diff --git a/src/main/java/org/owasp/webgoat/container/lessons/Category.java b/src/main/java/org/owasp/webgoat/container/lessons/Category.java index 238d6fe6d..30cccd889 100644 --- a/src/main/java/org/owasp/webgoat/container/lessons/Category.java +++ b/src/main/java/org/owasp/webgoat/container/lessons/Category.java @@ -39,36 +39,19 @@ public enum Category { INTRODUCTION("Introduction", 5), GENERAL("General", 100), - INJECTION("(A1) Injection", 300), - AUTHENTICATION("(A2) Broken Authentication", 302), - INSECURE_COMMUNICATION("(A3) Sensitive Data Exposure", 303), - XXE("(A4) XML External Entities (XXE)", 304), - ACCESS_CONTROL("(A5) Broken Access Control", 305), - - XSS("(A7) Cross-Site Scripting (XSS)", 307), - INSECURE_DESERIALIZATION("(A8) Insecure Deserialization", 308), - VULNERABLE_COMPONENTS("(A9) Vulnerable Components", 309), - SESSION_MANAGEMENT("(A10) Session Management Flaws", 310), - - REQUEST_FORGERIES("(A8:2013) Request Forgeries", 318), + A1("(A1) Broken Access Control", 301), + A2("(A2) Cryptographic Failures", 302), + A3("(A3) Injection", 303), + A5("(A5) Security Misconfiguration", 305), + A6("(A6) Vuln & Outdated Components", 306), + A7("(A7) Identity & Auth Failure", 307), + A8("(A8) Software & Data Integrity", 308), + A9("(A9) Security Logging Failures", 309), + A10("(A10) Server-side Request Forgery", 310), - REQ_FORGERIES("Request Forgeries", 450), - - INSECURE_CONFIGURATION("Insecure Configuration", 600), - INSECURE_STORAGE("Insecure Storage", 800), - - - AJAX_SECURITY("AJAX Security", 1000), - BUFFER_OVERFLOW("Buffer Overflows", 1100), - CODE_QUALITY("Code Quality", 1200), - CONCURRENCY("Concurrency", 1300), - ERROR_HANDLING("Improper Error Handling", 1400), - DOS("Denial of Service", 1500), - MALICIOUS_EXECUTION("Malicious Execution", 1600), CLIENT_SIDE("Client side", 1700), - WEB_SERVICES("Web Services", 1900), - ADMIN_FUNCTIONS("Admin Functions", 2000), + CHALLENGE("Challenges", 3000); @Getter diff --git a/src/main/java/org/owasp/webgoat/lessons/auth_bypass/AuthBypass.java b/src/main/java/org/owasp/webgoat/lessons/auth_bypass/AuthBypass.java index 4e885e1cd..9e0694256 100644 --- a/src/main/java/org/owasp/webgoat/lessons/auth_bypass/AuthBypass.java +++ b/src/main/java/org/owasp/webgoat/lessons/auth_bypass/AuthBypass.java @@ -31,7 +31,7 @@ public class AuthBypass extends Lesson { @Override public Category getDefaultCategory() { - return Category.AUTHENTICATION; + return Category.A7; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java b/src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java index 6ccd96951..6a805df21 100644 --- a/src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java +++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/Cryptography.java @@ -30,7 +30,7 @@ import org.springframework.stereotype.Component; public class Cryptography extends Lesson { @Override public Category getDefaultCategory() { - return Category.GENERAL; + return Category.A2; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java index 675054d75..624797f66 100644 --- a/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java +++ b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java @@ -33,7 +33,7 @@ import org.springframework.stereotype.Component; public class CSRF extends Lesson { @Override public Category getDefaultCategory() { - return Category.REQUEST_FORGERIES; + return Category.A10; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java b/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java index fba6be389..008fb90a2 100644 --- a/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java +++ b/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserialization.java @@ -37,7 +37,7 @@ import org.springframework.stereotype.Component; public class InsecureDeserialization extends Lesson { @Override public Category getDefaultCategory() { - return Category.INSECURE_DESERIALIZATION; + return Category.A8; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java b/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java index 51c3c616a..c233a1d23 100644 --- a/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java +++ b/src/main/java/org/owasp/webgoat/lessons/hijacksession/HijackSession.java @@ -38,7 +38,7 @@ public class HijackSession extends Lesson { @Override public Category getDefaultCategory() { - return Category.SESSION_MANAGEMENT; + return Category.A1; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java b/src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java index 5672067aa..38dc2a9eb 100644 --- a/src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java +++ b/src/main/java/org/owasp/webgoat/lessons/idor/IDOR.java @@ -38,7 +38,7 @@ public class IDOR extends Lesson { @Override public Category getDefaultCategory() { - return Category.ACCESS_CONTROL; + return Category.A1; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/insecure_login/InsecureLogin.java b/src/main/java/org/owasp/webgoat/lessons/insecure_login/InsecureLogin.java index ec8a29c58..e239a4f8c 100644 --- a/src/main/java/org/owasp/webgoat/lessons/insecure_login/InsecureLogin.java +++ b/src/main/java/org/owasp/webgoat/lessons/insecure_login/InsecureLogin.java @@ -37,7 +37,7 @@ import