackerRepository; import org.springframework.core.MethodParameter; import org.springframework.http.MediaType; import org.springframework.http.converter.HttpMessageConverter; @@ -51,8 +51,8 @@ public class LessonTrackerInterceptor implements ResponseBodyAdvice { @Override public Object beforeBodyWrite(Object o, MethodParameter methodParameter, MediaType mediaType, Class> aClass, ServerHttpRequest serverHttpRequest, ServerHttpResponse serverHttpResponse) { - if (o != null && o instanceof AttackResult) { - trackProgress((AttackResult) o); + if (o instanceof AttackResult attackResult) { + trackProgress(attackResult); } return o; } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java b/src/main/java/org/owasp/webgoat/container/controller/StartLesson.java similarity index 63% rename from webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java rename to src/main/java/org/owasp/webgoat/container/controller/StartLesson.java index 4c9b25caa..8093a9d03 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java +++ b/src/main/java/org/owasp/webgoat/container/controller/StartLesson.java @@ -29,21 +29,16 @@ * @since October 28, 2003 */ -package org.owasp.webgoat.controller; +package org.owasp.webgoat.container.controller; -import org.owasp.webgoat.lessons.Lesson; -import org.owasp.webgoat.session.Course; -import org.owasp.webgoat.session.WebSession; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; +import org.owasp.webgoat.container.session.Course; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; -import java.util.List; -import java.util.Optional; @Controller @@ -52,7 +47,7 @@ public class StartLesson { private final WebSession ws; private final Course course; - public StartLesson(final WebSession ws, final Course course) { + public StartLesson(WebSession ws, Course course) { this.ws = ws; this.course = course; } @@ -64,29 +59,30 @@ public class StartLesson { */ @RequestMapping(path = "startlesson.mvc", method = {RequestMethod.GET, RequestMethod.POST}) public ModelAndView start() { - ModelAndView model = new ModelAndView(); + var model = new ModelAndView(); model.addObject("course", course); model.addObject("lesson", ws.getCurrentLesson()); model.setViewName("lesson_content"); + return model; } @RequestMapping(value = {"*.lesson"}, produces = "text/html") public ModelAndView lessonPage(HttpServletRequest request) { - // I will set here the thymeleaf fragment location based on the resource requested. - ModelAndView model = new ModelAndView(); - SecurityContext context = SecurityContextHolder.getContext(); //TODO this should work with the security roles of Spring - //GrantedAuthority authority = context.getAuthentication().getAuthorities().iterator().next(); - String path = request.getRequestURL().toString(); // we now got /a/b/c/AccessControlMatrix.lesson - String lessonName = path.substring(path.lastIndexOf('/') + 1, path.indexOf(".lesson")); - List lessons = course.getLessons(); - Optional lesson = lessons.stream() + var model = new ModelAndView("lesson_content"); + var path = request.getRequestURL().toString(); // we now got /a/b/c/AccessControlMatrix.lesson + var lessonName = path.substring(path.lastIndexOf('/') + 1, path.indexOf(".lesson")); + + course.getLessons() + .stream() .filter(l -> l.getId().equals(lessonName)) - .findFirst(); - ws.setCurrentLesson(lesson.get()); - model.setViewName("lesson_content"); - model.addObject("lesson", lesson.get()); + .findFirst() + .ifPresent(lesson -> { + ws.setCurrentLesson(lesson); + model.addObject("lesson", lesson); + }); + return model; } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/controller/Welcome.java b/src/main/java/org/owasp/webgoat/container/controller/Welcome.java similarity index 88% rename from webgoat-container/src/main/java/org/owasp/webgoat/controller/Welcome.java rename to src/main/java/org/owasp/webgoat/container/controller/Welcome.java index 8ee52acb2..1ea65f3ee 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/controller/Welcome.java +++ b/src/main/java/org/owasp/webgoat/container/controller/Welcome.java @@ -29,11 +29,10 @@ * @version $Id: $Id */ -package org.owasp.webgoat.controller; +package org.owasp.webgoat.container.controller; import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; @@ -56,7 +55,7 @@ public class Welcome { * @param request a {@link javax.servlet.http.HttpServletRequest} object. * @return a {@link org.springframework.web.servlet.ModelAndView} object. */ - @RequestMapping(path = {"welcome.mvc", "/"}, method = RequestMethod.GET) + @GetMapping(path = {"welcome.mvc"}) public ModelAndView welcome(HttpServletRequest request) { // set the welcome attribute @@ -69,8 +68,6 @@ public class Welcome { //go ahead and send them to webgoat (skip the welcome page) ModelAndView model = new ModelAndView(); - //model.setViewName("welcome"); - //model.setViewName("main_new"); model.setViewName("forward:/attack?start=true"); return model; } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/i18n/Language.java b/src/main/java/org/owasp/webgoat/container/i18n/Language.java similarity index 97% rename from webgoat-container/src/main/java/org/owasp/webgoat/i18n/Language.java rename to src/main/java/org/owasp/webgoat/container/i18n/Language.java index d2fe5bd95..96a039979 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/i18n/Language.java +++ b/src/main/java/org/owasp/webgoat/container/i18n/Language.java @@ -23,7 +23,7 @@ *

*/ -package org.owasp.webgoat.i18n; +package org.owasp.webgoat.container.i18n; import lombok.AllArgsConstructor; import org.springframework.web.context.request.RequestContextHolder; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/i18n/Messages.java b/src/main/java/org/owasp/webgoat/container/i18n/Messages.java similarity index 97% rename from webgoat-container/src/main/java/org/owasp/webgoat/i18n/Messages.java rename to src/main/java/org/owasp/webgoat/container/i18n/Messages.java index e7758c43c..04a3b3ad5 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/i18n/Messages.java +++ b/src/main/java/org/owasp/webgoat/container/i18n/Messages.java @@ -23,7 +23,7 @@ *

*/ -package org.owasp.webgoat.i18n; +package org.owasp.webgoat.container.i18n; import lombok.AllArgsConstructor; import org.springframework.context.support.ReloadableResourceBundleMessageSource; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java b/src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java similarity index 77% rename from webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java rename to src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java index a2a046bf3..e0c6d3583 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java +++ b/src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java @@ -23,14 +23,12 @@ *

*/ -package org.owasp.webgoat.i18n; +package org.owasp.webgoat.container.i18n; import org.springframework.context.support.ReloadableResourceBundleMessageSource; +import org.springframework.core.io.support.ResourcePatternResolver; import java.io.IOException; -import java.net.URISyntaxException; -import java.net.URL; -import java.util.Enumeration; import java.util.Properties; /** @@ -42,12 +40,15 @@ import java.util.Properties; public class PluginMessages extends ReloadableResourceBundleMessageSource { private static final String PROPERTIES_SUFFIX = ".properties"; - private Language language; + private final Language language; + private final ResourcePatternResolver resourcePatternResolver; - public PluginMessages(Messages messages, Language language) { + + public PluginMessages(Messages messages, Language language, ResourcePatternResolver resourcePatternResolver) { this.language = language; this.setParentMessageSource(messages); this.setBasename("WebGoatLabels"); + this.resourcePatternResolver = resourcePatternResolver; } @Override @@ -55,16 +56,15 @@ public class PluginMessages extends ReloadableResourceBundleMessageSource { Properties properties = new Properties(); long lastModified = System.currentTimeMillis(); - Enumeration resources = null; try { - resources = Thread.currentThread().getContextClassLoader().getResources(filename + PROPERTIES_SUFFIX); - while (resources.hasMoreElements()) { - URL resource = resources.nextElement(); - String sourcePath = resource.toURI().toString().replace(PROPERTIES_SUFFIX, ""); + var resources = resourcePatternResolver.getResources("classpath:/lessons/**/i18n" + + "/WebGoatLabels" + PROPERTIES_SUFFIX); + for (var resource : resources) { + String sourcePath = resource.getURI().toString().replace(PROPERTIES_SUFFIX, ""); PropertiesHolder holder = super.refreshProperties(sourcePath, propHolder); properties.putAll(holder.getProperties()); } - } catch (IOException | URISyntaxException e) { + } catch (IOException e) { logger.error("Unable to read plugin message", e); } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java b/src/main/java/org/owasp/webgoat/container/lessons/Assignment.java similarity index 86% rename from webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java rename to src/main/java/org/owasp/webgoat/container/lessons/Assignment.java index 3657ffe0e..f7f726186 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java +++ b/src/main/java/org/owasp/webgoat/container/lessons/Assignment.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.lessons; +package org.owasp.webgoat.container.lessons; import lombok.*; @@ -66,14 +66,4 @@ public class Assignment { this.hints = hints; } - /** - * Set path is here to overwrite stored paths. - * Since a stored path can no longer be used in a lesson while - * the lesson (name) itself is still part of the lesson. - * - * @param pathName the path - */ - public void setPath(String pathName) { - this.path = pathName; - } } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Category.java b/src/main/java/org/owasp/webgoat/container/lessons/Category.java similarity index 98% rename from webgoat-container/src/main/java/org/owasp/webgoat/lessons/Category.java rename to src/main/java/org/owasp/webgoat/container/lessons/Category.java index e510ca14a..238d6fe6d 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Category.java +++ b/src/main/java/org/owasp/webgoat/container/lessons/Category.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.lessons; +package org.owasp.webgoat.container.lessons; import lombok.Getter; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/CourseConfiguration.java b/src/main/java/org/owasp/webgoat/container/lessons/CourseConfiguration.java similarity index 91% rename from webgoat-container/src/main/java/org/owasp/webgoat/lessons/CourseConfiguration.java rename to src/main/java/org/owasp/webgoat/container/lessons/CourseConfiguration.java index e36bde1df..fccc1fa16 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/CourseConfiguration.java +++ b/src/main/java/org/owasp/webgoat/container/lessons/CourseConfiguration.java @@ -20,14 +20,14 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.lessons; +package org.owasp.webgoat.container.lessons; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.ArrayUtils; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.Course; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.Course; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.util.CollectionUtils; @@ -67,9 +67,11 @@ public class CourseConfiguration { var endpoints = assignmentsByPackage.get(lesson.getClass().getPackageName()); if (CollectionUtils.isEmpty(endpoints)) { log.warn("Lesson: {} has no endpoints, is this intentionally?", lesson.getTitle()); - return new ArrayList(); + return new ArrayList<>(); } - return endpoints.stream().map(e -> new Assignment(e.getClass().getSimpleName(), getPath(e.getClass()), getHints(e.getClass()))).collect(toList()); + return endpoints.stream() + .map(e -> new Assignment(e.getClass().getSimpleName(), getPath(e.getClass()), getHints(e.getClass()))) + .toList(); } private String getPath(Class e) { diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Hint.java b/src/main/java/org/owasp/webgoat/container/lessons/Hint.java similarity index 96% rename from webgoat-container/src/main/java/org/owasp/webgoat/lessons/Hint.java rename to src/main/java/org/owasp/webgoat/container/lessons/Hint.java index c2205b240..8b61b904a 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Hint.java +++ b/src/main/java/org/owasp/webgoat/container/lessons/Hint.java @@ -25,7 +25,7 @@ * */ -package org.owasp.webgoat.lessons; +package org.owasp.webgoat.container.lessons; import lombok.Value; diff --git a/src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java b/src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java new file mode 100644 index 000000000..6c810d7ca --- /dev/null +++ b/src/main/java/org/owasp/webgoat/container/lessons/Initializeable.java @@ -0,0 +1,12 @@ +package org.owasp.webgoat.container.lessons; + +import org.owasp.webgoat.container.users.WebGoatUser; + +/** + * Interface for initialization of a lesson. It is called when a new user is added to WebGoat and when a users + * reset a lesson. Make sure to clean beforehand and then re-initialize the lesson. + */ +public interface Initializeable { + + void initialize(WebGoatUser webGoatUser); +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Lesson.java b/src/main/java/org/owasp/webgoat/container/lessons/Lesson.java similarity index 89% rename from webgoat-container/src/main/java/org/owasp/webgoat/lessons/Lesson.java rename to src/main/java/org/owasp/webgoat/container/lessons/Lesson.java index 0bc5546ef..91c0743e7 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Lesson.java +++ b/src/main/java/org/owasp/webgoat/container/lessons/Lesson.java @@ -20,11 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.lessons; +package org.owasp.webgoat.container.lessons; import lombok.Getter; import lombok.Setter; -import lombok.Singular; import java.util.List; @@ -39,7 +38,7 @@ public abstract class Lesson { /** * Constructor for the Lesson object */ - public Lesson() { + protected Lesson() { id = ++count; } @@ -66,7 +65,7 @@ public abstract class Lesson { /** *

getDefaultCategory.

* - * @return a {@link org.owasp.webgoat.lessons.Category} object. + * @return a {@link org.owasp.webgoat.container.lessons.Category} object. */ protected abstract Category getDefaultCategory(); @@ -122,4 +121,16 @@ public abstract class Lesson { public final String getId() { return this.getClass().getSimpleName(); } + + public final String getPackage() { + var packageName = this.getClass().getPackageName(); + //package name is the direct package name below lessons (any subpackage will be removed) + return packageName.replaceAll("org.owasp.webgoat.lessons.", "").replaceAll("\\..*", ""); + + + + } + + + } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonConnectionInvocationHandler.java b/src/main/java/org/owasp/webgoat/container/lessons/LessonConnectionInvocationHandler.java similarity index 76% rename from webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonConnectionInvocationHandler.java rename to src/main/java/org/owasp/webgoat/container/lessons/LessonConnectionInvocationHandler.java index e9958f2b7..fa2643eff 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonConnectionInvocationHandler.java +++ b/src/main/java/org/owasp/webgoat/container/lessons/LessonConnectionInvocationHandler.java @@ -1,6 +1,7 @@ -package org.owasp.webgoat.lessons; +package org.owasp.webgoat.container.lessons; -import org.owasp.webgoat.users.WebGoatUser; +import lombok.extern.slf4j.Slf4j; +import org.owasp.webgoat.container.users.WebGoatUser; import org.springframework.security.core.context.SecurityContextHolder; import java.lang.reflect.InvocationHandler; @@ -12,6 +13,7 @@ import java.sql.Connection; * Handler which sets the correct schema for the currently bounded user. This way users are not seeing each other * data and we can reset data for just one particular user. */ +@Slf4j public class LessonConnectionInvocationHandler implements InvocationHandler { private final Connection targetConnection; @@ -23,9 +25,10 @@ public class LessonConnectionInvocationHandler implements InvocationHandler { @Override public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { var authentication = SecurityContextHolder.getContext().getAuthentication(); - if (authentication != null && authentication.getPrincipal() instanceof WebGoatUser) { - var user = (WebGoatUser) authentication.getPrincipal(); - targetConnection.createStatement().execute("SET SCHEMA \"" + user.getUsername() + "\""); + if (authentication != null && authentication.getPrincipal() instanceof WebGoatUser user) { + try (var statement = targetConnection.createStatement()) { + statement.execute("SET SCHEMA \"" + user.getUsername() + "\""); + } } try { return method.invoke(targetConnection, args); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonInfoModel.java b/src/main/java/org/owasp/webgoat/container/lessons/LessonInfoModel.java similarity index 87% rename from webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonInfoModel.java rename to src/main/java/org/owasp/webgoat/container/lessons/LessonInfoModel.java index 4a7bab3a7..3c77ce095 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonInfoModel.java +++ b/src/main/java/org/owasp/webgoat/container/lessons/LessonInfoModel.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.lessons; +package org.owasp.webgoat.container.lessons; import lombok.AllArgsConstructor; import lombok.Getter; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonMenuItem.java b/src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItem.java similarity index 97% rename from webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonMenuItem.java rename to src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItem.java index 578f76ea0..6133e8c06 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonMenuItem.java +++ b/src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItem.java @@ -27,7 +27,7 @@ * https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.lessons; +package org.owasp.webgoat.container.lessons; import java.util.ArrayList; import java.util.List; @@ -42,7 +42,7 @@ public class LessonMenuItem { private String name; private LessonMenuItemType type; - private List children = new ArrayList(); + private List children = new ArrayList<>(); private boolean complete; private String link; private int ranking; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonMenuItemType.java b/src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItemType.java similarity index 96% rename from webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonMenuItemType.java rename to src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItemType.java index 418f92300..e29cce641 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonMenuItemType.java +++ b/src/main/java/org/owasp/webgoat/container/lessons/LessonMenuItemType.java @@ -25,7 +25,7 @@ * */ -package org.owasp.webgoat.lessons; +package org.owasp.webgoat.container.lessons; /** *

LessonMenuItemType class.

diff --git a/src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java b/src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java new file mode 100644 index 000000000..5f9fb86af --- /dev/null +++ b/src/main/java/org/owasp/webgoat/container/lessons/LessonScanner.java @@ -0,0 +1,46 @@ +package org.owasp.webgoat.container.lessons; + +import lombok.Getter; +import lombok.extern.slf4j.Slf4j; +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.support.ResourcePatternResolver; +import org.springframework.stereotype.Component; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Set; +import java.util.regex.Pattern; + +@Component +@Slf4j +public class LessonScanner { + + private static final Pattern lessonPattern = Pattern.compile("^.*/lessons/([^/]*)/.*$"); + + @Getter + private final Set lessons = new HashSet<>(); + + public LessonScanner(ResourcePatternResolver resourcePatternResolver) { + try { + var resources = resourcePatternResolver.getResources("classpath:/lessons/*/*"); + for (var resource : resources) { + //WG can run as a fat jar or as directly from file system we need to support both so use the URL + var url = resource.getURL(); + var matcher = lessonPattern.matcher(url.toString()); + if (matcher.matches()) { + lessons.add(matcher.group(1)); + } + } + log.debug("Found {} lessons", lessons.size()); + } catch (IOException e) { + log.warn("No lessons found..."); + } + + } + + public List applyPattern(String pattern) { + return lessons.stream().map(lesson -> String.format(pattern, lesson)).toList(); + } +} diff --git a/src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java b/src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java new file mode 100644 index 000000000..4ab4967af --- /dev/null +++ b/src/main/java/org/owasp/webgoat/container/service/EnvironmentService.java @@ -0,0 +1,19 @@ +package org.owasp.webgoat.container.service; + +import lombok.RequiredArgsConstructor; +import org.springframework.context.ApplicationContext; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController("/environment") +@RequiredArgsConstructor +public class EnvironmentService { + + private final ApplicationContext context; + + @GetMapping("/server-directory") + public String homeDirectory() { + return context.getEnvironment().getProperty("webgoat.server.directory"); + } + +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/HintService.java b/src/main/java/org/owasp/webgoat/container/service/HintService.java similarity index 76% rename from webgoat-container/src/main/java/org/owasp/webgoat/service/HintService.java rename to src/main/java/org/owasp/webgoat/container/service/HintService.java index 43dd88c57..a0fc4da83 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/HintService.java +++ b/src/main/java/org/owasp/webgoat/container/service/HintService.java @@ -4,20 +4,19 @@ * and open the template in the editor. */ -package org.owasp.webgoat.service; +package org.owasp.webgoat.container.service; -import org.owasp.webgoat.lessons.Assignment; -import org.owasp.webgoat.lessons.Hint; -import org.owasp.webgoat.lessons.Lesson; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.lessons.Assignment; +import org.owasp.webgoat.container.lessons.Hint; +import org.owasp.webgoat.container.lessons.Lesson; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; +import java.util.Collection; import java.util.List; -import static java.util.stream.Collectors.toList; - /** *

HintService class.

* @@ -49,14 +48,14 @@ public class HintService { private List createAssignmentHints(Lesson l) { if (l != null) { return l.getAssignments().stream() - .map(a -> createHint(a)) - .flatMap(hints -> hints.stream()) - .collect(toList()); + .map(this::createHint) + .flatMap(Collection::stream) + .toList(); } return List.of(); } private List createHint(Assignment a) { - return a.getHints().stream().map(h -> new Hint(h, a.getPath())).collect(toList()); + return a.getHints().stream().map(h -> new Hint(h, a.getPath())).toList(); } } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java b/src/main/java/org/owasp/webgoat/container/service/LabelDebugService.java similarity index 86% rename from webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java rename to src/main/java/org/owasp/webgoat/container/service/LabelDebugService.java index 57c688a22..2c23ceac2 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelDebugService.java +++ b/src/main/java/org/owasp/webgoat/container/service/LabelDebugService.java @@ -27,11 +27,11 @@ * https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.service; +package org.owasp.webgoat.container.service; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.session.LabelDebugger; +import org.owasp.webgoat.container.session.LabelDebugger; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; @@ -40,7 +40,6 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; -import java.util.HashMap; import java.util.Map; /** @@ -75,13 +74,13 @@ public class LabelDebugService { /** * Sets the enabled flag on the label debugger to the given parameter - * @param enabled {@link org.owasp.webgoat.session.LabelDebugger} object - * @throws Exception unhandled exception + * + * @param enabled {@link org.owasp.webgoat.container.session.LabelDebugger} object * @return a {@link org.springframework.http.ResponseEntity} object. */ @RequestMapping(value = URL_DEBUG_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE, params = KEY_ENABLED) public @ResponseBody - ResponseEntity> setDebuggingStatus(@RequestParam("enabled") Boolean enabled) throws Exception { + ResponseEntity> setDebuggingStatus(@RequestParam("enabled") Boolean enabled) { log.debug("Setting label debugging to {} ", labelDebugger.isEnabled()); Map result = createResponse(enabled); labelDebugger.setEnabled(enabled); @@ -89,13 +88,10 @@ public class LabelDebugService { } /** - * @param enabled {@link org.owasp.webgoat.session.LabelDebugger} object + * @param enabled {@link org.owasp.webgoat.container.session.LabelDebugger} object * @return a {@link java.util.Map} object. */ private Map createResponse(Boolean enabled) { - Map result = new HashMap(); - result.put(KEY_SUCCESS, Boolean.TRUE); - result.put(KEY_ENABLED, enabled); - return result; + return Map.of(KEY_SUCCESS, Boolean.TRUE, KEY_ENABLED, enabled); } } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java b/src/main/java/org/owasp/webgoat/container/service/LabelService.java similarity index 54% rename from webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java rename to src/main/java/org/owasp/webgoat/container/service/LabelService.java index 5ad522a5c..5a6d06b95 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java +++ b/src/main/java/org/owasp/webgoat/container/service/LabelService.java @@ -27,25 +27,19 @@ * for free software projects. */ -package org.owasp.webgoat.service; +package org.owasp.webgoat.container.service; -import lombok.AllArgsConstructor; +import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.i18n.Messages; -import org.owasp.webgoat.i18n.PluginMessages; +import org.owasp.webgoat.container.i18n.Messages; +import org.owasp.webgoat.container.i18n.PluginMessages; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; -import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.servlet.LocaleResolver; -import org.springframework.web.servlet.i18n.SessionLocaleResolver; -import javax.servlet.http.HttpServletRequest; -import java.util.Locale; import java.util.Properties; @@ -56,35 +50,20 @@ import java.util.Properties; */ @RestController @Slf4j -@AllArgsConstructor +@RequiredArgsConstructor public class LabelService { public static final String URL_LABELS_MVC = "/service/labels.mvc"; - private LocaleResolver localeResolver; - private Messages messages; - private PluginMessages pluginMessages; + private final Messages messages; + private final PluginMessages pluginMessages; /** - * We use Springs session locale resolver which also gives us the option to change the local later on. For - * now it uses the accept-language from the HttpRequest. If this language is not found it will default back - * to messages.properties. - *

- * Note although it is possible to use Spring language interceptor we for now opt for this solution, the UI - * will always need to fetch the labels with the new language set by the user. So we don't need to intercept each - * and every request to see if the language param has been set in the request. - * - * @param lang the language to fetch labels for (optional) - * @return a map of labels + * @return a map of all the labels */ @GetMapping(path = URL_LABELS_MVC, produces = MediaType.APPLICATION_JSON_VALUE) @ResponseBody - public ResponseEntity fetchLabels(@RequestParam(value = "lang", required = false) String lang) { - if (!StringUtils.isEmpty(lang)) { - Locale locale = Locale.forLanguageTag(lang); - ((SessionLocaleResolver) localeResolver).setDefaultLocale(locale); - log.debug("Language provided: {} leads to Locale: {}", lang, locale); - } - Properties allProperties = new Properties(); + public ResponseEntity fetchLabels() { + var allProperties = new Properties(); allProperties.putAll(messages.getMessages()); allProperties.putAll(pluginMessages.getMessages()); return new ResponseEntity<>(allProperties, HttpStatus.OK); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonInfoService.java b/src/main/java/org/owasp/webgoat/container/service/LessonInfoService.java similarity index 79% rename from webgoat-container/src/main/java/org/owasp/webgoat/service/LessonInfoService.java rename to src/main/java/org/owasp/webgoat/container/service/LessonInfoService.java index 9396e0225..ccbf77f40 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonInfoService.java +++ b/src/main/java/org/owasp/webgoat/container/service/LessonInfoService.java @@ -1,9 +1,9 @@ -package org.owasp.webgoat.service; +package org.owasp.webgoat.container.service; import lombok.AllArgsConstructor; -import org.owasp.webgoat.lessons.Lesson; -import org.owasp.webgoat.lessons.LessonInfoModel; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.lessons.Lesson; +import org.owasp.webgoat.container.lessons.LessonInfoModel; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java b/src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java similarity index 77% rename from webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java rename to src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java index 865d6b85a..6fe6d32e3 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java +++ b/src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java @@ -27,19 +27,19 @@ * https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.service; +package org.owasp.webgoat.container.service; import lombok.AllArgsConstructor; -import org.owasp.webgoat.lessons.Lesson; -import org.owasp.webgoat.lessons.Assignment; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.LessonMenuItem; -import org.owasp.webgoat.lessons.LessonMenuItemType; -import org.owasp.webgoat.session.Course; -import org.owasp.webgoat.session.WebSession; -import org.owasp.webgoat.users.LessonTracker; -import org.owasp.webgoat.users.UserTracker; -import org.owasp.webgoat.users.UserTrackerRepository; +import org.owasp.webgoat.container.lessons.Assignment; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; +import org.owasp.webgoat.container.lessons.LessonMenuItem; +import org.owasp.webgoat.container.lessons.LessonMenuItemType; +import org.owasp.webgoat.container.session.Course; +import org.owasp.webgoat.container.session.WebSession; +import org.owasp.webgoat.container.users.LessonTracker; +import org.owasp.webgoat.container.users.UserTracker; +import org.owasp.webgoat.container.users.UserTrackerRepository; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -49,7 +49,6 @@ import java.util.ArrayList; import java.util.Comparator; import java.util.List; import java.util.Map; -import java.util.stream.Collectors; /** *

LessonMenuService class.

@@ -71,7 +70,7 @@ public class LessonMenuService { @Value("#{'${exclude.lessons}'.split(',')}") private List excludeLessons; - + /** * Returns the lesson menu which is used to build the left nav * @@ -86,19 +85,19 @@ public class LessonMenuService { UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName()); for (Category category : categories) { - if (excludeCategories.contains(category.name())) { - continue; - } + if (excludeCategories.contains(category.name())) { + continue; + } LessonMenuItem categoryItem = new LessonMenuItem(); categoryItem.setName(category.getName()); categoryItem.setType(LessonMenuItemType.CATEGORY); // check for any lessons for this category List lessons = course.getLessons(category); - lessons = lessons.stream().sorted(Comparator.comparing(l -> l.getTitle())).collect(Collectors.toList()); + lessons = lessons.stream().sorted(Comparator.comparing(Lesson::getTitle)).toList(); for (Lesson lesson : lessons) { - if (excludeLessons.contains(lesson.getName())) { - continue; - } + if (excludeLessons.contains(lesson.getName())) { + continue; + } LessonMenuItem lessonItem = new LessonMenuItem(); lessonItem.setName(lesson.getTitle()); lessonItem.setLink(lesson.getLink()); @@ -118,14 +117,14 @@ public class LessonMenuService { private boolean lessonCompleted(Map map, Lesson currentLesson) { boolean result = true; for (Map.Entry entry : map.entrySet()) { - Assignment storedAssignment = entry.getKey(); - for (Assignment lessonAssignment: currentLesson.getAssignments()) { - if (lessonAssignment.getName().equals(storedAssignment.getName())) { - result = result && entry.getValue(); - break; - } - } - + Assignment storedAssignment = entry.getKey(); + for (Assignment lessonAssignment : currentLesson.getAssignments()) { + if (lessonAssignment.getName().equals(storedAssignment.getName())) { + result = result && entry.getValue(); + break; + } + } + } return result; } diff --git a/src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java b/src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java new file mode 100644 index 000000000..73deb7b60 --- /dev/null +++ b/src/main/java/org/owasp/webgoat/container/service/LessonProgressService.java @@ -0,0 +1,59 @@ +package org.owasp.webgoat.container.service; + +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.RequiredArgsConstructor; +import org.owasp.webgoat.container.lessons.Assignment; +import org.owasp.webgoat.container.session.WebSession; +import org.owasp.webgoat.container.users.UserTrackerRepository; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.ResponseBody; + +import java.util.List; + + +/** + *

LessonProgressService class.

+ * + * @author webgoat + */ +@Controller +@RequiredArgsConstructor +public class LessonProgressService { + + private final UserTrackerRepository userTrackerRepository; + private final WebSession webSession; + + /** + * Endpoint for fetching the complete lesson overview which informs the user about whether all the assignments are solved. + * Used as the last page of the lesson to generate a lesson overview. + * + * @return list of assignments + */ + @RequestMapping(value = "/service/lessonoverview.mvc", produces = "application/json") + @ResponseBody + public List lessonOverview() { + var userTracker = userTrackerRepository.findByUser(webSession.getUserName()); + var currentLesson = webSession.getCurrentLesson(); + + if (currentLesson != null) { + var lessonTracker = userTracker.getLessonTracker(currentLesson); + return lessonTracker.getLessonOverview().entrySet().stream() + .map(entry -> new LessonOverview(entry.getKey(), entry.getValue())) + .toList(); + } + return List.of(); + } + + @AllArgsConstructor + @Getter + //Jackson does not really like returning a map of directly, see http://stackoverflow.com/questions/11628698/can-we-make-object-as-key-in-map-when-using-json + //so creating intermediate object is the easiest solution + private static class LessonOverview { + + private Assignment assignment; + private Boolean solved; + + } +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonTitleService.java b/src/main/java/org/owasp/webgoat/container/service/LessonTitleService.java similarity index 84% rename from webgoat-container/src/main/java/org/owasp/webgoat/service/LessonTitleService.java rename to src/main/java/org/owasp/webgoat/container/service/LessonTitleService.java index 40d4e9459..99006fa0a 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonTitleService.java +++ b/src/main/java/org/owasp/webgoat/container/service/LessonTitleService.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.service; +package org.owasp.webgoat.container.service; -import org.owasp.webgoat.lessons.Lesson; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.lessons.Lesson; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java b/src/main/java/org/owasp/webgoat/container/service/ReportCardService.java similarity index 89% rename from webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java rename to src/main/java/org/owasp/webgoat/container/service/ReportCardService.java index 811dec524..14c6c2fa9 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java +++ b/src/main/java/org/owasp/webgoat/container/service/ReportCardService.java @@ -27,18 +27,18 @@ * https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.service; +package org.owasp.webgoat.container.service; import lombok.AllArgsConstructor; import lombok.Getter; import lombok.Setter; -import org.owasp.webgoat.i18n.PluginMessages; -import org.owasp.webgoat.lessons.Lesson; -import org.owasp.webgoat.session.Course; -import org.owasp.webgoat.session.WebSession; -import org.owasp.webgoat.users.LessonTracker; -import org.owasp.webgoat.users.UserTracker; -import org.owasp.webgoat.users.UserTrackerRepository; +import org.owasp.webgoat.container.i18n.PluginMessages; +import org.owasp.webgoat.container.lessons.Lesson; +import org.owasp.webgoat.container.session.Course; +import org.owasp.webgoat.container.session.WebSession; +import org.owasp.webgoat.container.users.LessonTracker; +import org.owasp.webgoat.container.users.UserTracker; +import org.owasp.webgoat.container.users.UserTrackerRepository; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java b/src/main/java/org/owasp/webgoat/container/service/RestartLessonService.java similarity index 82% rename from webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java rename to src/main/java/org/owasp/webgoat/container/service/RestartLessonService.java index 4f4a68cf8..d14b4e11c 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java +++ b/src/main/java/org/owasp/webgoat/container/service/RestartLessonService.java @@ -22,20 +22,22 @@ * projects. */ -package org.owasp.webgoat.service; +package org.owasp.webgoat.container.service; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.flywaydb.core.Flyway; -import org.owasp.webgoat.lessons.Lesson; -import org.owasp.webgoat.session.WebSession; -import org.owasp.webgoat.users.UserTracker; -import org.owasp.webgoat.users.UserTrackerRepository; +import org.owasp.webgoat.container.lessons.Initializeable; +import org.owasp.webgoat.container.lessons.Lesson; +import org.owasp.webgoat.container.session.WebSession; +import org.owasp.webgoat.container.users.UserTracker; +import org.owasp.webgoat.container.users.UserTrackerRepository; import org.springframework.http.HttpStatus; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseStatus; +import java.util.List; import java.util.function.Function; @Controller @@ -46,6 +48,7 @@ public class RestartLessonService { private final WebSession webSession; private final UserTrackerRepository userTrackerRepository; private final Function flywayLessons; + private final List lessonsToInitialize; @RequestMapping(path = "/service/restartlesson.mvc", produces = "text/text") @ResponseStatus(value = HttpStatus.OK) @@ -60,5 +63,7 @@ public class RestartLessonService { var flyway = flywayLessons.apply(webSession.getUserName()); flyway.clean(); flyway.migrate(); + + lessonsToInitialize.forEach(i -> i.initialize(webSession.getUser())); } } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/SessionService.java b/src/main/java/org/owasp/webgoat/container/service/SessionService.java similarity index 86% rename from webgoat-container/src/main/java/org/owasp/webgoat/service/SessionService.java rename to src/main/java/org/owasp/webgoat/container/service/SessionService.java index e621270ce..6352237e4 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/SessionService.java +++ b/src/main/java/org/owasp/webgoat/container/service/SessionService.java @@ -4,11 +4,11 @@ * and open the template in the editor. */ -package org.owasp.webgoat.service; +package org.owasp.webgoat.container.service; import lombok.RequiredArgsConstructor; -import org.owasp.webgoat.i18n.Messages; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.i18n.Messages; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java b/src/main/java/org/owasp/webgoat/container/session/Course.java similarity index 83% rename from webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java rename to src/main/java/org/owasp/webgoat/container/session/Course.java index 7a18dc743..349150c4e 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java +++ b/src/main/java/org/owasp/webgoat/container/session/Course.java @@ -1,13 +1,11 @@ -package org.owasp.webgoat.session; +package org.owasp.webgoat.container.session; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.lessons.Lesson; -import org.owasp.webgoat.lessons.Category; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import java.util.List; -import static java.util.stream.Collectors.toList; - /** * ************************************************************************************************ *

@@ -41,9 +39,9 @@ import static java.util.stream.Collectors.toList; @Slf4j public class Course { - private List lessons; + private List lessons; - public Course(List lessons) { + public Course(List lessons) { this.lessons = lessons; } @@ -53,7 +51,7 @@ public class Course { * @return The categories value */ public List getCategories() { - return lessons.parallelStream().map(l -> l.getCategory()).distinct().sorted().collect(toList()); + return lessons.parallelStream().map(Lesson::getCategory).distinct().sorted().toList(); } /** @@ -72,18 +70,18 @@ public class Course { * * @return a {@link java.util.List} object. */ - public List getLessons() { + public List getLessons() { return this.lessons; } /** *

Getter for the field lessons.

* - * @param category a {@link org.owasp.webgoat.lessons.Category} object. + * @param category a {@link org.owasp.webgoat.container.lessons.Category} object. * @return a {@link java.util.List} object. */ public List getLessons(Category category) { - return this.lessons.stream().filter(l -> l.getCategory() == category).collect(toList()); + return this.lessons.stream().filter(l -> l.getCategory() == category).toList(); } public void setLessons(List lessons) { diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/LabelDebugger.java b/src/main/java/org/owasp/webgoat/container/session/LabelDebugger.java similarity index 84% rename from webgoat-container/src/main/java/org/owasp/webgoat/session/LabelDebugger.java rename to src/main/java/org/owasp/webgoat/container/session/LabelDebugger.java index af030c7ea..69823e7b4 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/LabelDebugger.java +++ b/src/main/java/org/owasp/webgoat/container/session/LabelDebugger.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.session; +package org.owasp.webgoat.container.session; import java.io.Serializable; @@ -37,7 +37,7 @@ public class LabelDebugger implements Serializable { /** *

Sets the status to enabled

- * @param enabled {@link org.owasp.webgoat.session.LabelDebugger} object + * @param enabled {@link org.owasp.webgoat.container.session.LabelDebugger} object */ public void setEnabled(boolean enabled) { this.enabled = enabled; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/UserSessionData.java b/src/main/java/org/owasp/webgoat/container/session/UserSessionData.java similarity index 94% rename from webgoat-container/src/main/java/org/owasp/webgoat/session/UserSessionData.java rename to src/main/java/org/owasp/webgoat/container/session/UserSessionData.java index 1e1229e40..2e58caf0f 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/UserSessionData.java +++ b/src/main/java/org/owasp/webgoat/container/session/UserSessionData.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.session; +package org.owasp.webgoat.container.session; import java.util.HashMap; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java b/src/main/java/org/owasp/webgoat/container/session/WebSession.java similarity index 92% rename from webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java rename to src/main/java/org/owasp/webgoat/container/session/WebSession.java index d7a64984b..f8b2296d2 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java +++ b/src/main/java/org/owasp/webgoat/container/session/WebSession.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.session; +package org.owasp.webgoat.container.session; -import org.owasp.webgoat.lessons.Lesson; -import org.owasp.webgoat.users.WebGoatUser; +import org.owasp.webgoat.container.lessons.Lesson; +import org.owasp.webgoat.container.users.WebGoatUser; import org.springframework.security.core.context.SecurityContextHolder; import java.io.Serializable; @@ -73,6 +73,10 @@ public class WebSession implements Serializable { return currentUser.getUsername(); } + public WebGoatUser getUser() { + return currentUser; + } + public void toggleSecurity() { this.securityEnabled = !this.securityEnabled; } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java b/src/main/java/org/owasp/webgoat/container/users/LessonTracker.java similarity index 93% rename from webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java rename to src/main/java/org/owasp/webgoat/container/users/LessonTracker.java index b24894584..ab882c29a 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java +++ b/src/main/java/org/owasp/webgoat/container/users/LessonTracker.java @@ -1,9 +1,9 @@ -package org.owasp.webgoat.users; +package org.owasp.webgoat.container.users; import lombok.Getter; -import org.owasp.webgoat.lessons.Lesson; -import org.owasp.webgoat.lessons.Assignment; +import org.owasp.webgoat.container.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Assignment; import javax.persistence.*; import java.util.*; @@ -76,7 +76,7 @@ public class LessonTracker { * @param solvedAssignment the assignment which the user solved */ public void assignmentSolved(String solvedAssignment) { - getAssignment(solvedAssignment).ifPresent(a -> solvedAssignments.add(a)); + getAssignment(solvedAssignment).ifPresent(solvedAssignments::add); } /** @@ -106,7 +106,7 @@ public class LessonTracker { public Map getLessonOverview() { List notSolved = allAssignments.stream() .filter(i -> !solvedAssignments.contains(i)) - .collect(Collectors.toList()); + .toList(); Map overview = notSolved.stream().collect(Collectors.toMap(a -> a, b -> false)); overview.putAll(solvedAssignments.stream().collect(Collectors.toMap(a -> a, b -> true))); return overview; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java b/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java similarity index 95% rename from webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java rename to src/main/java/org/owasp/webgoat/container/users/RegistrationController.java index 754046f4c..d3d645796 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java +++ b/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java @@ -1,7 +1,6 @@ -package org.owasp.webgoat.users; +package org.owasp.webgoat.container.users; import lombok.AllArgsConstructor; -import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.stereotype.Controller; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/Scoreboard.java b/src/main/java/org/owasp/webgoat/container/users/Scoreboard.java similarity index 62% rename from webgoat-container/src/main/java/org/owasp/webgoat/users/Scoreboard.java rename to src/main/java/org/owasp/webgoat/container/users/Scoreboard.java index 7b4cce443..6eb2e6508 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/users/Scoreboard.java +++ b/src/main/java/org/owasp/webgoat/container/users/Scoreboard.java @@ -1,16 +1,16 @@ -package org.owasp.webgoat.users; +package org.owasp.webgoat.container.users; import lombok.AllArgsConstructor; import lombok.Getter; -import org.owasp.webgoat.i18n.PluginMessages; -import org.owasp.webgoat.session.Course; +import org.owasp.webgoat.container.i18n.PluginMessages; +import org.owasp.webgoat.container.lessons.Lesson; +import org.owasp.webgoat.container.session.Course; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; import java.util.ArrayList; -import java.util.Comparator; import java.util.List; -import java.util.stream.Collectors; +import java.util.Optional; /** * Temp endpoint just for the CTF. @@ -39,38 +39,35 @@ public class Scoreboard { List allUsers = userRepository.findAll(); List rankings = new ArrayList<>(); for (WebGoatUser user : allUsers) { - if (user.getUsername().startsWith("csrf-")) { - //the csrf- assignment specific users do not need to be in the overview - continue; - } + if (user.getUsername().startsWith("csrf-")) { + //the csrf- assignment specific users do not need to be in the overview + continue; + } UserTracker userTracker = userTrackerRepository.findByUser(user.getUsername()); rankings.add(new Ranking(user.getUsername(), challengesSolved(userTracker))); } /* sort on number of captured flags to present an ordered ranking */ - rankings.sort(new Comparator() { - - @Override - public int compare(Ranking o1, Ranking o2) { - - return o2.getFlagsCaptured().size() - o1.getFlagsCaptured().size(); - } - }); + rankings.sort((o1, o2) -> o2.getFlagsCaptured().size() - o1.getFlagsCaptured().size()); return rankings; } private List challengesSolved(UserTracker userTracker) { List challenges = List.of("Challenge1", "Challenge2", "Challenge3", "Challenge4", "Challenge5", "Challenge6", "Challenge7", "Challenge8", "Challenge9"); return challenges.stream() - .map(c -> userTracker.getLessonTracker(c)) - .filter(l -> l.isPresent()).map(l -> l.get()) - .filter(l -> l.isLessonSolved()) - .map(l -> l.getLessonName()) - .map(l -> toLessonTitle(l)) - .collect(Collectors.toList()); + .map(userTracker::getLessonTracker) + .flatMap(Optional::stream) + .filter(LessonTracker::isLessonSolved) + .map(LessonTracker::getLessonName) + .map(this::toLessonTitle) + .toList(); } private String toLessonTitle(String id) { - String titleKey = course.getLessons().stream().filter(l -> l.getId().equals(id)).findFirst().get().getTitle(); + String titleKey = course.getLessons().stream() + .filter(l -> l.getId().equals(id)) + .findFirst() + .map(Lesson::getTitle) + .orElse("No title"); return pluginMessages.getMessage(titleKey, titleKey); } } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserForm.java b/src/main/java/org/owasp/webgoat/container/users/UserForm.java similarity index 93% rename from webgoat-container/src/main/java/org/owasp/webgoat/users/UserForm.java rename to src/main/java/org/owasp/webgoat/container/users/UserForm.java index e88ea5c47..2cc73ba62 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserForm.java +++ b/src/main/java/org/owasp/webgoat/container/users/UserForm.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.users; +package org.owasp.webgoat.container.users; import lombok.Getter; import lombok.Setter; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserRepository.java b/src/main/java/org/owasp/webgoat/container/users/UserRepository.java similarity index 88% rename from webgoat-container/src/main/java/org/owasp/webgoat/users/UserRepository.java rename to src/main/java/org/owasp/webgoat/container/users/UserRepository.java index 96472a963..322ff8e66 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserRepository.java +++ b/src/main/java/org/owasp/webgoat/container/users/UserRepository.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.users; +package org.owasp.webgoat.container.users; import org.springframework.data.jpa.repository.JpaRepository; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java b/src/main/java/org/owasp/webgoat/container/users/UserService.java similarity index 89% rename from webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java rename to src/main/java/org/owasp/webgoat/container/users/UserService.java index ca3058a06..a2b7566fe 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java +++ b/src/main/java/org/owasp/webgoat/container/users/UserService.java @@ -1,9 +1,8 @@ -package org.owasp.webgoat.users; +package org.owasp.webgoat.container.users; import lombok.AllArgsConstructor; import org.flywaydb.core.Flyway; -import org.flywaydb.core.api.configuration.FluentConfiguration; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.lessons.Initializeable; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; @@ -24,6 +23,7 @@ public class UserService implements UserDetailsService { private final UserTrackerRepository userTrackerRepository; private final JdbcTemplate jdbcTemplate; private final Function flywayLessons; + private final List lessonInitializables; @Override public WebGoatUser loadUserByUsername(String username) throws UsernameNotFoundException { @@ -32,6 +32,7 @@ public class UserService implements UserDetailsService { throw new UsernameNotFoundException("User not found"); } else { webGoatUser.createUser(); + lessonInitializables.forEach(l -> l.initialize(webGoatUser)); } return webGoatUser; } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserSession.java b/src/main/java/org/owasp/webgoat/container/users/UserSession.java similarity index 90% rename from webgoat-container/src/main/java/org/owasp/webgoat/users/UserSession.java rename to src/main/java/org/owasp/webgoat/container/users/UserSession.java index 5e00333b4..f742fd02e 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserSession.java +++ b/src/main/java/org/owasp/webgoat/container/users/UserSession.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.users; +package org.owasp.webgoat.container.users; import lombok.AccessLevel; import lombok.AllArgsConstructor; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java b/src/main/java/org/owasp/webgoat/container/users/UserTracker.java similarity index 96% rename from webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java rename to src/main/java/org/owasp/webgoat/container/users/UserTracker.java index e967a9c7e..0850f0eac 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java +++ b/src/main/java/org/owasp/webgoat/container/users/UserTracker.java @@ -1,9 +1,9 @@ -package org.owasp.webgoat.users; +package org.owasp.webgoat.container.users; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.lessons.Lesson; -import org.owasp.webgoat.lessons.Assignment; +import org.owasp.webgoat.container.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Assignment; import javax.persistence.*; import java.util.HashSet; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTrackerRepository.java b/src/main/java/org/owasp/webgoat/container/users/UserTrackerRepository.java similarity index 84% rename from webgoat-container/src/main/java/org/owasp/webgoat/users/UserTrackerRepository.java rename to src/main/java/org/owasp/webgoat/container/users/UserTrackerRepository.java index efa231d59..c80db503c 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTrackerRepository.java +++ b/src/main/java/org/owasp/webgoat/container/users/UserTrackerRepository.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.users; +package org.owasp.webgoat.container.users; import org.springframework.data.jpa.repository.JpaRepository; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserValidator.java b/src/main/java/org/owasp/webgoat/container/users/UserValidator.java similarity index 95% rename from webgoat-container/src/main/java/org/owasp/webgoat/users/UserValidator.java rename to src/main/java/org/owasp/webgoat/container/users/UserValidator.java index ce63a3ef7..fc1d6691a 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserValidator.java +++ b/src/main/java/org/owasp/webgoat/container/users/UserValidator.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.users; +package org.owasp.webgoat.container.users; import lombok.AllArgsConstructor; import org.springframework.stereotype.Component; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java b/src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java similarity index 89% rename from webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java rename to src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java index e6e720c36..f64462348 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java +++ b/src/main/java/org/owasp/webgoat/container/users/WebGoatUser.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.users; +package org.owasp.webgoat.container.users; import lombok.Getter; import org.springframework.security.core.GrantedAuthority; @@ -85,6 +85,13 @@ public class WebGoatUser implements UserDetails { return this.user.isEnabled(); } + public boolean equals(Object obj) { + return obj instanceof WebGoatUser webGoatUser && this.user.equals(webGoatUser.user); + } + + public int hashCode() { + return user.hashCode(); + } } diff --git a/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AccountVerificationHelper.java b/src/main/java/org/owasp/webgoat/lessons/auth_bypass/AccountVerificationHelper.java similarity index 98% rename from webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AccountVerificationHelper.java rename to src/main/java/org/owasp/webgoat/lessons/auth_bypass/AccountVerificationHelper.java index 7d312b2bc..2d173cef6 100644 --- a/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AccountVerificationHelper.java +++ b/src/main/java/org/owasp/webgoat/lessons/auth_bypass/AccountVerificationHelper.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.auth_bypass; +package org.owasp.webgoat.lessons.auth_bypass; import java.util.HashMap; import java.util.Map; diff --git a/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AuthBypass.java b/src/main/java/org/owasp/webgoat/lessons/auth_bypass/AuthBypass.java similarity index 89% rename from webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AuthBypass.java rename to src/main/java/org/owasp/webgoat/lessons/auth_bypass/AuthBypass.java index 92f1f2250..4e885e1cd 100644 --- a/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AuthBypass.java +++ b/src/main/java/org/owasp/webgoat/lessons/auth_bypass/AuthBypass.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.auth_bypass; +package org.owasp.webgoat.lessons.auth_bypass; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component diff --git a/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/VerifyAccount.java b/src/main/java/org/owasp/webgoat/lessons/auth_bypass/VerifyAccount.java similarity index 91% rename from webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/VerifyAccount.java rename to src/main/java/org/owasp/webgoat/lessons/auth_bypass/VerifyAccount.java index 3f6ff0b18..1988c6f85 100644 --- a/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/VerifyAccount.java +++ b/src/main/java/org/owasp/webgoat/lessons/auth_bypass/VerifyAccount.java @@ -20,13 +20,13 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.auth_bypass; +package org.owasp.webgoat.lessons.auth_bypass; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.UserSessionData; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.UserSessionData; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictions.java b/src/main/java/org/owasp/webgoat/lessons/bypass_restrictions/BypassRestrictions.java similarity index 89% rename from webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictions.java rename to src/main/java/org/owasp/webgoat/lessons/bypass_restrictions/BypassRestrictions.java index 34a9341ca..7263f85bd 100644 --- a/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictions.java +++ b/src/main/java/org/owasp/webgoat/lessons/bypass_restrictions/BypassRestrictions.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.bypass_restrictions; +package org.owasp.webgoat.lessons.bypass_restrictions; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component diff --git a/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFieldRestrictions.java b/src/main/java/org/owasp/webgoat/lessons/bypass_restrictions/BypassRestrictionsFieldRestrictions.java similarity index 92% rename from webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFieldRestrictions.java rename to src/main/java/org/owasp/webgoat/lessons/bypass_restrictions/BypassRestrictionsFieldRestrictions.java index 55acae9fd..7f87f0ff6 100644 --- a/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFieldRestrictions.java +++ b/src/main/java/org/owasp/webgoat/lessons/bypass_restrictions/BypassRestrictionsFieldRestrictions.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.bypass_restrictions; +package org.owasp.webgoat.lessons.bypass_restrictions; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidation.java b/src/main/java/org/owasp/webgoat/lessons/bypass_restrictions/BypassRestrictionsFrontendValidation.java similarity index 93% rename from webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidation.java rename to src/main/java/org/owasp/webgoat/lessons/bypass_restrictions/BypassRestrictionsFrontendValidation.java index dceb19f98..0c7bce6a0 100644 --- a/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidation.java +++ b/src/main/java/org/owasp/webgoat/lessons/bypass_restrictions/BypassRestrictionsFrontendValidation.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.bypass_restrictions; +package org.owasp.webgoat.lessons.bypass_restrictions; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/ChallengeIntro.java b/src/main/java/org/owasp/webgoat/lessons/challenges/ChallengeIntro.java similarity index 65% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/ChallengeIntro.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/ChallengeIntro.java index 405447e48..c3e1b1c8e 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/ChallengeIntro.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/ChallengeIntro.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.challenges; +package org.owasp.webgoat.lessons.challenges; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; /** * @author nbaars diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/Email.java b/src/main/java/org/owasp/webgoat/lessons/challenges/Email.java similarity index 96% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/Email.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/Email.java index a8b9314a9..fe1eb40b2 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/Email.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/Email.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.challenges; +package org.owasp.webgoat.lessons.challenges; import lombok.Builder; import lombok.Data; @@ -41,4 +41,4 @@ public class Email implements Serializable { private String sender; private String title; private String recipient; -} \ No newline at end of file +} diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/Flag.java b/src/main/java/org/owasp/webgoat/lessons/challenges/Flag.java similarity index 90% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/Flag.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/Flag.java index 77761697f..fdeb5a85a 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/Flag.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/Flag.java @@ -20,15 +20,15 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.challenges; +package org.owasp.webgoat.lessons.challenges; import lombok.AllArgsConstructor; import lombok.Getter; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.WebSession; -import org.owasp.webgoat.users.UserTracker; -import org.owasp.webgoat.users.UserTrackerRepository; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.WebSession; +import org.owasp.webgoat.container.users.UserTracker; +import org.owasp.webgoat.container.users.UserTrackerRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.RequestMapping; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/SolutionConstants.java b/src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java similarity index 96% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/SolutionConstants.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java index 9a9654260..c2ca6d849 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/SolutionConstants.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.challenges; +package org.owasp.webgoat.lessons.challenges; /** * Interface with constants so we can easily change the flags diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Assignment1.java b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java similarity index 88% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Assignment1.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java index 7966972d0..62a865f63 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Assignment1.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Assignment1.java @@ -1,8 +1,8 @@ -package org.owasp.webgoat.challenges.challenge1; +package org.owasp.webgoat.lessons.challenges.challenge1; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.challenges.Flag; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.lessons.challenges.Flag; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; @@ -11,7 +11,7 @@ import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; -import static org.owasp.webgoat.challenges.SolutionConstants.PASSWORD; +import static org.owasp.webgoat.lessons.challenges.SolutionConstants.PASSWORD; /** * ************************************************************************************************ diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Challenge1.java b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Challenge1.java similarity index 67% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Challenge1.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Challenge1.java index 86d1edfcc..940568113 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Challenge1.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/Challenge1.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.challenges.challenge1; +package org.owasp.webgoat.lessons.challenges.challenge1; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java new file mode 100644 index 000000000..925ddfd4d --- /dev/null +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge1/ImageServlet.java @@ -0,0 +1,36 @@ +package org.owasp.webgoat.lessons.challenges.challenge1; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.http.MediaType; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; + +import javax.servlet.http.HttpServlet; +import java.io.IOException; +import java.security.SecureRandom; + +import static org.springframework.web.bind.annotation.RequestMethod.GET; +import static org.springframework.web.bind.annotation.RequestMethod.POST; + +@RestController +public class ImageServlet extends HttpServlet { + + private static final long serialVersionUID = 9132775506936676850L; + static final public int PINCODE = new SecureRandom().nextInt(10000); + + @RequestMapping(method = {GET, POST}, value = "/challenge/logo", produces = MediaType.IMAGE_PNG_VALUE) + @ResponseBody + public byte[] logo() throws IOException { + byte[] in = new ClassPathResource("lessons/challenges/images/webgoat2.png").getInputStream().readAllBytes(); + + String pincode = String.format("%04d", PINCODE); + + in[81216]=(byte) pincode.charAt(0); + in[81217]=(byte) pincode.charAt(1); + in[81218]=(byte) pincode.charAt(2); + in[81219]=(byte) pincode.charAt(3); + + return in; + } +} diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java similarity index 90% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java index 39cd6dbba..48d6f85d2 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java @@ -20,20 +20,19 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.challenges.challenge5; +package org.owasp.webgoat.lessons.challenges.challenge5; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.challenges.Flag; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.lessons.challenges.Flag; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; -import javax.sql.DataSource; import java.sql.PreparedStatement; import java.sql.ResultSet; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Challenge5.java b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Challenge5.java similarity index 89% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Challenge5.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Challenge5.java index ab068ff2a..6f17215c2 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Challenge5.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Challenge5.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.challenges.challenge5; +package org.owasp.webgoat.lessons.challenges.challenge5; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Assignment7.java b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java similarity index 90% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Assignment7.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java index 0f33b7d96..fab634c08 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Assignment7.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java @@ -1,10 +1,11 @@ -package org.owasp.webgoat.challenges.challenge7; +package org.owasp.webgoat.lessons.challenges.challenge7; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.challenges.Email; -import org.owasp.webgoat.challenges.SolutionConstants; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.lessons.challenges.Email; +import org.owasp.webgoat.lessons.challenges.SolutionConstants; +import org.owasp.webgoat.lessons.challenges.Flag; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.core.io.ClassPathResource; @@ -25,8 +26,6 @@ import java.net.URI; import java.net.URISyntaxException; import java.time.LocalDateTime; -import static org.owasp.webgoat.challenges.Flag.FLAGS; - /** * @author nbaars * @since 4/8/17. @@ -54,7 +53,7 @@ public class Assignment7 extends AssignmentEndpoint { if (link.equals(SolutionConstants.ADMIN_PASSWORD_LINK)) { return ResponseEntity.accepted().body("

Success!!

