Fix

webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java

@@ -57,6 +57,9 @@ public class Assignment {
     }
 
     public Assignment(String name, String path, List<String> hints) {
+        if (path.equals("")) {
+            System.out.println(name);
+        }
         this.name = name;
         this.path = path;
         this.hints = hints;

webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequest.java

@@ -25,21 +25,22 @@ package org.owasp.webgoat.http_proxies;
 import org.owasp.webgoat.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.assignments.AssignmentPath;
 import org.owasp.webgoat.assignments.AttackResult;
+import org.springframework.http.HttpMethod;
 import org.springframework.web.bind.MissingServletRequestParameterException;
 import org.springframework.web.bind.annotation.*;
 
+import javax.servlet.http.HttpServletRequest;
+
 @RestController
 public class HttpBasicsInterceptRequest extends AssignmentEndpoint {
 
-//    @ExceptionHandler(MissingServletRequestParameterException.class)
+    @RequestMapping(path = "/HttpProxies/intercept-request", method = {RequestMethod.POST, RequestMethod.GET})
-//    public AttackResult handleMissingParams() {
-//        return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
-//    }
-
-    @GetMapping("/HttpProxies/intercept-request")
     @ResponseBody
     public AttackResult completed(@RequestHeader(value = "x-request-intercepted", required = false) Boolean headerValue,
-                                  @RequestParam(value = "changeMe", required = false) String paramValue) {
+                                  @RequestParam(value = "changeMe", required = false) String paramValue, HttpServletRequest request) {
+        if (HttpMethod.POST.matches(request.getMethod())) {
+            return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
+        }
         if (headerValue != null && paramValue != null && headerValue && "Requests are tampered easily".equalsIgnoreCase(paramValue)) {
             return trackProgress(success().feedback("http-proxies.intercept.success").build());
         } else {
@@ -47,9 +48,9 @@ public class HttpBasicsInterceptRequest extends AssignmentEndpoint {
         }
     }
 
-//    @PostMapping("/HttpProxies/intercept-request")
+    @ExceptionHandler(MissingServletRequestParameterException.class)
-//    @ResponseBody
+    public AttackResult handleMissingParams() {
-//    public AttackResult post() {
+        return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
-//        return trackProgress(failed().feedback("http-proxies.intercept.failure").build());
+    }
-//    }
+
 }

webgoat-lessons/http-proxies/src/test/java/org/owasp/webgoat/http_proxies/HttpBasicsInterceptRequestTest.java

@@ -88,13 +88,13 @@ public class HttpBasicsInterceptRequestTest extends AssignmentEndpointTest {
                 .andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
     }
 
-//    @Test
+    @Test
-//    public void whenPostAssignmentShouldNotPass() throws Exception {
+    public void whenPostAssignmentShouldNotPass() throws Exception {
-//        mockMvc.perform(MockMvcRequestBuilders.post("/HttpProxies/intercept-request")
+        mockMvc.perform(MockMvcRequestBuilders.post("/HttpProxies/intercept-request")
-//                .header("x-request-intercepted", "true")
+                .header("x-request-intercepted", "true")
-//                .param("changeMe", "Requests are tampered easily"))
+                .param("changeMe", "Requests are tampered easily"))
-//                .andExpect(status().isOk())
+                .andExpect(status().isOk())
-//                .andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("http-proxies.intercept.failure"))))
+                .andExpect(jsonPath("$.feedback", CoreMatchers.is(messages.getMessage("http-proxies.intercept.failure"))))
-//                .andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
+                .andExpect(jsonPath("$.lessonCompleted", CoreMatchers.is(false)));
-//    }
+    }
 }