Getting the attack verification to work
This commit is contained in:
Nanne Baars
@ -5,6 +5,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
|
||||
import com.google.common.base.Optional;
|
||||
import com.google.common.collect.Lists;
|
||||
import com.google.common.reflect.ClassPath;
|
||||
import org.apache.commons.io.FileUtils;
|
||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||
import org.springframework.util.StringUtils;
|
||||
@ -84,7 +85,8 @@ public class Plugin {
|
||||
final List<String> hints = (List<String>) lessonYml.get("hints");
|
||||
final String title = (String) lessonYml.get("title");
|
||||
final String html = (String) lessonYml.get("id");
|
||||
this.ymlBasedLesson = new YmlBasedLesson(category, hints, title, html);
|
||||
Class attackClazz = findAttack(html);
|
||||
this.ymlBasedLesson = new YmlBasedLesson(category, hints, title, html, attackClazz);
|
||||
this.lesson = null;
|
||||
} catch (IOException e) {
|
||||
throw new PluginLoadingFailure("Unable to read yml file", e);
|
||||
@ -94,6 +96,19 @@ public class Plugin {
|
||||
|
||||
}
|
||||
|
||||
private Class findAttack(String id) {
|
||||
try {
|
||||
for (final ClassPath.ClassInfo info : ClassPath.from(this.classLoader).getTopLevelClasses()) {
|
||||
if (info.getName().endsWith(id)) {
|
||||
return info.load();
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>loadFiles.</p>
|
||||
*
|
||||
@ -152,6 +167,7 @@ public class Plugin {
|
||||
|
||||
/**
|
||||
* Lesson is optional, it is also possible that the supplied jar contains only helper classes.
|
||||
* Lesson could be a new lesson (adoc based) or still ECS based.
|
||||
*
|
||||
* @return a {@link com.google.common.base.Optional} object.
|
||||
*/
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
package org.owasp.webgoat.plugins;
|
||||
|
||||
import org.owasp.webgoat.lessons.Attack;
|
||||
import org.owasp.webgoat.lessons.Category;
|
||||
import org.owasp.webgoat.lessons.LessonAdapter;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
@ -42,12 +43,15 @@ public class YmlBasedLesson extends LessonAdapter {
|
||||
private final List<String> hints;
|
||||
private final String title;
|
||||
private final String id;
|
||||
private Attack attack;
|
||||
|
||||
public YmlBasedLesson(String category, List<String> hints, String title, String id) {
|
||||
public YmlBasedLesson(String category, List<String> hints, String title, String id, Class attack) {
|
||||
this.category = category;
|
||||
this.hints = hints;
|
||||
this.title = title;
|
||||
this.id = id;
|
||||
createAttack(attack);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -74,5 +78,16 @@ public class YmlBasedLesson extends LessonAdapter {
|
||||
return id;
|
||||
}
|
||||
|
||||
public Attack getLessonAttack() {
|
||||
return this.attack;
|
||||
}
|
||||
|
||||
private void createAttack(Class attack) {
|
||||
try {
|
||||
this.attack = (Attack) attack.newInstance();
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user