" + "" - + "

Here is your flag: " + "" + FLAGS.get(7) + ""); + + "

Here is your flag: " + "" + Flag.FLAGS.get(7) + ""); } return ResponseEntity.status(HttpStatus.I_AM_A_TEAPOT).body("That is not the reset link for admin"); } diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Challenge7.java b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Challenge7.java similarity index 67% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Challenge7.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Challenge7.java index cbcd25f7a..df621ac17 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Challenge7.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Challenge7.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.challenges.challenge7; +package org.owasp.webgoat.lessons.challenges.challenge7; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java similarity index 99% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java index 543bce623..9bc444627 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/MD5.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.challenges.challenge7; +package org.owasp.webgoat.lessons.challenges.challenge7; import java.io.File; import java.io.FileInputStream; @@ -685,4 +685,4 @@ public class MD5 { state.state[2] += c; state.state[3] += d; } -} \ No newline at end of file +} diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/PasswordResetLink.java b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java similarity index 95% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/PasswordResetLink.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java index 73bf2ecc5..c890fc27c 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/PasswordResetLink.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.challenges.challenge7; +package org.owasp.webgoat.lessons.challenges.challenge7; import java.util.Random; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge8/Assignment8.java b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java similarity index 91% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge8/Assignment8.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java index e83a2a631..e4f330899 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge8/Assignment8.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Assignment8.java @@ -1,9 +1,9 @@ -package org.owasp.webgoat.challenges.challenge8; +package org.owasp.webgoat.lessons.challenges.challenge8; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.challenges.Flag; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.lessons.challenges.Flag; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.GetMapping; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge8/Challenge8.java b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Challenge8.java similarity index 67% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge8/Challenge8.java rename to src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Challenge8.java index 6d02db4e5..bb0f9ac4e 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge8/Challenge8.java +++ b/src/main/java/org/owasp/webgoat/lessons/challenges/challenge8/Challenge8.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.challenges.challenge8; +package org.owasp.webgoat.lessons.challenges.challenge8; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevTools.java b/src/main/java/org/owasp/webgoat/lessons/chrome_dev_tools/ChromeDevTools.java similarity index 90% rename from webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevTools.java rename to src/main/java/org/owasp/webgoat/lessons/chrome_dev_tools/ChromeDevTools.java index 29c8dd9a9..cd2faeaf4 100644 --- a/webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevTools.java +++ b/src/main/java/org/owasp/webgoat/lessons/chrome_dev_tools/ChromeDevTools.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.chrome_dev_tools; +package org.owasp.webgoat.lessons.chrome_dev_tools; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/NetworkDummy.java b/src/main/java/org/owasp/webgoat/lessons/chrome_dev_tools/NetworkDummy.java similarity index 89% rename from webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/NetworkDummy.java rename to src/main/java/org/owasp/webgoat/lessons/chrome_dev_tools/NetworkDummy.java index b09328532..48c48b598 100644 --- a/webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/NetworkDummy.java +++ b/src/main/java/org/owasp/webgoat/lessons/chrome_dev_tools/NetworkDummy.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.chrome_dev_tools; +package org.owasp.webgoat.lessons.chrome_dev_tools; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.UserSessionData; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.UserSessionData; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; @@ -51,4 +51,4 @@ public class NetworkDummy extends AssignmentEndpoint { return failed(this).feedback("xss-dom-message-failure").build(); } } -} \ No newline at end of file +} diff --git a/webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/NetworkLesson.java b/src/main/java/org/owasp/webgoat/lessons/chrome_dev_tools/NetworkLesson.java similarity index 90% rename from webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/NetworkLesson.java rename to src/main/java/org/owasp/webgoat/lessons/chrome_dev_tools/NetworkLesson.java index 14123ce80..3cc3b0230 100644 --- a/webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/NetworkLesson.java +++ b/src/main/java/org/owasp/webgoat/lessons/chrome_dev_tools/NetworkLesson.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.chrome_dev_tools; +package org.owasp.webgoat.lessons.chrome_dev_tools; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIA.java b/src/main/java/org/owasp/webgoat/lessons/cia/CIA.java similarity index 70% rename from webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIA.java rename to src/main/java/org/owasp/webgoat/lessons/cia/CIA.java index 7210de301..03f5fd2bf 100644 --- a/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIA.java +++ b/src/main/java/org/owasp/webgoat/lessons/cia/CIA.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.cia; +package org.owasp.webgoat.lessons.cia; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** @@ -20,4 +20,4 @@ public class CIA extends Lesson { public String getTitle() { return "4.cia.title";//4th lesson in general } -} \ No newline at end of file +} diff --git a/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIAQuiz.java b/src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java similarity index 90% rename from webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIAQuiz.java rename to src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java index ee3e6e60d..bc7a1b0a7 100644 --- a/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIAQuiz.java +++ b/src/main/java/org/owasp/webgoat/lessons/cia/CIAQuiz.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.cia; +package org.owasp.webgoat.lessons.cia; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFiltering.java b/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/ClientSideFiltering.java similarity index 90% rename from webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFiltering.java rename to src/main/java/org/owasp/webgoat/lessons/client_side_filtering/ClientSideFiltering.java index ee1267c2b..a4648e772 100644 --- a/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFiltering.java +++ b/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/ClientSideFiltering.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.client_side_filtering; +package org.owasp.webgoat.lessons.client_side_filtering; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringAssignment.java b/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/ClientSideFilteringAssignment.java similarity index 88% rename from webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/client_side_filtering/ClientSideFilteringAssignment.java index 8ed518e42..c29390e6a 100644 --- a/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/ClientSideFilteringAssignment.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.client_side_filtering; +package org.owasp.webgoat.lessons.client_side_filtering; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringFreeAssignment.java b/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/ClientSideFilteringFreeAssignment.java similarity index 88% rename from webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringFreeAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/client_side_filtering/ClientSideFilteringFreeAssignment.java index d1ce40ab2..8394a9738 100644 --- a/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringFreeAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/ClientSideFilteringFreeAssignment.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.client_side_filtering; +package org.owasp.webgoat.lessons.client_side_filtering; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/Salaries.java b/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/Salaries.java similarity index 97% rename from webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/Salaries.java rename to src/main/java/org/owasp/webgoat/lessons/client_side_filtering/Salaries.java index 5a0d5fac0..55843baff 100644 --- a/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/Salaries.java +++ b/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/Salaries.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.client_side_filtering; +package org.owasp.webgoat.lessons.client_side_filtering; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Value; @@ -57,7 +57,7 @@ public class Salaries { @PostConstruct public void copyFiles() { - ClassPathResource classPathResource = new ClassPathResource("employees.xml"); + ClassPathResource classPathResource = new ClassPathResource("lessons/employees.xml"); File targetDirectory = new File(webGoatHomeDirectory, "/ClientSideFiltering"); if (!targetDirectory.exists()) { targetDirectory.mkdir(); diff --git a/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ShopEndpoint.java b/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/ShopEndpoint.java similarity index 88% rename from webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ShopEndpoint.java rename to src/main/java/org/owasp/webgoat/lessons/client_side_filtering/ShopEndpoint.java index 283c0662d..9e9bcf200 100644 --- a/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ShopEndpoint.java +++ b/src/main/java/org/owasp/webgoat/lessons/client_side_filtering/ShopEndpoint.java @@ -20,10 +20,9 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.client_side_filtering; - -import com.beust.jcommander.internal.Lists; +package org.owasp.webgoat.lessons.client_side_filtering; +import com.google.common.collect.Lists; import lombok.AllArgsConstructor; import lombok.Getter; @@ -36,8 +35,6 @@ import org.springframework.web.bind.annotation.RestController; import java.util.List; import java.util.Optional; -import static org.owasp.webgoat.client_side_filtering.ClientSideFilteringFreeAssignment.SUPER_COUPON_CODE; - /** * @author nbaars * @since 4/6/17. @@ -76,8 +73,8 @@ public class ShopEndpoint { @GetMapping(value = "/coupons/{code}", produces = MediaType.APPLICATION_JSON_VALUE) public CheckoutCode getDiscountCode(@PathVariable String code) { - if (SUPER_COUPON_CODE.equals(code)) { - return new CheckoutCode(SUPER_COUPON_CODE, 100); + if (ClientSideFilteringFreeAssignment.SUPER_COUPON_CODE.equals(code)) { + return new CheckoutCode(ClientSideFilteringFreeAssignment.SUPER_COUPON_CODE, 100); } return checkoutCodes.get(code).orElse(new CheckoutCode("no", 0)); } @@ -86,7 +83,7 @@ public class ShopEndpoint { public CheckoutCodes all() { List all = Lists.newArrayList(); all.addAll(this.checkoutCodes.getCodes()); - all.add(new CheckoutCode(SUPER_COUPON_CODE, 100)); + all.add(new CheckoutCode(ClientSideFilteringFreeAssignment.SUPER_COUPON_CODE, 100)); return new CheckoutCodes(all); } } diff --git a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/CryptoUtil.java b/src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java similarity index 98% rename from webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/CryptoUtil.java rename to src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java index 5d74d02f5..d3bf9f2e4 100644 --- a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/CryptoUtil.java +++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.crypto; +package org.owasp.webgoat.lessons.cryptography; import lombok.extern.slf4j.Slf4j; @@ -132,4 +132,4 @@ public class CryptoUtil { return kf.generatePrivate(spec); } -} \ No newline at end of file +} diff --git a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/Crypto.java b/src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java similarity index 87% rename from webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/Crypto.java rename to src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java index 30f4a2e35..6ccd96951 100644 --- a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/Crypto.java +++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java @@ -20,14 +20,14 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.crypto; +package org.owasp.webgoat.lessons.cryptography; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component -public class Crypto extends Lesson { +public class Cryptography extends Lesson { @Override public Category getDefaultCategory() { return Category.GENERAL; diff --git a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java b/src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java similarity index 94% rename from webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java index 867a61299..41d2d6421 100644 --- a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/EncodingAssignment.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.crypto; +package org.owasp.webgoat.lessons.cryptography; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; diff --git a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java b/src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java similarity index 94% rename from webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java index dddb870e9..89cc05262 100644 --- a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/HashingAssignment.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.crypto; +package org.owasp.webgoat.lessons.cryptography; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; diff --git a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SecureDefaultsAssignment.java b/src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java similarity index 90% rename from webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SecureDefaultsAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java index 1af714de9..90435e503 100644 --- a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SecureDefaultsAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/SecureDefaultsAssignment.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.crypto; +package org.owasp.webgoat.lessons.cryptography; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java b/src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java similarity index 93% rename from webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java index fe4e16da1..40a910522 100644 --- a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java @@ -20,12 +20,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.crypto; +package org.owasp.webgoat.lessons.cryptography; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; diff --git a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/XOREncodingAssignment.java b/src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java similarity index 88% rename from webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/XOREncodingAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java index e4b6c1279..68a8be8b5 100644 --- a/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/XOREncodingAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/XOREncodingAssignment.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.crypto; +package org.owasp.webgoat.lessons.cryptography; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRF.java b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java similarity index 90% rename from webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRF.java rename to src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java index 183ef03c8..675054d75 100644 --- a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRF.java +++ b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.csrf; +package org.owasp.webgoat.lessons.csrf; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFConfirmFlag1.java b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java similarity index 88% rename from webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFConfirmFlag1.java rename to src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java index 83c7df15c..ba012e56e 100644 --- a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFConfirmFlag1.java +++ b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFConfirmFlag1.java @@ -20,12 +20,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.csrf; +package org.owasp.webgoat.lessons.csrf; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.UserSessionData; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java similarity index 94% rename from webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java rename to src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java index 9d9a0e1bf..3e5a0f109 100644 --- a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java +++ b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFFeedback.java @@ -20,15 +20,15 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.csrf; +package org.owasp.webgoat.lessons.csrf; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.commons.lang3.exception.ExceptionUtils; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.UserSessionData; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.PostMapping; diff --git a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFGetFlag.java b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java similarity index 95% rename from webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFGetFlag.java rename to src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java index d3cb3fc83..857df9997 100644 --- a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFGetFlag.java +++ b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFGetFlag.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.csrf; +package org.owasp.webgoat.lessons.csrf; -import org.owasp.webgoat.i18n.PluginMessages; -import org.owasp.webgoat.session.UserSessionData; +import org.owasp.webgoat.container.i18n.PluginMessages; +import org.owasp.webgoat.container.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; diff --git a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFLogin.java b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java similarity index 87% rename from webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFLogin.java rename to src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java index 05e55c8eb..238886b23 100644 --- a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFLogin.java +++ b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRFLogin.java @@ -20,13 +20,13 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.csrf; +package org.owasp.webgoat.lessons.csrf; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.users.UserTracker; -import org.owasp.webgoat.users.UserTrackerRepository; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.users.UserTracker; +import org.owasp.webgoat.container.users.UserTrackerRepository; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; diff --git a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/ForgedReviews.java b/src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java similarity index 93% rename from webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/ForgedReviews.java rename to src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java index 4241421b9..d91b906c5 100644 --- a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/ForgedReviews.java +++ b/src/main/java/org/owasp/webgoat/lessons/csrf/ForgedReviews.java @@ -20,16 +20,16 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.csrf; +package org.owasp.webgoat.lessons.csrf; -import com.beust.jcommander.internal.Lists; +import com.google.common.collect.Lists; import org.joda.time.DateTime; import org.joda.time.format.DateTimeFormat; import org.joda.time.format.DateTimeFormatter; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.GetMapping; diff --git a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/Review.java b/src/main/java/org/owasp/webgoat/lessons/csrf/Review.java similarity index 97% rename from webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/Review.java rename to src/main/java/org/owasp/webgoat/lessons/csrf/Review.java index f5280f8e6..06e623791 100644 --- a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/Review.java +++ b/src/main/java/org/owasp/webgoat/lessons/csrf/Review.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.csrf; +package org.owasp.webgoat.lessons.csrf; import lombok.AllArgsConstructor; import lombok.Getter; diff --git a/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserialization.java b/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java similarity index 91% rename from webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserialization.java rename to src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java index a5a6c46f0..fba6be389 100644 --- a/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserialization.java +++ b/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.deserialization; +package org.owasp.webgoat.lessons.deserialization; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java b/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java similarity index 93% rename from webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java rename to src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java index a1e0180ee..f207b45ef 100644 --- a/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java +++ b/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java @@ -20,12 +20,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.deserialization; +package org.owasp.webgoat.lessons.deserialization; import org.dummy.insecure.framework.VulnerableTaskHolder; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; @@ -78,4 +78,4 @@ public class InsecureDeserializationTask extends AssignmentEndpoint { } return success(this).build(); } -} \ No newline at end of file +} diff --git a/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java b/src/main/java/org/owasp/webgoat/lessons/deserialization/SerializationHelper.java similarity index 97% rename from webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java rename to src/main/java/org/owasp/webgoat/lessons/deserialization/SerializationHelper.java index 8fbb46dc8..f6ac82bb3 100644 --- a/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/SerializationHelper.java +++ b/src/main/java/org/owasp/webgoat/lessons/deserialization/SerializationHelper.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.deserialization; +package org.owasp.webgoat.lessons.deserialization; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; diff --git a/webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/HijackSession.java b/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java similarity index 90% rename from webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/HijackSession.java rename to src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java index a03929754..51c3c616a 100644 --- a/webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/HijackSession.java +++ b/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java @@ -21,10 +21,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.hijacksession; +package org.owasp.webgoat.lessons.hijacksession; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /*** diff --git a/webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/HijackSessionAssignment.java b/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java similarity index 88% rename from webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/HijackSessionAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java index 0500f3e7f..bc18ca680 100644 --- a/webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/HijackSessionAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSessionAssignment.java @@ -20,17 +20,17 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.hijacksession; +package org.owasp.webgoat.lessons.hijacksession; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.hijacksession.cas.Authentication; -import org.owasp.webgoat.hijacksession.cas.HijackSessionAuthenticationProvider; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.lessons.hijacksession.cas.Authentication; +import org.owasp.webgoat.lessons.hijacksession.cas.HijackSessionAuthenticationProvider; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.CookieValue; import org.springframework.web.bind.annotation.PostMapping; diff --git a/webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/cas/Authentication.java b/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/Authentication.java similarity index 97% rename from webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/cas/Authentication.java rename to src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/Authentication.java index 2ee9e069a..72bfae5ec 100644 --- a/webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/cas/Authentication.java +++ b/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/Authentication.java @@ -21,7 +21,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.hijacksession.cas; +package org.owasp.webgoat.lessons.hijacksession.cas; import java.security.Principal; diff --git a/webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/cas/AuthenticationProvider.java b/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/AuthenticationProvider.java similarity index 95% rename from webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/cas/AuthenticationProvider.java rename to src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/AuthenticationProvider.java index 0db7cf40d..9d5447296 100644 --- a/webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/cas/AuthenticationProvider.java +++ b/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/AuthenticationProvider.java @@ -21,7 +21,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.hijacksession.cas; +package org.owasp.webgoat.lessons.hijacksession.cas; import java.security.Principal; diff --git a/webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/cas/HijackSessionAuthenticationProvider.java b/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProvider.java similarity index 98% rename from webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/cas/HijackSessionAuthenticationProvider.java rename to src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProvider.java index 63ca046f6..b59720bfc 100644 --- a/webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/cas/HijackSessionAuthenticationProvider.java +++ b/src/main/java/org/owasp/webgoat/lessons/hijacksession/cas/HijackSessionAuthenticationProvider.java @@ -21,7 +21,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.hijacksession.cas; +package org.owasp.webgoat.lessons.hijacksession.cas; import java.time.Instant; import java.util.LinkedList; diff --git a/webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTampering.java b/src/main/java/org/owasp/webgoat/lessons/html_tampering/HtmlTampering.java similarity index 91% rename from webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTampering.java rename to src/main/java/org/owasp/webgoat/lessons/html_tampering/HtmlTampering.java index 5ed14b1e9..bb8ccdc68 100644 --- a/webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTampering.java +++ b/src/main/java/org/owasp/webgoat/lessons/html_tampering/HtmlTampering.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.html_tampering; +package org.owasp.webgoat.lessons.html_tampering; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTamperingTask.java b/src/main/java/org/owasp/webgoat/lessons/html_tampering/HtmlTamperingTask.java similarity index 88% rename from webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTamperingTask.java rename to src/main/java/org/owasp/webgoat/lessons/html_tampering/HtmlTamperingTask.java index 4f4a04f56..f552458ed 100644 --- a/webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTamperingTask.java +++ b/src/main/java/org/owasp/webgoat/lessons/html_tampering/HtmlTamperingTask.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.html_tampering; +package org.owasp.webgoat.lessons.html_tampering; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasics.java b/src/main/java/org/owasp/webgoat/lessons/http_basics/HttpBasics.java similarity index 90% rename from webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasics.java rename to src/main/java/org/owasp/webgoat/lessons/http_basics/HttpBasics.java index 37d98c08c..6fa81d761 100644 --- a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasics.java +++ b/src/main/java/org/owasp/webgoat/lessons/http_basics/HttpBasics.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.http_basics; +package org.owasp.webgoat.lessons.http_basics; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component diff --git a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsLesson.java b/src/main/java/org/owasp/webgoat/lessons/http_basics/HttpBasicsLesson.java similarity index 88% rename from webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsLesson.java rename to src/main/java/org/owasp/webgoat/lessons/http_basics/HttpBasicsLesson.java index 589636325..8906ddb41 100644 --- a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsLesson.java +++ b/src/main/java/org/owasp/webgoat/lessons/http_basics/HttpBasicsLesson.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.http_basics; +package org.owasp.webgoat.lessons.http_basics; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsQuiz.java b/src/main/java/org/owasp/webgoat/lessons/http_basics/HttpBasicsQuiz.java similarity index 87% rename from webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsQuiz.java rename to src/main/java/org/owasp/webgoat/lessons/http_basics/HttpBasicsQuiz.java index 8c9977fc2..5fea07748 100644 --- a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasicsQuiz.java +++ b/src/main/java/org/owasp/webgoat/lessons/http_basics/HttpBasicsQuiz.java @@ -20,12 +20,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.http_basics; +package org.owasp.webgoat.lessons.http_basics; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AssignmentPath; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AssignmentPath; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequest.java b/src/main/java/org/owasp/webgoat/lessons/http_proxies/HttpBasicsInterceptRequest.java similarity index 93% rename from webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequest.java rename to src/main/java/org/owasp/webgoat/lessons/http_proxies/HttpBasicsInterceptRequest.java index d6c8f0206..aac759c27 100644 --- a/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequest.java +++ b/src/main/java/org/owasp/webgoat/lessons/http_proxies/HttpBasicsInterceptRequest.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.http_proxies; +package org.owasp.webgoat.lessons.http_proxies; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.http.HttpMethod; import org.springframework.web.bind.annotation.RequestHeader; import org.springframework.web.bind.annotation.RequestMapping; diff --git a/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpProxies.java b/src/main/java/org/owasp/webgoat/lessons/http_proxies/HttpProxies.java similarity index 91% rename from webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpProxies.java rename to src/main/java/org/owasp/webgoat/lessons/http_proxies/HttpProxies.java index a8926bf30..b0f9e31cb 100644 --- a/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpProxies.java +++ b/src/main/java/org/owasp/webgoat/lessons/http_proxies/HttpProxies.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.http_proxies; +package org.owasp.webgoat.lessons.http_proxies; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOR.java b/src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java similarity index 91% rename from webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOR.java rename to src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java index a7a3e02e7..5672067aa 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOR.java +++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.idor; +package org.owasp.webgoat.lessons.idor; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORDiffAttributes.java b/src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java similarity index 90% rename from webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORDiffAttributes.java rename to src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java index d1d6d26c4..0b0dcca3d 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORDiffAttributes.java +++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDORDiffAttributes.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.idor; +package org.owasp.webgoat.lessons.idor; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java b/src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfiile.java similarity index 94% rename from webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java rename to src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfiile.java index ee00894ab..d142c5ec9 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java +++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDOREditOtherProfiile.java @@ -20,12 +20,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.idor; +package org.owasp.webgoat.lessons.idor; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.UserSessionData; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PutMapping; diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORLogin.java b/src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java similarity index 91% rename from webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORLogin.java rename to src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java index 813b16e87..89e3b139d 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORLogin.java +++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDORLogin.java @@ -20,12 +20,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.idor; +package org.owasp.webgoat.lessons.idor; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.UserSessionData; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.UserSessionData; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOtherProfile.java b/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java similarity index 91% rename from webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOtherProfile.java rename to src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java index d409ad26e..1710655fd 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOtherProfile.java +++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java @@ -20,12 +20,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.idor; +package org.owasp.webgoat.lessons.idor; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.UserSessionData; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java b/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfile.java similarity index 96% rename from webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java rename to src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfile.java index 6eedf0024..c4a4f0e9d 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfile.java +++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfile.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.idor; +package org.owasp.webgoat.lessons.idor; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.session.UserSessionData; +import org.owasp.webgoat.container.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfileAltUrl.java b/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java similarity index 90% rename from webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfileAltUrl.java rename to src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java index 0501a6c14..38a8ba5f0 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDORViewOwnProfileAltUrl.java +++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOwnProfileAltUrl.java @@ -20,13 +20,13 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.idor; +package org.owasp.webgoat.lessons.idor; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.UserSessionData; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java b/src/main/java/org/owasp/webgoat/lessons/idor/UserProfile.java similarity index 98% rename from webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java rename to src/main/java/org/owasp/webgoat/lessons/idor/UserProfile.java index bddde8c29..569119fcf 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java +++ b/src/main/java/org/owasp/webgoat/lessons/idor/UserProfile.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.idor; +package org.owasp.webgoat.lessons.idor; import java.util.HashMap; import java.util.Map; diff --git a/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLogin.java b/src/main/java/org/owasp/webgoat/lessons/insecure_login/InsecureLogin.java similarity index 91% rename from webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLogin.java rename to src/main/java/org/owasp/webgoat/lessons/insecure_login/InsecureLogin.java index 2d6acdb9b..ec8a29c58 100644 --- a/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLogin.java +++ b/src/main/java/org/owasp/webgoat/lessons/insecure_login/InsecureLogin.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.insecure_login; +package org.owasp.webgoat.lessons.insecure_login; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLoginTask.java b/src/main/java/org/owasp/webgoat/lessons/insecure_login/InsecureLoginTask.java similarity index 90% rename from webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLoginTask.java rename to src/main/java/org/owasp/webgoat/lessons/insecure_login/InsecureLoginTask.java index 2e9b7a26d..d14f565c7 100644 --- a/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLoginTask.java +++ b/src/main/java/org/owasp/webgoat/lessons/insecure_login/InsecureLoginTask.java @@ -20,15 +20,13 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.insecure_login; +package org.owasp.webgoat.lessons.insecure_login; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.http.HttpStatus; import org.springframework.web.bind.annotation.*; -import java.util.Map; - @RestController public class InsecureLoginTask extends AssignmentEndpoint { diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWT.java b/src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java similarity index 90% rename from webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWT.java rename to src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java index bc2100b61..31a84a4ad 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWT.java +++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.jwt; +package org.owasp.webgoat.lessons.jwt; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTDecodeEndpoint.java b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java similarity index 78% rename from webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTDecodeEndpoint.java rename to src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java index 63815d87a..0d2f06c6f 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTDecodeEndpoint.java +++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTDecodeEndpoint.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.jwt; +package org.owasp.webgoat.lessons.jwt; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java similarity index 93% rename from webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java rename to src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java index 1e1ffdec5..67d2a87b9 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java +++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java @@ -20,15 +20,15 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.jwt; +package org.owasp.webgoat.lessons.jwt; import io.jsonwebtoken.*; import io.jsonwebtoken.impl.TextCodec; import org.apache.commons.lang3.StringUtils; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.*; import java.sql.ResultSet; diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTQuiz.java b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java similarity index 89% rename from webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTQuiz.java rename to src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java index 0eebc255b..26f544cd4 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTQuiz.java +++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTQuiz.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.jwt; +package org.owasp.webgoat.lessons.jwt; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java similarity index 96% rename from webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java rename to src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java index 27ea4c610..675dcd449 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java +++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.jwt; +package org.owasp.webgoat.lessons.jwt; import io.jsonwebtoken.Claims; import io.jsonwebtoken.ExpiredJwtException; @@ -29,9 +29,9 @@ import io.jsonwebtoken.Jwt; import io.jsonwebtoken.JwtException; import io.jsonwebtoken.Jwts; import org.apache.commons.lang3.RandomStringUtils; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java similarity index 94% rename from webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java rename to src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java index 259b9d4aa..affa09cf1 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpoint.java +++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTSecretKeyEndpoint.java @@ -20,16 +20,16 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.jwt; +package org.owasp.webgoat.lessons.jwt; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwt; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.impl.TextCodec; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java similarity index 96% rename from webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java rename to src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java index b4384c8b9..1c71a1e47 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java +++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWTVotesEndpoint.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.jwt; +package org.owasp.webgoat.lessons.jwt; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwt; @@ -28,11 +28,11 @@ import io.jsonwebtoken.JwtException; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.impl.TextCodec; import org.apache.commons.lang3.StringUtils; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.jwt.votes.Views; -import org.owasp.webgoat.jwt.votes.Vote; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.lessons.jwt.votes.Views; +import org.owasp.webgoat.lessons.jwt.votes.Vote; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/votes/Views.java b/src/main/java/org/owasp/webgoat/lessons/jwt/votes/Views.java similarity index 78% rename from webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/votes/Views.java rename to src/main/java/org/owasp/webgoat/lessons/jwt/votes/Views.java index bd71a99d1..ced070830 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/votes/Views.java +++ b/src/main/java/org/owasp/webgoat/lessons/jwt/votes/Views.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.jwt.votes; +package org.owasp.webgoat.lessons.jwt.votes; /** * @author nbaars diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/votes/Vote.java b/src/main/java/org/owasp/webgoat/lessons/jwt/votes/Vote.java similarity index 98% rename from webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/votes/Vote.java rename to src/main/java/org/owasp/webgoat/lessons/jwt/votes/Vote.java index 3ec4bca7a..5e82bb362 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/votes/Vote.java +++ b/src/main/java/org/owasp/webgoat/lessons/jwt/votes/Vote.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.jwt.votes; +package org.owasp.webgoat.lessons.jwt.votes; import com.fasterxml.jackson.annotation.JsonView; import lombok.Getter; @@ -69,4 +69,4 @@ public class Vote { private long calculateStars(int totalVotes) { return Math.round(((double) numberOfVotes / (double) totalVotes) * 4); } -} \ No newline at end of file +} diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/LessonTemplate.java b/src/main/java/org/owasp/webgoat/lessons/lesson_template/LessonTemplate.java similarity index 89% rename from webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/LessonTemplate.java rename to src/main/java/org/owasp/webgoat/lessons/lesson_template/LessonTemplate.java index 7e6f201b9..100778bea 100644 --- a/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/LessonTemplate.java +++ b/src/main/java/org/owasp/webgoat/lessons/lesson_template/LessonTemplate.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.template; +package org.owasp.webgoat.lessons.lesson_template; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/SampleAttack.java b/src/main/java/org/owasp/webgoat/lessons/lesson_template/SampleAttack.java similarity index 92% rename from webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/SampleAttack.java rename to src/main/java/org/owasp/webgoat/lessons/lesson_template/SampleAttack.java index e72ceafe1..ed92f6634 100644 --- a/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/SampleAttack.java +++ b/src/main/java/org/owasp/webgoat/lessons/lesson_template/SampleAttack.java @@ -20,13 +20,13 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.template; +package org.owasp.webgoat.lessons.lesson_template; import lombok.AllArgsConstructor; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.UserSessionData; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; diff --git a/webgoat-lessons/logging/src/main/java/org/owasp/webgoat/logging/LogBleedingTask.java b/src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java similarity index 93% rename from webgoat-lessons/logging/src/main/java/org/owasp/webgoat/logging/LogBleedingTask.java rename to src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java index 3a0949218..54b1e6925 100644 --- a/webgoat-lessons/logging/src/main/java/org/owasp/webgoat/logging/LogBleedingTask.java +++ b/src/main/java/org/owasp/webgoat/lessons/logging/LogBleedingTask.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.logging; +package org.owasp.webgoat.lessons.logging; import org.apache.logging.log4j.util.Strings; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.web.bind.annotation.PostMapping; diff --git a/webgoat-lessons/logging/src/main/java/org/owasp/webgoat/logging/LogSpoofing.java b/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java similarity index 91% rename from webgoat-lessons/logging/src/main/java/org/owasp/webgoat/logging/LogSpoofing.java rename to src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java index ccf32eae6..eed7bea87 100644 --- a/webgoat-lessons/logging/src/main/java/org/owasp/webgoat/logging/LogSpoofing.java +++ b/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.logging; +package org.owasp.webgoat.lessons.logging; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/logging/src/main/java/org/owasp/webgoat/logging/LogSpoofingTask.java b/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java similarity index 92% rename from webgoat-lessons/logging/src/main/java/org/owasp/webgoat/logging/LogSpoofingTask.java rename to src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java index 193a5ab73..c521e12b5 100644 --- a/webgoat-lessons/logging/src/main/java/org/owasp/webgoat/logging/LogSpoofingTask.java +++ b/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofingTask.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.logging; +package org.owasp.webgoat.lessons.logging; import org.apache.logging.log4j.util.Strings; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java b/src/main/java/org/owasp/webgoat/lessons/missing_ac/DisplayUser.java similarity index 98% rename from webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java rename to src/main/java/org/owasp/webgoat/lessons/missing_ac/DisplayUser.java index bb07cf284..2bb2fe0c9 100644 --- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java +++ b/src/main/java/org/owasp/webgoat/lessons/missing_ac/DisplayUser.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.missing_ac; +package org.owasp.webgoat.lessons.missing_ac; import lombok.Getter; diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingAccessControlUserRepository.java b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingAccessControlUserRepository.java similarity index 94% rename from webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingAccessControlUserRepository.java rename to src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingAccessControlUserRepository.java index 51a6fe726..f42eeddc0 100644 --- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingAccessControlUserRepository.java +++ b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingAccessControlUserRepository.java @@ -1,6 +1,6 @@ -package org.owasp.webgoat.missing_ac; +package org.owasp.webgoat.lessons.missing_ac; -import org.owasp.webgoat.LessonDataSource; +import org.owasp.webgoat.container.LessonDataSource; import org.springframework.jdbc.core.RowMapper; import org.springframework.jdbc.core.namedparam.MapSqlParameterSource; import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate; diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionAC.java b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionAC.java similarity index 91% rename from webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionAC.java rename to src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionAC.java index 8a6900c9b..2992a9a69 100644 --- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionAC.java +++ b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionAC.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.missing_ac; +package org.owasp.webgoat.lessons.missing_ac; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenus.java b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACHiddenMenus.java similarity index 90% rename from webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenus.java rename to src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACHiddenMenus.java index d588da180..e07dbc961 100644 --- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACHiddenMenus.java +++ b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACHiddenMenus.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.missing_ac; +package org.owasp.webgoat.lessons.missing_ac; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACUsers.java similarity index 93% rename from webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java rename to src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACUsers.java index 64fb15015..c8052cada 100644 --- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java +++ b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACUsers.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.missing_ac; +package org.owasp.webgoat.lessons.missing_ac; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; @@ -38,8 +38,8 @@ import java.util.ArrayList; import java.util.List; import java.util.stream.Collectors; -import static org.owasp.webgoat.missing_ac.MissingFunctionAC.PASSWORD_SALT_ADMIN; -import static org.owasp.webgoat.missing_ac.MissingFunctionAC.PASSWORD_SALT_SIMPLE; +import static org.owasp.webgoat.lessons.missing_ac.MissingFunctionAC.PASSWORD_SALT_ADMIN; +import static org.owasp.webgoat.lessons.missing_ac.MissingFunctionAC.PASSWORD_SALT_SIMPLE; /** * Created by jason on 1/5/17. diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACYourHash.java b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACYourHash.java similarity index 86% rename from webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACYourHash.java rename to src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACYourHash.java index 41815d07f..1c5a7a279 100644 --- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACYourHash.java +++ b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACYourHash.java @@ -20,17 +20,17 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.missing_ac; +package org.owasp.webgoat.lessons.missing_ac; import lombok.RequiredArgsConstructor; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; -import static org.owasp.webgoat.missing_ac.MissingFunctionAC.PASSWORD_SALT_SIMPLE; +import static org.owasp.webgoat.lessons.missing_ac.MissingFunctionAC.PASSWORD_SALT_SIMPLE; @RestController @AssignmentHints({"access-control.hash.hint1", "access-control.hash.hint2", "access-control.hash.hint3", "access-control.hash.hint4", "access-control.hash.hint5"}) diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACYourHashAdmin.java b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACYourHashAdmin.java similarity index 88% rename from webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACYourHashAdmin.java rename to src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACYourHashAdmin.java index d0c03e070..8184a2f3e 100644 --- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACYourHashAdmin.java +++ b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACYourHashAdmin.java @@ -20,16 +20,16 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.missing_ac; +package org.owasp.webgoat.lessons.missing_ac; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; -import static org.owasp.webgoat.missing_ac.MissingFunctionAC.PASSWORD_SALT_ADMIN; +import static org.owasp.webgoat.lessons.missing_ac.MissingFunctionAC.PASSWORD_SALT_ADMIN; @RestController @AssignmentHints({"access-control.hash.hint6", "access-control.hash.hint7", diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/User.java b/src/main/java/org/owasp/webgoat/lessons/missing_ac/User.java similarity index 84% rename from webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/User.java rename to src/main/java/org/owasp/webgoat/lessons/missing_ac/User.java index 5025a7d82..a3a9be85b 100644 --- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/User.java +++ b/src/main/java/org/owasp/webgoat/lessons/missing_ac/User.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.missing_ac; +package org.owasp.webgoat.lessons.missing_ac; import lombok.AllArgsConstructor; import lombok.Data; diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/PasswordReset.java b/src/main/java/org/owasp/webgoat/lessons/password_reset/PasswordReset.java similarity index 89% rename from webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/PasswordReset.java rename to src/main/java/org/owasp/webgoat/lessons/password_reset/PasswordReset.java index 758e4630e..502140c32 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/PasswordReset.java +++ b/src/main/java/org/owasp/webgoat/lessons/password_reset/PasswordReset.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.password_reset; +package org.owasp.webgoat.lessons.password_reset; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/PasswordResetEmail.java b/src/main/java/org/owasp/webgoat/lessons/password_reset/PasswordResetEmail.java similarity index 96% rename from webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/PasswordResetEmail.java rename to src/main/java/org/owasp/webgoat/lessons/password_reset/PasswordResetEmail.java index 45271fe34..848e70683 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/PasswordResetEmail.java +++ b/src/main/java/org/owasp/webgoat/lessons/password_reset/PasswordResetEmail.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.password_reset; +package org.owasp.webgoat.lessons.password_reset; import lombok.Builder; import lombok.Data; @@ -37,4 +37,4 @@ public class PasswordResetEmail implements Serializable { private String sender; private String title; private String recipient; -} \ No newline at end of file +} diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/QuestionsAssignment.java b/src/main/java/org/owasp/webgoat/lessons/password_reset/QuestionsAssignment.java similarity index 93% rename from webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/QuestionsAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/password_reset/QuestionsAssignment.java index 72cd82cc5..1b698067e 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/QuestionsAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/password_reset/QuestionsAssignment.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.password_reset; +package org.owasp.webgoat.lessons.password_reset; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java b/src/main/java/org/owasp/webgoat/lessons/password_reset/ResetLinkAssignment.java similarity index 92% rename from webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/password_reset/ResetLinkAssignment.java index 7283f68aa..24078d78d 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/password_reset/ResetLinkAssignment.java @@ -20,13 +20,13 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.password_reset; +package org.owasp.webgoat.lessons.password_reset; -import com.beust.jcommander.internal.Maps; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.password_reset.resetlink.PasswordChangeForm; +import com.google.common.collect.Maps; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.lessons.password_reset.resetlink.PasswordChangeForm; import org.springframework.ui.Model; import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.GetMapping; @@ -120,7 +120,7 @@ public class ResetLinkAssignment extends AssignmentEndpoint { if (checkIfLinkIsFromTom(form.getResetLink())) { usersToTomPassword.put(getWebSession().getUserName(), form.getPassword()); } - modelAndView.setViewName("success"); + modelAndView.setViewName("lessons/password_reset/templates/success.html"); return modelAndView; } diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java b/src/main/java/org/owasp/webgoat/lessons/password_reset/ResetLinkAssignmentForgotPassword.java similarity index 96% rename from webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java rename to src/main/java/org/owasp/webgoat/lessons/password_reset/ResetLinkAssignmentForgotPassword.java index 54b95b21e..111753a09 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignmentForgotPassword.java +++ b/src/main/java/org/owasp/webgoat/lessons/password_reset/ResetLinkAssignmentForgotPassword.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.password_reset; +package org.owasp.webgoat.lessons.password_reset; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignment.java b/src/main/java/org/owasp/webgoat/lessons/password_reset/SecurityQuestionAssignment.java similarity index 96% rename from webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/password_reset/SecurityQuestionAssignment.java index 551a8f7b8..fd4b2d547 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/password_reset/SecurityQuestionAssignment.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.password_reset; +package org.owasp.webgoat.lessons.password_reset; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/SimpleMailAssignment.java b/src/main/java/org/owasp/webgoat/lessons/password_reset/SimpleMailAssignment.java similarity index 96% rename from webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/SimpleMailAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/password_reset/SimpleMailAssignment.java index 048f5e78c..83e56bcba 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/SimpleMailAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/password_reset/SimpleMailAssignment.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.password_reset; +package org.owasp.webgoat.lessons.password_reset; import org.apache.commons.lang3.StringUtils; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.PostMapping; diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/TriedQuestions.java b/src/main/java/org/owasp/webgoat/lessons/password_reset/TriedQuestions.java similarity index 96% rename from webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/TriedQuestions.java rename to src/main/java/org/owasp/webgoat/lessons/password_reset/TriedQuestions.java index c873328c7..69a8914dc 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/TriedQuestions.java +++ b/src/main/java/org/owasp/webgoat/lessons/password_reset/TriedQuestions.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.password_reset; +package org.owasp.webgoat.lessons.password_reset; import org.springframework.stereotype.Component; import org.springframework.web.context.annotation.SessionScope; diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/resetlink/PasswordChangeForm.java b/src/main/java/org/owasp/webgoat/lessons/password_reset/resetlink/PasswordChangeForm.java similarity index 84% rename from webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/resetlink/PasswordChangeForm.java rename to src/main/java/org/owasp/webgoat/lessons/password_reset/resetlink/PasswordChangeForm.java index d9ab5f71a..6ece727e3 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/resetlink/PasswordChangeForm.java +++ b/src/main/java/org/owasp/webgoat/lessons/password_reset/resetlink/PasswordChangeForm.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.password_reset.resetlink; +package org.owasp.webgoat.lessons.password_reset.resetlink; import lombok.Getter; import lombok.Setter; diff --git a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/PathTraversal.java b/src/main/java/org/owasp/webgoat/lessons/path_traversal/PathTraversal.java similarity index 89% rename from webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/PathTraversal.java rename to src/main/java/org/owasp/webgoat/lessons/path_traversal/PathTraversal.java index 2a991bf2f..4cacd14cd 100644 --- a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/PathTraversal.java +++ b/src/main/java/org/owasp/webgoat/lessons/path_traversal/PathTraversal.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.path_traversal; +package org.owasp.webgoat.lessons.path_traversal; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component diff --git a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUpload.java b/src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUpload.java similarity index 86% rename from webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUpload.java rename to src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUpload.java index 67eac2277..eaaff7963 100644 --- a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUpload.java +++ b/src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUpload.java @@ -1,8 +1,8 @@ -package org.owasp.webgoat.path_traversal; +package org.owasp.webgoat.lessons.path_traversal; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.GetMapping; diff --git a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java b/src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUploadBase.java similarity index 93% rename from webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java rename to src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUploadBase.java index 08923181e..639e9eca7 100644 --- a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadBase.java +++ b/src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUploadBase.java @@ -1,11 +1,11 @@ -package org.owasp.webgoat.path_traversal; +package org.owasp.webgoat.lessons.path_traversal; import lombok.AllArgsConstructor; import lombok.Getter; import lombok.SneakyThrows; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.util.FileCopyUtils; @@ -16,9 +16,7 @@ import org.springframework.web.multipart.MultipartFile; import java.io.File; import java.io.FileInputStream; import java.io.IOException; -import java.util.Arrays; import java.util.Base64; -import java.util.Comparator; @AllArgsConstructor @Getter diff --git a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadFix.java b/src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUploadFix.java similarity index 87% rename from webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadFix.java rename to src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUploadFix.java index f828dbfb1..da7214377 100644 --- a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadFix.java +++ b/src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUploadFix.java @@ -1,8 +1,8 @@ -package org.owasp.webgoat.path_traversal; +package org.owasp.webgoat.lessons.path_traversal; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.GetMapping; diff --git a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInput.java b/src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUploadRemoveUserInput.java similarity index 84% rename from webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInput.java rename to src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUploadRemoveUserInput.java index 9a892d6b5..ecfcc46fe 100644 --- a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRemoveUserInput.java +++ b/src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUploadRemoveUserInput.java @@ -1,8 +1,8 @@ -package org.owasp.webgoat.path_traversal; +package org.owasp.webgoat.lessons.path_traversal; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrieval.java b/src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUploadRetrieval.java similarity index 92% rename from webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrieval.java rename to src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUploadRetrieval.java index 611798951..247b07425 100644 --- a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileUploadRetrieval.java +++ b/src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileUploadRetrieval.java @@ -1,10 +1,10 @@ -package org.owasp.webgoat.path_traversal; +package org.owasp.webgoat.lessons.path_traversal; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.RandomUtils; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.beans.factory.annotation.Value; import org.springframework.core.io.ClassPathResource; import org.springframework.http.HttpStatus; @@ -51,7 +51,7 @@ public class ProfileUploadRetrieval extends AssignmentEndpoint { @PostConstruct public void initAssignment() { for (int i = 1; i <= 10; i++) { - try (InputStream is = new ClassPathResource("images/cats/" + i + ".jpg").getInputStream()) { + try (InputStream is = new ClassPathResource("lessons/path_traversal/images/cats/" + i + ".jpg").getInputStream()) { FileCopyUtils.copy(is, new FileOutputStream(new File(catPicturesDirectory, i + ".jpg"))); } catch (Exception e) { log.error("Unable to copy pictures" + e.getMessage()); diff --git a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java b/src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileZipSlip.java similarity index 93% rename from webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java rename to src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileZipSlip.java index e119a1f4e..e1ea60fe8 100644 --- a/webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java +++ b/src/main/java/org/owasp/webgoat/lessons/path_traversal/ProfileZipSlip.java @@ -1,9 +1,9 @@ -package org.owasp.webgoat.path_traversal; +package org.owasp.webgoat.lessons.path_traversal; import lombok.SneakyThrows; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.WebSession; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.ResponseEntity; import org.springframework.util.FileCopyUtils; diff --git a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswords.java b/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswords.java similarity index 90% rename from webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswords.java rename to src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswords.java index ec19fb832..872c7c027 100644 --- a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswords.java +++ b/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswords.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.secure_password; +package org.owasp.webgoat.lessons.secure_passwords; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java b/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswordsAssignment.java similarity index 96% rename from webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswordsAssignment.java index d484ce8e7..ac8ba7f1f 100644 --- a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswordsAssignment.java @@ -20,12 +20,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.secure_password; +package org.owasp.webgoat.lessons.secure_passwords; import com.nulabinc.zxcvbn.Strength; import com.nulabinc.zxcvbn.Zxcvbn; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookie.java b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java similarity index 90% rename from webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookie.java rename to src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java index 41382a4d0..fa8f1c946 100644 --- a/webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookie.java +++ b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.spoofcookie; +package org.owasp.webgoat.lessons.spoofcookie; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /*** diff --git a/webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java similarity index 95% rename from webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java index 2f7fd4a26..b9af34d24 100644 --- a/webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookieAssignment.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.spoofcookie; +package org.owasp.webgoat.lessons.spoofcookie; import java.util.Map; @@ -28,9 +28,9 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.spoofcookie.encoders.EncDec; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.lessons.spoofcookie.encoders.EncDec; import org.springframework.web.bind.UnsatisfiedServletRequestParameterException; import org.springframework.web.bind.annotation.CookieValue; import org.springframework.web.bind.annotation.ExceptionHandler; diff --git a/webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/encoders/EncDec.java b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDec.java similarity index 98% rename from webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/encoders/EncDec.java rename to src/main/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDec.java index 71ffc8b3d..8f933db3a 100644 --- a/webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/encoders/EncDec.java +++ b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/encoders/EncDec.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.spoofcookie.encoders; +package org.owasp.webgoat.lessons.spoofcookie.encoders; import java.nio.charset.StandardCharsets; import java.util.Base64; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionAdvanced.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionAdvanced.java similarity index 89% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionAdvanced.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionAdvanced.java index 2b195b6ae..a29241eaf 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionAdvanced.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionAdvanced.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.advanced; +package org.owasp.webgoat.lessons.sql_injection.advanced; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallenge.java similarity index 93% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallenge.java index 327a1c59e..1acc9f538 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallenge.java @@ -20,13 +20,13 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.advanced; +package org.owasp.webgoat.lessons.sql_injection.advanced; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.PutMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallengeLogin.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallengeLogin.java similarity index 89% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallengeLogin.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallengeLogin.java index ac6d45a16..766b8222c 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallengeLogin.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallengeLogin.java @@ -20,12 +20,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.advanced; +package org.owasp.webgoat.lessons.sql_injection.advanced; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java similarity index 92% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java index 958686576..819b460fe 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java @@ -20,13 +20,13 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.advanced; +package org.owasp.webgoat.lessons.sql_injection.advanced; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.sql_injection.introduction.SqlInjectionLesson5a; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.lessons.sql_injection.introduction.SqlInjectionLesson5a; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; @@ -96,4 +96,4 @@ public class SqlInjectionLesson6a extends AssignmentEndpoint { return failed(this).output(this.getClass().getName() + " : " + e.getMessage() + "
Your query was: " + query).build(); } } -} \ No newline at end of file +} diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6b.java similarity index 92% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6b.java index 5d78368a9..b8e8cc97b 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6b.java @@ -21,11 +21,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.advanced; +package org.owasp.webgoat.lessons.sql_injection.advanced; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionQuiz.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionQuiz.java similarity index 94% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionQuiz.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionQuiz.java index 49ec417b8..55255de97 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionQuiz.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionQuiz.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.advanced; +package org.owasp.webgoat.lessons.sql_injection.advanced; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjection.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjection.java similarity index 89% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjection.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjection.java index 9aed4181f..459079ed6 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjection.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjection.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.introduction; +package org.owasp.webgoat.lessons.sql_injection.introduction; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java similarity index 93% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java index 79a615153..a4b5e94ab 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java @@ -21,12 +21,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.introduction; +package org.owasp.webgoat.lessons.sql_injection.introduction; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java similarity index 90% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java index 956684721..9bc3a335d 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java @@ -21,12 +21,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.introduction; +package org.owasp.webgoat.lessons.sql_injection.introduction; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java similarity index 91% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java index ba99b21d9..eba5c2f98 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java @@ -21,12 +21,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.introduction; +package org.owasp.webgoat.lessons.sql_injection.introduction; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java similarity index 91% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java index d94baac79..42ef23b84 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java @@ -21,12 +21,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.introduction; +package org.owasp.webgoat.lessons.sql_injection.introduction; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5.java similarity index 91% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5.java index 970209122..827900369 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5.java @@ -21,12 +21,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.introduction; +package org.owasp.webgoat.lessons.sql_injection.introduction; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; @@ -63,6 +63,7 @@ public class SqlInjectionLesson5 extends AssignmentEndpoint { @PostMapping("/SqlInjection/attack5") @ResponseBody public AttackResult completed(String query) { + createUser(); return injectableQuery(query); } diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java similarity index 94% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java index c16d716d5..c600c6389 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java @@ -20,12 +20,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.introduction; +package org.owasp.webgoat.lessons.sql_injection.introduction; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; @@ -117,4 +117,4 @@ public class SqlInjectionLesson5a extends AssignmentEndpoint { t.append("

