dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Challenge 2 JavaScript is working

Browse Source
This commit is contained in:
Nanne Baars 2017-04-08 10:31:56 +02:00
parent 12f680407b
commit 931da87c2b
5 changed files with 78 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/ShopEndpoint.java
View File

@ -3,13 +3,14 @@ package org.owasp.webgoat.plugin;
import com.beust.jcommander.internal.Lists; import com.beust.jcommander.internal.Lists;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.Getter; import lombok.Getter;
import org.apache.commons.lang3.RandomStringUtils;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import java.util.List; import java.util.List;
import java.util.Optional;
import static org.owasp.webgoat.plugin.SolutionConstants.SUPER_COUPON_CODE; import static org.owasp.webgoat.plugin.SolutionConstants.SUPER_COUPON_CODE;
@ -18,54 +19,50 @@ import static org.owasp.webgoat.plugin.SolutionConstants.SUPER_COUPON_CODE;
* @since 4/6/17. * @since 4/6/17.
*/ */
@RestController @RestController
@RequestMapping("challenge-store")
public class ShopEndpoint { public class ShopEndpoint {
@AllArgsConstructor @AllArgsConstructor
private class CouponCodes { private class CheckoutCodes {
@Getter @Getter
private List<CouponCode> codes = Lists.newArrayList(); private List<CheckoutCode> codes = Lists.newArrayList();
public boolean contains(String code) { public Optional<CheckoutCode> get(String code) {
return codes.stream().anyMatch(c -> c.getCode().equals(code)); return codes.stream().filter(c -> c.getCode().equals(code)).findFirst();
} }
} }
@AllArgsConstructor @AllArgsConstructor
@Getter @Getter
private class CouponCode { private class CheckoutCode {
private String code; private String code;
private int discount; private int discount;
} }
private CouponCodes couponCodes; private CheckoutCodes checkoutCodes;
public ShopEndpoint() { public ShopEndpoint() {
List<CouponCode> codes = Lists.newArrayList(); List<CheckoutCode> codes = Lists.newArrayList();
for (int i = 0; i < 9; i++) { codes.add(new CheckoutCode("pre-order-webgoat", 25));
codes.add(new CouponCode(RandomStringUtils.random(10), i * 100)); codes.add(new CheckoutCode("pre-order-owasp", 25));
} codes.add(new CheckoutCode("pre-order-webgoat-owasp", 50));
this.couponCodes = new CouponCodes(codes); this.checkoutCodes = new CheckoutCodes(codes);
} }
@GetMapping(value = "/coupons/{user}", produces = MediaType.APPLICATION_JSON_VALUE) @GetMapping(value = "/coupons/{code}", produces = MediaType.APPLICATION_JSON_VALUE)
public CouponCodes getDiscountCodes(@PathVariable String user) { public CheckoutCode getDiscountCode(@PathVariable String code) {
if ("Tom".equals(user)) { if (SUPER_COUPON_CODE.equals(code)) {
return couponCodes; return new CheckoutCode(SUPER_COUPON_CODE, 100);
} }
return null; return checkoutCodes.get(code).orElse(new CheckoutCode("no", 0));
}
@GetMapping(value = "/coupons/valid/{code}", produces = MediaType.APPLICATION_JSON_VALUE)
public boolean isValidCouponCode(@PathVariable String code) {
return couponCodes.contains(code);
} }
@GetMapping(value = "/coupons", produces = MediaType.APPLICATION_JSON_VALUE) @GetMapping(value = "/coupons", produces = MediaType.APPLICATION_JSON_VALUE)
public CouponCodes coupons() { public CheckoutCodes all() {
List<CouponCode> all = Lists.newArrayList(); List<CheckoutCode> all = Lists.newArrayList();
all.addAll(this.couponCodes.getCodes()); all.addAll(this.checkoutCodes.getCodes());
all.add(new CouponCode(SUPER_COUPON_CODE, 100)); all.add(new CheckoutCode(SUPER_COUPON_CODE, 100));
return new CouponCodes(all); return new CheckoutCodes(all);
} }
} }

2
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java
View File

@ -9,6 +9,6 @@ package org.owasp.webgoat.plugin;
public interface SolutionConstants { public interface SolutionConstants {
String PASSWORD = "!!webgoat_admin_1234!!"; String PASSWORD = "!!webgoat_admin_1234!!";
String SUPER_COUPON_CODE = "get_if_for_free"; String SUPER_COUPON_CODE = "get_it_for_free";
} }

