feat: upgrade to Spring Boot version 3 (#1477)
This commit is contained in:
DockerfileFAQ.mdpom.xml
src
it
main
java
org
owasp
webgoat
container
AjaxAuthenticationEntryPoint.javaAsciiDoctorTemplateResolver.javaDatabaseConfiguration.javaMvcConfiguration.javaWebSecurityConfig.java
asciidoc
assignments
controller
lessons
users
lessons
authbypass
challenges
clientsidefiltering
cryptography
csrf
hijacksession
httpproxies
idor
jwt
logging
passwordreset
pathtraversal
spoofcookie
sqlinjection
webwolfintroduction
xss
xxe
webwolf
resources
application-webgoat.propertiesapplication-webwolf.properties
db
container
lessons
authbypass
html
bypassrestrictions
challenges
chromedevtools
cia
html
clientsidefiltering
cryptography
csrf
html
deserialization
hijacksession
htmltampering
httpbasics
html
httpproxies
html
idor
html
insecurelogin
jwt
html
lessontemplate
documentation
html
logging
html
missingac
passwordreset
pathtraversal
securepasswords
spoofcookie
sqlinjection
ssrf
html
vulnerablecomponents
webgoatintroduction
webwolfintroduction
xss
xxe
html
webgoat
templates
webwolf
test
java
org
owasp
webgoat
container
plugins
lessons
csrf
hijacksession
jwt
spoofcookie
xxe
webwolf
mailbox
@ -27,6 +27,8 @@ ENTRYPOINT [ "java", \
|
|||||||
"--add-opens", "java.base/sun.nio.ch=ALL-UNNAMED", \
|
"--add-opens", "java.base/sun.nio.ch=ALL-UNNAMED", \
|
||||||
"--add-opens", "java.base/java.io=ALL-UNNAMED", \
|
"--add-opens", "java.base/java.io=ALL-UNNAMED", \
|
||||||
"--add-opens", "java.base/java.util=ALL-UNNAMED", \
|
"--add-opens", "java.base/java.util=ALL-UNNAMED", \
|
||||||
|
"--add-opens", "java.base/sun.nio.ch=ALL-UNNAMED", \
|
||||||
|
"--add-opens", "java.base/java.io=ALL-UNNAMED", \
|
||||||
"-Drunning.in.docker=true", \
|
"-Drunning.in.docker=true", \
|
||||||
"-Dwebgoat.host=0.0.0.0", \
|
"-Dwebgoat.host=0.0.0.0", \
|
||||||
"-Dwebwolf.host=0.0.0.0", \
|
"-Dwebwolf.host=0.0.0.0", \
|
||||||
|
8
FAQ.md
Normal file
8
FAQ.md
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# FAQ for development
|
||||||
|
|
||||||
|
## Introduction
|
||||||
|
|
||||||
|
### Integration tests fail
|
||||||
|
|
||||||
|
Try to run the command in the console `java -jar ...` and remove `-Dlogging.pattern.console=` from the command line.
|
||||||
|
|
44
pom.xml
44
pom.xml
@ -1,13 +1,13 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
|
||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-starter-parent</artifactId>
|
<artifactId>spring-boot-starter-parent</artifactId>
|
||||||
<version>2.7.1</version>
|
<version>3.0.5</version>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<groupId>org.owasp.webgoat</groupId>
|
<groupId>org.owasp.webgoat</groupId>
|
||||||
<artifactId>webgoat</artifactId>
|
<artifactId>webgoat</artifactId>
|
||||||
<version>2023.5-SNAPSHOT</version>
|
<version>2023.5-SNAPSHOT</version>
|
||||||
@ -27,6 +27,7 @@
|
|||||||
<url>https://www.gnu.org/licenses/gpl-2.0.txt</url>
|
<url>https://www.gnu.org/licenses/gpl-2.0.txt</url>
|
||||||
</license>
|
</license>
|
||||||
</licenses>
|
</licenses>
|
||||||
|
|
||||||
<developers>
|
<developers>
|
||||||
<developer>
|
<developer>
|
||||||
<id>mayhew64</id>
|
<id>mayhew64</id>
|
||||||
@ -94,7 +95,6 @@
|
|||||||
<archive>http://lists.owasp.org/pipermail/owasp-webgoat/</archive>
|
<archive>http://lists.owasp.org/pipermail/owasp-webgoat/</archive>
|
||||||
</mailingList>
|
</mailingList>
|
||||||
</mailingLists>
|
</mailingLists>
|
||||||
|
|
||||||
<scm>
|
<scm>
|
||||||
<connection>scm:git:git@github.com:WebGoat/WebGoat.git</connection>
|
<connection>scm:git:git@github.com:WebGoat/WebGoat.git</connection>
|
||||||
<developerConnection>scm:git:git@github.com:WebGoat/WebGoat.git</developerConnection>
|
<developerConnection>scm:git:git@github.com:WebGoat/WebGoat.git</developerConnection>
|
||||||
@ -110,7 +110,8 @@
|
|||||||
<properties>
|
<properties>
|
||||||
<!-- Shared properties with plugins and version numbers across submodules-->
|
<!-- Shared properties with plugins and version numbers across submodules-->
|
||||||
<asciidoctorj.version>2.5.3</asciidoctorj.version>
|
<asciidoctorj.version>2.5.3</asciidoctorj.version>
|
||||||
<bootstrap.version>5.2.3</bootstrap.version>
|
<!-- Upgrading needs UI work in WebWolf -->
|
||||||
|
<bootstrap.version>3.3.7</bootstrap.version>
|
||||||
<cglib.version>3.3.0</cglib.version>
|
<cglib.version>3.3.0</cglib.version>
|
||||||
<!-- do not update necessary for lesson -->
|
<!-- do not update necessary for lesson -->
|
||||||
<checkstyle.version>3.2.1</checkstyle.version>
|
<checkstyle.version>3.2.1</checkstyle.version>
|
||||||
@ -121,6 +122,7 @@
|
|||||||
<guava.version>31.1-jre</guava.version>
|
<guava.version>31.1-jre</guava.version>
|
||||||
<jacoco.version>0.8.10</jacoco.version>
|
<jacoco.version>0.8.10</jacoco.version>
|
||||||
<java.version>17</java.version>
|
<java.version>17</java.version>
|
||||||
|
<jaxb.version>2.3.1</jaxb.version>
|
||||||
<jjwt.version>0.9.1</jjwt.version>
|
<jjwt.version>0.9.1</jjwt.version>
|
||||||
<jose4j.version>0.9.3</jose4j.version>
|
<jose4j.version>0.9.3</jose4j.version>
|
||||||
<jquery.version>3.5.1</jquery.version>
|
<jquery.version>3.5.1</jquery.version>
|
||||||
@ -137,7 +139,7 @@
|
|||||||
<!-- Use UTF-8 Encoding -->
|
<!-- Use UTF-8 Encoding -->
|
||||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||||
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
|
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
|
||||||
<thymeleaf.version>3.0.15.RELEASE</thymeleaf.version>
|
<thymeleaf.version>3.1.1.RELEASE</thymeleaf.version>
|
||||||
<webdriver.version>5.3.2</webdriver.version>
|
<webdriver.version>5.3.2</webdriver.version>
|
||||||
<webgoat.port>8080</webgoat.port>
|
<webgoat.port>8080</webgoat.port>
|
||||||
<webwolf.port>9090</webwolf.port>
|
<webwolf.port>9090</webwolf.port>
|
||||||
@ -250,7 +252,6 @@
|
|||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
</dependencyManagement>
|
</dependencyManagement>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.commons</groupId>
|
<groupId>org.apache.commons</groupId>
|
||||||
@ -269,6 +270,7 @@
|
|||||||
<dependency>
|
<dependency>
|
||||||
<groupId>javax.xml.bind</groupId>
|
<groupId>javax.xml.bind</groupId>
|
||||||
<artifactId>jaxb-api</artifactId>
|
<artifactId>jaxb-api</artifactId>
|
||||||
|
<version>${jaxb.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
@ -310,7 +312,11 @@
|
|||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.thymeleaf.extras</groupId>
|
<groupId>org.thymeleaf.extras</groupId>
|
||||||
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
|
<artifactId>thymeleaf-extras-springsecurity6</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>jakarta.servlet</groupId>
|
||||||
|
<artifactId>jakarta.servlet-api</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.hsqldb</groupId>
|
<groupId>org.hsqldb</groupId>
|
||||||
@ -369,8 +375,13 @@
|
|||||||
<artifactId>jquery</artifactId>
|
<artifactId>jquery</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.glassfish.jaxb</groupId>
|
<groupId>jakarta.xml.bind</groupId>
|
||||||
<artifactId>jaxb-runtime</artifactId>
|
<artifactId>jakarta.xml.bind-api</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.sun.xml.bind</groupId>
|
||||||
|
<artifactId>jaxb-impl</artifactId>
|
||||||
|
<scope>runtime</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
<dependency>
|
<dependency>
|
||||||
@ -386,6 +397,7 @@
|
|||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.github.tomakehurst</groupId>
|
<groupId>com.github.tomakehurst</groupId>
|
||||||
<artifactId>wiremock</artifactId>
|
<artifactId>wiremock</artifactId>
|
||||||
|
<version>3.0.0-beta-2</version>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
@ -393,6 +405,11 @@
|
|||||||
<artifactId>rest-assured</artifactId>
|
<artifactId>rest-assured</artifactId>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-properties-migrator</artifactId>
|
||||||
|
<scope>runtime</scope>
|
||||||
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
<repositories>
|
<repositories>
|
||||||
@ -490,7 +507,8 @@
|
|||||||
<argLine>--add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED
|
<argLine>--add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED
|
||||||
--add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED
|
--add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED
|
||||||
--add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED
|
--add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED
|
||||||
--add-opens java.base/java.text=ALL-UNNAMED --add-opens java.desktop/java.awt.font=ALL-UNNAMED</argLine>
|
--add-opens java.base/java.text=ALL-UNNAMED --add-opens java.desktop/java.awt.font=ALL-UNNAMED
|
||||||
|
--add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED</argLine>
|
||||||
<excludes>
|
<excludes>
|
||||||
<exclude>**/*IntegrationTest.java</exclude>
|
<exclude>**/*IntegrationTest.java</exclude>
|
||||||
<exclude>src/it/java</exclude>
|
<exclude>src/it/java</exclude>
|
||||||
@ -678,6 +696,10 @@
|
|||||||
<argument>java.base/java.io=ALL-UNNAMED</argument>
|
<argument>java.base/java.io=ALL-UNNAMED</argument>
|
||||||
<argument>--add-opens</argument>
|
<argument>--add-opens</argument>
|
||||||
<argument>java.base/java.util=ALL-UNNAMED</argument>
|
<argument>java.base/java.util=ALL-UNNAMED</argument>
|
||||||
|
<argument>--add-opens</argument>
|
||||||
|
<argument>java.base/sun.nio.ch=ALL-UNNAMED</argument>
|
||||||
|
<argument>--add-opens</argument>
|
||||||
|
<argument>java.base/java.io=ALL-UNNAMED</argument>
|
||||||
<argument>${project.build.directory}/webgoat-${project.version}.jar</argument>
|
<argument>${project.build.directory}/webgoat-${project.version}.jar</argument>
|
||||||
</arguments>
|
</arguments>
|
||||||
<waitForInterrupt>false</waitForInterrupt>
|
<waitForInterrupt>false</waitForInterrupt>
|
||||||
|
@ -5,7 +5,6 @@ import static org.junit.jupiter.api.DynamicTest.dynamicTest;
|
|||||||
import io.restassured.RestAssured;
|
import io.restassured.RestAssured;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import lombok.SneakyThrows;
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.assertj.core.api.Assertions;
|
import org.assertj.core.api.Assertions;
|
||||||
import org.junit.jupiter.api.AfterEach;
|
import org.junit.jupiter.api.AfterEach;
|
||||||
@ -16,7 +15,6 @@ import org.junit.jupiter.api.TestFactory;
|
|||||||
public class PasswordResetLessonIntegrationTest extends IntegrationTest {
|
public class PasswordResetLessonIntegrationTest extends IntegrationTest {
|
||||||
|
|
||||||
@BeforeEach
|
@BeforeEach
|
||||||
@SneakyThrows
|
|
||||||
public void init() {
|
public void init() {
|
||||||
startLesson("/PasswordReset");
|
startLesson("/PasswordReset");
|
||||||
}
|
}
|
||||||
|
@ -29,9 +29,9 @@ public class ProgressRaceConditionIntegrationTest extends IntegrationTest {
|
|||||||
.relaxedHTTPSValidation()
|
.relaxedHTTPSValidation()
|
||||||
.cookie("JSESSIONID", getWebGoatCookie())
|
.cookie("JSESSIONID", getWebGoatCookie())
|
||||||
.formParams(Map.of("flag", "test"))
|
.formParams(Map.of("flag", "test"))
|
||||||
.post(url("/challenge/flag/"));
|
.post(url("/challenge/flag"));
|
||||||
};
|
};
|
||||||
ExecutorService executorService = Executors.newWorkStealingPool(NUMBER_OF_PARALLEL_THREADS);
|
ExecutorService executorService = Executors.newFixedThreadPool(NUMBER_OF_PARALLEL_THREADS);
|
||||||
List<? extends Callable<Response>> flagCalls =
|
List<? extends Callable<Response>> flagCalls =
|
||||||
