diff --git a/src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java b/src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java index 28fab0fdd..6c34ff11b 100644 --- a/src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java +++ b/src/main/java/org/owasp/webgoat/container/assignments/AttackResult.java @@ -12,13 +12,13 @@ import org.owasp.webgoat.container.i18n.PluginMessages; @Getter public class AttackResult { - private boolean lessonCompleted; - private String feedback; + private final boolean lessonCompleted; + private final String feedback; private Object[] feedbackArgs; - private String output; + private final String output; private Object[] outputArgs; private final String assignment; - private boolean attemptWasMade; + private final boolean attemptWasMade; private AttackResult( boolean lessonCompleted, diff --git a/src/main/java/org/owasp/webgoat/container/assignments/AttackResultBuilder.java b/src/main/java/org/owasp/webgoat/container/assignments/AttackResultBuilder.java index 71b69f7e1..e9b702d05 100644 --- a/src/main/java/org/owasp/webgoat/container/assignments/AttackResultBuilder.java +++ b/src/main/java/org/owasp/webgoat/container/assignments/AttackResultBuilder.java @@ -8,7 +8,6 @@ import org.owasp.webgoat.container.i18n.PluginMessages; public class AttackResultBuilder { - private PluginMessages messages; private boolean lessonCompleted; private Object[] feedbackArgs; private String feedbackResourceBundleKey; @@ -16,13 +15,6 @@ public class AttackResultBuilder { private Object[] outputArgs; private AssignmentEndpoint assignment; private boolean attemptWasMade = false; - private boolean assignmentCompleted; - - public AttackResultBuilder(PluginMessages messages) { - this.messages = messages; - } - - public AttackResultBuilder() {} public AttackResultBuilder lessonCompleted(boolean lessonCompleted) { this.lessonCompleted = lessonCompleted; @@ -36,19 +28,6 @@ public class AttackResultBuilder { return this; } - public AttackResultBuilder assignmentCompleted(boolean assignmentCompleted) { - this.assignmentCompleted = assignmentCompleted; - this.feedbackResourceBundleKey = "assignment.completed"; - return this; - } - - public AttackResultBuilder assignmentCompleted( - boolean assignmentCompleted, String resourceBundleKey) { - this.assignmentCompleted = assignmentCompleted; - this.feedbackResourceBundleKey = resourceBundleKey; - return this; - } - public AttackResultBuilder feedbackArgs(Object... args) { this.feedbackArgs = args; return this; @@ -95,15 +74,14 @@ public class AttackResultBuilder { * *

- Assignment is set to solved - Feedback message is set to 'assignment.solved' * - *

Of course you can overwrite these values in a specific lesson + *

Of course, you can overwrite these values in a specific lesson * + * @param assignment the assignment that was solved * @return a builder for creating a result from a lesson - * @param assignment */ public static AttackResultBuilder success(AssignmentEndpoint assignment) { return new AttackResultBuilder() .lessonCompleted(true) - .assignmentCompleted(true) .attemptWasMade() .feedback("assignment.solved") .assignment(assignment); @@ -114,15 +92,14 @@ public class AttackResultBuilder { * *

- Assignment is set to not solved - Feedback message is set to 'assignment.not.solved' * - *

