From d8100385b6cf99a9373e3d7c428b50af0cc9c948 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Thu, 14 Nov 2024 08:42:55 +0100 Subject: [PATCH] fix: automatically solve XSS mitigation (#1957) This PR moves the mitigation Java class into the correct package. The lesson was automatically solved because no assignments were found. Closes: #1943 --- .../container/service/LessonMenuService.java | 18 +----------------- .../CrossSiteScriptingLesson3.java | 2 +- .../CrossSiteScriptingLesson4.java | 2 +- .../CrossSiteScriptingMitigation.java | 2 +- 4 files changed, 4 insertions(+), 20 deletions(-) rename src/main/java/org/owasp/webgoat/lessons/xss/{ => mitigation}/CrossSiteScriptingLesson3.java (98%) rename src/main/java/org/owasp/webgoat/lessons/xss/{ => mitigation}/CrossSiteScriptingLesson4.java (98%) rename src/main/java/org/owasp/webgoat/lessons/xss/{ => mitigation}/CrossSiteScriptingMitigation.java (96%) diff --git a/src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java b/src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java index 51d9ec5d9..ac1902611 100644 --- a/src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java +++ b/src/main/java/org/owasp/webgoat/container/service/LessonMenuService.java @@ -30,10 +30,8 @@ package org.owasp.webgoat.container.service; import java.util.ArrayList; import java.util.Comparator; import java.util.List; -import java.util.Map; import lombok.AllArgsConstructor; import org.owasp.webgoat.container.CurrentUsername; -import org.owasp.webgoat.container.lessons.Assignment; import org.owasp.webgoat.container.lessons.Category; import org.owasp.webgoat.container.lessons.Lesson; import org.owasp.webgoat.container.lessons.LessonMenuItem; @@ -100,7 +98,7 @@ public class LessonMenuService { lessonItem.setLink(lesson.getLink()); lessonItem.setType(LessonMenuItemType.LESSON); LessonProgress lessonTracker = userTracker.getLessonProgress(lesson); - boolean lessonSolved = lessonCompleted(lessonTracker.getLessonOverview(), lesson); + boolean lessonSolved = lessonTracker.isLessonSolved(); lessonItem.setComplete(lessonSolved); categoryItem.addChild(lessonItem); } @@ -109,18 +107,4 @@ public class LessonMenuService { } return menu; } - - private boolean lessonCompleted(Map map, Lesson currentLesson) { - boolean result = true; - for (Map.Entry entry : map.entrySet()) { - Assignment storedAssignment = entry.getKey(); - for (Assignment lessonAssignment : currentLesson.getAssignments()) { - if (lessonAssignment.getName().equals(storedAssignment.getName())) { - result = result && entry.getValue(); - break; - } - } - } - return result; - } } diff --git a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java b/src/main/java/org/owasp/webgoat/lessons/xss/mitigation/CrossSiteScriptingLesson3.java similarity index 98% rename from src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java rename to src/main/java/org/owasp/webgoat/lessons/xss/mitigation/CrossSiteScriptingLesson3.java index fa3a0a3c2..574c7a401 100644 --- a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson3.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/mitigation/CrossSiteScriptingLesson3.java @@ -21,7 +21,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.lessons.xss; +package org.owasp.webgoat.lessons.xss.mitigation; import org.jsoup.Jsoup; import org.jsoup.nodes.Document; diff --git a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java b/src/main/java/org/owasp/webgoat/lessons/xss/mitigation/CrossSiteScriptingLesson4.java similarity index 98% rename from src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java rename to src/main/java/org/owasp/webgoat/lessons/xss/mitigation/CrossSiteScriptingLesson4.java index 1bf5fbe01..cd9341d9f 100644 --- a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingLesson4.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/mitigation/CrossSiteScriptingLesson4.java @@ -20,7 +20,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.lessons.xss; +package org.owasp.webgoat.lessons.xss.mitigation; import org.owasp.webgoat.container.assignments.AssignmentEndpoint; import org.owasp.webgoat.container.assignments.AssignmentHints; diff --git a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java b/src/main/java/org/owasp/webgoat/lessons/xss/mitigation/CrossSiteScriptingMitigation.java similarity index 96% rename from src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java rename to src/main/java/org/owasp/webgoat/lessons/xss/mitigation/CrossSiteScriptingMitigation.java index bf5b77763..b61c03a01 100644 --- a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScriptingMitigation.java +++ b/src/main/java/org/owasp/webgoat/lessons/xss/mitigation/CrossSiteScriptingMitigation.java @@ -21,7 +21,7 @@ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -package org.owasp.webgoat.lessons.xss; +package org.owasp.webgoat.lessons.xss.mitigation; import org.owasp.webgoat.container.lessons.Category; import org.owasp.webgoat.container.lessons.Lesson;