From debc1e4b737ead176267abe6ed0e19585921c5cb Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Thu, 23 Mar 2017 16:12:04 +0100 Subject: [PATCH] Added more for challenge 1 including input form group for flag --- .../org/owasp/webgoat/plugin/Challenge1.java | 56 ++++++++++++++++++ .../java/org/owasp/webgoat/plugin/Flag.java | 52 ++++++++++++++++ .../webgoat/plugin/SolutionConstants.java | 13 ++++ .../src/main/resources/html/Challenge.html | 17 +++++- .../resources/i18n/WebGoatLabels.properties | 1 + .../src/main/resources/images/webgoat2.png | Bin 35040 -> 89932 bytes 6 files changed, 137 insertions(+), 2 deletions(-) create mode 100644 webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Challenge1.java create mode 100644 webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java create mode 100644 webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Challenge1.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Challenge1.java new file mode 100644 index 000000000..2b2a4f1d4 --- /dev/null +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Challenge1.java @@ -0,0 +1,56 @@ +package org.owasp.webgoat.plugin; + +import org.owasp.webgoat.assignments.AssignmentEndpoint; +import org.owasp.webgoat.assignments.AssignmentPath; +import org.owasp.webgoat.assignments.AttackResult; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; + +import java.io.IOException; + +import static org.owasp.webgoat.plugin.SolutionConstants.PASSWORD; + +/** + * ************************************************************************************************ + * This file is part of WebGoat, an Open Web Application Security Project utility. For details, + * please see http://www.owasp.org/ + *

+ * Copyright (c) 2002 - 20014 Bruce Mayhew + *

+ * This program is free software; you can redistribute it and/or modify it under the terms of the + * GNU General Public License as published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License along with this program; if + * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + * 02111-1307, USA. + *

+ * Getting Source ============== + *

+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software + * projects. + *

+ * + * @author WebGoat + * @version $Id: $Id + * @since August 11, 2016 + */ +@AssignmentPath("/challenge/1") +public class Challenge1 extends AssignmentEndpoint { + + @RequestMapping(method = RequestMethod.POST) + public + @ResponseBody + AttackResult completed(@RequestParam String username, @RequestParam String password) throws IOException { + if (PASSWORD.equals(password)) { + return success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(1)).build(); + } + return failed().build(); + } +} diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java new file mode 100644 index 000000000..6ac1a0e62 --- /dev/null +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java @@ -0,0 +1,52 @@ +package org.owasp.webgoat.plugin; + +import com.google.common.collect.Maps; +import org.owasp.webgoat.assignments.Endpoint; +import org.owasp.webgoat.session.UserTracker; +import org.owasp.webgoat.session.WebSession; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseStatus; + +import javax.annotation.PostConstruct; +import java.util.Map; +import java.util.UUID; +import java.util.stream.IntStream; + +/** + * @author nbaars + * @since 3/23/17. + */ +public class Flag extends Endpoint { + + public static final Map FLAGS = Maps.newHashMap(); + @Autowired + private UserTracker userTracker; + @Autowired + private WebSession webSession; + + @PostConstruct + public void initFlags() { + IntStream.range(1, 4).forEach(i -> FLAGS.put(i, UUID.randomUUID().toString())); + } + + @Override + public String getPath() { + return "challenge/flag"; + } + + @RequestMapping(method = RequestMethod.POST) + @ResponseStatus(HttpStatus.OK) + public void postFlag(@RequestParam String flag, @RequestParam int challengeNumber) { + String expectedFlag = FLAGS.get(challengeNumber); + if (expectedFlag.equals(flag)) { + userTracker.assignmentSolved(webSession.getCurrentLesson(), "Challenge" + challengeNumber); + } else { + userTracker.assignmentFailed(webSession.getCurrentLesson()); + } + } + +} diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java new file mode 100644 index 000000000..dda05d492 --- /dev/null +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java @@ -0,0 +1,13 @@ +package org.owasp.webgoat.plugin; + +/** + * Interface with constants so we can easily change the flags + * + * @author nbaars + * @since 3/23/17. + */ +public interface SolutionConstants { + + String PASSWORD = "!!webgoat_admin_1234!!"; + +} diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge.html b/webgoat-lessons/challenge/src/main/resources/html/Challenge.html index b5a072d9b..76398ed1a 100644 --- a/webgoat-lessons/challenge/src/main/resources/html/Challenge.html +++ b/webgoat-lessons/challenge/src/main/resources/html/Challenge.html @@ -33,10 +33,23 @@ -

