merge of upstream, conflict resolution
This commit is contained in:
@ -4,6 +4,7 @@ import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.util.FileSystemUtils;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
import java.io.File;
|
||||
@ -23,14 +24,10 @@ public class CleanupLocalProgressFiles {
|
||||
@PostConstruct
|
||||
public void clean() {
|
||||
File dir = new File(webgoatHome);
|
||||
if (dir.exists()) {
|
||||
File[] progressFiles = dir.listFiles(f -> f.getName().endsWith(".progress"));
|
||||
if (progressFiles != null) {
|
||||
log.info("Removing stored user preferences...");
|
||||
for (File f : progressFiles) {
|
||||
f.delete();
|
||||
}
|
||||
}
|
||||
//do it safe, check whether the subdir mongodb is available as subdirectory
|
||||
File[] mongoDir = dir.listFiles(f -> f.isDirectory() && f.getName().contains("mongodb"));
|
||||
if (mongoDir != null && mongoDir.length == 1) {
|
||||
FileSystemUtils.deleteRecursively(dir);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -124,6 +124,7 @@ public class MvcConfiguration extends WebMvcConfigurerAdapter {
|
||||
registry.addResourceHandler("/images/**").addResourceLocations("classpath:/images/");
|
||||
registry.addResourceHandler("/lesson_js/**").addResourceLocations("classpath:/js/");
|
||||
registry.addResourceHandler("/lesson_css/**").addResourceLocations("classpath:/css/");
|
||||
registry.addResourceHandler("/video/**").addResourceLocations("classpath:/video/");
|
||||
super.addResourceHandlers(registry);
|
||||
}
|
||||
|
||||
|
@ -25,11 +25,10 @@
|
||||
|
||||
package org.owasp.webgoat.assignments;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import org.apache.commons.lang3.StringEscapeUtils;
|
||||
import org.owasp.webgoat.i18n.PluginMessages;
|
||||
|
||||
@AllArgsConstructor
|
||||
public class AttackResult {
|
||||
|
||||
public static class AttackResultBuilder {
|
||||
@ -89,6 +88,11 @@ public class AttackResult {
|
||||
@Getter
|
||||
private String output;
|
||||
|
||||
public AttackResult(boolean lessonCompleted, String feedback, String output) {
|
||||
this.lessonCompleted = lessonCompleted;
|
||||
this.feedback = StringEscapeUtils.escapeJson(feedback);
|
||||
this.output = StringEscapeUtils.escapeJson(output);
|
||||
}
|
||||
|
||||
public static AttackResultBuilder builder(PluginMessages messages) {
|
||||
return new AttackResultBuilder(messages);
|
||||
|
@ -33,7 +33,6 @@ package org.owasp.webgoat.controller;
|
||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||
import org.owasp.webgoat.session.Course;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Controller;
|
||||
@ -77,8 +76,8 @@ public class StartLesson {
|
||||
// I will set here the thymeleaf fragment location based on the resource requested.
