dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Images from solutions are loading again

Browse Source
This commit is contained in:
Nanne Baars 2016-04-09 13:36:06 +02:00
parent 8ff02cab6d
commit a8ea4a16e6
12 changed files with 79 additions and 308 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat-container/pom.xml
View File

@ -110,8 +110,8 @@
<artifactId>maven-compiler-plugin</artifactId> <artifactId>maven-compiler-plugin</artifactId>
<version>${maven-compiler-plugin.version}</version> <version>${maven-compiler-plugin.version}</version>
<configuration> <configuration>
<source>1.7</source> <source>1.8</source>
<target>1.7</target> <target>1.8</target>
<encoding>ISO-8859-1</encoding> <encoding>ISO-8859-1</encoding>
</configuration> </configuration>
</plugin> </plugin>

18
webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
View File

@ -5,9 +5,15 @@ import org.owasp.webgoat.session.WebgoatContext;
import org.springframework.boot.context.embedded.ServletRegistrationBean; import org.springframework.boot.context.embedded.ServletRegistrationBean;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import java.io.File;
import java.io.IOException;
/** /**
* *
*/ */
@ -25,6 +31,18 @@ public class MvcConfiguration extends WebMvcConfigurerAdapter {
return new ServletRegistrationBean(hammerHead, "/attack/*"); return new ServletRegistrationBean(hammerHead, "/attack/*");
} }
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
Resource resource = new ClassPathResource("/plugin_lessons/plugin_lessons_marker.txt");
try {
File pluginsDir = resource.getFile().getParentFile();
registry.addResourceHandler("/plugin_lessons/**").addResourceLocations("file:///" + pluginsDir.toString() + "/");
} catch (IOException e) {
e.printStackTrace();
}
}
@Bean @Bean
public HammerHead hammerHead(WebgoatContext context) { public HammerHead hammerHead(WebgoatContext context) {
return new HammerHead(context); return new HammerHead(context);

2
webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
View File

@ -17,7 +17,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security = http ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security = http
.authorizeRequests() .authorizeRequests()
.antMatchers("/css/**", "/images/**", "/js/**", "fonts/**", "/plugins/**").permitAll() .antMatchers("/css/**", "/images/**", "/js/**", "fonts/**", "/plugins/**", "plugin_lessons/**").permitAll()
.antMatchers("/servlet/AdminServlet/**").hasAnyRole("WEBGOAT_ADMIN", "SERVER_ADMIN") // .antMatchers("/servlet/AdminServlet/**").hasAnyRole("WEBGOAT_ADMIN", "SERVER_ADMIN") //
.antMatchers("/JavaSource/**").hasRole("SERVER_ADMIN") // .antMatchers("/JavaSource/**").hasRole("SERVER_ADMIN") //
.anyRequest().hasAnyRole("WEBGOAT_USER", "WEBGOAT_ADMIN", "SERVER_ADMIN"); .anyRequest().hasAnyRole("WEBGOAT_USER", "WEBGOAT_ADMIN", "SERVER_ADMIN");

42
webgoat-container/src/main/java/org/owasp/webgoat/controller/Login.java
View File

@ -1,42 +0,0 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.owasp.webgoat.controller;
/**
* <p>Login class.</p>
*
* @author rlawson
* @version $Id: $Id
*/
//@Controller
public class Login {
// /**
// * <p>login.</p>
// *
// * @param error a {@link java.lang.String} object.
// * @param logout a {@link java.lang.String} object.
// * @return a {@link org.springframework.web.servlet.ModelAndView} object.
// */
// @RequestMapping(path = "login.mvc", method = RequestMethod.GET)
// public ModelAndView login(
// @RequestParam(value = "error", required = false) String error,
// @RequestParam(value = "logout", required = false) String logout) {
//
// ModelAndView model = new ModelAndView();
// if (error != null) {
// model.addObject("error", "Invalid username and password!");
// }
//
// if (logout != null) {
// model.addObject("msg", "You've been logged out successfully.");
// }
// model.setViewName("login");
//
// return model;
//
// }
}

54
webgoat-container/src/main/java/org/owasp/webgoat/controller/Logout.java
View File

@ -1,54 +0,0 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.owasp.webgoat.controller;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
/**
* <p>Logout class.</p>
*
* @author rlawson
* @version $Id: $Id
*/
@Controller
public class Logout {
final Logger logger = LoggerFactory.getLogger(Logout.class);
/**
* <p>logout.</p>
*
* @param error a {@link java.lang.String} object.
* @param logout a {@link java.lang.String} object.
* @return a {@link org.springframework.web.servlet.ModelAndView} object.
*/
@RequestMapping(path = "logout.mvc", method = RequestMethod.GET)
public ModelAndView logout(
@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout) {
logger.info("Logging user out");
ModelAndView model = new ModelAndView();
if (error != null) {
model.addObject("error", "Invalid username and password!");
}
if (logout != null) {
model.addObject("msg", "You've been logged out successfully.");
}
model.setViewName("logout");
return model;
}
}