IntStream.range(0, NUMBER_OF_CALLS).mapToObj(i -> call).collect(Collectors.toList());
|
IntStream.range(0, NUMBER_OF_CALLS).mapToObj(i -> call).collect(Collectors.toList());
|
||||||
var responses = executorService.invokeAll(flagCalls);
|
var responses = executorService.invokeAll(flagCalls);
|
||||||
|
@ -27,10 +27,10 @@
|
|||||||
*/
|
*/
|
||||||
package org.owasp.webgoat.container;
|
package org.owasp.webgoat.container;
|
||||||
|
|
||||||
|
import jakarta.servlet.ServletException;
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
|
import jakarta.servlet.http.HttpServletResponse;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import javax.servlet.ServletException;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
||||||
|
|
||||||
|
@ -33,6 +33,7 @@ package org.owasp.webgoat.container;
|
|||||||
import static org.asciidoctor.Asciidoctor.Factory.create;
|
import static org.asciidoctor.Asciidoctor.Factory.create;
|
||||||
|
|
||||||
import io.undertow.util.Headers;
|
import io.undertow.util.Headers;
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.InputStreamReader;
|
import java.io.InputStreamReader;
|
||||||
@ -41,7 +42,6 @@ import java.util.HashMap;
|
|||||||
import java.util.Locale;
|
import java.util.Locale;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.asciidoctor.Asciidoctor;
|
import org.asciidoctor.Asciidoctor;
|
||||||
import org.asciidoctor.extension.JavaExtensionRegistry;
|
import org.asciidoctor.extension.JavaExtensionRegistry;
|
||||||
@ -60,7 +60,7 @@ import org.thymeleaf.templateresource.StringTemplateResource;
|
|||||||
* Thymeleaf resolver for AsciiDoc used in the lesson, can be used as follows inside a lesson file:
|
* Thymeleaf resolver for AsciiDoc used in the lesson, can be used as follows inside a lesson file:
|
||||||
*
|
*
|
||||||
* <p><code>
|
* <p><code>
|
||||||
* <div th:replace="doc:AccessControlMatrix_plan.adoc"></div>
|
* <div th:replace="~{doc:AccessControlMatrix_plan.adoc}"></div>
|
||||||
* </code>
|
* </code>
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
|
@ -50,12 +50,13 @@ public class DatabaseConfiguration {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public Function<String, Flyway> flywayLessons(LessonDataSource lessonDataSource) {
|
public Function<String, Flyway> flywayLessons() {
|
||||||
return schema ->
|
return schema ->
|
||||||
Flyway.configure()
|
Flyway.configure()
|
||||||
.configuration(Map.of("driver", properties.getDriverClassName()))
|
.configuration(Map.of("driver", properties.getDriverClassName()))
|
||||||
.schemas(schema)
|
.schemas(schema)
|
||||||
.dataSource(lessonDataSource)
|
.cleanDisabled(false)
|
||||||
|
.dataSource(dataSource())
|
||||||
.locations("lessons")
|
.locations("lessons")
|
||||||
.load();
|
.load();
|
||||||
}
|
}
|
||||||
|
@ -56,10 +56,10 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
|||||||
import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
|
import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
|
||||||
import org.springframework.web.servlet.i18n.SessionLocaleResolver;
|
import org.springframework.web.servlet.i18n.SessionLocaleResolver;
|
||||||
import org.thymeleaf.IEngineConfiguration;
|
import org.thymeleaf.IEngineConfiguration;
|
||||||
import org.thymeleaf.extras.springsecurity5.dialect.SpringSecurityDialect;
|
import org.thymeleaf.extras.springsecurity6.dialect.SpringSecurityDialect;
|
||||||
import org.thymeleaf.spring5.SpringTemplateEngine;
|
import org.thymeleaf.spring6.SpringTemplateEngine;
|
||||||
import org.thymeleaf.spring5.templateresolver.SpringResourceTemplateResolver;
|
import org.thymeleaf.spring6.templateresolver.SpringResourceTemplateResolver;
|
||||||
import org.thymeleaf.spring5.view.ThymeleafViewResolver;
|
import org.thymeleaf.spring6.view.ThymeleafViewResolver;
|
||||||
import org.thymeleaf.templatemode.TemplateMode;
|
import org.thymeleaf.templatemode.TemplateMode;
|
||||||
import org.thymeleaf.templateresolver.FileTemplateResolver;
|
import org.thymeleaf.templateresolver.FileTemplateResolver;
|
||||||
import org.thymeleaf.templateresolver.ITemplateResolver;
|
import org.thymeleaf.templateresolver.ITemplateResolver;
|
||||||
|
@ -37,26 +37,26 @@ import org.springframework.context.annotation.Bean;
|
|||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
|
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
|
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
/** Security configuration for WebGoat. */
|
/** Security configuration for WebGoat. */
|
||||||
@Configuration
|
@Configuration
|
||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
public class WebSecurityConfig {
|
||||||
|
|
||||||
private final UserService userDetailsService;
|
private final UserService userDetailsService;
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security =
|
http.authorizeHttpRequests(
|
||||||
http.authorizeRequests()
|
auth ->
|
||||||
.antMatchers(
|
auth.requestMatchers(
|
||||||
"/css/**",
|
"/css/**",
|
||||||
"/images/**",
|
"/images/**",
|
||||||
"/js/**",
|
"/js/**",
|
||||||
@ -67,20 +67,19 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
"/actuator/**")
|
"/actuator/**")
|
||||||
.permitAll()
|
.permitAll()
|
||||||
.anyRequest()
|
.anyRequest()
|
||||||
.authenticated();
|
.authenticated());
|
||||||
security
|
http.formLogin()
|
||||||
.and()
|
|
||||||
.formLogin()
|
|
||||||
.loginPage("/login")
|
.loginPage("/login")
|
||||||
.defaultSuccessUrl("/welcome.mvc", true)
|
.defaultSuccessUrl("/welcome.mvc", true)
|
||||||
.usernameParameter("username")
|
.usernameParameter("username")
|
||||||
.passwordParameter("password")
|
.passwordParameter("password")
|
||||||
.permitAll();
|
.permitAll();
|
||||||
security.and().logout().deleteCookies("JSESSIONID").invalidateHttpSession(true);
|
http.logout().deleteCookies("JSESSIONID").invalidateHttpSession(true);
|
||||||
security.and().csrf().disable();
|
http.csrf().disable();
|
||||||
|
|
||||||
http.headers().cacheControl().disable();
|
http.headers().cacheControl().disable();
|
||||||
http.exceptionHandling().authenticationEntryPoint(new AjaxAuthenticationEntryPoint("/login"));
|
http.exceptionHandling().authenticationEntryPoint(new AjaxAuthenticationEntryPoint("/login"));
|
||||||
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
@ -89,15 +88,14 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Override
|
public UserDetailsService userDetailsServiceBean() {
|
||||||
public UserDetailsService userDetailsServiceBean() throws Exception {
|
|
||||||
return userDetailsService;
|
return userDetailsService;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
@Bean
|
@Bean
|
||||||
protected AuthenticationManager authenticationManager() throws Exception {
|
public AuthenticationManager authenticationManager(
|
||||||
return super.authenticationManager();
|
AuthenticationConfiguration authenticationConfiguration) throws Exception {
|
||||||
|
return authenticationConfiguration.getAuthenticationManager();
|
||||||
}
|
}
|
||||||
|
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
package org.owasp.webgoat.container.asciidoc;
|
package org.owasp.webgoat.container.asciidoc;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import org.asciidoctor.ast.ContentNode;
|
import org.asciidoctor.ast.ContentNode;
|
||||||
import org.asciidoctor.extension.InlineMacroProcessor;
|
import org.asciidoctor.extension.InlineMacroProcessor;
|
||||||
import org.springframework.web.context.request.RequestContextHolder;
|
import org.springframework.web.context.request.RequestContextHolder;
|
||||||
|
@ -75,7 +75,8 @@ public class LessonTrackerInterceptor implements ResponseBodyAdvice<Object> {
|
|||||||
} else {
|
} else {
|
||||||
userTracker.assignmentFailed(webSession.getCurrentLesson());
|
userTracker.assignmentFailed(webSession.getCurrentLesson());
|
||||||
}
|
}
|
||||||
userTrackerRepository.saveAndFlush(userTracker);
|
userTrackerRepository.save(userTracker);
|
||||||
|
|
||||||
return attackResult;
|
return attackResult;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -31,7 +31,7 @@
|
|||||||
*/
|
*/
|
||||||
package org.owasp.webgoat.container.controller;
|
package org.owasp.webgoat.container.controller;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import org.owasp.webgoat.container.session.Course;
|
import org.owasp.webgoat.container.session.Course;
|
||||||
import org.owasp.webgoat.container.session.WebSession;
|
import org.owasp.webgoat.container.session.WebSession;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
|
@ -29,8 +29,8 @@
|
|||||||
*/
|
*/
|
||||||
package org.owasp.webgoat.container.controller;
|
package org.owasp.webgoat.container.controller;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpSession;
|
import jakarta.servlet.http.HttpSession;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
import org.springframework.web.servlet.ModelAndView;
|
import org.springframework.web.servlet.ModelAndView;
|
||||||
@ -49,7 +49,7 @@ public class Welcome {
|
|||||||
/**
|
/**
|
||||||
* welcome.
|
* welcome.
|
||||||
*
|
*
|
||||||
* @param request a {@link javax.servlet.http.HttpServletRequest} object.
|
* @param request a {@link jakarta.servlet.http.HttpServletRequest} object.
|
||||||
* @return a {@link org.springframework.web.servlet.ModelAndView} object.
|
* @return a {@link org.springframework.web.servlet.ModelAndView} object.
|
||||||
*/
|
*/
|
||||||
@GetMapping(path = {"welcome.mvc"})
|
@GetMapping(path = {"welcome.mvc"})
|
||||||
|
@ -1,9 +1,14 @@
|
|||||||
package org.owasp.webgoat.container.lessons;
|
package org.owasp.webgoat.container.lessons;
|
||||||
|
|
||||||
|
import jakarta.persistence.Entity;
|
||||||
|
import jakarta.persistence.GeneratedValue;
|
||||||
|
import jakarta.persistence.GenerationType;
|
||||||
|
import jakarta.persistence.Id;
|
||||||
|
import jakarta.persistence.Transient;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import javax.persistence.*;
|
import lombok.EqualsAndHashCode;
|
||||||
import lombok.*;
|
import lombok.Getter;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ************************************************************************************************
|
* ************************************************************************************************
|
||||||
@ -41,7 +46,7 @@ import lombok.*;
|
|||||||
public class Assignment {
|
public class Assignment {
|
||||||
|
|
||||||
@Id
|
@Id
|
||||||
@GeneratedValue(strategy = GenerationType.AUTO)
|
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||||
private Long id;
|
private Long id;
|
||||||
|
|
||||||
private String name;
|
private String name;
|
||||||
|
@ -4,15 +4,13 @@ import java.lang.reflect.InvocationHandler;
|
|||||||
import java.lang.reflect.InvocationTargetException;
|
import java.lang.reflect.InvocationTargetException;
|
||||||
import java.lang.reflect.Method;
|
import java.lang.reflect.Method;
|
||||||
import java.sql.Connection;
|
import java.sql.Connection;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
|
||||||
import org.owasp.webgoat.container.users.WebGoatUser;
|
import org.owasp.webgoat.container.users.WebGoatUser;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Handler which sets the correct schema for the currently bounded user. This way users are not
|
* Handler which sets the correct schema for the currently bounded user. This way users are not
|
||||||
* seeing each other data and we can reset data for just one particular user.
|
* seeing each other data, and we can reset data for just one particular user.
