Fixing challenges intro and challenge 3
This commit is contained in:
Nanne Baars
parent
c11c0104a3
commit
c3a11af20b
@ -2,22 +2,33 @@ package org.owasp.webgoat.plugin.challenge3;
|
|||||||
|
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
import com.google.common.collect.EvictingQueue;
|
import com.google.common.collect.EvictingQueue;
|
||||||
|
import com.google.common.io.Files;
|
||||||
|
import lombok.SneakyThrows;
|
||||||
import org.joda.time.DateTime;
|
import org.joda.time.DateTime;
|
||||||
|
import org.joda.time.format.DateTimeFormat;
|
||||||
|
import org.joda.time.format.DateTimeFormatter;
|
||||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
import org.owasp.webgoat.assignments.AssignmentPath;
|
||||||
import org.owasp.webgoat.assignments.AttackResult;
|
import org.owasp.webgoat.assignments.AttackResult;
|
||||||
import org.owasp.webgoat.plugin.Flag;
|
import org.owasp.webgoat.plugin.Flag;
|
||||||
import org.owasp.webgoat.session.WebSession;
|
import org.owasp.webgoat.session.WebSession;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.http.MediaType;
|
import org.springframework.http.MediaType;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.RequestBody;
|
||||||
|
import org.springframework.web.bind.annotation.RequestHeader;
|
||||||
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
|
|
||||||
|
import javax.annotation.PostConstruct;
|
||||||
import javax.xml.bind.JAXBContext;
|
import javax.xml.bind.JAXBContext;
|
||||||
import javax.xml.bind.Unmarshaller;
|
import javax.xml.bind.Unmarshaller;
|
||||||
import javax.xml.stream.XMLInputFactory;
|
import javax.xml.stream.XMLInputFactory;
|
||||||
import javax.xml.stream.XMLStreamReader;
|
import javax.xml.stream.XMLStreamReader;
|
||||||
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.StringReader;
|
import java.io.StringReader;
|
||||||
|
import java.nio.charset.Charset;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
||||||
import static org.springframework.http.MediaType.ALL_VALUE;
|
import static org.springframework.http.MediaType.ALL_VALUE;
|
||||||
@ -32,16 +43,32 @@ import static org.springframework.web.bind.annotation.RequestMethod.POST;
|
|||||||
@AssignmentPath("/challenge/3")
|
@AssignmentPath("/challenge/3")
|
||||||
public class Assignment3 extends AssignmentEndpoint {
|
public class Assignment3 extends AssignmentEndpoint {
|
||||||
|
|
||||||
|
@Value("${webgoat.server.directory}")
|
||||||
|
private String webGoatHomeDirectory;
|
||||||
@Autowired
|
@Autowired
|
||||||
private WebSession webSession;
|
private WebSession webSession;
|
||||||
|
private static DateTimeFormatter fmt = DateTimeFormat.forPattern("yyyy-MM-dd, HH:mm:ss");
|
||||||
|
|
||||||
private static final EvictingQueue<Comment> comments = EvictingQueue.create(100);
|
private static final EvictingQueue<Comment> comments = EvictingQueue.create(100);
|
||||||
|
private static final String secretContents = "Congratulations you may now collect your flag";
|
||||||
|
|
||||||
static {
|
static {
|
||||||
comments.add(new Comment("webgoat", DateTime.now().toString(), "Silly cat...."));
|
comments.add(new Comment("webgoat", DateTime.now().toString(fmt), "Silly cat...."));
|
||||||
comments.add(new Comment("guest", DateTime.now().toString(), "I think I will use this picture in one of my projects."));
|
comments.add(new Comment("guest", DateTime.now().toString(fmt), "I think I will use this picture in one of my projects."));
|
||||||
comments.add(new Comment("guest", DateTime.now().toString(), "Lol!! :-)."));
|
comments.add(new Comment("guest", DateTime.now().toString(), "Lol!! :-)."));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@PostConstruct
|
||||||
|
@SneakyThrows
|
||||||
|
public void copyFile() {
|
||||||
|
File targetDirectory = new File(webGoatHomeDirectory, "/challenges");
|
||||||
|
if (!targetDirectory.exists()) {
|
||||||
|
targetDirectory.mkdir();
|
||||||
|
}
|
||||||
|
Files.write(secretContents, new File(targetDirectory, "secret.txt"), Charset.defaultCharset());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
@RequestMapping(method = GET, produces = APPLICATION_JSON_VALUE)
|
@RequestMapping(method = GET, produces = APPLICATION_JSON_VALUE)
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public Collection<Comment> retrieveComments() {
|
public Collection<Comment> retrieveComments() {
|
||||||
@ -60,7 +87,7 @@ public class Assignment3 extends AssignmentEndpoint {
|
|||||||
}
|
}
|
||||||
if (MediaType.APPLICATION_XML_VALUE.equals(contentType)) {
|
if (MediaType.APPLICATION_XML_VALUE.equals(contentType)) {
|
||||||
comment = parseXml(commentStr);
|
comment = parseXml(commentStr);
|
||||||
comment.setDateTime(DateTime.now().toString());
|
comment.setDateTime(DateTime.now().toString(fmt));
|
||||||
comment.setUser(webSession.getUserName());
|
comment.setUser(webSession.getUserName());
|
||||||
}
|
}
|
||||||
if (comment != null) {
|
if (comment != null) {
|
||||||
@ -74,7 +101,7 @@ public class Assignment3 extends AssignmentEndpoint {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private boolean checkSolution(Comment comment) {
|
private boolean checkSolution(Comment comment) {
|
||||||
if (comment.getComment().contains("Congratulations you may now collect your flag")) {
|
if (comment.getComment().contains(secretContents)) {
|
||||||
comment.setComment("Congratulations to " + webSession.getUserName() + " for finding the flag!!");
|
comment.setComment("Congratulations to " + webSession.getUserName() + " for finding the flag!!");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|||||||
Binary file not shown.
|
Before Width: | Height: | Size: 23 KiB After Width: | Height: | Size: 82 KiB |
@ -4,7 +4,7 @@
|
|||||||
In this CTF you will need to solve a couple of challenges, each challenge will give you a flag which you will
|
In this CTF you will need to solve a couple of challenges, each challenge will give you a flag which you will
|
||||||
need to post in order to gain points.
|
need to post in order to gain points.
|
||||||
|
|
||||||
Flags have the following format: a7179f89-906b-4fec-9d99-f15b796e7208
|
Flags have the following format: `a7179f89-906b-4fec-9d99-f15b796e7208`
|
||||||
|
|
||||||
|
|
||||||
Have fun!!
|
Have fun!!
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user