interim missing function ac commit, traversing dev. env.

2017-08-08 09:28:09 -06:00
parent 06bf690a3a
commit 8df1d53471
8 changed files with 250 additions and 56 deletions
--- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/MissingACListUsers.java
+++ b/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/MissingACListUsers.java
@ -1,54 +0,0 @@
-package org.owasp.webgoat.plugin;
-
-import org.owasp.webgoat.assignments.AssignmentEndpoint;
-import org.owasp.webgoat.assignments.AssignmentHints;
-import org.owasp.webgoat.assignments.AssignmentPath;
-import org.owasp.webgoat.assignments.AttackResult;
-import org.owasp.webgoat.session.UserSessionData;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.HashMap;
-
-/**
- * Created by jason on 1/5/17.
- */
-
-@AssignmentPath("/access-control/list-users")
-@AssignmentHints({"access-control.hidden-menus.hint1","access-control.hidden-menus.hint2","access-control.hidden-menus.hint3"})
-public class MissingACListUsers extends AssignmentEndpoint {
-    //UserSessionData is bound to session and can be used to persist data across multiple assignments
-    @Autowired
-    UserSessionData userSessionData;
-
-    @PostMapping(produces = {"application/json"})
-    public @ResponseBody
-    AttackResult completed(String hiddenMenu1, String hiddenMenu2, HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
-
-        //overly simple example for success. See other existing lesssons for ways to detect 'success' or 'failure'
-        if (hiddenMenu1.equals("List Users") && hiddenMenu2.equals("Add User")) {
-            return trackProgress(success()
-                    .output("")
-                    .feedback("access-control.hidden-menus.success")
-                    .build());
-        }
-
-        if (hiddenMenu1.equals("Add User") && hiddenMenu2.equals("List Users")) {
-            return trackProgress(success()
-                    .output("")
-                    .feedback("access-control.hidden-menus.close")
-                    .build());
-        }
-
-        return trackProgress(failed()
-                .feedback("access-control.hidden-menus.failure")
-                .output("")
-                .build());
-    }
-
-}