Of course you can overwrite these values in a specific lesson + *

Of course, you can overwrite these values in a specific lesson * + * @param assignment the assignment that was not solved * @return a builder for creating a result from a lesson - * @param assignment */ public static AttackResultBuilder failed(AssignmentEndpoint assignment) { return new AttackResultBuilder() .lessonCompleted(false) - .assignmentCompleted(true) .attemptWasMade() .feedback("assignment.not.solved") .assignment(assignment); diff --git a/src/main/java/org/owasp/webgoat/container/i18n/Language.java b/src/main/java/org/owasp/webgoat/container/i18n/Language.java index 810dc4b49..a655b897f 100644 --- a/src/main/java/org/owasp/webgoat/container/i18n/Language.java +++ b/src/main/java/org/owasp/webgoat/container/i18n/Language.java @@ -13,9 +13,6 @@ import org.springframework.web.servlet.LocaleResolver; /** * Wrapper around the LocaleResolver from Spring so we do not need to bother with passing the * HttpRequest object when asking for a Locale. - * - * @author nbaars - * @date 2/7/17 */ @AllArgsConstructor public class Language { diff --git a/src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java b/src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java index 2da67df1d..da19e42e1 100644 --- a/src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java +++ b/src/main/java/org/owasp/webgoat/container/i18n/PluginMessages.java @@ -11,9 +11,6 @@ import org.springframework.core.io.support.ResourcePatternResolver; /** * Message resource bundle for plugins. - * - * @author nbaars - * @date 2/4/17 */ public class PluginMessages extends ReloadableResourceBundleMessageSource { private static final String PROPERTIES_SUFFIX = ".properties"; diff --git a/src/main/java/org/owasp/webgoat/container/report/LessonStatistics.java b/src/main/java/org/owasp/webgoat/container/report/LessonStatistics.java deleted file mode 100644 index 812c3fc7f..000000000 --- a/src/main/java/org/owasp/webgoat/container/report/LessonStatistics.java +++ /dev/null @@ -1,7 +0,0 @@ -/* - * SPDX-FileCopyrightText: Copyright © 2024 WebGoat authors - * SPDX-License-Identifier: GPL-2.0-or-later - */ -package org.owasp.webgoat.container.report; - -record LessonStatistics(String name, boolean solved, int numberOfAttempts) {} diff --git a/src/main/java/org/owasp/webgoat/container/report/ReportCardController.java b/src/main/java/org/owasp/webgoat/container/report/ReportCardController.java index 27d85c5c2..3521ddc93 100644 --- a/src/main/java/org/owasp/webgoat/container/report/ReportCardController.java +++ b/src/main/java/org/owasp/webgoat/container/report/ReportCardController.java @@ -54,12 +54,12 @@ public class ReportCardController { lessonStatistics); } - private record ReportCard( + public record ReportCard( int totalNumberOfLessons, int totalNumberOfAssignments, long numberOfAssignmentsSolved, long numberOfLessonsSolved, List lessonStatistics) {} - private record LessonStatistics(String name, boolean solved, int numberOfAttempts) {} + public record LessonStatistics(String name, boolean solved, int numberOfAttempts) {} } diff --git a/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java b/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java index 12523e4e6..60117561a 100644 --- a/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java +++ b/src/main/java/org/owasp/webgoat/lessons/httpbasics/HttpBasicsQuiz.java @@ -16,7 +16,11 @@ import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; @RestController -@AssignmentHints({"http-basics.hints.http_basic_quiz.1", "http-basics.hints.http_basic_quiz.2"}) +@AssignmentHints({ + "http-basics.hints.http_basic_quiz.1", + "http-basics.hints.http_basic_quiz.2", + "http-basics.hints.http_basic_quiz.3" +}) public class HttpBasicsQuiz implements AssignmentEndpoint { @PostMapping("/HttpBasics/attack2") diff --git a/src/main/resources/lessons/httpbasics/documentation/HttpBasics_content1.adoc b/src/main/resources/lessons/httpbasics/documentation/HttpBasics_content1.adoc index 04b1829a8..ad3bae38a 100644 --- a/src/main/resources/lessons/httpbasics/documentation/HttpBasics_content1.adoc +++ b/src/main/resources/lessons/httpbasics/documentation/HttpBasics_content1.adoc @@ -4,5 +4,5 @@ input and display it back to the user, illustrating the basics of handling an HT == Try It! -Enter your name in the input field below and press "Go!" to submit. The server will accept the request, reverse the input -and display it back to the user, illustrating the basics of handling an HTTP request. +Enter your name in the input field below and press "Go!" to submit. Use the Developer Tools to view the HTTP request and response. +Can you see the response with the reversed username? diff --git a/src/main/resources/lessons/httpbasics/documentation/HttpBasics_content2.adoc b/src/main/resources/lessons/httpbasics/documentation/HttpBasics_content2.adoc index b5b1fe032..97ed00f0f 100644 --- a/src/main/resources/lessons/httpbasics/documentation/HttpBasics_content2.adoc +++ b/src/main/resources/lessons/httpbasics/documentation/HttpBasics_content2.adoc @@ -1,3 +1,4 @@ == The Quiz -What type of HTTP verb does WebGoat use when submitting the form in this lesson? A POST or a GET? +What type of HTTP verb does WebGoat use when submitting the form in this assignment? A POST or a GET? +And can you find the magic number? diff --git a/src/main/resources/lessons/httpbasics/documentation/HttpBasics_plan.adoc b/src/main/resources/lessons/httpbasics/documentation/HttpBasics_plan.adoc index 01b975e22..4d24cfd48 100644 --- a/src/main/resources/lessons/httpbasics/documentation/HttpBasics_plan.adoc +++ b/src/main/resources/lessons/httpbasics/documentation/HttpBasics_plan.adoc @@ -7,8 +7,7 @@ This lesson presents the basics for understanding the transfer of data between t == Goals The user should become familiar with the features of WebGoat by manipulating the above -buttons to view hints, show the HTTP request parameters, the HTTP request cookies, and the Java source code. You may also try using -link:https://www.zaproxy.org/[OWASP Zed Attack Proxy] for the first time. +buttons to view hints, show the HTTP request parameters, the HTTP request cookies, and the Java source code. You can use the default Developer Tools in your browser to view the HTTP request and response. === How HTTP works: diff --git a/src/main/resources/lessons/httpbasics/html/HttpBasics.html b/src/main/resources/lessons/httpbasics/html/HttpBasics.html index d30e1f9e2..46656f3ff 100644 --- a/src/main/resources/lessons/httpbasics/html/HttpBasics.html +++ b/src/main/resources/lessons/httpbasics/html/HttpBasics.html @@ -25,8 +25,8 @@