"); return (t.toString()); } -} \ No newline at end of file +} diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java similarity index 93% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java index 7b0f7effa..fc1b37a72 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java @@ -20,12 +20,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.introduction; +package org.owasp.webgoat.lessons.sql_injection.introduction; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; @@ -95,4 +95,4 @@ public class SqlInjectionLesson5b extends AssignmentEndpoint { return failed(this).output(this.getClass().getName() + " : " + e.getMessage() + "
Your query was: " + queryString.replace("?", login_count)).build(); } } -} \ No newline at end of file +} diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java similarity index 94% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java index ac3a9c230..949ba155e 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java @@ -21,12 +21,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.introduction; +package org.owasp.webgoat.lessons.sql_injection.introduction; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java similarity index 93% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java index dddb8555a..77dab2cea 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java @@ -21,12 +21,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.introduction; +package org.owasp.webgoat.lessons.sql_injection.introduction; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/Servers.java similarity index 67% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/Servers.java index c3d952247..43e290e10 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/Servers.java @@ -20,18 +20,19 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.mitigation; +package org.owasp.webgoat.lessons.sql_injection.mitigation; import lombok.AllArgsConstructor; import lombok.Getter; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.LessonDataSource; +import org.owasp.webgoat.container.LessonDataSource; import org.springframework.http.MediaType; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; -import java.sql.Connection; -import java.sql.PreparedStatement; -import java.sql.ResultSet; import java.util.ArrayList; import java.util.List; @@ -67,12 +68,14 @@ public class Servers { public List sort(@RequestParam String column) throws Exception { List servers = new ArrayList<>(); - try (Connection connection = dataSource.getConnection(); - PreparedStatement preparedStatement = connection.prepareStatement("select id, hostname, ip, mac, status, description from servers where status <> 'out of order' order by " + column)) { - ResultSet rs = preparedStatement.executeQuery(); - while (rs.next()) { - Server server = new Server(rs.getString(1), rs.getString(2), rs.getString(3), rs.getString(4), rs.getString(5), rs.getString(6)); - servers.add(server); + try (var connection = dataSource.getConnection()) { + try (var statement = connection.prepareStatement("select id, hostname, ip, mac, status, description from SERVERS where status <> 'out of order' order by " + column)) { + try (var rs = statement.executeQuery()) { + while (rs.next()) { + Server server = new Server(rs.getString(1), rs.getString(2), rs.getString(3), rs.getString(4), rs.getString(5), rs.getString(6)); + servers.add(server); + } + } } } return servers; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10a.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionLesson10a.java similarity index 90% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10a.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionLesson10a.java index d590e88f3..9758f061b 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10a.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionLesson10a.java @@ -20,12 +20,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.mitigation; +package org.owasp.webgoat.lessons.sql_injection.mitigation; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10b.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionLesson10b.java similarity index 96% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10b.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionLesson10b.java index ef608e669..b8aedf8d4 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson10b.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionLesson10b.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.mitigation; +package org.owasp.webgoat.lessons.sql_injection.mitigation; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionLesson13.java similarity index 89% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionLesson13.java index bf3d9d568..9c5c733f8 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson13.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionLesson13.java @@ -20,13 +20,13 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.mitigation; +package org.owasp.webgoat.lessons.sql_injection.mitigation; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.LessonDataSource; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.LessonDataSource; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; @@ -65,4 +65,4 @@ public class SqlInjectionLesson13 extends AssignmentEndpoint { return (failed(this).build()); } } -} \ No newline at end of file +} diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionMitigations.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionMitigations.java similarity index 89% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionMitigations.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionMitigations.java index c69721f17..08ebb39d6 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionMitigations.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionMitigations.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.mitigation; +package org.owasp.webgoat.lessons.sql_injection.mitigation; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidation.java similarity index 86% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidation.java index 0bfa5baf3..02720313b 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidation.java @@ -21,12 +21,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.mitigation; +package org.owasp.webgoat.lessons.sql_injection.mitigation; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.lessons.sql_injection.advanced.SqlInjectionLesson6a; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java similarity index 87% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java rename to src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java index c6015ada9..89285cb2a 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java @@ -21,12 +21,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.sql_injection.mitigation; +package org.owasp.webgoat.lessons.sql_injection.mitigation; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.sql_injection.advanced.SqlInjectionLesson6a; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.lessons.sql_injection.advanced.SqlInjectionLesson6a; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRF.java b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java similarity index 91% rename from webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRF.java rename to src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java index 6880eee38..ac318d3e6 100644 --- a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRF.java +++ b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.ssrf; +package org.owasp.webgoat.lessons.ssrf; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask1.java b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java similarity index 92% rename from webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask1.java rename to src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java index 171568c02..5b797db24 100644 --- a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask1.java +++ b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask1.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.ssrf; +package org.owasp.webgoat.lessons.ssrf; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java similarity index 92% rename from webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java rename to src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java index f0415676e..4dd4f2759 100644 --- a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java +++ b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.ssrf; +package org.owasp.webgoat.lessons.ssrf; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/Contact.java b/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/Contact.java similarity index 95% rename from webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/Contact.java rename to src/main/java/org/owasp/webgoat/lessons/vulnerable_components/Contact.java index e02915781..6de35f8ef 100644 --- a/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/Contact.java +++ b/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/Contact.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.vulnerable_components; +package org.owasp.webgoat.lessons.vulnerable_components; public interface Contact { @@ -32,4 +32,4 @@ public interface Contact { public void setLastName(String lastName); public String getEmail(); public void setEmail(String email); -} \ No newline at end of file +} diff --git a/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/ContactImpl.java b/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/ContactImpl.java similarity index 95% rename from webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/ContactImpl.java rename to src/main/java/org/owasp/webgoat/lessons/vulnerable_components/ContactImpl.java index 951c2f678..586bad23a 100644 --- a/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/ContactImpl.java +++ b/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/ContactImpl.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.vulnerable_components; +package org.owasp.webgoat.lessons.vulnerable_components; import lombok.Data; @@ -32,4 +32,4 @@ public class ContactImpl implements Contact { private String lastName; private String email; -} \ No newline at end of file +} diff --git a/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponents.java b/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponents.java similarity index 89% rename from webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponents.java rename to src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponents.java index 384cf4ba7..0d444f9aa 100644 --- a/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponents.java +++ b/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponents.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.vulnerable_components; +package org.owasp.webgoat.lessons.vulnerable_components; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component diff --git a/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLesson.java b/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponentsLesson.java similarity index 74% rename from webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLesson.java rename to src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponentsLesson.java index fad32a00d..c5598c0e6 100644 --- a/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLesson.java +++ b/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponentsLesson.java @@ -20,13 +20,13 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.vulnerable_components; +package org.owasp.webgoat.lessons.vulnerable_components; import com.thoughtworks.xstream.XStream; import org.apache.commons.lang3.StringUtils; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; @@ -44,25 +44,25 @@ public class VulnerableComponentsLesson extends AssignmentEndpoint { xstream.alias("contact", ContactImpl.class); xstream.ignoreUnknownElements(); Contact contact = null; - + try { - if (!StringUtils.isEmpty(payload)) { - payload = payload.replace("+", "").replace("\r", "").replace("\n", "").replace("> ", ">").replace(" <", "<"); - } + if (!StringUtils.isEmpty(payload)) { + payload = payload.replace("+", "").replace("\r", "").replace("\n", "").replace("> ", ">").replace(" <", "<"); + } contact = (Contact) xstream.fromXML(payload); } catch (Exception ex) { return failed(this).feedback("vulnerable-components.close").output(ex.getMessage()).build(); } - + try { - if (null!=contact) { - contact.getFirstName();//trigger the example like https://x-stream.github.io/CVE-2013-7285.html - } + if (null != contact) { + contact.getFirstName();//trigger the example like https://x-stream.github.io/CVE-2013-7285.html + } if (!(contact instanceof ContactImpl)) { - return success(this).feedback("vulnerable-components.success").build(); + return success(this).feedback("vulnerable-components.success").build(); } } catch (Exception e) { - return success(this).feedback("vulnerable-components.success").output(e.getMessage()).build(); + return success(this).feedback("vulnerable-components.success").output(e.getMessage()).build(); } return failed(this).feedback("vulnerable-components.fromXML").feedbackArgs(contact).build(); } diff --git a/webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/introduction/WebGoatIntroduction.java b/src/main/java/org/owasp/webgoat/lessons/webgoat_introduction/WebGoatIntroduction.java similarity index 90% rename from webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/introduction/WebGoatIntroduction.java rename to src/main/java/org/owasp/webgoat/lessons/webgoat_introduction/WebGoatIntroduction.java index e4d77e67d..6f726d9f2 100644 --- a/webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/introduction/WebGoatIntroduction.java +++ b/src/main/java/org/owasp/webgoat/lessons/webgoat_introduction/WebGoatIntroduction.java @@ -1,7 +1,7 @@ -package org.owasp.webgoat.introduction; +package org.owasp.webgoat.lessons.webgoat_introduction; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; /** diff --git a/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/Email.java b/src/main/java/org/owasp/webgoat/lessons/webwolf_introduction/Email.java similarity index 81% rename from webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/Email.java rename to src/main/java/org/owasp/webgoat/lessons/webwolf_introduction/Email.java index 4f7cc1056..56e33fa7c 100644 --- a/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/Email.java +++ b/src/main/java/org/owasp/webgoat/lessons/webwolf_introduction/Email.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.webwolf_introduction; +package org.owasp.webgoat.lessons.webwolf_introduction; import lombok.Builder; import lombok.Data; @@ -13,4 +13,4 @@ public class Email implements Serializable { private String sender; private String title; private String recipient; -} \ No newline at end of file +} diff --git a/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/LandingAssignment.java b/src/main/java/org/owasp/webgoat/lessons/webwolf_introduction/LandingAssignment.java similarity index 89% rename from webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/LandingAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/webwolf_introduction/LandingAssignment.java index c1477bdc2..19a09a3ad 100644 --- a/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/LandingAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/webwolf_introduction/LandingAssignment.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.webwolf_introduction; +package org.owasp.webgoat.lessons.webwolf_introduction; import org.apache.commons.lang3.StringUtils; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; @@ -63,7 +63,7 @@ public class LandingAssignment extends AssignmentEndpoint { modelAndView.addObject("webwolfUrl", landingPageUrl); modelAndView.addObject("uniqueCode", StringUtils.reverse(getWebSession().getUserName())); - modelAndView.setViewName("webwolfPasswordReset"); + modelAndView.setViewName("lessons/webwolf_introduction/templates/webwolfPasswordReset.html"); return modelAndView; } } diff --git a/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/MailAssignment.java b/src/main/java/org/owasp/webgoat/lessons/webwolf_introduction/MailAssignment.java similarity index 94% rename from webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/MailAssignment.java rename to src/main/java/org/owasp/webgoat/lessons/webwolf_introduction/MailAssignment.java index dd5967aa6..4d7af9279 100644 --- a/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/MailAssignment.java +++ b/src/main/java/org/owasp/webgoat/lessons/webwolf_introduction/MailAssignment.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.webwolf_introduction; +package org.owasp.webgoat.lessons.webwolf_introduction; import org.apache.commons.lang3.StringUtils; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/WebWolfIntroduction.java b/src/main/java/org/owasp/webgoat/lessons/webwolf_introduction/WebWolfIntroduction.java similarity index 89% rename from webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/WebWolfIntroduction.java rename to src/main/java/org/owasp/webgoat/lessons/webwolf_introduction/WebWolfIntroduction.java index a37b35ef2..818222e3b 100644 --- a/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/WebWolfIntroduction.java +++ b/src/main/java/org/owasp/webgoat/lessons/webwolf_introduction/WebWolfIntroduction.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.webwolf_introduction; +package org.owasp.webgoat.lessons.webwolf_introduction; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/Comment.java b/src/main/java/org/owasp/webgoat/lessons/xss/Comment.java similarity index 90% rename from webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/Comment.java rename to src/main/java/org/owasp/webgoat/lessons/xss/Comment.java index ea1f323f0..eea482a34 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/Comment.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/Comment.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.xss; +package org.owasp.webgoat.lessons.xss; import lombok.AllArgsConstructor; import lombok.Getter; diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScripting.java b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java similarity index 90% rename from webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScripting.java rename to src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java index 898d13838..ca0f14c0a 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScripting.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.xss; +package org.owasp.webgoat.lessons.xss; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; import org.springframework.stereotype.Component; @Component diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson1.java b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java similarity index 91% rename from webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson1.java rename to src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java index f9141c93d..c6326eb97 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson1.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson1.java @@ -21,10 +21,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.xss; +package org.owasp.webgoat.lessons.xss; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson3.java b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java similarity index 93% rename from webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson3.java rename to src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java index 41bcec5a2..b5a643e73 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson3.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java @@ -20,13 +20,13 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.xss; +package org.owasp.webgoat.lessons.xss; import org.jsoup.Jsoup; import org.jsoup.nodes.Document; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson4.java b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java similarity index 91% rename from webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson4.java rename to src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java index 7b4ef5b9d..d6df6b1fc 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson4.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java @@ -20,12 +20,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.xss; +package org.owasp.webgoat.lessons.xss; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson5a.java b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java similarity index 93% rename from webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson5a.java rename to src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java index b12fc0e2b..6c679c819 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson5a.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson5a.java @@ -21,12 +21,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.xss; +package org.owasp.webgoat.lessons.xss; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.UserSessionData; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson6a.java b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java similarity index 87% rename from webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson6a.java rename to src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java index a61a53034..ce8f2f620 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingLesson6a.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson6a.java @@ -21,12 +21,12 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.xss; +package org.owasp.webgoat.lessons.xss; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentHints; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.UserSessionData; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AssignmentHints; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.UserSessionData; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/mitigation/CrossSiteScriptingMitigation.java b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java similarity index 90% rename from webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/mitigation/CrossSiteScriptingMitigation.java rename to src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java index bb421d4e2..dba6c36d0 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/mitigation/CrossSiteScriptingMitigation.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.xss.mitigation; +package org.owasp.webgoat.lessons.xss; -import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.Lesson; +import org.owasp.webgoat.container.lessons.Category; +import org.owasp.webgoat.container.lessons.Lesson; public class CrossSiteScriptingMitigation extends Lesson { @Override diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingQuiz.java b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java similarity index 94% rename from webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingQuiz.java rename to src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java index ecba00272..7612f559a 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingQuiz.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingQuiz.java @@ -20,10 +20,10 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.xss; +package org.owasp.webgoat.lessons.xss; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/DOMCrossSiteScripting.java b/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java similarity index 90% rename from webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/DOMCrossSiteScripting.java rename to src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java index 58f8e46bc..e5e28b94b 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/DOMCrossSiteScripting.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/DOMCrossSiteScripting.java @@ -20,11 +20,11 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.xss; +package org.owasp.webgoat.lessons.xss; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.session.UserSessionData; +import org.owasp.webgoat.container.assignments.AssignmentEndpoint; +import org.owasp.webgoat.container.assignments.AttackResult; +import org.owasp.webgoat.container.session.UserSessionData; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; @@ -52,4 +52,4 @@ public class DOMCrossSiteScripting extends AssignmentEndpoint { } } // something like ... http://localhost:8080/WebGoat/start.mvc#test/testParam=foobar&_someVar=234902384lotslsfjdOf9889080GarbageHere%3Cscript%3Ewebgoat.customjs.phoneHome();%3C%2Fscript%3E--andMoreGarbageHere -// or http://localhost:8080/WebGoat/start.mvc#test/testParam=foobar&_someVar=234902384lotslsfjdOf9889080GarbageHere
@@ -120,4 +120,4 @@
- \ No newline at end of file + diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge7.html b/src/main/resources/lessons/challenges/html/Challenge7.html similarity index 97% rename from webgoat-lessons/challenge/src/main/resources/html/Challenge7.html rename to src/main/resources/lessons/challenges/html/Challenge7.html index 0bf8601fb..dec4331b1 100644 --- a/webgoat-lessons/challenge/src/main/resources/html/Challenge7.html +++ b/src/main/resources/lessons/challenges/html/Challenge7.html @@ -12,7 +12,7 @@ f94008f801fceb8833a30fe56a8b26976347edcf First version of WebGoat Cloud website
-
+
@@ -78,4 +78,4 @@ f94008f801fceb8833a30fe56a8b26976347edcf First version of WebGoat Cloud website
- \ No newline at end of file + diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge8.html b/src/main/resources/lessons/challenges/html/Challenge8.html similarity index 99% rename from webgoat-lessons/challenge/src/main/resources/html/Challenge8.html rename to src/main/resources/lessons/challenges/html/Challenge8.html index efaed5c85..989977d2d 100644 --- a/webgoat-lessons/challenge/src/main/resources/html/Challenge8.html +++ b/src/main/resources/lessons/challenges/html/Challenge8.html @@ -3,7 +3,7 @@
-
+
@@ -252,4 +252,4 @@
- \ No newline at end of file + diff --git a/webgoat-lessons/challenge/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/challenges/i18n/WebGoatLabels.properties similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/i18n/WebGoatLabels.properties rename to src/main/resources/lessons/challenges/i18n/WebGoatLabels.properties diff --git a/webgoat-lessons/challenge/src/main/resources/images/avatar1.png b/src/main/resources/lessons/challenges/images/avatar1.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/avatar1.png rename to src/main/resources/lessons/challenges/images/avatar1.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/boss.jpg b/src/main/resources/lessons/challenges/images/boss.jpg similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/boss.jpg rename to src/main/resources/lessons/challenges/images/boss.jpg diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge1-small.png b/src/main/resources/lessons/challenges/images/challenge1-small.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/challenge1-small.png rename to src/main/resources/lessons/challenges/images/challenge1-small.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge1.png b/src/main/resources/lessons/challenges/images/challenge1.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/challenge1.png rename to src/main/resources/lessons/challenges/images/challenge1.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge2-small.png b/src/main/resources/lessons/challenges/images/challenge2-small.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/challenge2-small.png rename to src/main/resources/lessons/challenges/images/challenge2-small.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge2.png b/src/main/resources/lessons/challenges/images/challenge2.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/challenge2.png rename to src/main/resources/lessons/challenges/images/challenge2.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge3-small.png b/src/main/resources/lessons/challenges/images/challenge3-small.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/challenge3-small.png rename to src/main/resources/lessons/challenges/images/challenge3-small.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge3.png b/src/main/resources/lessons/challenges/images/challenge3.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/challenge3.png rename to src/main/resources/lessons/challenges/images/challenge3.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge4-small.png b/src/main/resources/lessons/challenges/images/challenge4-small.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/challenge4-small.png rename to src/main/resources/lessons/challenges/images/challenge4-small.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge4.png b/src/main/resources/lessons/challenges/images/challenge4.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/challenge4.png rename to src/main/resources/lessons/challenges/images/challenge4.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge5-small.png b/src/main/resources/lessons/challenges/images/challenge5-small.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/challenge5-small.png rename to src/main/resources/lessons/challenges/images/challenge5-small.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/challenge5.png b/src/main/resources/lessons/challenges/images/challenge5.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/challenge5.png rename to src/main/resources/lessons/challenges/images/challenge5.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/hi-five-cat.jpg b/src/main/resources/lessons/challenges/images/hi-five-cat.jpg similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/hi-five-cat.jpg rename to src/main/resources/lessons/challenges/images/hi-five-cat.jpg diff --git a/webgoat-lessons/challenge/src/main/resources/images/user1.png b/src/main/resources/lessons/challenges/images/user1.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/user1.png rename to src/main/resources/lessons/challenges/images/user1.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/user2.png b/src/main/resources/lessons/challenges/images/user2.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/user2.png rename to src/main/resources/lessons/challenges/images/user2.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/user3.png b/src/main/resources/lessons/challenges/images/user3.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/user3.png rename to src/main/resources/lessons/challenges/images/user3.png diff --git a/webgoat-lessons/challenge/src/main/resources/images/webgoat2.png b/src/main/resources/lessons/challenges/images/webgoat2.png similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/images/webgoat2.png rename to src/main/resources/lessons/challenges/images/webgoat2.png diff --git a/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js b/src/main/resources/lessons/challenges/js/bootstrap.min.js similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js rename to src/main/resources/lessons/challenges/js/bootstrap.min.js diff --git a/webgoat-lessons/challenge/src/main/resources/js/challenge6.js b/src/main/resources/lessons/challenges/js/challenge6.js similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/js/challenge6.js rename to src/main/resources/lessons/challenges/js/challenge6.js diff --git a/webgoat-lessons/challenge/src/main/resources/js/challenge8.js b/src/main/resources/lessons/challenges/js/challenge8.js similarity index 100% rename from webgoat-lessons/challenge/src/main/resources/js/challenge8.js rename to src/main/resources/lessons/challenges/js/challenge8.js diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_Assignment.adoc b/src/main/resources/lessons/chrome_dev_tools/documentation/ChromeDevTools_Assignment.adoc similarity index 100% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_Assignment.adoc rename to src/main/resources/lessons/chrome_dev_tools/documentation/ChromeDevTools_Assignment.adoc diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_Assignment_Network.adoc b/src/main/resources/lessons/chrome_dev_tools/documentation/ChromeDevTools_Assignment_Network.adoc similarity index 100% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_Assignment_Network.adoc rename to src/main/resources/lessons/chrome_dev_tools/documentation/ChromeDevTools_Assignment_Network.adoc diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_console.adoc b/src/main/resources/lessons/chrome_dev_tools/documentation/ChromeDevTools_console.adoc similarity index 100% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_console.adoc rename to src/main/resources/lessons/chrome_dev_tools/documentation/ChromeDevTools_console.adoc diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_elements.adoc b/src/main/resources/lessons/chrome_dev_tools/documentation/ChromeDevTools_elements.adoc similarity index 100% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_elements.adoc rename to src/main/resources/lessons/chrome_dev_tools/documentation/ChromeDevTools_elements.adoc diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_intro.adoc b/src/main/resources/lessons/chrome_dev_tools/documentation/ChromeDevTools_intro.adoc similarity index 100% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_intro.adoc rename to src/main/resources/lessons/chrome_dev_tools/documentation/ChromeDevTools_intro.adoc diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_sources.adoc b/src/main/resources/lessons/chrome_dev_tools/documentation/ChromeDevTools_sources.adoc similarity index 100% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/lessonPlans/en/ChromeDevTools_sources.adoc rename to src/main/resources/lessons/chrome_dev_tools/documentation/ChromeDevTools_sources.adoc diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/html/ChromeDevTools.html b/src/main/resources/lessons/chrome_dev_tools/html/ChromeDevTools.html similarity index 78% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/html/ChromeDevTools.html rename to src/main/resources/lessons/chrome_dev_tools/html/ChromeDevTools.html index 9102a5f3e..db4506fa0 100644 --- a/webgoat-lessons/chrome-dev-tools/src/main/resources/html/ChromeDevTools.html +++ b/src/main/resources/lessons/chrome_dev_tools/html/ChromeDevTools.html @@ -4,22 +4,22 @@
-
+
-
+
-
+
-
+
-
+
-
+
- \ No newline at end of file + diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/chrome_dev_tools/i18n/WebGoatLabels.properties similarity index 100% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/i18n/WebGoatLabels.properties rename to src/main/resources/lessons/chrome_dev_tools/i18n/WebGoatLabels.properties diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/images/ChromeDev_Console_Clear.jpg b/src/main/resources/lessons/chrome_dev_tools/images/ChromeDev_Console_Clear.jpg similarity index 100% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/images/ChromeDev_Console_Clear.jpg rename to src/main/resources/lessons/chrome_dev_tools/images/ChromeDev_Console_Clear.jpg diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/images/ChromeDev_Console_Ex.jpg b/src/main/resources/lessons/chrome_dev_tools/images/ChromeDev_Console_Ex.jpg similarity index 100% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/images/ChromeDev_Console_Ex.jpg rename to src/main/resources/lessons/chrome_dev_tools/images/ChromeDev_Console_Ex.jpg diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/images/ChromeDev_Elements.jpg b/src/main/resources/lessons/chrome_dev_tools/images/ChromeDev_Elements.jpg similarity index 100% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/images/ChromeDev_Elements.jpg rename to src/main/resources/lessons/chrome_dev_tools/images/ChromeDev_Elements.jpg diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/images/ChromeDev_Elements_CSS.jpg b/src/main/resources/lessons/chrome_dev_tools/images/ChromeDev_Elements_CSS.jpg similarity index 100% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/images/ChromeDev_Elements_CSS.jpg rename to src/main/resources/lessons/chrome_dev_tools/images/ChromeDev_Elements_CSS.jpg diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/images/ChromeDev_Network.jpg b/src/main/resources/lessons/chrome_dev_tools/images/ChromeDev_Network.jpg similarity index 100% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/images/ChromeDev_Network.jpg rename to src/main/resources/lessons/chrome_dev_tools/images/ChromeDev_Network.jpg diff --git a/webgoat-lessons/chrome-dev-tools/src/main/resources/images/ChromeDev_Sources.jpg b/src/main/resources/lessons/chrome_dev_tools/images/ChromeDev_Sources.jpg similarity index 100% rename from webgoat-lessons/chrome-dev-tools/src/main/resources/images/ChromeDev_Sources.jpg rename to src/main/resources/lessons/chrome_dev_tools/images/ChromeDev_Sources.jpg diff --git a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_availability.adoc b/src/main/resources/lessons/cia/documentation/CIA_availability.adoc similarity index 100% rename from webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_availability.adoc rename to src/main/resources/lessons/cia/documentation/CIA_availability.adoc diff --git a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_confidentiality.adoc b/src/main/resources/lessons/cia/documentation/CIA_confidentiality.adoc similarity index 100% rename from webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_confidentiality.adoc rename to src/main/resources/lessons/cia/documentation/CIA_confidentiality.adoc diff --git a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_integrity.adoc b/src/main/resources/lessons/cia/documentation/CIA_integrity.adoc similarity index 100% rename from webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_integrity.adoc rename to src/main/resources/lessons/cia/documentation/CIA_integrity.adoc diff --git a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_intro.adoc b/src/main/resources/lessons/cia/documentation/CIA_intro.adoc similarity index 100% rename from webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_intro.adoc rename to src/main/resources/lessons/cia/documentation/CIA_intro.adoc diff --git a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_quiz.adoc b/src/main/resources/lessons/cia/documentation/CIA_quiz.adoc similarity index 100% rename from webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_quiz.adoc rename to src/main/resources/lessons/cia/documentation/CIA_quiz.adoc diff --git a/webgoat-lessons/cia/src/main/resources/html/CIA.html b/src/main/resources/lessons/cia/html/CIA.html similarity index 70% rename from webgoat-lessons/cia/src/main/resources/html/CIA.html rename to src/main/resources/lessons/cia/html/CIA.html index 0a73520be..219ce0e08 100644 --- a/webgoat-lessons/cia/src/main/resources/html/CIA.html +++ b/src/main/resources/lessons/cia/html/CIA.html @@ -3,19 +3,19 @@
-
+
-
+
-
+
-
+
@@ -23,7 +23,7 @@ -
+
@@ -40,4 +40,4 @@
- \ No newline at end of file + diff --git a/webgoat-lessons/cia/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/cia/i18n/WebGoatLabels.properties similarity index 100% rename from webgoat-lessons/cia/src/main/resources/i18n/WebGoatLabels.properties rename to src/main/resources/lessons/cia/i18n/WebGoatLabels.properties diff --git a/webgoat-lessons/cia/src/main/resources/js/questions_cia.json b/src/main/resources/lessons/cia/js/questions_cia.json similarity index 100% rename from webgoat-lessons/cia/src/main/resources/js/questions_cia.json rename to src/main/resources/lessons/cia/js/questions_cia.json diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/css/clientSideFiltering-stage1.css b/src/main/resources/lessons/client_side_filtering/css/clientSideFiltering-stage1.css similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/css/clientSideFiltering-stage1.css rename to src/main/resources/lessons/client_side_filtering/css/clientSideFiltering-stage1.css diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/css/clientSideFilteringFree.css b/src/main/resources/lessons/client_side_filtering/css/clientSideFilteringFree.css similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/css/clientSideFilteringFree.css rename to src/main/resources/lessons/client_side_filtering/css/clientSideFilteringFree.css diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_assignment.adoc b/src/main/resources/lessons/client_side_filtering/documentation/ClientSideFiltering_assignment.adoc similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_assignment.adoc rename to src/main/resources/lessons/client_side_filtering/documentation/ClientSideFiltering_assignment.adoc diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_final.adoc b/src/main/resources/lessons/client_side_filtering/documentation/ClientSideFiltering_final.adoc similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_final.adoc rename to src/main/resources/lessons/client_side_filtering/documentation/ClientSideFiltering_final.adoc diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_plan.adoc b/src/main/resources/lessons/client_side_filtering/documentation/ClientSideFiltering_plan.adoc similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/lessonPlans/en/ClientSideFiltering_plan.adoc rename to src/main/resources/lessons/client_side_filtering/documentation/ClientSideFiltering_plan.adoc diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/html/ClientSideFiltering.html b/src/main/resources/lessons/client_side_filtering/html/ClientSideFiltering.html similarity index 95% rename from webgoat-lessons/client-side-filtering/src/main/resources/html/ClientSideFiltering.html rename to src/main/resources/lessons/client_side_filtering/html/ClientSideFiltering.html index 8c664388a..e9f3ec18e 100644 --- a/webgoat-lessons/client-side-filtering/src/main/resources/html/ClientSideFiltering.html +++ b/src/main/resources/lessons/client_side_filtering/html/ClientSideFiltering.html @@ -2,10 +2,10 @@
-
+
-
+

@@ -74,7 +74,7 @@
-
+
diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/client_side_filtering/i18n/WebGoatLabels.properties similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/i18n/WebGoatLabels.properties rename to src/main/resources/lessons/client_side_filtering/i18n/WebGoatLabels.properties diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/images/lesson1_header.jpg b/src/main/resources/lessons/client_side_filtering/images/lesson1_header.jpg similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/images/lesson1_header.jpg rename to src/main/resources/lessons/client_side_filtering/images/lesson1_header.jpg diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/images/lesson1_workspace.jpg b/src/main/resources/lessons/client_side_filtering/images/lesson1_workspace.jpg similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/images/lesson1_workspace.jpg rename to src/main/resources/lessons/client_side_filtering/images/lesson1_workspace.jpg diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/images/samsung-black.jpg b/src/main/resources/lessons/client_side_filtering/images/samsung-black.jpg similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/images/samsung-black.jpg rename to src/main/resources/lessons/client_side_filtering/images/samsung-black.jpg diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/images/samsung-grey.jpg b/src/main/resources/lessons/client_side_filtering/images/samsung-grey.jpg similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/images/samsung-grey.jpg rename to src/main/resources/lessons/client_side_filtering/images/samsung-grey.jpg diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js b/src/main/resources/lessons/client_side_filtering/js/clientSideFiltering.js similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js rename to src/main/resources/lessons/client_side_filtering/js/clientSideFiltering.js diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js b/src/main/resources/lessons/client_side_filtering/js/clientSideFilteringFree.js similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js rename to src/main/resources/lessons/client_side_filtering/js/clientSideFilteringFree.js diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/lessonSolutions/en/ClientSideFiltering.html b/src/main/resources/lessons/client_side_filtering/lessonSolutions/en/ClientSideFiltering.html similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/lessonSolutions/en/ClientSideFiltering.html rename to src/main/resources/lessons/client_side_filtering/lessonSolutions/en/ClientSideFiltering.html diff --git a/webgoat-lessons/client-side-filtering/src/main/resources/lessonSolutions/en/ClientSideFiltering_files/clientside_firebug.jpg b/src/main/resources/lessons/client_side_filtering/lessonSolutions/en/ClientSideFiltering_files/clientside_firebug.jpg similarity index 100% rename from webgoat-lessons/client-side-filtering/src/main/resources/lessonSolutions/en/ClientSideFiltering_files/clientside_firebug.jpg rename to src/main/resources/lessons/client_side_filtering/lessonSolutions/en/ClientSideFiltering_files/clientside_firebug.jpg diff --git a/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/Crypto_plan.adoc b/src/main/resources/lessons/cryptography/documentation/Crypto_plan.adoc similarity index 100% rename from webgoat-lessons/crypto/src/main/resources/lessonPlans/en/Crypto_plan.adoc rename to src/main/resources/lessons/cryptography/documentation/Crypto_plan.adoc diff --git a/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/defaults.adoc b/src/main/resources/lessons/cryptography/documentation/defaults.adoc similarity index 100% rename from webgoat-lessons/crypto/src/main/resources/lessonPlans/en/defaults.adoc rename to src/main/resources/lessons/cryptography/documentation/defaults.adoc diff --git a/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/encoding_plan.adoc b/src/main/resources/lessons/cryptography/documentation/encoding_plan.adoc similarity index 100% rename from webgoat-lessons/crypto/src/main/resources/lessonPlans/en/encoding_plan.adoc rename to src/main/resources/lessons/cryptography/documentation/encoding_plan.adoc diff --git a/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/encoding_plan2.adoc b/src/main/resources/lessons/cryptography/documentation/encoding_plan2.adoc similarity index 100% rename from webgoat-lessons/crypto/src/main/resources/lessonPlans/en/encoding_plan2.adoc rename to src/main/resources/lessons/cryptography/documentation/encoding_plan2.adoc diff --git a/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/encryption.adoc b/src/main/resources/lessons/cryptography/documentation/encryption.adoc similarity index 100% rename from webgoat-lessons/crypto/src/main/resources/lessonPlans/en/encryption.adoc rename to src/main/resources/lessons/cryptography/documentation/encryption.adoc diff --git a/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/hashing_plan.adoc b/src/main/resources/lessons/cryptography/documentation/hashing_plan.adoc similarity index 100% rename from webgoat-lessons/crypto/src/main/resources/lessonPlans/en/hashing_plan.adoc rename to src/main/resources/lessons/cryptography/documentation/hashing_plan.adoc diff --git a/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/keystores.adoc b/src/main/resources/lessons/cryptography/documentation/keystores.adoc similarity index 100% rename from webgoat-lessons/crypto/src/main/resources/lessonPlans/en/keystores.adoc rename to src/main/resources/lessons/cryptography/documentation/keystores.adoc diff --git a/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/postquantum.adoc b/src/main/resources/lessons/cryptography/documentation/postquantum.adoc similarity index 100% rename from webgoat-lessons/crypto/src/main/resources/lessonPlans/en/postquantum.adoc rename to src/main/resources/lessons/cryptography/documentation/postquantum.adoc diff --git a/webgoat-lessons/crypto/src/main/resources/lessonPlans/en/signing.adoc b/src/main/resources/lessons/cryptography/documentation/signing.adoc similarity index 100% rename from webgoat-lessons/crypto/src/main/resources/lessonPlans/en/signing.adoc rename to src/main/resources/lessons/cryptography/documentation/signing.adoc diff --git a/webgoat-lessons/crypto/src/main/resources/html/Crypto.html b/src/main/resources/lessons/cryptography/html/Cryptography.html similarity index 82% rename from webgoat-lessons/crypto/src/main/resources/html/Crypto.html rename to src/main/resources/lessons/cryptography/html/Cryptography.html index bd06030e6..6e6f32767 100644 --- a/webgoat-lessons/crypto/src/main/resources/html/Crypto.html +++ b/src/main/resources/lessons/cryptography/html/Cryptography.html @@ -18,11 +18,11 @@ $(document).ready(initialise);
-
+
-
+
@@ -41,7 +41,7 @@ $(document).ready(initialise);
-
+
@@ -58,7 +58,7 @@ $(document).ready(initialise);
-
+
@@ -76,12 +76,12 @@ $(document).ready(initialise);
-
+
-
+
@@ -101,12 +101,12 @@ $(document).ready(initialise);
-
+
-
+
@@ -123,7 +123,7 @@ $(document).ready(initialise);
-
+
- \ No newline at end of file + diff --git a/webgoat-lessons/crypto/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/cryptography/i18n/WebGoatLabels.properties similarity index 100% rename from webgoat-lessons/crypto/src/main/resources/i18n/WebGoatLabels.properties rename to src/main/resources/lessons/cryptography/i18n/WebGoatLabels.properties diff --git a/webgoat-lessons/csrf/src/main/resources/css/reviews.css b/src/main/resources/lessons/csrf/css/reviews.css similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/css/reviews.css rename to src/main/resources/lessons/csrf/css/reviews.css diff --git a/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Basic_Get-1.adoc b/src/main/resources/lessons/csrf/documentation/CSRF_Basic_Get-1.adoc similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Basic_Get-1.adoc rename to src/main/resources/lessons/csrf/documentation/CSRF_Basic_Get-1.adoc diff --git a/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_ContentType.adoc b/src/main/resources/lessons/csrf/documentation/CSRF_ContentType.adoc similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_ContentType.adoc rename to src/main/resources/lessons/csrf/documentation/CSRF_ContentType.adoc diff --git a/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Frameworks.adoc b/src/main/resources/lessons/csrf/documentation/CSRF_Frameworks.adoc similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Frameworks.adoc rename to src/main/resources/lessons/csrf/documentation/CSRF_Frameworks.adoc diff --git a/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_GET.adoc b/src/main/resources/lessons/csrf/documentation/CSRF_GET.adoc similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_GET.adoc rename to src/main/resources/lessons/csrf/documentation/CSRF_GET.adoc diff --git a/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Get_Flag.adoc b/src/main/resources/lessons/csrf/documentation/CSRF_Get_Flag.adoc similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Get_Flag.adoc rename to src/main/resources/lessons/csrf/documentation/CSRF_Get_Flag.adoc diff --git a/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Impact_Defense.adoc b/src/main/resources/lessons/csrf/documentation/CSRF_Impact_Defense.adoc similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Impact_Defense.adoc rename to src/main/resources/lessons/csrf/documentation/CSRF_Impact_Defense.adoc diff --git a/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_JSON.adoc b/src/main/resources/lessons/csrf/documentation/CSRF_JSON.adoc similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_JSON.adoc rename to src/main/resources/lessons/csrf/documentation/CSRF_JSON.adoc diff --git a/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Login.adoc b/src/main/resources/lessons/csrf/documentation/CSRF_Login.adoc similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Login.adoc rename to src/main/resources/lessons/csrf/documentation/CSRF_Login.adoc diff --git a/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Reviews.adoc b/src/main/resources/lessons/csrf/documentation/CSRF_Reviews.adoc similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_Reviews.adoc rename to src/main/resources/lessons/csrf/documentation/CSRF_Reviews.adoc diff --git a/webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_intro.adoc b/src/main/resources/lessons/csrf/documentation/CSRF_intro.adoc similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/lessonPlans/en/CSRF_intro.adoc rename to src/main/resources/lessons/csrf/documentation/CSRF_intro.adoc diff --git a/webgoat-lessons/csrf/src/main/resources/html/CSRF.html b/src/main/resources/lessons/csrf/html/CSRF.html similarity index 91% rename from webgoat-lessons/csrf/src/main/resources/html/CSRF.html rename to src/main/resources/lessons/csrf/html/CSRF.html index 169a2edb6..01fdb696c 100644 --- a/webgoat-lessons/csrf/src/main/resources/html/CSRF.html +++ b/src/main/resources/lessons/csrf/html/CSRF.html @@ -3,15 +3,15 @@
-
+
-
+
-
+
-
+
@@ -54,7 +54,7 @@
-
+
@@ -121,15 +121,15 @@
-
+
-
+
-
+
-
+
@@ -251,10 +251,10 @@
-
+
- \ No newline at end of file + diff --git a/webgoat-lessons/csrf/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/csrf/i18n/WebGoatLabels.properties similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/i18n/WebGoatLabels.properties rename to src/main/resources/lessons/csrf/i18n/WebGoatLabels.properties diff --git a/webgoat-lessons/csrf/src/main/resources/images/login-csrf.png b/src/main/resources/lessons/csrf/images/login-csrf.png similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/images/login-csrf.png rename to src/main/resources/lessons/csrf/images/login-csrf.png diff --git a/webgoat-lessons/csrf/src/main/resources/js/csrf-review.js b/src/main/resources/lessons/csrf/js/csrf-review.js similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/js/csrf-review.js rename to src/main/resources/lessons/csrf/js/csrf-review.js diff --git a/webgoat-lessons/csrf/src/main/resources/js/feedback.js b/src/main/resources/lessons/csrf/js/feedback.js similarity index 100% rename from webgoat-lessons/csrf/src/main/resources/js/feedback.js rename to src/main/resources/lessons/csrf/js/feedback.js diff --git a/webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_GadgetChain.adoc b/src/main/resources/lessons/deserialization/documentation/InsecureDeserialization_GadgetChain.adoc similarity index 100% rename from webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_GadgetChain.adoc rename to src/main/resources/lessons/deserialization/documentation/InsecureDeserialization_GadgetChain.adoc diff --git a/webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_Intro.adoc b/src/main/resources/lessons/deserialization/documentation/InsecureDeserialization_Intro.adoc similarity index 100% rename from webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_Intro.adoc rename to src/main/resources/lessons/deserialization/documentation/InsecureDeserialization_Intro.adoc diff --git a/webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_SimpleExploit.adoc b/src/main/resources/lessons/deserialization/documentation/InsecureDeserialization_SimpleExploit.adoc similarity index 100% rename from webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_SimpleExploit.adoc rename to src/main/resources/lessons/deserialization/documentation/InsecureDeserialization_SimpleExploit.adoc diff --git a/webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_Task.adoc b/src/main/resources/lessons/deserialization/documentation/InsecureDeserialization_Task.adoc similarity index 100% rename from webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_Task.adoc rename to src/main/resources/lessons/deserialization/documentation/InsecureDeserialization_Task.adoc diff --git a/webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_WhatIs.adoc b/src/main/resources/lessons/deserialization/documentation/InsecureDeserialization_WhatIs.adoc similarity index 100% rename from webgoat-lessons/insecure-deserialization/src/main/resources/lessonPlans/en/InsecureDeserialization_WhatIs.adoc rename to src/main/resources/lessons/deserialization/documentation/InsecureDeserialization_WhatIs.adoc diff --git a/webgoat-lessons/insecure-deserialization/src/main/resources/html/InsecureDeserialization.html b/src/main/resources/lessons/deserialization/html/InsecureDeserialization.html similarity index 59% rename from webgoat-lessons/insecure-deserialization/src/main/resources/html/InsecureDeserialization.html rename to src/main/resources/lessons/deserialization/html/InsecureDeserialization.html index c0b8d7afa..1b64172f4 100755 --- a/webgoat-lessons/insecure-deserialization/src/main/resources/html/InsecureDeserialization.html +++ b/src/main/resources/lessons/deserialization/html/InsecureDeserialization.html @@ -3,24 +3,24 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
diff --git a/webgoat-lessons/hijack-session/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/hijacksession/i18n/WebGoatLabels.properties similarity index 100% rename from webgoat-lessons/hijack-session/src/main/resources/i18n/WebGoatLabels.properties rename to src/main/resources/lessons/hijacksession/i18n/WebGoatLabels.properties diff --git a/webgoat-lessons/hijack-session/src/main/resources/lessonSolutions/en/HijackSession_solution.adoc b/src/main/resources/lessons/hijacksession/lessonSolutions/en/HijackSession_solution.adoc similarity index 100% rename from webgoat-lessons/hijack-session/src/main/resources/lessonSolutions/en/HijackSession_solution.adoc rename to src/main/resources/lessons/hijacksession/lessonSolutions/en/HijackSession_solution.adoc diff --git a/webgoat-lessons/hijack-session/src/main/resources/lessonSolutions/html/HijackSession.html b/src/main/resources/lessons/hijacksession/lessonSolutions/html/HijackSession.html similarity index 100% rename from webgoat-lessons/hijack-session/src/main/resources/lessonSolutions/html/HijackSession.html rename to src/main/resources/lessons/hijacksession/lessonSolutions/html/HijackSession.html diff --git a/webgoat-lessons/hijack-session/src/main/resources/templates/hijackform.html b/src/main/resources/lessons/hijacksession/templates/hijackform.html similarity index 100% rename from webgoat-lessons/hijack-session/src/main/resources/templates/hijackform.html rename to src/main/resources/lessons/hijacksession/templates/hijackform.html diff --git a/webgoat-lessons/html-tampering/src/main/resources/lessonPlans/en/HtmlTampering_Intro.adoc b/src/main/resources/lessons/html_tampering/documentation/HtmlTampering_Intro.adoc similarity index 100% rename from webgoat-lessons/html-tampering/src/main/resources/lessonPlans/en/HtmlTampering_Intro.adoc rename to src/main/resources/lessons/html_tampering/documentation/HtmlTampering_Intro.adoc diff --git a/webgoat-lessons/html-tampering/src/main/resources/lessonPlans/en/HtmlTampering_Mitigation.adoc b/src/main/resources/lessons/html_tampering/documentation/HtmlTampering_Mitigation.adoc similarity index 100% rename from webgoat-lessons/html-tampering/src/main/resources/lessonPlans/en/HtmlTampering_Mitigation.adoc rename to src/main/resources/lessons/html_tampering/documentation/HtmlTampering_Mitigation.adoc diff --git a/webgoat-lessons/html-tampering/src/main/resources/lessonPlans/en/HtmlTampering_Task.adoc b/src/main/resources/lessons/html_tampering/documentation/HtmlTampering_Task.adoc similarity index 100% rename from webgoat-lessons/html-tampering/src/main/resources/lessonPlans/en/HtmlTampering_Task.adoc rename to src/main/resources/lessons/html_tampering/documentation/HtmlTampering_Task.adoc diff --git a/webgoat-lessons/html-tampering/src/main/resources/html/HtmlTampering.html b/src/main/resources/lessons/html_tampering/html/HtmlTampering.html similarity index 95% rename from webgoat-lessons/html-tampering/src/main/resources/html/HtmlTampering.html rename to src/main/resources/lessons/html_tampering/html/HtmlTampering.html index f4ed29ba2..afd3dba68 100755 --- a/webgoat-lessons/html-tampering/src/main/resources/html/HtmlTampering.html +++ b/src/main/resources/lessons/html_tampering/html/HtmlTampering.html @@ -3,12 +3,12 @@
-
+
-
+
-
+
diff --git a/webgoat-lessons/html-tampering/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/html_tampering/i18n/WebGoatLabels.properties similarity index 100% rename from webgoat-lessons/html-tampering/src/main/resources/i18n/WebGoatLabels.properties rename to src/main/resources/lessons/html_tampering/i18n/WebGoatLabels.properties diff --git a/webgoat-lessons/html-tampering/src/main/resources/images/samsung.jpg b/src/main/resources/lessons/html_tampering/images/samsung.jpg similarity index 100% rename from webgoat-lessons/html-tampering/src/main/resources/images/samsung.jpg rename to src/main/resources/lessons/html_tampering/images/samsung.jpg diff --git a/webgoat-lessons/http-basics/src/main/resources/lessonPlans/en/HttpBasics_content1.adoc b/src/main/resources/lessons/http_basics/documentation/HttpBasics_content1.adoc similarity index 100% rename from webgoat-lessons/http-basics/src/main/resources/lessonPlans/en/HttpBasics_content1.adoc rename to src/main/resources/lessons/http_basics/documentation/HttpBasics_content1.adoc diff --git a/webgoat-lessons/http-basics/src/main/resources/lessonPlans/en/HttpBasics_content2.adoc b/src/main/resources/lessons/http_basics/documentation/HttpBasics_content2.adoc similarity index 100% rename from webgoat-lessons/http-basics/src/main/resources/lessonPlans/en/HttpBasics_content2.adoc rename to src/main/resources/lessons/http_basics/documentation/HttpBasics_content2.adoc diff --git a/webgoat-lessons/http-basics/src/main/resources/lessonPlans/en/HttpBasics_plan.adoc b/src/main/resources/lessons/http_basics/documentation/HttpBasics_plan.adoc similarity index 100% rename from webgoat-lessons/http-basics/src/main/resources/lessonPlans/en/HttpBasics_plan.adoc rename to src/main/resources/lessons/http_basics/documentation/HttpBasics_plan.adoc diff --git a/webgoat-lessons/http-basics/src/main/resources/html/HttpBasics.html b/src/main/resources/lessons/http_basics/html/HttpBasics.html similarity index 92% rename from webgoat-lessons/http-basics/src/main/resources/html/HttpBasics.html rename to src/main/resources/lessons/http_basics/html/HttpBasics.html index 40107f4c7..860f18f2d 100644 --- a/webgoat-lessons/http-basics/src/main/resources/html/HttpBasics.html +++ b/src/main/resources/lessons/http_basics/html/HttpBasics.html @@ -6,13 +6,13 @@ -
+
-
+
@@ -42,7 +42,7 @@ -
+
@@ -83,4 +83,4 @@
- \ No newline at end of file + diff --git a/webgoat-lessons/http-basics/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/http_basics/i18n/WebGoatLabels.properties similarity index 100% rename from webgoat-lessons/http-basics/src/main/resources/i18n/WebGoatLabels.properties rename to src/main/resources/lessons/http_basics/i18n/WebGoatLabels.properties diff --git a/webgoat-lessons/http-basics/src/main/resources/i18n/WebGoatLabels_de.properties b/src/main/resources/lessons/http_basics/i18n/WebGoatLabels_de.properties similarity index 100% rename from webgoat-lessons/http-basics/src/main/resources/i18n/WebGoatLabels_de.properties rename to src/main/resources/lessons/http_basics/i18n/WebGoatLabels_de.properties diff --git a/webgoat-lessons/http-basics/src/main/resources/i18n/WebGoatLabels_fr.properties b/src/main/resources/lessons/http_basics/i18n/WebGoatLabels_fr.properties similarity index 100% rename from webgoat-lessons/http-basics/src/main/resources/i18n/WebGoatLabels_fr.properties rename to src/main/resources/lessons/http_basics/i18n/WebGoatLabels_fr.properties diff --git a/webgoat-lessons/http-basics/src/main/resources/i18n/WebGoatLabels_nl.properties b/src/main/resources/lessons/http_basics/i18n/WebGoatLabels_nl.properties similarity index 100% rename from webgoat-lessons/http-basics/src/main/resources/i18n/WebGoatLabels_nl.properties rename to src/main/resources/lessons/http_basics/i18n/WebGoatLabels_nl.properties diff --git a/webgoat-lessons/http-basics/src/main/resources/i18n/WebGoatLabels_ru.properties b/src/main/resources/lessons/http_basics/i18n/WebGoatLabels_ru.properties similarity index 100% rename from webgoat-lessons/http-basics/src/main/resources/i18n/WebGoatLabels_ru.properties rename to src/main/resources/lessons/http_basics/i18n/WebGoatLabels_ru.properties diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/0overview.adoc b/src/main/resources/lessons/http_proxies/documentation/0overview.adoc similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/0overview.adoc rename to src/main/resources/lessons/http_proxies/documentation/0overview.adoc diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/10burp.adoc b/src/main/resources/lessons/http_proxies/documentation/10burp.adoc similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/10burp.adoc rename to src/main/resources/lessons/http_proxies/documentation/10burp.adoc diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/1proxysetupsteps.adoc b/src/main/resources/lessons/http_proxies/documentation/1proxysetupsteps.adoc similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/1proxysetupsteps.adoc rename to src/main/resources/lessons/http_proxies/documentation/1proxysetupsteps.adoc diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/3browsersetup.adoc b/src/main/resources/lessons/http_proxies/documentation/3browsersetup.adoc similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/3browsersetup.adoc rename to src/main/resources/lessons/http_proxies/documentation/3browsersetup.adoc diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/5configurefilterandbreakpoints.adoc b/src/main/resources/lessons/http_proxies/documentation/5configurefilterandbreakpoints.adoc similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/5configurefilterandbreakpoints.adoc rename to src/main/resources/lessons/http_proxies/documentation/5configurefilterandbreakpoints.adoc diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/6assignment.adoc b/src/main/resources/lessons/http_proxies/documentation/6assignment.adoc similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/6assignment.adoc rename to src/main/resources/lessons/http_proxies/documentation/6assignment.adoc diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/7resend.adoc b/src/main/resources/lessons/http_proxies/documentation/7resend.adoc similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/7resend.adoc rename to src/main/resources/lessons/http_proxies/documentation/7resend.adoc diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/8httpsproxy.adoc b/src/main/resources/lessons/http_proxies/documentation/8httpsproxy.adoc similarity index 98% rename from webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/8httpsproxy.adoc rename to src/main/resources/lessons/http_proxies/documentation/8httpsproxy.adoc index 192a1953f..0c3875dfa 100644 --- a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/8httpsproxy.adoc +++ b/src/main/resources/lessons/http_proxies/documentation/8httpsproxy.adoc @@ -1,27 +1,27 @@ -== Proxy from ZAP to HTTPS - -The ZAP proxy can also be configured to proxy *HTTPS* requests. It will terminate the HTTPS connection in ZAP and then proxy it to the target using its keystore. You can even proxy to sites with mutual TLS. In that case, you configure OWASP ZAP with the keystore and key to use for the connection. - -Go to Tools/Options/Client Certificate to proxy to a mutual TLS HTTPS site. -Go to Tools/Options/Connection if you want to set timeouts and want to force the use of TLSv1.2 e.g. - - -=== Export the certificate - -Depending on the local tools installation, ZAP can start a browser directly with some adjusted options like network settings and certificate adjustments. However, you should do this step if you want to start your browser independently of ZAP. To be able to use the browser, the browser needs the certificate, which you can export here: - -image::images/rootca.png[ZAP root CA,style="lesson-image"] -image::images/savecerts.png[ZAP save CA,style="lesson-image"] - - - -=== Import the OWASP ZAP root certificate - -. Go to your Firefox Preferences (Mac, Linux) or Options (Windows) from the menu.` -. Search for _certificates_ -. Click _View certificates_ -. Import the ZAP root certificate that was saved (see the previous page) - -image::images/firefoxsettingscerts.png[Firefox Certificates,width="75%",style="lesson-image"] - -image::images/importcerts.png[Firefox Certificate import,width="75%",style="lesson-image"] +== Proxy from ZAP to HTTPS + +The ZAP proxy can also be configured to proxy *HTTPS* requests. It will terminate the HTTPS connection in ZAP and then proxy it to the target using its keystore. You can even proxy to sites with mutual TLS. In that case, you configure OWASP ZAP with the keystore and key to use for the connection. + +Go to Tools/Options/Client Certificate to proxy to a mutual TLS HTTPS site. +Go to Tools/Options/Connection if you want to set timeouts and want to force the use of TLSv1.2 e.g. + + +=== Export the certificate + +Depending on the local tools installation, ZAP can start a browser directly with some adjusted options like network settings and certificate adjustments. However, you should do this step if you want to start your browser independently of ZAP. To be able to use the browser, the browser needs the certificate, which you can export here: + +image::images/rootca.png[ZAP root CA,style="lesson-image"] +image::images/savecerts.png[ZAP save CA,style="lesson-image"] + + + +=== Import the OWASP ZAP root certificate + +. Go to your Firefox Preferences (Mac, Linux) or Options (Windows) from the menu.` +. Search for _certificates_ +. Click _View certificates_ +. Import the ZAP root certificate that was saved (see the previous page) + +image::images/firefoxsettingscerts.png[Firefox Certificates,width="75%",style="lesson-image"] + +image::images/importcerts.png[Firefox Certificate import,width="75%",style="lesson-image"] diff --git a/webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/9manual.adoc b/src/main/resources/lessons/http_proxies/documentation/9manual.adoc similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/lessonPlans/en/9manual.adoc rename to src/main/resources/lessons/http_proxies/documentation/9manual.adoc diff --git a/webgoat-lessons/http-proxies/src/main/resources/html/HttpProxies.html b/src/main/resources/lessons/http_proxies/html/HttpProxies.html similarity index 52% rename from webgoat-lessons/http-proxies/src/main/resources/html/HttpProxies.html rename to src/main/resources/lessons/http_proxies/html/HttpProxies.html index 98f266c43..f916785db 100644 --- a/webgoat-lessons/http-proxies/src/main/resources/html/HttpProxies.html +++ b/src/main/resources/lessons/http_proxies/html/HttpProxies.html @@ -3,23 +3,23 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
diff --git a/webgoat-lessons/http-proxies/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/http_proxies/i18n/WebGoatLabels.properties similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/i18n/WebGoatLabels.properties rename to src/main/resources/lessons/http_proxies/i18n/WebGoatLabels.properties diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/breakpoint.png b/src/main/resources/lessons/http_proxies/images/breakpoint.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/breakpoint.png rename to src/main/resources/lessons/http_proxies/images/breakpoint.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/breakpoint2.png b/src/main/resources/lessons/http_proxies/images/breakpoint2.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/breakpoint2.png rename to src/main/resources/lessons/http_proxies/images/breakpoint2.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/burpfilter.png b/src/main/resources/lessons/http_proxies/images/burpfilter.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/burpfilter.png rename to src/main/resources/lessons/http_proxies/images/burpfilter.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/burpfilterclient.png b/src/main/resources/lessons/http_proxies/images/burpfilterclient.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/burpfilterclient.png rename to src/main/resources/lessons/http_proxies/images/burpfilterclient.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/burpintercept.png b/src/main/resources/lessons/http_proxies/images/burpintercept.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/burpintercept.png rename to src/main/resources/lessons/http_proxies/images/burpintercept.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/burpintercepted.png b/src/main/resources/lessons/http_proxies/images/burpintercepted.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/burpintercepted.png rename to src/main/resources/lessons/http_proxies/images/burpintercepted.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/burpproxy.png b/src/main/resources/lessons/http_proxies/images/burpproxy.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/burpproxy.png rename to src/main/resources/lessons/http_proxies/images/burpproxy.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/burpwarn.png b/src/main/resources/lessons/http_proxies/images/burpwarn.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/burpwarn.png rename to src/main/resources/lessons/http_proxies/images/burpwarn.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/chrome-manual-proxy-win.png b/src/main/resources/lessons/http_proxies/images/chrome-manual-proxy-win.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/chrome-manual-proxy-win.png rename to src/main/resources/lessons/http_proxies/images/chrome-manual-proxy-win.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/chrome-manual-proxy.png b/src/main/resources/lessons/http_proxies/images/chrome-manual-proxy.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/chrome-manual-proxy.png rename to src/main/resources/lessons/http_proxies/images/chrome-manual-proxy.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/firefox-proxy-config.png b/src/main/resources/lessons/http_proxies/images/firefox-proxy-config.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/firefox-proxy-config.png rename to src/main/resources/lessons/http_proxies/images/firefox-proxy-config.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/firefoxsettingscerts.png b/src/main/resources/lessons/http_proxies/images/firefoxsettingscerts.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/firefoxsettingscerts.png rename to src/main/resources/lessons/http_proxies/images/firefoxsettingscerts.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/importcerts.png b/src/main/resources/lessons/http_proxies/images/importcerts.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/importcerts.png rename to src/main/resources/lessons/http_proxies/images/importcerts.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/loginscreen.png b/src/main/resources/lessons/http_proxies/images/loginscreen.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/loginscreen.png rename to src/main/resources/lessons/http_proxies/images/loginscreen.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/newlocalhost.png b/src/main/resources/lessons/http_proxies/images/newlocalhost.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/newlocalhost.png rename to src/main/resources/lessons/http_proxies/images/newlocalhost.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/proxy-intercept-button.png b/src/main/resources/lessons/http_proxies/images/proxy-intercept-button.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/proxy-intercept-button.png rename to src/main/resources/lessons/http_proxies/images/proxy-intercept-button.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/proxy-intercept-details.png b/src/main/resources/lessons/http_proxies/images/proxy-intercept-details.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/proxy-intercept-details.png rename to src/main/resources/lessons/http_proxies/images/proxy-intercept-details.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/rootca.png b/src/main/resources/lessons/http_proxies/images/rootca.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/rootca.png rename to src/main/resources/lessons/http_proxies/images/rootca.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/savecerts.png b/src/main/resources/lessons/http_proxies/images/savecerts.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/savecerts.png rename to src/main/resources/lessons/http_proxies/images/savecerts.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/zap-browser-button.png b/src/main/resources/lessons/http_proxies/images/zap-browser-button.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/zap-browser-button.png rename to src/main/resources/lessons/http_proxies/images/zap-browser-button.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/zap-exclude.png b/src/main/resources/lessons/http_proxies/images/zap-exclude.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/zap-exclude.png rename to src/main/resources/lessons/http_proxies/images/zap-exclude.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/zap-history.png b/src/main/resources/lessons/http_proxies/images/zap-history.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/zap-history.png rename to src/main/resources/lessons/http_proxies/images/zap-history.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/zap-start.png b/src/main/resources/lessons/http_proxies/images/zap-start.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/zap-start.png rename to src/main/resources/lessons/http_proxies/images/zap-start.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/zap_edit_and_resend.png b/src/main/resources/lessons/http_proxies/images/zap_edit_and_resend.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/zap_edit_and_resend.png rename to src/main/resources/lessons/http_proxies/images/zap_edit_and_resend.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/zap_edit_and_response.png b/src/main/resources/lessons/http_proxies/images/zap_edit_and_response.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/zap_edit_and_response.png rename to src/main/resources/lessons/http_proxies/images/zap_edit_and_response.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/zap_edit_and_send.png b/src/main/resources/lessons/http_proxies/images/zap_edit_and_send.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/zap_edit_and_send.png rename to src/main/resources/lessons/http_proxies/images/zap_edit_and_send.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/zap_exclude.png b/src/main/resources/lessons/http_proxies/images/zap_exclude.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/zap_exclude.png rename to src/main/resources/lessons/http_proxies/images/zap_exclude.png diff --git a/webgoat-lessons/http-proxies/src/main/resources/images/zap_exclude_url.png b/src/main/resources/lessons/http_proxies/images/zap_exclude_url.png similarity index 100% rename from webgoat-lessons/http-proxies/src/main/resources/images/zap_exclude_url.png rename to src/main/resources/lessons/http_proxies/images/zap_exclude_url.png diff --git a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_editOtherProfile.adoc b/src/main/resources/lessons/idor/documentation/IDOR_editOtherProfile.adoc similarity index 100% rename from webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_editOtherProfile.adoc rename to src/main/resources/lessons/idor/documentation/IDOR_editOtherProfile.adoc diff --git a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_editOwnProfile.adoc b/src/main/resources/lessons/idor/documentation/IDOR_editOwnProfile.adoc similarity index 100% rename from webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_editOwnProfile.adoc rename to src/main/resources/lessons/idor/documentation/IDOR_editOwnProfile.adoc diff --git a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_inputAltPath.adoc b/src/main/resources/lessons/idor/documentation/IDOR_inputAltPath.adoc similarity index 100% rename from webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_inputAltPath.adoc rename to src/main/resources/lessons/idor/documentation/IDOR_inputAltPath.adoc diff --git a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_intro.adoc b/src/main/resources/lessons/idor/documentation/IDOR_intro.adoc similarity index 100% rename from webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_intro.adoc rename to src/main/resources/lessons/idor/documentation/IDOR_intro.adoc diff --git a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_login.adoc b/src/main/resources/lessons/idor/documentation/IDOR_login.adoc similarity index 100% rename from webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_login.adoc rename to src/main/resources/lessons/idor/documentation/IDOR_login.adoc diff --git a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_mitigation.adoc b/src/main/resources/lessons/idor/documentation/IDOR_mitigation.adoc similarity index 100% rename from webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_mitigation.adoc rename to src/main/resources/lessons/idor/documentation/IDOR_mitigation.adoc diff --git a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_viewDiffs.adoc b/src/main/resources/lessons/idor/documentation/IDOR_viewDiffs.adoc similarity index 100% rename from webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_viewDiffs.adoc rename to src/main/resources/lessons/idor/documentation/IDOR_viewDiffs.adoc diff --git a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_viewOtherProfile.adoc b/src/main/resources/lessons/idor/documentation/IDOR_viewOtherProfile.adoc similarity index 100% rename from webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_viewOtherProfile.adoc rename to src/main/resources/lessons/idor/documentation/IDOR_viewOtherProfile.adoc diff --git a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_viewOwnAltPath.adoc b/src/main/resources/lessons/idor/documentation/IDOR_viewOwnAltPath.adoc similarity index 100% rename from webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_viewOwnAltPath.adoc rename to src/main/resources/lessons/idor/documentation/IDOR_viewOwnAltPath.adoc diff --git a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_whatDiffs.adoc b/src/main/resources/lessons/idor/documentation/IDOR_whatDiffs.adoc similarity index 100% rename from webgoat-lessons/idor/src/main/resources/lessonPlans/en/IDOR_whatDiffs.adoc rename to src/main/resources/lessons/idor/documentation/IDOR_whatDiffs.adoc diff --git a/webgoat-lessons/idor/src/main/resources/lessonPlans/en/temp.txt b/src/main/resources/lessons/idor/documentation/temp.txt similarity index 100% rename from webgoat-lessons/idor/src/main/resources/lessonPlans/en/temp.txt rename to src/main/resources/lessons/idor/documentation/temp.txt diff --git a/webgoat-lessons/idor/src/main/resources/html/IDOR.html b/src/main/resources/lessons/idor/html/IDOR.html similarity index 91% rename from webgoat-lessons/idor/src/main/resources/html/IDOR.html rename to src/main/resources/lessons/idor/html/IDOR.html index 77f58adbd..b4b7f530f 100644 --- a/webgoat-lessons/idor/src/main/resources/html/IDOR.html +++ b/src/main/resources/lessons/idor/html/IDOR.html @@ -4,14 +4,14 @@ -
+
-
+
@@ -46,7 +46,7 @@ -
+
@@ -76,7 +76,7 @@ -
+
-
+
@@ -108,7 +108,7 @@ -
+
@@ -123,7 +123,7 @@ -
+
@@ -147,7 +147,7 @@
-
+
@@ -176,7 +176,7 @@ -
+
diff --git a/webgoat-lessons/idor/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/idor/i18n/WebGoatLabels.properties similarity index 100% rename from webgoat-lessons/idor/src/main/resources/i18n/WebGoatLabels.properties rename to src/main/resources/lessons/idor/i18n/WebGoatLabels.properties diff --git a/webgoat-lessons/idor/src/main/resources/js/idor.js b/src/main/resources/lessons/idor/js/idor.js similarity index 100% rename from webgoat-lessons/idor/src/main/resources/js/idor.js rename to src/main/resources/lessons/idor/js/idor.js diff --git a/webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Intro.adoc b/src/main/resources/lessons/insecure_login/documentation/InsecureLogin_Intro.adoc similarity index 100% rename from webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Intro.adoc rename to src/main/resources/lessons/insecure_login/documentation/InsecureLogin_Intro.adoc diff --git a/webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Task.adoc b/src/main/resources/lessons/insecure_login/documentation/InsecureLogin_Task.adoc similarity index 100% rename from webgoat-lessons/insecure-login/src/main/resources/lessonPlans/en/InsecureLogin_Task.adoc rename to src/main/resources/lessons/insecure_login/documentation/InsecureLogin_Task.adoc diff --git a/webgoat-lessons/insecure-login/src/main/resources/html/InsecureLogin.html b/src/main/resources/lessons/insecure_login/html/InsecureLogin.html similarity index 86% rename from webgoat-lessons/insecure-login/src/main/resources/html/InsecureLogin.html rename to src/main/resources/lessons/insecure_login/html/InsecureLogin.html index 7415bf0f1..1c34ab781 100755 --- a/webgoat-lessons/insecure-login/src/main/resources/html/InsecureLogin.html +++ b/src/main/resources/lessons/insecure_login/html/InsecureLogin.html @@ -6,12 +6,12 @@ -
+
-
+
diff --git a/webgoat-lessons/insecure-login/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/insecure_login/i18n/WebGoatLabels.properties similarity index 100% rename from webgoat-lessons/insecure-login/src/main/resources/i18n/WebGoatLabels.properties rename to src/main/resources/lessons/insecure_login/i18n/WebGoatLabels.properties diff --git a/webgoat-lessons/insecure-login/src/main/resources/js/credentials.js b/src/main/resources/lessons/insecure_login/js/credentials.js similarity index 100% rename from webgoat-lessons/insecure-login/src/main/resources/js/credentials.js rename to src/main/resources/lessons/insecure_login/js/credentials.js diff --git a/webgoat-lessons/jwt/src/main/resources/css/jwt.css b/src/main/resources/lessons/jwt/css/jwt.css similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/css/jwt.css rename to src/main/resources/lessons/jwt/css/jwt.css diff --git a/webgoat-lessons/jwt/src/main/resources/db/migration/V2019_09_25_1__jwt.sql b/src/main/resources/lessons/jwt/db/migration/V2019_09_25_1__jwt.sql similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/db/migration/V2019_09_25_1__jwt.sql rename to src/main/resources/lessons/jwt/db/migration/V2019_09_25_1__jwt.sql diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_decode.adoc b/src/main/resources/lessons/jwt/documentation/JWT_decode.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_decode.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_decode.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_final.adoc b/src/main/resources/lessons/jwt/documentation/JWT_final.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_final.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_final.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_libraries.adoc b/src/main/resources/lessons/jwt/documentation/JWT_libraries.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_libraries.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_libraries.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_libraries_assignment.adoc b/src/main/resources/lessons/jwt/documentation/JWT_libraries_assignment.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_libraries_assignment.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_libraries_assignment.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_libraries_assignment2.adoc b/src/main/resources/lessons/jwt/documentation/JWT_libraries_assignment2.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_libraries_assignment2.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_libraries_assignment2.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_libraries_solution.adoc b/src/main/resources/lessons/jwt/documentation/JWT_libraries_solution.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_libraries_solution.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_libraries_solution.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_login_to_token.adoc b/src/main/resources/lessons/jwt/documentation/JWT_login_to_token.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_login_to_token.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_login_to_token.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_mitigation.adoc b/src/main/resources/lessons/jwt/documentation/JWT_mitigation.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_mitigation.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_mitigation.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_plan.adoc b/src/main/resources/lessons/jwt/documentation/JWT_plan.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_plan.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_plan.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh.adoc b/src/main/resources/lessons/jwt/documentation/JWT_refresh.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_refresh.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh_assignment.adoc b/src/main/resources/lessons/jwt/documentation/JWT_refresh_assignment.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh_assignment.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_refresh_assignment.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_signing.adoc b/src/main/resources/lessons/jwt/documentation/JWT_signing.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_signing.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_signing.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_signing_solution.adoc b/src/main/resources/lessons/jwt/documentation/JWT_signing_solution.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_signing_solution.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_signing_solution.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_storing.adoc b/src/main/resources/lessons/jwt/documentation/JWT_storing.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_storing.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_storing.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_structure.adoc b/src/main/resources/lessons/jwt/documentation/JWT_structure.adoc similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_structure.adoc rename to src/main/resources/lessons/jwt/documentation/JWT_structure.adoc diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_weak_keys b/src/main/resources/lessons/jwt/documentation/JWT_weak_keys similarity index 100% rename from webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_weak_keys rename to src/main/resources/lessons/jwt/documentation/JWT_weak_keys diff --git a/webgoat-lessons/jwt/src/main/resources/html/JWT.html b/src/main/resources/lessons/jwt/html/JWT.html similarity index 92% rename from webgoat-lessons/jwt/src/main/resources/html/JWT.html rename to src/main/resources/lessons/jwt/html/JWT.html index 20097ca15..fdf7a5fa6 100644 --- a/webgoat-lessons/jwt/src/main/resources/html/JWT.html +++ b/src/main/resources/lessons/jwt/html/JWT.html @@ -3,14 +3,14 @@
-
+
-
+
-
+
@@ -35,10 +35,10 @@
-
+
-
+
@@ -102,7 +102,7 @@
-
+
@@ -112,7 +112,7 @@ -
+
@@ -134,18 +134,18 @@
-
+
-
+
-
+ 