81
webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
View File

@ -10,10 +10,10 @@ import org.apache.ecs.html.Html;
import org.apache.ecs.html.IMG; import org.apache.ecs.html.IMG;
import org.apache.ecs.html.PRE; import org.apache.ecs.html.PRE;
import org.apache.ecs.html.Title; import org.apache.ecs.html.Title;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.session.ParameterNotFoundException; import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.Screen; import org.owasp.webgoat.session.Screen;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.session.WebgoatProperties; import org.owasp.webgoat.session.WebgoatProperties;
import org.owasp.webgoat.util.BeanProvider; import org.owasp.webgoat.util.BeanProvider;
import org.owasp.webgoat.util.LabelManager; import org.owasp.webgoat.util.LabelManager;
@ -36,34 +36,34 @@ import java.util.List;
import java.util.Map; import java.util.Map;
/** /**
************************************************************************************************* * ************************************************************************************************
* * <p>
* * <p>
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/ * please see http://www.owasp.org/
* * <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew * Copyright (c) 2002 - 20014 Bruce Mayhew
* * <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the * This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the * GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version. * License, or (at your option) any later version.
* * <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* * <p>
* You should have received a copy of the GNU General Public License along with this program; if * You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA. * 02111-1307, USA.
* * <p>
* Getting Source ============== * Getting Source ==============
* * <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects. * projects.
* *
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a> * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @since October 28, 2003
* @version $Id: $Id * @version $Id: $Id
* @since October 28, 2003
*/ */
public abstract class AbstractLesson extends Screen implements Comparable<Object> { public abstract class AbstractLesson extends Screen implements Comparable<Object> {
@ -74,7 +74,9 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
*/ */
public final static String ADMIN_ROLE = "admin"; public final static String ADMIN_ROLE = "admin";
/** Constant <code>CHALLENGE_ROLE="challenge"</code> */ /**
* Constant <code>CHALLENGE_ROLE="challenge"</code>
*/
public final static String CHALLENGE_ROLE = "challenge"; public final static String CHALLENGE_ROLE = "challenge";
/** /**
@ -185,7 +187,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* {@inheritDoc} * {@inheritDoc}
* * <p>
* Description of the Method * Description of the Method
*/ */
public int compareTo(Object obj) { public int compareTo(Object obj) {
@ -194,7 +196,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* {@inheritDoc} * {@inheritDoc}
* * <p>
* Description of the Method * Description of the Method
*/ */
public boolean equals(Object obj) { public boolean equals(Object obj) {
@ -368,6 +370,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
// @TODO we need to restrict access at the service layer // @TODO we need to restrict access at the service layer
// rather than passing session object around // rather than passing session object around
/** /**
* <p>getHintsPublic.</p> * <p>getHintsPublic.</p>
* *
@ -383,9 +386,9 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
* Fill in a minor hint that will help people who basically get it, but are * Fill in a minor hint that will help people who basically get it, but are
* stuck on somthing silly. * stuck on somthing silly.
* *
* @param s The users WebSession * @param s The users WebSession
* @return The hint1 value
* @param hintNumber a int. * @param hintNumber a int.
* @return The hint1 value
*/ */
public String getHint(WebSession s, int hintNumber) { public String getHint(WebSession s, int hintNumber) {
return "Hint: " + getHints(s).get(hintNumber); return "Hint: " + getHints(s).get(hintNumber);
@ -394,8 +397,8 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* Gets the instructions attribute of the AbstractLesson object * Gets the instructions attribute of the AbstractLesson object
* *
* @return The instructions value
* @param s a {@link org.owasp.webgoat.session.WebSession} object. * @param s a {@link org.owasp.webgoat.session.WebSession} object.
* @return The instructions value
*/ */
public abstract String getInstructions(WebSession s); public abstract String getInstructions(WebSession s);
@ -567,11 +570,13 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
* @return a {@link java.lang.String} object. * @return a {@link java.lang.String} object.
*/ */
public String getRawSource(WebSession s) { public String getRawSource(WebSession s) {
String src; String src = "";
try { try {
logger.debug("Loading source file: " + getSourceFileName()); logger.debug("Loading source file: " + getSourceFileName());
src = readFromFile(new BufferedReader(new FileReader(getSourceFileName())), false); if (getSourceFileName() != null) {
src = readFromFile(new BufferedReader(new FileReader(getSourceFileName())), false);
}
} catch (FileNotFoundException e) { } catch (FileNotFoundException e) {
