dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #246 from misfir3/feature/spring-boot

Browse Source 
updates from day 1 @AppSec EU
This commit is contained in:
Nanne 2016-06-29 10:54:45 +02:00 committed by GitHub
commit 85fb5a2661
6 changed files with 39 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
View File

@ -64,6 +64,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
security.and() security.and()
.logout() .logout()
.permitAll(); .permitAll();
http.headers().cacheControl().disable();
} }

6
webgoat-container/src/main/resources/static/css/main.css
View File

@ -926,3 +926,9 @@ cookie-container {
.help-button { .help-button {
margin-right:4px; margin-right:4px;
} }
/* ATTACK DISPLAY */
div.attack-container {
display:none;
}

17
webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js
View File

@ -98,10 +98,11 @@ define(['jquery',
hasPlan:this.lessonInfoModel.get('hasPlan'), hasPlan:this.lessonInfoModel.get('hasPlan'),
hasSolution:this.lessonInfoModel.get('hasSolution'), hasSolution:this.lessonInfoModel.get('hasSolution'),
hasSource:this.lessonInfoModel.get('hasSource'), hasSource:this.lessonInfoModel.get('hasSource'),
hasHints:(this.lessonInfoModel.get('numberHints') > 0), hasHints:(this.lessonInfoModel.get('numberHints') > 0)
//hasAttack:this.lessonInfo.get('hasAttack') // TODO: add attack options
}); });
this.listenTo(this.helpControlsView,'plan:show',this.hideShowHelps); this.listenTo(this.helpControlsView,'attack:show',this.hideShowAttack);
this.listenTo(this.helpControlsView,'solution:show',this.hideShowHelps); this.listenTo(this.helpControlsView,'solution:show',this.hideShowHelps);
this.listenTo(this.helpControlsView,'hints:show',this.onShowHints) this.listenTo(this.helpControlsView,'hints:show',this.onShowHints)
this.listenTo(this.helpControlsView,'source:show',this.hideShowHelps); this.listenTo(this.helpControlsView,'source:show',this.hideShowHelps);
@ -128,7 +129,6 @@ define(['jquery',
this.lessonHintView = new HintView(); this.lessonHintView = new HintView();
this.cookieView = new CookieView(); this.cookieView = new CookieView();
//TODO: instantiate model with values (not sure why was not working before) //TODO: instantiate model with values (not sure why was not working before)
var paramModel = new ParamModel({}); var paramModel = new ParamModel({});
paramModel.set('scrParam',this.lessonContent.get('scrParam')); paramModel.set('scrParam',this.lessonContent.get('scrParam'));
@ -180,6 +180,17 @@ define(['jquery',
this.lessonHintView.render(); this.lessonHintView.render();
}; };
this.hideShowAttack = function (options) { // will likely expand this to encompass
if (options.show) {
$('div#attack-container').show();
$('div#attack-container div.modal-header button.close, #about-modal div.modal-footer button').unbind('click').on('click', function() {
$('div#attack-container').hide(200);
});
//this.lessonView.makeFormsAjax();
//this.lessonView.ajaxifyAttackHref();
}
};
this.restartLesson = function() { this.restartLesson = function() {
var self=this; var self=this;
var fragment = "attack/" + self.scr + "/" + self.menu; var fragment = "attack/" + self.scr + "/" + self.menu;

8
webgoat-container/src/main/resources/static/js/goatApp/view/HelpControlsView.js
View File

