dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#276 Automatic lesson summary page

Browse Source 
- Basic overview of all the assignments needed to be solved in a lesson
 - Clicking on a link will jump to the correct page with the assignment
 - Lesson completed also updates lesson overview immediately
This commit is contained in:
Nanne Baars
2016-12-27 21:04:56 +01:00
parent de4e581ee4
commit 9c03b6f63b
34 changed files with 214 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson1.java
View File

@ -4,6 +4,7 @@ package org.owasp.webgoat.plugin;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Path;
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
import org.owasp.webgoat.lessons.AttackResult;
@ -44,6 +45,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
@Path("/CrossSiteScripting/attack1")
public class CrossSiteScriptingLesson1 extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)
@ -54,9 +56,4 @@ public class CrossSiteScriptingLesson1 extends AssignmentEndpoint {
return trackProgress(AttackResult.failed("Are you sure? Try using a tab from a different site."));
}
}
@Override
public String getPath() {
return "/CrossSiteScripting/attack1";
}
}

8
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson5a.java
View File

@ -4,6 +4,7 @@ package org.owasp.webgoat.plugin;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Path;
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
import org.owasp.webgoat.lessons.AttackResult;
@ -44,6 +45,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
@Path("/CrossSiteScripting/attack5a")
public class CrossSiteScriptingLesson5a extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)
@ -63,10 +65,4 @@ public class CrossSiteScriptingLesson5a extends AssignmentEndpoint {
cart.append( " $" + totalSale);
return trackProgress(AttackResult.failed(cart.toString()));
}
@Override
public String getPath() {
return "/CrossSiteScripting/attack5a";
}
}

9
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson5b.java
View File

@ -10,6 +10,7 @@ import java.sql.SQLException;
import java.sql.Statement;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Path;
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
import org.owasp.webgoat.lessons.AttackResult;
@ -51,6 +52,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
@Path("/CrossSiteScripting/attack5b")
public class CrossSiteScriptingLesson5b extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)
@ -59,13 +61,6 @@ public class CrossSiteScriptingLesson5b extends AssignmentEndpoint {
}
@Override
public String getPath() {
return "/CrossSiteScripting/attack5b";
}
protected AttackResult injectableQuery(String accountName)
{
try

8
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson6a.java
View File

@ -9,6 +9,7 @@ import java.sql.SQLException;
import java.sql.Statement;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Path;
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
import org.owasp.webgoat.lessons.AttackResult;
@ -50,6 +51,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
@Path("/CrossSiteScripting/attack6a")
public class CrossSiteScriptingLesson6a extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)
@ -59,12 +61,6 @@ public class CrossSiteScriptingLesson6a extends AssignmentEndpoint {
}
@Override
public String getPath() {
return "/CrossSiteScripting/attack6a";
}
protected AttackResult injectableQuery(String accountName)
{
try

8
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson6b.java
View File

@ -8,6 +8,7 @@ import java.sql.SQLException;
import java.sql.Statement;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Path;
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
import org.owasp.webgoat.lessons.AttackResult;
@ -49,6 +50,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
@Path("/CrossSiteScripting/attack6b")
public class CrossSiteScriptingLesson6b extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)
@ -60,12 +62,6 @@ public class CrossSiteScriptingLesson6b extends AssignmentEndpoint {
}
}
@Override
public String getPath() {
return "/CrossSiteScripting/attack6b";
}
protected String getPassword()
{

7
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java
View File

@ -8,11 +8,13 @@ import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Path;
import java.io.IOException;
/**
* Created by jason on 11/23/16.
*/
@Path("/CrossSiteScripting/dom-xss")
public class DOMCrossSiteScripting extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)
public @ResponseBody
@ -26,11 +28,6 @@ public class DOMCrossSiteScripting extends AssignmentEndpoint {
return trackProgress(AttackResult.failed("keep trying!"));
}
}
@Override
public String getPath() {
return "/CrossSiteScripting/dom-xss";
}
}