s.setMessage("Could not find source file"); s.setMessage("Could not find source file");
@ -613,12 +618,12 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* <p>Returns the default "path" portion of a lesson's URL.</p> * <p>Returns the default "path" portion of a lesson's URL.</p>
* * <p>
* * <p>
* Legacy webgoat lesson links are of the form * Legacy webgoat lesson links are of the form
* "attack?Screen=Xmenu=Ystage=Z". This method returns the path portion of * "attack?Screen=Xmenu=Ystage=Z". This method returns the path portion of
* the url, i.e., "attack" in the string above. * the url, i.e., "attack" in the string above.
* * <p>
* Newer, Spring-Controller-based classes will override this method to * Newer, Spring-Controller-based classes will override this method to
* return "*.do"-styled paths. * return "*.do"-styled paths.
* *
@ -630,7 +635,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* Get the link that can be used to request this screen. * Get the link that can be used to request this screen.
* * <p>
* Rendering the link in the browser may result in Javascript sending * Rendering the link in the browser may result in Javascript sending
* additional requests to perform necessary actions or to obtain data * additional requests to perform necessary actions or to obtain data
* relevant to the lesson or the element of the lesson selected by the * relevant to the lesson or the element of the lesson selected by the
@ -645,13 +650,13 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
// mvc update: // mvc update:
return link return link
.append("/").append(getScreenId()) .append("/").append(getScreenId())
.append("/").append(getCategory().getRanking()).toString(); .append("/").append(getCategory().getRanking()).toString();
} }
/** /**
* Get the link to the target servlet. * Get the link to the target servlet.
* * <p>
* Unlike getLink() this method does not require rendering the output of * Unlike getLink() this method does not require rendering the output of
* the request to the link in order to execute the servlet's method with * the request to the link in order to execute the servlet's method with
* conventional HTTP query parameters. * conventional HTTP query parameters.
@ -662,8 +667,8 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
StringBuffer link = new StringBuffer("attack"); StringBuffer link = new StringBuffer("attack");
return link return link
.append("?Screen=").append(getScreenId()) .append("?Screen=").append(getScreenId())
.append("&menu=").append(getCategory().getRanking()).toString(); .append("&menu=").append(getCategory().getRanking()).toString();
} }
/** /**
@ -694,16 +699,16 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
*/ */
public abstract String getCurrentAction(WebSession s); public abstract String getCurrentAction(WebSession s);
/** /**
* Initiates lesson restart functionality * Initiates lesson restart functionality
*/ */
public abstract void restartLesson(); public abstract void restartLesson();
/** /**
* <p>setCurrentAction.</p> * <p>setCurrentAction.</p>
* *
* @param s a {@link org.owasp.webgoat.session.WebSession} object. * @param s a {@link org.owasp.webgoat.session.WebSession} object.
* @param lessonScreen a {@link java.lang.String} object. * @param lessonScreen a {@link java.lang.String} object.
*/ */
public abstract void setCurrentAction(WebSession s, String lessonScreen); public abstract void setCurrentAction(WebSession s, String lessonScreen);
@ -711,7 +716,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* Override this method to implement accesss control in a lesson. * Override this method to implement accesss control in a lesson.
* *
* @param s a {@link org.owasp.webgoat.session.WebSession} object. * @param s a {@link org.owasp.webgoat.session.WebSession} object.
* @param functionId a {@link java.lang.String} object. * @param functionId a {@link java.lang.String} object.
* @param employeeId a int. * @param employeeId a int.
* @return a boolean. * @return a boolean.
@ -723,9 +728,9 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* Override this method to implement accesss control in a lesson. * Override this method to implement accesss control in a lesson.
* *
* @param s a {@link org.owasp.webgoat.session.WebSession} object. * @param s a {@link org.owasp.webgoat.session.WebSession} object.
* @param functionId a {@link java.lang.String} object. * @param functionId a {@link java.lang.String} object.
* @param role a {@link java.lang.String} object. * @param role a {@link java.lang.String} object.
* @return a boolean. * @return a boolean.
*/ */
public boolean isAuthorized(WebSession s, String role, String functionId) { public boolean isAuthorized(WebSession s, String role, String functionId) {
@ -914,7 +919,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* <p>Setter for the field <code>lessonPlanFileName</code>.</p> * <p>Setter for the field <code>lessonPlanFileName</code>.</p>
* *
* @param lang a {@link java.lang.String} object. * @param lang a {@link java.lang.String} object.
* @param lessonPlanFileName a {@link java.lang.String} object. * @param lessonPlanFileName a {@link java.lang.String} object.
*/ */
public void setLessonPlanFileName(String lang, String lessonPlanFileName) { public void setLessonPlanFileName(String lang, String lessonPlanFileName) {
@ -999,6 +1004,4 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
} }
} }