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
|
||||||
public class LessonConnectionInvocationHandler implements InvocationHandler {
|
public class LessonConnectionInvocationHandler implements InvocationHandler {
|
||||||
|
|
||||||
private final Connection targetConnection;
|
private final Connection targetConnection;
|
||||||
|
@ -1,8 +1,20 @@
|
|||||||
package org.owasp.webgoat.container.users;
|
package org.owasp.webgoat.container.users;
|
||||||
|
|
||||||
import java.util.*;
|
import jakarta.persistence.CascadeType;
|
||||||
|
import jakarta.persistence.Entity;
|
||||||
|
import jakarta.persistence.FetchType;
|
||||||
|
import jakarta.persistence.GeneratedValue;
|
||||||
|
import jakarta.persistence.GenerationType;
|
||||||
|
import jakarta.persistence.Id;
|
||||||
|
import jakarta.persistence.OneToMany;
|
||||||
|
import jakarta.persistence.Version;
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Optional;
|
||||||
|
import java.util.Set;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
import javax.persistence.*;
|
import lombok.EqualsAndHashCode;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import org.owasp.webgoat.container.lessons.Assignment;
|
import org.owasp.webgoat.container.lessons.Assignment;
|
||||||
import org.owasp.webgoat.container.lessons.Lesson;
|
import org.owasp.webgoat.container.lessons.Lesson;
|
||||||
@ -39,10 +51,11 @@ import org.owasp.webgoat.container.lessons.Lesson;
|
|||||||
* @since October 29, 2003
|
* @since October 29, 2003
|
||||||
*/
|
*/
|
||||||
@Entity
|
@Entity
|
||||||
|
@EqualsAndHashCode
|
||||||
public class LessonTracker {
|
public class LessonTracker {
|
||||||
|
|
||||||
@Id
|
@Id
|
||||||
@GeneratedValue(strategy = GenerationType.AUTO)
|
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||||
private Long id;
|
private Long id;
|
||||||
|
|
||||||
@Getter private String lessonName;
|
@Getter private String lessonName;
|
||||||
|
@ -1,11 +1,10 @@
|
|||||||
package org.owasp.webgoat.container.users;
|
package org.owasp.webgoat.container.users;
|
||||||
|
|
||||||
import javax.servlet.ServletException;
|
import jakarta.servlet.ServletException;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import javax.validation.Valid;
|
import jakarta.validation.Valid;
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.validation.BindingResult;
|
import org.springframework.validation.BindingResult;
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
@ -23,7 +22,6 @@ public class RegistrationController {
|
|||||||
|
|
||||||
private UserValidator userValidator;
|
private UserValidator userValidator;
|
||||||
private UserService userService;
|
private UserService userService;
|
||||||
private AuthenticationManager authenticationManager;
|
|
||||||
|
|
||||||
@GetMapping("/registration")
|
@GetMapping("/registration")
|
||||||
public String showForm(UserForm userForm) {
|
public String showForm(UserForm userForm) {
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
package org.owasp.webgoat.container.users;
|
package org.owasp.webgoat.container.users;
|
||||||
|
|
||||||
import javax.validation.constraints.NotNull;
|
import jakarta.validation.constraints.NotNull;
|
||||||
import javax.validation.constraints.Pattern;
|
import jakarta.validation.constraints.Pattern;
|
||||||
import javax.validation.constraints.Size;
|
import jakarta.validation.constraints.Size;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import lombok.Setter;
|
import lombok.Setter;
|
||||||
|
|
||||||
|
@ -1,11 +1,19 @@
|
|||||||
package org.owasp.webgoat.container.users;
|
package org.owasp.webgoat.container.users;
|
||||||
|
|
||||||
|
import jakarta.persistence.CascadeType;
|
||||||
|
import jakarta.persistence.Column;
|
||||||
|
import jakarta.persistence.Entity;
|
||||||
|
import jakarta.persistence.FetchType;
|
||||||
|
import jakarta.persistence.GeneratedValue;
|
||||||
|
import jakarta.persistence.GenerationType;
|
||||||
|
import jakarta.persistence.Id;
|
||||||
|
import jakarta.persistence.OneToMany;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Optional;
|
import java.util.Optional;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
import javax.persistence.*;
|
import lombok.EqualsAndHashCode;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.owasp.webgoat.container.lessons.Assignment;
|
import org.owasp.webgoat.container.lessons.Assignment;
|
||||||
import org.owasp.webgoat.container.lessons.Lesson;
|
import org.owasp.webgoat.container.lessons.Lesson;
|
||||||
@ -43,10 +51,11 @@ import org.owasp.webgoat.container.lessons.Lesson;
|
|||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
@Entity
|
@Entity
|
||||||
|
@EqualsAndHashCode
|
||||||
public class UserTracker {
|
public class UserTracker {
|
||||||
|
|
||||||
@Id
|
@Id
|
||||||
@GeneratedValue(strategy = GenerationType.AUTO)
|
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||||
private Long id;
|
private Long id;
|
||||||
|
|
||||||
@Column(name = "username")
|
@Column(name = "username")
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
package org.owasp.webgoat.container.users;
|
package org.owasp.webgoat.container.users;
|
||||||
|
|
||||||
|
import jakarta.persistence.Entity;
|
||||||
|
import jakarta.persistence.Id;
|
||||||
|
import jakarta.persistence.Transient;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import javax.persistence.Entity;
|
|
||||||
import javax.persistence.Id;
|
|
||||||
import javax.persistence.Transient;
|
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
|
@ -22,13 +22,13 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.authbypass;
|
package org.owasp.webgoat.lessons.authbypass;
|
||||||
|
|
||||||
|
import jakarta.servlet.ServletException;
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import javax.servlet.ServletException;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||||
|
@ -26,8 +26,6 @@ import lombok.AllArgsConstructor;
|
|||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||||
import org.owasp.webgoat.container.session.WebSession;
|
import org.owasp.webgoat.container.session.WebSession;
|
||||||
import org.owasp.webgoat.container.users.UserTracker;
|
|
||||||
import org.owasp.webgoat.container.users.UserTrackerRepository;
|
|
||||||
import org.springframework.http.MediaType;
|
import org.springframework.http.MediaType;
|
||||||
import org.springframework.web.bind.annotation.PostMapping;
|
import org.springframework.web.bind.annotation.PostMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestParam;
|
import org.springframework.web.bind.annotation.RequestParam;
|
||||||
@ -38,25 +36,17 @@ import org.springframework.web.bind.annotation.RestController;
|
|||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
public class FlagController extends AssignmentEndpoint {
|
public class FlagController extends AssignmentEndpoint {
|
||||||
|
|
||||||
private final UserTrackerRepository userTrackerRepository;
|
|
||||||
private final WebSession webSession;
|
private final WebSession webSession;
|
||||||
private final Flags flags;
|
private final Flags flags;
|
||||||
|
|
||||||
@PostMapping(path = "/challenge/flag", produces = MediaType.APPLICATION_JSON_VALUE)
|
@PostMapping(path = "/challenge/flag", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public AttackResult postFlag(@RequestParam String flag) {
|
public AttackResult postFlag(@RequestParam String flag) {
|
||||||
UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());
|
|
||||||
Flag expectedFlag = flags.getFlag(webSession.getCurrentLesson());
|
Flag expectedFlag = flags.getFlag(webSession.getCurrentLesson());
|
||||||
final AttackResult attackResult;
|
|
||||||
if (expectedFlag.isCorrect(flag)) {
|
if (expectedFlag.isCorrect(flag)) {
|
||||||
userTracker.assignmentSolved(
|
return success(this).feedback("challenge.flag.correct").build();
|
||||||
webSession.getCurrentLesson(), "Assignment" + expectedFlag.number());
|
|
||||||
attackResult = success(this).feedback("challenge.flag.correct").build();
|
|
||||||
} else {
|
} else {
|
||||||
userTracker.assignmentFailed(webSession.getCurrentLesson());
|
return failed(this).feedback("challenge.flag.incorrect").build();
|
||||||
attackResult = failed(this).feedback("challenge.flag.incorrect").build();
|
}
|
||||||
}
|
|
||||||
userTrackerRepository.save(userTracker);
|
|
||||||
return attackResult;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
package org.owasp.webgoat.lessons.challenges.challenge7;
|
package org.owasp.webgoat.lessons.challenges.challenge7;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.net.URISyntaxException;
|
import java.net.URISyntaxException;
|
||||||
import java.time.LocalDateTime;
|
import java.time.LocalDateTime;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
package org.owasp.webgoat.lessons.challenges.challenge8;
|
package org.owasp.webgoat.lessons.challenges.challenge8;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
|
@ -22,6 +22,7 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.clientsidefiltering;
|
package org.owasp.webgoat.lessons.clientsidefiltering;
|
||||||
|
|
||||||
|
import jakarta.annotation.PostConstruct;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.io.FileOutputStream;
|
import java.io.FileOutputStream;
|
||||||
@ -31,7 +32,6 @@ import java.util.ArrayList;
|
|||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import javax.annotation.PostConstruct;
|
|
||||||
import javax.xml.xpath.XPath;
|
import javax.xml.xpath.XPath;
|
||||||
import javax.xml.xpath.XPathConstants;
|
import javax.xml.xpath.XPathConstants;
|
||||||
import javax.xml.xpath.XPathExpressionException;
|
import javax.xml.xpath.XPathExpressionException;
|
||||||
|
@ -22,9 +22,9 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.cryptography;
|
package org.owasp.webgoat.lessons.cryptography;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.util.Base64;
|
import java.util.Base64;
|
||||||
import java.util.Random;
|
import java.util.Random;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||||
import org.springframework.http.MediaType;
|
import org.springframework.http.MediaType;
|
||||||
|
@ -22,10 +22,10 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.cryptography;
|
package org.owasp.webgoat.lessons.cryptography;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.security.MessageDigest;
|
import java.security.MessageDigest;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.Random;
|
import java.util.Random;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.xml.bind.DatatypeConverter;
|
import javax.xml.bind.DatatypeConverter;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||||
|
@ -22,11 +22,11 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.cryptography;
|
package org.owasp.webgoat.lessons.cryptography;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.KeyPair;
|
import java.security.KeyPair;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.interfaces.RSAPublicKey;
|
import java.security.interfaces.RSAPublicKey;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.xml.bind.DatatypeConverter;
|
import javax.xml.bind.DatatypeConverter;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
|
@ -24,11 +24,11 @@ package org.owasp.webgoat.lessons.csrf;
|
|||||||
|
|
||||||
import com.fasterxml.jackson.databind.DeserializationFeature;
|
import com.fasterxml.jackson.databind.DeserializationFeature;
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
|
import jakarta.servlet.http.Cookie;
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
import javax.servlet.http.Cookie;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import org.apache.commons.lang3.exception.ExceptionUtils;
|
import org.apache.commons.lang3.exception.ExceptionUtils;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||||
|
@ -22,10 +22,10 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.csrf;
|
package org.owasp.webgoat.lessons.csrf;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Random;
|
import java.util.Random;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import org.owasp.webgoat.container.i18n.PluginMessages;
|
import org.owasp.webgoat.container.i18n.PluginMessages;
|
||||||
import org.owasp.webgoat.container.session.UserSessionData;
|
import org.owasp.webgoat.container.session.UserSessionData;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.csrf;
|
package org.owasp.webgoat.lessons.csrf;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||||
|
@ -25,6 +25,7 @@ package org.owasp.webgoat.lessons.csrf;
|
|||||||
import static org.springframework.http.MediaType.ALL_VALUE;
|
import static org.springframework.http.MediaType.ALL_VALUE;
|
||||||
|
|
||||||
import com.google.common.collect.Lists;
|
import com.google.common.collect.Lists;
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.time.LocalDateTime;
|
import java.time.LocalDateTime;
|
||||||
import java.time.format.DateTimeFormatter;
|
import java.time.format.DateTimeFormatter;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
@ -32,7 +33,6 @@ import java.util.Collection;
|
|||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||||
|
@ -22,8 +22,8 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.hijacksession;
|
package org.owasp.webgoat.lessons.hijacksession;
|
||||||
|
|
||||||
import javax.servlet.http.Cookie;
|
import jakarta.servlet.http.Cookie;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import jakarta.servlet.http.HttpServletResponse;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.httpproxies;
|
package org.owasp.webgoat.lessons.httpproxies;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||||
import org.springframework.http.HttpMethod;
|
import org.springframework.http.HttpMethod;
|
||||||
|
@ -22,9 +22,9 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.idor;
|
package org.owasp.webgoat.lessons.idor;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletResponse;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||||
|
@ -31,14 +31,14 @@ import io.jsonwebtoken.Jwt;
|
|||||||
import io.jsonwebtoken.JwtException;
|
import io.jsonwebtoken.JwtException;
|
||||||
import io.jsonwebtoken.Jwts;
|
import io.jsonwebtoken.Jwts;
|
||||||
import io.jsonwebtoken.impl.TextCodec;
|
import io.jsonwebtoken.impl.TextCodec;
|
||||||
|
import jakarta.annotation.PostConstruct;
|
||||||
|
import jakarta.servlet.http.Cookie;
|
||||||
|
import jakarta.servlet.http.HttpServletResponse;
|
||||||
import java.time.Duration;
|
import java.time.Duration;
|
||||||
import java.time.Instant;
|
import java.time.Instant;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import javax.annotation.PostConstruct;
|
|
||||||
import javax.servlet.http.Cookie;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||||
|
@ -22,10 +22,10 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.logging;
|
package org.owasp.webgoat.lessons.logging;
|
||||||
|
|
||||||
|
import jakarta.annotation.PostConstruct;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.util.Base64;
|
import java.util.Base64;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
import javax.annotation.PostConstruct;
|
|
||||||
import org.apache.logging.log4j.util.Strings;
|
import org.apache.logging.log4j.util.Strings;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||||
|
@ -22,8 +22,8 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.passwordreset;
|
package org.owasp.webgoat.lessons.passwordreset;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
package org.owasp.webgoat.lessons.passwordreset.resetlink;
|
package org.owasp.webgoat.lessons.passwordreset.resetlink;
|
||||||
|
|
||||||
import javax.validation.constraints.NotNull;
|
import jakarta.validation.constraints.NotNull;