 
@@ -173,11 +173,11 @@
 

 
 

-    

+    

 

 
 

-    

+    

 
     
     
@@ -299,7 +299,7 @@
 

 
 

-    

+    

 
     
     
@@ -359,8 +359,8 @@
 

 
 

-    

+    

 

 
 
-
\ No newline at end of file
+
diff --git a/webgoat-lessons/jwt/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/jwt/i18n/WebGoatLabels.properties
similarity index 100%
rename from webgoat-lessons/jwt/src/main/resources/i18n/WebGoatLabels.properties
rename to src/main/resources/lessons/jwt/i18n/WebGoatLabels.properties
diff --git a/src/main/resources/lessons/jwt/images/challenge1-small.png b/src/main/resources/lessons/jwt/images/challenge1-small.png
new file mode 100644
index 0000000000000000000000000000000000000000..a4fbc347015e27eb350ff0ab06a68081ad26f231
GIT binary patch
literal 11722
zcmcI~cRXD0x2{C=7M%#9N7U$LkRTEvBuMlgy+;^rh&G58L~oG<5n+^wUPc$accVmS
zX4GK@b9c_~e9t}i-1^V`W6GY--h0-&-?g6gtY@v5=Q@w6$ZwGo5D-vlK2g^rAh>1$
ze8-X!1Ml0TVy}P?GS4T*-UI{`^nYL12(ofmfFDWTYCd~JvT}osT9m({t>!ub!5sok
z^@j$2bNh?noZAk$n+LiteUN!MAH6Gtjp6bFITi4)c1P^s8!0KXU2WHD!NOpQ+I~8w
zG&>rjuymzl%>=prDiPDP*L`V>8n?RoN{YRGB5_{=0_?vg3HMcfC`92-RwF0%&CSgh
zFUyL9Pe8h?zSc9FH}0jgQ+9kZxW~oK9VMaj7X3cDHz{+Dh?^S*U#{7&I{g~m+ec~9
zA^ua~k-Cn1?DSL~1Fd`}T!@>S+=7;t2o@cE*YA-!L({*GUjWztJyr)!_`J;cuM@%y
z|LvF?1|2DBuufRBVRzIr$UctfJ
z^LMxf7Cw6fW4?KB{d7BcADu(?k8S_i*1xv>wKe+RZTlZ={pW&z7W4P`zh3YktN(k0
zzb6!je(;5Rp)Ub`G0B8RM6kDC)Lp_m((*%qeh-h%jLGyIHq-;=1ngCmY4^
z7BmpscyGK29OXM}iAvG21%s0ir*!r4Z0Or0lr`@jF*NBpZ8v08%8h1Le>3*yI3S88
zm92fjvDbrWrJ1g(aNey<*8GuWf`&Ay(#mGTh4y=d7{tHOuEq}W`wWrml@19kNJO56
zb#*d}axY8_^p3lDYDnBu0X%`vaX-LFT9A%{nLb-G|IkXMUPNp;{e48%{I_PbjVe|A
zWLL*Ck(u1wx>?FD!oWVaU=D;2i!qM3o>}(ATx%lM1=jI&lFlhx<0u=Efbx$6UEXlF
zzd;G%vjP>&0(`?>6=l%Z0Cp=;A6
zsPHh%0EI>D;W7boJB8>#j5^>t7wVhFM!hsD6EAu3jHP(CDIKv|=b`#*gFT
z?5}!EDY|ynFc;s_ec(GDSZ}4^*ZifQO~Wqb^3!w-4ShrYZKq}uk}ubw)^VoOUc{SQ
zN8Ku$o+P$DE(YklDG`g|o}+%NNYdJ8@TZd!XKhMx151l88B20^(hfMka8_qKfdK5fQ!SJiOcNv8$IDncGd}}<@BcHeU^wx?7${Jv&
z5}ocMoruR(3gh1Nb9%Tysw(7Ppuoxdvd`#wlI|Gj$67~vQ5Y|16A%9i9|4WEu(p<^
zwz5GrzZGx@aU5F-($MGzU5&Q1di7_HvYc_W=y!uJ>1$!Se>VBamke7Mtin+G9Jj2t
zR&bt@nV7&p-yz}&Rucc2j-{-5cUIXv|{m;b56YHa$=?E4f#nUqVVPAlpCXLf7?xkW!6Wb55b?;@Atv->&h
zAsj2+_IjI^+CfNA`=E$XAA`nByO?5Krm(LiO_%w89O#I_T~z-(!AK03naLHq^6^NYOgD@uQ(%v$F{kB!MsH0F`RTDmKFBY1V=C}M}rsSc@;>>$RoFrn`6`R?Mh
zOpcK7kBrCXja98{049jjlPx4AeZeMiv=FU@I$2Ln(B;34Y?l7$QeK1ZtpZ3O2)Jmdz
z&*w)GS*Dh!^%kO9`{&G(Rqi6Q@w;JY85*oYAhkWOhU?Px9nt2nv#>|>q7m50>v^X9
z28J|6kLrBx9Yi`pNE!NG3E0Z9);?!fr%$_Xr876}q9-R=ZrMorh(UumaJ-3w{
zo%MbqDj(GwXZ&><^u8G^mZwjAM4DfUvQei84Ac!;F(%+m7v^fc4D1$g+oy|#h9Bf`
zw}TL0{H#Jo0)&|QYCXz`J%X-+Y^pbt=bH{vbFWzW&z>(-$Ns5e%!pCH`L;|X4(@GnC+cBuVNsNMxw6HgNbFLR~
zEtnCv?pg8C0lt>>OE6--XoZq$l`%Hu=bdMCTEhj~MY1<@rAglH9qm>&HhMzCH!~_(
z3a}bB<3%Y(zrq@{V0RWKdY7BQDTrU|cDpsNBs87ZzwdNZ${$4!W~p5j4#L463l3(;
zZSH0)?V+iRu5e)|{X|X(Z2?px2YzkLg(Dl?0Clp#yj@#AvPCezK(|bF%(8M6A*)JD
z9!!Pw%vxqZekK1aJ2PJsRPJW5ib#P_x-^8
zonqgTv+Wtp3NH9$HOu38>BNs8lAIJ&n{U2y{9+}3*ihGC{fxF|%a*`9ntnn&RcJ%tKR
z2fq)!6WggDtD=YUw7d`&chkc;13?e#>fH{y5VzJx@jUGFB(UY=YQ<_{E8w{EY!TrMIJ+;cDf36`B5WShm%ggi#!8|fV!KX_`fiFn}XP4HW~F=7f7
zh+ngqlU4@|vvPlE2=?)z7)aN3>b9QHP?xynEKOIx9skd7*KDfoZ8cQkPAw=}cV~VD
z$i~-Ve8Gl2x1>Y7BBOM)PIkgeLqqd!B&tWV7_O+wT%C?X(CXglPCL5Cm2Yu$_V97^
zO?zR5m9`W!U+RO%Sb|=UMOAD}Pgv}GlIeAt+A?|$8fw)N#?m&ayFWd6nos+9(!WyD
z5Bq4s{BwY4U^$TMvlAkdmAUpeo804NRQ!uraM
zaOeT&wzO_suF~ztv)xkdo%VxV2Gd4mPU$#oPuB0K{olmv@N4ArmfQ-q{7GrAK1g5Q?NJrXO?A9h!bICNk;T8;kW#
zYn0L*ZOHA<3)5
z*VVY0WfnYfLgZQDDCs?EW^V}53djVC7BqB!!gM&gEO>d2t9^_be@xlwxy$fba??uV
zOU5V*5J)A>e-6p|XCTcFA>d;JMJ53WJCnjkOOL&V%hza1pHj$AOvJG!uGl}WAR%r8
zw^4GQFK^2!eo`Vldw3<`s~~dwPNgeRrTb1sN5}sQfaXo@a1oO|EYSuyX-N-%ORy)byb79rY
z+XlZWED9a~-XuqO=~vk9HMC-71!iwU?w1pbJ$U_FYOlotG|xRDKBWc+v%hC&m%AjK
zq%caFk^y4UqVhqV5BV#%eIqT&{K7gHfxJ!jUtMg@&IRXFwX3uAfkJ*=*E4-|B@g%J
zK9x>bOPP7I*OU&C^tY2nkxfq7@~6O06{zc!)@3v#9My))`YXq^je07Dh;+q1n_$mmsVp4ZW;nT=p=nvvc`JrwcU`T#}%E_*jZQ
zckMb+lj=1DMsRPx4TQ;VXhZ!im;T-AsIrTfd
zBWl9`i=>0TBLezTU+b&g4Pou4ox>rt
zxUUCzB#&APRreY_IFv+xcW#g!4BEVNt
zenBcG|l^`q^dSpm3c$-<{)
z#(Qf=gC8O@e~@9{1#k>Kf$lXpgiU3jI2E=&kDc@hrQO|IkSSl^rgL}YpHqkj_(xm6
zU05FJRpoR5r1*({g;<7u9o+(uSH(ZyZ!arTHz|&rbiwSkd*9w0`s>0PAd3>Ep~8v!
z^s~KLmX%7Zdr2c3%t-E(@cMGP*28!HJ(g_Lld>O7TIgWU@8HK`Q$^q0Ac6f3K4eet
zYp6fh$vkVXcJ#+tYBwO^I8@O{iwFy`#kp&En=j4$Q{|w{8KQeA$=B?MwKF;Xyi6p7
z{BKMx+DIeCzoaq+iast8V(FyIR?G*IfqMaI`IlF)FbpM)c}Lq*zL>$B$d~$$y}*Iu
zt1fT1P>z-}qYa3&O5Eg4j@_2m5yCmHX~%QY+UG~$o4_3oNA9@G1P-XkbVzwYi3Rr&
zhWp2yxypo+bbMnHk)HELv9%+W^oU=A`}1n@O6t5EJr$~*_Cxl(4Ez#qd)ztc!?s{#
z;Cbm@o|f-8@r7!MiN-ZT*vI0!K-sIahcqbwp`dN7rr^27WoD`Sc4NR$TEtc}fYdRq&%5$H`WArVGP$#0$IR!=#bBB~>UNcDU`7Pp>UApfco&D?gQ^@rC
zhYJ@F%*T>UM5xU9u@lnCsTbhwmr_e_gw$x3bPFK6yynSqPdWR43s&rM_+P&@{AFQY
z4Ua;8KE2SoOLLmC`1AfZB@Wx%TF{8D7yil_ZBlY;z$osCi%X44sRy&5?_Rr5diYhV
zTKFV|LDIIQcsnh(eo=zrAm`V&&vnE4J}M|~;|ImOusE7q2b=89dBnmI
zTc6vkUY~WiryBkE62@9JevkwbtUNUG+z!E4nOtJK!(}}=Wz|i8mJlu}abKLrO+Pw*
z3h^wqNVer9diT3L#!O?X9L~=As{SE7a6>|s>vQ$y*fCW01;>^EW|jYUxZ0Y=^LQGI
z^f|3^U}1gbrm>s1Z?(JvL0Mx~m|~3%1;G=K$@mA4j_
zQc4+CA-)#Vhp9xZ#Zj)NYenqrR66e_9JDRG%hX;?pagQ|OP5B17(T6-LCRmvKSNY3
z?yGDE{7_HsJ!XwCEvCy<5UJbRnbBs^5C#;Wu+5u!3Mmb-q9o((n#D20mZW)!i;zze
z_kN^aB$Q2xKFBlYuL)utEg1(04P|33xLxiNTWaxmkuQD4UV_0FN!o4|By=DbHZ8&!
zR`7kTlUamcqTIy@pr)QVJ5);hOQIJx*LawENFM{WqC@*p|0N;Zsrp>PvcQ%_`2P8L
zj|xnJIbzeALkgGqQeW~kAWzE)A55n;#HA1@T9Uf?LZQMVSu_5gw}$~%lWl`HTquZU
zSn}@vQh0XXO=nkrnLzjF{bCH%ATlSC0&eqJU2Fba(
zy20aebXR{A`kf2=dWc2ti^bP?QpUC?q?5`@eNez$Zx<1vTsks+pNl)#r)y#E5&GjL
z$@;?}d7^%kgt=Nfc8%k;;|;@+MOTHbGy_3SUgrGx7i2yNQN5Y@`{gR-iHqZri}U&-
zy1Z#3Y=H=0!Hk4a4F5o@XB`vFVIH1Cnda@uc!P&Q$>t7DhZSbf-r4h>FGf38=P+k|
zQq*oTUEYzrX8`NN%OuRL09FQ`R?_^>`x*Fl*#uC4TQVWD@=WvMpIW!V)8u|lVGGrr
z97aI@Q@0Drj7p2USpIDB=KS7j>g?Q``P$Xvm()Lt9=dM0+N83s0C`hyrc#;|uNF4_
z1tk99TR{?_6-@j9r4KX|S2ogEW!#g!>o?rA)kPTv_v)){y%`7K(v!UAoU^9$v*9w^
zv$m_9Xdz0%Mp$~1k1oBlD|d|zUxe_0W8BO|Wap+B@0bKpVtyF!o|i?xJ#UiW@9F0*J303V)Uwx*w;b8R~J*)fHuOLH94HdoT$$NdQ0h`#i55v%(Ms8MmAHzbqp$hZ+7oX7G*-IX~9Aoop9
z#kJozf|F-|hHfpK1BKhygAQ`m
zd&0gxpP_ewN$#>*b8d{a^#UV|4F{?xSKpwT1(0se`V_8y&X`&H8B3ha|4=OTDwXvP|mvuT4l
zS$nN<_m_vj!h-5+?6K7;Y%Py}tZmRqoxQp+nJyg(!w7@`q^W4S7
z$i;DQgLzwida0!|Xvfrpqj`(=q4?XU=hDpPPX`~Ra~w#&5p(CRwL3DRiG6BhFY9(^
zVMcqA(J;ltM;YL0ticyA_K<{rUEIO5-5Aio^SfKpqZ98_pFDG|e>Hqd`%v-M{VJqW
z)|@+^LLi5m2i}`FBt*;?ENj6Ph4N=9ieycs&y)%8-gW1lm!>)B4@!a}HMiT06;-BT?S^*MgC!`wU<=!(2n)vEA=rP*Ax0_HEpt
z9%E(nP-blQ@Qa1ngv=*48T{^*EH|Yr~ktQ6j9H!pf+w-u3xrj?|OJgQs1ezP=!1L-^b+CgDHEmx&^P
zUV_!~NZM58P^2eXBsxLOcTE9ms1mj~F6|XaNzv%7qDHd__{g~DNe!Sb6rbo`T}SwY
zZSzM#3tVjrohxqbkWEe)I-GnT5(^qREizPjZzw$CxA+W@?3^yE!OP5tK-AWqUw_4|
zSyx!5Agcl3Au$RkUC(SuTGVn3k5i8x%z5_KUR)Cb(9$9FNQAsN|M|^>SUw51=_C`M
zYcbVB{HGV*4B&k^N0or6(%2HaAInPSSxqF13!@k^Sy@}Y6hMjubf`Y>S2hvt@QSIR
zw9fYG5@R2Zl_L9~X+8-bg@QTa02GdWmTLH#GT-=DkkpePxN5sds^;5dY1rNdv?VHA
zQy;m@1#l_-}&WY0yiOIkOuR#n+h
zjrKBq0oE6rK<7oz5%I9a#3T32xbYmsHgZ7X*hhlEl
zX9rOL_qbPUDshd5=N8q5ojB#8nCs`a%WZ#{PpQ901^Q-Q{BoO7$^~{w0Kg;3G*W(o
zTZSp8kXCGlLwe6s^UuplW$nz}CeVa%kMt*^ic!z?=@0xVfI?rO8tJqUr{#S96kri6
z>23p#ltN6!pc!5N3YyvvJPO{_(n3RgH8zX|MQL7TE^BpcO$PkUzQn|G=)n+5Z0D<;
zE{oajL3`>;>ntt+j7Cp95b*b1JrZ3$p5q-XQw6erq<)Bp(=7J%O6sBynF%4F=`PmW
zJzdC!o;Fl4d<10+C~^f@;sGN{*az6hoZAbkTp4QMpYCRY
z#(t640Y83>Etv#rKX?A4!)CR6xbZ=U?Td5|D~-=}v)Z1D1>r!~3DSB&LyWqla_52}
zzJ+0aik=bIj3!B0l&~yh+0SW{vp15;O25?5coc0=6e`tD`+2+w@Edrw7Mx0Sa2d%M
znc!O?{2qtV1D{X+0g9#yTU^aVLV=ki)3Qb7JM&&n^Zq3k@KG<%F9soNV_!5ewscpfLE*k?>h}HIHx+m#ht&oe
z=8YSKR!u7fJJ_e@xfyAUw^?rE(7X33gQh8vw6Y^1f2OmJ2~dd;=wp+R5KDAD`#$y&
z9B1NwjD`-7Ze%*rLbBt+
z$T`h=m_S|9XX|AD)9vNebk>0NdB?~^w{zQE#{E>+FV^fHJ@H>C%Dg(NAk!US^3-Wb
z8hO&&^DSgWA;%yAqv`(rwY6DT&mn6|@=0tMre+o`Ex0!qYUvBq6rrnmiwtw~C9PP6
zH`%f_lV8!XM0@3;pS?Hq0uKt|mxD#xUw(RU=9vQ(ThniI?1m%x~UiQfHeFfT+!(YvvF(>*vJKaJ|2fyve_Z7GBlf!M~M2o4~
z6s1K_cwmScLhOnsL*8}AfZNTDUUyOmobnQ)qh3htUq3z*E=ujcE-@QF{9>jue&U>2
zAKYhWbig}me8l1(Km|w+^xs`bMSn-C+8+IW5A>Q7xPp4vn!hXO*#9Z%>2ouod6zv%
zY!~r4%JeRAW*N>Yru$`wGcZeF{&yDOuHX6%Vt^;xSJ!3!zBxNu&{@Q&o$pt-%mlRE
zo5BcWg!!AXWfhF_wp*)N|Ix|*kH+*rZTWvX*Z<45{6DSk|66Z7$uQiS8G32hkZdNZ
zE0MWuV4N7;Tap7b-(zK&Vz>2~lg5>!bV`;_AeQ+J(K)B`Z=Vu*+`pQr3kdmfGk
zB|h&}s19RplX?~ji@tcMIxVHE!wc2vVz8fr%<^;oZBF9PR)oc_N81so
z<@Cg3Y_yWCL)@szkCxL9?-nJDsm{MlK4Ftd9^N!=ICgap99Aq1F>MXz!7O12Vwpsj
z+bP7BIa>~2x;L!^SYR4l&Z1yJ@qVE0eNH^73id$PZ)dyaYqBQt?2mw>vvUsm76QA8
z8d++g@2{#uhaLIj<`D`jC$%WY%@f(h2j=GNh>NM(14uq*>C}Bl!G(4hRGpxRzf`FZ
zj-6LIrL`Z(37(i21L};FqT2%f{mP0|
zk&_Jzv1#r8awtNjb2ubGfFKbT9M)q9vmW1IK7%J-<-V!cc5@SP$gRl$euZNo#3WIE
zzKhr$7yNoiFf(Qe!c1@;6sm$>yZPL|xv&EFP7T@ul&&wMKuN@Ei+T%f`o{aKfey
z5rL?dSRC@4Q7BD}hmQIPhfulEhQAs^NP=?sZ^gesErPv^o1Q9B$&hrj?kznIx!(=9*IohMlkByvSdEiMfs?t
zmH19dpI$HXcM${?n@p7zylE#OE9+L>dRjKYHyF&;PwttiDaEvfHzPsG>tr+K;iYC=
zLICcOIy_MItR-ZoHJ*5FQw76%b*77_FVu^{Awxa@ubUm>a`>i~7yHatfi;u_6@eHF
zM*
z#A0Pl*=pj5dfowO{@F^Jy3HCL2651Mn8cG9+
z3o3X3tTZ3L=a8Y`L+%lX%hwG+iwpQuje~-^HjRE+s#~z>)Zaomnx9;eaAcv+FfDks
z-|G?thL#XM0@GUe&BrQNWU`1L9?PpS=JT%MtK4bCTP1>d@K2JmzO+w~^2vP_Z`R+u
zDmT-ywdH|aUP?_&=YMb;S`Q~|XY;7fB%;_DMW}doGT|!aSb<1$@QcMPqOf8?`)r8M
zM#6_!(1YFgDf~`r+Oe;HXU(=v;fTZfb^F&VSa&|4|7?_R~kg|D2LWhkZI9Z
zu;8jWJxI_Ay_wHCV^1?OrSg*d4YbzJqkf(LuaDEmYj~NbhlX+;MqYy7mz=jT4Z7W@vAunEGm$HX
zK{`48>ze%Z0zqp4_8?jaCnhKL3=IQ2?E)JDW4de~o4H$A-E4d<=`;7y(9YrX^mue`
zN@C@Hj~7|w5BjPr!@$4(17wuH@c;juCyTT6eYua{2HZek`t0AP6D6s9GFmFcpydtuBKMXLCS5E>
z6=XbulK>p}lq(2e@|S}#EmMD+!4#MyJ7IYE@yUsc!~5QTawp~-7DG#)NZ+vNoJ@H3
z;D!-yp!$!ue^z#O-Jj%GYU83Wwlrcbb&-DDLoW?EZe_5^fQFO#99HD0bwLNbMRspa
zUK-NHL~J8>tS_PQyvZ?S)&P72-|n$qYLX}TVU81KHh+6<(Ok)O<_whN7!fPl^v>X3
ziAQeqQ>x;`&3wcFd;XO$&o=E2+sgF9fsN2WFhEc3tIHWPG1(t=t(0oH_Jjz>o;vsD7-P5t^!
z-Phmui>(u)TH_t1euvX2>6vd#w_b^O1ny@0ud#V-{1y^jgDD@}KSeIeS}Q@VD_jgo
zI4^ri>QA#u&(3<3wF`{?oNvk=EX^-<)l8dp;Sd;(037x%!}}=LC~FpixYrU*sAkkg
zRw?Yy-+xgD4FT{xSqo4{=y*>y;-Z@je+tR(?uPC>f&tmmw|=0$^p%d0`}SD1{K%~Q
zO65x-!#MWbf#ox)EC0d4XAkR&9!K}srnnCmrkjCQ5F%wFlr&VkrUF2j2RX*jpu;(@
zGMWQ1FDxx}dFcvTTk}iwi?73jS_w)FoZF9fc6X@BmeeJ@da*9f&eZ;{L9A<5J~i|L
zZ)uFDXw#W#iBK*>%=qc_y4Az}v(A0aGUd}m%S(-u){cVZ{j`2NRjyKOo!dN?Ke|`b
zdv3z7u`%H8tPB8l;}JbQ(;lWKrUWys__heUUns|E*@wVTWY72dLRL~@wK(h&Cgh2?
zx8(L)PuMq4xz3NjWP)*xjivn{+@3cjHT6#R9qxP5w~yG!jGNA%dHk_##X(jpSw~82T?}f3Wjf^51;ZK{Z|Jz8C;uQ~&c-
ze6JlX)H0U>V1&+_`#VPa2=F^r$>LpoTKPxYvfuyVeE%oz+v_6c=i=;g921?>e$1vs
z6%IZgq5?v4Ddp?0UquSW_0c&dK!^jlHja|t1V2B6%Tv@kn_KQ4!73kSh-==#S8n39u4P%K<4gUOL`KaCDt6Ri#RZJ
z*o&$OzSIB^olRDGSlZCC!~+&>(j<^(XADprx&t|=wbi`LUv!>V@rqKG{!2|JJ$Hdf
zfuJDZ6GUyuDz(KzRVs6>Yi`BDFu>n-^GtOMo?BgA_y_&z;LJdSfdHMGZq53{My7W?93f!>d49>ByaNLGowdo6po0)d=D+h=
z0(SPmvz0{T*W%jr*WB>+bo1ZYOUKZi!!Dbckh9;@--pjV@-NwLv9bMiVxr~z)=O9u
mdX;I;#I!Uqrq>05Cs{6AErgpA0|VIv1e%X@)XP<^!u}g8!DUbY

