Use try with resources instead of try (#921)

* Use try with resources instead of try * Remove unused lesson * Remove unused fields
2021-01-13 19:21:04 +02:00
parent b219854f81
commit 74b218b2a7
13 changed files with 32 additions and 265 deletions
--- a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java
+++ b/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java
@ -31,9 +31,13 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;

 import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLConnection;
+import java.nio.charset.StandardCharsets;


@RestController
@ -47,41 +51,31 @@ public class SSRFTask2 extends AssignmentEndpoint {
    }

    protected AttackResult furBall(String url) {
-        try {
-            StringBuffer html = new StringBuffer();
-
-            if (url.matches("http://ifconfig.pro")) {
-                try {
-                URL u = new URL(url);
-                URLConnection urlConnection = u.openConnection();
-                BufferedReader in = new BufferedReader(new InputStreamReader(urlConnection.getInputStream()));
-                String inputLine;
-
-                while ((inputLine = in.readLine()) != null) {
-                    html.append(inputLine);
-                }
-                in.close();
-                } catch (Exception e) {
-                    //in case the external site is down, the test and lesson should still be ok
-                    html.append("<html><body>Altough the http://ifconfig.pro site is down, you still managed to solve this exercise the right way!</body></html>");
-                }
-
-                return success(this)
-                        .feedback("ssrf.success")
-                        .output(html.toString())
-                        .build();
-            } else {
-                html.append("<img class=\"image\" alt=\"image post\" src=\"images/cat.jpg\">");
-                return failed(this)
-                        .feedback("ssrf.failure")
-                        .output(html.toString())
-                        .build();
+        if (url.matches("http://ifconfig.pro")) {
+            String html;
+            try (InputStream in = new URL(url).openStream()) {
+                html = new String(in.readAllBytes(), StandardCharsets.UTF_8)
+                        .replaceAll("\n","<br>"); // Otherwise the \n gets escaped in the response
+            } catch (MalformedURLException e) {
+                return getFailedResult(e.getMessage());
+            } catch (IOException e) {
+                //in case the external site is down, the test and lesson should still be ok
+                html = "<html><body>Although the http://ifconfig.pro site is down, you still managed to solve" +
+                        " this exercise the right way!</body></html>";
            }
-        } catch (Exception e) {
-            e.printStackTrace();
-            return failed(this)
-                    .output(e.getMessage())
+            return success(this)
+                    .feedback("ssrf.success")
+                    .output(html)
                    .build();
        }
+        var html = "<img class=\"image\" alt=\"image post\" src=\"images/cat.jpg\">";
+        return getFailedResult(html);
+    }
+
+    private AttackResult getFailedResult(String errorMsg) {
+        return failed(this)
+                .feedback("ssrf.failure")
+                .output(errorMsg)
+                .build();
    }
 }
--- a/webgoat-lessons/ssrf/src/main/resources/html/SSRF.html
+++ b/webgoat-lessons/ssrf/src/main/resources/html/SSRF.html
@ -15,7 +15,7 @@
                  action="/WebGoat/SSRF/task1">
                <table>
                    <tr>
-                        <td><input type="hidden" id="url" name="url" value="images/tom.png"/></td>
+                        <td><input type="hidden" id="url1" name="url" value="images/tom.png"/></td>

                        <td><input
                                name="Steal the Cheese" value="Steal the Cheese" type="SUBMIT"/></td>
@ -37,7 +37,7 @@
                  action="/WebGoat/SSRF/task2">
                <table>
                    <tr>
-                        <td><input type="hidden" id="url" name="url" value="images/cat.png"/></td>
+                        <td><input type="hidden" id="url2" name="url" value="images/cat.png"/></td>

                        <td><input
                                name="try this" value="try this" type="SUBMIT"/></td>
--- a/webgoat-lessons/ssrf/src/main/resources/lessonPlans/en/SSRF_Task1.adoc
+++ b/webgoat-lessons/ssrf/src/main/resources/lessonPlans/en/SSRF_Task1.adoc
@ -1,2 +1,2 @@
 === Find and modify the request to display Jerry 
-lick the button and figure out what happened.
+Click the button and figure out what happened.
--- a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java
+++ b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java
@ -26,7 +26,7 @@ public class SSRFTest1 extends LessonTest {
    private SSRF ssrf;

    @Before
-    public void setup() throws Exception {
+    public void setup() {
        when(webSession.getCurrentLesson()).thenReturn(ssrf);
        this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
    }
--- a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java
+++ b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java
@ -48,7 +48,7 @@ public class SSRFTest2 extends LessonTest {
    private SSRF ssrf;

    @Before
-    public void setup() throws Exception {
+    public void setup() {
        when(webSession.getCurrentLesson()).thenReturn(ssrf);
        this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
    }