#276 Automatic lesson summary page
- Basic overview of all the assignments needed to be solved in a lesson - Clicking on a link will jump to the correct page with the assignment - Lesson completed also updates lesson overview immediately
This commit is contained in:
Nanne Baars
@ -7,6 +7,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import javax.ws.rs.Path;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
@ -38,6 +39,7 @@ import java.io.IOException;
|
||||
* @version $Id: $Id
|
||||
* @since August 11, 2016
|
||||
*/
|
||||
@Path("/clientSideFiltering/attack1")
|
||||
public class Attack extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@ -48,9 +50,4 @@ public class Attack extends AssignmentEndpoint {
|
||||
return trackProgress(AttackResult.failed("You are close, try again"));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "/clientSideFiltering/attack1";
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,6 +4,7 @@ package org.owasp.webgoat.plugin;
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
@ -44,6 +45,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/CrossSiteScripting/attack1")
|
||||
public class CrossSiteScriptingLesson1 extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@ -54,9 +56,4 @@ public class CrossSiteScriptingLesson1 extends AssignmentEndpoint {
|
||||
return trackProgress(AttackResult.failed("Are you sure? Try using a tab from a different site."));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "/CrossSiteScripting/attack1";
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,6 +4,7 @@ package org.owasp.webgoat.plugin;
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
@ -44,6 +45,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/CrossSiteScripting/attack5a")
|
||||
public class CrossSiteScriptingLesson5a extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@ -63,10 +65,4 @@ public class CrossSiteScriptingLesson5a extends AssignmentEndpoint {
|
||||
cart.append( " $" + totalSale);
|
||||
return trackProgress(AttackResult.failed(cart.toString()));
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "/CrossSiteScripting/attack5a";
|
||||
}
|
||||
|
||||
}
|
||||
@ -10,6 +10,7 @@ import java.sql.SQLException;
|
||||
import java.sql.Statement;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
@ -51,6 +52,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/CrossSiteScripting/attack5b")
|
||||
public class CrossSiteScriptingLesson5b extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@ -59,13 +61,6 @@ public class CrossSiteScriptingLesson5b extends AssignmentEndpoint {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "/CrossSiteScripting/attack5b";
|
||||
}
|
||||
|
||||
|
||||
|
||||
protected AttackResult injectableQuery(String accountName)
|
||||
{
|
||||
try
|
||||
|
||||
@ -9,6 +9,7 @@ import java.sql.SQLException;
|
||||
import java.sql.Statement;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
@ -50,6 +51,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/CrossSiteScripting/attack6a")
|
||||
public class CrossSiteScriptingLesson6a extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@ -59,12 +61,6 @@ public class CrossSiteScriptingLesson6a extends AssignmentEndpoint {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "/CrossSiteScripting/attack6a";
|
||||
}
|
||||
|
||||
|
||||
protected AttackResult injectableQuery(String accountName)
|
||||
{
|
||||
try
|
||||
|
||||
@ -8,6 +8,7 @@ import java.sql.SQLException;
|
||||
import java.sql.Statement;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
@ -49,6 +50,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/CrossSiteScripting/attack6b")
|
||||
public class CrossSiteScriptingLesson6b extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@ -60,12 +62,6 @@ public class CrossSiteScriptingLesson6b extends AssignmentEndpoint {
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "/CrossSiteScripting/attack6b";
|
||||
}
|
||||
|
||||
|
||||
protected String getPassword()
|
||||
{
|
||||
|
||||
|
||||
@ -8,11 +8,13 @@ import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* Created by jason on 11/23/16.
