feat: upgrade to Spring Boot version 3 (#1477)
This commit is contained in:
Nanne Baars
GitHub
@@ -22,13 +22,13 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.authbypass;
|
||||
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.io.IOException;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||
|
||||
@@ -26,8 +26,6 @@ import lombok.AllArgsConstructor;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||
import org.owasp.webgoat.container.session.WebSession;
|
||||
import org.owasp.webgoat.container.users.UserTracker;
|
||||
import org.owasp.webgoat.container.users.UserTrackerRepository;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
@@ -38,25 +36,17 @@ import org.springframework.web.bind.annotation.RestController;
|
||||
@AllArgsConstructor
|
||||
public class FlagController extends AssignmentEndpoint {
|
||||
|
||||
private final UserTrackerRepository userTrackerRepository;
|
||||
private final WebSession webSession;
|
||||
private final Flags flags;
|
||||
|
||||
@PostMapping(path = "/challenge/flag", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
public AttackResult postFlag(@RequestParam String flag) {
|
||||
UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());
|
||||
Flag expectedFlag = flags.getFlag(webSession.getCurrentLesson());
|
||||
final AttackResult attackResult;
|
||||
if (expectedFlag.isCorrect(flag)) {
|
||||
userTracker.assignmentSolved(
|
||||
webSession.getCurrentLesson(), "Assignment" + expectedFlag.number());
|
||||
attackResult = success(this).feedback("challenge.flag.correct").build();
|
||||
return success(this).feedback("challenge.flag.correct").build();
|
||||
} else {
|
||||
userTracker.assignmentFailed(webSession.getCurrentLesson());
|
||||
attackResult = failed(this).feedback("challenge.flag.incorrect").build();
|
||||
return failed(this).feedback("challenge.flag.incorrect").build();
|
||||
}
|
||||
userTrackerRepository.save(userTracker);
|
||||
return attackResult;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
package org.owasp.webgoat.lessons.challenges.challenge7;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import java.time.LocalDateTime;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
package org.owasp.webgoat.lessons.challenges.challenge8;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.stream.Collectors;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.clientsidefiltering;
|
||||
|
||||
import jakarta.annotation.PostConstruct;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.FileOutputStream;
|
||||
@@ -31,7 +32,6 @@ import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import javax.annotation.PostConstruct;
|
||||
import javax.xml.xpath.XPath;
|
||||
import javax.xml.xpath.XPathConstants;
|
||||
import javax.xml.xpath.XPathExpressionException;
|
||||
|
||||
@@ -22,9 +22,9 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.cryptography;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.util.Base64;
|
||||
import java.util.Random;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||
import org.springframework.http.MediaType;
|
||||
|
||||
@@ -22,10 +22,10 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.cryptography;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.Random;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.xml.bind.DatatypeConverter;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||
|
||||
@@ -22,11 +22,11 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.cryptography;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.KeyPair;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.xml.bind.DatatypeConverter;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
|
||||
@@ -24,11 +24,11 @@ package org.owasp.webgoat.lessons.csrf;
|
||||
|
||||
import com.fasterxml.jackson.databind.DeserializationFeature;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import jakarta.servlet.http.Cookie;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.io.IOException;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.apache.commons.lang3.exception.ExceptionUtils;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||
|
||||
@@ -22,10 +22,10 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.csrf;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Random;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.owasp.webgoat.container.i18n.PluginMessages;
|
||||
import org.owasp.webgoat.container.session.UserSessionData;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
||||
@@ -22,7 +22,7 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.csrf;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||
|
||||
@@ -25,6 +25,7 @@ package org.owasp.webgoat.lessons.csrf;
|
||||
import static org.springframework.http.MediaType.ALL_VALUE;
|
||||
|
||||
import com.google.common.collect.Lists;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.time.LocalDateTime;
|
||||
import java.time.format.DateTimeFormatter;
|
||||
import java.util.ArrayList;
|
||||
@@ -32,7 +33,6 @@ import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||
|
||||
@@ -22,8 +22,8 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.hijacksession;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import jakarta.servlet.http.Cookie;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||
|
||||
@@ -22,7 +22,7 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.httpproxies;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||
import org.springframework.http.HttpMethod;
|
||||
|
||||
@@ -22,9 +22,9 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.idor;
|
||||
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||
|
||||
@@ -31,14 +31,14 @@ import io.jsonwebtoken.Jwt;
|
||||
import io.jsonwebtoken.JwtException;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.impl.TextCodec;
|
||||
import jakarta.annotation.PostConstruct;
|
||||
import jakarta.servlet.http.Cookie;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import java.time.Duration;
|
||||
