dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Lessons which load JavaScript etc now works

Browse Source
This commit is contained in:
Nanne Baars
2016-04-26 18:59:51 +02:00
parent 9066e45725
commit 79102c6ddd
17 changed files with 222 additions and 559 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java
View File

@ -1,20 +1,14 @@
package org.owasp.webgoat.session;
import org.owasp.webgoat.HammerHead;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.plugins.LegacyLoader;
import org.owasp.webgoat.plugins.Plugin;
import org.owasp.webgoat.plugins.PluginsLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import javax.servlet.ServletContext;
import java.io.File;
import java.io.IOException;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
@ -56,9 +50,7 @@ public class Course {
final Logger logger = LoggerFactory.getLogger(Course.class);
private List<AbstractLesson> lessons = new LinkedList<AbstractLesson>();
private final static String PROPERTIES_FILENAME = HammerHead.propertiesPath;
private List<AbstractLesson> lessons = new LinkedList<>();
private WebgoatProperties properties = null;
@ -67,12 +59,8 @@ public class Course {
/**
* <p>Constructor for Course.</p>
*/
public Course() {
try {
properties = new WebgoatProperties(PROPERTIES_FILENAME);
} catch (IOException e) {
logger.error("Error loading webgoat properties", e);
}
public Course(WebgoatProperties properties) {
this.properties = properties;
}
/**
@ -322,28 +310,7 @@ public class Course {
/**
* <p>loadLessonFromPlugin.</p>
*/
public void loadLessonFromPlugin() {
Resource resource = new ClassPathResource("/plugin_lessons/plugin_lessons_marker.txt");
String pluginPath = null;
String targetPath = null;
try {
pluginPath = resource.getFile().getParent();
targetPath = pluginPath;
} catch (IOException e) {
e.printStackTrace();
}
logger.debug("Loading plugins into cache");
//String pluginPath = context.getRealPath("plugin_lessons");
//String targetPath = context.getRealPath("plugin_extracted");
if (pluginPath == null) {
logger.error("Plugins directory {} not found", pluginPath);
return;
}
lessons.clear();
List<Plugin> plugins = new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).loadPlugins();
public void loadLessonFromPlugin(List<Plugin> plugins) {
for (Plugin plugin : plugins) {
try {
AbstractLesson lesson = plugin.getLesson().get();
@ -378,7 +345,6 @@ public class Course {
public void loadCourses(WebgoatContext webgoatContext, ServletContext context, String path) {
logger.info("Loading courses: " + path);
this.webgoatContext = webgoatContext;
loadLessonFromPlugin();
LegacyLoader loader = new LegacyLoader();
lessons.addAll(loader.loadLessons(webgoatContext, context, path, properties));
}

20
webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java
View File

@ -9,6 +9,7 @@ import org.owasp.webgoat.util.BeanProvider;
import org.owasp.webgoat.util.LabelManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
@ -238,7 +239,8 @@ public class WebSession {
* @param webgoatContext a {@link org.owasp.webgoat.session.WebgoatContext} object.
* @param context Description of the Parameter
*/
public WebSession(WebgoatContext webgoatContext, ServletContext context) {
@Autowired
public WebSession(Course course, WebgoatContext webgoatContext, ServletContext context) {
this.webgoatContext = webgoatContext;
// initialize from web.xml
showParams = webgoatContext.isShowParams();
@ -248,9 +250,8 @@ public class WebSession {
showRequest = webgoatContext.isShowRequest();
currentLanguage = webgoatContext.getDefaultLanguage();
this.context = context;
this.course = course;
course = new Course();
course.loadCourses(webgoatContext, context, "/");
}
/**
@ -408,15 +409,6 @@ public class WebSession {
currentScreen = screen;
}
/**
* <p> getRestartLink. </p>
*
* @return a {@link java.lang.String} object.
*/
public String getRestartLink() {
return getCurrentLesson().getLink() + "&" + RESTART + "=" + getCurrentScreen();
}
/**
* <p> getCurrentLink. </p>
*
@ -1035,7 +1027,7 @@ public class WebSession {
/**
* Updates the stage for a RandomLessonAdapter
*
* @param al
* @param rla
*/
private void updateRlaStage(RandomLessonAdapter rla) {
try {
@ -1062,7 +1054,7 @@ public class WebSession {
/**
* Updates the stage for a SequentialLessonAdapter
*
* @param al
* @param sla
*/
private void updateSlaStage(SequentialLessonAdapter sla) {
int stage = myParser.getIntParameter(STAGE, sla.getStage(this));