literal 0
HcmV?d00001

diff --git a/src/main/resources/lessons/jwt/images/challenge2-small.png b/src/main/resources/lessons/jwt/images/challenge2-small.png
new file mode 100644
index 0000000000000000000000000000000000000000..777b5a093721aa430a9f751a37498078511c577a
GIT binary patch
literal 34371
zcmXt9WmH>Tu%);Zx8kJ~30mBtxO;IcR*D37cP;MjP@uTG6xRYpQwUOAf)s-D?)Tn$
zKTeXBtX!EhGka#wzR~Kca@d&Ump5|zdNE(^!FFlRE!yZx4tgw=I)-NP(dahz$$!FFIuo>WzC?rfk=ytLGWJw
z+&Sb8mscX{F9Y4A%q8+NH|13FxR0Nb%2E+&e|S-sed@M%EN)@N0?`{}EQ891TEX_C
zBWxY*wXsXtA3?03%IZ3cq4TY8WZcDu=<
z7B@?hDza518$c-q1{Gb(jti>%1Ig^bp!;0y3dauZ1
zh6!RxIm&u^@-B8p7gkmhPgVhQ`f)|^zZ*MfA$rF!1}FB=#bXOPi`>+{MUXGkLYDYQ
zYubM$s#r#FCmFn0oul7qiJ`@yraHzi5rRx(ygh9>zmH*78h*fuXBqwjZyeEw4iEP6
zII0+Wu$oLT*?2C(kuCuIyY`sidr)mHI|+xrVuPOLBuMLfO|{C6QwTDKSPZ`7o(Q3<
zju`W}&WNK;O_JohvbX9!C5dO9rBMg^c5%dCB$&$76^FA3B=9ynsDo)XAH-lYSxWx?
zR5@z7@_aceH!lAj$Q<8M$Th$4zM%H483;ww;CrG46=OJ9*vugF{#TSPddd_-*xNKk
z4PDdG!Vy`(CE)%dvvlZ)_LJp_9QAIiE)m#NgTE`al8vDM+2vnU+iXqXFbfE|6>OoP
zP?$=F*Tfp~_EtTb^c&8P)OUHRoZlOgBtlU&bamwzQe?*(U(fTjNAFIiFU+rvtTg0s
zdYpV2&sR-+J1`pVg`$}W@deR`tzzLH+KP!(7HOK2Yz0<+iWvyadBbPV({UTK@_ZUtEQ9Y9UM!pEK5g5z-dZUyR(&rq`<~C(F|#_iqV>wHQKDAewmt5
zcP^hl3-h(KwD9opsq5;-(zB)NxHWrz@Ny!|QjXxY6RNDPu{y4)p!XI2Z`&}&z6;e{
z;?EgcSkRToek*M#dIds>PkEP7Euo0ETD`gT^CN7a`z`v|{uL1>iaq4ZWBc^Vmtz~t
zMlu7)+KTQ6n=G55Gxq3o8|V5F9X~%wcV{W5D>EpuXOuKFB$W@S5M83^)Eb4SxQu;i
zYNtWDTF^u0CRAVh+I81%
z?%2B!?qiDR_Go0&O~@oO?hYb~0S>B2pV5ztAi$nkr3@qNUNJFXI|iM-())43+p&hMnzYC+XUKDpU_1g!=*E5iS{=?}saTCqh3P$M$ym@%1eeUR^LoD;-FUxm`xnqBnq^9zs?W%GYc}MaE!Q)KLNlzFf
zqv+f(L$X1>NN@1!TS48v_cuzxWN_Om=49hn2Zxa>5fV0&!NKs@l%9MbC#ooQ6UYSO
z)*v-sVssNoY!;;^?58p9`kpJIG-D=y4f|4qt4~Wi)*`}ppoA4nB!ZseTBI{1S&+%2`TmmW
z#2=nN*W`=LdN>lOiloX8osD7+AaMkYANGgy#jLYirbJO1E0qAYeW=e
zgTi;&sRV3O&|RiaVYUu1>#Dub7M5o@NIchBRWtJT4H@;p_uO|*Pu_y1x(%zsLar9d^Qy}Vv~oA@N%
zS4DI2^E(~$v!B*MQFue;>yWptvB+Ahd_V?b<0}|rsq2Z3LoAl45(gdC+9<;|(y7ckWO*?r1i?&jY7$}s>3`+lf7mbd
z2sFbVh#k>?1ejalJA;X7?cO6w;AOHCw`!mH8EF~*Or(|i`t@sJQ+4cFKDEfQQj{ms
zdBIEfz_PW^MgzZB16JVAPp1
z;x*Zn&O&(ue8cqaqxeHnB+XX7FAc)xm2W`0Mu}ViS5#ZTfm3d3C_S6crS~uL<*Q%8
zF;`CEc<6@a7}4`1%$f#V-y#MYzj>?D7b!pz3vh^9!T89SRC~{gkik}PliwzxmxN%Q
zF8W*a@x|ALhi^Zk^(K)@OP>qH$F%U(DZ}`g(iMS(xh;Ux3tLb(oh?;4IR&>}&6xGY1>`Y1i+?z%2O!g&6|>M7duWC#Q#gW{s1{CvOs+FELz
zIs+LX=343F^CabiVL2qH>ENo7=A}~
zhkWoc%eGAb0atwjcYL+tF9{P-400L40YcGFzH`ML)R>RK^P3M04}cMXisBmk`Za|R
z5v1Yp?5w=3EZn>y6Axx^4uKl?bHC){zlhqe;EjBvRsn(x(pYp|
z|8g=qtryg)j=>3oI$ZZ%*T}4gNsVfF0ZfUA5NcdyEz^u{ZH@Q3hcrQVH>G+<=}8M_
zQ$Z=o*zG2op?SlKi@#QQLI$MR0Juocv$~7XUTG~YFGmfM6ic9C(u|L5&i!DjLmT!U
z-LF}51r$ur7RCy|LtrvK3^ztxmN5$t^+`rp2;xSc(jI64pJZpBZ_fuEck=MJsgIE+M`R*>p2_v*
zJY4$gV&r>G{F;id6zZ)edMXDb3FB1F+@~v3rzg`|6~4{UH*9P*kLRh}+f1JS4w7%NAIl}mH3V+g29`9ErUN%E$_zg|2n;pBclm_ywp+^=HBoqSOx3WK3wrWCA0U}cAX8@@I(7=FD!n-
zV3${}fh`-FvTme3oDH1uHMsQKX&%{odn7_#SUfy@A4+XLg!|>YwKBLN5_-LopOnCi
zMJPG8wV_Z$iD;Fq(;ghf@g5vukfn{AwsgZDDaS4%5&OgZ6uM^{$fXqsSQNZ{L9^h$x|)79!4W0C&y^00!bEsd|pO+F0aTBh_HLPB?Vln%Hg=L0oqIHJp{iu
zhCkk6-JQZ_t?w?=fSv*`WMl*t=VhblqzA5hd$_uP3DtMx_W37Y+i`Sxy#WKT6O)Y%
zjPRQL_ZY{FsBcetm(RUbuG2QizHhyi(yPA>H5ZnwRJXZG#tmeFN}s@Ag|fZ=zh3$6
zP?$nCEv|bg4J!(qNnH14MjODjeP;&burGsK@XGUs4ean1C5S3-=X1>$%2iM43va~uYi(oerZmIA%!k)X3Gb289Px2b5x-u
z^(}gTGETaiIyozZAx(8>rFHytQA4Y+QQOj<7W96;(aD~>Ff!HbtR9;yyzV`{nwAr>
zH%H+nN_+kwZvS=Rr%Pv~xWN$xD+O!YvA;+4c|-%
zER@>LJvEV+$5{WRmnXXTtux=Vil(OOD!Z1Y?3o$%v)=sxoQG!(?MXKe_bg%1a#>3Y
zxF0+}Hy3@}`NP41`ka5=148xqj7vJVv=ncp&v}@kNbk_~q*~j%r}mV*gTa_TIA1oY
zp-5XcVc++{u2+PvQ)#w4*@24F`tgAAsrI2l
z{6TQo9Dnvo;Hf#~Zk|*;Vc)yGc9P0-y=MvLzP}D18Xe1k-CaG
z2;UjZBi4XOjQ=FZ9^W&GyRf)kh|tW!FN|k@b1}so-`|?ahNTiveG&4iRoZ+w=$CF}
z{?%SZIz>>+n1p0rHEDb)adI(v
ze9>H(46k*|leYfn3C5`N*shCZlm4Zsw}FAd_IHqkso!cKJV=5ZR<6E#bC_y6N(4BuF{iU{zCG+IQR*7nbL?H?b}HR?5!mo|1&X>R{d(l
zYM;t`vsc*rcA)FO)v@2--|DFH!1RLEBN7T6UJ{cT5l%R4ttI~I61))xBKa0
zLK=puDT&^DekaPm=Jo;vY
z_b1deSd2PtzJh+EgKUh#O&!}o@s9~2kM+0aT;L-j!0#b8ChJ_AaD&DnqOahF;h|So
z@m5z=B$#*a);t$72D
zntQ&hIPw(rK$Z|rV@R9$46zAg&1u34zQ9Wd_yZu_muiBVmr{*Lp>QD4BXkAsEhw+M
zxco>1Hj(^h6>ga8yr3nOZz0lXaOnP^}eDg}VVG=0G
zRvD9H%E5wG1ma>>&0Yq^#%yvl-d>NMzP@M+b?sr5TjQ^s`d>kTJ|e|}GRZzHYqk$h
zPQLH%nnS)Ux61wHhJT;adE3j@&Q5P(wPUUoyz59V=Ens5x0D&%Zg%!;CSKT{bXM!I
z9Nv$FJDRk3S}T_j!DW|iGD(ebpg@%kT+hdhLDG~(%@IBR{|
z?3)L-k^zgnfhTa^^?--G3z0~Fcw%ru=%=+Jh77tq)gnZiO4s;mkp&ujZ;#33|f-%(O|*MBi>-m?2j0JC?&l0n(M(*
z-36&f8Mp))#yfc?8Ehk|(1*&P1Bes`+CKb-y?cwI1(K58L1r@rxP3)zJDzCilozGaVB
zy?a%Y9al8`u1g83FCSYkFrFS6f==5Yt?w|6-}D7sR#xnMg_ja0z&uwSY5e*hs8_0M
zYF5AZUByFQW{f@m3>MVoZNUBkq}YhYbJb$?vRxj<&PwNYYibxHx*6MU)(
zsI~-fbd7ETwXf8&xIjyxrUAPx&)4gLVkD-PVo!%^*dpy;T)yzeAlN9SUP^rQRO4?Y
zOy9W2G`%zPrAkbHUA>NMAT^GiNFW=X)Lhqc`uT>aE<|HL=
zYiox;4|KtE9px-$%kG=j)-Rb_zL$>|YJpqfq^9w_Qnbjm$6OD2f>Qz3IJ(AHj5uOn
z1960#UsxVLcG7%gNQpMBQ}Kjyed}k@AOkt@eVH=2KH6CEuAtJd|BP>7*W2VU7AIbdOPbA!EySY_NfH5#s#!d+
zj>>h=fJ3kE_HOpxQu6ojzW^gtbFKOoJ>*raJL=$rVC&J5t>8tNMaSbr^&Q|Nck49l
zmUG4Q=(M+USrs}md-%`$EWQ^B!e=Ay#`%6nrhXS#1+f*NGQC!N6a?Rs28cml8`bx>
ztQTo|s?7r^!8)5cDas{3qZZ`x%T=ck&7uqt(({TNDx=NEd5fE0qw@f4^j1fHbg3vV
zZU40>B6PHo)!t@{C8dvrEoHs%C(fI47i>JtnvnXMZk!Zqi#G(6;
zgoIUZtV8_8rog@X`9A0II)XwUfSF-UkeJPK2IZ1GC%*(H(iSFrlAGa>w5(hHy;4M
zcsw?peHZo_Aj$S!eb44#k8(8b0-k@oaSiModQNGyhkO^Hj%?5(D&K!=(YnBD(Fp)U>UuC6(>B2v7g(vPc
ziA8wl)1dg>FBHVk@s<%~n0U}9JYQji;Z1p+d7A`2skA~Ia;k#U0!6Rv7o!tZD-V1=mPlLoeMXc2weeJ*e^h|DlSI$XF}&NiP`f-3FZg`$YvA#u!kQDjmQE85
zrlD#|2iLfZjkZDw8}!q|HDg*^Tdbw*o35M1=2d*<XDCw6sBjNLDk$}|O9
z@5C<8nk_H!@A@ruyt?-aqC+m!9=+<>)lyS%`)-yom|;REQH0rwsOu7F3361s#p
zoc8^~$y^sB)EErdQ<%}yS4gRti4s;rpZRiiGOKu%J}U?-V_|%?v*UhGPV!-hqO)qi
z%6&m8`lAB=-PKS4&RhiH7CgD!wS4Yt2{x6?4)JKp#Ked!iARl%Q?79NZhV+lZjr^dmgKX$h-<4Xuc0tygXGq~h(y2XO0Ltyx+~~!I
zzb=U@3UGcFS%;>Ut0Nkp?&E=9N4<7(D?rkaMP_F*eKQ!fgoPNQUYs~@X^BoIm~}@Z
zzdOZ7Gj?e&UFPHzNv+)U(*jFVX)M
zU;fNSZS38*$?*CozJMiVp*+OGPX=8$okc=6Va6Wp`{t(3yNeXN!Y@Gh?^x`tlq75d
zhW-s(ACK4wcKBg&JU>}m+R{Q*<1QlGP)jt()|N{t*R1w(3`H>Ve8OhHUT$2f#*@A|
zyEkMI*!f5zS8isIZm}wFlO@3!JiZ=Bj~Gr*|L)s6(b*Elf`k&i^~o2FF_+)fNLn^u
zq8ddCWOuyFtEC+^H_
zZr=^tv&YW#af|X|l-KZQ9l5R!{~zPKsNL5-{|XWU-_zY`sfs1lv}N0}Gt``3G}{jc
zsi>)`^-Z?5v^c8&Yo!&km;Qky)6=t1&WFtSym^~Bm7jBm2uz~XT#we3?=dK}Q&(`?kN`_Dd274$jvTfv{9bwdw6)7h%|
zKKEq(e?fK2oI38;_=Ba+s~&p#=J+`Uc2wy|EU7w7yF2NMf3dt%G3CqbH7kjNHE+!x
z;8B#JZ{MC{duK22>4(n-psdEIr%YRNS#putPsXcwrpEi!Xv_8`G1OR?w@Gfpk)X{e
zm?bxQM;{A65uDycg4@;^;xnI}N7s+FAD$n?jouX03+qa&%=sd%-}BWu0F>+OXrM2R
zrh_|>az`mW-M$%1Hg=~WVE1;MF3-u9+Ww@Okhs}CDbjEY*)eZ`E9-Yf}{DNMU~#-_uD
zw2pt7H@jEBK6J}YJ$)l6Dc#Y2+T8$7_M@$)Wl`HgTfTdIZgjIju?&M8WAIfG}*HBsVzrZZPoq
z3RRBU6;VZH_je^QObcY{YpArr1K6v6cjKA6I}ZH@KdZhu_0(!XOL?uw=U--0+s?tu
z&|8jbA8e*|-~<3B+~HcDY}QNl5%%@&E(M-188%INMi{tWf~x8Nn&b0bTOw_qvT7v>+dqk2m_N*$=FTxDp_nY1phHB+$uCC3HX>luX<
z-hn`U^Hg$hbi|M`oh{#L@f4%I0c&vI;0UD9t$V)L-PchOzWS!M9o*59#wjNw%hCG}
z^RoyeDi_g_Yf=+y3dXO8?wDttU}orsQpp8o5k7(a;b(o4d~3xRIPmU
z1`JQCC^{1*b72ry)@#KqW^R3E$;?p-{MsKzvSAmse4(zru${X-l9lUkzk{llVhCrb
z-jJG{3kNvOS5D=$AuPLh01Sc4j!Ii5mW{yWIwbLZo~rBgzsag4*FT(c7dr*Hp?D!m
z>|Mze4&BkBdFp-tuLa1?CSNmv9G)H0rYSlf4wJf^Treha5PA9DbWy&9rmS9Tb^WW9
zURx2kIiPDl$`%KH6L|c-18`t*S0P=Uoz=xnt~0f@`%nw`y4N0*TV3&@hc4a>pq=Iq
zKb>fFUF&G+H@MK()KKWU0JY%7b=~Ptf4F#qqJx2f+5e
zS8=;8KY*<7aS`U_P+ocFd$_CX4Xo*P%l4NN;WhMhD`%j?J!yjWzVyIcM)TmC-qajD
zkIc}u7d%v4o8s!~oYqzk?o9Uy1(BOu!bi^~2taQXL4}jq_@KF00h~@lcLDJ=KpF!k
zCZ-?J2dq6HX*H4xpuzu|IA2&#fxhGP7a+8+2C+CAj%&OA-QkQ<`oFKpH(|fnI94*%
z3lyyGtxdP*i)~is%_d`Vl~QSO{KSN(m#!j|R@Bg&KN8`?Iyn-Hy8VbiCNoFeMwTY5
zptvyoj$Fi*a@4PP3E70n>@OBDaNT*r!@iZFVr7=~tVUfQOh890c#D26LP~sNhBXK^
zpI?|*CC0cP)z&qcAgd^ts{cixi5|S~O%yxKJYO@uyJ8KibApPt!7C{t4qae@vrM|3
zgSwiUPU)O!VhV~2)tZ{YDGqW=>lNP`(
z>i7E5110D;1^eIM@r^{E8pVbw#DyP5PwJmqFPxV*95gFMW_Ox={UTyH?vdhmhJwdN
zhN8s<;$eZXuF?gY=B2+_C_=(r|52mg7S#3*N^qb|o-Ta?aQkPk=``i6ZW(Q4sxS+-
zxo2{qwuP=Zno|30)&_8-OQN&)p2L5KHL9qI&2A4X**L-qdwb(u1D~~?;emZqYJry}
z0!Ls62Vms+(zFDFneG%LfbAb+p!)ESA96~nWTxTeyGSK_4@Qi>WHs3Fc@
z9ZXcLtw|*cC3L>1i3pHophPxaLK8g!Y?g
zrJ6YLr+CP{hi{FtR7se-;^`GCxOsjrYnT?4H!PLcGRXL=U=xmjM}AkPjF&HnJpEoU
z3K(`%kI_;S3${oQbg5b7!KiZVA!Rj^_tfPF*fz7D5sf?XkUIGAF)-$}7*8(yYwL1y
zb7=ekCT#M$(4>Ss|LW2silsLR*wr@3HmnEdB+<#$FQ^Lta215&W?uYJ7FrX2!|%Wf
z0k=&@`fx5AEUc|9RrnkOC?9p)`HfmM`S{syTK4Y8?xfC#z%5DOAo69J-zfN7)k@ph
z0qjj|+wc)ie>)Nf`7tX3Oi2Lxy#~(qP%hS53>LMzBrytD9X_tBplDAAitZ%qII~W+P_3BlsNl;km=#NjBe}fChoPF!mriH#*j&N8
zA611<>s7fP-m(lYMJO{&Q+L5`@=;4rtDNrN&dtv&^5vA3Gb~5C884T7Vx|rI45)u7
zPPygcsPB3yR8(^X0`kIyEXOum(q9Fp#@7IGLpSq5aO>8B|70ag*i%em(?TBy*aT$;
zDdx1|znw+)ZzqvZG)w%z_l4fC@=4#8N-G9~b0lNF!wq)7ezEG~wSfp!60O>!247IK
zk;MKTblFg3s=-$rmLcjXF~%pXiQ+(Y(2(qUmXNK?@x})J|J)e@P{3y1CpR0F2jZ#+bAjwDZ?I`-}^rmc<0Oc_axz`
zVw(F)p_rjc6oS0j*VorAAAyPJmH>zj%`2F*uYonDHgv!V%`dqwkwfAk@#5XS8|0~<@14kYXg~v8yH@i4@H^%
zFzU!g!6I=UjIKCehxz49Gb(Sccer|Q21k1BOzQ`cnL&x>ZW+l~((6irIWa(^^;3Cn
z5aQW(GS0wIy^SJa;!
zuUguS_YR%6CQ(E?2$LuOSYw_+vV}EzXGJf49O=d%`uATadn*-w-rIA3%jN
z`$?QK6z%wkGHF|~36!)AoJDC0(a|)|Dx(AZFz+6T&oN@}C=^l%GVmNj5@-Ng!{hD
z%4Jy-T7R!x>?R*Zd`MQD;XpyG^tA><9esDF+C|LSO3d*$6Sw*Vkvfyr<9p^MvR$f(
zf<#IQ46z%5+f5{bkf%iFk;4inVA-d-uS!L}9=H}+TU*nR_~@#H6|RnXE-LPJj!Cf)
zF7tZNV_ni95#YGCrv@7>z425OHCw?`wjwFAsQ%&FRJ!?O#kFpqV@g)WPG85-7YB3g
zFa`trDvRmgAMY8*GvMN%bKB
zvlezep;M@+#%Iz=5{!wkBV9g0{BsY~$@I1!j0S0qbF7T|iz&4v`4x{D!|y-+#$l8$
z3()ig_rq1l9Pr*Yj|@r|IgD4-mPd@Iw0?GX<-W@o5fw#|jVF)a5dbP1&QcpZKv1_-
z7_Qk6C96e*sFcaW4Qc$v%rk58B)mCAm=|t43#F@lPrbu-sO!WmIoD8
zH>LRXqK$eaYGy8{hwl5Znl@0@@PZ%`@)`~r+bb)TL;-WSDzhlxVX>sC4~D?m2>hb(
z>r%N+621t@OB0&}&!-yUirbrj*rJa+0Hod7$3rg7Bv{lh4`4
zsB4T&cgSY82GU`gQSC}HmfeJ!VCB@FCY;ozs9$Ev^1;8kFfFh-ft%Gtw`f13@N7YE
z&<*7~-AIZ0Pg$As&1>P%ZAC*8|91CsGu7ffiueaqfpk87^fGgN@$)3j`So=fHBZu2
z`-p*13MWk)zuld#d|GGm{;Qr$0Sm4)f({b8%Ly^NwDX@Ej*^(AU>A3!vhz@c(Z)C;
zGsE4G=*;xWnCvpVC~2t5e}R)sZa*4rxcf;cLBEx%%TGU@m>go+0M1FZPLY{_c3l&0lektc*R6Jm_gyVV^;KQ8&KLk!D*F^elp+*O|HkOtzu>L<%KV6@u@RKgC=zSp;_N<%1S^Q)RN${mM|+%HgZhVgsox=TpoJ!t
zpj1Sq>?sV;1QJ+7N|E?`6_a*kpd46QWOlgKUh|NMS^c&)k~q7S0#SE2cY7?ov1;Yr
z|N6Sb5Cy&+4AmoTgey%no!MO4l9wgJCCmqHhY+$DestD;P{J4`_y$&_r+6bZZ;jt483#5!Goj2F
zgKeN*E
z)I*Rdq-?(r-OGlUBh(=o(`rP0Fl{xGkR`T}%fb{oVWv$qi;xi*BhA|Xl>Tfm@w_;ZrQ{W#+H61>Wzx)@V0^47v^PQlaFR_67A2H5teB^A#0b_f{<7`2!9Q=_gw`LV
z+`uOW+4BQ@iDh)>^p2f2Yc0rh?1mTW9^eEX>wf4mv-{Efy6=$v+($W;DYAAi+6=tC
z9auVkOb2(xTUq)G;&|D5P}FhQR{TZfSuDF-V$b1hAMv|EdeO)3?}gyT?gx5mM^}8Q
z*=*;CN82n~&PhuDoG>2Ru?5A_UpVC|u8g1)6D~ix^}3DwVq&_Y$_{RLsol|A%eOw8
zaOmxVe22GC>AL$Exh+>4dEM4t_;O5vE#|+YX1nMtcB}QZ#1Ml~TFD?oOBTluKkS~5
zMDB{Au;z@t7H%IW>=JUVMBkZzDmwi3+6oI~WqioHRN=JKj7`FU#WB0Mh~-X-^agX
z3UuG>P+Zs=-`ITEK;1yNN&Gfr
z<;!;dZ0oPMH%vw(e3iFrv#wAd&m8LxiYpG9s(K=g*0!(=u`3`8e|RmZ?~+G#J>HBC
znF)TGaww=7UtTF&PT-?8grwDiu51V{qEqMaWqiKu?-hz>d??iy5qYHuk`#?BC&5t3>IrzV
zTjMhZ7Q3LE@J%isC5YaU{cN*NZFUE3xo-pp^UaWydA<^SP}%zZvPy}dnZ{D%LnFB?&P|vFh@#_M5KU+;fThaYODszI`
zp&3Hd;rAHz<)b_iaZdYKu^{i5S^GuZ8v%HE#){dM8PD(XB|Cp9TQ+v#BW~?0c;u*w
z@t`(t?*I}9TOkXKE6_ckuv~n&idUu?FW2)5ON75G{DmECb}!|a+BTlcNA2hQiVW25
zyJw{1o;g)sQZD{87WSi%Z^vn!(9w05&M`#+!y#ZV&ui6=CTkd5t(*AeX;f~*(p!mt
z)cBbwR@eO<{Ud-A?e_&uujsVXj0#pKyTs1O9la)Owv)}~s`V`?uOn2=HI_|4mhNsb
z5&cGI$`QdM-&)8&&h?z?Kf
zCR(+M-J&qsu{#SK{wI>mz`Jup{{$+
zF}e9%ubm6HN#k-%%pdE00-B*qUrdFP`^2ws_GvE2p07tz+Ej<%aAhsR**#f_~}cj9eiyB#=oL
z@-m)vv0;;q1F>CRq35vl;XA|hw^f!Emrv`XDPC+gS$hdpMm>e8vY$1ZilbKGB4Kzd
z@u8{7Z+YI0RwYuVa`m=1HiFfNuvtFgh1CSTcgS?CZYk`l_*nGUOo8QQ4?C5aVwcG&
zO_z^bZef1Ic5Eg6*1)W!UaS0P1KytHJo2r?nlUU&^gKVm73OFw&eS3EnnP=L|a^bY;?D&L}I
z`*l_af4JrFVR_UGW4QR2R{VKA3f!R
zy*3e*HI1;EDu)FVh2AteTl}oG*3c#LS=?`ZA*o-nTRO;hiVX4fs}?{{jV@V_z-aoi@9Xcpb%+iCm9pV&*68
zqvc+=k&=m)l0bEH1NT`F+=z{IT63TQgSxFJp8gauidD0v_T}Fk{)W{#7<=cu?%!{t
zn%;TQ9~{ERF4f{ok^AejE~*C>(#KJ(oHN#{MIaPU$ka6cm&t%a!mFtQxI*m
zam8l-T(9_oSLEL%!C9aU?Nxfs7OvSp%CB)(oHvF^a~Sk&SP*CVvISrq%Q`73`<`Vo
zsh9@YtCuFF_DrQ)`*b0${MeVeOmjT5Dns#W+1KyYB}GL8Uk8X=Q;T&;W8CQ@qgPfK
zPu{VXET@sZp%si(+*Vy_6SwDUP9LrjHTw6eq2F{wzVpfS{=GV5
zE}{FcLXfHM;y-Y0rOX;82&sS?%{1Z^NEY5r_rUCluE!gZV|8i_16i4;|Dl=g|E)V!
zmq`{@rW}IdK=PVypwa&=H8pBgf4*suDKx*NS0oKe*=Z;O*0V^jv_QSen^mKB@`s^m
zjq+X2BztgaCMJbgzjVd;n)1w#zUqpr=sLLQkG;D4o!VOfU#%JWmBgXp!b=AFdi<|_
z`&qw%dR^->tH}l1bR&RUtZ5g|V2Mb-g<*EtgKRb@cFE~5w5cA&&p%`Oc8z_&ym*oY-;y;$QCn0g$
z7t0w}p~sMIf8Ju+(F;>bw0?Zk%(1#NuM{O3E-1&bJWvdTR9M%%kK+2ggd`W>j8z+G
z%ih=Xpn?DtZur5Uud^Q?)*|T0?K1Dq6vdj#6fT7Jssd9uI+)5jUc&E0&bR$~TOjX+
zu4F97SZVwiq@{B;>*DFsFyC2_8GP#JDc1#6h*6w}goJdb;#8A1Ctj7Gq-
zfc6Il?fHw*2#ORhXx}#ooOJe8+5JaPMHw)>P->60j4R;UN5v8!O-|D0aZxSxph&YI
zyWDV`PA7PHR8cuyegN`0XnxE@ro~ap2zaN7GL##Oyrut_C$pO
zghYmaGZC|=vupEm_muBpCEwcoq}A81U%ERzd?)j4Am3UD?SVLgMbN|}`}vOa+an&bY(d(W`kLH|x@vh%bmREOk^?L3K^;BrHSLcWp`%D18gMX-F+l8NXlZGH|B)!#D3z|Xq_wQQz
zVKy8?{1(|b&lnwKE^bV96G#~20=fD1b3ppn5W~@8qjX4IfD`(XO?(Q$KiZMF7XH^o
zIDW5Lu9nt|vbh3A?0SoFVJ>-^MXa1qt*y*d0kn+%>}n^W?;kHUEH*
zIgCoq^|%R3;IOVPsqwvxcp-bv9-3+XdGE6S0DhOtU1(EsTzAsN#GggV`;JN)2v1|C
z*HyUWs;RCb>ul^ecQW={Wx5Oh1-<#!@m&}B$#>@>mhwJaL=SOW|E~pLr8%Pt7D^9K
zQ=|pwH1DVbq*(Kk<*}_onI=O5Kl;R;u-Q;`OD#ESie!ClQO?G1!`fn{#KLd0s8>|CVIp!R!|7hPqM
zX-Hi4ag^~)>Qa%6rG8F)4BxM!Vaxd&Mv3s;#s`wP@d)|zEo#pWdy-{$P$#_LY!IY}GMsVCh#IDW@DzH^JK)6;FDW5;!Us%mPuz_V3=AmbCOj!bVF
z{g~A#S4w$#^N4eowN|4POcCqGT0^d=l#3mSm_hp4ZPi}HD+U3w9arMsk&Mj8Z`?hvFqq(hKymhSEj
z>6Gr47U@pu5GetH`||zW`?>$_=iS|zd1sz^o-^m1abe@Sp&Tcwc2U8>>x2I4h-Yk5
zo5QN9w!M7OMjj
zesWBkRdf#c7Z}ap)SM4bThOq%i}`CZX^bE#l|Hr=V*{f6u>{G;epV~uF(-h=Voc@+
z;Vp|&S)=@*Zq@T<93w`SKMF?O>i?r5-_7bpvybg<8_pXc@TCk!A=T2Q#%IhSi5n~>
zQ2E`A0WZ?Ut+E$8LBWSbJ5QY{eR4o2^9{HPYx!O2l@CQ3E@u)~5>JU>yf@YesThMU
zqSG%OnN`%o7kh<7iH`Wk0)q8zX<{3JSlkYQC~W82}fj4{;BQ2>a>sw~?Whwdwo=F#X_Q
zNq@!sj~~qMdg~Rgh!J=77tn|Jl~%3Zkei|XLeQ`ZF@29-oTU9}@SD4T^s~cx`_69p
z+3{58Z6~9y#zzc@HJBR_o+j>a2nl@%vK>-ax6@*(hy9!djd$Fhb#{x`d)#)WFX;y?CJzXE-!#k^U|rsfyG=g&PK{*L
zd%3&2lVT6ZyWGOTzVorEb^iFsfD3_90Vk;U_xBK$hzxSLlnk@emKu(gX}p?E(jUvU
zo20U&6?MB%xcqfGCF}tw^nfRv7%o=R2Xx+$?>^)G{r#qdVZ7Z3gNcZ0asWYv+&W
zDxxj2_cR!o7)CnBEGcrB4g
zJdY9rPnVS!jY4ciz|0P
zeE9*hvAeu9K#f3
zQ1_UlP#MLpRA4Uk)8m(peD?%#2Y_K7XJ+8i%@08W&gYjCiVTh
z#gICdQdG9np7#&G)Mp%{DhYZNxPaPpl@bdK5{l=be0GZ~*Hs*9+N_y8*)2O^0)mT+
z=d&4o6dnz29t1_eNWa&pHo}G!fiey5Uhd|+o+2N!CSzIMWClKf69k2}C(c5P?
z`=TGP>|-6Oj}&)YGyIx)3;Ug_N|t~0L8#Cw&+S=aR93nW+TG5jaOpRNPE9Cd8ngsD
z>A1|!EvoM#7W(^l@~8}OEUf5;_2gyFithGif+u{|W3S@qB)%)4AR_g^{gz-^owHtU
zfE&<}%5aWTiL{${TR7;ragpi9ap==8y7aJp>5<&vTQYGHYGJ|zTf~e+I!lovY1Dvl
zf`~@*A~-boBtisp^ki$iEVQ>oi}UOUE$)QdxL*d&5^8YkCqp<5F+K@!0qa62B*R@B
z;!iIdGG0W!M5|b?=e*%UZ-ypYEZnkt@?I*iCn5hZ3$l!prkXMxRb1ubY_TUG3;mp*
zV=^S6e}rhp+da`e^3t4)*|=jJ%UPZ#2m2N!4XbdiN1ioQQ2iPXV*0C0e=U#vt?leP
zP~6h+Y*^j*j~(CMM?>#lhQpLETvK5B{XB&x7&63pXTb{B&WH_Xn$mBUom$;B5quiK
zUNojS5Sxr&nj;|}Yizyd@_eTCIfXCT9HDM!2!TJ_!`ToMGuD{epn#zM&w!PXQ~nH%
z9{5pcMx*G?nr#!i)&L!+J|-?$JwMrET2by*KxNW&8oOdzaW+BIFm)WI`q3!Rj{cn<
zqzM#>Jz5l9xOTj{OO5v%sPW09tB)4#Xv{?CIP#<4V$+Vw=MIIN1nT_^g@uG(??x5wBed1{WGCH=C&qTs{mbl{g%b`)1oWrhe*;xb5Qf_YF`unx-JHOEtl|6+B@
zbp8>Q^;*k4zZYmJh~D5BU5b%GaYSXee)5k-nYNL9%XizvRAh#Ha1bcV*)fw&Oce~T
zqAyFI^;Pe!zW8;Lr{bdd6GXdULTC5gnDwPT2GERt)Fa<(%+fa_CS_(LE=EM60>Yh)
zs%pdWQ37c0d;CLb^$|ttUMCh@(=aYlxYB`eAx#Sc1UM=)si*I5JS}bC&aHm~fubp*
zS)G{@3tsJ&%BYGxW8v!0Kr%r-_r`K@Hq^9gmdl~NsQMB?Ui`#HhM%ws^v@v5>5)Dd
z1SSTav}qdML)9EMM^AzvMo~rZQ6e%Fg7#$)LosTT5V1*_s+~90O}1tKH&0SkUXAd>
zHp8&}=gXTs=0lVP^f5e83slY1Yd9s9GP&_soH|Hx!*NvlK#8KH(xrnO*epTpL!dWY
zY5`1@*)gc4x8X=7ab%%4_
z5G-jB2*Kvjnu+sBpqWn!y(EOG;s!#JRKLqm%C&UX&~5&~W2vJPY^raXmb@2&J^4G*
zbN;ucg4_!k0y)IL!WgJYCVRitMa$;08??e8{#fi^VYc@7$v5+_j$hNkDIS$9M|%YN
zbN=QNtNMswjLsmB8wjdw#A~!x)To1Bb|$c#1u1-13p^#5uM_jP=Dnoje|c?k9Z+zs
z|I(`@Z1@Ut20Qjs=Ti)8`?*!bi45MGy|DjL~IE
zrYx3Fk35N!c>X>B{@U4XxqA)-*_Zu_1Rn|-7)7O<=G|Mh?to#lvvaRkjOpU2FHvA&
zztX+fms#;;ob9Xt^gD%p6npSMWO-uDLJ8
zaRxgtTL_PeRJy_Mggv<0p76VAg^~~^HD%qmBjbYhkqtuOI(>XB?N|y68xZv5!i2rzXix+FG1|71`6Fm2ak|$3Yt}Yi
z*0Ftniwcx@#`zN*^G3F4Y39F`qAV#^xHJev@qlp)NAX@%JyK-`&4&p?T(RkbFJP7e
zUTt1;`Rt0AYI0jgKs_tw{qc@x^nZ;EOWnPkz5mit&S5s5^jSh<zh!*EpTz!pG>dg&?Uh;zH$(`-4NE{2Bcv>!t+iRO
zS7DJ%I}}LQHEO7`dL!SFg#C~OfoilP8o?~0{Dst*4Shw*8#C@9X6X8b(x&s3L?Hhv
zU4tIO9AAM>_dt+oTN}ISkPE11x$zhnv=Zf93&YDrQ)Q!LG&T@uD26C#CnggOq*Z4^
z+hn_@P-hSNN%XH}V*v}3++s{RzLIk|VCJo|pT!amX25gu#6J*hw
z_V)Nudq1YXUi!st#4EKH_trV;GvfZuwE|m*(`5VrQ>ogkaE6%P-~DTwON19wHFs`@*0V4JM`l+|9?<*fqQw97Qfa*>=5u;*q3x_%d%Un
zV{{%l21?p(24pJiU!RG9`Q4}k8&IF&{IEH%(Lw%zNy1|*0eRP{065Mu;YI|v4I3^t
zVE|gbGB5A5RsNfs>b3Sd&+Fx+*?x#Lxd-ey_sr=4r{@010fwMPu#-c-st#2_GreOA
zfnm4Q4XDWtK>ZINnfy@fQMl1xiGjq33K*b$$!`5&SlN8rVg0=fgC&Ynh4qD)G)5}E
z7#}^2C{fHlNyD!bIfJbo3qC~(P8Wo6ABC^AjD)P^U6+g%HHh97QehKXG$<6
zMI
z-gopGExC$?WwFatdTmEoxDyb*A-xElU(;u?Pd#Jax(^0eFlop~)#oG8G?p9;th=ss
z5PqmK8c$bgKpaOx)Km+gQpZQkivlL04t9`p06V%0Q!+s0p9IF#X~)9W!=Nz<$j@uS5XC_8BxU;zCX{BUt5T*-VbYk%8AJqbTt{fyk0}S+#?I^^tv%QUH)=Y7fr&m
z6(e{ik>L0&vb2+|f02>Gp$V-;vv10d>iI%d$lsX)F;Sdos50*e_?L%2Lufksk1hs}
zgPv5wKpdi?(kBX5IXv!9p^>s_#iJChQ?IWwi*UK@>S=pk)Dao2RN3}$>o(mRCu(^P
zKym6t+BYX>OO9}#>r1@o3BueOq0g;f7_7k0u@xlXv0V(qAmOoS$`tncSVA_@zY|Ae
zFrzHbz=>Bw^6_we>RT{e`ny-{C{WHnFe*bXAAELXVnj$FH3S`%HV-Z+%=GGd(C8h=
z6c_M%NMdx(sf9otW8|vJW5w1Gj!dyZ@GwVznU$%EkYH3%LQ1%NPx^njk_dY4TO^t9
zd2Qy=S7vNp;?Bx&yW^H@`u+61%@2Y=m^%Q?t6u2k(Hff`3|cw!jWHD#dB46
zuaup4x;IG^AdXaa$C^^Zl;wdjg@nfWdE1_Z)6B}0tr9)(UruP?@)3ify*JOCC51uT
z#MVwMiaC^suzGdPrgBu(?r=tjU{l%=BR$wmov9%_W_Zr8Pz@m=V)YIg-Jw-uR5#8l
zr>_Xpf2{owr6BmPjFJM6C0l+-JRHbSy~R_pPFUmga(r;TEbL#ZGdG!hMOpCPFAZBJ
zzue?7{AEXI3De}eiCSVJn2%kcHBBediNp9hfWBIj2F*}HY6K7SH+Qx}WmMor!NpU1
z)BcX;_Imsc5Sct0l(+FM38A_(UfVAl74r5(Vs$pd%$X_Cn+e6JVqOv)ts%?M3P}!p
zL{}lLqmNv2sFX!^$kbmtGEb{1t@m34&@WBmtp*8yu;MFV*
zq}B*I?rZbxKaCLip1BS9BTWT>g0Sm$?fmaE5jhI-MO&5etak0FJY=uVW!i4D=2%WF&i*ZX
z0iTqiAyTp&l5E0(%q?OqG3(Kuzbpc_{qFm{;ow_La=(AFLJud_pq@bjL%veGCcBjw
zk!KG^(B{>Q(qLMhzM^5f#|K{f)>GF??FRhL&Q6ejN(#P0mOJ94z$N-hPE&WS&x6v{
z^~W2l%rD10M$;7bLqpM-Diw1-mX^YIVzMJ6S=)?MRzz+VaatZ@1{dqi-x8Yg{rMj5
zzM{JkrCKQUy2TE6u;uBVLwis>$7d8v|<1XiLV_i;Gypn1)HAN6GBx
z4DP8dl!Yg-O|CAW!8QO>{m?Ai?BF$siivT}a_kfG-ZrI>%!ka|wYxcBzQ1sLe%Ua}
z1&6)PIx!di-C|y766pJ5`ffU8l0Q(qzvMqzYT$iv@Z06kdw$4de;(Mmn5*$FJ8bpa
z$=v8Ybz9YNV`0;GW$SXDoBR8d;AtdQn?g=4$SWR8e~vg)rrB9^Cac==;e6`dlAWr0
z5H7qEHg$wGxbR1UITbnQ0=MtwO^7ohVt^D(01GIyJXU+v&=+VVssz(j*gbo
zo58+KT43>O^qXc5Lsxv(X)~)bPo|z-y^}BeW}`JSLWJn?38B(R&?T
z-8%aR9w;1ngkz_GAU18
zrLd>5wB(lRh{*s72Afi$2F`#quiKC~bI{$3axFtlM_t|;E-;4?PpzOm8u
z^^B0LWO>Z8*og~MQ|$W?&C+&|3RM^f12)x%16E4qW%N+#Dz*K<&+>EnI0*2NW<
z)}Q@izRReY6K71}D=@k5E(ZkqV|p6!u{y+5Wx_kX96QsF@w@x8Kv_IM&~;VwcaF{X
zh^;(`aF*uj^V$bp0;TkaHpy(`SBL6J<>j*_+>Z7*WJJo>rR=6Ueca?&t8-{-KV8j{
zzpCL0WT$aN%+CXErH%PoD!#R-`!WeMiUoO--Mx2|GE=>#41h0d=V-v|9->cK%SkS9
zo1K2nL@~K;m7XGrh`g({mOqB?e%1IPK*4?N0}j5|A}xQn(WaM|O(H{pM2`IVrjc!j
zEVTm<1R3V&^19|GDiil%55N?H21LB}o;t1zKZ(e?ZyjUIrxL
z5B(IMa@udCMe49OG&b5e#oIuRM~rAr>m&x4pv6{a0&>p-EI(ti@c|N>HSWD|T0>L!
z#AkssS03E
z9$q%ZQD**6pC>r~AjB;*7ws~`K+4$a*4$v9lYeitpX%7rRhg1im~kN?R64pk-+bv+
zSW`75w|=c4yegEAu5YIBKG=dY+*n!)Sjh6h*U=e$aLFoA>N_|*B>LUheLtvt(Jk_T
zwSIZ#wmd8#fQzbG(O9z5S$mD-<#m5mcyhYmY+KhHE9h!JbE+(~<^It88Nkw)hD}d@
zE*LH#6wex*+vIvp8fu|%U1UW1AJDuygBX$5+xIE*FfhrUU0ZzP`?V`{N9PnZ{gD*+WMZGfI3{#Ab`h&~f&qrtbU}5Tu4V`0a}r
zrtBz)SZ7qx)!aQbK6E_V7#1eHD`4m&i#)gfo1tspzJ?E~mO8HXJ6Y~*Kje^#RuX~b
zc>gJD>&|3|xPNw>#vWMj?0o7INDEI@$>8YPgD%#HmZWO(33n1fC%<48X<`|*qka~s
zJ)9{{(yCgx){oQ4aP%8@wh*(O$`STYN)s~Yw3x^W0Q7u$H8q&Rot>j=OM5xX5*3E)a5}A&|j76Y};)tE3@ej%8$i|96a``
zW)2P;Idm?#R|11EWbOCD!(Cl+CD0o_nP<8vdU5n>{F+h_!8MwVg=3&&
zeMqbO1HV#Ti<^U(
zgCPYzn*luN;PkkEg|!vE;nT!`AghP&hlcCi$6X!o$5DqZz|wGtrFlI-*S?eb@*iMq
zc(H}q)jjF;_a&&>_+5PflHs*;hn~!hf0`J#&tG-z8=K!IyOf$9CCUCBi%155|CiFK
z?GXX6cM^hGHy)t`zYdOA;O5bcMlD0rX5u${YhW#iNJ_TQ=FhK>cm|)XP01zjxx^WM
zo}FGXLB>zP&841Rs`^<@SQbqHYP04QV>LMvh{!ydDt*C
zI$y7hSp}A8I1VNX$abZPdWOaL$^L1JLL{_Gw|S2L7_R4G@*Be1dbRfV*OZ}N_t9#rGrL=L21M|-BNCV|
zSxa1X+lQZkuy5dQEXdluo%nYz*|0$z*RRWqsO!(1Uvu(lx6iM!G{;5v_9@B8r?7MV
zON2^;PW;r)2cMRwHbe6mz`OPF?fUiEtr$2U6aNtl@T}+sVy~%#GG<$QvnV*Ab$EOz
zQMn3~7buQlF_jaZh@TbqK;aH<)WJyYI_~8A_Zu*9v6H;L)UEZpC0CIHa1t7!+f`2o
zR=--!4!zF1JhUDq#OqtMa}s@$4EIo)kl$BVO5xd
z+3_jS(PXy4$#N74G{|U4s1mpukU{S3Us9kl(&<3|Kn_uC#XbvbMW)X;iz4oIc#Ba)
zGfsEX@53m(pRNC0U@q(go%_|0QE$|l5>(&ER@{!=;h`bv-JKf_7LfRTdTE_IMFZ(qUy0&coZ2=Z`5q+b{>}ezuS(rOhHm(jI<<3MBe=4@@vV&HZLSBt*UbrF
zh$&cof0NwwNf-?8H%&HLNb=)bTXNH_ijHir3x&U$yses?
zN>%Hg55+iq2Cc3jyn-mPtK5MysuTnn9R{yj6=K~O2(5#OVoJcG7+LO~$Fx4VjDVvWM{
za=CG8YyH=)=}Hrs40a6O+Z-w2@aVgeK}+6Y6Mzv^{3|L1yRmhmP_%DTr|$zslTjN_
z_kI^wGgF(@w0=^JI)h0gi5Dfj*?{E`{zfa!+Je*Y{OR-g^V!bdzr*h%NF4NFUyc_F
z8yaxFc34wcObY49lC@=5H8iXlmI50Zr(6KY^$qjmD^@Ble%se*d*jYwbb9fbzFZmA
zMAG&jiPBX~ZA|8CJ>@7qXxqR$RZga-$dxxYYl&)sPv2wbP|E&Hc{j>nnTHc!M!#l3
z`0Hxz{nJ2V5NCyUZt=T0~JPE!F(ANg^QQ5_^?3e#GM-PU=F@rgm
z?PhAqGJc@Sh`06%(eX*+mhogj^TVK2h^FXJxdByJSJx{~FV6-9V$W?1#0B$7?(RaY5xG@t+1~LJIdGQQHp}f&d%kg7Fg~pJ
za@u&rTu!NZsSrp_3mcI>MJBn6k56NJ`R3K8<
zj=?sL2)c?KLzH|d`>5djwk;^YrP=&0i^E}h|4#kEQ;bpUJ6J$am&0}35?7vz$5tyA
z<;+jz&>d}WXJ98*da);Q4uO!X1Pv%VUPHkt|2!DyYc~7=#7wF+t9oF=VJFQS>-tG-0N2Wq--f*G^pv)*BSeJ1HE_Hfg0)>Fz)~Dx7c`rNf
zYr}3BmJ;_eI<<66&)%7RrGEQs*@Vrujg7Ehw`;N2$Gn?|UvuHWVs37{zJCjIw^O_C
zt2%Q;o?E9jYy0W^IYP{DS0nY?T?=b!0s-Wk?{rqvJO*&wRPx@9P^OG{Bg1%csO*D{
zLszuhev;!==QFHyvfM}lKptr#&xjAJ4!)Oue@CW#UxN+~EQf)Bsl0?)T4#FU^>}J>
zvEA-?Q!!PKEaG*0v*|jb2Layp#HYo!{d
z_6)rlER)W#5;K2r5@*ubXh}RhD$|_xql&n}s6Qf{##5Jt*wo_@U9zj~5T{LJhCSKa
zK+acGh|4;<900^Op6>DPqsSvV7>j{`Fow^BG$vgboGM_)ghV7~fk{nlwmk@wRL
z9wHpn&K6fPerLGyw_9!p{C)?JQoBqpct7jBBYxH-Iu`-Gj?EQE=IrR1E3Fm2BXz}ejR;c2$2?u&FLt{da
zZaB}+&m>Ed<<|VCvE2C4dS1H;Co!MZ;One`dGwQ5X&DQ{tCwWSpM(2|^x!B95@?d|
z@6T~{bLFoZ0fiV1guRX;;{tAT@W(h_*y=?ghd0GVQx+J}>_9LA@coyX`r>LdImJay
zR<`pKfOfm@-0g3V*7zZ@uuO;yDCw|M)abZ#etdr!rB9ilc4R}NzsQ37iqChwuH|S&
z(_}JB`@wtiazEE!e*NiVseLvgtjM%!XE=87s<341r&|X`?!#BV9xQ3noFyJGyxyOi
z=FRj^AM+nP=G<0hW+KlKU)EW6C8>lt*u2@Z$>{j^v55Zo($_2U4Po#Q1
zRse9fW_dKT=lgm5Z_=^{gLII%bN;Mfd$S(R7`1uHmT9qX4)8-trGdRcPo|35gilh1
ziREQyjuK8!2h6L%*|C^^ON|679e9hWEC3OBlft4OXw&s9j@t*))O#}SI2S&@z&n3$
zG*>>S)#-_0-AF9u7Cj`3w#OSaMTFiY)QzWHr4;~x_JJHBSk%&+EvEZCw8g1`&QtB+
zUutFco5qxt+Lxp``kll+oj!!zp18npcPo)wg#a5%j^`2E3xYTlb=U`ly0e)dLHtdd
z@C~1)`T(2jEw&zUFhJ9=VeT`DAjDAf`BI_T_2-K$uPJJomq(dW9s6Va&6kkU%ShXj
zDup+n4D87Z^P=8>;b#kondTyh6D)1SRmZ3S%&J(_YBC)y+p;foSy@Ng3mt#vtFq0J
zQ*8|)uP-wIrVG;SD>6z#&K`Pt0b>}BFGsrsU&d2XQky_GYB8ry5Qqb==5F?|
zUcx)GlQ;({l=+%Q7IU4_V$ZE8PM|OE@emO6bSm=InaXO^ozVR$&EQ}V;4JU|o<}hR
zZuT+Zf>f$B;82s~&B48@6=e#|H#a=o-||sKz=Yd;Vurxdu
zE{^teZN!4?=Xe8@jS!Ss_0SSEbr#)k)#vlc1VuL^jm`X1gsCJZ_*p^psPIE7;JI3a
zRBU6&=J#-Eqo?rU!m6q{rDjGG&2()jLmx2HrSnzPt1K{NX5}dEHqt5V&iaE>NW;j9
zFAV;pRH$5p=xlH!^ZqF7pFfcrdmVl6kx8quTeuBZToYnk`e!WxQPAzI@2JtH&Z%E&
zz$pr<0*b`}!y_7lrsD>n|^K
z6HZLMAp70w9YmZHRJrI|@6QtK-;YW!amWc4*u2v!AZTZrWBOR*^V;uz=2WZMSD4To
z7^tj)upL4@hW!Qr90S13pG}NJL=u645MzQ7g$sGoYD#*hj)%UMf}dl)>`B;tLkbzT;d@6&Lx5r9xvZ(2io(}J-ENH-!{4Ed$7*${`tbiP$YLLS{Ay1E$I(!aS
zRf}0PkaCX{nDKR{51+p2^zws?fzcFnJ%i$ER^cQi^?}j8;PJzWGK!YvSRf!#(S@=+
z_T(iQO|5q>c9fB1@;Hd)@|az`&}E3XH7e)gR7fNrb`7N&kP;A+AOHgrU_TV(Kd76&Q`Po=b>GG=*ar%^F>AQVmyEZO0?
ztO$l1g;%%XW-l;{V6Dm`~xD{sI2-LhPRUXK!s^u5~z
zuqfP%LP-CtqY;tKwc3$RST_mw!kwV07FYHMRdfr7@r50i?rukbFmlhL6)xHx!-4z;(K;{)Vzg5d
zt##Xe4bnjE22hW}3N#?|n(X`7^vJwHEtK?~@ZmqIApON_{48ghENXOd;8G$=ba-H~
zGsGk-h=PICNvh&YKRegpXe7KnR?_yw`^@?>QK^#w~dICYh!ou@xsh5aQxnp*G
z>3CJ*41zRRDXI}$t0(Z=+jcQD!VZ%pFr2=gW2e`^U)NscQ*A2
z6A7c|BO1+7rMz}nBvG@bCNrkqns7uaL{uB@K^PSb93IMB)9iR5Nr`rFE*NIkdCgWC
z@74JiCmKN6YSZnQ@RIj*SX1E`r&ktG@N3(YkPp=}N^(7u4>l4MHu(YQ8er=)~WCQ_V_z@QEK~W*UaC&{f}Zuy{>`~TR
zT9*{ZjEc~@+LYuy@x2zNZo(F?%}G;&O&3JW!t>hNiZkTQ;zvC^Tpe2IDDxW53%iaT
zr^a?xF61OI1Q0%=x~CQ+~R$&4}{nSjwP8_;;Fyag?-m_
z6WF7LUK4KHNhnFZ2Z3@nq-@%x4A_f~KX!d7vR_yyPUnxaIR1>Gl%+M962~(s+`zja
zy4L;t^1c;2*ev2GMGPv-<>IFU`YCHQK6ek-&Q-093CgU%(uyj6c+bV7};qjRHv^G+|7
z#?LUz4}EhiXfZ;83WIO2wd(FL)%P1crh#ELWeDe0E`LzFdrhMZCVO0OaAPZAfG2pP
zNaxz5p;0p)Z?)6ThMXS!Zf0(CWFB~)@9lb93j5ltlqu;k99AdYp$z}yv|E@nNz_tl
z#60GGiVhHU#dF084nboxHGBxno<4%9FJ^xl)`2T+aYLs8E22}V#Vb_
z5RSv4g(IgAluzx!SCg+c?&X(Ks_UtdPb8j_z~Uk
z6bM5dYGDhO-_+Q=Pvz$X7rP9piaAB5u$uUDHdnRvURDU-Y`A8aLQ}?^$Kj?B`u$A6
z#N`=oCU@mD@-fqtBD5IXd6mFB16ax?Or_
z=`ajb5`l-uwm`+QxVl#LUX)Q1@UHq+_F;OCd$gO8JQSChm{_Ht%eP$wg9ZQA6qArj
zN3*tbfDwg++U1wF(g~*3??hMSqB*u=#*0yjH!&tz?tM<~{Qyf<_Hy5Jd~y0o?gv0g
zK(O!j0ZyGr!|%}cOvlqWw7iG2wYq(&L4ewE-|^uzlEZVBfmFnSd?<=2$b9T<5V*Gl
z1Y+x`#Q+i=`5Az=4JvEVT!ly
z&0h&t3>HHGmPgO~c>rOK4W>Hl@?xCyc(j27Ws{M;;P#*%SpQI=PMOifa%0*%s{%h~
zq1UGo3$*J5$1}gT%MFSmJsx`6?wpg=mV?`++OgCE)j~|B<;BAKswI&#gu1$NV+a5+K6q
zrRghOr39LniW1P=to**Ko-VBOnAt1kdBoLd$Fyo=N
z1%aWTR7wImB@(%;plyfmi+%O)O~c~Md^302PpvIB`x2adsj9+ppGrJS(&6>UDD`n7SH08Bbk#D@9G}v5N)r2No6c
z<==ixk-)-O`$`NpJ$FuWpDT{%5_eKhyqdT}O>dJKA4S)6m(nD@Y-Fo_IGWEzr%&_p
zx<&EKab5E_C*^G4tlx&(W{#lurMD#hpxXy7#CZ*cS3I!Nc$;TSAB_8cw;mO6y2oV(
zm@oD%##n@=n^~qOiyT@lziB`{zy&}d?WyZQB=%ZB{RtdE0iJx}TuLHyXN5J*n7nH)
z4dQJ$PODDNPU{}~oAbKoJ&L?*=uj}+f6QZYy3qF@H
zO$#$5#bgPcKAI3AV{&=FioO)kw>n!8MCCG#?%MO&AoNGLZQAFpr^zBMO8w0bs%O@6
zEHTt7I`y*nQN^cbFl-tQl>HH3LsB7i$K|pb;<&6#|B5KNih$)oGhCi87uewvvS45i=Y>ulh$(s*&qKb`S
z>Xjy$0^*jxZtE`_S-2(^{TKX7_2M?at`J=!afT1Xduh2Jpez?dLII1)BO*zv?4wsE
zm~~{YL;R!hPgG-H4%8STYR!-5Q?L1UhGGCmv4Ok&+?6Zt?#I(F?#3%ksrr$rY9;yuuz;F4W|(5UBzwf9&){
z_%jw#Ci!zZXWqMY!yUT1xEkG5ri*{>`1({2&%5D`HYs?X)wb_@nfcs5<#$H{Oogeq
ztg-a3Z&{WSYlc<)d2Gh8mEL}A$h9TWF%4|2GV}}>JK>GN0oX+hF)9_3acU>2qf+4b
zhiO(DHF-u{FnoEmoA=!Dn}`A`YJE@|mluBdoOS0}L$wN)Dll)+SpU6e$1KMG@Fn0i8{A{Y2ufDAR!vwez2?
z^l{5-*H?;fl-@WR!?Qiqxc=$vyjwY~VzIQd5$B+^WW>Y5hr)s(aOQ_1qnhe3nVMur
z01xYyfUCX?EfPCf_NAK9_pDv)H%XOLSrOV@G^`4!dhvJbIR-NEd7X`6DJc-(>{Ac7
z2Ob%me7fh#@S;aVXT114$%RLQ6r5L|ub`sr{<){TC0;6Pt>$nedD4c2tM0o3u#X(
zl|GCt&G7eXnKx;y(Js&0&xYK+bi$HA_s|J0(w%s(d%c);(Ee96ebL@
z$#^;CTk!@v!m}z81Yc-FbjDRy)FAmcJq(Hq7vK;0@liVPB~b#iXD>>Ufq^lGAZ<0A
zzQ_Cbad2%^8u{5>#MBgXi8U}(sxpjrCv<1JWg3p;>d*LvFv=0abR5W9v{(^wTJBJjj*&h%Is&DIhi!Ec=qf{Z#ecJ78~Gw<+vLf
zylKX3q=35tlGK3}EqhCga#mZHA3a?VbuVNzw{GYgM;5wbdJ|x}YXVBGPi9(I(iI3%
zxb6DjBy3B#magsVj)wvc-_;g`y|jKTsUrjx;gDBs4?nxg)QF02njTE8zQo;EI*|sI
zImREgN5F(HyR-m|N9Z~gPu%stkTPgex8)2-E^I-+R5mNQl!t-r#ShD!lo-#!55`ms
zXgo@oc;;%b2!2{?@rr;{{=loAqAT9!x(c*>X_WTkd;aHq5en!U5@_8_0f9zGto=ty
z&-CV7g;?p}w~#};@4_K)uDuGq7vV&bhB^e!PD@bP;u+j;5g@NFh
zcx%%)bs7~PO`YAE?|+owp4!=^@t!ZjHFIhCZXhhSyRikb56q4va#;P80QCTjs$Tx#
zzZW}>&j^_FcG8T4tF6OE*GJrZ7ch_X{gkx^(yux7Kf24vQE(X=by(^&iYdPO{4!Z<
z!)STD86@QXOtZ(97RzBeWb~4#19Z_FZYbDxu@-Bp(vzp*^#7L&KrNB4R<>D^X;1Db
zILZH#hk-W#dJG#M?T)x_htt>n>p}s6)}};aqceH(^;nIUlNi%@%wKul+yE!4Rv$_>
zOUpiR6f_{LWwzJ3o(i;Ypip=s&RNgBw9Q~pp0rP6?koL<^x*cmfLEu@CKX7(ovKxkV^Bx4;Gmh4Dm2
z(pX1vet4rNt-74smV`V`1N?i
zLg!A&&3(jea;RLfz$VH$Ao)^37iS-0xBsUFP{@Hwb$%Wn)Z;u=)ekV_Z85J^r4>mW
z1*s5U1^4;h@iGf}{8!LL6u&7^%078%t)?{udO!m$AvJF*mbn`R`T5_#gAo7Ge>-R|)yMN)~=88nxI3O9;VWwgg~dFJ?pGP}uiT=PcJ
z@!smI(FFuo=glH
zEQ}cf4qS}$R6JT3R9P647dSSo2+Q`^v2K~pk`o?sy;^afqrM*($OjG>Z{ExMHWxHe
znvt)$Xz|vL!pH89R%8krW`$VG?Rg(p^V~WdxR+8^{^x<;g*SKK%iQV-o<=zIpFQw!
VtY`K*X9Wfz@O1TaS?83{1ON`x53&FN

