diff --git a/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java b/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
index e689f7d1f..8f3ed38e6 100644
--- a/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
+++ b/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
@@ -385,7 +385,7 @@ public abstract class AbstractLesson extends Screen implements Comparable"
diff --git a/src/main/java/org/owasp/webgoat/plugins/Plugin.java b/src/main/java/org/owasp/webgoat/plugins/Plugin.java
index 86f16c05f..032c7f914 100644
--- a/src/main/java/org/owasp/webgoat/plugins/Plugin.java
+++ b/src/main/java/org/owasp/webgoat/plugins/Plugin.java
@@ -19,6 +19,7 @@ public class Plugin {
private final Path pluginDirectory;
private final Map solutionLanguageFiles;
private final Map lessonPlansLanguageFiles;
+ private final File lessonSourceFile;
public static class PluginLoadingFailure extends RuntimeException {
@@ -34,6 +35,7 @@ public class Plugin {
private final List loadedClasses = new ArrayList();
private final Map solutionLanguageFiles = new HashMap<>();
private final Map lessonPlansLanguageFiles = new HashMap<>();
+ private File javaSource;
public Builder loadClasses(Map classes) {
for (Map.Entry clazz : classes.entrySet() ) {
@@ -46,8 +48,7 @@ public class Plugin {
ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
PluginClassLoader pluginClassLoader = new PluginClassLoader(contextClassLoader, classFile);
try {
- //TODO the plugin part is extra because the packaging is not correct in WEB-173
- String realClassName = name.replace("/lesson_plans/", "").replace("/plugin", "").replaceAll("/", ".").replaceAll(".class", "");
+ String realClassName = name.replaceFirst("/", "").replaceAll("/", ".").replaceAll(".class", "");
Class clazz = pluginClassLoader.loadClass(realClassName);
if (AbstractLesson.class.isAssignableFrom(clazz)) {
this.lesson = clazz;
@@ -69,29 +70,33 @@ public class Plugin {
throw new PluginLoadingFailure(String.format("Lesson class not found, following classes were detected in the plugin: %s",
StringUtils.collectionToCommaDelimitedString(loadedClasses)));
}
- return new Plugin(this.lesson, pluginDirectory, lessonPlansLanguageFiles, solutionLanguageFiles);
+ return new Plugin(this.lesson, pluginDirectory, lessonPlansLanguageFiles, solutionLanguageFiles, javaSource);
}
public void loadFiles(List files) {
for (Path file : files) {
- if (file.getFileName().endsWith(".html") && file.getParent().getParent().getFileName()
+ if (file.getFileName().toString().endsWith(".html") && file.getParent().getParent().getFileName().toString()
.endsWith("lessonSolutions")) {
solutionLanguageFiles.put(file.getParent().getFileName().toString(), file.toFile());
}
- if (file.getFileName().endsWith(".html") && file.getParent().getParent().getFileName()
+ if (file.getFileName().toString().endsWith(".html") && file.getParent().getParent().getFileName().toString()
.endsWith("lessonPlans")) {
lessonPlansLanguageFiles.put(file.getParent().getFileName().toString(), file.toFile());
}
+ if ( file.getFileName().toString().endsWith(".java")) {
+ javaSource = file.toFile();
+ }
}
}
}
public Plugin(Class lesson, Path pluginDirectory, Map lessonPlansLanguageFiles,
- Map solutionLanguageFiles) {
+ Map solutionLanguageFiles, File lessonSourceFile) {
this.lesson = lesson;
this.pluginDirectory = pluginDirectory;
this.lessonPlansLanguageFiles = lessonPlansLanguageFiles;
this.solutionLanguageFiles = solutionLanguageFiles;
+ this.lessonSourceFile = lessonSourceFile;
}
public Class getLesson() {
@@ -102,6 +107,8 @@ public class Plugin {
return this.solutionLanguageFiles;
}
+ public File getLessonSource() { return lessonSourceFile; }
+
public Map getLessonPlans() {