|
||||||
import javax.validation.constraints.Size;
|
import jakarta.validation.constraints.Size;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import lombok.Setter;
|
import lombok.Setter;
|
||||||
|
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
package org.owasp.webgoat.lessons.pathtraversal;
|
package org.owasp.webgoat.lessons.pathtraversal;
|
||||||
|
|
||||||
|
import jakarta.annotation.PostConstruct;
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileOutputStream;
|
import java.io.FileOutputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
@ -8,8 +10,6 @@ import java.net.URI;
|
|||||||
import java.net.URISyntaxException;
|
import java.net.URISyntaxException;
|
||||||
import java.nio.file.Files;
|
import java.nio.file.Files;
|
||||||
import java.util.Base64;
|
import java.util.Base64;
|
||||||
import javax.annotation.PostConstruct;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.apache.commons.lang3.RandomUtils;
|
import org.apache.commons.lang3.RandomUtils;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
|
@ -22,9 +22,9 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.spoofcookie;
|
package org.owasp.webgoat.lessons.spoofcookie;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.Cookie;
|
||||||
|
import jakarta.servlet.http.HttpServletResponse;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import javax.servlet.http.Cookie;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||||
|
@ -22,11 +22,11 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.sqlinjection.introduction;
|
package org.owasp.webgoat.lessons.sqlinjection.introduction;
|
||||||
|
|
||||||
|
import jakarta.annotation.PostConstruct;
|
||||||
import java.sql.Connection;
|
import java.sql.Connection;
|
||||||
import java.sql.ResultSet;
|
import java.sql.ResultSet;
|
||||||
import java.sql.SQLException;
|
import java.sql.SQLException;
|
||||||
import java.sql.Statement;
|
import java.sql.Statement;
|
||||||
import javax.annotation.PostConstruct;
|
|
||||||
import org.owasp.webgoat.container.LessonDataSource;
|
import org.owasp.webgoat.container.LessonDataSource;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||||
|
@ -22,9 +22,9 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.sqlinjection.introduction;
|
package org.owasp.webgoat.lessons.sqlinjection.introduction;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.sql.*;
|
import java.sql.*;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import org.owasp.webgoat.container.LessonDataSource;
|
import org.owasp.webgoat.container.LessonDataSource;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
import org.owasp.webgoat.container.assignments.AssignmentHints;
|
||||||
|
@ -22,9 +22,9 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.webwolfintroduction;
|
package org.owasp.webgoat.lessons.webwolfintroduction;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.net.URISyntaxException;
|
import java.net.URISyntaxException;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||||
|
@ -22,8 +22,8 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.xss;
|
package org.owasp.webgoat.lessons.xss;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
import org.owasp.webgoat.container.assignments.AttackResult;
|
import org.owasp.webgoat.container.assignments.AttackResult;
|
||||||
import org.owasp.webgoat.container.session.UserSessionData;
|
import org.owasp.webgoat.container.session.UserSessionData;
|
||||||
|
@ -22,7 +22,8 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.lessons.xxe;
|
package org.owasp.webgoat.lessons.xxe;
|
||||||
|
|
||||||
import javax.xml.bind.annotation.XmlRootElement;
|
import jakarta.xml.bind.annotation.XmlRootElement;
|
||||||
|
import jakarta.xml.bind.annotation.XmlType;
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import lombok.NoArgsConstructor;
|
import lombok.NoArgsConstructor;
|
||||||
@ -37,7 +38,8 @@ import lombok.ToString;
|
|||||||
@Setter
|
@Setter
|
||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
@NoArgsConstructor
|
@NoArgsConstructor
|
||||||
@XmlRootElement
|
@XmlRootElement(name = "comment")
|
||||||
|
@XmlType
|
||||||
@ToString
|
@ToString
|
||||||
public class Comment {
|
public class Comment {
|
||||||
private String user;
|
private String user;
|
||||||
|
@ -26,6 +26,8 @@ import static java.util.Optional.empty;
|
|||||||
import static java.util.Optional.of;
|
import static java.util.Optional.of;
|
||||||
|
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
|
import jakarta.xml.bind.JAXBContext;
|
||||||
|
import jakarta.xml.bind.JAXBException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.StringReader;
|
import java.io.StringReader;
|
||||||
import java.time.LocalDateTime;
|
import java.time.LocalDateTime;
|
||||||
@ -36,8 +38,6 @@ import java.util.HashMap;
|
|||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Optional;
|
import java.util.Optional;
|
||||||
import javax.xml.XMLConstants;
|
import javax.xml.XMLConstants;
|
||||||
import javax.xml.bind.JAXBContext;
|
|
||||||
import javax.xml.bind.JAXBException;
|
|
||||||
import javax.xml.stream.XMLInputFactory;
|
import javax.xml.stream.XMLInputFactory;
|
||||||
import javax.xml.stream.XMLStreamException;
|
import javax.xml.stream.XMLStreamException;
|
||||||
import org.owasp.webgoat.container.session.WebSession;
|
import org.owasp.webgoat.container.session.WebSession;
|
||||||
@ -93,7 +93,7 @@ public class CommentsCache {
|
|||||||
* progress etc). In real life the XmlMapper bean defined above will be used automatically and the
|
* progress etc). In real life the XmlMapper bean defined above will be used automatically and the
|
||||||
* Comment class can be directly used in the controller method (instead of a String)
|
* Comment class can be directly used in the controller method (instead of a String)
|
||||||
*/
|
*/
|
||||||
protected Comment parseXml(String xml) throws JAXBException, XMLStreamException {
|
protected Comment parseXml(String xml) throws XMLStreamException, JAXBException {
|
||||||
var jc = JAXBContext.newInstance(Comment.class);
|
var jc = JAXBContext.newInstance(Comment.class);
|
||||||
var xif = XMLInputFactory.newInstance();
|
var xif = XMLInputFactory.newInstance();
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ package org.owasp.webgoat.lessons.xxe;
|
|||||||
|
|
||||||
import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
|
import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import org.apache.commons.exec.OS;
|
import org.apache.commons.exec.OS;
|
||||||
import org.apache.commons.lang3.exception.ExceptionUtils;
|
import org.apache.commons.lang3.exception.ExceptionUtils;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
@ -60,8 +60,7 @@ public class ContentTypeAssignment extends AssignmentEndpoint {
|
|||||||
public AttackResult createNewUser(
|
public AttackResult createNewUser(
|
||||||
HttpServletRequest request,
|
HttpServletRequest request,
|
||||||
@RequestBody String commentStr,
|
@RequestBody String commentStr,
|
||||||
@RequestHeader("Content-Type") String contentType)
|
@RequestHeader("Content-Type") String contentType) {
|
||||||
throws Exception {
|
|
||||||
AttackResult attackResult = failed(this).build();
|
AttackResult attackResult = failed(this).build();
|
||||||
|
|
||||||
if (APPLICATION_JSON_VALUE.equals(contentType)) {
|
if (APPLICATION_JSON_VALUE.equals(contentType)) {
|
||||||
|
@ -25,7 +25,7 @@ package org.owasp.webgoat.lessons.xxe;
|
|||||||
import static org.springframework.http.MediaType.ALL_VALUE;
|
import static org.springframework.http.MediaType.ALL_VALUE;
|
||||||
import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
|
import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import org.apache.commons.exec.OS;
|
import org.apache.commons.exec.OS;
|
||||||
import org.apache.commons.lang3.exception.ExceptionUtils;
|
import org.apache.commons.lang3.exception.ExceptionUtils;
|
||||||
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
|
||||||
|
@ -24,10 +24,10 @@ package org.owasp.webgoat.webwolf;
|
|||||||
|
|
||||||
import static org.springframework.http.MediaType.ALL_VALUE;
|
import static org.springframework.http.MediaType.ALL_VALUE;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
@ -22,8 +22,8 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.webwolf;
|
package org.owasp.webgoat.webwolf;
|
||||||
|
|
||||||
|
import jakarta.annotation.PostConstruct;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import javax.annotation.PostConstruct;
|
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
|
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
|
||||||
|
@ -29,54 +29,49 @@ import org.springframework.context.annotation.Configuration;
|
|||||||
import org.springframework.http.HttpMethod;
|
import org.springframework.http.HttpMethod;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
|
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
|
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
|
|
||||||
/** Security configuration for WebGoat. */
|
/** Security configuration for WebWolf. */
|
||||||
@Configuration
|
@Configuration
|
||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
public class WebSecurityConfig {
|
||||||
|
|
||||||
private final UserService userDetailsService;
|
private final UserService userDetailsService;
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security =
|
http.authorizeHttpRequests(
|
||||||
http.authorizeRequests()
|
auth -> auth.requestMatchers(HttpMethod.POST, "/fileupload").authenticated());
|
||||||
.antMatchers(HttpMethod.POST, "/fileupload")
|
http.authorizeHttpRequests(
|
||||||
.authenticated()
|
auth ->
|
||||||
.antMatchers(HttpMethod.GET, "/files", "/mail", "/requests")
|
auth.requestMatchers(HttpMethod.GET, "/files", "/mail", "/requests").authenticated());
|
||||||
.authenticated()
|
http.authorizeHttpRequests().anyRequest().permitAll();
|
||||||
.and()
|
http.csrf().disable().formLogin().loginPage("/login").failureUrl("/login?error=true");
|
||||||
.authorizeRequests()
|
http.formLogin().loginPage("/login").defaultSuccessUrl("/home", true).permitAll();
|
||||||
.anyRequest()
|
http.logout().permitAll();
|
||||||
.permitAll();
|
return http.build();
|
||||||
|
|
||||||
security.and().csrf().disable().formLogin().loginPage("/login").failureUrl("/login?error=true");
|
|
||||||
security.and().formLogin().loginPage("/login").defaultSuccessUrl("/home", true).permitAll();
|
|
||||||
security.and().logout().permitAll();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
|
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
|
||||||
auth.userDetailsService(userDetailsService); // .passwordEncoder(bCryptPasswordEncoder());
|
auth.userDetailsService(userDetailsService);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Override
|
public UserDetailsService userDetailsServiceBean() {
|
||||||
public UserDetailsService userDetailsServiceBean() throws Exception {
|
|
||||||
return userDetailsService;
|
return userDetailsService;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
@Bean
|
@Bean
|
||||||
protected AuthenticationManager authenticationManager() throws Exception {
|
public AuthenticationManager authenticationManager(
|
||||||
return super.authenticationManager();
|
AuthenticationConfiguration authenticationConfiguration) throws Exception {
|
||||||
|
return authenticationConfiguration.getAuthenticationManager();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
package org.owasp.webgoat.webwolf;
|
package org.owasp.webgoat.webwolf;
|
||||||
|
|
||||||
import org.owasp.webgoat.webwolf.requests.WebWolfTraceRepository;
|
import org.owasp.webgoat.webwolf.requests.WebWolfTraceRepository;
|
||||||
import org.springframework.boot.actuate.trace.http.HttpTraceRepository;
|
import org.springframework.boot.actuate.web.exchanges.HttpExchangeRepository;
|
||||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.ComponentScan;
|
import org.springframework.context.annotation.ComponentScan;
|
||||||
@ -37,7 +37,7 @@ import org.springframework.context.annotation.PropertySource;
|
|||||||
public class WebWolf {
|
public class WebWolf {
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public HttpTraceRepository traceRepository() {
|
public HttpExchangeRepository traceRepository() {
|
||||||
return new WebWolfTraceRepository();
|
return new WebWolfTraceRepository();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -23,10 +23,14 @@
|
|||||||
package org.owasp.webgoat.webwolf.mailbox;
|
package org.owasp.webgoat.webwolf.mailbox;
|
||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||||
|
import jakarta.persistence.Column;
|
||||||
|
import jakarta.persistence.Entity;
|
||||||
|
import jakarta.persistence.GeneratedValue;
|
||||||
|
import jakarta.persistence.GenerationType;
|
||||||
|
import jakarta.persistence.Id;
|
||||||
import java.io.Serializable;
|
import java.io.Serializable;
|
||||||
import java.time.LocalDateTime;
|
import java.time.LocalDateTime;
|
||||||
import java.time.format.DateTimeFormatter;
|
import java.time.format.DateTimeFormatter;
|
||||||
import javax.persistence.*;
|
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
import lombok.Builder;
|
import lombok.Builder;
|
||||||
import lombok.Data;
|
import lombok.Data;
|
||||||
|
@ -24,7 +24,6 @@ package org.owasp.webgoat.webwolf.mailbox;
|
|||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
|
||||||
import org.springframework.http.HttpStatus;
|
import org.springframework.http.HttpStatus;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
@ -38,7 +37,6 @@ import org.springframework.web.servlet.ModelAndView;
|
|||||||
|
|
||||||
@RestController
|
@RestController
|
||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
@Slf4j
|
|
||||||
public class MailboxController {
|
public class MailboxController {
|
||||||
|
|
||||||
private final MailboxRepository mailboxRepository;
|
private final MailboxRepository mailboxRepository;
|
||||||
|
@ -22,8 +22,8 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.webwolf.requests;
|
package org.owasp.webgoat.webwolf.requests;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
import java.util.concurrent.Callable;
|
import java.util.concurrent.Callable;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
|
@ -32,8 +32,7 @@ import lombok.Getter;
|
|||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.springframework.boot.actuate.trace.http.HttpTrace;
|
import org.springframework.boot.actuate.web.exchanges.HttpExchange;
|
||||||
import org.springframework.boot.actuate.trace.http.HttpTrace.Request;
|
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
@ -78,8 +77,8 @@ public class Requests {
|
|||||||
return model;
|
return model;
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean allowedTrace(HttpTrace t, UserDetails user) {
|
private boolean allowedTrace(HttpExchange t, UserDetails user) {
|
||||||
Request req = t.getRequest();
|
HttpExchange.Request req = t.getRequest();
|
||||||
boolean allowed = true;
|
boolean allowed = true;
|
||||||
/* do not show certain traces to other users in a classroom setup */
|
/* do not show certain traces to other users in a classroom setup */
|
||||||
if (req.getUri().getPath().contains("/files")
|
if (req.getUri().getPath().contains("/files")
|
||||||
@ -95,11 +94,11 @@ public class Requests {
|
|||||||
return allowed;
|
return allowed;
|
||||||
}
|
}
|
||||||
|
|
||||||
private String path(HttpTrace t) {
|
private String path(HttpExchange t) {
|
||||||
return (String) t.getRequest().getUri().getPath();
|
return (String) t.getRequest().getUri().getPath();
|
||||||
}
|
}
|
||||||
|
|
||||||
private String toJsonString(HttpTrace t) {