33
webgoat-lessons/challenge/src/main/resources/html/Challenge.html
View File

@ -7,6 +7,7 @@
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:Challenge_1.adoc"></div>
<div class="attack-container"> <div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<div class="panel panel-default"> <div class="panel panel-default">
@ -54,8 +55,8 @@
</div> </div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:Challenge_2.adoc"></div>
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge2.css}"/> <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge2.css}"/>
<script th:src="@{/lesson_js/challenge2.js}" language="JavaScript"></script> <script th:src="@{/lesson_js/challenge2.js}" language="JavaScript"></script>
<div class="attack-container"> <div class="attack-container">
@ -66,23 +67,23 @@
<img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/> <img style="max-width:100%;" th:src="@{/images/samsung-black.jpg}"/>
</div> </div>
<div class="col-xs-5" style="border:0px solid gray"> <div class="col-xs-5" style="border:0px solid gray">
<h3>Samsung Galaxy S8 Plus 64GB Android Phone</h3> <h3>Samsung Galaxy S8 Plus Android Phone</h3>
<h5 style="color:#337ab7">Manufacturer <a href="http://www.samsung.com">Samsung</a> · <h5 style="color:#337ab7"><a href="http://www.samsung.com">Samsung</a> ·
<small style="color:#337ab7">(5054 reviews)</small> <small style="color:#337ab7">(124421 reviews)</small>
</h5> </h5>
<h6 class="title-price"> <h6 class="title-price">
<small>PRICE</small> <small>PRICE</small>
</h6> </h6>
<h3 style="margin-top:0px;">US $899</h3> <h3 style="margin-top:0px;"><span>US $</span><span id="price">899</span></h3>
<div class="section"> <div class="section">
<h6 class="title-attr" style="margin-top:15px;"> <h6 class="title-attr" style="margin-top:15px;">
<small>COLOR</small> <small>COLOR</small>
</h6> </h6>
<div> <div>
<div class="attr" style="width:25px;background:#5a5a5a;"></div> <div class="attr" style="width:25px;background:lightgrey;"></div>
<div class="attr" style="width:25px;background:white;"></div> <div class="attr" style="width:25px;background:black;"></div>
</div> </div>
</div> </div>
<div class="section" style="padding-bottom:5px;"> <div class="section" style="padding-bottom:5px;">
@ -90,8 +91,8 @@
<small>CAPACITY</small> <small>CAPACITY</small>
</h6> </h6>
<div> <div>
<div class="attr2">16 GB</div> <div class="attr2">64 GB</div>
<div class="attr2">32 GB</div> <div class="attr2">128 GB</div>
</div> </div>
</div> </div>
<div class="section" style="padding-bottom:20px;"> <div class="section" style="padding-bottom:20px;">
@ -100,11 +101,23 @@
</h6> </h6>
<div> <div>
<div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div> <div class="btn-minus"><span class="glyphicon glyphicon-minus"></span></div>
<input value="1"/> <input class="quantity" value="1"/>
<div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div> <div class="btn-plus"><span class="glyphicon glyphicon-plus"></span></div>
</div> </div>
</div> </div>
<div class="section" style="padding-bottom:20px;">
<h6 class="title-attr">
<small>CHECKOUT CODE</small>
</h6>
<!--
Checkout code: pre-order-webgoat, pre-order-owasp, pre-order-webgoat-owasp
-->
<input class="checkoutCode" value=""/>
</div>
<div class="section" style="padding-bottom:20px;"> <div class="section" style="padding-bottom:20px;">
<button class="btn btn-success"><span style="margin-right:20px" <button class="btn btn-success"><span style="margin-right:20px"
class="glyphicon glyphicon-shopping-cart" class="glyphicon glyphicon-shopping-cart"

25
webgoat-lessons/challenge/src/main/resources/js/challenge2.js
View File

@ -16,18 +16,33 @@ $(document).ready(function(){
$(".btn-minus").on("click", function () { $(".btn-minus").on("click", function () {
var now = $(".section > div > input").val(); var now = $(".section > div > input").val();
if ($.isNumeric(now)) { if ($.isNumeric(now)) {
if (parseInt(now) -1 > 0){ now--;} if (parseInt(now) - 1 > 0) {
$(".section > div > input").val(now); now--;
}
$(".quantity").val(now);
} else { } else {
$(".section > div > input").val("1"); $(".quantity").val("1");
} }
}) })
$(".btn-plus").on("click", function () { $(".btn-plus").on("click", function () {
var now = $(".section > div > input").val(); var now = $(".section > div > input").val();
if ($.isNumeric(now)) { if ($.isNumeric(now)) {
$(".section > div > input").val(parseInt(now)+1); $(".quantity").val(parseInt(now) + 1);
} else { } else {
$(".section > div > input").val("1"); $(".quantity").val("1");
} }
}) })
$(".checkoutCode").on("blur", function () {
var checkoutCode = $(".checkoutCode").val();
$.get("challenge-store/coupons/" + checkoutCode, function (result, status) {
var discount = result.discount;
if (discount > 0) {
var price = $('#price').val();
$('#price').text((899 - (899 * discount / 100)).toFixed(2));
} else {
$('#price').text(899);
}
});
})
}) })

1
webgoat-lessons/challenge/src/main/resources/lessonPlans/en/Challenge_2.adoc Normal file
View File

@ -0,0 +1 @@
=== No need to pay... (WIP!!)