import java.time.Instant;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import javax.annotation.PostConstruct;
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||
|
||||
@@ -22,10 +22,10 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.logging;
|
||||
|
||||
import jakarta.annotation.PostConstruct;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Base64;
|
||||
import java.util.UUID;
|
||||
import javax.annotation.PostConstruct;
|
||||
import org.apache.logging.log4j.util.Strings;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||
|
||||
@@ -22,8 +22,8 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.passwordreset;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.util.UUID;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package org.owasp.webgoat.lessons.passwordreset.resetlink;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
import javax.validation.constraints.Size;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import jakarta.validation.constraints.Size;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
package org.owasp.webgoat.lessons.pathtraversal;
|
||||
|
||||
import jakarta.annotation.PostConstruct;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.io.File;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
@@ -8,8 +10,6 @@ import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import java.nio.file.Files;
|
||||
import java.util.Base64;
|
||||
import javax.annotation.PostConstruct;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.commons.lang3.RandomUtils;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
|
||||
@@ -22,9 +22,9 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.spoofcookie;
|
||||
|
||||
import jakarta.servlet.http.Cookie;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import java.util.Map;
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||
|
||||
@@ -22,11 +22,11 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.sqlinjection.introduction;
|
||||
|
||||
import jakarta.annotation.PostConstruct;
|
||||
import java.sql.Connection;
|
||||
import java.sql.ResultSet;
|
||||
import java.sql.SQLException;
|
||||
import java.sql.Statement;
|
||||
import javax.annotation.PostConstruct;
|
||||
import org.owasp.webgoat.container.LessonDataSource;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||
|
||||
@@ -22,9 +22,9 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.sqlinjection.introduction;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.io.IOException;
|
||||
import java.sql.*;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.owasp.webgoat.container.LessonDataSource;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||
|
||||
@@ -22,9 +22,9 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.webwolfintroduction;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||
|
||||
@@ -22,8 +22,8 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.xss;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import java.security.SecureRandom;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||
import org.owasp.webgoat.container.session.UserSessionData;
|
||||
|
||||
@@ -22,7 +22,8 @@
|
||||
|
||||
package org.owasp.webgoat.lessons.xxe;
|
||||
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
import jakarta.xml.bind.annotation.XmlRootElement;
|
||||
import jakarta.xml.bind.annotation.XmlType;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
@@ -37,7 +38,8 @@ import lombok.ToString;
|
||||
@Setter
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
@XmlRootElement
|
||||
@XmlRootElement(name = "comment")
|
||||
@XmlType
|
||||
@ToString
|
||||
public class Comment {
|
||||
private String user;
|
||||
|
||||
@@ -26,6 +26,8 @@ import static java.util.Optional.empty;
|
||||
import static java.util.Optional.of;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import jakarta.xml.bind.JAXBContext;
|
||||
import jakarta.xml.bind.JAXBException;
|
||||
import java.io.IOException;
|
||||
import java.io.StringReader;
|
||||
import java.time.LocalDateTime;
|
||||
@@ -36,8 +38,6 @@ import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.bind.JAXBContext;
|
||||
import javax.xml.bind.JAXBException;
|
||||
import javax.xml.stream.XMLInputFactory;
|
||||
import javax.xml.stream.XMLStreamException;
|
||||
import org.owasp.webgoat.container.session.WebSession;
|
||||
@@ -93,7 +93,7 @@ public class CommentsCache {
|
||||
* progress etc). In real life the XmlMapper bean defined above will be used automatically and the
|
||||
* Comment class can be directly used in the controller method (instead of a String)
|
||||
*/
|
||||
protected Comment parseXml(String xml) throws JAXBException, XMLStreamException {
|
||||
protected Comment parseXml(String xml) throws XMLStreamException, JAXBException {
|
||||
var jc = JAXBContext.newInstance(Comment.class);
|
||||
var xif = XMLInputFactory.newInstance();
|
||||
|
||||
|
||||
@@ -24,7 +24,7 @@ package org.owasp.webgoat.lessons.xxe;
|
||||
|
||||
import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.apache.commons.exec.OS;
|
||||
import org.apache.commons.lang3.exception.ExceptionUtils;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
@@ -60,8 +60,7 @@ public class ContentTypeAssignment extends AssignmentEndpoint {
|
||||
public AttackResult createNewUser(
|
||||
HttpServletRequest request,
|
||||
@RequestBody String commentStr,
|
||||
@RequestHeader("Content-Type") String contentType)
|
||||
throws Exception {
|
||||
@RequestHeader("Content-Type") String contentType) {
|
||||
AttackResult attackResult = failed(this).build();
|
||||
|
||||
if (APPLICATION_JSON_VALUE.equals(contentType)) {
|
||||
|
||||
@@ -25,7 +25,7 @@ package org.owasp.webgoat.lessons.xxe;
|
||||
import static org.springframework.http.MediaType.ALL_VALUE;
|
||||
import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.apache.commons.exec.OS;
|
||||
import org.apache.commons.lang3.exception.ExceptionUtils;
|
||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||
|
||||
Reference in New Issue
Block a user