literal 0
HcmV?d00001

diff --git a/src/main/resources/lessons/jwt/images/challenge3-small.png b/src/main/resources/lessons/jwt/images/challenge3-small.png
new file mode 100644
index 0000000000000000000000000000000000000000..daf7f7ebbe5d593b79ae99a194a3a4ae53a6495c
GIT binary patch
literal 59108
zcmcF~V{j!=)NN)m6Wg{mnb@{%I}_WsZF^$dwrx#p-Z<~(!$Z~k@&3H7>YH1Av%3%W
zS!eIHSBJ^Th{8f)L4kmPz>13rDS&`{(*b^efdB)3p3MGI0seus6;pQr0f9#TI=_LW
zXJP;^f;);!3xn_ez=oq|gw(QT0RbTZ5f|cDa$P&ma`D6+Z2jnFZ1+faB#~?~TD1q=
z7l7;x)DaYiC``aZnzMGlipuDjBqa>wTa*3;NRfns%nRBw;3&p0#NO92MlH{&YiI1{
zZOY`HizCI(NTr9zCpMpE_b_oW&2~F-8xOV5Q#I5B9@qZ->6%|(^g@?=dU|%Yv7GNC
zoVk~H?&-C$S>&*=iaqYo99&?4$K#Ki$4c#CL)MJ}zG-I%)~{Jw3gvzJ5N|
z*Ii(4urPqf9y9PFJ^g^i|7=cA4?;EYHhzRUpkIez$CrJuEA0QW`7fjYwE53I{Flvt
z8T}tN|Bny)Pn-YSgI31%Gc-ZURjZBHo2*bINwdA2Nd*N3VPIkF-6yd?9@7{@JiD@k
zgTW3b*WuUe%&e@8FE_jcs=~!xFa{ixDorQZWF*+La>Sa`1p3&{mGBU
zd-Ee`_q&&u*S|Zrh9yTQm-&?$KC*<>QU~|!;p=O9kX6g%rlwLFts39`Xb*N+Shx9h
z;OOb353H}R59fS%(oS>L!+=ndM(@kfpp72gIRfrutE-3YGFQenG0iGxH56&kzKtB%
zgV3na=iKSMQwjEb%^~gH`}U^`Yz)tf8V!0&cF2+2?{6hI;J(4Z!Bj*KUOD!yIQR()
z2J0-z#uu@f+|z;yp}ZqCEI&MO|0(tBb;|T0>1%g^4$&T+@OQ;)a5tPEJmSNVY<^#Jap6Er#r`=c=iA
zra(`=67G0^2i1Bn$dSXKlTss-lOQZIa&=Ap@cU-JN^|0fMfgJiqGLvauAQ#xOo0L=
zR$*>thEI@(w+b~=h$ZEK82=?V4*$y=KRghwP8Thn7pr~RC3Bp#Q+9XtZ=XGtnfiBj
z2)y3k3l%6C2r(@xZ#?mrohVbrrP8?4ELqwWU#^3$+(RIRfqffz-5YXR-s~xep{=5%
z6bcpS_1qS<5FTnu<0U?yN{gnX8X9V{4TVx6T_0Yc
zCpNGw#7!2OPnfP&cLupJmdwVE&#W;(s^?@~1I%>uf+cCx>%%zly^<@r-&dM|bJ9{J
zX{w4ozqUq(6MyK27c!O8_Y>WF;$Glux&6Ys|J4=#>up*gU9w1ClE`;jE`u|k?(7k`tpRf&gQXmmC|i{pKb{XPrBDh@0x?7l{qhQ-UP`*UB0
z3FCX9Y-+Zd-ZfHR1k2(d+ttMi&3dS`vBARfMzSo4pYqTL45s+42qkpTl%}jQ$^;CQ
zSPYX)QdU*&r5#?r*jGOBgVR=|S+Hx&Xy2d-|CUeR?I2IvncOWd;9n!oW5dGe5V^{u
zjZ#{FaO!-5aWuXDtMk)}oir)`7woP{?_&bp=Zvry)H0!0vaL!&l&GAq@iM%GKf0i>R5xlMy6-Da;=V8oz~abwJ@9L<
z+a1hFs;%pak&Q_xPmSbEE%T|)3o-d;9_pI_@#exv$(ARXDSp?lN_KImnBLxRP(j}%
zO2d;Zl}R3V*4lKHWdC(6cZ4C!djE9UcF4h$M((j{-X0C%x$QH1>3+WWyj`q*Kf2?Y
zR_%Vwc{^wT)IRqTO#KA2%`UI*y>1r6tMN8xG~Vu~+U-
zaiVT}qomWXT(VrPfg$*A_dmN;;dyT7e@8Tf2vUEZ9h1=G<3`?u>d>X!TU?cF8KD}tQqyZ-Vjy`>7w{icULm(Hxu
zHYPO|kL>BulI+o2)alz{UhQ#golgxJ-iyRQCl>s-9uLv1
zyYMUB!A=03fu3z_3cdr%_RHb&@Y{!Ul26gdxPR0
z!1J;`XK&5obLbtOON=UM57)+r8XVtqCiO_C%@OnS3Vyk!vpHpSaXXf_tUMnXb24|vOy3?!?IxLhhU{=;c%Fr-o<5WxCUbQrzT&&a636g#N!(?}HtK28v|Yh5oanV)KiGIudtcP&ydsrk+rfRd95`p|
zyuiS7Jt63RoDR}(UDuR3Ol*H5bUB?E)3kklOQvy4$N#)Pn#kg1VW-pW^7pvX9JoE8
zE{ooNi&<~E8QS4kuHNney5=7D)jP=Y$Hf(JOUu@74WIVBl;pY{F=U>8E!X{wmi2zQ
zvs`J3YbsS#uXm=!|2QUpp3kYOOeg4ijIxONZXNm07A>N9aD1)cxS-
zetpOHALUBgbI^T)(rk8C@>)LP`84kGcuxA=yX^$<>bTulmZwSH19a?4+w4DbUYaNv
z62HH{Yh5S1457Xc^$D%9A}w#bB7fb<6(Ednq^Ac`g!0w%t;c8=)eJ2ShhEJsaZ^+B
zCS$uRuZXg(de7(jj*lptgIQ7FZZ;=StF-5#sx?@`d-oHht*y;g8+{vaa(tXC2XWex
z2}ozXS?<=B_449=czDpd8}7btTkal2u=%-}*hGitv`|Y*qTuhfT_Q)LkRrYtcz}m!
zP~GyKkmO-CcPYSF9XMJv<3Kc8!VGX_rQ6dzG4mKyKVs0L0Agva^CClAv(?UVL3AYe
zvl!Roih=jXJih%aEvsG#+@xgpJ1)rS=_!)?t|FJ?C-)n`$BWU`TH+?DTBk$OitD^a
z@S9q@v$iGs$L(@A=nm+W2mIzbi|uq)GeKZ(eSHMLhdwmPdmEfb3K%^)wc@NdRTUVH
zYnV)!l{7d1!mF7E@49lB#P=R|p=(b(`*4R%Hoob{|7>VF01S86Ycft9Zs`3oSiQ){&`go##;luMC{wF%&57p1>;iT8@C&*~FH#u*|2f*{8
zk9U;C=NmW}ct{zSVJWoi!rQtiye8X`Y*u7!E{$4`VQ=!h-dUomYb+VHrez)$vyFB7G
z&$4r0+^#p7%q=LWKfKkln0!9U(sX)DOppcU2SczKAWt{&)sfXDhG#6mMaV~$lwV&C
z?dx&*P7Y$4<7Ki~M$pC!;?w$Q15%JY&uH3I|K~vi1kd%FuwhC0Kr#VoN)4mh%dpoD
z2afYR_UTFtul3@QbICIU#z>2R
zW?_`_{oWYJpNusuv)apJ($kZY9IQ_rU0qq(X=jO|Te?Pv{h>(^JFiGH^K~`>%?;C>
zRj%7(Lzo~my?ck%ThuSGDR;NIdfYnl`UI|*>K6|n>{z@x6>K%@_Ye7|nyQ?g0V84m
zv-O5BOvd%rgQfN7*%%*@Jh`4a8k+Gwr%hL)?IlDhTSZOH@~MRBqmwgi2oVJrRso19
zj-$8qCGwufi**YVjbepTT%9Y|3vB2#MDw>evW?Bn1hrL_m>3Fisx?QDzeI8bbnR=a
z>KRYaK|~2;%#j?~G9_gykiXRTXstCG`j?Lyp|UkugtWDBvyXP$=vo`NUv$msqV?yDHZ;cf&-y}GqG(ynuGw7yTZyPj!oF`Y7x*O_H&i3e?Mt#e8^Ky$eC
zL!6izXq$JOZDMjg|5MCsWatj}C5C1b@bU36`?;3Xd)9{IKGN%XFrHKGZsR3@mIm>M
zw%@Co!*JGVGd&Qkk#&uwOaR6YE^Yh(=mq;Vo#%bj{pcU)WU%>at3+K&oO5^N@6NFkl2CbV-
z06wd`p7;AXhwUjo_`V)jx!rO0_zpMBg_y+s}6kNu^4~m99>khB!r59@;zq@
zxL~pj^9Ry5+h-moriNu5X)l(5tQz-*B{qeq_CvWKIz89sMnm^kCJl{ZkZavfFLv;b
za|j(ka8E|YxQU_k)%%r)Y(+@djeql<-{%trdgm3dL6((K%Y63GFP{fZldJkz%=*LM
zRzqEuYbYZySMA3Fa8S%$U)zUWVgJT6_|3_*r=MXAZ&FoN52nLnQVQsGRJ9i-L_Wfl
z$7IISt!h`VxoKwqFwYI9_ivGoqmNhcfrnwIaz8LtyKVloQyR(Gx&{u7=i{AjI4|Hv
z*4rc`>5*)%3s=2E_ib)@ue%%Yj!zJ{(^#GL1a);Vj59bCm0|d_9Hw&}=X_S~8-0$C#Tr|`#P=yB
z+?@z;czX^*5{uBH8`i7E5#oeE6y-K6lIs^VTNZrPdE$T==VybPYwEQ_m=kC>ZqO82
zT2ysGDv}cvRD1CAF63tA$#LG?>F}+wMEFjfAy`O_r7~7qL;Clxw1#5NH~k36%?PD4
z%=U||EuZbIOxH2$mA1x!XgPdKE34h)463P)ukBfD`QWJgiP>e#Nj53Tc^-DTYv;We
zTCuO7Xz%{<l}+yk
zr+w1LyBvN-T>AI|*&AO3f7Z?$C#~B`o5}tIY41Mat5<@nmg~;nz0x^bL(|?b{c<8{!~Ecv)4bNLS(?_J
zpoBlJTwgUYaB%+pTGkmZpY|bM)&-DvT|dh@0K@sg^oK;sNgUT60buY-^-(q6^-kOM
z@?c}XWwC|fv+V!;YInohg{0QOxbAkqZfZY2*=&EfdPEqw^EJDCpF62_JwofM&_D=g
zpl2IVKgx_*!lESAed{xIF4O%2#G{0q7aU-EBJmZxnpKvLAMA;
zaiezyK-0N`R{Lx|zdhJ24=+;|{R_D2{`uH>JR3{>$s8KGSm!((>%MFt1iW5!syP%%(qB
znp28wb!k@oY$4fheQ9B%q5ld8k8Wmhv9te5quYBw5J}Uy$qRAorYeF0P4ev|eH*mK
zPH;!elSi%Fo4B%)mbseyx;#;|bE(z|yUCEz&HfI0jTN8}p(-2d2pT6!U%qO1p_dD|
zhee&u77!D6n&2I6QUi^D
z?}rkvcDVjFlP;^uZWEUl)(%=Tc}MN@;dZ4md|loSz-tB
zK`Tv@iKWQYJIEW*li4Finl*Y`Emy0n-&&dp;=!E(jf+H^8mSbJ{5up_)wIa$+d^x}
z0aI#{3y{~+BiG%fjvZ*NeCE&r0HuTlinaF}t7D2joX*VUco
z>lQ858nPRQadwW);z0Z>l}g7Y)v@N5*6G=^XyNS
zF{wb6WHvDt&S;Axv-m+4_^?O92Mo>8zulDWRzYg`^JrWAd{{yea>LeGCZq}R+a;n^
zB%5V3rQ>ZmRGH#BVUuCY3)5l=c=Y0GMgmo%OR?j|H`h$$7M|WgSl;-cH^p}#psn{$
z|AC#eJ_0(vWWVF@Hlb+?lC08Fgw%wh{5v|CG_GmVHg6!g3h%@93c2I8u|z=ZaWxUy
zr&ljXU`|3C`qggRioW0@l{H+F=K3
zy-J!;XP(X#G^)66b{lMt9^a1sYoBrZnHJx3vJ@EF!`!YqN_9L?j#3_FiVyFtk5a(v
zLo#CN{tLyC1l!+VF^q8&*ZtJNlu^0V;Q2kS#;Nx3khoNBh`&Ba1xpxMXsQ=_0V>GV
z>`g6--$8$^QG8Z|yf_0^7Z{YW47Vqb
z4fmN^qN>O-#{<{xKLwuGs=Kr{S%N407Fo{e
z3Z3D%0Dveo^@D?(QqC1<^nwRHwNin6`mU&S)MG6(Lx2e5bCPicR_fy;)&47IM5g
zUmrT{-nd~rKi(F^z^GWtXwFO5hBJSZm1hyTelukeR4~lTsFaca@<%rV3bnQU_Ru?j~UvuOe{>vuRI55^~4*F>Wf?u#^W<>
zXK;#{kpkPF1qm`Yon?Vdi(IIYOf{oOnHbj8f|EnDag{!WqzweQfNy@r+b4!xy
zLiTUNKw$qFuvIWOm*Q#yo1!^;jX=ExY0a$1p2SgAWzKTWrqhlc$c7IY>mUSu0RPiWZ{|3ek=
z()Ng#);sfTErY2-riWFD+l?kK8^@Q7PmM6zXn?sX@
zavcEX62iGs`2p&{L+KKn-d{E?2|gQMy!GoP^Gh70G>RpdSada&^%=05oFfuXJ>{~w
z=1WXUsfVZ3QA;yh8=;Chg0FbqdEnGJ>9Io=N2cjpf4&I)X?`~34NrN#O~;VzM(n>i
z-3ZjW)91xF33sjG!c?Rej2h1?8Pk2#Nfe1(!4aeqItYSh>;6ID6C@rhJS(d(D%zW7
zMEA^Q(q4kvw%G<@dGX^rw%>HYDf{Qs6>zw`@ase;`=<(P`d~?%`o@}OXfosZ)zE?_
zGt8_JAwqwP*Wlp2bt^V6C}ga~NGi2ajyQ>D2J2|gnPjrw
zKguBk5g^w2*-EhrP5ol|nF7FuYt1W`nPjYS?6AHG5M-ecWr=tsx&KX0oS1rQkev!h
zyti2&DRlPeQ}3Dks+$sSaj*RyQcoNz9n9E~Vo=9#E{|APC~c6n8gik={H;MLR#Y>G
z*`T8Q+Mt{zs!@x|-Nr9dquc>j&V!$6I`ODv1MohB(hNv
zFz{6=2E7&b`T0FFv5<=kLSYXz0>;rr1w!Slr<9COEDQpAE%Gg;VmwzAMJZ-PDJ4LP
zh43Kt69Mv8B`M*rJ^SC`a?cqoN))k#N|Ucau`yS&9-HdiMnee+xp8khSzY39Rf5}d
zBzFA>oZ5$n4J
zx`i3~r#xn^spp1U>cN6W6EhEZMR;ES(YvDpDB-{&mp>M4`i)mjuj`A8lbwK%grQ(C
zIBt@a-Us~8mc~O58({NZUSCeG&R7cud-PcKf58%=BKOU}^8dFM0FDwgRy|^m?-xUs
zNa4JZhQ`YE)BZ&I5}r}In+^dYgnEMId%R?xTA>=v{tFt%^1uvVTr#a@Tyk!;+|V==
zz0#7JriXaR`Hn72fEcH;g7Bc{BlUnT&0ewue_=pU$?K|VsYU8jCA`3>a}G_d`vX>S
zgVgQ_ae&oy36Pkz@oCRSrB+c{Jo0+GA+N>tSU8MptT7r@7&~A9$C2~MDF^;Kx4bM$
zmlDx@N|~a)RH4pUMs_`xRG!N1fmWI*sH(~eOzrqACMPf%oz?CdyM25Y%a?avc^KE$
zMHe-+yWZ4+72~geRxFkR5>?E~oN$g#PWAfzB7q3NAeD3LVX0?_RG=d^z0P)TAOlg#
znzsJr!vnajBtmOLO!xmn@dp;Ur=jg5ng8Z}4*=~)k@%J;CTSok&XGlwA#FISrzlav
z1DZUT7|fv48hJ&XI7d-Q(aIAL#FJPZ*CedHMz)?Py2Af2Ai9ZVIeoV><0e9L<)tT!
z0B0i)4hv0&E1!_rc-OkKSrp&PXma1FRpOset(w963v8y(N9)^#&GOZ?=d!j7=&DvS
zkS1?E%6`4(ih1$$T0Bd$3~*|qD&c+
z%HfF;#n;BMQNl#L%74W#1nzR`^(G2*DXp)U9_lrEAA#Ye*cflG2sUSSFx9PA`CtrA
z4hlw4pgkZA#5e7v2N#=0f_sZqA+`!;%Z3i3@Cp#X8Za?~%nr)>?8zBJ;VDDo0pzq{
zZhOpS7h&-lT4^y@g9-)fhM62Cn0wP)n-A8pXcCHjbf=;*fnw$G#jMBsv@pEhy7M9(
zNb|NgIXJH4PD_s0%ZVun+Z}2NXzx^uc)p6n?;>NUVSKnG{*SVFdos0CIFh
z<+&17P+~l-W)p+ylqDSdKVuLa_hUj!Xh0}7sjNC$2)?&k2Q)ufg8suP^9_jt2Ho|T
zYPK{L>cU{lZg569&vt8N0^<~0)XPg->WFHE>k>kBuVjQPVMtBASv9@>ZKFNv_eLxd
z?deKjWQ?o7URxlUw4qlp+6Kdb&OVKDxdfNFl-y$w<+=z62!+^&FTnNhe$UfK@LyP9
z2{csPmJ{99^XuJ3noRJuH#Wb7hl!npAynWW2uNyjKBXI(Fw&bIyxsy#zn*MvjhE}b
zk3Fpr$8d>oBvfex#{^|xtdB;o%+sir@5gwsQ>#=M+1k=?eIr@>c=ZK+Jh~aC
zUeB}H>LA@}b$+=wuTZZ~?#&}SoXnCuTR;OA4$D`ggP@P*=j*ddvfa~x75~p3zK&I+
z24Xv*HU!I?F1I^0kflm!6&1vj?_Xk#BIYf0Ol)2wq2cRdrbC_W>SVyb#P*z_a
zZL_)NXSEKjc=szWH`^aL+&?_nP5c&(BC7HG@GCPsP+;FeI+-0tOOPpH|Ei=er_h$u
zIc_hpBps<#=GWIJ6dx9sEf-7MM6lX={)-!S1tRMoBpV-H-jYmvg>wYWIwMN$tX?#Q
z*{UgVV97Je$0nW0eBtbUml<=8c?Ef89GQY_pXsV?$mD?J;XyF5-9HdYnQpKV*;99!
z#6o{P)Nw~CLS2QP>;#Nl@i+fT9X7euy|tG3K8;06^8;j+*R6GTxnwfUAmCjsMcM!;
zPhtbsW6M6i;dm{?6^NnhEls2)N))BGxVty)lakR<8k1JQ83@RB9sMnc)^jyWt<>aX
z+q(|mKM%&XE;h6fo}WCrE1;Q=3&fxB3U@lA;&h%!X9f~CKnI7R-9X~r89IT6Yd?!Gu
z08`52)87XxG*0+qHJH7?bm)8eimvnA%p#7
zAgjK{bTYlSY_a_Lb=zj3j>dAGY&$k)^l>Exzdwp~YvN&fJ5V7U2$u{FhcGObD`Fg3
zhq(c8d=kJ-V+in0mF4vLj{XI@;O)*3eoN_wx;h@!RX`cl#%E7}T5=GA|GW%m(3dx3
zTeqY+Oml|>L8I4rK0_t{(&gvKGFhrft9^vF-3uG8H=6~m(Cz+Kgc7~~g;&NHeR?r`
ziO`+yHa1537oXBC&i!V%ARAV6{etspo;$sXA(D=8KQ*tVayT%{c{DY7afmAPsc
zd6hj>5JOiCtQtB@vCr4|`o&@W(WrEwbH!7HUZI7fED6|4o)m-hZjA(MYX+z$Syk-K
z3#3h1c{y618RwSUO!Tp}DHY4nELVy!v;=;23aM<|iaF~RuCDmex0=C@roXTgr^Ox_KJi_cvs*2N9k;he|x-7OeZ
zcvP(>|6rVNOg(<&hPKkuu9-9qWM~c9+<7+HT_
zUF*DT!?wi<0Rnv`)rN)37plBoY6_Jq_0`d=0bwf5<4bJgl8brI?R+z^?=I@SHgD-_
z6gyF<4#W0fl#y;%r>+n!Eos5XkWf}8x71z~vRh*tiQwNV9_xP>t70fQe
zm}|MH!I-wrhtVOrblo_Ne?=WD=82=7QFsL?!4rdRufSx&yP4JgXh^ckb-V19%3_6A
zr=qW^1XZTV^~$-dx=8eRl@}Cttc}E?*?Zw>GS=5bOHRB8z~+NN|J_CM{-h6BZ<=SN
zk5t0yW)r$9eqdsiCQ@GZd)}
zbxKF?C=?j}%EzyX60qViJP%L*+%D#Fhv=}559QHV1fQz&a)mj_a7PgzE^IC4H<(je
zPop`Oj_{eHgLZaORK__|t(d~jNECR%7kSc{&oUJSZ6uNz(aE-X;i+sMV}Zrk;OrHz
z+Zf1Lb2`|APE_INPf-%mRF9=L-7%K(?hqG~1Es5bUWjp5bLE)lrv}14pzuzOH61=k
z+C@y+$rQBm8jP(xlQul=-%Ec_?ZP|Bt=-dD$r4RG_uFb4mqGe5T9VTgXcx{T8rP){+YJ-rKWh3`Oa0CG|&-Z;h2W>|vY
z^T7(R`>cZ%JNcnGq{)&jMMxVK`yEot_FRgNYt`&O=1h0M)pnC!_w7OZY4BSERwtn`
z-Np6UbXT_dGw%3WSxc1tQCoWTs?+4kq=U=TGcRvTIQ8dC4~B~-Q5Msu*KAscr_9zp
z&wuC$y(`vr4g*v_l6nO$xceS+7W-s*J(mLWjox=@UDunz0y)j8R5qE0BC0z*R#iUk
zTwL~E8s{U<>fv~wpDfZg6B)Rtfx6eLZg{R8@MYS=Y5=d|-25_QW<@9Li$x5lZ%mfYQv_oqFkuB+3qd|{SSwD0y8vbhl*y+1?5c=X-xl&-2D%O!Z!1MqMP@A^!biyi@jWCLGrC5^txk
zK6)pA{xL?k`(Jv<)9_xBat`}VkGkXi{mprD*HfyYIL~dmq1)zcuSo3n$6f!%(?~st
zR8Hnm>Q6?ucX4pczAr`fK!%X4yxqGXHT%U(YXi%g=L>oB-M{q8f-Tlkx~Q{P7}W9t
zl2Zn_?XF|XN&3%o}{5w0d)w`qoc9Guu
zNt11kf9UN_pkdjY-?lP=Pe9czz@>3Uy%!(WNZ~X5x0bucrN1KTf75LL|JQjtb2^_@
z?GNLy<>)cu&S?08RiZ-hN%G|~LlD+lLHnWNK=b|rq3p9-ZUo6g{7xeZ0#)SYiSJn{
zFHry@OR4nqY_MvmR}&Z`0xAHZbd4<#d=xcZ{VhtR-32uI$>R}(Y-1^_l?1U#U1}$j
z=q8tJ0n9ISEkEB}C+5vPv3eE@M>N-SMk7H+ePQva#uEGB)wL=j@p~o87{GQ8j({SC
z3yL(Qt~|h^mP7$6aVhDD772El%JY$5u>s0GW~R5>a>=0gO?_h11uH56OTI1g49#|&
zRI6EtF5`RNbwF^i7nhxc6=AGdCE|~5+MyO*B2U7XiYsc%b)tk(ptAWo38<#sWrI7g
z$E@sa@}DeDwC8`VJs`bKZCmSWW`FbvM
zG6Do4!Yna5R^CsBa}WhzV`w2qJZd)h?K40&j%
znRu-Afk%KL15~>$lYE*`RS(1pf-gM)|yQ5VpI7v+6UKFR18z^EHMf&rkA;=1{VJ>mpSgScQ(T|3V
z7JHd?fP^jF$f8krfkT6Ef<#uFn(fp>r)HsB7SEK($Z^C?bY0s^bkN
zRkU)Vg3UftRWC3|jHK8*$Xudoh^L-b4l+_A+)z{52&>JG<#7%$rf|%M_3-a^Rv<$_
zcD1tk9oo3{&MNuLW8Km*tD&k}SrwZ*m&;Xy0~DXfkDJucgdMq?p=d~YR^DjCR|Xg>
zbSTUla^FjALv+y32nyBq^CPfurjZ7~eH6ogVq%#%eR
zJXMHzTos~R!#$KVq(?5ia-$Fxr&*I&cj
z-54v)r>+RYb>Cbqnr~3+XaqD3kLALPYSw?5NE9%UxLpE+XbQH%Ac|sokN^lx0VsY!
zRZ0X_BLj@6LTnaU6r9J+E)rboASkc7cxQwE-JvP_jH#)}73AcG3UE`cIsB7CCQK`(hZ5A_7YbJ3
z?@sb1H8xOyyI=E#5jOTu_6xEgt(f$+5T@A*N8IWZV+hUku;Y^;Nf>CW4pl9@xsws9
zg`kdQWZI#|FXHk9x^0fDc2RjKKd3?ADpF)sP6Rs8BD|SxBa~IrBgW
zk=YT4)7s=MqDMXG$J?pg1g+Nn$J2kz5n+fgI&P!xL=BywKRGk)f@u3M^O4u=Fq99^
z%93PRj$)^m<0MM1H|(WGBq%+LzTZd&%n;U^WAY#?7toH%%grW>P8(4Xs)756E)~sr
z^EDvRNao5@@E+eKCoal=kHaCrJRnGz6VX5g{i~5veA*&Y74JyOATVexjVYu>a;}?I
z)1<^SOF~9U_@h+|uD{hI)U{DBQB)(UX3kN7yezO?DVeTTS*l3!S%Vyc-CS!VT!oCd
zKtP#UZ#crRR&%vP<920pt4#ZM&LG@M+6ocUERENGe!Fb1Ov;H(q
z^5jnU$l>D^7MV4EO8jl7oA(_Y4km;`(i)>0qOoODGpo^rsTGQ%8IDjez?d=D_HcZB
zVnW#ydZ0F>v|zr)-y=WaR08ea$t}3T>_220DHM7Ds1ncL>?HhdQLBy;B-mGywVA(Z
z))6t2RI0@-SmlMgI>DX{EmPSRBMdCWME(JZT0n&qBoSjxT_Ac@Q}xoFffH=;2z1@|
zy$)nmHIq*O%SXV;B0$w8U+(ty>=FYYYp5g-2@EM@!#!{jov9uBgvpcZ35B5j;yU?5
zcE~=D+ROb66Nmz-%~Z=IL$^*`sULWV^NZOJgr*6
zZ7(=Q20&sWnUs76yDuV+6CoUFS4Eit6syw9b9=b%``!ar)KP1pBAfsej=6FSH{wZI
zo&Be%*DOH-hGB)lq*Ud>^nQJM
z@Q60{D^Xex;Va?FkhCpJw=}LTja-GwnM4L{mF~)s`y;a+6IshQ;RJ*t
ze=s$2^~G}0P|F!%SQC7qs`~
zKI7!xbP{+{htk{DRuIrkHd#SQ>{H`5urlE(nMGM>L!!>-MG_d1{*W8C5BQs1j0{M)
zUMmV+M6%Qjwu*Jl4zd!rlq5p7tNnH}Hj;sUyt?~`54gt%O%pD7ibk)FvCX5Fnq($P
zcOdZ-i@>-RF)4uSyZbR+6?g_g9&92j2=2KgrOH#|(f<))Ct>6eJ^VP9E11i3LaSCy
zl=)GGZ1NHc^;^uKRzStgqMx(^D%ooE$(dW^pSLCQlIxY)54wTqQPnfsOt~A37`U=>
z2u9?vb*Uyws6W+MT1pi;$6d!g9TjHI4EpU6fdzB%N#|tdevfwCGdlEs5|DFnb2472
z8pFtHnj#7bR;o&Zh!PUktAkFP5-UkZ$}0Rt3{)iCls}`1`-IX@FO$cM%`L3-$Nrg|
zp4#W4W^0PMM0i}&(DBRyX+q)Qq_~(1XmwPf6RO_%
z-C`93!~joxF5Zc2=&8IU!p%+DjyO}%n3^#m1EQ?IgcL~Mt`L8#6FdD@7CzSi&t5Qd
zA~j%Gwo4TJSBk37BJ1=NQzdRcn=9ddI-n*lj?82v9G`ojR$82dDK3ynTrF}uEN-q>
zXpM(mHOq~-I6#E}(QfddWO0d9q?}}oiWs1vCyviNH&>PFV%L5@5;PGyDm^lr-m>Ip
ztS)Yds!S*u2$!=0NnVzpPW4e9n>tSk)C5KuN+#y`&(t;3_`xKgG~C9@SAy#jC&9di
zp=z{H!96R4JxZD@(@eGaLD|+A6}79x8Kw3hsMX0VQspzq2iNhFlm|`APzG78t~4?K
zX=)bIs~8}uVzxHRK8uUbT{1f;NQB5SN669(F<%gmVoQ!GUHB79B;!xtdCDBg2R^qe
zgxeYHno}}a?qsztJ<#?^FVPyD4AsoMY<;^Xpp3wn6$9;HUo;m7H(-i
zc%IpiO^qyyA)4FkM7@k^F*RMlC=38)?;0#`6bbhw$)99UuMI6X^6N>jFC0+iSII-?U?#R;Gb-A7*;^bPIqw-@cPhL>ZvX4ga-5E=
z+|Z#6iQhY-c3CzD)AjXIE2v-qTXfI}F!~bkUsOv5in9adD0oTsVvif^zMICA`rFcx
z)+p<34mrr9^eLZIP*OQ-Y!JfB*RLdUq@T{vaw*7sd;HH|1xG5o3d>sA*HO93-t9L4cI}wJJij
z%0LB?EgZ|;dB>~y56z~iW@&zY7}@P>
zIjYOWaHiF|QoFbA!QM^Qxbc=`EYp#cEB
zPJ@V~ow_)mm`3X8E51@+S>CQ_^>eyGEszWWp(GarpDM&{P@+I(Ycf(Z5g!vHu96{v
zh({+8i;Dj~?7Y{o=1cI-_MvQ!JC2ZBLsH9v$N5+&q`?xcO{kqF<~|c9z#Vsh&-Ut=
z>1x!jBe(gh%`HqQ)U^%;RdCQQvqv6%$?~s``j4Y)ub>)Fu3rSIl>VlB)CMQ~!2n*3
zcj<*EIsIMy0PbBa$qLILDY&iEQF*n++CX^%XOuVGYK_VPbx|dT`D2P-3`?Gv)QVEe
zXodl0(!FO%Y#wo`xcRoEVTs;-U~p%Uf$4u`jEIgAN8vadT=!`TZfLiRMzrg)1Q0w{
z3j8ca2^i_qDGE`P3o}R*&DH%#aYYy-VK5_%z!2g1xS|fk8s-Y;STtTCN~z#}YrDa5
z))Qcy7;n#-7OX5C*Ty^;H<8xjhTU>+*kd*;4FDL-L<1YKQL-Pet*B{iC=A8PC{mG!
zPDPg5$zWEYMkUV(f>GtV(5t%=!y9z*sV`#1$0a5qwJ#iE6;#Ajm5}TMLcgO{4^WYk
zfhqvJqEM_GZ;*^#qEjb|8e;ndB(>wL0)@nQqanerjp^Tz2!8#y7Qj4(o0Y}L|9&r=
zpV+XJedj61G^
z3wI3HKTbL0k6OpgX#6ezKv|N#cU;=9LZLP0y5&HO#vdqoQ=teHN|vysl29T(nnYUJ
zlGqhHR7rKc4}A`hfz`3eRcxpEX<}qfMM8wwJ=ME`k?}Z%70zuUc_sp312no$ZZ}Sv
z3I^jn1^aGv*+&J55k348a$QgszabjpAux-NPiKZy^aY}m^D>jp9Tx4%=Aia`E<$4)
z!7S_4LmCW2P=}QCYJrI6#WcSn+ZezieTqrf5AIRJoFam4wCR_utP8|eP&Pa9;HPsa&
z*ew>V^d-b6BBNZ+5Qc>cK^Zi%U?WN@-B>oJu_L~fg;L{s=2ehT_SD<3S!Q{L(tntG2Nbo1$Z84`?vyS62LQc5
zLcj4Qb=oRtl}T^5YoNq}(uaNgrhCD0ISM6fboXhFs({({lWdS(Rir&YOiEtxpFI
zH>z~p=y%((Y8C)W4uHTB=cA%YM~dnQ?5bibge3(u(yG+Ya8ee+Pw4b+P#-yX9uw2_
zqzE*05kGE`D8QmaPkQCHM^BIJ%#6bIF7{kJX|-ZuUkr42$90Eqnfmp
zRe~LcRwd`**!dOex0y_aOeP&WyOQQ=R0U0k57)MBY$*_0q7ZoaNNt5R7lIBR1{1_9
zj96QSM8Wb<2aYvUJ=y??R$ft3OcXmk!Z)CmMul~UwU$+eiY+ACmI3LDghMu5S;b``
zMfC(Tp3&=i9>Ud_yx~1UyjEOb+7f}pU`2YE9c=U?!|BtKGWLiGNp-=ID9usEj8i4$
zCgUb_D443)A!5a~SEH(ZN?GAHBvFS8gT9l6v7ure=mfJS3W6k^A5l?KncPMuj_(f&
zy2~BtwxCf$*NpC{xmpXC>{gO^Wu>&AWy?4XJ0N8_+L;y(B1=~4VE8_u6Y(BTiitC
zE3G662gRC|2bq*4lS`3KJE5f-q`NwfRq@zc0%=>=VKp)xT6!R`?eKG202b+VhHNH_
z4hxhA1z=Q=x#d^ld5PkCr40LF)ImgikA%sg0?5Yc8Mzfb>v&Y(Jgg%TE@-T4?9RtRl)T&v
z?ebD5q>~3q!2`8A=Vk$g*DBVv`6G*CdQ2t+GJNqB*>wCn)8jNbzKSSv*Bc>^r6B&X
z3JMOv8aVBt(($?MU_sL%3l$8L@@rq~*7G}3N?g6tn&IMt{Fx**7{S&R+PxZkyK@}u
zFR+-;&^9&ZvkLQhi>9`)MkA2Vn0r;T2LeMV{LG2=Rc5mRO?)v_&`7mfCn+e
z0m&YlKo-1tW^qwm8=$J`N=jL730Iylh>DQ|4@*@(eIXQum!jm@ap4ZaHSYT!?W_^k
zGnsLSVlfhL#kBT5r)(irh*zfe0V(xDT^8P_UwHE%L;>0$!wgDkri$q?>nTd%Rgoq|
z_dKt+=spWJ_Si?#1jNq>2B1cedWZJAvG5i^e(qzb76hAF-
zOGctqiD~%m4zzDBu%A
z3S%|aK&!+uHi*Ha3x0&oiub`qukb2}5xyvTD1Il+JH|qZshytCZAM4F5uW3~*diZI
zFmzgzf2Px&kMjLdnd24_0&yn}>CT0b0Yn7iZ$-rt$Je}8kPLEEzCI_?;e3>f&`>ay
z8Rrm}x2H@eGfb~hMxipAyIgA~bfzRnOhgn#Y8()$snk|wcdDtEug(*GnsmJs3DHMr
zYoWD9rIi%Y2%Xpt#=us*`)1aI4BN;%_`qFq43v+J)&Qom-0hVn5tQgd#X8dp%2s&@
zNRbdjkSsCEQfC@T38PA{=ysB4s?jn8G5iAsSj`h+B?TdA@>Sx060HFoqa36lILm7e
z%=!SJH6euLo1obLfOr#90IUW~ZNy9^%8^x6YR>2F(Q1XoyvAbQAjF7ah=^f;^AXWc
zPb_&zlR3vIgbi9C6_cH?tYu@H%5wT{RoBo)jZ{U=@?&ER+NMU^)&mVsSS)yo1o99CuWAIaq}nPQWFo$QlhUmCD+;KAyo_ntuzdD4*26V-}8e~837hM
zF0UU?0l|++5|yoBD$AI)k5ER#CJa{FoVJnpxkMzeN(H#_nyYOEs|{QT`6M}SXL-OH
zC3G_n<&;6xN?g#=^+WkYnQ16#2rd1$7LN+&!m~-2x-7gXs7(au$XBW^J#)oz3M9o-
zVn#DkvSQ|ZYElIuNWqw?WS9!cup-9l6155m$3Bcn8=G{ia8k4;WjBJcX8(7P7T4PL(B{!zZ@#ID_)r@6o6&FAf!|=$3xzcb_bQ5Qq
z*))U@xd_{s21zkPU`)Nz4E$3pI4X)E6e%+Kgpgc-6#ozfL_{dEAZ3u!wpD4An%O#3
zU@nwD;~2R^HDV~Pr0e$1jeBP#1i7v>#bQuKdE=j&D-cLivC%OMp{)|LbPrIF@rxb@
zt}2}Z#Goii=!#QJ4%sAtRLrm#5#WNrGMAhrnH8n{z}7;&7T){$Y~&N
z*Hrc@+m+GOwh*H!%sA{xr(l&QpcEra#T|MDjbOt$c`JAGMtl%PzXB^o)R+p^8c~S}
z&6mGO0xhcnxr-`?860kRGUrl|D4W3j0y8P;7v#y3l2&q_~3IPRyaR6OPpL1&Tt&f
zB3M}$BR2!tCT4MXf#0SY1`mtw2N83F}D@Vw59Wr;NjRKemB!QVHCel|(LFAMKe
z!gv$UlQW)lR^~vK9<;7idj~h@gYK#}tc&!c0okcZ%{gX#@jT
zYVDfHJM!3h8NuQ&GuNI;;njuXlb)Ee(B_PvC%n;yKdW;-1UgTj*)V#X9GiSxWgWd^
z{;<`V5MEA$w|N^VD3)D9Z52ou3NTJO&xs^7@qtYu`*3_qWyc|12zh?5jfPexGZtbD
zaKTJyMQLzFAtFSD5EavQ1fyOXk#GF?HDO{9lof|+nyp4eJl)q#?%tBzRHtL8QMn6K
zT4#cGIt7_raE-8B#tkt>zxK+KG#2b7TX<3^rKJltc{B8GfcGqrNbaFpCn76P=8YBF
zotir7g%J3dE$T)^YRY|$>l^I4f9=$p_{TjariXH#@nQD{?$62~(@;Y8;X!W{E
znVjcgAV#%TxyG~{rxH}b1t!TdixYrCK4Rx7a~zrJIu&i{)+q*9X9^GBvGB&gG$kLr
z6x{$jakzaiY6I+sj^$;Nqva?8j#r-$YwC<7+ZdyNrF9M
zlQ9>Fbyz2TmT7}06X6{z(Ey;%pPR~qqX{&U<`5JZ9?~XDeA8KBT2@tIQ(AgoP)^ky
z%{oa$G=h&tErLCjA&2v2aV*{;L{wJgMnMt5`BI#LyjhjsSIHdN6n9l-sZIWzVG0&g
z7;7YjSfHy2h9+b{n55YJJ*b?an1>@13~@ASVhsM0)$oiuUXwYbwvZZPjZURO6SJ05
z9;(+0rIx=-Ia$iAWl2ro05PwTt}idF7(hyimEnj{R#rHhpaMcj$*xn|!u;CS2Y?Dt
zW|T^35RA2XV95N|gw-YbkjaHA>Fvun^O2`(q&rlIab$;N|5uSTM5L7y+a#rm2^
zlQkdty>|$Rk`QcQDuoc4qUODmL9)rr1(ghOWWj1PLR>`5DG
zXDG5!m$W&hB@PNW*ST-H1t0!Bp_t3U`}hYl#f4%NRsE$v1}5TEgi0gDqcgfdW=kEC}9q#
z&I2-)q!Yx%ESh8#CpC)UpQ0m97lqDlPfS@WRcY(?kL#6}N?EEh6HeIrK#&U}e}BPy
zB*JkBY*RQ6{o`b#RBG&^j52wnA+a_j6iTWn8=}yc6pcf~q>9r@Gj$3s8z8Z~7ZSQQ
z1~KyHtD%e@VT!17JbH4h(^}%sbq%HK>0ZAc4yn?4EkcQ>T9&2L$lTEpfYF7+#5ulQ
zQG5$(UK#-VkRcX8uYnJs+KQ?kv~Sb4!d?i&sL9K2dC@
zGn%#Ne2mV=Sy7t-k`_VJAL3=PFj3@|l%5;Q1RX+K9%K
z%S-{JjbE%-WAa8?V&`SoI&z#x`LxljH%o&;?*6TCL5Zj9k*DR^{j8wNrNWzECn*?Z
zbN8*&kPSd^X=ljaEjN{}%RnVq})y-P}R@#Ne+@*%7WccsL;wzHJ
zm^loi^8_V~x9mz&yQ$Z>>5BQ!Mt+Y^G9Egb%%`qw#nR>ip2@{m7toH(TZjlcMnuJ!
zv0gJ(qT)J=F^Eifv<&67l#GLvcyO?BRGGFxMLbdV5muwokG_;pJiEeszI%;h#5ENi
znJyz{#saO@^1!&!7z5N&EQ^9FI;ujaFMm!hQ@kL|7!Oo*g+wu%i>RWr<@gt!9}^hm
zoLRb?>0V0IXL=mksH|$|+_K2=D@OA$FUY_o#eW5m*EagM;gPWRm}Uf#)z+j(6G{}
zLuo|e0Oz$X!V9JKXcRNf=*D;zNpDX7#ukwpkc0{f5u|v1gx~>VVYES2TPdgoToLIU
zc24P}R&r{y_$G;CxSLKeLli2c5eO|c78I4Rf_Tj)c*xq3XO8Ss9doywxy{)s_Oj!B
z`h~YFw=w2)(Nt88F@QDMn;Dd`hPmZCLK_fC*B7z$RD6Mhr>Q(IT@8iLP
z2UxCFh#?|Sgm(@gf~{-JXEQW)jTi!Y$F!@uZeXhlkqG@Tz*9t1RoIy?&~-g#vlg?q
z#nJHz+%RCdT4Cr0T)%Pv7Xr?fOAry7y1}ez(6$Zciv@NT6^6dUojdo${t&3@8cp56
zdk5z^;deftBlrMg4d(M1+P1~+&MsD~Gra%a2k4!L)(Ul1Vb;#DT%KXo_fQ&G%;zkF
zmELqVo8j8EtC-DNc<(XzfWt?}c=YH93Ndd;#v1JI?1B*a^|t%yJBQGNUCp
z4+3E}Z!oKC>>upl>Xj?#dfpJMNRw?{vr;Z-gy0c^FC^j25lGl-5;H_?+jBt+EzcY52g3
zxCFld;N;g~E^b`k$Lp{E
z6b=p!m@n%+t{+^53m&W05<#T7AmH@)81KFJ0q);F!rtBve){7-3)|GNDPOFz@Pk97
z2wPQ{)h(8*CEk4NZQS|bK3@CSt8gyj*6Z6^FZ!%Nygg<`#tmZLird2_PPlEt1%
zr#Urt%bER?Qat#_C_PEx(8ho~q3b$mZD6Ib=)0a}*mC0Q-H^N4GJ+>{tr6_On;?l8
zNbEIvF%z+oj@G=6NRcQsB}E1b&IK4kJ|QXaFx$zX+Zux)_L-MZ!!sznd7>{|(`@ml
zCydA`E?6=e6*2LLriLy?%it-wFA*V9kRc3Xoq4zx97=Q9H2g`KRAsEX)w(d!p3-Zw
zc}ps`YAOgRC;Z7_DhV{4bC}KNu-d|hh;}wd2!!AXuJ?HK=nOye(?5sb{>*RV#g|_O
z5fCV{#8&LJ{^E0=#XIl5kG7rRH-7y$@Jqk=OFYS!n4P-jWBb>?@lAaG^Zz%#`R(uE
z>Xobb^r!zWKJ}?zhE@uLbhZi#-aCB#8{fo-cOT;9bcMh7nSX$v`I(PHDTTAu3Py~D
zhzR%Y-oux_{2hFB?_JCnbNtqC{e8Ug`o|bzAi`ok&&U4YJ+wAht(N%aH@=PUe)mWC
z@ZLTA+OPZy{?p(4huFWmkEU*T69OSR4`>Bj)i6ro(W6KB*MIcK_}+Kk#2X)PF}R2j
z6kdGkHvZ9n_K$Gm)=jLIOL*r{H8pHy5kufaTy4-a4IVsvfbV|yM_4X9ga9;ci<6TT
zUU~UteCF?c2CuyKDi8zuz6Z3z?qUb}PyZB$hyO1gK0Lw0!$5j9#6xw|4Jd#7sz
zNiJug$Q3N&g5w+sQPaqt0mL&mqU#5=wL#O=h%sWhTtY_;+qSUAqVJbLWySwm6&Spp
zaNjfDD_r~3%#2QE@|p^-;ZaE#KwiU`5vGdKaTl(^X)_erRqhgMc>0AmdBl_k9;8Q|
zmoBEol~8}mxF4-jtVppCh&ZrTmy>o(ZT5uENhGq!gpq2K9mB9@!lT7tB{wg+@O{nH
zF`T0`t<#&mBM!j7|bjS92!oYe4H7edqD~t>^I@pZ+v%Jb!!RXL)#Zg#YvZ
z`ZMh9UBM@R`IGpiU;4F;_cNx(*S`KOblrf1gDd!zPkjo%^vPe{c;BjS@rA$sGLBEq
z@SC6hO}zH{$2Z>Z^y~!x)BpT0008^@`}m#T`CYv9;>(Zy_7yDtmw)juarEd6SFhc`
zZ~xAJjGeuMi+?M4eC4Zui)B9mszTSFL75tF{PfS@H-GChXy^0Ct~=MA;!pqdFY)Hv
zZ^POK?QDUe_qcZT27c|=ejP8|e)Zh%EIW_8A3ns_zVnMa=1H4gxp5s`3UqN$HA6&-IfOeb3NPbnPZNa&zcT(4=MIAJdc8$%@~
ziolLcZ@VnG&#>biX}3gtq#{ETzF%qPje;(zm0mN~P@|v$8>Gi2)u+f}D-#&fV1~*2
zBe#*At&-AibH@v8j@8-v{~EB?V6m8ss)ustqH@fv-u3SZat57Hh-ceSJgAT@x~kY=>7xTfAA2_2i(2?0LN#m
zjp7gh_{1lE7O%hl2L6vf{uA_lk5xB-U^X0u8(3Rm7y?dD&+zDIfYCs0<-RghBk4Mn
z8X*H(_u<9)A@YRHq6!0@GQ~5kacL+b0l_(0YYTW8WCB3buob5p26Tes8$HJRj5M`>
z-|5ZRWCiaT_9_gDoE!3dq_P!a3>ch41-sqk>ay@Yh2a{F-EJ1MV4CF>0cZ&!R7&Nb
zLsB`kWYXR0Y=JeES56kR5b&#l*PE;Zm0@J>=6nDEAOJ~3K~(;%HhP2%B=vMN)PPCW
z*d%~(z3@&n{RAW7fkQt4FtAk%P~go&JO+pq{NUjRcR}IRsH+OLst{=VVvXVr8)Aep
z7TQ!>?`sSj*J#1qw%t4tMjKXpKJjB)!ER?l)YsVA*+tzxLE#0UjYVBIsOkz`@36PO
zkK4CzKRFzzHC}(?b$s>fe~S<9+(p|mwBx-;*Y_KLWoP#QZ+!d>RJO+1*%D`~4y$hS
z_u)f8@Bw}A0C<=>MF@$KERKWOl+!R>rp*UeEj#v*O
z6$ijBZ^2{edw3tvwBt!EpDJ@gaB&?Kx{(+N$yQaZ-}k7i234iu9V^Nbtf3W8l!prn
zZ=?ugD;R4olv--T#z0CbXltj=HtXH7VBb|`Ft`hzJNn#Yo7!;Kz54`(civ*Ym}Bq*
zu3fu2i5S|x85o}Y8;z!I;iHGGES`Vj>+gO#2x>cf-sZu7dwseB$!o`oGwpMHx1gh6&lv|;(xGzfZzP|uj6|^
zd<#k`%x3MD&$t$b3NV|^U=+c*4zX}{Q)Nc7j-W6tlGAK5F=jW(jGq;6n-3vlz*Y8^
z0HLbbTC+ZHhftX3;wUsPz@2CEg*6t}JE(qeKQT9~B4oC_#LF0$S`nVF=p
zP+%B3gy{KGu?9K>AgIgCwP!Y5!<4D8u2spFeMaXTExoC*7M`U!UIZhnKJIM
z=PznvVJzo}5eUvRk90d8?BQIG5W|H|Q6WZ&9|neDfOAh)cz1So@Uf4*iuU~)^TqrL
z*9^O=5k#756so4e?%wW?wf5$VIkW^6RcoULQ7(V{S8)%vatG?d~zp!*!kGxo8VNBw~O6*Q4J11tdB<$2$D;R79qRz#d
zLXqqdqKI(RNW6@rna~s~=F^SV8kMa85c;8)L1UeVX)y-WO`Y@CHh!Lw&e?}1QAd(2
zC-{Le!Sq@Jn-ryV5E&*XLn5s-U`%cZn679qEABIa8X`@;IR0Y!A~8jgOx~eMvP)}G
zKPmo(6ywF&3s)SHl8?g3SV+%d#4R6_P|EXeTBC2ns7Bsk7`}Eq9Chfl@s7!rD~1ST
zG`tINy$7_0sSO%iA=Iq?sVke6bKABtA5(g(x}ZA^<55vR9#7TEAchEQE-JiZVbe;X
zsh+G;shbKfzVHGD=dic8_hfT1j2+qPYz1Qs_I7t+)aGJ;cyx%N@A2Ht7p6tOo?~}+
z7nNm9+WP_CdjuaYeEw_KuHw1pZlJAeblqyphs=*r*A;Y*SmSjX6JNYoC*mZWQyj)?
zgM{&;)_{bZUYB{m45d)l7Q^7#&p{i^=5xdt&<_q233K6G`_N}LPd-&z
zQ=IfhthXGB8>>KR|5B`mQkr0_f)9~RflLLZ`9#IRoJ<$BO2bPr)`ZLSiDy-KqqK8l
z2PpA2#*V>+LMib+faU**ic`o9HEZLI9c6|&Iwl!+WXZ0buo$YEDJ;RqJajO|N<_C}
zH>beEE^$vi2RUp5QBotK3U7(hZ%JpzEFLmiQ^U?!uOFj^a}nNqC2D(ZUs3@DR&u|o{jR54m1XzkMg)t0?>Cu=b
ztxJj-Ue77diP4jw2Bm;zRzoR;)v5y#dsj4Vn=|KF?Pnzo+RJk@#VZxpownuqL&9ve
z0<0)9jb;TOER6Sv6xin)3fdYpZ3E*uqb*>NT*T44Bf7wwl;QVltex6!UKZY`_+Z*%
z41&zQUpaP!Vl48#kR#Tapc=q;r>5xK!mBJ9g%-2*kRC`$G6L(}x7|MW`p5A5|M(x{)(f}r@=Lcb7=%$l
z719?DFEZAsHc*5n?}#P=j*6a)Po|+oT8wiZ0b4igIHuwDs}8f-4EtNU<*r-d@WDf@
zRx7;z+Uw{3{rQ{EO%S)cgXpT@m=55@ao+q5xG)R<{vkb^>%22nsL
zXp#vdqYVRNHmI>9Hmq3HmA$Kr=NP}3ab0@nq%eoPa)bBT2U#~M8j00&AeLE&7_ujH
zkkn2^MUbjC;(Qn3f}3nm8GfcHFivtDM3HmI`n1STSR@Tca7z7U;eG0bx2lW`6?85t
zDTX};506BzDIo%rm1E_wEP33r#iK5)8#fu$AQyNygta4@O%
zi{rfib-FYKT8X1g;0T+j3!mrpkG+O}`cMA}+F6SipL^l)#q`I*;xGOkRl+HxHo`Eu
zJBEkFSU|2{y9T2T=99upSglr=Z4g9|2>(L}I6gkX-rgQ|7MmFnrzdB4cz7rr=}oY~
zHC(-N1^4gY$1n^zF8*=1pL+FG%w`KL=CduGyaHl`^Pbm=Nd;FDiDmx4ib}446!KC$VMe0u!PrGlg-l!@yA*Q
zTZ`2ib5KHu@lF&-U0%7!rOw}bsX?Cvb^
z{qO$}tFD`PFJE-KdGjVrRU!JgrSS4)5}ZfSVsLIp-ek7R*Hhny1h*+UjU@UN53M*2
znO~zge?d>aA#O<3xo=mCXRk5_$@4Z1-%>REB-k?Wkd~s#NhL~g5pG*CQx})Ga08qA;3A0x@K3iwDB-wNl%-KWXj_M0$p~z&t|wbSscB`{S4nB!h7AS7vx6
z=3}{nf+lrgGZW)^woPR%pct$7A&6fvXYLKXM~KX=<@~=`7}ZCfuLv7sw6PRx%2*^&
zfT6=Ee-9s}<4qT|PW^kj>ZQ{!Os4W2BsFB0Mfa%}ULpy!QY1$fJwga2l%SELy{%!-
z1ZyQt7m$HKldsBns`U($8I?(
zfDr|r%IO;CEhnGGlvgEgrTko=$>7UGF0za6S31aD^q6O-OT72ayXb!57cr|x@j;`f
zG`UAdM>tz9w-grcvb+yCJ3GUCF~`*_S2o`F;o%`Zx_58u>%MmFDsJAmfngXh4E;H7
z>f=r`vvxDfM2Qe%oj&-451fzxD39hCA16j}iCBY;v_@gZ&mq1kX~l7orvS~KVQjg6HxRyuT*Cm~8j@w-Th
zH&vvLqi|%qyglWPcZ|PIan43emB)fZ6H}bbQYg&GNoi<}BAq~;D|$+;%Xj5iXw;Y~
zC13b>#3SKgj!`^>_?Utk3*QEH!Mn}`EVj4Ig*R;&=S_9!DShNADDrWIS8c;5Haup@
zUEX%7blnQ?zWYA9)oN0B*Kdc99$|U5ya1zS68>tr!mMqvv%9&YefZ!IAH08OYvG&E
z=h#^+uw1RsbshS?=d|9RbaN|cSd;jvCp-nINvzX(qbCv{X>7pjHy2_y+7B^|kv)Mh
zkY}$DqoJ(L5M0VjV@|k2h#nMyx~}s{&{kXuqGRm1sw|994uf>n6vdmtXxOxoltBih
z#Ge60Xn@M`LK+&EE$_3ycn#yK#u}l6@qan2u#6>%QviM~vuPAc*uticqyQEIhFFF}
zl615q?7%{fF_01%RcNDn2N$NFQW@#}xPpc}ty}wFHOYw6Q`?E3uqaIN*vB;##oX`l
z_rb+QW*7$C`S32zR!dyjzq0jyj}9Mg?Rd*i(EEV4Wx4Oh$2oe0_uhLS{V-s)TAss<
z6Q1~neaQJ>Kk3bg9M&5B*ptt+5ipsPoM>h|h|;-}C81XuiP2ftd*=1L=Gw=J
z6AiT17@UV2dU&NoE?t2rqFePDnu{`fP)Wp5JU(9^)6<>G1z$tOC>^W}zNK^K<54)j
zaK
zgNM^qC9sb3IlwbSz)-;80=l6`UDd2U6!Ba#_NPdBvr256szL$3jULrj8;~A@VAFl5
z@L3_!Io3-RzpH>8sH`r{$)0}UZN&yK6?Wb0wu{)MI7f`3kZKHJn|A7$
zCcSRD{pig%@xT6We~6pU-Nbxn{@B7>Vun9CR!6($vOp-;6*3gxPcYb2p&x37~AqiVZ)uX8GxH#Lq;gqQqYzL_e6R6@8Lrf=wfhhOl
z#OCrpmB|8#vCE7JjGUO2kE{eLzU){?jwwSEn@m2|Js8sOra#BXKDb#>
zksdz;#2`}S!oT<2k5(h~OcH@1ww6%_fa&kj-zNfl+HBHu8)0yivGW(*9^8L`FZ}fv
z@$GMa2dm}w!WJd%H-(8_RD7w}I$sDq`c-#f#~Wk7$?0h}>fZG4
zM2so!?d@al0&|=fUw8q(`YXSTU;EWhVX?)_VQ+5_`}_Ooy8+A9b_cfiKllJ|z4`VN
zZ$$Y$`#9Ps=7a``qEESen!8Dgk|Zrbn~|dYOhNYPnq?d{#)x5H>(KN(>3-=%=)K2s
zx#UPAVw0aleNz%**|u%&c9}v+xxkjg&15~Q<+_bAnJ!W8Zj;j=)~qF&E;r6mxS0YV
zCsv};;q0>TK7--f*d?+JY8WHW6LO{1B)(_!#Yj*pAf*K6PJ!0&(}KK}QeD#mGKCHu
z1O!pxq=DDOs-SpGy%zfe@TAu}$4B5Kxpjkd42k2Y5FB41bBSdt^XB#r^!I=NzrgSQ?(b}c
z4*+0ivB1y&+$ZpZAN~j@C#N{s(rLf-)?0Y+;NcUk=HNWKo`-c59h%yru~q_H#S2%F
zFia%&UY2LK>M-ujV?uSpp7U%%YjjO@~!Qr&H
z*+ttnTOV&227L6v75+d^wLh^H8&AsJoclv1c9^fZPD7-Sqe#sG3OF~7-J
zwbpA81~Cpz5nlXOj8Rb1J(CR2*aw8K1Mgiv*?I5a{rKMNy2{DMF*5cX5d@04yghZO
zA+ZrkcEVT`g=$g)@2V`8CG83m-tK60qbK;W(Kf>x>8G@XEW`JRC^IXxHo}MGsFL(U
zku~TccwXosur*(dV+_3PBRVBqNPuc<$D%t=R38-e$8IZr;3!#e8<5ou*P6_wGNy7r*qC3%>`!#hCoBHDT=4n3
zAOW2lH3L^CoQ}*ef(_&BInF$-!*`rmL`6$q8j2H^RV;DTV^OA|iDm|?^
z3S}7l6Jd)NVZwfJ&&1KFg%_T~Vm|+g)}S#KR}KzftwGmyTL*ti0S_KL#23HxrN^=|
z5MriZ8Fr9?cV2kmoO;qUTwJs4HWJ+61V+KRbZV^)jAqKEvFui+h0zd$7aX>NwMI7V
zkh$)wu1AO-+Gtc&4J+vwBqxXjD>>&FU#1jar1DTY8LO8+QOs|W!Ymi$ywR%s8odnl
z0G^ou>_(=v2Aj=!z7Had_&^WAWAK;pKhF^39r?NIMVN@5P&uF`FvO<7z4GBRP0h$8
zb!~XD4(BSRGmfc?7pMvxSmh!$N-m+;{xNP~B_!KPHmNq4&l_k{1JH0oMAvobx&a|@
zCe}q}W_+iRBia?%~5jIPcd?bEd<=e&|tE23N0My)b#=?YG~?haY~3-Q8V$
z;uD|PdcT8%eF?h^TR*$Hu5om9gs*-5Z*h3|2z$GG7q%4X^XT0GEizgw7LP_VFE%2=
zNZ_N70TlRt&U^7{&_((QTbM$IYN_jWKEPPUL%nzC`;HBNMCBO*ucNBw4mv{{!Ul>l
zu=A7oe%EdwV!%*<7?`=4t>WP)&Abz1yBRwfB)Big#YK?
zeG#v|@)G{rfA-&S67h!H^UuE^m@;jJ8;mg+h5_%t|32<~cn7cCzI{Q%8-W;E${r%>
zrh=)`@W^K#ZaP(It$mu4z+(a{;ah?D)llDMHr|a6_Lt?IAEDf@SuVh$4bu
zy%r%x4B|JDoY}nhQY@9cwvwki(mT2MM+qO*yynESSt}q!R=lzFgE`WH*u|{2M(|)l
zhz=pdoXM7;5w6$jlGN}lpau~02o=oa(4Nz%#M++uty+9*3Gn?>)Zo*I&k;{rP9{+0XqI?%cVP2SMw%YuB#8%8`Ft$7>{=d2kNz
zzVja31)E!pAu|TC{Bo1y-y9?44j`h#La0H)Gg&EUl&FOg7Tj!i2^aLX_8R5JP}>1EP1l
zsmS0h_yI9ViZ!5B6!;FH=o#LK0ae9#w$hN_^J4fOF01adU^QfK(lJwK5_F<+y;p1E
zf^{A3kH04nMcHkWxsD$FQ4+pwF^D8I
zoePm;VN@+xwhvhy=o#!&rlEaNKB^ktbWiY6;pUIf+OMfihgYl8_@AeUR+#AZ8>K@q*a!4B+g?l&{4YuMzkm5|3Rp$yN~~I_FT;
z4eGjr4;nNK7WBI4$Vf=ecUP)PVdtg-cZ}N!M*$U5n|Z*87>w(_=TVU1m=qc
zntJnN_QQa7HbdRC_|~_-i+A3AXKUdljB3RYBjOMcy@TdFN8!av-kz*MCtYl1EUdOu
z&*W^u7&4`7WWadz{eT%HbRhr$AOJ~3K~yNJJ06^k3b-Va85|dEWweA@hOAyosz
z;NfC;>WA#h!duo>T8}vy|1rfb5tWLx>3uTlu;$!9KAvqmOF;uq%lAZ_!JGe&}m
zfTNVh#+~QHrcM|RQwK2`&7Bi%tgwBYSSY5UoOCtLd3aA428R$7Y(?S@#i_4-zXD=E
z&I*ap4-T{00?XAY`r!=Sa*5O9BLER04(L`LD#IP$F!VS%K0>!zAvlk{y&X8$;hneM
z#{c*~{B!(+zyEjfsZahQUU~I4wBC-L-uvhSeEBP1#pgcvSNOpX-^BjGF523nvVe0A
zcR##?{oO^8W*nh)gR_$(csF2mw!-~;_wm68@8S0Cml0#cYSrQW_us{GxdMo=S}k#U
za)_PXeNgmS;q>sq0~|g)gm)g^^+4poj5Z3+rA<`f&W9gib+$xX8_e4pZ@u*<-h1aY
zyz=U+h|!_%1~hFAts8W!Gt6c!6bSb|x{LjTT`cB1Ih(0lt#J780le?9m@n|%?|vI!
z{>oSI$xr?ws@h6~m6MZ#Lf`dJpj-q&g7?ZPD;9$%RyBsKzVzNBLd=^mCZ=RHn9_h5
z4a}W$Sals{ZJXh$uIo8;v~6IG#d5hsB!aOPwXG0Bz%V#~nAe>I5iv$_7~?|B++vfV
zkZen-BZAj}HgK*7;F-Ev8A&JR??G24Z-QO7LS5I;+6W6nWh$EjFbut%a5b8`h6@pa
zk|^r(_LQLpF{mko5v44cFIt-T^-?D4l)uA(ezMa`G4N?fkRo(ap-+XI1Q$lysSD2m
zq~cCSj)OG1ElDV0$z%{WQJ!a)FN$;?pwXn*%JWOOClSF79?r2tmNqpfwi01Bt8jF9
z4`2G?7xB$+eup~-DaMf^4)*u(t*?I--SP+z?^%5HD__FUEpc)HyFf(0w1js)(~lS$
zcncrh{Q%wa1P8lwy!^r~y#K*neEu*03P+Fb;jJHj4s|@zK3|c=z46@!8LP4sXBpF6zo+f3Jb-PO+F-tl;o(|MGKq>xbWmm0?Zq92WBh
ze)yvw!oXwRSloI4U3~7de}P-qZ^B21RoCO~ciuyA9kfw+=j|Wh-~7p+U^bh{=gCyH
z!^1TAIb6A@w-E|Ek=X?Veq5hIi+&r(D@
z$;4S{gSu%zgdBCv97z@%EYDWB_uvrTJ9Mjnhlf3?nvZ>cV7#KPH0qf~(})*pRPdcf
zw-lwF=9v4+D$Hgx?CtJgZ+{oNJ3BnJ2En<2lapiIzyAQIryXo%aP7)I4z3=cswzA>
ze1s3~9OCSx!+c@z+H23_%E2C#(s16Pts8{kaeR7))8k_tpPa$@2t>lFW0+>PusGPC
zLlba#yu`_A52FmK8qk(6c54jV6l#T4-($H701<4ZV3cAZfHkP=8pAN4>moFO#ZCib
z4ZP#^va?uVvDm@>!5)lOc;~(M@ZkOlzZOj*bWyO4#+7}GD_5>ya2<{w9RtuTsIZ19
zTAjnr&K%D@e*@R9UdO|S5Ae==cX9ae1Ox?UV-aeraQ)g02m8CYdi4O;u3SOe)ZAR8
zVO)sPz7{?hMS0;g=ZM-iP=+IRd8yP!H72__}IpR=CS
zNVKx%6(K^jpSng9O3`{$P(@6&v+DEVq*-WhLmiC!|AiU7{_f?MgF
z7NLzCWkUcFQ)9H|C~5CCN16nW7P~%I_3}~Gy%%09M{4|zcJH%5=DsN0acv!2@wrSx}-jy
z;~4PO=@CM0(Nu)nFB~BF2y1~`*Y+`=aVIOPDn^+Sx4U0)7-3VOtWog6A@)ppOOHWPaMSx4hMwL0jDi8v;#>$&
z6rf-(Tis_-csaaJPcS4eM~-no!2cGC6kd+%eOXnQgy{V&=@=v`OJTA>l!z2T+K4s5F>WxbGE;b&J9qQ
zw+(LHyb5a!o1QD6ZD;T?LW8|*uU)-@FgSEwkHLFb@oA{*8X&^%&I}X+lwt#Yr8Oty
z62WSNx~(w`9Y6usuV2NiZ4qO{vRffK4^y!U3=x^W)-*Nd^BMZC$8vdwKmj}R1)vrD
z;4$<|%;q!PynY4OuN|-_t>sNwD}{d5W3}oKiHCc2Z4rG$RAG&UV*o=r{ylY{Rsn$`
zTagm00C^2FCpZvq(Y9g=8R95XNCWCD-buJH7*dNxR$9W$wN|4GV2&1I=)wxs(P)i+
z82El6AS#7Q8`Mn=t(l@3JR!h=YRdy^Z4lf5FLGjQt$0W95RjQ3BZs#V3S9^hF?twi
z9b%M;YRW@1qsfR5Vq8v=xXSdc%2qrPbz;(CG;Ec~<0=o$
zoD11#T92}vkq#zWdrUkcjCdDVXdT4a%x^T#Nw#^V2SZXIjsHHTw^o&v=Q1dRIJGQ1
zYYZUf)Cvk`%N3j(V6BF+8jJZH3hZpf$$~s3?uSl_(ir5){9*3&h&*C6(3*=oA!6tU
z^uqw>J6Nk&F(*z}-N16%x~kzk$GdpXGFP6e*YaL$=1p5;_~Vt?v<
zd*^@%37@n@A)(CA9{OG`VphYA3DP?I6c7QyF$Hh%4#7KgD?-2OaCCNp=mX~S8RqjA
zfI_!gL4(;ROGWT~5AQuYiV?vNp1m-JfwyX-L{VsgmigvEHX6qHB~`_kob6ZA!*ZKT
z$U-525EY<2!&iJiolVDs_;sX?Q;9%Fx>w2|YLj{5x}g50&roZP
zm~zsr&Bit;_(d^9sERin9|qwL8${30h%zd7_7QA#%9k0RD0#z3=_+Zy0)}iTMc3;K
zSv;48_b0eb7Gs>6Hyb_XoF%L`Ne@ed8^X9t4{?Ce7Io9+!Cc8)P-0|mw1KY8#9+E?
znWysQQS{LFeWuwk*;^qBM$Jb;n;p0=^tmnmjb*uWq4PvZZRI06d-L)_j|8k%4yPxl
z=!aecKif=o>N+k8ZQEcmpCd%V;lo4Jb%VO8IZ;+jNUDk_-WkU69SEE*%l@w(tgzA(
zG9TdObq0ZVi2VViyJb@s{_}FV0z~N0553qA0<~pm$3?~g0idmGQTj3T02xWXy*-l4J;qIWp!
zS5N>dqoJ*V>pMgc>dK(47hH4&CNmXxx?Uio;3JCxEJH?#ia6bv3${%*L7!46lk#!&
zpO!vZ+~Ug3o;NZ6-6Y^Cy_5m43|Cj&>_naaJ@auTGF~ag;t4sO41$?6{i|%6_{wuG
zLR+A%TMRnF^&MPr{C(IeTdxuUS{M^a;FCIGUQ-@KVdS=}>ZydgUKZXBw=o&}i#8F#lor*q*HofqGJXd%}20{oPMjV%tP$8(~
z{~IT%!0R3pBkVB3Bc&S|lHo~Qr^_K@zicV!U~Pq_u`>8D7@W)AsC+cluuz!I8&s7=
zEgf|b-lmacNf9wdW4E3&cU06>&O3mD7#UTWp%P<6>;s%&OZ+D1-JTbtv}k9`by9R|nmS?A9&=8bPGzQ_{ff=yhodLX=7
zEwp!btb&GlY_{QL;r&S-tTLH_kQNLd9Y>dYW;H}qm6;SV{+;po
zp44Ir8qN*l(Nl_hED{t_5g##SD)Oq-Ih#p73MCmb7f^N$)7i4GOt%<)7*fRhh(V{v
z)=KBa@0>3pj|!?=c01$E!djb^NzCsJ(4^tLhcOzn*_?-rj=fK3vjzmF?`VnrwsKmC
zF~Y|I&a;^|AwcO0F!DYW9}k<_pstw}LQ#p^mdQodd-;5c&3=doZQG!#8hGc>4?X7d
z8S1L$f!Wzo25mK(y20Q*ma7#&0k*P?3wn00V*lX?iXJ|9{)DEoP}X8K^oX8e6D3il
zF?hHTQ5gdx8=M;knV72_K&ip8=b#9qHJZ8-D@MaU1|gsy`YbcHT0tuUMSg7)Pt%Be
z3ZlXNf9$WvJKfW>
zeNY=UKAG7g
zaUv>{pyq<2zf*DvrBLOR2NkUyOw!x1gA|qsA6)lZFXKI1(uwijo9+ybb`Y%;q$<2}
z=N$YZX6{{a*xE!S;k`#~T~kf`h&_U0%VxB$OAz4(d+GRxY}zrLcY{q-TN#wix36!&
z<24ANwerej#?5-=9AaEXcPzzNiTNxWQ_mh8tlafN2(0kD6qDk?or66S`rpEveprFEaIW)X>EY^+pF2A?b0w#Yb_89L^
z0K+;CBPsYEwI-CB2W@VN0e9yUuG@xf+u&Rup1ZZkvhQ?0BY5dZ_AKKy^9(O+O)*=2
z7?x$`W~IDiyJjW0pWq1UG6n2;M=cY>&7}f;LvGVdgFVAlS#tI!CfOVrt`_-wlH!(n
z16l#GM`Q<2s&py^Xi!_l2qq_(G{okzBcl}&aMW6WO7INSR*`a&L|*nlZ?bT!K!e;r
zr$z8{%SAiiov`n_d>?@OyR!-ngok@NpU^t6rGi!psumW{9z8VdNebBA`HaVh2c(kl
zq706&W4wLnz4|Nu>?oR=Nk(pBus1seOR_ME+AH3z?KFDD&G#M+p-e9Ac>cHcyt#vT
zsP_)2eBOr$a-@f@K2IzL?I~>vv#|Q`N^Fz&0ScgO8si%;ztLWvrx)Po}(GFbdAorL7TdjFW+{&
zcKv+_BJ*rjJ75Q*dP|QxJUB!I?q5DklcJ{hoGw3D7k#|}rOCp|vfC>1xCy-{tjnD&
z$j~IpM~&LoWx;7#kV?Yy^V6`~BZ@bcf;0@#S6#&I@LmgAhu-{RDOh}&kWeSMzTYkTL2Y
z5A!l`-I=2onBXbs-k>7qgqpI@tb)a@1C2VGPE7K9nvnR5z!zELZx+v3LeLGC6lPY&
z2|&_?myE8CS~+L*Qs9{NzG}KCs{<0i;eAc$Y2wlZC$ijO;W?j;I`Gn4WAyflnP6FI
zgEP@)QcG=ZF7KQ}e^uO=b04a2wn~K1+o!&uPj$tpF817J9cVN)o?Vx
zQc<5S;`D#xAW{PQTiyNX3vVfPY*Jv&1o!QiU)_UWALRukOWetSr@|)#wfn8
z6DEi%TANt!Ebw!Yc570ig?C`jJaFfnCn%9;~0JK4?79@RCl
zZltRg$$@J-CoWJ`ibhl18349@7qyr!{Kyf`r?VKc==<4I8UhhBgfCS`PwM&*NF2Dl
zW*!PCuidJ106P*<3K6PkV3Bo6WeE+UmUGB?*N0rzbxk+;T|w{Y8RUSHcd;;JuSIi5