37
webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
View File

@ -1,12 +1,8 @@
package org.owasp.webgoat.session;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import javax.servlet.http.HttpServlet;
/**
* <p>WebgoatContext class.</p>
*
@ -16,11 +12,6 @@ import javax.servlet.http.HttpServlet;
@Configuration
public class WebgoatContext {
final Logger logger = LoggerFactory.getLogger(WebgoatContext.class);
/** Constant <code>DEFAULTLANGUAGE="DefaultLanguage"</code> */
public final static String DEFAULTLANGUAGE = "DefaultLanguage";
@Value("${webgoat.database.connection.string}")
private String databaseConnectionString;
@ -55,14 +46,9 @@ public class WebgoatContext {
private boolean isDebug = false;
private String servletName;
private HttpServlet servlet;
@Value("${webgoat.default.language}")
private String defaultLanguage;
private java.nio.file.Path pluginDirectory;
/**
* returns the connection string with the real path to the database
* directory inserted at the word PATH
@ -71,18 +57,6 @@ public class WebgoatContext {
*/
public String getDatabaseConnectionString() {
return this.databaseConnectionString;
//
// if (realConnectionString == null) {
// try {
// String path = servlet.getServletContext().getRealPath("/database").replace('\\', '/');
// System.out.println("PATH: " + path);
// realConnectionString = databaseConnectionString.replaceAll("PATH", path);
// System.out.println("Database Connection String: " + realConnectionString);
// } catch (Exception e) {
// logger.error("Couldn't open database: check web.xml database parameters", e);
// }
// }
// return realConnectionString;
}
/**
@ -157,15 +131,6 @@ public class WebgoatContext {
return isDebug;
}
/**
* <p>Getter for the field <code>servletName</code>.</p>
*
* @return a {@link java.lang.String} object.
*/
public String getServletName() {
return servletName;
}
/**
* <p>isShowCookies.</p>
*

54
webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatProperties.java
View File

@ -2,11 +2,9 @@ package org.owasp.webgoat.session;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import java.io.IOException;
import java.util.Properties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
/**
* *************************************************************************************************
@ -39,7 +37,11 @@ import java.util.Properties;
* @version $Id: $Id
* @author dm
*/
public class WebgoatProperties extends Properties {
@Component
public class WebgoatProperties {
@Autowired
private Environment env;
/**
*
@ -47,25 +49,6 @@ public class WebgoatProperties extends Properties {
private static final long serialVersionUID = 4351681705558227918L;
final Logger logger = LoggerFactory.getLogger(WebgoatProperties.class);
/**
* <p>Constructor for WebgoatProperties.</p>
*
* @param propertiesFileName a {@link java.lang.String} object.
* @throws java.io.IOException if any.
*/
public WebgoatProperties(String propertiesFileName) throws IOException {
if (propertiesFileName == null) {
throw new IOException("Path to webgoat.properties is null, initialization must have failed");
}
// File propertiesFile = new File(propertiesFileName);
// if (propertiesFile.exists() == false) {
// throw new IOException("Unable to locate webgoat.properties at: " + propertiesFileName);
// }
Resource resource = new ClassPathResource("/webgoat.properties");
//FileInputStream in = new FileInputStream(propertiesFile);
load(resource.getInputStream());
}
/**
* <p>getIntProperty.</p>
@ -77,7 +60,7 @@ public class WebgoatProperties extends Properties {
public int getIntProperty(String key, int defaultValue) {
int value = defaultValue;
String s = getProperty(key);
String s = env.getProperty(key);
if (s != null) {
value = Integer.parseInt(s);
}
@ -96,7 +79,7 @@ public class WebgoatProperties extends Properties {
boolean value = defaultValue;
key = this.trimLesson(key);
String s = getProperty(key);
String s = env.getProperty(key);
if (s != null) {
if (s.equalsIgnoreCase("true")) {
value = true;
@ -127,21 +110,4 @@ public class WebgoatProperties extends Properties {
return result;
}
/**
* <p>main.</p>
*
* @param args an array of {@link java.lang.String} objects.
*/
public static void main(String[] args) {
WebgoatProperties properties = null;
try {
properties = new WebgoatProperties("C:\\webgoat.properties");
} catch (IOException e) {
System.out.println("Error loading properties");
e.printStackTrace();
}
System.out.println(properties.getProperty("CommandInjection.category"));
}
}