-
+ +
+
+
+
+ +
+
+ +
+ +
+
+
+ \ No newline at end of file diff --git a/webgoat-lessons/challenge/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/challenge/src/main/resources/i18n/WebGoatLabels.properties index cbae74dcb..7a0256c24 100644 --- a/webgoat-lessons/challenge/src/main/resources/i18n/WebGoatLabels.properties +++ b/webgoat-lessons/challenge/src/main/resources/i18n/WebGoatLabels.properties @@ -1 +1,2 @@ challenge.title=WebGoat Challenge +challenge.solved=Congratulations, you solved the challenge. Here is your flag: {0} diff --git a/webgoat-lessons/challenge/src/main/resources/images/webgoat2.png b/webgoat-lessons/challenge/src/main/resources/images/webgoat2.png index c53a1f75b4a3343f03014336462ba0fc6c2e4011..394793d4b4879927227af837fbd14b39e161547e 100644 GIT binary patch literal 89932 zcmeI5c|29^-|tODx{Vc*p@a;X$E|Ifw#?Huvs(#~F_GC8k|9cjRP4Aj&n0BY5SfdV zl5I@NkciC6S!-AKx$oEWd!FZY&iUgx&p8(_d)Jz-YhBm1*7~mR_5Hp-vBrj44D_7z z6ciK;I@(wq{JjAG8PM&9KMk{G@bDL<4^B&+qVxsV3w1SrK*m~95aOrexWK!8w0SKS@R}8FV@CdDYWmSgj3RdxQk8|U|J|w>d)~WV z_w)>(!JSxH6}=DB4%ou?=SObwxqV$5aY|G=R$IGJ6;r=c+R-oJ6;j#p=g$1AGjq>U zsIN3pRv7(opi(1ki6mZcWZ4*3PE`0I`j8{6*ehSV$d4}}A#OSMg$|!`kZ#`tx7yKq zSv|*L4T_EG86`0x+SOx>p9zaqt`gD#X*bLDFznV$!omCbJ>%qA&GLn!aH~1D6&u)^ zup4nknyKRnSZ1b1BP!iO3)W-GPW7pM>sM%WJSIlvV zUtvq5SuhS;PG80n1D|r|z2=d#h?txkB2?_(*VH6xPw>@3m8*E!EnHUU8aT92&ic0S zd2-W2<5BMr<-r=Q`wbpKXA1aK*4xXEQEo40FRo9U@JSdlCAjIJ%6Yx)#=;fOwzIia z<3!eYKbW}>wV9PE$J|X9Z&r5reDoo%c1&}td2;A^wbd8ZL=mm4W=iUgG9k2w6k^=J zXF0M9Q{Qu5nZ$Ob9uT$>S?aDzT3IXUw%q@2wW7nwmT=9}zbTwRJIejXae`uwAnALe zMg}4HqFgoiO7){!kJ8$Jw;p4$JIyqd1x7&xV#oIu52@8xh16ynbuEP|V**RFaT5&^ z3~B_@b&ThkxlF9dF*3m##ZZBnyD@PotjgO%r&1y5@kp+uk(c| z*VLR2h1I!U>A1VBDVX4I*E66}QQCPhEk-NO+MM6pptt9~XXBV^;@%~$?h%a-Z9f)o zha@eWdp{@T!6tMnw6f!o@C*6SMV>uv+ZsJy`R$J`=k1UvQ)VAkrzGf523dO2_A6)7 zayfF!zaZr1-dI2Tbn$Wc?i>5+8SZA2ZZol8`6MlPir1n|Z?}hi{&g{Wpy>R*@f=YI7^CVM~l)5zv7O))cN|| zi)}%58AEhqBO%c=l}5}J2XL$tCt8?!1jJ{v{kZpt*Wi0*#IQUZM;_YiT)*jP<~!pl z8Zj&PEWQ5^mKc9&PCI`w!5kx%__w?l%W3G2-Qm5|r0A_LTfB3?bRwcUWS869uA4WD zmEE{aLzw-U7&1Nw(fcs?Jn1@H+f@l&)`&m(03FVlO6wrbm@WjdF%f z^@&`4Z#2ac9=91IVsE%>k?qNWy4(@eAG0gpFZr5K5-*PrKRPnXcqggmOd5??FY9vC znC5O(o6tJpQNdcv2T9u9RrVPCaka}Q`A)s)Wf(nZs=3adbEiEHEp7dwdmt^jG?wR` zL{}D_@FP;ja=nkXRMl45yEk?2%02AR)quq_#>&Dj8CN?NlazN$d=ocuTGDDUoy;rp zPNqrrW}z1@8OQrzt8ak0m2aa{PZ%4as8;@1)WbeDvEU6h2vPLLlPb;844GdY9| ztkXK3V-VFa`o*o-ucxE_)YUum=Bjmt$Y%o`<{Uxi+_hql>9sq=2|Z6z=7pd!uZT|C zbUJdm& z)t>2!