z$w}gnJfl}2mxNN1rY}TxW7LOlOiXy))Bmy3Bn5ns**7X1S2}8F4Q7F>zKQK#QtreJlscmSCyVH
z51RhF6~NvbN~$V|@neT!`vMD**3V!Ky>QLA4W)G*Bq**bT#2f_5=6V9lS?xnGWuN
zClhs)f}y;#1Hu+>Ml(D5yOPp?nC3}ddYhJejnPRq`ke_L9;97@EfWF8b-T*wjgHnU
z?(XhD5LH)p!XR*N#?FZSUqdPxr6l!Ekk29KDr!I#J6N|N=>#6^#KS_y-6D3CA)wW+
z2a9%q1mxaE9C%!!E^`2`(xdy^L#2;K2p1t-|H2so_^&ZiSTKRuxq!O7W^
z9DL1#gDm}+7>xv*4H|1+i%bzu&o2m`vBXFAp8C*wxJF*
z*aEH2q>JVpdZS@>Zz;jT2bL)?C-DRJX0mQZtgQai;+b|>>WcMbDfJLC(2OK3j(xR(
z93j}UT+_433&nF3YfW$|O~fM{d9arRhL8p%_&7W&-oCy;;oS|i_Z}rz?E8k=n%t=C
z3TC-cQrZxD{OSqVdV{MSCViKiSQ!VUYTSxom@#@?GVx)V)ifbhE%}@uf(>!zcLOK3
z)YP#cBY`cPi({E*6tivH)nhcuL!;e|XGZYGi%oDE(E{{Q_~ZeY+*FH9X~u8$nkL|;
zOO#}?6$I~bcYlw-L2$?|p;o~v<@Kz3cGh8FuA^s}-;?g)c1Qj|^?
zJ!`0=#L;X@MLL~MfSIt66#GVm;Jlb(D^EIj26{s+Qv6RE|HGmm2jC<)l12E?syd$K
zgj%XBCQCu#9mKK-Dy87suOKFoo$LFkrJ%N=n4?To*XtFf6#VRGKf|&_wA%3D!$s6EvzM@Vg0RG!P*#bVZ;GFbz^UsZ
zIjC=iHAp#Spfwfu#33mrBCND1oMC+AhIL)E$jf9QVl~of%3%ovbPwpVuB%tJd#k=b
zec^q$zn>gIBj9Ts$-Zr`GQ@5TY~(M#7DeIU1AifEu#>uhRPEGJYf}cq98Wj>y`-HT
zAO*M9eH1w>ur{{M1lBr!=dwf@k<|*)g8X`)2@zEn3(K+!pS1R|I0RV7Ek67lptpM1
zJWGev6>~NZ0IwE)*UJuOkGKS-M^)t1R9gyJ=*ebkbYGMG(Z`Zgw$%*w!ZfJ0!u5$O
z3Qmn1qj&0EmS+QNPx8R8D;~m~rVS7Z%J5^ZI?{9pF!VscQ9sxf3%5m31y#k;X$npz
zqr?q4`cPfj4df(Y*WUY)c34UgEZ6(N$(ALi_#4QS#&8@2k1qvf;H@I7wNw!-5ozC%
zOTiKrkVckQHHHyyUZJIl=Z8REvP8oTME05sPB6u!#1{2l#&sNf1~qlEuXS0}w?sTi
za>@c}(6oN+RXXh9?W|Jes)86{JgA2R94L?m3Mg^x5U*vn0J58q-??vTFqjM`%X<=W
zh$k=w?5U0^ki~;Vr1J#t2gR$-jc<21
z51g?cTA#dM`|oi`geCHmzGh*ThwnK;3MMKLQA8bwORe>w5>okctAl1lZYt@_G7ks-
z>vT3dENRRm*a2=xk_D0pfe~4{l|9R7N=`;oVy}kX4omcCUAm}2n}bL^1tJk1rY!!1
z-EeE!X9}w}fOoHk-rFXVjAzSb)0pp?RlUeMMN9{{HVq6$h^URh{lLv5c5vN;4zy`U
zez09^Q(tRU0~$=v4{~}STH)$C*+>Bk4v6ZoW!rtB5bE!*YNk{g?BmGD!T@)|lRo0R
z%$IzSHR>WlSscQoe%9N?j22-tSYZ`2lq{opP~LOVXqc)6-jA-*4#b0f<|N+D&)5Fl7%kS_
z+93rg#&Zd)a@$r%k^{hC{hr>PLJm4|>(3#U6q0r@IwJPEQ<&Lg(iAuZ^6=41P$er(
zP`S3YxErjJ-UrS;s4yPqd^Fhn7vdf2#%bplNhzmIQ5Cu;>*qS
zL4kHGzBy;*l&TCegd3rSeSaWEi*fwBWyPUq{cO|;$|yzFk+@;!K0Ccbv10GAtP%T`
zg>}(^5Jl}a#VO^B1)xc)8{OJ(8uh192TkVFaeVobwURUTeHR8oj3DQ5xm*s=3`X%s
z`v(lK=}?vQ&@9S)>4!<+E3axAj*kT?ALxJm3;G~A%nUpT#$8)i6&&AiteXa;il3zx
z>oS^O!O^u#bdGc(>eNFdfV&hogB)TAis>7SB@@wjFHMde$siQN^IEcYr!>P@wOk3M
zYd?5`h*Mk1a=-$>>9it-h^n})>_<9kZ%8SFsH*x=?i)!qmIEckxjJve8R@klUAG(g`PhinQn9rC>QrB^T`bKGSzY{3o4!1}zvV
z+y1>DjMk--fsW8_81;C68aIQT*vk@S)M{PD2J{8yHp2ktvX2Lpz{-OZxv3j*?pYy-
zHmFC__gCGfx)cGYU5kzB(m=N_I;11^GNy#4nODqu$jIwSISqU{M8SEVpP#kkkq(b|
zZrGUs=e!pC4sz`ft%QT0fNZ#>NXYVWRZj>~4}e+=mSq_%jSvF%eIF2vv$z<1>0e-f
zUUiBw!
zASEfpd)g3#Ocg|$t)@!Bp4GP*!YA%syqAUI+iw(;#0=L(mDY!b#A)dR&g_gTB482s?2
z5Q(&yZHuL)Y^k^Hs-HKBX*<*C@MQefKI(uWzCMIrcmB*`Se{iSXAF~I#QPf`4e<{!
zME59Kl1`5%4XgFR6+U*Y223=SO--mpgIEoZGcr&j`
zv7kIoVv^5yxCS&~r9t&VS0f)D+-~D{hv>)q9?La154s~SxYUYP#8QkQR69~ESBY{O
zF<&Kdg9Dsrv9i=4Te&OMy3$sQ#HbDNrnp;JpKR
zh9@t}s|M6Ai@DmGs)al%x)c^uIoZ4F^WE7g5WQOcby2wW-XulCM`cn})G9%YB+3XV
z+ewSAGD_5B=(S_kahiBtkge-J(&TJ>6iIHnu_Lsu?AW!Bj&$%EW?16v@Q+EjYEBPP
zWZANa4ySX+^xu%*>9wm9kYL->$ZoU6R;mT41(7|@r;|k7n2|qAp|_L>wgZa~#y}n5
z;Ndj=!F*~%j9?aTXI|A*DLm{Fu<}XXII21CNN4l>mEYrkhv5wsINutMP{J#Xlmp+sA^DDhl$fjOzz^S
z7GfMIz7%_*XxilZ_Vo=4uaL7B_#oZSzU|04f!SeMW%N&bLMa8y6937ZKA}M220u2h
zgCU3*E@wc>MFaT6f-sQRK)@vQwBbgE!^W6znH7iPT1rvloB4WcDd@z4BQMJ^MIS~f
zidVK&u=fm8(GjsM#JnoiEHrU&2dvLKrXNdjTy#0vS{~v7@{BbIewJ%NzFq-z+})kE
zyR0Lvp!EdQTN_LF6=sUj!JNa5#b)mf`(AE}vvUsnzGL6Fp0-T08Qb=F-xB?x}dL&j?yi@pZe2s#x{C~17kasW_w;sdRR_2TKk
zjTKC^9p1Y;yhlqe@t)E06jO|M?MP|W^>CQE@wu>fAnu?_;L6A@!ySFBi8OKLmDpm4
zSsM0~Myf;zel!fWVZtM(Kqh1eWoMt
zjxb`tZMrb&w{7R`;VM;_6cT4&m2RhzGt;aVe_E*T4$4NS<2Gp*D4&^)#Y8LzRTGnL
zyITZG(kZ32!9HOotQzs&o5avq40`aIKc>-BfyAL(+QpTPe|xp4=wl0g?8sW1?)?%J80XF0>gaUM
zwaadDE0UykdX|7|k?vh(!AppPGE}Rm*}6ux)LH>m$94U4D^{$Xxg8wFCNRc_Q+#oB
zP-Gp1_&<0tKbGao|iYG#?V4
zj~$b2@I_`T*N2%Aq7<@iPcm7whNx-FH&ccFP{RbBBakPN$M%Wqnjf#jjhhZS+7Lbf
zb1CRxY0(a)cNB}eVM*+8a9XH<4w0nC5VTkdQ-PU)p5&0x>sqocG?j;IjX;serB?gc
z9|Q`hy@*`4^l|NL?<$bS?b6U4uymzBmRiLdr0X@&QD2@RLaBL<>`o6L=TOzWXBN*e
zis~uKVrwrMt^+>Cq2|2i4LR+AbBG}dUQdkH%YY?Xllu%RCnsg(;f)y?z<%
z%J3XeP|)fIxUNQ6ZyoPX&uUoW!1O$OQIRRfH0Lr#n5JZExk1!uBa7R=$QWhZY)!_K
z-W`09MFlkc(V}LIP+n_ONik3=!TUO*M*1OUX2OgP(X+&_w*p~`VyVL<0Fsl*zo={pwpv7|
zFZ&{Jl-IYVO~!ED%7+ltJ3_jDqgT}`4=6E>2fen6>$V9#ZiUpAI+|oaj*wGADhV+z
zI4?oX&=CieW4QJrUx%NS2#Qg==r{x@w~NBQ1sxkfHMja
zvDXM3FSu$F5dVB1Wvj1V5MrV(#dhD)T=c|%7$u1}rG%{*XIKo!ncdhn+n6U5FY)4y
zaXF0NyV~G&bf*tT6BBP>N?Dzb?Ms}Ci+$g3@zajcl{vU0E&@{Q7Xx$bW8@c{)s0T3
zD}>XOi>m9ckxPcwP&6sohoEj@6Q?uWd2o;QH4J5&!!W+~-b>*HK)q`*mO@z|pG&HB
zOe8Sruk-MW2RSj$4k`dZ>nMA^8IfDXV7EwtiCE9)iDBydwbIu#U6~xvTS3)KKhN$a
z(YiH@8nR?znL^0AUpwe^>~7wSi{cH3+7S(k+VGRb6wG+`qP^?KOrV$r&jR`^S_L
zQqCw@rasomqGs`6u3gfR&D38)P%%w+)I5oa)VsIpN?1Z!jb^#+8NJn!RVNmcZ&1TG
zp_7g6H<5(!>BCW51J$_<;V`WYjU#DLLQxZL={m%X?3ikC#Enf^(>sA14LXu^BQr)w
zHr6z9*~pQudE9_JWc0QWO%LbhHu;!&)erJl*WDMK+ZzM;8@gJ*T_w30y{;c9$A*TsxJKD7wOFrrAdaT4~5_mu)_YE1TI8+7{gy15U-o
z^0rAW7>@^wBGOvez4DsH1jfQ0dH7`HQbz0zt%TscdRP>+QisQY$+MkaD=|aLBOb{e
zmY@^DQeTe4Hoanoml~b1y`t0|A%WLRM=QL>FmTQxr!J;GwIePv<~tN@sYo-hETZTt
z1-M@4Qo)Z=0#sM&Bz1xrkZ6bA+6C;e%^dp1n4M14D?qm`#UO=3C+Y
z$-db0xM5ARZd+Kdq<<;Ua`D)E^#~1eL*$H<5^_qae2EgL-HIBfdwt;2h|~!&s$?*PXeif~s_dR3dg7~)`0h*Vl-nFrfIJ0wgtd;I;DWQ$jRu7jna
z#^|L_jw-|&~7)YsIP%BO!5f-`sWkJ<7)@VVlMVE_*bPMyl
z_JC_D)n~><4;eGD>FPb*ddKR6ygrDr&GE~o0yuGzBNiVCnII~NSN%Q-u044#s=3;*
zm!z~tLI@}9+dhOj7x8XxZ
zy(4JxBvr*ZVr(X+=pC&TRYJ)_*i=H=t1h+%6U3<*y%smsFLiy*5=q~YOBDjYQP@gF
zAt!;7EN)rm23K-M%2_5J?UGxC6i^l4by@e%i$p0XHDS2wI=Q{Q!=M4{uxU}r?hV^YnGB>^`*D<;{wDbCt&x*~}k@s1$Z@*13YQ^FIgF9d5sLPBqS
z{Cpc>ZITIrQCdY!Wq4rt!G0(+PRHEkAVLSrVY3WA@c{{v=Ifk{zhlvRz~Bc8J>!zd
z(H95iKUR3fBu6}FEoovH?w2ZJ3?fZQE+FqEDLHs$E~pBw*Ku%OuUDZW5;T!m4yau6
zNWt!1Qi5A=2rPaR0Fd?m=&efw(FvthT=yMIkY__08ST*3ygy~}?`0A^SsVmsqalZJ
z7z^B{ic`re?0OjcafsA|T6IpDW$bI-3hy^4ygv9FjJLONP}^>21baZBSv+araQ9PrkweB
zvlu=##RbO+eTrSf({3AUdMliYZYV*
z8^!i&Z$qW_Medw(lL5dJ$$=DTbU~%&8Mdegfr&MY_QZ|>bC??khgv08wYKz%hbr~S
zim^PvK_`^}u7te_rO9Nk5*;I^L#MEghr0Avcs8c#`D?7(3ddZy@>uLuQ(!qlT*M&1
z{X>pwUt1=tv)ZtObVsN`IpypD60@411(5tqRB=Tjmb#jf4}T9LG^#4x(DZAanu?`g
z*v{nj>pB!bc`k$QLZ;QH*J~ovfb#B@=iW`0O)REM#(e1ti&!L(-V3CLM0V)NfqLM~
z*RDM8Hxwg-NA$|JZAdQT@%|2-X1Jo!gj$p=KfCI-yBrjKQkbLrxVP!eZzUF#(r)lR!Yq
zb}*T7?;U%}C^-pU?^(OBpoiP!x*m(<5ehPj*m21@lSbUQo=49PB1zUYZumcCvIDvX
zJN5~)aX(B!8gA)5PTnhZj5OCw(;cd$CX3>$Ao>8Wg>E?N1>wdMPrRS{#9=37g&z+l!VoS{*C=_zM}bx{
zU=ma(l3J&xIkmK#ht+6C(h1bD4IVglEojZXk}sS8Lx0uz92XAL#0TQ6C$y~LDPXQv
z4W+a%B37U&yQJ2E)Bz7tHP@GMN!AVBj&^<6{vFv2a%hI>H{sk^@HEAQEj^=Y=c_Zn
zKmZ3TpW#*83R-svaT&$7R1p$*7ALK)crU4Vp&Qjux9`r0$#+shzXKG5CK~gBENwCU-Dcr$4
zYu|{++uEV?D0;J2v~HNGJY7XkdP$&_4lFr`s;17Z3QovAzJ!WE9Y_+-+JiGrgh@2V;U=7Iu=>AfooN255ak{HEbi6Jv?#SwR%_wl>KwS;miEve6
zM(ANsKFt@{X$lG~uBXgpAvsa_<(!am0qYcN&52As!q+e3+2j!%;54*TQaxr0%iGsC
z=y=^B62%^{8Noic`GZ*BrqT$?F|>zDLLGsoTVb-bNU7786*HcumW-lH8jy4fqltoms
zkg5m+n1wsNT{i$7OZ2L~b8sw$+SGAJT32;_Kn+riX6ivL6{+Sy&kLTukdvCIg8k%w
z1HiVYu~nDXRO2KhYx6z$n0v90&X
z=he@Mh}DL2UdL_U#2Z9CBXTKUgqK9zU$z|ZBth7TP{4kdnDpa`PER!(-h9^iv
z%2{C$>43%eL!g{xT@l!;i&zmJt{U19^T1Mh72DEU3R0E(&8sTR7F}amYUb|8W$3H0
z*3p>srs{4tSPdPMUgj+fvsIL0__2kf^5N(4$lMzZgQ`!>?8*#|+K`9W0YANceFHif
z0QA~5An+D^clr=X0mc`6*w;B_NYefrFHKurL5k0a1Tg+kQ8veiK?Cat4S&Ndh}Ug-wJN!A~!cTIvuwm=O+HOpkt!ZZK@b$*%S`x?GvYrtDb!FG$mX
ztLCtkajk}M$G*=WppKFM7WG=Go134KZK5Xles6Cn!{4It@>c>Zo6=RR+}T4#tkPJ|
zATUT5Po)^W#i^&G>3GtTAMhL-SA%C;&PALP(nkq~1Rb
zh!yL$v3Cxns-)m&0Vr9lBIP0rq!O3Yc<^6dUhwpCfg{G_!}kbbnfP4E5@9r~Bh^W*
zR{gzQ7i%-&8NHz$Y#poXWAY)dq6p;{lhWC2j2L(cR>2VkB4YF~
zuVoAo>uJ>@+kwj!z=Sr8osm_Tkwe9@1jOJ6v@rZ-OF>RE&(3?fX3sA#qlg7~J&5O_
zQun0dP*BK{Qq?QTJF@j$ZV?+Xw
zuh;2%RV#QfIx2`9PN!AK@7leY5z)ZViAS7wQKg;t9_RCEgp6+6CY@m{i0g{rJ(d`;
zrwlj`@(~;&(1BDkuGa)Yhg%i|H9eQGQl%3Ow=-L?)v?$cl&9d~If{6ocf{avI!iKz
zQU4@#(%r-Mejd>W
z)UJLWDGfhh`<=#Pw$Xl=rnfeJ#%svo__>bV2Hz&I*wVN`sEH{ToKGI4cy~&9OlX#P
zeB5)0a;^;K$(Ib9x5E3AedRQh42~bP6-Y-1KB>R$Vhsll(cjz{IVbccM1Qv8qZWHs
zOeKVI0h2>cb&Rh?%|?i1;l<=eS0>hv+ZQ*3`-*`KGvnd@P9otCVg#|U40B1N5BM>)
z!8YV0I>iA*?Ixnzx>R9;G|i2Z?%d2#988VZ#x{I#d|y3G)w*!ShyhX4r7U5YP<7bp
zbOI=fnGi^#gGvztA~=*PUIKuP`ff(a$fqa=rxR;T9E`m=$nR(xx>!p^c3F9>b$m`k
zrDjs>L!|lFzJ!7$9o39aKPK?fxE6csHxQ2Te3=;11^h&bg7m%*1LW#YlU?RRu`EN#1vBNNLxGiN9c$m}$}R
zy-0l5TjBjSbh07O66-(1cnyy-8jq-P97=8IwcTJz_8`~>xi;B0OK0MTMP!C?8l}M5
zlB1MOLM5vhsLKe*L-=5cwnYtkfLjU|k^ABy5SBwY(961R{OJ`tqu(4f$8MjM!V44t
z03ZNKL_t)XLn92SsL^d=6xaXSn&M(wB$H&TNs4gQgxbT6ZT~w$Jnfs#
zQf?HO#H0>*6-B?7bjelqzUOKzo~{cyjf)D5J=c-ALYjcxYDG>71(M7V*pK)fg8_s>
znWsYR03{sFY{tEYexTani+j)qKMuZ93LG555)TW`EXMH62qA(!At{UGC|GH|Vb2At
za{@*5J~+mJOiZi3rMIX4>)Mw%aDVI5V5X|Xd$Xw
zf^)(MF-ly{373l$`CKykr7OO=<9u4No=%!SC$4YwTAJJ^m$s=-1a#C#0D7l^wT9>s
z*F~VSBKT+w9_zA#JmY$~Am=1di;q~>72CF0~;*eBlNy)Uw}NE8;5m
zR&&2a;SFDOFvk;jxRE)4D!_pU!P+|9q6#+l_ICkZ6=*WXl~Ex1*clwSl(J+B0BFcE
zg>P9#HzI+2;fwKZrWemcLzY|`U4M|AihJ39lg{8hA*G~A2oe%#I(W-EE4byn8ZEBm
z47ED|(6B5k9`5f3o$UGPWgJH4e~}eO>yZBsMR4MET>zEfrhON71k6CCBd3I?r)T{3
z?>^uU?{{=`+&?V%#nThgzT>;^-s!Tfg4HHs(ZcSaOpY#xfv_Li6lK_ZlI(I#?R5ys
z)1Hf=I?_6f^K6AyE#0S4kmai#4$QfoUxyC?!y-K0L)tU;v}4E
zgBvMexfHaQ7lmqO?%x>M$&IOMPDQg@wq8FE2RVy8XHf811LJ%?A%=+3#N*aXY1UNSyyH1t^ac
z15(ukk<)a9f;|52K&crfGX16qo9kDp84gmMp!6kUG1x;w?kh{3R&O|wc9Sm4dP9wC
zY9@X3q9{coaww6D-|D~p7H+uXMB9RU{egRJQeJ@;M32jim;dkRVz7RkCdh%E9H=Sx8w2@XWU6Tz_r#_cbPn7*EE>{$
zD6CjWh6oMyBP#}LY?_f~(K=RD-tF5yEDq=BE0&tAiJW(d5w*$!iFwAGx86`v8Hc1z
zL%qv&D0SlRq;yEZJ&hho*!F}i75ErHl#!G8h`hWAr#U)CDh*q@qBS7I6}>yiZOiaM
z;)q)7$h~}(hm0y5T~il&b_3EXt&0DHQr1Q!ydzYYfs_c8?0rkqkdVu?0u8}SqmhNC
zcs`%S)Jl^#uG@|n1EM}BxnvDNjUWQHO)}uz8;|#=FT5t{9o^$Wal{A7tzdL*V7R5o
zSm%Qz)k@dr04+e`-w?+3TQ=224OVy*c6S)J409E!a2WC5h95gP1RvDPL9GP`&ln?C
zy`zgm*6Ae6Io1D{Va`1r)Al_bqGu$5BXAg2j*^qsL2!qgylMv}9i=0OUMu$OP)b7D
zwt@YL07Trsq%tXn9RrB`V26#u*^g-tm0h@rOTt!VjM|Tyuk81t_Sc
zL(DSWY$4=5!;#0H5=zMC?f;<`(#O3
z4K^qZ>$*z*U$s<{r<15S>L>7~8>$PuEc%ea!
z2GmDhglAYP__U0T?}+;$LhTvktk{v7l>lB-TYC%WO^P3y;#(Tmy~YK1cXvoR3*S{#
z2g2`FxAU}Tl)A$?!ny=3Q4DvY54bzsNwV(sic8idmLr6q39_awcR%md?jrAj@HWPa6OCq
ztrm%Y$sh!;1*;1MDX<3xSwI!#+A6*|SuotydB+1$;rQ!Xj7f|>C
zaanL$PI$O`Kwzg!q7FiXb4?iqSyg(<{bUCap*!^rfJ`Jl=rz=Wir!I3B)9=Pg)9U%~*oR`A(eiYU|k36_@K34U(L(E>Up$5Ygb!azRScJ?G0V
zk?_k2+m>*7x!~pHg6F3fT(&FHzR!4_0Y6F3-Me>p_{GnEhF|{j=XiL0fb%O*GfGP6
zz2fX6m?K(|17Zma;yGa7b`T5g5WQnv#r3Uboe;c7^Z_7;&vy?@sFCmvOmV0d%C?fR~Hhqqzc&-V)coMd3BWkJ0fucjFa$
z44$m}HgcvMOBZTeXE<}|7t?4^p9`B(z?}y+Hz5MSl^69L?GRPaUc!;cyE3IBHOIB
z;`;K0mje#RK4@%<{LEA{YL_M3x}HWl?7j((D*};@j)q?5$Xh!Qp-{t?k+S$*bmvgJ
z90Z;mym#=9fC5~u8{U8Ti0>cYVGS$%8qgcmxZZI^j_Y;D)6*4~=MAY8Y}bUeC+wRv3AISq?$8JPW)REs^A*o8
zSG-&=`1#L&hKGkUPNxOy>5Lc{G>mR^f`oLI&Jiq2-ht2?2Ap8QnW>i{74{rdMTr}c
zhIs5w2**JawVfEC7lm}-CJ$TKI100c1u=M8+NG?P0B->AHxp2p9iv$a9(`tS=`V*A
z1WYSNBh|wcUo4h^r1$1>U`}Km`R#X`BUir>L?~h2GR^e+#0|<4S{*w1Ll`0*^4a7j
z^&w84>dkwGD(lRs+@a`p*g9fcB;l}B6T3;EcR#YUx>%MCBOCw-wW4_s^6GnA<@0Ec
z^s!Li21j6$5K53h4y9F)7oB}7B0|~rjL%Omc)1kpxuZE)Ks%}y-xwJU9XVC}`2GpM
zTmOL5a)Re~axDb4xLKSsJ2dhmO~iYkb}y#r&Y@KazZ@8)Ve$I9#4=FmYx}+<#E5l?
zSe6J!9^^fs)6=yVIUt!)RMIPj+`}=W*NW@5A;y5yx~gzSjdH3)2LS@p__!eChFU~`
zav~nwYM`U1HkdZvizuW6Xe9CUO;u{OWaQfMa@p|l(+fU*dcxuuEwnBKuNp*NXioGu#!t58Q{h`Iq0P7I~?J&7Pke|A0!
z9f;urqqc@rcEIUkn|b6IHjV8PHV-NHUJhGQMo>ydeQd&Qj}{VJkxRuI{XZ+$?yd0t
zvkPz6S}+YfoDsdP7&-^%bqp?5-SXS;L^UU~J?)ZF<^8}#!@w)$BsQhi5~E;cDcz`v
zwtbhb$T^%(CvoG~4LEv7*Jz=7umkL9sI8!uj#OmCXO^FFEb6z(12f?_r8HJUH;fL8
z|4}TtRH5M5cAiNVJt6oJX(MFy1Xl$<2i$*edTC}O=y#NvX+
zjFhkV{Pcp$RU*21p~0l+wFAsxil9(%y(E16^n!)oVi}NAk7A%|8iI2R*3$_fMlKoqbw@+P`E-U43&ds9;qmc1($Vmy9;Sq|prW}Y+1^f_Z6@$iy;
z=5<>y5!(Wta1?%WNd?zU9_-G2;HR}_bg1-rB;X1(6AZe6n9Z{X;7M#Ijd;@fa8v^v
za<2IB`5C|e!w-14KjFMC==L1B8OUkAyR9{(lE6*Od`iyP_axm}5d7Jz(l6~|{$s{G
zF-CBc@i}YOSZz{NZ(-~BNoExr}7i5hm7k)OObimbu-u0m271ec=+VJ$ep+mS^M#@pPKiE7ODHjCKDhP_W
zUaz=ZF93kM^PSQ<-{RfBN#P|-*`it2Ip|Vpbq;>^oW5~#U`5n+SCixOR}sL
zAnO{9Iu^V~9u|_*ggvV?){6GBt|Qi_wKmK{YIB1IH4-9vL+b?YT^br9ICPYrZ%!6>
z?0hj}(*^3BsgRvmLb*
zgzNBuZaQ+9Fyt5)Z*|i->8hAC)wUy{AhK-ht82J!6@PsHBOV^kc)Y*I`Mh9V#P1lr
zqSl07oA7%TJ2dEs;IQg}M^1l-E@8<{Ka19j@V3FK5UWG|1jthF<>f_wcImh~FL?Yf
zeu;OF@9^FC-{IZkBTnbj%=H6QFmc7x(=$GP`h*XkKH|fNPx#&Meh~ibdBwxycK`^_
z&l{dTKH=r%f|r+PiH@R`46M^_qXvUi(J4ZUAoMI|@g;#p_DDp#!|OEbcJQ*k-K(r|fny0C
zolVKFzLt
zD~Gk9XY>}qTt~5)^g9PM>FR4KKzE37f!9$qB?}|$L&i)*@Xjj*ODImIn#@`{+f*C4
z3ylcGKvRWLZjxZ&9N0V5-0<{##ScIHh<6Y7_~oB{k9B=iZf8c?sxn8Q$sgkqBeI9M
zwf9>$H(dxpX=Uu?f$ddYxs=BZm7E7JoZaQ_jK}*2{PGvSz@Pu>S9tgCQB`&7J3t;@
z4RAy%?C|;d8K0k?@#Dvj_}%aRfWQ6Q-{9%_3EN(g@`k6U7ySPBKj8fzKjP*2itBcj
zt~nCU_bc8#-sAi4AMp6@0jJXm%`s9cxV&8P0_oL@**S-jWntaX
zlr|>Up%rPzS!0wW53ixCO40`&Nzu#_9BVRaOOZAwzOm|i#W#N|ygyaPtD%SHZe&G8
zQXFniV~Y{N!HQ92kl~OBA!)hgD(2gU(Td4R9fdb4B;cIG<$4{(-m<2o3#)^VC^vxE
zBRajYLRf?eQ8Q9<*wZeF7IgtN6nEo!Fdnql;5yLTmqt6*?H~VKRAoLN*7bLYk#T>2hegwQOY7LP&;l1124~ke&f+2|2P(R-BAj#RiVd!`
zVqF%zTwdg`){bl+=JFno50CiS&whqq{p!#0t6%*J?;aizW5k|zy#Me4AAbCdec!~L
z&PR0T@csASx(hvV68N3L~ReRpoWzL(4rs3vi5tHPUEMmIriMVRuth(Wu+AXLmb>EXFF7sRA
z{Z<(7*A{MHa{yzaL&~a2C`GB`nZ_~zU9dkPW>;LV*Fj%dmIdd#yJ7lKRjsvXvTChW
z4YS2HEof$!8Bv#%5kkO8%|1v?sikX-U~ceDOi%nsOHj7Xp#Ds?oXPLJLLo=G_;hAF
zbh0JmQX8C;&F{=a>o-XlG6DviNs|NMkW<0+vI!3EW&6*bCH=Kmu$MGvl#U8H+#Gep
zCF1e%4r>S~t$~7Ut7U>@crWlvAJOxG4^pVFd&2Mk@B#Pt_qcz!2f047#6$=%*%`SO
zflbJ3Aul5vF9t0}hP?x*HNyc|Pbb7Bpw@<$>jkwny!-AEfAuf_1^)W4|0RC@{r9M~
z;*anDh+qHuxA@K9|2=;A;}6KWB6x{0XJ+Ku;bX*i-+hn2_>2D%zx?H&;m`m4&vF0w
z4tJ05uIBQJ62y`sCK(1V71>N1U3lw_Wyqh;r?c#pf&g2#t5)@4ET
zgb-L1d8&FWwk)%NPfcT%gSv{+k9bUlT@8EyaT2U;`tH(T^WesPO`0Y>B%A}-t9MEJ
zf+lLhrBbUdyDb$wjc4d>!S+p{24`eKWiqs(s_R)iAN
zX?Temeau7*>$+m!_hCxYTLZRjnv*L$Vfd~Q_W`l&i*Zti%n8aQrbam;o+%N%&Cter
zFgic%OOQ=9eejv(?rw^)CE6Y%x$D8Z6cBn-R{1ZH6OMAuB3bQfuoI?hS;<8o8aI?<
zUE80aeg8SgBy&#Io}*|LQOC-~5|@ga7JZ
z{VRCS_`@H6z<>PPU*r9cKjMeq|A0@=&w9O_EF0a6EGEN(`f|aCk5BmY`GVj6{tx)Y
zfBHS{PWSlr-~AT}wWH0-x2;teH6f_rhMX!myY5w3
z4TWY}hBuFgTGiJ<^3{aLtsW}sQ6a*MhFmH?eq%BNmLGjRCPnc6-?aCWJ?;fFflWNQf2m(P^!eGgc!vX{ctM#5Y+4iBi_5#
zhN3onS<@Rl5n>daRHUo!mcxq!oZ0&9eDyt}&JMp34ZP3T4NmD}t!uuV8pw>O9*zFl
z_I+UEW-=4Pf^}V0@+_1pViF3J7a@dm!rAmAzR06?QZskOP`mi-xc>n$bmXdcyzxAO03E&sY4--~1YX`
zD5c@LCA_?BczS-u@Bh;u@O-%-*Cx(mvBGIQQmq0jREMBJTMtWlPEXyT8+B>yv}i?Ch3^u9Htr>cLJQby~2cr(j?TW%~Q
zWkFrhAPgGPMnSmsg6lTdZ&F+2pzTN{LsDaC{BC<*%}BoJJ^J?bji3fP6jte2Wu^+u
zqfmLxCM&g}xjaq
z?-Kwy54pTZQjSwes=SjoN&f#fW#yR4<9V)OzW-*T1zau6oFdUm1c)rP6hKcp`-%u9fqz4G$Ex0^I;N{
zA=iJcd6c4P&D+wNnl`!WKbM$5h=A7U`a#$XnL{w8lX~3k@$TMZ*!0+JdgMabALeF#
zHMWB_K#394G;@LMI&=f;XAk3ud73b%0Pid`>6Jm70&)r%h5>*3>tFEgx6hGM#&_TU
z1AqVSd)z-gVd#gpIAgX40ckY^aG+?0v8+glrQr7V9sc{{6@L8b3gdoZd7gD3XdIRa
zDI|W_Xe~}Z<}nl$7!Yz%n5T%_xA%Da_7>OIH%B>fT&xR-*+C?-L|JU+QkZK|nH!EB
zi`&hBZSUc%MotlmGOSVf;@Jf*FSdxwg8jHd3Nx%>vqufV
z{`~ypUo9JdBdwurhONu`M|Zh=n({n_*~+
zz6v0LbQwy*6=#|G=9Hi$>@a7n$9f{3rD@mPJM%KjHrTC2tV-N+MiSm^DFxnhT849~
zMT-{!Z{-5Pk;U+zWL@GOotgi{PZ)fu3sUf
zg1+m~bse%ez<9*M`s%(P&<%3!5YNJ=Wx?yWcX;v34PL%{jl(#jfVI+D(2%77q->+y
zp+4y3Xq+=4q|5}a{e;6I@UmF!*yTv6!ZI;x^28#{Vx`!U?!89eb=YnOT%K>S-E{EY
zK%>AKLgzVBXqhLJlHrU(hCK?p4B}E$D2^q9JnfP!Lm}?vQcx0yOjc4`oBfu$x8Str
zVvI=NGK^I+`Vsl3X4z&nER|fu4g?e=jEqV4fB(h>1@6TAy<#X2MrzpGy725nOE}aiv{3WscMr$rm
zH5niYy^5Dg8bd#T3bojs+L_dXO~MDwDPx+a(`X!`lP7Z3yNbk;qg=FNa+B4~eOATp
zS}e}SXyFalC%@48MFwZJg3(@5b=lS&QbLyQS{><+Lx{+EY$!jaSP4)GP_^jtaTTr0
z)q)I6fsc?m177CU#u%6wL7F$)F$CFSD_Esrz;jQMQG+pt9aD&)mg&w+jOz2KX%Zma
zzSklj&Jr>ncOzckz2}?l3&Q!?21*$axC>uGW>5-b;RMaHCFkL+ml4jqGCQ=!`Q;^k
z^Sj^Ti!Z;#sdC(bS;rs$wR-TASa-x(l!?{B#h(4He-owM^&j%IYl(e`jwwk85#x7
zDQtU(^X&!~=L3cfn=(45(K(C0b5N=v#~>;kk=0oS&(G5VOIR9T!f4IZIaFA=X*S_3
z5k=u>5uGGzsP02pP8bk~(=EJp(B8E7a5_FzAH^{#VK*pk;HvV*SV>>u8FDSg-aCxr
zhZ3yY@uwYyGFH3OI`^y{SSv~r+oGUO;z&XWfXuXv8cfSd};cBK2ts>XvSpbVfC
zGI$YHh?6&lzK1mA<&4YAOI%()Lx>4KUHyXVn;VRW2~dQm-40e8oNq6Al#vpw
zNf@x@j4nyC*P$UH$2`CZuFIubMt$=1UAuT+{iegGY
zb;OBePb+nLVw9p=-JRn&HbseZ9^N~-hYn39HVgy0p~Ezd!ns%@<=Z$x9EW_$jBPig
zjcKF5#sz|{*-xfo4
zDNto%F~t-47LGdInkbQ_bEJ9{tgPIl`Bb}U>SkVGKOrpb4&!)jck=T>anu2Wd4;JiUUco|XhO&Vf?
zqR{Y?!!V%lM}%=fp)9T!;tkq5-ds)dtao`s-u%xJ}R_PAo?c?
z7rBm)l|3Z08%-?Z^3K9J4QJVuVhzD+5;IBdTuXzaJ8MAd$T%Y@+o;!l3cLs<#hPJp
z_Jt)hhoZF>&iiJdVZF76x2&YuO9F9-0YP%yrfCwZuWkkQaEMJVRx|vjc}9@9`I^36
q*}}C@D*;f=GbdGWLH}HI0pNc{&#s;48q6U80000)0}uF?J%7
zWn%0MS!b+SYB1jE{hs4JzW4dQ_dA|{zCZ5kzK-899An@u>8k70dWIh`s*+?cqzxc*>Q0WLo@ICg>cSzH%LXZS>Nvdp2-BSD>e
znq8VRhqv|lpDbMWy5;5neeUzqkN${{s&EG2*vD20Ago#1DV;+d4>Z604Pcc7!ZwZp
zBqrbt9JsYNqIa`pZnKLd5)V=+PN#?hx3qa0(mu=T!mgi+Vt6n7V+dP4tme%i7)KJ9
zlzdVK+!JhbzQBxN0*-ORk)3V4j=-6&4V7w$+UvcFp6yScSY`8SuWSxnxLigXB|G0udQ}tYB^b7G#bau;La$znLkm@MzL*LR
zppvXmO@@8$KMdRmF1Ipu#!S-6o{wfMujIf3*H*@PtwOvyLUb*#21BJnAq3x~^P;xv
zM5l9nMM+VU#cM5>f(Tl@=9sDP*mc^##=9T>>NH=>C8bXH$sRxVtzM$!vJE?VTY!&s
z26FsMaOi=3;ybIFlKb9m5h`34`2r^_qZ+Sw4K2-oKS1}1j27;rn}RI88`!GHxVU*F
zQs+lV<}izFYns=)SG_Vvo+e1gmCPOYO`B(&lIBhLu{QIAo!_Ki;y5@b!g4ZZsRg<58HNg5fMUu
z+C$!P+PYe{w3=z$=WijiyU_J?NCf+VakKRoQJKb(j|?iV$yyvoQxE^B*Yb$l86VE%_!k*EYW;>1x!K?1T!SJ%>dOy_z;rz5F*O3Y_
z=EkmR39ur>Y7OD?a4T25GF?t0X@TRN;3u)RIC~7NJ(@)w?~u+BSk$+)7Z522u`9C3
zYlmG1dnWTwZ%1}HG}+O}bBnxI#O;ij0XtX4j44Uhwqm!I)gdJbm__t=DBKwHyk1(a
zbidD^vxT0Kb}gr8>yN#!mhim_yNDGu_ChB|=e4AxAvQ!0haB}o@pkh?_w|#<*S02U
zjS%N%hL^b1YZW-7S1FC*IjEMrd5k1ET`HZ~5Y8
z;@5BPi|-*X#|Pg{>dco#AOso@)S1RtzElS{E;=hrV(~BOVOXhKO%VO|qYwD(OwZp`
zoIaj$ePeQM?9PRjsu#Mp6Ggqwi5k0csziU^9;T&N}!6+
zc$C12|FC$ENjqia(7a)PHR+nyaJv25ZIU)lu`oX>FGutW=m9SWW%#bw2k-XPE%E)u
z`+oaw`HVG0;R^6rh(i;|u?0QUJ+T*~ZaraYHQrHNyHzf|w{Eb|=>E-nh^qcsie#uu
z`w+A2`5fK@&oz3IxXxn}wlS-bWNlAur3_t74^ay$S~nlr)6gMq>}42W$uCc-n%CSl
zCGRd$#ceM{Ell3HKY)%BNRm0ifqAe&rEFqab{BjydN=m5>+)25)T5=f9v0_^I(_zs
zKi~07!_T2Q9=^53siHuC5rV0kH$1FzofE)+
zpXv+E20Nu1m$?7#^oeS7Jb3+|NASqR)
zf8j|S(N1`q(EP3iMnZ2}#aQY2VQ|koMY}y0OgSh%3J`PS!pN5n9kAAsLV6q7P-QXe
z>wjyH5mG2fM@5WP$g~vF73=S};JRgh$i}GFB$zNK5W%G3AFAbiv;X*(XoqPAhOM^S(a#pNGgW(?o$&~=OBz3$<6oKn7UD)
z*dOqAa4@9s+qXA3`({__@ACOAK`?7qNE59_R3fB6qG8)a*qc8u8svjQ6;knE>iTG^xw+hdUZ3Jug2C?KOfB$QVTZeNY0(N#FT$+?
z*uhFqCX$|tVZ-qcz-dljsuNh$d87PP6`4VXWr
zpPiY5>5((x>xR;}3y+eoK|B#h{jRH}^BQVn=^4>!JLYS$_w|9Doof=vM|T-i+>te{
zj5Qcl7*!0U-Rc@N5ef;32*2*C;0eekuUbwNsK&OTa$+l15A$;Ke!m&e@cg-N;z&%
z^%Q%@U!P<-)n*Ws&yga({!BgJ0%J10+CpUi8k-iU2=Zs;z1caXnsBAu&dbo;7cdY=d&)KGLZ5u?Lgk^WiDoRR&go%b+40u@EWIh
zh*#pYz~w8qAwPervGZd#Z&lf8yG3*|pT=o%Xyi7I;pW?)R>9McqS!bVz^I#c?!yy{
zM}f2cu$t*Nbm2A=@NO$mI-*GF#)1Hh5+3DEj7&|)ur6_wp}n7&oOYT+mnGZ@stnxG
z+D-Lq4il?#B-GG@G8*kUiJd3A#Ne0jHwEPD)Tv2H8RF(*N2#7|fyqUX`vd%wdt`+a
z1+wt`{G|j?qEh!xd;Cc`uU(mIB4a}I;tP)mNVzko1~v+$hH9Z~$Qla*!3l-I&jVr(
z^v?q`eFZ*>K~Hr5)wcU7+@?^d*zJ~rJ8$w$WdN;Y8XBw7x1@UaHVefSJ
z=g;UGTI5qBqY{1u19ag&sDC>oBZ}kVH(pUBtpj5B
zI7k?5Ui+{*>hz^nL#FrGs6DeV;iTBco!GRA<3i
z7V`T31}s@8XR1cO46$qLye7Qjwstb09;V1XO$b*F-=-m)6OxlLFqzKio;tvzD3eJ~
z&SeUX3GkZk-*w;m<~@8(P7XZxk)2S$`(m@3K@cy_N%uDbhH8I$k6+63Z{Fv>EXhA%
zciYxh2StFo@wcEh|W_13H;jb$DCv3@jZ0r8gKjkXk
z{XGzdK3z6$EKzKDtx%oxh~fb_3~b<(?J9XXP$j7Fk#V3OMcR3bt>lTN&hSti0f*%c
z9%XEJ
z(gFnT{xT(u?96s-N-nTLJagk$(8ZSGJnS)j1FyJOhZeWQw$}!c+cT=6TNt}wlUU!N
z`Uf|KvcTlyVJGd|Ej(^a|Mn>xEzuhX3a*sy`L!R?w`e@*VMZ$PB~q{0dc_l2fZufd
z&nfyO^p1HDjEqnquvNY9Zt7iO;Y>Gk&#O(2lSXG#@ppjQhpoTMH1jtj3hsh{*w!Gt{BdfiXpLS483P{o)%yu88R
zFy}p7&<@XP&sjkJC@L!A<~NxrsaBeN0WB{xQ^w_LvN_$rjKJTU*I0lzKcQaF<@qNh
z9i`jYjEi2w&%w+D0Ly#y(M(V7FSYX55$VtQ?XPe%^5RtajT8=mfq!#sC6sBICNk?
z-nz-_d&0q?C8QUNn92J~`w8SUB<&%8hJni{5
zXm@+QXfPws4bZDBRzgNXMnl5VBJOYk;Cl49{%4Qg|C~3rjsKLMo6&ob_EnPw45
z8eT^FaCQu%zvsr|?^0krG&y)On+Ly~XY=|w$ZT(X$@{c9^jLo?V4>-!9%}_Qq6GFN
zF&ICL3N;+H{=WrP9}8;ue~B*_XyH`<3RIeoaH{_h|GW18?@s@7`+uMGKR)C?+W$MU
z|MNlhwQKsV4OQOH){eEFG>&CKBls1_##Bcpp0;gV3&*;De36B&vNBda@V?yFtz_{Z
zbF;Ufnd%W_j?zwT0&ol`$uo_ItTWeoud;-pzMU6G1Vl|{-`uHa_&8|$JA6|wJRZsV
zMplab`KaSq)%M7e(oVRlwT=r5TDXNW(rnFuBygH`v@~)NrIu{`!6=Ww#C?p%b!Ip9
zl#vl8(ySq%04Y-%PQErEyxDc`rs9ruXwI0DXrfT^(4RA{G8WbYJ2JJdzd`S$Rfz4f
z+1LG;Tx}*P`SA6Q^OdXS2K6i&uo7}@F8aJFf!Yy6Df%R3L+HCPdb&D^9{P-)%war{
z@tnV?hkr{t_*)@aGKDPg^&bcE@=P
zS%LddQN^+E2SzV!E-!bAnnQG5j|WrPT0Zv~E@S9Hrx~F;m@5{eP>MZ{6MzQeV9Lw>I6?ZVC$(bT^zo!q?cDk@9;NfNa_v{7%L}TE#}wXEH^*xl!D*C`^+D~*uW#K>
zRwI4oL8oWuT%m3~c;0M%n==vi@v>D__I)yy9-HDcDZSEY?@j^roBO6OglZ=&fX+&aA!E1W$8mfDd2s6$eT&H8*eP6a+g@~v
z{)|Zf)RPlzS@z#@gy9(ZYEx1KUr=Q?znXa;6Bq@{w@QL-xHu>-nC}PqlaBXLbS@`W
zp{Gvem?AU#?;1}h_S;@Fu^JjIk;EPsf)noh_uu2qQUOxxpYPO=2>boI
ze5R;%GCKPyhM&GRhE!vv-7bn7wo%M}0E{hX`VxY>qK
zGv|5GBpx`k|NGWV=<5ek&3WZ+e~P&nZ7wUtk(Iat9pNy4yx`gZwu!%${L>$gHNoDD
ztAsinM#%_~>?S>BCz+Ld0cz1Z9S}=DAOUdxGzjt)PpLdszHm$N-~S2hC)hMpeMR(3=4
z$$K6#Qg73Pu)g@@UeEp6^WN9uN&P9jdS0IWWfLUhK>)8(h9(wvTO{d_ELh)Sf@7n<
z|MBxC#>+$U>!kO5n}Pc1&m#@xJV09L^MG-OCX^G(9x5i*4Zh0Cn`!WdUOwLP{XO7t
z+u#tJ)@~c6=X}K5$rimN3VJG}C^a9Ze3*}iToexbt(JOLpOr^p)@5FVzCO8*ABQHm
zM(T`5Iu4t6wM5^5E0>7#M?N6c<*q!Dp!2tiXT9f7n&JzptUpQ4$7_Z7`XQg@W;79*
zEfU=y`il0zvDE8fbl($peUxvwT`+C9-qd+#^9!9LY->DUd&DvsFw^S96(|}AUy7E_
z|3VnAH=2I|q$Hw#-o*ZwlR`tiBG5=I*Y|gkHqu4E=eB~!iZUluM%#WWTxP2zd
zT$ujQslmq{5JkM1>%qh00sPtYG#;o7n@)61?@II0)q~N+abZIg8>>;sS5lX%Au5%%
z`1mRW#`ZjaTB(>D3`>A4{OEfl7jk0=OSC%t@8O&;6iUY@KO5>X&Cp*TdfT4%g`7A1
zFBX#?TRK;@yg5F6%FOF2ogQmFSZ+9Qgy03A>bDFs@Nglj_Oq}Cpcj2(K_~5+)4m%X
ze7k-uWDaWdKTH({1@V&l{{G==%5!Piun-*47T`mG_0nAMw|s07dbx#h8y4qcF;nAC
zHIR^7=@TVcaB91*b=2jS!D`ZT@JvCN0Daf+Jd#-j3L6hG3F;-)sq45BltoOQmJ*|v
zqCc+xbl2c~UJ*;4>}|s^k{3Se>u@$m=O)SX#%r|FXxI+(KyUC`2=B90|EP=;`~gpl
zW6XnE=#p>XyGbFw#V{@5$6kAbNj0&S&nvIbCKSeh=~q_5F><)$k6j*6L7~rqPge!5
zTrUTsV?8x{>X_=FNb5(Q&op3j>KeR)n!UYP89R}^Y-k?LHVER0rdeA3dZov2UCqve
zzGWV5j6LQNU3!7|oA%#{Sfvq9_urr)IMKmG*q+8fqLT#u@$J4_mSYnSaCb>0}q==)^#u}3cVugJd}
zo|+>TWvrsyzfg{gYBH^{%!qb~aD
zYHBrET!Q}HYnu_8!;<-84*S4TI2jy?GImKW*LM(wp$ZBP{yAy6S6&`Vq*VhZdM_bfa@-xvfbn
zCV8Y+|G={S#O*z4Rum=E9sF(i2B+HO+4E`hcw=``=={%1Vyu>WK;@Z<>K=}cYVMf)
z=b;b6_dPo&h{PTUx@3X_p|g-0%lB}B`kg#JdPD{v*0;~QLlbY_*Y(+NzlTE@69_Ng
zm(_pWM35sly8dzCyK98}=C|;e)|Bw*5kBX=ERg)qaoAJ`3Tz%HXdDJOJ48m3h(+d1
z@y8;L$2lKk^bDgUxsIDwH8BTF_9oSWqD;kZ1y_z%>}obf9pgg=$thoPSn$MOp_gs?
za`F65r4>xt7gvTi?RQP%>~8{}IUdG!Lndj*78)y=6o0m5G*3P8Z#<0~*Q&me(Y?w(
zezeR-n-Tf|_3$9>gEp}*QwkN2%b-_S9n6{jslOe}oAK9pc`*WDn+ZWzZ*6rT3~uoJ^Fv*?YMxMC(O;RbEexi%4!Oyz
zta|fJtu8+x-=9tkAPNXXtgYW1Y8XVX3)G=esat6nHPIX$DPxKzn^mhfBN7k~>+Vu9
z12%zZwY6Jqhpu~1lf%`Xjq|@Gp<-U8v)MsAKs7FUzb^!qX09_gFmy8Qtou~iTd1+MBqK#BzO0YH)>rA=Kb!>6Wp~PS~Y*V
zI?G=YOR#w<4^CqI%;4R*Aifv+;z03w=lSzz-5-#t@rY~t+iN}1+a09Zhrju9zgXOI
zIICOl;?e!?Ymz-T6F07J4MRhJAm!K>$(ywAjC$m{{aNq={TVI@2=J!cT`KMRD%&1i
z#dhNPmCfB;Hv3H#=Pwk-pI4Lb$9B3mOD$wJm%P;iS_=+u7$S%?u#{
z>Q*}Kf$rxzU&q3S@lG+cw@OA#x4Ir*qM&M&
ziuLMeImn!sIck^ZSi<9KV*a$04_9xZW8j~%LUvG7km=_$CoTPenArh5M7jqe$Jx+U
zn2Y@3kSFiMU5tVom>3#-&aX$v-*(WBb=~xF_bU8tpTF}Zn(ccTubtG|B!sRJ)+|kW
zEFElVzo@ymm7${;U2K%_IYLhTZ2_cWIZH*Hye0>wl0zyDYc1&L>&3CQeNjTqdg#nd
zrUfpdM5M03drha#{khdkC)*c}VkOZjxgn%-JH+A`T41y%VZ?SX?cpgx_`H$VnD6~5
z6j+?h%1(tULJ{lmPr4qj3zL!m2<$C_{}$4IND{E&zyuu+U>URaBA*mKkN9DvP2tbs->DvR|XcAaO
zRSz9$0e}g|I+jMlg1Y}Uh4ZE!!}E3#jlvW%be_R~cktG9zxMBHh&_i3nd#q_6?}t^
zq#cVK+4a8!h+9uqz4y54ae*29aTf)OvQW&f(gOdf{PXbDfP%j*>reCW*Jq2Un-#GmLFKH!J-xT{@J*zMj0v|?80omtlT8={Eb#T0@B
zf_Ug@lrH4fNwz6(4L!$WMhXW|dtwS3oqpaYhU%W>3H>hMalzx8Jck`eF?}{*^o~2P
zK$0XAQU8yg7Orp{5{eg=5s~)kXZVI7q%Ask@|Z4A@SCPG#9e_U<#5&YjleFNzQ>mB
z<2^&;a{L@~oVC`1gB%DajZBdd6QhK{`z;mQgXb=+l0$2=l~%
zQ2?$o3#&dK$6DMrPBuEDJ`yO-O*f9&#>1gYPWeyC_yxvo61JiWZ=D!i_NkPsw_pNy
zoJ*~ZuSaFt*mKN_vI%p5rSIu;fDy+wgG7LzwDHYUsJ2M32Z-xncoG7U86gtZnr08E
z7{s6J)d&L0P`TgdS-l}cp~aOzM|2kyl82lRA0AN6t;Z==&O}hVVzQJMtDnbt*Z%9X
zT;ll|5`n1_{K_<1?DPUb__94Qxr!0yX17NwK`VrL88!*uaL2!SB$(4)8f!#rz8hIK
zz-{-%HH6Zua=(q3Jv
z1cdF%bmVJ|FL2qf3mKy@@?Nuiz(;jlJl}I_wc$n8JkS-TO&(7GA7B(9USnq
zh*Z`$#g73b7uI7n(c7_T7gge3=IpUuk#w^CD}J5piz?I-|I4=f+pm(v#ROzEN~}%c
zHTM4Tx>eyHhCHDfe&iqF*|Fz4T)WJ=UBs}~Ua`YOXC8&)g4w?evXIr>2M89WE_Nl}
z>FQb_hTjBiprF1ZRke8Z5zNtnL#t6U4eys#2l$hOg&^3OKHwfAc+){oN?u;X)Ne_JIDmT6&Z#f{(lng1Yms^zyMXEovGH38tL|}__fCjI1N2KT
z@u|`zjaoI*6vIWGVVOnt7umN~;k(de5csNb@*2x=u**Up;N7;lRzIPYen(xS6gc8#
zgbc>|6gi!zj|zvcs9z^59)1
zY_w7*(lu_zHYY*?Pgl4(x&~{W#N?O6n=k~%G3j#6tj@=2C~YAPryVDw-Th;so#`cR
zr8En*ZGh6!5
z9LbODImI|6A_cQ7_0$4x*Z~6Dn0-s^*)4n)r0ZqYmpqG@iFOr-ZT3d|q@i`{iU_-A
zvVAb?iTRR1s`mWcU21t-b0GW65uNA#)AQe%#|4;Kf1Gu61CW!E@~2+b8je8-inqZ4
z(JLx8B~x))$J2J0p29TMNOV0<`_nY9j~0_U+S)!Xe^{S4IYwdO?AZQSQ9U)Mxc~!G
zzYG)pP&k!{Bz_${;}v_dDypild<~7&D%+Zf3*H}1F``tQz${iJxQo(B5
zisS`4CC%?54(j+*2~6!}t}ohNen>M4_&D04Fn>Zlw;VpVl!Sv?LX?S33_vv1emxO4
zY&kv`u*;BHI;mkQ3=|3Al(u-(;hsorjTMk}X9}whNi!8m?)h2_5V`W*Hr$ZpsRMe*
zO3n4CR9<3{Ncr_y-NxdLzzsNS`~9pegGa_unrIt668NUv@dK0O
zt=Sj?Xtcx?9_vAh?CsxfUY-HZJE5^I1~H91CPZQ@zwT=uBY<08K7OKh;ve~Bv?{bd
zy21mUJuku@5A>RGtt;D2inei?f!(o{Qp1e>mT51*Zi#+~BrS)u
zwdP`?2F(ur^xZ7(_6o>?m@tdb#}h9xSq!mlKTj2hLMSW*^okeTDOB}1F(okt=JDt{
zG(wv&(%-$lfEZT}bAp4)GI>eOix25tXjH3h_(vOhwe`}2e*{43n_W3_
zig#+xl3gAe5wwsM!@5mF$4e~oyhuc_sW`2^+cr3U6?OZp?1?AK__?BSE*mpqap;!p
zzTZ`x2P}uGm%&e~##BF}fi|&U`LHDOlP%<(2!1c5o-$bUo=dWn9p;Yj|K1I<*3)T&
zuv8*`4aDMi?{jmjV4l3Lt-)f98xqPj@!bl|cJ`{A&h_&p2@Xg@!{{huVK8QnnE0Gj
zXp#4b=XzI80kqx5z~G-#hj9Tbl?_{}LUe@LYxBhadpkUleC0B0NJ7VN+Q`iGr3}>f7@VVgnQI
z-|zP;ycShd1oAb~j?J`nHjn2}(iKV{pCY4^C9#lUAxoYe{>1bp7Foi44H0vGA8Ir#
z_KW1k_{1zz4J0IMFZwV829LIVk6i6Op;{`YeR{A%?1#fY{41y#2=zNd6aUZ&&rpsZ
zz^FWukZl(&aXd>Tf3}uLf#Lt6IT0T@?X|W7*}o2PSjr9oD!Cn?zUhxnU3?+TchrFm
zV%KXg)VG*mpc3S|GtUK*`wFBo*fvV;B#hTRaDUlY-6UPQ*P0tpv9>dAi4+a4
zK7c-imTbAcNla9aM%zCM7XtMS6x|kobs$xy^|`qAyEq=7B~O~
zH3TvgyW_z{)$5uj$m7^3yoaq0Ty};H?g~i5>$3bnLaeJg#7>m5tNMj_3tLeFTopFZ
zMFLnm5GDH~fEbfpa$e~IjpT5gk%M$fTx+Rq4wbIKoT0kULpr`%4q8U6#-{`vjAEzU
zNr>*u-Rx`!j&nvv5eh;XDV7+So@4FzqP|Ac_BBR7-7CubV>SS0K^z71?ibq7;p$pCPB(0uGGd6r
zw{=sw>Mbf4TNE3Aq_AG8AETo%BS^5(F9OV>U~T>cg&&?@nK~Aw#h+d8obyu&?Nv@=
z#(#S5s->-cY-TFwRATwT{0MtFcf^kithhBG=&m(V+pTXd9XHL2p02#T{Jy?;29Rc1
zs!!Ot5t>U>lA&ljs5jGc5+-doPlT9J@Udtc7Mv`D0Xd%`=q307x{
zKsMLDqv?8P%d=xp1;lxrIsp*Zo=bu8b4%IKB_E)^irWPzEN@EHztju~?>BE+YBV+}
z7w5q^S+L#_4wM|z88Iw*fg;wOxR=1ekeZ-kt{Arn;eWAuSbz1|Ir)5~bEv5VJYihVgnR_{5
zp($Uqn0!AiR>|^8XCTO#GkCqI%-PoXeUYP?G>zVF`gf~0o!=38G!=t(0@AK*T0S-q
z=a`!zhR3L-vXh~DOI+(`6;q9RyQM1B8#$Aj`hQG$o7(ATR%CYt5Wgl#^g^b^rRKK5
zbynf<8g%!4W`H4JwkEzJHCkF|kP+Q?V`ixmLy=SkzGNr>HUbBM3Sg)5;k9xY@1$U4r=~Zy>uESSrzW$#Ye{6<c`ozr4tr#D{c
znD6QEwg@ImDka8-2Mo%0(@cZObF9Br*GViDAUS2EZA%NeYccil3|VIA&c4jza@VmH
zut>BaM!#bS>WwOcLU71ZvvlU93tF)Pav8i?Q&z4rF)YjTT!0oOA*8OT9es}wWA84-C0Fq`H
z6#?KZ5L*-dn8|Bv-(2EE|QlHr5~R
zdJz`u*i5{_tu+Duf;r~1;2Wg8yOxum&R3m@CH6cp5Q2fz4)xMGH`&=E9)`T;$;R_P
zdekWAOdm8vvJ*$F&B#8?U!x`$M#7w4H85kbBGH5>2=b1ZolL1PIpkYLRC3B<=h*St
z-I>(kxPDQ@@%QkH4_EHRa=5{|OkOI(+U(hT$o0q0`qD!x;^;)Mv!TtFXpt|+{;Q~Z
z%-V9~d^<-m*G>mE+pYya@Ad$m$s6)=MzXEZ32e{CHP6OTx?J0
zb4I0YsN{Ap-$#^GeBG=&6W-gQgxJw5IsstH5yot4jl3(5Zy+U^#y~LLa0sWBOIdBt
z9g?Gz{$Qc+4mHAr%Wl#68*-zCuaYm}bX?)2R7NRcT!z{N%gHM67YA9{X*@6B$ZJd`
zmfn3hZ^LMB9wgQCBmnQyHrGcl>=%^%lMx@yW&RFBz&8zgyQNX8aI!8_9YVR)u+u3)
zJ3PWpU6y3yQo4)l{vP=-8hI9Gc^H&oCZFDblXB(1F1Ae^7m(6d1wYE4)(;=85jB=wAoE|ZK?b50x%@aA;Pgd9QZCv-#F)e)%L!)9TknEo{$ru$QD*tGB`Jq<
z3g*2D24NRr*c-K0(b=@3R+b_#OsDyNAe+z6Qqg*ghLP&kFY)cRpr)^R=O7F&JL#RK
zw|4;rF@1ImA@>A|h$Bz7G>Da({1k>$AQAzZ+K@^BAdgE%rwG2xH&dHW0}R%umtN{&u93w$sDQM%5L%foOu&}`cz_>
z5BDhV%KSz#PLh0bh(ylvS2$sq1WhV?U#!n`+lvav&G^l(=VOUIBP?2SEr%_MqU|I-
zw>d7`lvp~HnrQE0A{jJ7_ZF5}0Z74Zy}bQ2ZN9E8kK_YlJ@HPz$i6cO2e9Ut9K75vD&k0{!h=yfO_Q=gaNBT*d`?ogo
z?^_!fv!es1aPLs2l~cWf$zf1dzSkx>wXtb(u6zl~n}ZBW2Eq?(Zl7z@tfGd;{A+SU
z+|u{QyxV6r0+zs<46C@?N)K3a^FOYYazR@pzU`32xB0nipEL)vR=Lj|%+
zu5TfXxt`?3=tI*lv+)8gr2c-eN;urqhq;gWFR_fbf9CK^}%8zaD2
z86;5b^L!;oem$`0IuY{42$0_Mbqj`Tam6bsoNmYk9oqmxKbMTmU1~#7)_(1g{<416
zmculfMZ2cIf8zx-Qib6UfC+IXBA9BVH(aL>5sM0L=&4k<4B;tY=1uy15RMBcpQUMpki(u2w{T>e!duAu4tO2XEc#@N*E1H8^zS_G&
zZ7Qv8hy7!C#kISbbL-)2Gf8W+aceVM)+z{THeXjeQ*#PeW7k#@lTs(zS9S|0
z2Dw@K=^7kSc*XADxo{uy`fTd|idJZ}!Fqf-9u~Ot@yQ!9suUW0}R-NuJhL|I&+V%-)PX#B<6_)BYV6V9Ero=)kmflDA&Nek)+K~LaDRHtuxa!wuc(^&u)GsFx8glj7
zK7eNit()UwjJZ*1nRw5fMS%kRE_V;Tqsixw^e6rvTZ-U7q$u=HK25Cc1f@xPV^OJ9
zz+>L_3~b4^hp>*Ir9Y#+SAp?~HkFu;Io|h(SOAW#jzg)YrVHWVMUAr|;VFr?6{<5Ey2
zwGxL+Ao5#wlU>N)w{8T)gt7T6!eJxtL>|gc6b+`}#Jaf$o#%B$}@ArGL)R
zI;VGgvJ_#5ux1;DPC?WIkF*yImF8jSX-hCLS*=lOY~gcNXl4%~w6G-F;O9k50{|?}%Qc>hHhq
zF1DW+dWYJb(?ycF?f}H@Jc8S=@MmD_F`0JfAoueZT%L3utTu$R_9N+6q{8AU`9Fn^
zGk!5SESW|YYCGeM>xQ_qhvf)?3gkaOIKZnoIjF@{eUE2FX4w~g(roLlg7+Ajj}G!@
z>nSQ{r&6G&?_Po&s|I29dQXx6)W6B%n|;2g=b+z?zBi9P#B?HeVA_uq^3B6Ly+RLn
zQ~X*UIyn#Ym^__!t}2j9_!HjEjAQsu^uwQN
zbpOT&&vq=9*52=B7!YC-!Z-z6kw~rLUg>>ISub_|$C=@v?La<;7TpV5)H{n@pKp76YYKcgwF@*fnS_oR7Laei@dlR~)L)(`qql&5UQw$ZU
zsW@N;-qH1R_oGW72v)5w<|YHPw!tu2XIS+ijU|dMPj8JGn^cAA#>sdND_de~@X|rQ
zX3_BGCWt#Y-Pt#A*y9z}ZLlQQuu_=`DLO1QVfMVqw6B>*&J@=eJE=6O4S4)K{!;LG
za##}$JYMg1GXCxT+)*8<$TYrj75?$+D*gA4N3?_*b;&q;KO
zN7yV69qqml8Ho4P5u4xZjXdfq<0&GuwZj2vygdHn$QmIW_T>!!uq(FrXv|9a_&U`s^yQlzjwAl!}6dA-!&
z+2XP*eh|7gy@rRlHBQq;0^^tbkJa%1BB1=sTG%wkAAWQhy=8*kAaPB`URxD*gLuz;
zs4M;FvPfm->dy@?!F;t*>VHThfylKc5CVRfmeX|DDtmbwGhknoro~r`WR?8eIz6wZ
z*pc_GewikW$Fj~t)Ah|+89TDz^G(}-(_8)>&3|xQ{$n8jL5KO581rw_Nqc3caN1O*
z0+Ut?8TR4+;u^g_EvaPK|6FP*K>Wxx?@g{Uca=Tiv2mCaUE-)fjbr@Jl+{uOb4L~h
zk|M0L55NVl?AfZN_9PYddr?c?onEQY=3Y(Vo*TOvl+4On`gStDY$|2@-4Jh)*9X01
z?bgB_0mkwxNSctYZk#fVjsfOnhS{&lz;GbG)5_2d(RC%tOJ82ienY@5iSpdQPvyJ$
zdH0=g=yluFh6F3&wE^cG9Wm1fVx|%FvI=|snHE%8Mbyan_SgU_vY~V6*7XBwB<)f+
zLGf{bPoYPUs42+uA&9V7o+->N#kaQh7jhpC>sa4UWRiH
zv1d!Pe*a>{sz_y|{M=>0=dv1Utv{aU|2D_`YXXB_w>j;uwRKj-$P4&6fmAF**F=Bx
z{_V~eIm?c_za;dk#8aEaQu0HVh<(<-=T9v9qZ9E7WU~02nWJ}0n@aORCZQ43QplzD
z7f02V*`m%Q!PPbT-9BvI-j8kDS7V$i2uO&1<_n#d^p8*okJ~2PP(qQr54V-PyD7@dAI_?@?C#;CFa_GlffDi)_(rN=Ingh
z3LJ~Pw0sy*JGTgZ4mtaKsrEKXQd+1qQi{6krhMh$40>)glwc3w<-6Wn_Wq=;eK}Y7
z^rg68w!v;|=jp_@n>ia9hkp0EcS$z!5)|`O%pb?zmHegnury0(NDKSo>lSbtpv7i
zzdqqc-feEv=W9{z-Rq%hA-Bxb-B|DIPuv#@L`bStfCWk
z-K0?e*XzTcuHN0O2gTn<+5@nvV7kR{Qhq`qXGZADzAN?xiW^ysc8$sY4rP0yP}dWZ
z&&lG56qbmjqbEXrZBV+oRLsRy<9^%DnCWK2aG}|8MqMi!?g*VD1h`*H`HXt)+EK8}
zqH}eR7k~c(?H)To=lC;HSzvx$p(6Y|?z#HfW7_uAn9Zu+7@0yFb2s1ZGcD)!oz_JzyBCA{`XqJwe)v7A1v2DVWyD+q`;9DQ3CLQhybz7L-Q1*PR)G
zf~BboDx96wd^z6l{!^Z*Q*t(4&f2HAGpz-I`tlc>MYl`QS_aA0dFhB36_(LGXL;T>ClGUC
zjP37)YxK9>e^YudP$YKf6}`7-!{@rBNVQp6(UM{Me6>Gd;eL0rHkL7wJ9A?e@>v}l
z(VaIBX+oP3OoJ>aC^*eps0+j6oP`c@R0Z(&gf<@eq+&45FSpB|o``&Rz;UmS6ZM=P
zzZs2mx0;k$=gLA~UxHpd3(XIvsmo@Wrr}ijn=Kh3GVs~T(I%bD8j2~Zm0Vurg;OP6
zFL0*M%dggtllehgcT<`=CehA9YpfS$R9VRZoL>3jR9`gN!85z<+DmrPpEr{24aQsj
zNO(B1d$YJK-A<*~qi9gW^*U?^CyMOji#_XM)OApON;tPUuT3UQ6l(QqF
zEoSi4xV?|8&f1_RXOGXJJZ|D*6v08%#p<6+N>FovmxCN3Ny))C{hy#U76V_l7|VaK
z;?a^OWe8PT>#qSN_`Sn>sS*NSo1w{+7#yGh!L|pT8
zZP=ew#$*+;7|RbUYZIq2-fgPCXd%$buxSO~~BmEdYL$i%M*BE$y2DGJzeRaQEl
zA4uTZ)s_?$U$7lDs5Il9?W8z
zr%}rO2LZI+x7OX2xgvU{P|_fPiHZ4i!yr}y2FFE5%W5(SoeQ-%$NWV=`7*q-G{uL4
z#Wy>>DDUphHLpD{e3u;6(Rjow8HOGFc(?WP_&R=jy*IlsBcbJq4ns-R=mgw0sq*tp
z$|U9FP!bbW0DOEruR}<}&%du>40B4oW(QtJNS*C!D^~)ACw0m;O_3BNMyL
z-8(H`?v(?a7*<(uQc~VS;RIWWQ0s!|usyL%#PhA7{|L`jA@IFVgz@iV7dfRC-mj
zU(+}z>&^MRuC?XO<>{lNXzT@Ci6PH_Qxykh2Ir~rLBcAkBuI<%>|sWK1$3`g>ip5hmC_Y~?ba?c$->jSWpnJ715ShB$AY{PRC~uDj+Y$h7C1R#}0pMBDDSKXJz%4_z0g
zHcSE?7tp&Pw@>5z|3nX4ryAS2VMq7i+I>r&ku3C|+4zHQx<0it8v?ZK1Isbe6w
z19vpgM9SElI^#`LMiBe3)Sc1@kRBEmiKqo7-vn;$ONDl=waEQF^8@a9k?l(-e?aYv
zrQWjoU#{TxF-Zq?xb~-Hyy8T9zQyGDiZhVR(HEE$>%#6K!3=bJH*c2qMwjWQ)X`5^
z?4|kzs2S%ctje4|G-)*rxSU26X?p?diHeC9$}kci*j&cl$6eg5p6Q1L_IexR#?pm!
zV~sVs8CSJRPVtj<2)M|w7Es}%#SOCb1-g7%U7eDqQJ~tKQj`1|$C9VyO$>l_=`|A{
z(2WG`>l*ZP%G0Ml;K#3re-%_zC~@0bJ!t+%!EIAU${L)7RxCYb{9u$umvSTyln7^`
z$o}G!jR6DfN%9?PeyTj>ifLXB*QVba1z`!eor(9%y53FLWwU7eIhS8+h83C8=*?4T
zI`+Q~Qn`2ZJ*X%1eu$1hJ^yIImFJ)Ya@(Ao0EX(^L$#WdsmOGEWqe^&(FqR8NwkrN
z)ph%_HctMFhBI1Nyn5bVqNHmVOYygD+F~A%s7x<)+9l|;a+c8zwHt={8$DK46%~~i
zVpmY|Kk?~)=fU2S-A9d|tTik9lJLzz>w+#=Vo$^~daQ+v#!U0hym3Y}Uc>I37!er@
zgzJ8m#wNAK5Oil2$YK~Y2HVyvlb5x(F0WaDN#4UsxMGIR#}=n(;=@FQih!GOYD?qrXyUTOB3|SWTX2PEX0byu5zwCGt-L5{D{m3WEN=A7vSB-CI7cTG1Vj=jd9U
zIE7`-dL8@CHPj%Crx?)-Q3C@5dl#1?*9~TqP)oK;J0WlHTMP=}FR`hW@a%IHs^X7GHAD<#e!KBhJvX-z}8SQSi_+84#q8?C*IlZEz7K15hBe)qh$(=at|Y>^RZRD|WqIxn1}7A`Bt
zKl;{P?Yhqm2ls~apU(vtbkrxz<#V>#*#os+qxim|Z})ZDTi;ldW5h4|`7;vK;v@mV
z5BTwAa#D3!NRU&dY2`*$Wp3KL)3Ms)&eNRx4)`3
zAOYy;w9=T}*$(<)b;!-_6P+&v<%C7r4i0yh%PcG()w`4DYar7zGw>uN!aXW$AAwkPLr;`viYrt3|4
ziA;qP84C2IWn?~H1KTr>s=GQmf{+SdZWv%U!CkB`zrAiuF6{uY5j5@%ZA1Ual>O3C
zP@t2R^uQu<>2t@nE#5)?5*UCLMZ>`UwvSq3E0O<;omV
zBXT$12m`3MvI3(ukIWprf}uh9nO)r<#j;}0P)vsw1+oNtcEG+&PNIBX!D@5L(Q@eB
z`7Gs#Xgxc%HlH$jP-{SG+HWP_P=rT0Nkfhp`Trmp*Szf=CKEMFgfB|tos{)qi9@T=
z9#4M@O9Hd1-%$TBsN6E>Q&09UxW4$4tN}$f!yKCC$SBFRqow2><{9