@ -29,8 +29,8 @@ function($,_,Backbone) {
if (this.hasSolution) { if (this.hasSolution) {
this.$el.find('#show-solution-button').unbind().on('click',_.bind(this.showSolution,this)).show(); this.$el.find('#show-solution-button').unbind().on('click',_.bind(this.showSolution,this)).show();
} }
if (this.hasPlan) { if (true) { //FIXME: change to this.hasAttack
this.$el.find('#show-plan-button').unbind().on('click',_.bind(this.showPlan,this)).show(); this.$el.find('#show-attack-button').unbind().on('click',_.bind(this.showAttack,this)).show();
} }
if (this.hasHints) { if (this.hasHints) {
this.$el.find('#show-hints-button').unbind().on('click',_.bind(this.showHints,this)).show(); this.$el.find('#show-hints-button').unbind().on('click',_.bind(this.showHints,this)).show();
@ -48,8 +48,8 @@ function($,_,Backbone) {
this.trigger('solution:show','solution'); this.trigger('solution:show','solution');
}, },
showPlan: function() { showAttack: function() {
this.trigger('plan:show','plan'); this.trigger('attack:show',{show:true});
}, },
showHints: function() { showHints: function() {

17
webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js
View File

@ -25,21 +25,21 @@ define(['jquery',
//TODO: reimplement this in custom fashion maybe? //TODO: reimplement this in custom fashion maybe?
makeFormsAjax: function () { makeFormsAjax: function () {
var options = { var options = {
success:this.reLoadView.bind(this), success:this.onAttackExecution.bind(this),
url: this.model.urlRoot, url: this.model.urlRoot,
type:'GET' type:'GET'
// $.ajax options can be used here too, for example: // $.ajax options can be used here too, for example:
//timeout: 3000 //timeout: 3000
}; };
//hook forms //TODO: clarify form selectors later //hook forms //TODO: clarify form selectors later
$("form").ajaxForm(options); $("form.attack-form").ajaxForm(options);
}, },
ajaxifyAttackHref: function() { // rewrite any links with hrefs point to relative attack URLs ajaxifyAttackHref: function() { // rewrite any links with hrefs point to relative attack URLs
var self = this; var self = this;
// The current LessonAdapter#getLink() generates a hash-mark link. It will not match the mask below. // The current LessonAdapter#getLink() generates a hash-mark link. It will not match the mask below.
// Besides, the new MVC code registers an event handler that will reload the lesson according to the route. // Besides, the new MVC code registers an event handler that will reload the lesson according to the route.
$.each($('a[href^="attack?"]'),function(i,el) { $.each($('a[href^="attack?"]'),function(i,el) { //FIXME: need to figure out what to do here ...
var url = $(el).attr('href'); var url = $(el).attr('href');
$(el).unbind('click').attr('href','#').attr('link',url); $(el).unbind('click').attr('href','#').attr('link',url);
//TODO pull currentMenuId //TODO pull currentMenuId
@ -54,10 +54,15 @@ define(['jquery',
}); });
}, },
reLoadView: function(content) { onAttackExecution: function(feedback) {
this.model.setContent(content); console.log('attack executed')
this.render(); this.renderFeedback(feedback);
},
renderFeedback: function(feedback) {
this.$el.find('feedback').html(feedback);
} }
}); });

7
webgoat-container/src/main/resources/templates/main_new.html
View File

@ -113,13 +113,12 @@
<button class="btn btn-primary btn-xs btn-danger help-button" id="show-solution-button">Show <button class="btn btn-primary btn-xs btn-danger help-button" id="show-solution-button">Show
Solution Solution
</button> </button>
<button class="btn btn-primary btn-xs btn-danger help-button" id="show-plan-button">Show
Plan
</button>
<button class="btn btn-primary btn-xs btn-danger help-button" id="show-hints-button">Show <button class="btn btn-primary btn-xs btn-danger help-button" id="show-hints-button">Show
Hints Hints
</button> </button>
<button class="btn btn-xs help-button" id="restart-lesson-button">Restart Lesson</button> <button class="btn btn-primary btn-xs btn-danger help-button" id="show-attack-button">Attack It
</button>
<button class="btn btn-xs help-button" id="restart-lesson-button">Reset Lesson</button>
</div> </div>
<div class="lesson-hint" id="lesson-hint-container"> <div class="lesson-hint" id="lesson-hint-container">
<h4>Hints</h4> <h4>Hints</h4>