|
||||
ModelAndView model = new ModelAndView();
|
||||
SecurityContext context = SecurityContextHolder.getContext(); //TODO this should work with the security roles of Spring
|
||||
GrantedAuthority authority = context.getAuthentication().getAuthorities().iterator().next();
|
||||
String path = request.getServletPath(); // we now got /a/b/c/AccessControlMatrix.lesson
|
||||
//GrantedAuthority authority = context.getAuthentication().getAuthorities().iterator().next();
|
||||
String path = request.getRequestURL().toString(); // we now got /a/b/c/AccessControlMatrix.lesson
|
||||
String lessonName = path.substring(path.lastIndexOf('/') + 1, path.indexOf(".lesson"));
|
||||
List<AbstractLesson> lessons = course.getLessons();
|
||||
Optional<AbstractLesson> lesson = lessons.stream()
|
||||
|
@ -1,6 +1,6 @@
|
||||
package org.owasp.webgoat.lessons;
|
||||
|
||||
import lombok.Getter;
|
||||
import com.google.common.collect.Lists;
|
||||
import lombok.Setter;
|
||||
import org.owasp.webgoat.session.Screen;
|
||||
|
||||
@ -44,10 +44,16 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
|
||||
|
||||
private Integer ranking;
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
private List<Assignment> assignments;
|
||||
|
||||
public List<Assignment> getAssignments() {
|
||||
if (assignments == null) {
|
||||
return Lists.newArrayList();
|
||||
}
|
||||
return assignments;
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructor for the Lesson object
|
||||
*/
|
||||
|
@ -52,7 +52,7 @@ public enum Category {
|
||||
INSECURE_CONFIGURATION("Insecure Configuration", new Integer(1400)),
|
||||
INSECURE_STORAGE("Insecure Storage", new Integer(1500)),
|
||||
MALICIOUS_EXECUTION("Malicious Execution", new Integer(1600)),
|
||||
PARAMETER_TAMPERING("Parameter Tampering", new Integer(1700)),
|
||||
CLIENT_SIDE("Client side", new Integer(1700)),
|
||||
SESSION_MANAGEMENT("Session Management Flaws", new Integer(1800)),
|
||||
WEB_SERVICES("Web Services", new Integer(1900)),
|
||||
VULNERABLE_COMPONENTS("Vulnerable Components - A9", new Integer(1950)),
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -16,7 +16,7 @@ security.enable-csrf=false
|
||||
spring.resources.cache-period=0
|
||||
spring.thymeleaf.cache=false
|
||||
|
||||
webgoat.clean=true
|
||||
webgoat.clean=false
|
||||
webgoat.server.directory=${user.home}/.webgoat/
|
||||
webgoat.user.directory=${user.home}/.webgoat/
|
||||
webgoat.build.version=@project.version@
|
||||
@ -29,6 +29,7 @@ webgoat.database.driver=org.hsqldb.jdbcDriver
|
||||
webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
|
||||
webgoat.default.language=en
|
||||
|
||||
|
||||
spring.data.mongodb.database=webgoat
|
||||
spring.mongodb.embedded.storage.databaseDir=${webgoat.user.directory}/mongodb/
|
||||
|
||||
|
@ -80,7 +80,9 @@ define(['jquery',
|
||||
var self = this;
|
||||
// TODO custom Data prep for submission
|
||||
var prepareDataFunctionName = $(curForm).attr('prepareData');
|
||||
var callbackFunctionName = $(curForm).attr('callback');
|
||||
var submitData = (typeof webgoat.customjs[prepareDataFunctionName] === 'function') ? webgoat.customjs[prepareDataFunctionName]() : $(curForm).serialize();
|
||||
var callbackFunction = (typeof webgoat.customjs[callbackFunctionName] === 'function') ? webgoat.customjs[callbackFunctionName] : function() {};
|
||||
// var submitData = this.$form.serialize();
|
||||
this.curForm = curForm;
|
||||
this.$curFeedback = $(curForm).closest('.attack-container').find('.attack-feedback');
|
||||
@ -93,14 +95,16 @@ define(['jquery',
|
||||
url:formUrl,
|
||||
method:formMethod,
|
||||
contentType:contentType,
|
||||
data: submitData
|
||||
data: submitData,
|
||||
complete: function (data) {
|
||||
callbackFunction();
|
||||
}
|
||||
}).then(self.onSuccessResponse.bind(self), self.onErrorResponse.bind(self));
|
||||
return false;
|
||||
},
|
||||
|
||||
onSuccessResponse: function(data) {
|
||||
this.renderFeedback(data.feedback);
|
||||
|
||||
this.renderOutput(data.output || "");
|
||||
//TODO: refactor back assignmentCompleted in Java
|
||||
if (data.lessonCompleted || data.assignmentCompleted) {
|
||||
|
Reference in New Issue
Block a user