|
private String toJsonString(HttpExchange t) {
|
||||||
try {
|
try {
|
||||||
return objectMapper.writeValueAsString(t);
|
return objectMapper.writeValueAsString(t);
|
||||||
} catch (JsonProcessingException e) {
|
} catch (JsonProcessingException e) {
|
||||||
|
@ -26,8 +26,8 @@ import com.google.common.collect.EvictingQueue;
|
|||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.springframework.boot.actuate.trace.http.HttpTrace;
|
import org.springframework.boot.actuate.web.exchanges.HttpExchange;
|
||||||
import org.springframework.boot.actuate.trace.http.HttpTraceRepository;
|
import org.springframework.boot.actuate.web.exchanges.HttpExchangeRepository;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Keep track of all the incoming requests, we are only keeping track of request originating from
|
* Keep track of all the incoming requests, we are only keeping track of request originating from
|
||||||
@ -37,9 +37,9 @@ import org.springframework.boot.actuate.trace.http.HttpTraceRepository;
|
|||||||
* @since 8/13/17.
|
* @since 8/13/17.
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public class WebWolfTraceRepository implements HttpTraceRepository {
|
public class WebWolfTraceRepository implements HttpExchangeRepository {
|
||||||
|
|
||||||
private final EvictingQueue<HttpTrace> traces = EvictingQueue.create(10000);
|
private final EvictingQueue<HttpExchange> traces = EvictingQueue.create(10000);
|
||||||
private final List<String> exclusionList =
|
private final List<String> exclusionList =
|
||||||
List.of(
|
List.of(
|
||||||
"/tmpdir",
|
"/tmpdir",
|
||||||
@ -54,11 +54,11 @@ public class WebWolfTraceRepository implements HttpTraceRepository {
|
|||||||
"/mail");
|
"/mail");
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<HttpTrace> findAll() {
|
public List<HttpExchange> findAll() {
|
||||||
return List.of();
|
return List.of();
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<HttpTrace> findAllTraces() {
|
public List<HttpExchange> findAllTraces() {
|
||||||
return new ArrayList<>(traces);
|
return new ArrayList<>(traces);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -67,7 +67,7 @@ public class WebWolfTraceRepository implements HttpTraceRepository {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void add(HttpTrace httpTrace) {
|
public void add(HttpExchange httpTrace) {
|
||||||
var path = httpTrace.getRequest().getUri().getPath();
|
var path = httpTrace.getRequest().getUri().getPath();
|
||||||
if (!isInExclusionList(path)) {
|
if (!isInExclusionList(path)) {
|
||||||
traces.add(httpTrace);
|
traces.add(httpTrace);
|
||||||
|
@ -22,11 +22,11 @@
|
|||||||
|
|
||||||
package org.owasp.webgoat.webwolf.user;
|
package org.owasp.webgoat.webwolf.user;
|
||||||
|
|
||||||
|
import jakarta.persistence.Entity;
|
||||||
|
import jakarta.persistence.Id;
|
||||||
|
import jakarta.persistence.Transient;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import javax.persistence.Entity;
|
|
||||||
import javax.persistence.Id;
|
|
||||||
import javax.persistence.Transient;
|
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
|
@ -13,11 +13,12 @@ server.ssl.key-store-password=${WEBGOAT_KEYSTORE_PASSWORD:password}
|
|||||||
server.ssl.key-alias=${WEBGOAT_KEY_ALIAS:goat}
|
server.ssl.key-alias=${WEBGOAT_KEY_ALIAS:goat}
|
||||||
server.ssl.enabled=${WEBGOAT_SSLENABLED:false}
|
server.ssl.enabled=${WEBGOAT_SSLENABLED:false}
|
||||||
|
|
||||||
spring.datasource.url=jdbc:hsqldb:file:${webgoat.server.directory}/webgoat
|
|
||||||
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.HSQLDialect
|
|
||||||
spring.datasource.driver-class-name=org.hsqldb.jdbc.JDBCDriver
|
|
||||||
spring.jpa.properties.hibernate.default_schema=CONTAINER
|
|
||||||
spring.banner.location=classpath:banner.txt
|
spring.banner.location=classpath:banner.txt
|
||||||
|
spring.datasource.url=jdbc:hsqldb:file:${webgoat.server.directory}/webgoat
|
||||||
|
spring.datasource.driver-class-name=org.hsqldb.jdbc.JDBCDriver
|
||||||
|
spring.jpa.open-in-view=false
|
||||||
|
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.HSQLDialect
|
||||||
|
spring.jpa.properties.hibernate.default_schema=CONTAINER
|
||||||
|
|
||||||
logging.level.org.thymeleaf=INFO
|
logging.level.org.thymeleaf=INFO
|
||||||
logging.level.org.thymeleaf.TemplateEngine.CONFIG=INFO
|
logging.level.org.thymeleaf.TemplateEngine.CONFIG=INFO
|
||||||
@ -28,6 +29,7 @@ logging.level.org.springframework=INFO
|
|||||||
logging.level.org.springframework.boot.devtools=INFO
|
logging.level.org.springframework.boot.devtools=INFO
|
||||||
logging.level.org.owasp=DEBUG
|
logging.level.org.owasp=DEBUG
|
||||||
logging.level.org.owasp.webgoat=DEBUG
|
logging.level.org.owasp.webgoat=DEBUG
|
||||||
|
logging.level.org.hidbernate.SQL=DEBUG
|
||||||
|
|
||||||
webgoat.server.directory=${user.home}/.webgoat-${webgoat.build.version}/
|
webgoat.server.directory=${user.home}/.webgoat-${webgoat.build.version}/
|
||||||
webgoat.user.directory=${user.home}/.webgoat-${webgoat.build.version}/
|
webgoat.user.directory=${user.home}/.webgoat-${webgoat.build.version}/
|
||||||
@ -51,11 +53,11 @@ spring.jackson.serialization.write-dates-as-timestamps=false
|
|||||||
#For static file refresh ... and faster dev :D
|
#For static file refresh ... and faster dev :D
|
||||||
spring.devtools.restart.additional-paths=webgoat-container/src/main/resources/static/js,webgoat-container/src/main/resources/static/css
|
spring.devtools.restart.additional-paths=webgoat-container/src/main/resources/static/js,webgoat-container/src/main/resources/static/css
|
||||||
|
|
||||||
exclude.categories=${EXCLUDE_CATEGORIES:none,none}
|
|
||||||
#exclude based on the enum of the Category
|
#exclude based on the enum of the Category
|
||||||
|
exclude.categories=${EXCLUDE_CATEGORIES:none,none}
|
||||||
|
|
||||||
exclude.lessons=${EXCLUDE_LESSONS:none,none}
|
|
||||||
#exclude based on the class name of a lesson e.g.: LessonTemplate
|
#exclude based on the class name of a lesson e.g.: LessonTemplate
|
||||||
|
exclude.lessons=${EXCLUDE_LESSONS:none,none}
|
||||||
|
|
||||||
management.health.db.enabled=true
|
management.health.db.enabled=true
|
||||||
management.endpoint.health.show-details=always
|
management.endpoint.health.show-details=always
|
||||||
|
@ -18,6 +18,7 @@ spring.datasource.url=jdbc:hsqldb:file:${webgoat.server.directory}/webgoat
|
|||||||
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.HSQLDialect
|
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.HSQLDialect
|
||||||
spring.datasource.driver-class-name=org.hsqldb.jdbc.JDBCDriver
|
spring.datasource.driver-class-name=org.hsqldb.jdbc.JDBCDriver
|
||||||
spring.jpa.properties.hibernate.default_schema=CONTAINER
|
spring.jpa.properties.hibernate.default_schema=CONTAINER
|
||||||
|
spring.jpa.open-in-view=false
|
||||||
spring.messages.basename=i18n/messages
|
spring.messages.basename=i18n/messages
|
||||||
spring.jmx.enabled=false
|
spring.jmx.enabled=false
|
||||||
|
|
||||||
@ -26,7 +27,7 @@ logging.level.org.springframework.boot.devtools=WARN
|
|||||||
logging.level.org.owasp=DEBUG
|
logging.level.org.owasp=DEBUG
|
||||||
logging.level.org.owasp.webwolf=TRACE
|
logging.level.org.owasp.webwolf=TRACE
|
||||||
|
|
||||||
management.trace.http.include=REQUEST_HEADERS,RESPONSE_HEADERS,COOKIE_HEADERS,TIME_TAKEN
|
management.httpexchanges.recording.include=REQUEST_HEADERS,RESPONSE_HEADERS,COOKIE_HEADERS,TIME_TAKEN
|
||||||
management.endpoint.httptrace.enabled=true
|
management.endpoint.httptrace.enabled=true
|
||||||
|
|
||||||
spring.thymeleaf.cache=false
|
spring.thymeleaf.cache=false
|
||||||
|
4
src/main/resources/db/container/V3__id.sql
Normal file
4
src/main/resources/db/container/V3__id.sql
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
ALTER TABLE CONTAINER.ASSIGNMENT ALTER COLUMN ID SET GENERATED BY DEFAULT AS IDENTITY(START WITH 1);
|
||||||
|
ALTER TABLE CONTAINER.LESSON_TRACKER ALTER COLUMN ID SET GENERATED BY DEFAULT AS IDENTITY(START WITH 1);
|
||||||
|
ALTER TABLE CONTAINER.USER_TRACKER ALTER COLUMN ID SET GENERATED BY DEFAULT AS IDENTITY(START WITH 1);
|
||||||
|
|
@ -4,14 +4,14 @@
|
|||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which go in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which go in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/authbypass/documentation/bypass-intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/authbypass/documentation/bypass-intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which go in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which go in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/authbypass/documentation/2fa-bypass.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/authbypass/documentation/2fa-bypass.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||||
@ -72,9 +72,9 @@
|
|||||||
<!-- reuse the above lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse the above lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<!--<div class="adoc-content" th:replace="doc:lessons/authbypass/documentation/lesson-template-video.adoc"></div>-->
|
<!--<div class="adoc-content" th:replace="~{doc:lessons/authbypass/documentation/lesson-template-video.adoc}"></div>-->
|
||||||
<!-- can use multiple adoc's in a page-wrapper if you want ... or not-->
|
<!-- can use multiple adoc's in a page-wrapper if you want ... or not-->
|
||||||
<!--<div class="adoc-content" th:replace="doc:lessons/authbypass/documentation/lesson-template-attack.adoc"></div>-->
|
<!--<div class="adoc-content" th:replace="~{doc:lessons/authbypass/documentation/lesson-template-attack.adoc}"></div>-->
|
||||||
|
|
||||||
<!-- WebGoat will automatically style and scaffold some functionality by using the div.attack-container as below -->
|
<!-- WebGoat will automatically style and scaffold some functionality by using the div.attack-container as below -->
|
||||||
|
|
||||||
|
@ -6,12 +6,12 @@
|
|||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here. Content will be presented via asciidocs files,
|
<!-- include content here. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/bypassrestrictions/documentation/BypassRestrictions_Intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/bypassrestrictions/documentation/BypassRestrictions_Intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<!-- stripped down without extra comments -->
|
<!-- stripped down without extra comments -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/bypassrestrictions/documentation/BypassRestrictions_FieldRestrictions.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/bypassrestrictions/documentation/BypassRestrictions_FieldRestrictions.adoc}"></div>
|
||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/bypass-restrictions.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/bypass-restrictions.css}"/>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
@ -59,7 +59,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/bypassrestrictions/documentation/BypassRestrictions_FrontendValidation.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/bypassrestrictions/documentation/BypassRestrictions_FrontendValidation.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_introduction.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/challenges/documentation/Challenge_introduction.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</html>
|
</html>
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_introduction.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/challenges/documentation/Challenge_introduction.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_5.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/challenges/documentation/Challenge_5.adoc}"></div>
|
||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge6.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge6.css}"/>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_6.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/challenges/documentation/Challenge_6.adoc}"></div>
|
||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge6.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge6.css}"/>
|
||||||
<script th:src="@{/lesson_js/challenge6.js}" language="JavaScript"></script>
|
<script th:src="@{/lesson_js/challenge6.js}" language="JavaScript"></script>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
|
@ -12,7 +12,7 @@ f94008f801fceb8833a30fe56a8b26976347edcf First version of WebGoat Cloud website
|
|||||||
|
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_7.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/challenges/documentation/Challenge_7.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<div class="container-fluid">
|
<div class="container-fluid">
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/challenges/documentation/Challenge_8.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/challenges/documentation/Challenge_8.adoc}"></div>
|
||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge8.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge8.css}"/>
|
||||||
<script th:src="@{/lesson_js/challenge8.js}" language="JavaScript"></script>
|
<script th:src="@{/lesson_js/challenge8.js}" language="JavaScript"></script>
|
||||||
|
|
||||||
|
@ -4,22 +4,22 @@
|
|||||||
|
|
||||||
<!-- 1 -->
|
<!-- 1 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/chromedevtools/documentation/ChromeDevTools_intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/chromedevtools/documentation/ChromeDevTools_intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- 2 -->
|
<!-- 2 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/chromedevtools/documentation/ChromeDevTools_elements.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/chromedevtools/documentation/ChromeDevTools_elements.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- 3 -->
|
<!-- 3 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/chromedevtools/documentation/ChromeDevTools_console.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/chromedevtools/documentation/ChromeDevTools_console.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- 4 -->
|
<!-- 4 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/chromedevtools/documentation/ChromeDevTools_Assignment.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/chromedevtools/documentation/ChromeDevTools_Assignment.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -35,12 +35,12 @@
|
|||||||
|
|
||||||
<!-- 5 -->
|
<!-- 5 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/chromedevtools/documentation/ChromeDevTools_sources.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/chromedevtools/documentation/ChromeDevTools_sources.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- 6 -->
|
<!-- 6 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/chromedevtools/documentation/ChromeDevTools_Assignment_Network.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/chromedevtools/documentation/ChromeDevTools_Assignment_Network.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
|
@ -3,19 +3,19 @@
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cia/documentation/CIA_intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cia/documentation/CIA_intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cia/documentation/CIA_confidentiality.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cia/documentation/CIA_confidentiality.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cia/documentation/CIA_integrity.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cia/documentation/CIA_integrity.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cia/documentation/CIA_availability.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cia/documentation/CIA_availability.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