literal 0
HcmV?d00001

diff --git a/webgoat-lessons/jwt/src/main/resources/images/jerry.png b/src/main/resources/lessons/jwt/images/jerry.png
similarity index 100%
rename from webgoat-lessons/jwt/src/main/resources/images/jerry.png
rename to src/main/resources/lessons/jwt/images/jerry.png
diff --git a/webgoat-lessons/jwt/src/main/resources/images/jwt_diagram.png b/src/main/resources/lessons/jwt/images/jwt_diagram.png
similarity index 100%
rename from webgoat-lessons/jwt/src/main/resources/images/jwt_diagram.png
rename to src/main/resources/lessons/jwt/images/jwt_diagram.png
diff --git a/webgoat-lessons/jwt/src/main/resources/images/jwt_token.png b/src/main/resources/lessons/jwt/images/jwt_token.png
similarity index 100%
rename from webgoat-lessons/jwt/src/main/resources/images/jwt_token.png
rename to src/main/resources/lessons/jwt/images/jwt_token.png
diff --git a/webgoat-lessons/jwt/src/main/resources/images/logs.txt b/src/main/resources/lessons/jwt/images/logs.txt
similarity index 100%
rename from webgoat-lessons/jwt/src/main/resources/images/logs.txt
rename to src/main/resources/lessons/jwt/images/logs.txt
diff --git a/webgoat-lessons/jwt/src/main/resources/images/product-icon.png b/src/main/resources/lessons/jwt/images/product-icon.png
similarity index 100%
rename from webgoat-lessons/jwt/src/main/resources/images/product-icon.png
rename to src/main/resources/lessons/jwt/images/product-icon.png
diff --git a/webgoat-lessons/jwt/src/main/resources/images/tom.png b/src/main/resources/lessons/jwt/images/tom.png
similarity index 100%
rename from webgoat-lessons/jwt/src/main/resources/images/tom.png
rename to src/main/resources/lessons/jwt/images/tom.png
diff --git a/webgoat-lessons/jwt/src/main/resources/js/jwt-buy.js b/src/main/resources/lessons/jwt/js/jwt-buy.js
similarity index 100%
rename from webgoat-lessons/jwt/src/main/resources/js/jwt-buy.js
rename to src/main/resources/lessons/jwt/js/jwt-buy.js
diff --git a/webgoat-lessons/jwt/src/main/resources/js/jwt-final.js b/src/main/resources/lessons/jwt/js/jwt-final.js
similarity index 100%
rename from webgoat-lessons/jwt/src/main/resources/js/jwt-final.js
rename to src/main/resources/lessons/jwt/js/jwt-final.js
diff --git a/webgoat-lessons/jwt/src/main/resources/js/jwt-refresh.js b/src/main/resources/lessons/jwt/js/jwt-refresh.js
similarity index 100%
rename from webgoat-lessons/jwt/src/main/resources/js/jwt-refresh.js
rename to src/main/resources/lessons/jwt/js/jwt-refresh.js
diff --git a/webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js b/src/main/resources/lessons/jwt/js/jwt-voting.js
similarity index 100%
rename from webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js
rename to src/main/resources/lessons/jwt/js/jwt-voting.js
diff --git a/webgoat-lessons/jwt/src/main/resources/js/jwt-weak-keys.js b/src/main/resources/lessons/jwt/js/jwt-weak-keys.js
similarity index 100%
rename from webgoat-lessons/jwt/src/main/resources/js/jwt-weak-keys.js
rename to src/main/resources/lessons/jwt/js/jwt-weak-keys.js
diff --git a/webgoat-lessons/jwt/src/main/resources/js/questions_jwt.json b/src/main/resources/lessons/jwt/js/questions_jwt.json
similarity index 100%
rename from webgoat-lessons/jwt/src/main/resources/js/questions_jwt.json
rename to src/main/resources/lessons/jwt/js/questions_jwt.json
diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/resources/db/migration/V2019_11_10_1__introduction.sql b/src/main/resources/lessons/lesson_template/db/migration/V2019_11_10_1__introduction.sql
similarity index 100%
rename from webgoat-lessons/webgoat-lesson-template/src/main/resources/db/migration/V2019_11_10_1__introduction.sql
rename to src/main/resources/lessons/lesson_template/db/migration/V2019_11_10_1__introduction.sql
diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-attack.adoc b/src/main/resources/lessons/lesson_template/documentation/lesson-template-attack.adoc
similarity index 76%
rename from webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-attack.adoc
rename to src/main/resources/lessons/lesson_template/documentation/lesson-template-attack.adoc
index 9cb035b1f..a1244d4f8 100644
--- a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-attack.adoc
+++ b/src/main/resources/lessons/lesson_template/documentation/lesson-template-attack.adoc
@@ -1,6 +1,6 @@
 === Step 4: Add an assignment to your lesson
 
-With an assignment a user can practise within a lesson. A lesson can consist of multiple assignment, each assignment
+With an assignment, a user can practice within a lesson. A lesson can consist of multiple assignments, each assignment
 needs to extend the class `AssignmentEndpoint`, let's look at an example:
 
 [source,java]
@@ -39,15 +39,17 @@ public class SampleAttack extends AssignmentEndpoint { // <3>
     }
 ----
 <1> Every assignment is just a Spring RestController
-<2> Each assignment can have a list of hints, the actual text needs to be placed in `WebGoatLabels.properties`
-<3> Each assignment needs to extend the class `AssignmentEndpoint` giving you some helpful methods you need when you want to mark an assignment as complete
-<4> As the assignment is a Spring based class you can autowire every component managed by Spring necessary for the assignment
+<2> Each assignment can have a list of hints. The actual text needs to be placed in `WebGoatLabels.properties` in the folder `src/main/resources/{lessonName}/i18n`
+<3> Each assignment needs to extend the class `AssignmentEndpoint`, giving you some helpful methods you need when you want to mark an assignment as complete
+<4> As the assignment is a Spring-based class, you can auto wire every component managed by Spring necessary for the assignment
 <5> Each assignment should at least have one mapping with the method signature (see 6)
-<6> When the user tries to solve an assignment you need return an `AttackResult`
+<6> When the user tries to solve an assignment, you need return an `AttackResult`
 <7> Returning a successful attack result when user solved the lesson
 <8> Returning a failed attack user did not solve the lesson
 
-As you can see an assignment is a REST controller which need to at least have one method with the following signature:
+{nbsp} +
+
+As you can see, an assignment is a REST controller which needs to at least have one method with the following signature:
 
 [source]
 ----
@@ -71,11 +73,11 @@ public List getItemsInBasket(@PathVariable("user") String user) {
 }
 ----
 
-=== Adding an assignment to the html page
+=== Adding an assignment to the HTML page
 
-We mentioned a lesson can consist of multiple assignments, WebGoat picks them up automatically and the UI displays
-a navigation bar on top of every lesson. A page with an assignment will be red in the beginning and will become
-green when the user solves the assignment. To make this work in the html we need to add:
+We mentioned a lesson could consist of multiple assignments, WebGoat picks them up automatically, and the UI displays
+a navigation bar on top of every lesson. A page with an assignment will be red initially and will become
+green when the user solves the assignment. To make this work we need to add to the HTML file:
 
 [source]
 ----
@@ -106,4 +108,4 @@ green when the user solves the assignment. To make this work in the html we need
 So the `action` of the form should match the method which defines the check if the lesson has been solved or not
 see `public AttackResult solved()`
 
-That's it you now successfully created your first WebGoat lesson including an assignment!
\ No newline at end of file
+That's it. You have now successfully created your first WebGoat lesson, including an assignment!
diff --git a/src/main/resources/lessons/lesson_template/documentation/lesson-template-content.adoc b/src/main/resources/lessons/lesson_template/documentation/lesson-template-content.adoc
new file mode 100644
index 000000000..660802d34
--- /dev/null
+++ b/src/main/resources/lessons/lesson_template/documentation/lesson-template-content.adoc
@@ -0,0 +1,36 @@
+== Step 1: writing content
+
+Each lesson can consist of multiple pages with content (text) to explain the vulnerability at hand. The content
+is written in AsciiDoc[https://asciidoctor.org/docs/asciidoc-writers-guide/] which makes it very easy to write content (if you know Markdown, you know AsciiDoc).
+
+You can find excellent tutorials online for the AsciiDoc syntax. We are just showing a basic overview below.
+Below we will describe some constructs often used within WebGoat.
+
+=== Sub-heading
+
+Check AsciiDoc for syntax, but more = means smaller headings. You can *bold* text and other things.
+
+=== Structuring files
+
+You should set up all content to these *.adoc files. The AsciiDoc files reside in the
+directory `/src/main/resources/{lesson}/documentation/`.
+
+=== Images
+
+Images can be referenced below, including setting style (recommended to use lesson-image as the style). The root is `/src/main/resources/{lesson}/images`
+
+image::images/firefox-proxy-config.png[Firefox Proxy Config,510,634,style="lesson-image"]
+
+=== Code block
+
+Write code blocks as follows:
+
+```
+[source]
+----
+public class A {
+
+  private String test;
+}
+----
+```
diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-database.adoc b/src/main/resources/lessons/lesson_template/documentation/lesson-template-database.adoc
similarity index 72%
rename from webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-database.adoc
rename to src/main/resources/lessons/lesson_template/documentation/lesson-template-database.adoc
index 996991947..cb70fa4b7 100644
--- a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-database.adoc
+++ b/src/main/resources/lessons/lesson_template/documentation/lesson-template-database.adoc
@@ -1,8 +1,8 @@
 === Database
 
-If the new lesson needs to store or use a database you can add a create script in the directory `{lesson}/src/main/resources/db/migration` folder.
+If the new lesson needs to store or uses a database, you can add a create script in the directory `/src/main/resources/{lesson}/db/migration` folder.
 The file name needs to follow a specific convention: `V2019_11_10_1__new-lesson.sql`, so the first part is just the current date.
-In this file you can for example create tables and insert some data, for example:
+In this file, you can for example, create tables and insert some data, for example:
 
 [source]
 ----
@@ -22,4 +22,4 @@ INSERT INTO servers VALUES ('4', 'webgoat-pre-prod', '192.168.6.4', 'EF:12:FE:34
 INSERT INTO servers VALUES ('4', 'webgoat-prd', '104.130.219.202', 'FA:91:EB:82:DC:73', 'out of order', 'Production server');
 ----
 
-Using this way to create a database will allow WebGoat to automatically reset the database to its original state.
\ No newline at end of file
+Creating a database will automatically allow WebGoat to reset the database to its original state.
diff --git a/src/main/resources/lessons/lesson_template/documentation/lesson-template-glue.adoc b/src/main/resources/lessons/lesson_template/documentation/lesson-template-glue.adoc
new file mode 100644
index 000000000..150fc3d81
--- /dev/null
+++ b/src/main/resources/lessons/lesson_template/documentation/lesson-template-glue.adoc
@@ -0,0 +1,34 @@
+=== Step 3: Write glue html page
+
+We mentioned a lesson could consist of multiple assignments, WebGoat picks them up automatically, and the UI displays
+a navigation bar on top of every lesson. A page with an assignment will be red initially and will become
+green when the user solves the assignment. To make this work we need to add:
+
+[source]
+----
+
+
+  

+    

+  

+  

+    

+  

+  

+    

+  

+
+----
+
+This file needs to be places in: `/src/main/resources/{lesson}/html/`. The name of the file should be the same as
+the Java class we created in step 2.
+
+The snippet above will create three separate pages (navigation bar) with the adoc pages we created to create this lesson.
+
+That's it we create a basic lesson with only content. To make it all work, you need to make the lesson available in
+WebGoat.
+
+That's it. Start WebGoat, and your lesson will appear in the menu.
diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-intro.adoc b/src/main/resources/lessons/lesson_template/documentation/lesson-template-intro.adoc
similarity index 50%
rename from webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-intro.adoc
rename to src/main/resources/lessons/lesson_template/documentation/lesson-template-intro.adoc
index 441ce0aaa..422705a5a 100644
--- a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-intro.adoc
+++ b/src/main/resources/lessons/lesson_template/documentation/lesson-template-intro.adoc
@@ -1,8 +1,8 @@
-This lesson describes the steps needed to add a new lesson to WebGoat. In general there are four steps:
+This lesson describes the steps needed to add a new lesson to WebGoat. In general, there are four steps:
 
-- Write the content, in WebGoat we use AsciiDoc as a format.
+- Write the content. In WebGoat, we use AsciiDoc as a format.
 - Create a lesson class
-- Write html glue page so WebGoat knows how the content should be displayed
+- Write HTML glue page, so WebGoat knows how to display the content
 - Add one or more assignments within the lesson
 
 Let's see how to create a new lesson.
diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-lesson-class.adoc b/src/main/resources/lessons/lesson_template/documentation/lesson-template-lesson-class.adoc
similarity index 65%
rename from webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-lesson-class.adoc
rename to src/main/resources/lessons/lesson_template/documentation/lesson-template-lesson-class.adoc
index 178b6b138..3ee6d8395 100644
--- a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-lesson-class.adoc
+++ b/src/main/resources/lessons/lesson_template/documentation/lesson-template-lesson-class.adoc
@@ -1,6 +1,6 @@
 === Step 2: adding a new lesson class
 
-Each lesson can contain multiple assignments, first let's define a lesson class in Java
+Each lesson can contain multiple assignments, first. Let's define a lesson class in Java:
 
 [source]
 ----
@@ -18,3 +18,4 @@ public class LessonTemplate extends Lesson {
 }
 ----
 
+Add the new lesson to a new package under `org.owasp.webgoat.lessons`.
diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-video-more.adoc b/src/main/resources/lessons/lesson_template/documentation/lesson-template-video-more.adoc
similarity index 100%
rename from webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-video-more.adoc
rename to src/main/resources/lessons/lesson_template/documentation/lesson-template-video-more.adoc
diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-video.adoc b/src/main/resources/lessons/lesson_template/documentation/lesson-template-video.adoc
similarity index 82%
rename from webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-video.adoc
rename to src/main/resources/lessons/lesson_template/documentation/lesson-template-video.adoc
index 83831886f..105527d5a 100644
--- a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-video.adoc
+++ b/src/main/resources/lessons/lesson_template/documentation/lesson-template-video.adoc
@@ -1,7 +1,7 @@
 === More Content, Video too ...
 
-You can structure and format the content however you like. You can even include video if you like (but may be subject to browser support). You may want to make it more pertinent to web application security than this though.
+You can structure and format the content however you like. You can even include video if you like (but may be subject to browser support). You may want to make it more pertinent to web application security than this, though.
 
 video::video/sample-video.m4v[width=480,start=5]
 
-see http://asciidoctor.org/docs/asciidoc-syntax-quick-reference/#videos for more detail on video syntax
\ No newline at end of file
+see http://asciidoctor.org/docs/asciidoc-syntax-quick-reference/#videos for more detail on video syntax
diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/resources/html/LessonTemplate.html b/src/main/resources/lessons/lesson_template/html/LessonTemplate.html
similarity index 79%
rename from webgoat-lessons/webgoat-lesson-template/src/main/resources/html/LessonTemplate.html
rename to src/main/resources/lessons/lesson_template/html/LessonTemplate.html
index 1444a8454..730b2e37b 100644
--- a/webgoat-lessons/webgoat-lesson-template/src/main/resources/html/LessonTemplate.html
+++ b/src/main/resources/lessons/lesson_template/html/LessonTemplate.html
@@ -4,38 +4,38 @@
         
         
-        

+        

     

 
     

         
         
-        

+        

     

 
     

         
         
-        

+        

         
-        

+        

     

 
     

-        

+        

     

 
     

-        

+        

     

 
     

         
         
-        

+        

 
         
         

@@ -71,7 +71,7 @@
         see other lessons for other more complex examples -->
 
     

-        

+        

     

 
 
diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/lesson_template/i18n/WebGoatLabels.properties
similarity index 100%
rename from webgoat-lessons/webgoat-lesson-template/src/main/resources/i18n/WebGoatLabels.properties
rename to src/main/resources/lessons/lesson_template/i18n/WebGoatLabels.properties
diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/resources/images/firefox-proxy-config.png b/src/main/resources/lessons/lesson_template/images/firefox-proxy-config.png
similarity index 100%
rename from webgoat-lessons/webgoat-lesson-template/src/main/resources/images/firefox-proxy-config.png
rename to src/main/resources/lessons/lesson_template/images/firefox-proxy-config.png
diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/resources/js/idor.js b/src/main/resources/lessons/lesson_template/js/idor.js
similarity index 100%
rename from webgoat-lessons/webgoat-lesson-template/src/main/resources/js/idor.js
rename to src/main/resources/lessons/lesson_template/js/idor.js
diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/resources/video/sample-video.m4v b/src/main/resources/lessons/lesson_template/video/sample-video.m4v
similarity index 100%
rename from webgoat-lessons/webgoat-lesson-template/src/main/resources/video/sample-video.m4v
rename to src/main/resources/lessons/lesson_template/video/sample-video.m4v
diff --git a/webgoat-lessons/logging/src/main/resources/lessonPlans/en/logReading_Task.adoc b/src/main/resources/lessons/logging/documentation/logReading_Task.adoc
similarity index 100%
rename from webgoat-lessons/logging/src/main/resources/lessonPlans/en/logReading_Task.adoc
rename to src/main/resources/lessons/logging/documentation/logReading_Task.adoc
diff --git a/webgoat-lessons/logging/src/main/resources/lessonPlans/en/logSpoofing_Task.adoc b/src/main/resources/lessons/logging/documentation/logSpoofing_Task.adoc
similarity index 100%
rename from webgoat-lessons/logging/src/main/resources/lessonPlans/en/logSpoofing_Task.adoc
rename to src/main/resources/lessons/logging/documentation/logSpoofing_Task.adoc
diff --git a/webgoat-lessons/logging/src/main/resources/lessonPlans/en/logging_intro.adoc b/src/main/resources/lessons/logging/documentation/logging_intro.adoc
similarity index 100%
rename from webgoat-lessons/logging/src/main/resources/lessonPlans/en/logging_intro.adoc
rename to src/main/resources/lessons/logging/documentation/logging_intro.adoc
diff --git a/webgoat-lessons/logging/src/main/resources/lessonPlans/en/more_logging.adoc b/src/main/resources/lessons/logging/documentation/more_logging.adoc
similarity index 100%
rename from webgoat-lessons/logging/src/main/resources/lessonPlans/en/more_logging.adoc
rename to src/main/resources/lessons/logging/documentation/more_logging.adoc
diff --git a/webgoat-lessons/logging/src/main/resources/lessonPlans/en/sensitive_logging_intro.adoc b/src/main/resources/lessons/logging/documentation/sensitive_logging_intro.adoc
similarity index 100%
rename from webgoat-lessons/logging/src/main/resources/lessonPlans/en/sensitive_logging_intro.adoc
rename to src/main/resources/lessons/logging/documentation/sensitive_logging_intro.adoc
diff --git a/webgoat-lessons/logging/src/main/resources/html/LogSpoofing.html b/src/main/resources/lessons/logging/html/LogSpoofing.html
similarity index 79%
rename from webgoat-lessons/logging/src/main/resources/html/LogSpoofing.html
rename to src/main/resources/lessons/logging/html/LogSpoofing.html
index 50907ad78..68e49a064 100755
--- a/webgoat-lessons/logging/src/main/resources/html/LogSpoofing.html
+++ b/src/main/resources/lessons/logging/html/LogSpoofing.html
@@ -6,12 +6,12 @@
     
     
-    

+    

 

 
 

     
-    

+    

     

         

         
 

 

-    

+    

 

 

-    

+    

     

         

         
 

 

-    

+    

 

 
diff --git a/webgoat-lessons/logging/src/main/resources/i18n/WebGoatLabels.properties b/src/main/resources/lessons/logging/i18n/WebGoatLabels.properties
similarity index 100%
rename from webgoat-lessons/logging/src/main/resources/i18n/WebGoatLabels.properties
rename to src/main/resources/lessons/logging/i18n/WebGoatLabels.properties
diff --git a/webgoat-lessons/missing-function-ac/src/main/resources/css/ac.css b/src/main/resources/lessons/missing_ac/css/ac.css
similarity index 100%
rename from webgoat-lessons/missing-function-ac/src/main/resources/css/ac.css
rename to src/main/resources/lessons/missing_ac/css/ac.css
diff --git a/webgoat-lessons/missing-function-ac/src/main/resources/db/migration/V2021_11_03_1__ac.sql b/src/main/resources/lessons/missing_ac/db/migration/V2021_11_03_1__ac.sql
similarity index 100%
rename from webgoat-lessons/missing-function-ac/src/main/resources/db/migration/V2021_11_03_1__ac.sql
rename to src/main/resources/lessons/missing_ac/db/migration/V2021_11_03_1__ac.sql
diff --git a/webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-01-intro.adoc b/src/main/resources/lessons/missing_ac/documentation/missing-function-ac-01-intro.adoc
similarity index 100%
rename from webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-01-intro.adoc
rename to src/main/resources/lessons/missing_ac/documentation/missing-function-ac-01-intro.adoc
diff --git a/webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-02-client-controls.adoc b/src/main/resources/lessons/missing_ac/documentation/missing-function-ac-02-client-controls.adoc
similarity index 100%
rename from webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-02-client-controls.adoc
rename to src/main/resources/lessons/missing_ac/documentation/missing-function-ac-02-client-controls.adoc
diff --git a/webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-03-users.adoc b/src/main/resources/lessons/missing_ac/documentation/missing-function-ac-03-users.adoc
similarity index 100%
rename from webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-03-users.adoc
rename to src/main/resources/lessons/missing_ac/documentation/missing-function-ac-03-users.adoc
diff --git a/webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-04-users-fixed.adoc b/src/main/resources/lessons/missing_ac/documentation/missing-function-ac-04-users-fixed.adoc
similarity index 100%
rename from webgoat-lessons/missing-function-ac/src/main/resources/lessonPlans/en/missing-function-ac-04-users-fixed.adoc
rename to src/main/resources/lessons/missing_ac/documentation/missing-function-ac-04-users-fixed.adoc
diff --git a/webgoat-lessons/missing-function-ac/src/main/resources/html/MissingFunctionAC.html b/src/main/resources/lessons/missing_ac/html/MissingFunctionAC.html
similarity index 89%
rename from webgoat-lessons/missing-function-ac/src/main/resources/html/MissingFunctionAC.html
rename to src/main/resources/lessons/missing_ac/html/MissingFunctionAC.html
index 49c42e774..daf5b8fd6 100644
--- a/webgoat-lessons/missing-function-ac/src/main/resources/html/MissingFunctionAC.html
+++ b/src/main/resources/lessons/missing_ac/html/MissingFunctionAC.html
@@ -1,12 +1,12 @@
 
 
 

-    

+    

 

 
 

     
-    

+