dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Finally working

Browse Source
This commit is contained in:
Nanne Baars
2019-09-18 17:53:43 +02:00
parent 2b01cbcb75
commit 82ad0a7cc7
207 changed files with 3658 additions and 2407 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/plugin/LessonTemplate.java → webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/LessonTemplate.java
View File

@ -1,4 +1,4 @@
package org.owasp.webgoat.plugin;
package org.owasp.webgoat.template;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;

39
webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/plugin/SampleAttack.java → webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/SampleAttack.java
View File

@ -1,29 +1,45 @@
package org.owasp.webgoat.plugin;
/*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2019 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/
package org.owasp.webgoat.template;
import com.google.common.collect.Lists;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.session.UserSessionData;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* Created by jason on 1/5/17.
*/
@AssignmentPath("/lesson-template/sample-attack")
@RestController
public class SampleAttack extends AssignmentEndpoint {
String secretValue = "secr37Value";
@ -33,11 +49,9 @@ public class SampleAttack extends AssignmentEndpoint {
UserSessionData userSessionData;
@GetMapping(produces = {"application/json"})
@GetMapping(path = "/lesson-template/sample-attack", produces = {"application/json"})
public @ResponseBody
AttackResult completed(String param1, String param2, HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
if (userSessionData.getValue("some-value") != null) {
// do any session updating you want here ... or not, just comment/example here
//return trackProgress(failed().feedback("lesson-template.sample-attack.failure-2").build());
@ -58,5 +72,4 @@ public class SampleAttack extends AssignmentEndpoint {
.output("Custom output for this failure scenario, usually html that will get rendered directly ... yes, you can self-xss if you want")
.build());
}
}