search box moved and jwt encode/decode with little delay (#1664)

2023-11-16 14:42:10 +01:00 · 2023-11-16 14:42:10 +01:00 · 88a321c268
commit 88a321c268
parent 8450c5a5be
5 changed files with 47 additions and 21 deletions
--- a/robot/README.md
+++ b/robot/README.md
@ -12,8 +12,10 @@ Then see security settings and allow the file to run
        pip3 install virtualenv --user
        python3 -m virtualenv .venv
        source .venv/bin/activate
-        pip install robotframework
-        pip install robotframework-SeleniumLibrary
-        pip install webdriver-manager
+        pip install --upgrade robotframework
+        pip install --upgrade robotframework-SeleniumLibrary
+        pip install --upgrade webdriver-manager
+        brew upgrade
        robot --variable HEADLESS:"0" --variable ENDPOINT:"http://127.0.0.1:8080/WebGoat" goat.robot

+Make sure that the Chrome version, the webdriver version and all related components are up-to-date and compatible!
--- a/robot/goat.robot
+++ b/robot/goat.robot
@ -121,8 +121,9 @@ Check_JWT_Page
  Log To Console  Found token ${OUT_VALUE}
  ${OUT_RESULT}  Evaluate  "ImuPnHvLdU7ULKfbD4aJU" in """${OUT_VALUE}"""
  Log To Console  Found token ${OUT_RESULT}
+  Capture Page Screenshot

 Check_Files_Page
  Go To  ${ENDPOINT_WOLF}/files
  Choose File  css:input[type="file"]  ${CURDIR}/goat.robot
-  Click Button  Upload files
+  Click Button  Upload files
--- a/src/main/resources/webgoat/static/js/main.js
+++ b/src/main/resources/webgoat/static/js/main.js
@ -33,9 +33,12 @@ require.config({
    bootstrap: 'libs/bootstrap.min',
    text: 'libs/text',
    templates: 'goatApp/templates',
-    polyglot: 'libs/polyglot.min'
+    polyglot: 'libs/polyglot.min',
+    search: 'search'
  },

+  deps: ['search'],
+
  shim: {
 	"jqueryui": {
 	  exports:"$",
@ -67,4 +70,4 @@ require([
 	'bootstrap',
 	'goatApp/goatApp'], function($,jqueryVuln,jqueryui,_,Backbone,Bootstrap,Goat){
    Goat.initApp();
-});
+});
--- a/src/main/resources/webgoat/templates/main_new.html
+++ b/src/main/resources/webgoat/templates/main_new.html
@ -15,13 +15,8 @@
    <link rel="stylesheet" type="text/css" th:href="@{/css/font-awesome.min.css}"/>
    <link rel="stylesheet" type="text/css" th:href="@{/css/animate.css}"/>
    <link rel="stylesheet" type="text/css" th:href="@{/css/coderay.css}"/>
-<!--    <link rel="stylesheet" type="text/css" th:href="@{/css/asciidoctor-default.css}"/>-->
-
    <!--  end of CSS -->

-    <!-- JS -->
-    <!-- <script src="js/modernizr.min.js"></script>-->
-
    <!-- Require.js used to load js asynchronously -->
    <script src="js/libs/require.min.js" data-main="js/main"></script>
    <meta http-equiv="Content-Type" content="text/id; charset=UTF-8"/>
@ -39,8 +34,9 @@
        <div id="lesson-title-wrapper">

        </div><!--lesson title end-->
-        <!--<div class="user-nav pull-right" id="user-and-info-nav" style="margin-right: 75px;">-->
-        <div style="position: absolute;width:400px; z-index:3; top:22px; right: -90px;">
+        <div style="position: absolute;width:600px; z-index:3; top:22px; right: -90px;">
+            <input class="form-control" type="text" id="search" name="search" th:placeholder="#{searchmenu}"  style="width:200px;display:inline-block" />
+            
            <!-- webwolf menu item -->
            <a th:href="@{/WebWolf}" target="_blank">
                <button type="button" id="webwolf-button" class="btn btn-default right_nav_button"
@ -151,8 +147,7 @@
                </button>
            </a>

-            <input class="form-control" type="text" id="search" name="search" th:placeholder="#{searchmenu}"  style="width:60%" />
-            <script src="js/search.js" ></script>
+            

        </div>
    </header>
--- a/src/main/resources/webwolf/static/js/jwt.js
+++ b/src/main/resources/webwolf/static/js/jwt.js
@ -11,17 +11,43 @@


 $(document).ready(() => {
-    $('#payload').on('input', call(true));
-    $('#header').on('input', call(true));
-    $('#secretKey').on('input', call(true));
-    $('#token').on('input', call(false));
+let tokeninput = document.getElementById('token');
+let headerinput = document.getElementById('header');
+let secretKeyinput = document.getElementById('secretKey');
+let payloadinput = document.getElementById('payload');
+let timeout = null;
+
+tokeninput.addEventListener('keyup', function (e) {
+    clearTimeout(timeout);
+    timeout = setTimeout(function () {
+        call(false);
+    }, 1000);
+});
+headerinput.addEventListener('keyup', function (e) {
+    clearTimeout(timeout);
+    timeout = setTimeout(function () {
+        call(true);
+    }, 1000);
+});
+secretKeyinput.addEventListener('keyup', function (e) {
+    clearTimeout(timeout);
+    timeout = setTimeout(function () {
+        call(true);
+    }, 1000);
+});
+payloadinput.addEventListener('keyup', function (e) {
+    clearTimeout(timeout);
+    timeout = setTimeout(function () {
+        call(true);
+    }, 1000);
+});
 });

 function call(encode) {
-    return () => {
        var url = encode ? 'jwt/encode' : 'jwt/decode';
        var formData = encode ? $('#encodeForm').getFormData() : $('#decodeForm').getFormData();
        formData["secretKey"] = $('#secretKey').val();
+        console.log(formData);

        $.ajax({
            type: 'POST',
@ -33,7 +59,6 @@ function call(encode) {
            contentType: "application/x-www-form-urlencoded",
            dataType: 'json'
        });
-    }
 }

 function update(token) {