59
webgoat-container/src/main/java/org/owasp/webgoat/lessons/model/HttpBasicsModel.java
View File

@ -1,59 +0,0 @@
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
*/
package org.owasp.webgoat.lessons.model;
/**
* Model component for the Http Basics lesson. Using a model
* for that simple lesson is architectural overkill. We do it anyway
* for illustrative purposes - to demonstrate the pattern that we will
* use for more complex lessons.
*
* @version $Id: $Id
* @author dm
*/
public class HttpBasicsModel {
private String personName;
/**
* <p>Getter for the field <code>personName</code>.</p>
*
* @return a {@link java.lang.String} object.
*/
public String getPersonName() {
return personName;
}
/**
* <p>Setter for the field <code>personName</code>.</p>
*
* @param personName a {@link java.lang.String} object.
*/
public void setPersonName(String personName) {
this.personName = personName;
}
}

37
webgoat-container/src/main/java/org/owasp/webgoat/lessons/model/SourceListing.java
View File

@ -1,37 +0,0 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.owasp.webgoat.lessons.model;
/**
* <p>SourceListing class.</p>
*
* @author rlawson
* @version $Id: $Id
*/
public class SourceListing {
private String source;
/**
* <p>Getter for the field <code>source</code>.</p>
*
* @return the source
*/
public String getSource() {
return source;
}
/**
* <p>Setter for the field <code>source</code>.</p>
*
* @param source the source to set
*/
public void setSource(String source) {
this.source = source;
}
}

61
webgoat-container/src/main/java/org/owasp/webgoat/service/ApplicationService.java
View File

@ -1,61 +0,0 @@
/**
* *************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at
* https://github.com/WebGoat/WebGoat, a repository for free software projects.
*
*/
package org.owasp.webgoat.service;
import org.owasp.webgoat.application.Application;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpSession;
/**
* <p>ApplicationService class.</p>
*
* @author rlawson
* @version $Id: $Id
*/
@Controller
public class ApplicationService extends BaseService {
/**
* Returns global application info
*
* @param session a {@link javax.servlet.http.HttpSession} object.
* @return a {@link org.owasp.webgoat.application.Application} object.
*/
@RequestMapping(path = "/application.mvc", produces = "application/json")
public @ResponseBody
Application showApplication(HttpSession session) {
Application app = Application.getInstance();
return app;
}
}

24
webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
View File

@ -70,17 +70,19 @@ public class WebgoatContext {
* @return The databaseConnectionString value * @return The databaseConnectionString value
*/ */
public String getDatabaseConnectionString() { public String getDatabaseConnectionString() {
if (realConnectionString == null) { return this.databaseConnectionString;
try { //
String path = servlet.getServletContext().getRealPath("/database").replace('\\', '/'); // if (realConnectionString == null) {
System.out.println("PATH: " + path); // try {
realConnectionString = databaseConnectionString.replaceAll("PATH", path); // String path = servlet.getServletContext().getRealPath("/database").replace('\\', '/');
System.out.println("Database Connection String: " + realConnectionString); // System.out.println("PATH: " + path);
} catch (Exception e) { // realConnectionString = databaseConnectionString.replaceAll("PATH", path);
logger.error("Couldn't open database: check web.xml database parameters", e); // System.out.println("Database Connection String: " + realConnectionString);
} // } catch (Exception e) {
} // logger.error("Couldn't open database: check web.xml database parameters", e);
return realConnectionString; // }
// }
// return realConnectionString;
} }
/** /**

1
webgoat-container/src/main/resources/plugin_lessons/ReadMe.txt Normal file
View File

@ -0,0 +1 @@
Lesson plugins stored under this directory.

2
webgoat-container/src/main/resources/templates/lesson_content.html
View File

@ -2,7 +2,7 @@
<html xmlns:th="http://www.thymeleaf.org"> <html xmlns:th="http://www.thymeleaf.org">
<div id="lessonInstructions" th:utext="${instructions}"></div> <div id="lessonInstructions" th:utext="${instructions}"></div>
<div id="message" class="info" th:text="${message}"></div> <div id="message" class="info" th:utext="${message}"></div>
<br/> <br/>
<div th:utext="${lesson.content}"></div> <div th:utext="${lesson.content}"></div>
</html> </html>