dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#276 Automatic lesson summary page

Browse Source 
- Basic overview of all the assignments needed to be solved in a lesson
 - Clicking on a link will jump to the correct page with the assignment
 - Lesson completed also updates lesson overview immediately
This commit is contained in:
Nanne Baars
2016-12-27 21:04:56 +01:00
parent de4e581ee4
commit 9c03b6f63b
34 changed files with 214 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/BlindSendFileAssignment.java
View File

@ -10,6 +10,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.ws.rs.Path;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
@ -46,13 +47,9 @@ import static org.owasp.webgoat.plugin.SimpleXXE.parseXml;
* @version $Id: $Id
* @since November 18, 2016
*/
@Path("XXE/blind")
public class BlindSendFileAssignment extends AssignmentEndpoint {
@Override
public String getPath() {
return "XXE/blind";
}
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.ALL_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
public AttackResult createNewUser(@RequestBody String userInfo) throws Exception {

7
webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/ContentTypeAssignment.java
View File

@ -10,6 +10,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.ws.rs.Path;
import java.io.IOException;
import static org.owasp.webgoat.plugin.SimpleXXE.checkSolution;
@ -44,13 +45,9 @@ import static org.owasp.webgoat.plugin.SimpleXXE.parseXml;
* @version $Id: $Id
* @since November 17, 2016
*/
@Path("XXE/content-type")
public class ContentTypeAssignment extends AssignmentEndpoint {
@Override
public String getPath() {
return "XXE/content-type";
}
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.ALL_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
public AttackResult createNewUser(@RequestBody String userInfo, @RequestHeader("Content-Type") String contentType) throws Exception {

7
webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/SimpleXXE.java
View File

@ -9,6 +9,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.ws.rs.Path;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Unmarshaller;
import javax.xml.stream.XMLInputFactory;
@ -44,16 +45,12 @@ import java.io.StringReader;
* @version $Id: $Id
* @since November 17, 2016
*/
@Path("XXE/simple")
public class SimpleXXE extends AssignmentEndpoint {
private final static String[] DEFAULT_LINUX_DIRECTORIES = {"usr", "opt", "var"};
private final static String[] DEFAULT_WINDOWS_DIRECTORIES = {"Windows", "Program Files (x86)", "Program Files"};
@Override
public String getPath() {
return "XXE/simple";
}
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.ALL_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
public AttackResult createNewUser(@RequestBody String userInfo) throws Exception {