return this.lessonPlansLanguageFiles;
}
diff --git a/src/main/java/org/owasp/webgoat/plugins/PluginBackgroundLoader.java b/src/main/java/org/owasp/webgoat/plugins/PluginBackgroundLoader.java
index 1c9115d50..6649fbcbb 100644
--- a/src/main/java/org/owasp/webgoat/plugins/PluginBackgroundLoader.java
+++ b/src/main/java/org/owasp/webgoat/plugins/PluginBackgroundLoader.java
@@ -17,7 +17,7 @@ public class PluginBackgroundLoader implements ServletContextListener {
public void contextInitialized(ServletContextEvent event) {
String pluginPath = event.getServletContext().getRealPath("plugin_lessons");
scheduler = Executors.newSingleThreadScheduledExecutor();
- scheduler.scheduleAtFixedRate(new PluginsLoader(Paths.get(pluginPath)), 0, 5, TimeUnit.SECONDS);
+ scheduler.scheduleAtFixedRate(new PluginsLoader(Paths.get(pluginPath)), 0, 5, TimeUnit.MINUTES);
}
@Override
diff --git a/src/main/java/org/owasp/webgoat/session/Course.java b/src/main/java/org/owasp/webgoat/session/Course.java
index e75c9fdd1..76c56527f 100644
--- a/src/main/java/org/owasp/webgoat/session/Course.java
+++ b/src/main/java/org/owasp/webgoat/session/Course.java
@@ -330,51 +330,14 @@ public class Course {
for(Map.Entry lessonPlan : plugin.getLessonPlans().entrySet()) {
lesson.setLessonPlanFileName(lessonPlan.getKey(), lessonPlan.getValue().toString());
}
+ lesson.setLessonSolutionFileName(plugin.getLessonPlans().get("en").toString());
+ lesson.setSourceFileName(plugin.getLessonSource().toString());
} catch (Exception e) {
logger.error("Error in loadLessons: ", e);
}
}
}
- /**
- * For each lesson, set the source file and lesson file
- */
- private void loadResourcesFromPlugin() {
- for (AbstractLesson lesson : lessons) {
- logger.info("Loading resources for lesson -> " + lesson.getName());
- String className = lesson.getClass().getName();
- String classFile = getSourceFile(className);
- logger.info("Lesson classname: " + className);
- logger.info("Lesson java file: " + classFile);
-
- for (String absoluteFile : files) {
- String fileName = getFileName(absoluteFile);
- //logger.debug("Course: looking at file: " + absoluteFile);
-
- if (absoluteFile.endsWith(classFile)) {
- logger.info("Set source file for " + classFile);
- lesson.setSourceFileName(absoluteFile);
- }
-
- if (absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html") && className
- .endsWith(fileName)) {
- logger.info(
- "setting lesson plan file " + absoluteFile + " for lesson " + lesson.getClass().getName());
- logger.info("fileName: " + fileName + " == className: " + className);
- String language = getLanguageFromFileName("/lesson_plans", absoluteFile);
- lesson.setLessonPlanFileName(language, absoluteFile);
- }
- if (absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html") && className
- .endsWith(fileName)) {
- logger.info(
- "setting lesson solution file " + absoluteFile + " for lesson " + lesson.getClass().getName());
- logger.info("fileName: " + fileName + " == className: " + className);
- lesson.setLessonSolutionFileName(absoluteFile);
- }
- }
- }
- }
-
/**
* Instantiate all the lesson objects into a cache
*
@@ -465,9 +428,9 @@ public class Course {
logger.info("Loading courses: " + path);
this.webgoatContext = webgoatContext;
loadLessionFromPlugin(context);
- loadFiles(context, path);
- loadLessons(path);
- loadResources();
+ //loadFiles(context, path);
+ //loadLessons(path);
+ //loadResources();
}
}
diff --git a/src/main/webapp/plugin_lessons/SqlStringInjection-1.0.jar b/src/main/webapp/plugin_lessons/SqlStringInjection-1.0.jar
new file mode 100644
index 000000000..a934e3f78
Binary files /dev/null and b/src/main/webapp/plugin_lessons/SqlStringInjection-1.0.jar differ