dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #41 from nbaars/webgoat-container

Browse Source 
Webgoat container
This commit is contained in:
mayhew64 2015-02-27 13:19:34 -05:00
commit b6257c0fbc
9 changed files with 72 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -23,4 +23,6 @@ src/main/main.iml
*.BASE.*.jsp
*.LOCAL.*.jsp
*.REMOTE.*.jsp
src/main/webapp/plugin_extracted/*
/*.iml

6
pom.xml
View File

@ -292,6 +292,12 @@
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>18.0</version>
</dependency>
<!-- JSTL -->
<dependency>
<groupId>javax.servlet</groupId>

11
src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
View File

@ -1,9 +1,5 @@
package org.owasp.webgoat.lessons;
import java.io.BufferedReader;
import java.io.FileReader;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
@ -16,6 +12,11 @@ import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.WebSession;
import java.io.BufferedReader;
import java.io.FileReader;
import java.util.ArrayList;
import java.util.List;
/**
* *************************************************************************************************
*
@ -157,7 +158,7 @@ public abstract class LessonAdapter extends AbstractLesson {
StringBuffer buff = new StringBuffer();
String lang = s.getCurrrentLanguage();
try {
String fileName = s.getWebResource(getLessonPlanFileName(lang));
String fileName = getLessonPlanFileName(lang);
if (fileName != null) {
BufferedReader in = new BufferedReader(new FileReader(fileName));
String line = null;

10
src/main/java/org/owasp/webgoat/plugins/Plugin.java
View File

@ -10,7 +10,6 @@ import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -117,13 +116,8 @@ public class Plugin {
public void rewritePaths(Path pluginTarget) {
try {
for (Map.Entry<String, File> html : solutionLanguageFiles.entrySet()) {
byte[] htmlFileAsBytes = Files.readAllBytes(Paths.get(html.getValue().toURI()));
String htmlFile = new String(htmlFileAsBytes);
htmlFile = htmlFile.replaceAll("lesson_solutions/" + this.lesson.getSimpleName() + "_files", pluginTarget.getFileName().toString() + "/lessons/plugin/" + this.lesson.getSimpleName() + "/lessonSolutions/en/" + this.lesson.getSimpleName() + "_files");
Files.write(Paths.get(html.getValue().toURI()), htmlFile.getBytes(), CREATE,
TRUNCATE_EXISTING);
}
PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files", pluginTarget.getFileName().toString() + "/plugin/" + this.lesson.getSimpleName() + "/lessonSolutions/en/" + this.lesson.getSimpleName() + "_files", solutionLanguageFiles.values());
PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files", pluginTarget.getFileName().toString() + "/plugin/" + this.lesson.getSimpleName() + "/lessonPlans/en/" + this.lesson.getSimpleName() + "_files", lessonPlansLanguageFiles.values());
} catch (IOException e) {
throw new PluginLoadingFailure("Unable to rewrite the paths in the solutions", e);
}

49
src/main/java/org/owasp/webgoat/plugins/PluginFileUtils.java
View File

@ -1,11 +1,17 @@
package org.owasp.webgoat.plugins;
import com.google.common.base.Preconditions;
import java.io.File;
import java.io.IOException;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
public class PluginFileUtils {
@ -25,21 +31,42 @@ public class PluginFileUtils {
}
public static Path createDirsIfNotExists(Path p) throws IOException {
if ( Files.notExists(p)) {
if (Files.notExists(p)) {
Files.createDirectories(p);
}
return p;
}
public static List<Path> getFilesInDirectory( Path directory) throws IOException {
List<Path> files = new ArrayList<>();
DirectoryStream<Path> dirStream;
dirStream = Files.newDirectoryStream(directory);
for (Path entry : dirStream) {
files.add(entry);
}
dirStream.close();
return files;
public static List<Path> getFilesInDirectory(Path directory) throws IOException {
List<Path> files = new ArrayList<>();
DirectoryStream<Path> dirStream;
dirStream = Files.newDirectoryStream(directory);
for (Path entry : dirStream) {
files.add(entry);
}
dirStream.close();
return files;
}
public static void replaceInFiles(String replace, String with, Collection<File> files) throws IOException {
Preconditions.checkNotNull(replace);
Preconditions.checkNotNull(with);
Preconditions.checkNotNull(files);
for (File file : files) {
replaceInFile(replace, with, Paths.get(file.toURI()));
}
}
public static void replaceInFile(String replace, String with, Path file) throws IOException {
Preconditions.checkNotNull(replace);
Preconditions.checkNotNull(with);
Preconditions.checkNotNull(file);
byte[] fileAsBytes = Files.readAllBytes(file);
String fileAsString = new String(fileAsBytes);
fileAsString = fileAsString.replaceAll(replace, with);
Files.write(file, fileAsString.getBytes(), StandardOpenOption.TRUNCATE_EXISTING);
}
}

15
src/main/java/org/owasp/webgoat/session/Course.java
View File

@ -1,5 +1,15 @@
package org.owasp.webgoat.session;
import org.owasp.webgoat.HammerHead;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.plugins.GlobalProperties;
import org.owasp.webgoat.plugins.Plugin;
import org.owasp.webgoat.plugins.PluginsLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.ServletContext;
import java.io.File;
import java.io.IOException;
import java.nio.file.Paths;
@ -8,8 +18,7 @@ import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Map
import javax.servlet.ServletContext;
import org.owasp.webgoat.HammerHead;
@ -65,6 +74,8 @@ public class Course {
private WebgoatProperties properties = null;
private final List<String> files = new LinkedList<String>();
private WebgoatContext webgoatContext;
public Course() {

BIN
src/main/webapp/plugin_lessons/SqlStringInjection-1.0.jar
View File

Binary file not shown.

6
src/test/java/org/owasp/webgoat/plugins/PluginTest.java
View File

@ -26,11 +26,11 @@ public class PluginTest {
List<String> allLines = Files.readAllLines(htmlFile, StandardCharsets.UTF_8);
assertThat(allLines,
hasItem(containsString("lessons/plugin/TestPlugin/lessonSolutions/en/TestPlugin_files/image001.png")));
hasItem(containsString("plugin/TestPlugin/lessonSolutions/en/TestPlugin_files/image001.png")));
}
@Test
public void shouldNotRewriteOtherLinksStartingWithLesson_solutions() throws Exception {
public void shouldNotRewriteOtherLinks() throws Exception {
Path tmpDir = PluginTestHelper.createTmpDir();
Path pluginSourcePath = PluginTestHelper.pathForLoading();
Plugin plugin = PluginTestHelper.createPluginFor(TestPlugin.class);
@ -40,6 +40,6 @@ public class PluginTest {
List<String> allLines = Files.readAllLines(htmlFile, StandardCharsets.UTF_8);
assertThat(allLines,
hasItem(containsString("lesson_solutions/Unknown_files/image001.png")));
hasItem(containsString("Unknown_files/image001.png")));
}
}

4
src/test/resources/org/owasp/webgoat/plugins/lessonSolutions/rewrite_test.html
View File

@ -5,7 +5,7 @@
<title></title>
</head>
<body>
<v:imagedata src="lesson_solutions/TestPlugin_files/image001.png" o:title=""/>
<v:imagedata src="lesson_solutions/Unknown_files/image001.png" o:title=""/>
<v:imagedata src="TestPlugin_files/image001.png" o:title=""/>
<v:imagedata src="Unknown_files/image001.png" o:title=""/>
</body>
</html>