@ -23,7 +23,7 @@
|
|||||||
<link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}"/>
|
||||||
<script th:src="@{/js/quiz.js}" language="JavaScript"></script>
|
<script th:src="@{/js/quiz.js}" language="JavaScript"></script>
|
||||||
<link rel="import" type="application/json" th:href="@{/lesson_js/questions.json}"/>
|
<link rel="import" type="application/json" th:href="@{/lesson_js/questions.json}"/>
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cia/documentation/CIA_quiz.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cia/documentation/CIA_quiz.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<div class="container-fluid">
|
<div class="container-fluid">
|
||||||
|
@ -2,10 +2,10 @@
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/clientsidefiltering/documentation/ClientSideFiltering_plan.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/clientsidefiltering/documentation/ClientSideFiltering_plan.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/clientsidefiltering/documentation/ClientSideFiltering_assignment.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/clientsidefiltering/documentation/ClientSideFiltering_assignment.adoc}"></div>
|
||||||
|
|
||||||
<br/>
|
<br/>
|
||||||
|
|
||||||
@ -74,7 +74,7 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/clientsidefiltering/documentation/ClientSideFiltering_final.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/clientsidefiltering/documentation/ClientSideFiltering_final.adoc}"></div>
|
||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/clientSideFilteringFree.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/clientSideFilteringFree.css}"/>
|
||||||
<script th:src="@{/lesson_js/clientSideFilteringFree.js}" language="JavaScript"></script>
|
<script th:src="@{/lesson_js/clientSideFilteringFree.js}" language="JavaScript"></script>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
|
@ -18,11 +18,11 @@ $(document).ready(initialise);
|
|||||||
<body>
|
<body>
|
||||||
<!-- 1. overview -->
|
<!-- 1. overview -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/Crypto_plan.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/Crypto_plan.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<!-- 2. encoding -->
|
<!-- 2. encoding -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/encoding_plan.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/encoding_plan.adoc}"></div>
|
||||||
<!-- 2. assignment -->
|
<!-- 2. assignment -->
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
@ -41,7 +41,7 @@ $(document).ready(initialise);
|
|||||||
</div>
|
</div>
|
||||||
<!-- 3. encoding xor -->
|
<!-- 3. encoding xor -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/encoding_plan2.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/encoding_plan2.adoc}"></div>
|
||||||
<!-- 3. assignment xor -->
|
<!-- 3. assignment xor -->
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
@ -58,7 +58,7 @@ $(document).ready(initialise);
|
|||||||
|
|
||||||
<!-- 4. hashing -->
|
<!-- 4. hashing -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/hashing_plan.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/hashing_plan.adoc}"></div>
|
||||||
<!-- 4. weak hashing exercise -->
|
<!-- 4. weak hashing exercise -->
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
@ -76,12 +76,12 @@ $(document).ready(initialise);
|
|||||||
|
|
||||||
<!-- 5. encryption -->
|
<!-- 5. encryption -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/encryption.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/encryption.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- 6. signing -->
|
<!-- 6. signing -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/signing.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/signing.adoc}"></div>
|
||||||
<!-- 6. assignment -->
|
<!-- 6. assignment -->
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
@ -101,12 +101,12 @@ $(document).ready(initialise);
|
|||||||
|
|
||||||
<!-- 7. keystores -->
|
<!-- 7. keystores -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/keystores.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/keystores.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- 8. security defaults -->
|
<!-- 8. security defaults -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/defaults.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/defaults.adoc}"></div>
|
||||||
<!-- 8. assignment -->
|
<!-- 8. assignment -->
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
@ -123,7 +123,7 @@ $(document).ready(initialise);
|
|||||||
</div>
|
</div>
|
||||||
<!-- 9. postquantum -->
|
<!-- 9. postquantum -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/cryptography/documentation/postquantum.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/cryptography/documentation/postquantum.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
@ -3,15 +3,15 @@
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_GET.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_GET.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_Get_Flag.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_Get_Flag.adoc}"></div>
|
||||||
|
|
||||||
<form accept-charset="UNKNOWN" id="basic-csrf-get"
|
<form accept-charset="UNKNOWN" id="basic-csrf-get"
|
||||||
method="POST" name="form1"
|
method="POST" name="form1"
|
||||||
@ -23,7 +23,7 @@
|
|||||||
|
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_Basic_Get-1.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_Basic_Get-1.adoc}"></div>
|
||||||
|
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
|
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
|
||||||
@ -54,7 +54,7 @@
|
|||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
|
|
||||||
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_Reviews.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_Reviews.adoc}"></div>
|
||||||
|
|
||||||
<!-- comment area -->
|
<!-- comment area -->
|
||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/reviews.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/reviews.css}"/>
|
||||||
@ -121,15 +121,15 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_Frameworks.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_Frameworks.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_JSON.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_JSON.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_ContentType.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_ContentType.adoc}"></div>
|
||||||
|
|
||||||
<script th:src="@{/lesson_js/feedback.js}" language="JavaScript"></script>
|
<script th:src="@{/lesson_js/feedback.js}" language="JavaScript"></script>
|
||||||
<div style="container-fluid; background-color: #f1f1f1; border: 2px solid #a66;
|
<div style="container-fluid; background-color: #f1f1f1; border: 2px solid #a66;
|
||||||
@ -227,7 +227,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_Login.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_Login.adoc}"></div>
|
||||||
|
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success">
|
<div class="assignment-success">
|
||||||
@ -251,7 +251,7 @@
|
|||||||
|
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/csrf/documentation/CSRF_Impact_Defense.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/csrf/documentation/CSRF_Impact_Defense.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
@ -3,24 +3,24 @@
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/deserialization/documentation/InsecureDeserialization_Intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/deserialization/documentation/InsecureDeserialization_Intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/deserialization/documentation/InsecureDeserialization_WhatIs.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/deserialization/documentation/InsecureDeserialization_WhatIs.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/deserialization/documentation/InsecureDeserialization_SimpleExploit.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/deserialization/documentation/InsecureDeserialization_SimpleExploit.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/deserialization/documentation/InsecureDeserialization_GadgetChain.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/deserialization/documentation/InsecureDeserialization_GadgetChain.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<!-- stripped down without extra comments -->
|
<!-- stripped down without extra comments -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/deserialization/documentation/InsecureDeserialization_Task.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/deserialization/documentation/InsecureDeserialization_Task.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN" name="task"
|
<form class="attack-form" accept-charset="UNKNOWN" name="task"
|
||||||
|
@ -7,12 +7,12 @@
|
|||||||
|
|
||||||
<!-- 1 -->
|
<!-- 1 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/hijacksession/documentation/HijackSession_plan.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/hijacksession/documentation/HijackSession_plan.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- 2 -->
|
<!-- 2 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/hijacksession/documentation/HijackSession_content0.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/hijacksession/documentation/HijackSession_content0.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success">
|
<div class="assignment-success">
|
||||||
<i class="fa fa-2 fa-check hidden" aria-hidden="true"></i>
|
<i class="fa fa-2 fa-check hidden" aria-hidden="true"></i>
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<!-- reuse this block for each 'page' of content -->
|
<!-- reuse this block for each 'page' of content -->
|
||||||
<!-- include content here ... will be first page/tab multiple -->
|
<!-- include content here ... will be first page/tab multiple -->
|
||||||
<div class="adoc-content" th:replace="doc:HijackSession_solution.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:HijackSession_solution.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
@ -3,12 +3,12 @@
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/htmltampering/documentation/HtmlTampering_Intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/htmltampering/documentation/HtmlTampering_Intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<!-- stripped down without extra comments -->
|
<!-- stripped down without extra comments -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/htmltampering/documentation/HtmlTampering_Task.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/htmltampering/documentation/HtmlTampering_Task.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN" id="task" name="task"
|
<form class="attack-form" accept-charset="UNKNOWN" id="task" name="task"
|
||||||
@ -143,6 +143,6 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/htmltampering/documentation/HtmlTampering_Mitigation.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/htmltampering/documentation/HtmlTampering_Mitigation.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
</html>
|
</html>
|
||||||
|
@ -6,13 +6,13 @@
|
|||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/httpbasics/documentation/HttpBasics_plan.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/httpbasics/documentation/HttpBasics_plan.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<!-- reuse this block for each 'page' of content -->
|
<!-- reuse this block for each 'page' of content -->
|
||||||
<!-- sample ascii doc content for second page -->
|
<!-- sample ascii doc content for second page -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/httpbasics/documentation/HttpBasics_content1.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/httpbasics/documentation/HttpBasics_content1.adoc}"></div>
|
||||||
<!-- if including attack, reuse this section, leave classes in place -->
|
<!-- if including attack, reuse this section, leave classes in place -->
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
@ -42,7 +42,7 @@
|
|||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here. Content will be presented via asciidocs files,
|
<!-- include content here. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/httpbasics/documentation/HttpBasics_content2.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/httpbasics/documentation/HttpBasics_content2.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||||
|
@ -3,23 +3,23 @@
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/0overview.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/0overview.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/1proxysetupsteps.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/1proxysetupsteps.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/3browsersetup.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/3browsersetup.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/5configurefilterandbreakpoints.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/5configurefilterandbreakpoints.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/6assignment.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/6assignment.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN" name="intercept-request"
|
<form class="attack-form" accept-charset="UNKNOWN" name="intercept-request"
|
||||||
@ -36,15 +36,15 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/7resend.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/7resend.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/8httpsproxy.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/8httpsproxy.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/9manual.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/9manual.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/httpproxies/documentation/10burp.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/httpproxies/documentation/10burp.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
</html>
|
</html>
|
||||||
|
@ -4,14 +4,14 @@
|
|||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_login.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_login.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||||
@ -46,7 +46,7 @@
|
|||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_viewDiffs.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_viewDiffs.adoc}"></div>
|
||||||
<div class="nonattack-container">
|
<div class="nonattack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||||
@ -76,7 +76,7 @@
|
|||||||
<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
<!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||||
<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
|
<!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
|
||||||
<!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
|
<!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_whatDiffs.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_whatDiffs.adoc}"></div>
|
||||||
<!-- modify the action to point to the intended endpoint -->
|
<!-- modify the action to point to the intended endpoint -->
|
||||||
<form class="attack-form"
|
<form class="attack-form"
|
||||||
method="POST" name="diff-form"
|
method="POST" name="diff-form"
|
||||||
@ -96,7 +96,7 @@
|
|||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_viewOwnAltPath.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_viewOwnAltPath.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||||
@ -108,7 +108,7 @@
|
|||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