org.springframework.stereotype.Component; public class InsecureLogin extends Lesson { @Override public Category getDefaultCategory() { - return Category.INSECURE_COMMUNICATION; + return Category.A7; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java b/src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java index 31a84a4ad..d65b566c1 100644 --- a/src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java +++ b/src/main/java/org/owasp/webgoat/lessons/jwt/JWT.java @@ -35,7 +35,7 @@ public class JWT extends Lesson { @Override public Category getDefaultCategory() { - return Category.AUTHENTICATION; + return Category.A7; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java b/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java index eed7bea87..ec5c814fb 100644 --- a/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java +++ b/src/main/java/org/owasp/webgoat/lessons/logging/LogSpoofing.java @@ -37,7 +37,7 @@ import org.springframework.stereotype.Component; public class LogSpoofing extends Lesson { @Override public Category getDefaultCategory() { - return Category.INSECURE_CONFIGURATION; + return Category.A9; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionAC.java b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionAC.java index 2992a9a69..609745ee2 100644 --- a/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionAC.java +++ b/src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionAC.java @@ -34,7 +34,7 @@ public class MissingFunctionAC extends Lesson { @Override public Category getDefaultCategory() { - return Category.ACCESS_CONTROL; + return Category.A1; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/password_reset/PasswordReset.java b/src/main/java/org/owasp/webgoat/lessons/password_reset/PasswordReset.java index 502140c32..a0024f033 100644 --- a/src/main/java/org/owasp/webgoat/lessons/password_reset/PasswordReset.java +++ b/src/main/java/org/owasp/webgoat/lessons/password_reset/PasswordReset.java @@ -30,7 +30,7 @@ import org.springframework.stereotype.Component; public class PasswordReset extends Lesson { @Override public Category getDefaultCategory() { - return Category.AUTHENTICATION; + return Category.A7; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/path_traversal/PathTraversal.java b/src/main/java/org/owasp/webgoat/lessons/path_traversal/PathTraversal.java index 4cacd14cd..703aa30ea 100644 --- a/src/main/java/org/owasp/webgoat/lessons/path_traversal/PathTraversal.java +++ b/src/main/java/org/owasp/webgoat/lessons/path_traversal/PathTraversal.java @@ -31,7 +31,7 @@ public class PathTraversal extends Lesson { @Override public Category getDefaultCategory() { - return Category.INJECTION; + return Category.A3; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswords.java b/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswords.java index 872c7c027..37468b20a 100644 --- a/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswords.java +++ b/src/main/java/org/owasp/webgoat/lessons/secure_passwords/SecurePasswords.java @@ -35,7 +35,7 @@ public class SecurePasswords extends Lesson { @Override public Category getDefaultCategory() { - return Category.AUTHENTICATION; + return Category.A7; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java index fa8f1c946..b89627b42 100644 --- a/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java +++ b/src/main/java/org/owasp/webgoat/lessons/spoofcookie/SpoofCookie.java @@ -37,7 +37,7 @@ public class SpoofCookie extends Lesson { @Override public Category getDefaultCategory() { - return Category.SESSION_MANAGEMENT; + return Category.A1; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionAdvanced.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionAdvanced.java index a29241eaf..9a472067e 100644 --- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionAdvanced.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionAdvanced.java @@ -30,7 +30,7 @@ import org.springframework.stereotype.Component; public class SqlInjectionAdvanced extends Lesson { @Override public Category getDefaultCategory() { - return Category.INJECTION; + return Category.A3; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjection.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjection.java index 459079ed6..dbd855fec 100644 --- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjection.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjection.java @@ -30,7 +30,7 @@ import org.springframework.stereotype.Component; public class SqlInjection extends Lesson { @Override public Category getDefaultCategory() { - return Category.INJECTION; + return Category.A3; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionMitigations.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionMitigations.java index 08ebb39d6..1fd732c46 100644 --- a/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionMitigations.java +++ b/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlInjectionMitigations.java @@ -30,7 +30,7 @@ import org.springframework.stereotype.Component; public class SqlInjectionMitigations extends Lesson { @Override public Category getDefaultCategory() { - return Category.INJECTION; + return Category.A3; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java index ac318d3e6..d82cf3d9d 100644 --- a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java +++ b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRF.java @@ -37,7 +37,7 @@ import org.springframework.stereotype.Component; public class SSRF extends Lesson { @Override public Category getDefaultCategory() { - return Category.REQUEST_FORGERIES; + return Category.A10; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponents.java b/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponents.java index 0d444f9aa..228f74cce 100644 --- a/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponents.java +++ b/src/main/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponents.java @@ -30,7 +30,7 @@ import org.springframework.stereotype.Component; public class VulnerableComponents extends Lesson { @Override public Category getDefaultCategory() { - return Category.VULNERABLE_COMPONENTS; + return Category.A6; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java index ca0f14c0a..308ff6221 100644 --- a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java @@ -30,7 +30,7 @@ import org.springframework.stereotype.Component; public class CrossSiteScripting extends Lesson { @Override public Category getDefaultCategory() { - return Category.XSS; + return Category.A3; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java index dba6c36d0..2515d7e0c 100644 --- a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java @@ -28,7 +28,7 @@ import org.owasp.webgoat.container.lessons.Lesson; public class CrossSiteScriptingMitigation extends Lesson { @Override public Category getDefaultCategory() { - return Category.XSS; + return Category.A3; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java b/src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java index 90cb74f32..5646f7622 100644 --- a/src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java @@ -28,7 +28,7 @@ import org.owasp.webgoat.container.lessons.Lesson; public class CrossSiteScriptingStored extends Lesson { @Override public Category getDefaultCategory() { - return Category.XSS; + return Category.A3; } @Override diff --git a/src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java b/src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java index 8a9ab9679..76d51f78f 100644 --- a/src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java +++ b/src/main/java/org/owasp/webgoat/lessons/xxe/XXE.java @@ -31,7 +31,7 @@ public class XXE extends Lesson { @Override public Category getDefaultCategory() { - return Category.XXE; + return Category.A5; } @Override diff --git a/src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java b/src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java index 593f27539..d889e2665 100644 --- a/src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java +++ b/src/test/java/org/owasp/webgoat/container/service/LessonMenuServiceTest.java @@ -77,7 +77,7 @@ public class LessonMenuServiceTest { when(l2.getTitle()).thenReturn("AA"); when(lessonTracker.isLessonSolved()).thenReturn(false); when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1, l2)); - when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL)); + when(course.getCategories()).thenReturn(Lists.newArrayList(Category.A1)); when(userTracker.getLessonTracker(any(Lesson.class))).thenReturn(lessonTracker); when(userTrackerRepository.findByUser(any())).thenReturn(userTracker); @@ -93,7 +93,7 @@ public class LessonMenuServiceTest { when(l1.getTitle()).thenReturn("ZA"); when(lessonTracker.isLessonSolved()).thenReturn(true); when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1)); - when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL)); + when(course.getCategories()).thenReturn(Lists.newArrayList(Category.A1)); when(userTracker.getLessonTracker(any(Lesson.class))).thenReturn(lessonTracker); when(userTrackerRepository.findByUser(any())).thenReturn(userTracker); diff --git a/src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java b/src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java index 7da75dc92..9caa0ab2b 100644 --- a/src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java +++ b/src/test/java/org/owasp/webgoat/container/users/UserTrackerRepositoryTest.java @@ -20,7 +20,7 @@ class UserTrackerRepositoryTest { @Override public Category getDefaultCategory() { - return Category.AJAX_SECURITY; + return Category.CLIENT_SIDE; } @Override diff --git a/src/test/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponentsLessonTest.java b/src/test/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponentsLessonTest.java index dd47a1400..b52953a11 100644 --- a/src/test/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponentsLessonTest.java +++ b/src/test/java/org/owasp/webgoat/lessons/vulnerable_components/VulnerableComponentsLessonTest.java @@ -26,8 +26,6 @@ import com.thoughtworks.xstream.XStream; import com.thoughtworks.xstream.io.StreamException; import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; -import org.owasp.webgoat.lessons.vulnerable_components.Contact; -import org.owasp.webgoat.lessons.vulnerable_components.ContactImpl; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows;