Fixing challenges intro and challenge 3
This commit is contained in:
		| @ -2,22 +2,33 @@ package org.owasp.webgoat.plugin.challenge3; | ||||
|  | ||||
| import com.fasterxml.jackson.databind.ObjectMapper; | ||||
| import com.google.common.collect.EvictingQueue; | ||||
| import com.google.common.io.Files; | ||||
| import lombok.SneakyThrows; | ||||
| import org.joda.time.DateTime; | ||||
| import org.joda.time.format.DateTimeFormat; | ||||
| import org.joda.time.format.DateTimeFormatter; | ||||
| import org.owasp.webgoat.assignments.AssignmentEndpoint; | ||||
| import org.owasp.webgoat.assignments.AssignmentPath; | ||||
| import org.owasp.webgoat.assignments.AttackResult; | ||||
| import org.owasp.webgoat.plugin.Flag; | ||||
| import org.owasp.webgoat.session.WebSession; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.beans.factory.annotation.Value; | ||||
| import org.springframework.http.MediaType; | ||||
| import org.springframework.web.bind.annotation.*; | ||||
| import org.springframework.web.bind.annotation.RequestBody; | ||||
| import org.springframework.web.bind.annotation.RequestHeader; | ||||
| import org.springframework.web.bind.annotation.RequestMapping; | ||||
| import org.springframework.web.bind.annotation.ResponseBody; | ||||
|  | ||||
| import javax.annotation.PostConstruct; | ||||
| import javax.xml.bind.JAXBContext; | ||||
| import javax.xml.bind.Unmarshaller; | ||||
| import javax.xml.stream.XMLInputFactory; | ||||
| import javax.xml.stream.XMLStreamReader; | ||||
| import java.io.File; | ||||
| import java.io.IOException; | ||||
| import java.io.StringReader; | ||||
| import java.nio.charset.Charset; | ||||
| import java.util.Collection; | ||||
|  | ||||
| import static org.springframework.http.MediaType.ALL_VALUE; | ||||
| @ -32,16 +43,32 @@ import static org.springframework.web.bind.annotation.RequestMethod.POST; | ||||
| @AssignmentPath("/challenge/3") | ||||
| public class Assignment3 extends AssignmentEndpoint { | ||||
|  | ||||
|     @Value("${webgoat.server.directory}") | ||||
|     private String webGoatHomeDirectory; | ||||
|     @Autowired | ||||
|     private WebSession webSession; | ||||
|     private static DateTimeFormatter fmt = DateTimeFormat.forPattern("yyyy-MM-dd, HH:mm:ss"); | ||||
|  | ||||
|     private static final EvictingQueue<Comment> comments = EvictingQueue.create(100); | ||||
|     private static final String secretContents = "Congratulations you may now collect your flag"; | ||||
|  | ||||
|     static { | ||||
|         comments.add(new Comment("webgoat", DateTime.now().toString(), "Silly cat....")); | ||||
|         comments.add(new Comment("guest", DateTime.now().toString(), "I think I will use this picture in one of my projects.")); | ||||
|         comments.add(new Comment("webgoat", DateTime.now().toString(fmt), "Silly cat....")); | ||||
|         comments.add(new Comment("guest", DateTime.now().toString(fmt), "I think I will use this picture in one of my projects.")); | ||||
|         comments.add(new Comment("guest", DateTime.now().toString(), "Lol!! :-).")); | ||||
|     } | ||||
|  | ||||
|     @PostConstruct | ||||
|     @SneakyThrows | ||||
|     public void copyFile() { | ||||
|         File targetDirectory = new File(webGoatHomeDirectory, "/challenges"); | ||||
|         if (!targetDirectory.exists()) { | ||||
|             targetDirectory.mkdir(); | ||||
|         } | ||||
|         Files.write(secretContents, new File(targetDirectory, "secret.txt"), Charset.defaultCharset()); | ||||
|     } | ||||
|  | ||||
|  | ||||
|     @RequestMapping(method = GET, produces = APPLICATION_JSON_VALUE) | ||||
|     @ResponseBody | ||||
|     public Collection<Comment> retrieveComments() { | ||||
| @ -60,7 +87,7 @@ public class Assignment3 extends AssignmentEndpoint { | ||||
|         } | ||||
|         if (MediaType.APPLICATION_XML_VALUE.equals(contentType)) { | ||||
|             comment = parseXml(commentStr); | ||||
|             comment.setDateTime(DateTime.now().toString()); | ||||
|             comment.setDateTime(DateTime.now().toString(fmt)); | ||||
|             comment.setUser(webSession.getUserName()); | ||||
|         } | ||||
|         if (comment != null) { | ||||
| @ -74,7 +101,7 @@ public class Assignment3 extends AssignmentEndpoint { | ||||
|     } | ||||
|  | ||||
|     private boolean checkSolution(Comment comment) { | ||||
|         if (comment.getComment().contains("Congratulations you may now collect your flag")) { | ||||
|         if (comment.getComment().contains(secretContents)) { | ||||
|             comment.setComment("Congratulations to " + webSession.getUserName() + " for finding the flag!!"); | ||||
|             return true; | ||||
|         } | ||||
|  | ||||
										
											Binary file not shown.
										
									
								
							| Before Width: | Height: | Size: 23 KiB After Width: | Height: | Size: 82 KiB | 
| @ -4,7 +4,7 @@ | ||||
| In this CTF you will need to solve a couple of challenges, each challenge will give you a flag which you will | ||||
| need to post in order to gain points. | ||||
|  | ||||
| Flags have the following format: a7179f89-906b-4fec-9d99-f15b796e7208 | ||||
| Flags have the following format: `a7179f89-906b-4fec-9d99-f15b796e7208` | ||||
|  | ||||
|  | ||||
| Have fun!! | ||||
|  | ||||
		Reference in New Issue
	
	Block a user