dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check in hint service which provides a list of hints for the current lesson

Browse Source
This commit is contained in:
lawson89 2014-06-20 14:41:15 -04:00
parent c71931f43c
commit a90817f332
4 changed files with 834 additions and 876 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1538
java/org/owasp/webgoat/lessons/AbstractLesson.java
View File

File diff suppressed because it is too large Load Diff

45
java/org/owasp/webgoat/service/HintService.java
View File

@ -5,7 +5,13 @@
*/ */
package org.owasp.webgoat.service; package org.owasp.webgoat.service;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpSession;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.model.Hint; import org.owasp.webgoat.lessons.model.Hint;
import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.WebSession;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
@ -17,13 +23,40 @@ import org.springframework.web.bind.annotation.ResponseBody;
@Controller @Controller
public class HintService extends BaseService { public class HintService extends BaseService {
/**
* Returns hints for current lesson
*
* @param session
* @return
*/
@RequestMapping(value = "/hint.do", produces = "application/json") @RequestMapping(value = "/hint.do", produces = "application/json")
public @ResponseBody public @ResponseBody
Hint showHint() { List<Hint> showHint(HttpSession session) {
Hint h = new Hint(); List<Hint> listHints = new ArrayList<Hint>();
h.setHint("This is a test hint"); WebSession ws;
h.setLesson("Some lesson"); Object o = session.getAttribute(WebSession.SESSION);
h.setNumber(1); if (o == null || !(o instanceof WebSession)) {
return h; return null;
}
ws = (WebSession) o;
AbstractLesson l = ws.getCurrentLesson();
if (l == null) {
return listHints;
}
List<String> hints;
hints = l.getHintsPublic(ws);
if (hints == null) {
return listHints;
}
int idx = 0;
for (String h : hints) {
Hint hint = new Hint();
hint.setHint(h);
hint.setLesson(l.getName());
hint.setNumber(idx);
listHints.add(hint);
idx++;
}
return listHints;
} }
} }

15
java/org/owasp/webgoat/session/Course.java
View File

@ -170,7 +170,7 @@ public class Course {
public AbstractLesson getFirstLesson() { public AbstractLesson getFirstLesson() {
List<String> roles = new ArrayList<String>(); List<String> roles = new ArrayList<String>();
roles.add(AbstractLesson.USER_ROLE); roles.add(AbstractLesson.USER_ROLE);
// Category 0 is the admin function. We want the first real category // Category 0 is the admin function. We want the first real category
// to be returned. This is noramally the General category and the Http Basics lesson // to be returned. This is noramally the General category and the Http Basics lesson
return ((AbstractLesson) getLessons((Category) getCategories().get(0), roles).get(0)); return ((AbstractLesson) getLessons((Category) getCategories().get(0), roles).get(0));
} }
@ -269,6 +269,15 @@ public class Course {
return getLessons(category, roles); return getLessons(category, roles);
} }
public AbstractLesson getLesson(int lessonId) {
for (AbstractLesson l : lessons) {
if (l.getScreenId() == lessonId) {
return l;
}
}
return null;
}
/** /**
* Load all of the filenames into a temporary cache * Load all of the filenames into a temporary cache
* *
@ -357,7 +366,7 @@ public class Course {
if (absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html") if (absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html")
&& className.endsWith(fileName)) { && className.endsWith(fileName)) {
// System.out.println("DEBUG: setting lesson plan file " + absoluteFile + " for // System.out.println("DEBUG: setting lesson plan file " + absoluteFile + " for
// lesson " + // lesson " +
// lesson.getClass().getName()); // lesson.getClass().getName());
// System.out.println("fileName: " + fileName + " == className: " + className ); // System.out.println("fileName: " + fileName + " == className: " + className );
@ -367,7 +376,7 @@ public class Course {
} }
if (absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html") if (absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html")
&& className.endsWith(fileName)) { && className.endsWith(fileName)) {
// System.out.println("DEBUG: setting lesson solution file " + absoluteFile + " // System.out.println("DEBUG: setting lesson solution file " + absoluteFile + "
// for lesson " + // for lesson " +
// lesson.getClass().getName()); // lesson.getClass().getName());
// System.out.println("fileName: " + fileName + " == className: " + className ); // System.out.println("fileName: " + fileName + " == className: " + className );

10
java/org/owasp/webgoat/session/WebSession.java
View File

@ -767,7 +767,7 @@ public class WebSession {
WebGoatI18N.setCurrentLanguage(this.currentLanguage); WebGoatI18N.setCurrentLanguage(this.currentLanguage);
} }
// System.out.println("Current Screen 1: " + currentScreen ); // System.out.println("Current Screen 1: " + currentScreen );
// System.out.println("Previous Screen 1: " + previousScreen ); // System.out.println("Previous Screen 1: " + previousScreen );
// FIXME: requires ?Logout=true // FIXME: requires ?Logout=true
// FIXME: doesn't work right -- no reauthentication // FIXME: doesn't work right -- no reauthentication
@ -779,7 +779,7 @@ public class WebSession {
previousScreen = ERROR; previousScreen = ERROR;
} }
// There are several scenarios where we want the first lesson to be loaded // There are several scenarios where we want the first lesson to be loaded
// 1) Previous screen is Welcome - Start of the course // 1) Previous screen is Welcome - Start of the course
// 2) After a logout and after the session has been reinitialized // 2) After a logout and after the session has been reinitialized
if ((this.getPreviousScreen() == WebSession.WELCOME) || (getRequest().getSession(false) != null if ((this.getPreviousScreen() == WebSession.WELCOME) || (getRequest().getSession(false) != null
@ -789,13 +789,13 @@ public class WebSession {
hintNum = -1; hintNum = -1;
} }
// System.out.println("Current Screen 2: " + currentScreen ); // System.out.println("Current Screen 2: " + currentScreen );
// System.out.println("Previous Screen 2: " + previousScreen ); // System.out.println("Previous Screen 2: " + previousScreen );
// update the screen variables // update the screen variables
previousScreen = currentScreen; previousScreen = currentScreen;
try { try {
// If the request is new there should be no parameters. // If the request is new there should be no parameters.
// This can occur from a session timeout or a the starting of a new course. // This can occur from a session timeout or a the starting of a new course.
if (!request.getSession().isNew()) { if (!request.getSession().isNew()) {
currentScreen = myParser.getIntParameter(SCREEN, currentScreen); currentScreen = myParser.getIntParameter(SCREEN, currentScreen);
@ -880,7 +880,7 @@ public class WebSession {
isColor = myParser.getBooleanParameter(COLOR, isColor); isColor = myParser.getBooleanParameter(COLOR, isColor);
isDebug = myParser.getBooleanParameter(DEBUG, isDebug); isDebug = myParser.getBooleanParameter(DEBUG, isDebug);
// System.out.println( "showParams:" + showParams ); // System.out.println( "showParams:" + showParams );
// System.out.println( "showSource:" + showSource ); // System.out.println( "showSource:" + showSource );
// System.out.println( "showSolution:" + showSolution ); // System.out.println( "showSolution:" + showSolution );
// System.out.println( "showCookies:" + showCookies ); // System.out.println( "showCookies:" + showCookies );