method="POST" name="form"
|
method="POST" name="form"
|
||||||
action="/WebGoat/IDOR/profile/alt-path">
|
action="/WebGoat/IDOR/profile/alt-path">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_inputAltPath.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_inputAltPath.adoc}"></div>
|
||||||
<input name="url" value="WebGoat/" type="text"/>
|
<input name="url" value="WebGoat/" type="text"/>
|
||||||
<input name="submit" value="Submit" type="SUBMIT"/>
|
<input name="submit" value="Submit" type="SUBMIT"/>
|
||||||
</form>
|
</form>
|
||||||
@ -123,7 +123,7 @@
|
|||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_viewOtherProfile.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_viewOtherProfile.adoc}"></div>
|
||||||
<div class="nonattack-container">
|
<div class="nonattack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||||
@ -147,7 +147,7 @@
|
|||||||
<!-- ... of course, you can move them if you want to, but that will not look consistent to other lessons -->
|
<!-- ... of course, you can move them if you want to, but that will not look consistent to other lessons -->
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_editOtherProfile.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_editOtherProfile.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
<!-- using attack-form class on your form, will allow your request to be ajaxified and stay within the display framework for webgoat -->
|
||||||
@ -176,7 +176,7 @@
|
|||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/idor/documentation/IDOR_mitigation.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/idor/documentation/IDOR_mitigation.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</html>
|
</html>
|
||||||
|
@ -6,12 +6,12 @@
|
|||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here. Content will be presented via asciidocs files,
|
<!-- include content here. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/insecurelogin/documentation/InsecureLogin_Intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/insecurelogin/documentation/InsecureLogin_Intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<!-- stripped down without extra comments -->
|
<!-- stripped down without extra comments -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/insecurelogin/documentation/InsecureLogin_Task.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/insecurelogin/documentation/InsecureLogin_Task.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<script th:src="@{/lesson_js/credentials.js}"></script>
|
<script th:src="@{/lesson_js/credentials.js}"></script>
|
||||||
|
@ -3,14 +3,14 @@
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
<body>
|
<body>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_plan.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_plan.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_structure.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_structure.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_decode.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_decode.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
|
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
|
||||||
<form id="decode" class="attack-form" method="POST" name="form" action="/WebGoat/JWT/decode">
|
<form id="decode" class="attack-form" method="POST" name="form" action="/WebGoat/JWT/decode">
|
||||||
@ -35,10 +35,10 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_login_to_token.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_login_to_token.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_signing.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_signing.adoc}"></div>
|
||||||
|
|
||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/jwt.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/jwt.css}"/>
|
||||||
<script th:src="@{/lesson_js/jwt-voting.js}" language="JavaScript"></script>
|
<script th:src="@{/lesson_js/jwt-voting.js}" language="JavaScript"></script>
|
||||||
@ -102,7 +102,7 @@
|
|||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="lesson-page-solution">
|
<div class="lesson-page-solution">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_signing_solution.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_signing_solution.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -112,7 +112,7 @@
|
|||||||
<link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}"/>
|
||||||
<script th:src="@{/js/quiz.js}" language="JavaScript"></script>
|
<script th:src="@{/js/quiz.js}" language="JavaScript"></script>
|
||||||
<link rel="import" type="application/json" th:href="@{/lesson_js/questions_jwt.json}"/>
|
<link rel="import" type="application/json" th:href="@{/lesson_js/questions_jwt.json}"/>
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_libraries_assignment.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_libraries_assignment.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="attack-feedback"></div>
|
<div class="attack-feedback"></div>
|
||||||
<div class="attack-output"></div>
|
<div class="attack-output"></div>
|
||||||
@ -134,18 +134,18 @@
|
|||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="lesson-page-solution">
|
<div class="lesson-page-solution">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_libraries_assignment2.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_libraries_assignment2.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="lesson-page-solution">
|
<div class="lesson-page-solution">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_libraries_solution.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_libraries_solution.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_weak_keys"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_weak_keys}"></div>
|
||||||
<script th:src="@{/lesson_js/jwt-weak-keys.js}" language="JavaScript"></script>
|
<script th:src="@{/lesson_js/jwt-weak-keys.js}" language="JavaScript"></script>
|
||||||
<pre id="secrettoken"></pre>
|
<pre id="secrettoken"></pre>
|
||||||
|
|
||||||
@ -173,11 +173,11 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_refresh.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_refresh.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_refresh_assignment.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_refresh_assignment.adoc}"></div>
|
||||||
|
|
||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/jwt.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/jwt.css}"/>
|
||||||
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
|
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
|
||||||
@ -299,7 +299,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_final.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_final.adoc}"></div>
|
||||||
|
|
||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/jwt.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/jwt.css}"/>
|
||||||
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
|
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
|
||||||
@ -359,7 +359,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/jwt/documentation/JWT_mitigation.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/jwt/documentation/JWT_mitigation.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
|
|
||||||
|
@ -82,7 +82,7 @@ green when the user solves the assignment. To make this work we need to add to t
|
|||||||
[source]
|
[source]
|
||||||
----
|
----
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lesson-template-attack.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lesson-template-attack.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
|
@ -9,16 +9,16 @@ green when the user solves the assignment. To make this work we need to add:
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/
|
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/
|
||||||
lesson-template-intro.adoc"></div>
|
lesson-template-intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/
|
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/
|
||||||
lesson-template-content.adoc"></div>
|
lesson-template-content.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/
|
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/
|
||||||
lesson-template-lesson-class.adoc"></div>
|
lesson-template-lesson-class.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
</html>
|
</html>
|
||||||
----
|
----
|
||||||
|
@ -5,7 +5,7 @@ You can include multiple adoc files in one page, by including them in the same `
|
|||||||
[source]
|
[source]
|
||||||
----
|
----
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lesson-template-video.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lesson-template-video.adoc}"></div>
|
||||||
<div class="adoc-content" th:replace="doc:lesson-template-video-more.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lesson-template-video-more.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
----
|
----
|
@ -4,38 +4,38 @@
|
|||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which go in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which go in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<!-- reuse the above lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse the above lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-content.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-content.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<!-- reuse the above lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse the above lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-video.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-video.adoc}"></div>
|
||||||
<!-- can use multiple adoc's in a page-wrapper if you want ... or not-->
|
<!-- can use multiple adoc's in a page-wrapper if you want ... or not-->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-video-more.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-video-more.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-lesson-class.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-lesson-class.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-glue.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-glue.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<!-- reuse the above lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse the above lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
<!-- include content here, or can be placed in another location. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-attack.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-attack.adoc}"></div>
|
||||||
|
|
||||||
<!-- WebGoat will automatically style and scaffold some functionality by using the div.attack-container as below -->
|
<!-- WebGoat will automatically style and scaffold some functionality by using the div.attack-container as below -->
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
@ -71,7 +71,7 @@
|
|||||||
see other lessons for other more complex examples -->
|
see other lessons for other more complex examples -->
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/lessontemplate/documentation/lesson-template-database.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/lessontemplate/documentation/lesson-template-database.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</html>
|
</html>
|
||||||
|
@ -6,12 +6,12 @@
|
|||||||
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
<!-- reuse this lesson-page-wrapper block for each 'page' of content in your lesson -->
|
||||||
<!-- include content here. Content will be presented via asciidocs files,
|
<!-- include content here. Content will be presented via asciidocs files,
|
||||||
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
which you put in src/main/resources/plugin/lessonplans/{lang}/{fileName}.adoc -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/logging/documentation/logging_intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/logging/documentation/logging_intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<!-- stripped down without extra comments -->
|
<!-- stripped down without extra comments -->
|
||||||
<div class="adoc-content" th:replace="doc:lessons/logging/documentation/logSpoofing_Task.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/logging/documentation/logSpoofing_Task.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN" name="task"
|
<form class="attack-form" accept-charset="UNKNOWN" name="task"
|
||||||
@ -30,10 +30,10 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/logging/documentation/sensitive_logging_intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/logging/documentation/sensitive_logging_intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/logging/documentation/logReading_Task.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/logging/documentation/logReading_Task.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN" name="task"
|
<form class="attack-form" accept-charset="UNKNOWN" name="task"
|
||||||
@ -50,6 +50,6 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/logging/documentation/more_logging.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/logging/documentation/more_logging.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
</html>
|
</html>
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/missingac/documentation/missing-function-ac-01-intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/missingac/documentation/missing-function-ac-01-intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/ac.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/ac.css}"/>
|
||||||
<div class="adoc-content" th:replace="doc:lessons/missingac/documentation/missing-function-ac-02-client-controls.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/missingac/documentation/missing-function-ac-02-client-controls.adoc}"></div>
|
||||||
|
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<nav class="navbar navbar-default">
|
<nav class="navbar navbar-default">
|
||||||
@ -70,7 +70,7 @@
|
|||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
|
|
||||||
<div class="adoc-content" th:replace="doc:lessons/missingac/documentation/missing-function-ac-03-users.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/missingac/documentation/missing-function-ac-03-users.adoc}"></div>
|
||||||
|
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
@ -92,7 +92,7 @@
|
|||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
|
|
||||||
<div class="adoc-content" th:replace="doc:lessons/missingac/documentation/missing-function-ac-04-users-fixed.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/missingac/documentation/missing-function-ac-04-users-fixed.adoc}"></div>
|
||||||
|
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
|
@ -3,10 +3,10 @@
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_plan.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_plan.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_simple.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_simple.adoc}"></div>
|
||||||
|
|
||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/password.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/password.css}"/>
|
||||||
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
|
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
|
||||||
@ -90,11 +90,11 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_wrong_message.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_wrong_message.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_known_questions.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_known_questions.adoc}"></div>
|
||||||
|
|