- Enter Your Name: + Enter your name:
@@ -71,7 +71,7 @@ What is the magic number: + name="SUBMIT" value="Go!" type="SUBMIT" class="spacing" /> diff --git a/src/main/resources/lessons/httpbasics/i18n/WebGoatLabels.properties b/src/main/resources/lessons/httpbasics/i18n/WebGoatLabels.properties index 955183140..fd6e34f4b 100644 --- a/src/main/resources/lessons/httpbasics/i18n/WebGoatLabels.properties +++ b/src/main/resources/lessons/httpbasics/i18n/WebGoatLabels.properties @@ -3,10 +3,10 @@ http-basics.Go!=Go! 1.http-basics.title=HTTP Basics -http-basics.hints.http_basics_lesson.1=Type in your name and press 'go' -http-basics.hints.http_basic_quiz.1=Turn on Show Parameters or other features -http-basics.hints.http_basic_quiz.2=Try to intercept the request with OWASP ZAP - +http-basics.hints.http_basics_lesson.1=Type in your name and press 'Go' +http-basics.hints.http_basic_quiz.1=You can use developer tools in your browser to inspect the HTML source +http-basics.hints.http_basic_quiz.2=Search for the form tag in the HTML source +http-basics.hints.http_basic_quiz.3=You can submit the form and examine the request payload in the developer tools. http-basics.empty=Try again, name cannot be empty. http-basics.reversed=The server has reversed your name: {0} diff --git a/src/main/resources/webgoat/static/css/main.css b/src/main/resources/webgoat/static/css/main.css index 754f3dd0d..77b2c38f7 100644 --- a/src/main/resources/webgoat/static/css/main.css +++ b/src/main/resources/webgoat/static/css/main.css @@ -1436,3 +1436,7 @@ pre .conum { b.conum * { color: inherit !important } + +.spacing { + margin-left: 5px; +}