|
||||
*/
|
||||
@Path("/CrossSiteScripting/dom-xss")
|
||||
public class DOMCrossSiteScripting extends AssignmentEndpoint {
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public @ResponseBody
|
||||
@ -26,11 +28,6 @@ public class DOMCrossSiteScripting extends AssignmentEndpoint {
|
||||
return trackProgress(AttackResult.failed("keep trying!"));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "/CrossSiteScripting/dom-xss";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -8,6 +8,7 @@ import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
@ -43,7 +44,7 @@ import java.io.IOException;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
|
||||
@Path("/HttpBasics/attack1")
|
||||
public class HttpBasicsLesson extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@ -54,10 +55,4 @@ public class HttpBasicsLesson extends AssignmentEndpoint {
|
||||
return trackProgress(AttackResult.failed("You are close, try again"));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "/HttpBasics/attack1";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -8,6 +8,7 @@ import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
@ -43,7 +44,7 @@ import java.io.IOException;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
|
||||
@Path("/HttpBasics/attack2")
|
||||
public class HttpBasicsQuiz extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@ -61,10 +62,4 @@ public class HttpBasicsQuiz extends AssignmentEndpoint {
|
||||
return trackProgress(AttackResult.failed("You are close, try again. " + message.toString()));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "/HttpBasics/attack2";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -9,6 +9,7 @@ import java.sql.SQLException;
|
||||
import java.sql.Statement;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
@ -50,6 +51,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/SqlInjection/attack5a")
|
||||
public class SqlInjectionLesson5a extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@ -57,12 +59,6 @@ public class SqlInjectionLesson5a extends AssignmentEndpoint {
|
||||
return injectableQuery(account);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "/SqlInjection/attack5a";
|
||||
}
|
||||
|
||||
|
||||
protected AttackResult injectableQuery(String accountName)
|
||||
{
|
||||
try
|
||||
|
||||
@ -10,6 +10,7 @@ import java.sql.SQLException;
|
||||
import java.sql.Statement;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
@ -51,6 +52,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/SqlInjection/attack5b")
|
||||
public class SqlInjectionLesson5b extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@ -59,13 +61,6 @@ public class SqlInjectionLesson5b extends AssignmentEndpoint {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "/SqlInjection/attack5b";
|
||||
}
|
||||
|
||||
|
||||
|
||||
protected AttackResult injectableQuery(String accountName)
|
||||
{
|
||||
try
|
||||
|
||||
@ -9,6 +9,7 @@ import java.sql.SQLException;
|
||||
import java.sql.Statement;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
@ -50,6 +51,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/SqlInjection/attack6a")
|
||||
public class SqlInjectionLesson6a extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@ -59,12 +61,6 @@ public class SqlInjectionLesson6a extends AssignmentEndpoint {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "/SqlInjection/attack6a";
|
||||
}
|
||||
|
||||
|
||||
protected AttackResult injectableQuery(String accountName)
|
||||
{
|
||||
try
|
||||
|
||||
@ -8,6 +8,7 @@ import java.sql.SQLException;
|
||||
import java.sql.Statement;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
@ -49,6 +50,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@Path("/SqlInjection/attack6b")
|
||||
public class SqlInjectionLesson6b extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
@ -60,12 +62,6 @@ public class SqlInjectionLesson6b extends AssignmentEndpoint {
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "/SqlInjection/attack6b";
|
||||
}
|
||||
|
||||
|
||||
protected String getPassword()
|
||||
{
|
||||
|
||||
|
||||
@ -10,6 +10,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import javax.ws.rs.Path;
|
||||
import java.io.File;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Paths;
|
||||
@ -46,13 +47,9 @@ import static org.owasp.webgoat.plugin.SimpleXXE.parseXml;
|
||||
* @version $Id: $Id
|
||||
* @since November 18, 2016
|
||||
*/
|
||||
@Path("XXE/blind")
|
||||
public class BlindSendFileAssignment extends AssignmentEndpoint {
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "XXE/blind";
|
||||
}
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.ALL_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
public AttackResult createNewUser(@RequestBody String userInfo) throws Exception {
|
||||
|
||||
@ -10,6 +10,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import javax.ws.rs.Path;
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.owasp.webgoat.plugin.SimpleXXE.checkSolution;
|
||||
@ -44,13 +45,9 @@ import static org.owasp.webgoat.plugin.SimpleXXE.parseXml;
|
||||
* @version $Id: $Id
|
||||
* @since November 17, 2016
|
||||
*/
|
||||
@Path("XXE/content-type")
|
||||
public class ContentTypeAssignment extends AssignmentEndpoint {
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "XXE/content-type";
|
||||
}
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.ALL_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
public AttackResult createNewUser(@RequestBody String userInfo, @RequestHeader("Content-Type") String contentType) throws Exception {
|
||||
|
||||
@ -9,6 +9,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import javax.ws.rs.Path;
|
||||
import javax.xml.bind.JAXBContext;
|
||||
import javax.xml.bind.Unmarshaller;
|
||||
import javax.xml.stream.XMLInputFactory;
|
||||
@ -44,16 +45,12 @@ import java.io.StringReader;
|
||||
* @version $Id: $Id
|
||||
* @since November 17, 2016
|
||||
*/
|
||||
@Path("XXE/simple")
|
||||
public class SimpleXXE extends AssignmentEndpoint {
|
||||
|
||||
private final static String[] DEFAULT_LINUX_DIRECTORIES = {"usr", "opt", "var"};
|
||||
private final static String[] DEFAULT_WINDOWS_DIRECTORIES = {"Windows", "Program Files (x86)", "Program Files"};
|
||||
|
||||
@Override
|
||||
public String getPath() {
|
||||
return "XXE/simple";
|
||||
}
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.ALL_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
public AttackResult createNewUser(@RequestBody String userInfo) throws Exception {
|
||||
|
||||
Reference in New Issue
Block a user