||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/password.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/password.css}"/>
|
||||||
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
|
<script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
|
||||||
@ -138,7 +138,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_SecurityQuestions.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_SecurityQuestions.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -168,7 +168,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_host_header.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_host_header.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
|
<img th:src="@{/images/wolf-enabled.png}" class="webwolf-enabled"/>
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
@ -260,6 +260,6 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/passwordreset/documentation/PasswordReset_mitigation.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/passwordreset/documentation/PasswordReset_mitigation.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
</html>
|
</html>
|
||||||
|
@ -5,11 +5,11 @@
|
|||||||
|
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_upload.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_upload.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<div class="upload-container">
|
<div class="upload-container">
|
||||||
@ -63,7 +63,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_upload_fix.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_upload_fix.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<div class="upload-container">
|
<div class="upload-container">
|
||||||
@ -118,7 +118,7 @@
|
|||||||
|
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_upload_remove_user_input.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_upload_remove_user_input.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<div class="upload-container">
|
<div class="upload-container">
|
||||||
@ -174,7 +174,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_retrieval.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_retrieval.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
|
|
||||||
<div class="container-fluid">
|
<div class="container-fluid">
|
||||||
@ -212,11 +212,11 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_zip_slip.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_zip_slip.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_zip_slip_assignment.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_zip_slip_assignment.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<div class="upload-container">
|
<div class="upload-container">
|
||||||
@ -271,7 +271,7 @@
|
|||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="lesson-page-solution">
|
<div class="lesson-page-solution">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/pathtraversal/documentation/PathTraversal_zip_slip_solution.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/pathtraversal/documentation/PathTraversal_zip_slip_solution.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -3,19 +3,19 @@
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/securepasswords/documentation/SecurePasswords_intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/securepasswords/documentation/SecurePasswords_intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/securepasswords/documentation/SecurePasswords_1.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/securepasswords/documentation/SecurePasswords_1.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/securepasswords/documentation/SecurePasswords_2.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/securepasswords/documentation/SecurePasswords_2.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/securepasswords/documentation/SecurePasswords_assignment_introduction.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/securepasswords/documentation/SecurePasswords_assignment_introduction.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -39,11 +39,11 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/securepasswords/documentation/SecurePasswords_3.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/securepasswords/documentation/SecurePasswords_3.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/securepasswords/documentation/SecurePasswords_4.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/securepasswords/documentation/SecurePasswords_4.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<script>
|
<script>
|
||||||
|
@ -9,12 +9,12 @@
|
|||||||
|
|
||||||
<!-- 1 -->
|
<!-- 1 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/spoofcookie/documentation/SpoofCookie_plan.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/spoofcookie/documentation/SpoofCookie_plan.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- 2 -->
|
<!-- 2 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/spoofcookie/documentation/SpoofCookie_content0.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/spoofcookie/documentation/SpoofCookie_content0.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success">
|
<div class="assignment-success">
|
||||||
<i class="fa fa-2 fa-check hidden" aria-hidden="true"></i>
|
<i class="fa fa-2 fa-check hidden" aria-hidden="true"></i>
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<!-- reuse this block for each 'page' of content -->
|
<!-- reuse this block for each 'page' of content -->
|
||||||
<!-- include content here ... will be first page/tab multiple -->
|
<!-- include content here ... will be first page/tab multiple -->
|
||||||
<div class="adoc-content" th:replace="doc:SpoofCookie_solution.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:SpoofCookie_solution.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
@ -5,12 +5,12 @@
|
|||||||
|
|
||||||
<!--Page 1-->
|
<!--Page 1-->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_plan.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_plan.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!--Page 2-->
|
<!--Page 2-->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content1.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content1.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -34,7 +34,7 @@
|
|||||||
|
|
||||||
<!--Page 3-->
|
<!--Page 3-->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content2.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content2.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -58,7 +58,7 @@
|
|||||||
|
|
||||||
<!--Page 4-->
|
<!--Page 4-->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content3.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content3.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -82,7 +82,7 @@
|
|||||||
|
|
||||||
<!--Page 5-->
|
<!--Page 5-->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content4.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content4.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -106,7 +106,7 @@
|
|||||||
|
|
||||||
<!--Page 6-->
|
<!--Page 6-->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content5_before.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content5_before.adoc}"></div>
|
||||||
<div>
|
<div>
|
||||||
<label for="username-preview">Username:</label>
|
<label for="username-preview">Username:</label>
|
||||||
<input id="preview-input" type="text" name="username" val=""/>
|
<input id="preview-input" type="text" name="username" val=""/>
|
||||||
@ -123,22 +123,22 @@
|
|||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
</div>
|
</div>
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content5_after.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content5_after.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!--Page 7-->
|
<!--Page 7-->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content6.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content6.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!--Page 8-->
|
<!--Page 8-->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content7.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content7.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!--Page 9-->
|
<!--Page 9-->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content11.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content11.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -183,7 +183,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content12.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content12.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -211,7 +211,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content8.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content8.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -239,7 +239,7 @@
|
|||||||
|
|
||||||
<!--Page 10-->
|
<!--Page 10-->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content9.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content9.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -267,7 +267,7 @@
|
|||||||
|
|
||||||
<!--Page 11-->
|
<!--Page 11-->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content10.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content10.adoc}"></div>
|
||||||
|
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
|
@ -5,17 +5,17 @@
|
|||||||
|
|
||||||
<!-- 1 -->
|
<!-- 1 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjectionAdvanced_plan.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjectionAdvanced_plan.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- 2 -->
|
<!-- 2 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content6.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content6.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- 3 -->
|
<!-- 3 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content6a.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content6a.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -51,10 +51,10 @@
|
|||||||
|
|
||||||
<!-- 4 -->
|
<!-- 4 -->
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content6c.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content6c.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_challenge.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_challenge.adoc}"></div>
|
||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/challenge.css}"/>
|
||||||
<script th:src="@{/lesson_js/challenge.js}" language="JavaScript"></script>
|
<script th:src="@{/lesson_js/challenge.js}" language="JavaScript"></script>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
@ -162,7 +162,7 @@
|
|||||||
<link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/css/quiz.css}"/>
|
||||||
<script th:src="@{/js/quiz.js}" language="JavaScript"></script>
|
<script th:src="@{/js/quiz.js}" language="JavaScript"></script>
|
||||||
<link rel="import" type="application/json" th:href="@{/lesson_js/questions.json}"/>
|
<link rel="import" type="application/json" th:href="@{/lesson_js/questions.json}"/>
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_quiz.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_quiz.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<div class="container-fluid">
|
<div class="container-fluid">
|
||||||
|
@ -4,23 +4,23 @@
|
|||||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/assignments.css}"/>
|
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/assignments.css}"/>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content7.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content7.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content8.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content8.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content9.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content9.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content10.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content10.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_jdbc_completion.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_jdbc_completion.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="/WebGoat/SqlInjectionMitigations/attack10a">
|
<form class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="/WebGoat/SqlInjectionMitigations/attack10a">
|
||||||
@ -40,7 +40,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_jdbc_newcode.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_jdbc_newcode.adoc}"></div>
|
||||||
<div class="attack-container" style="border: none !important; height: 100%; min-height: 300px;">
|
<div class="attack-container" style="border: none !important; height: 100%; min-height: 300px;">
|
||||||
<form id="codesubmit" style="height: 100%; min-height: 300px;" class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="/WebGoat/SqlInjectionMitigations/attack10b">
|
<form id="codesubmit" style="height: 100%; min-height: 300px;" class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="/WebGoat/SqlInjectionMitigations/attack10b">
|
||||||
<div>
|
<div>
|
||||||
@ -60,14 +60,14 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content11.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content11.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content12.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content12.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content12a.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content12a.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -90,7 +90,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content12b.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content12b.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -114,11 +114,11 @@
|
|||||||
|
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content13.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content13.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_order_by.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_order_by.adoc}"></div>
|
||||||
<script th:src="@{/lesson_js/assignment13.js}" language="JavaScript"></script>
|
<script th:src="@{/lesson_js/assignment13.js}" language="JavaScript"></script>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
@ -191,7 +191,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_content14.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_content14.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</html>
|
</html>
|
||||||
|
@ -3,11 +3,11 @@
|
|||||||
<html xmlns:th="http://www.thymeleaf.org">
|
<html xmlns:th="http://www.thymeleaf.org">
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/ssrf/documentation/SSRF_Intro.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/ssrf/documentation/SSRF_Intro.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/ssrf/documentation/SSRF_Task1.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/ssrf/documentation/SSRF_Task1.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -29,7 +29,7 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/ssrf/documentation/SSRF_Task2.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/ssrf/documentation/SSRF_Task2.adoc}"></div>
|
||||||
<div class="attack-container">
|
<div class="attack-container">
|
||||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||||
<form class="attack-form" accept-charset="UNKNOWN"
|
<form class="attack-form" accept-charset="UNKNOWN"
|
||||||
@ -51,6 +51,6 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="lesson-page-wrapper">
|
<div class="lesson-page-wrapper">
|
||||||
<div class="adoc-content" th:replace="doc:lessons/ssrf/documentation/SSRF_Prevent.adoc"></div>
|
<div class="adoc-content" th:replace="~{doc:lessons/ssrf/documentation/SSRF_Prevent.adoc}"></div>
|
||||||
</div>
|
</div>
|
||||||
</html>
|
</html>
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user