^yO%4E8n>q6{;#rl?NhzWewAh_hNnfOmj!N%?ypodcNkk51^=^Sfa$|2f=y+ zu5G=yglBr&XteHp>v(Y@5udPFZ6YIDQ{v$6{Mkyd?|8t#N@x1;w)LSV3FC^Y4%_97 zR^nPj<+GfMyJ-ZOk&hoKE*4V>IvG-ydylnvWxw|AFjFzzi@if(17 zJIm4Kd^Y9V>bZOUU#ND;xyEL7)$HOql~jG6Iv~hdMU<*NJ|~|$gwB0s(k?Er%VA-t zC52H7U6*nGpl4j_SyFMqeM)!yE7=@MW8Hy#F>jNyi>Eaz*GvcNiFSFp=HC<8w}z6= zCzO2IEVim$CIs?kyUGpAFIQJgR`lo;%p7_fSHG1?lUK=Xy5^YJn{`rjYD)FY?MEf>lVc`Pj705tz~fNM=|K}|@%KI6PyE05UuZSaaAwX~P!E6-G`0Ds zA|K9vy2Do#wL3tHI=>*-iMthbE5`T^w*Don^656Z2%G7a&SRH*_9a|JOC7l{Ul}L0 z>nLwmU{5{T*71GXW8Jy-?eG3Ch|k~o91~Fv5H|5oeN*NmMi@J%V(9Im6tls3lR=>D z*t!zUc+OREhXeIQv6`wY43MrRuXvYS&>It_t=BqZQLd}IZk>I*HTlfrNR9qW?|h$1 zylB|V2!+B;LUNKF?_rt`IrQqdKvq9UCY+MuSgSIQyp(5>I_{qrfdwnfdi+ zr45gp?PVT4(;=i-QJLmsToBE`xOGaRi{>ut9{h|0(aCo4lhp@Rg<9`cOn_f zxJtwtK9|jGowUu<-&eO7Dg401elQ>PC1)PR=Yw10R4zT+9sZO`g3GAcF7n_P?kcy0 z=>C8YB^^|=yt$^SAL8REgaXcq9hqtB?-XYCX^&1Gd|~>1H-+)R#C>yHoVSX&zns05 zDxp#Q?ZxL!d)Ge%J`b8aV9TAXVI2;*TjEf4(}kg6s(EWlWR8Yjgom?w?7s8k2BXJX zWlN8R;YV$tM2M^Atuk@Hxr%`|#qkO!vKna8Gu4`Ju=w3w&g%}OA5D+HkaC3@(#G$_ zw=sX}?N)ItY~6VC73V5*_Qu5(yW`&Zb6o=8b6WYeg`PjwPxLFU=C&+VW%SaeKcd!L zG$>y{-H(bXyvOrF;7OQ#1@p~N9_jH6VO3GYGa%|Dr=G4;3j-0=}`EI*1ZA#CbKC{GS428Z^Kra#X zZAHR`WH{rOd(L`zRiF1A^{&E)F9*f5-Q%a3?K?^o0`NAA_I%QKMb*mT6QAtaI|q*} z*dFe_N*J}~;KAzNe>BJcF?!)ESM;aTbPre@o)q(IbsD!k^ z`gt&>uxBWLHeR+-_G|>2V5h)F7x~KODn7U(E^pKH5^=)iQb+{HaXY&FP5&tNYFVtQ zW1H+JoyH|jXTJUZ#8K*UyR7sMAETp$3ugye{feL02YGmgjz3(9>s1>W6YtN8({`QE z2w)XUq#pMSXXX+W+%%6T?R-dj?(@uTB3zzEaR67?WjRJct95AY?6sN-{Pksnv;jTQ zz|N#K%6^_(Rv&3naE6?P{U+s0LaQ4|Qt16&E*W_l6zBV<&7^u&TRQmL%C?$DyVc|` zy;~DDmFG!S58isZPtwHRYX07&W+`K?Wj#WSxDJCz0m^}A@yO!QqBcuxFMwGmp=KxzxQ8>dEmRKJRANZs-vOoaJQS3Zcg zYt|;ovyWi9atxL@EIC=$^%MBzqQBj5%?)~fKs!euEJ5@<6-DdKEOrhN-*`HTH_Hxz zM7pI6in7WAAMFE^%8frl4%#--NZcRFIVc@B>yh7iTXxw+3co06cY`M8@}X9%E2}4V z&iUi!b1%nMUBJA5!npAy?QY_+Ykg_A7nAGOavopO)lph2e<&n$x_L@iMUoGrraDsP z=l)VU(FoJwpHfbYmCTd#FRX}A_@Gy4rZ|3$@!CNgf1&H6z@qn8mLA}PvXA&OsMxgo zC6~S&z$Uj*ur?b>uU79@8KYj`ZezFHLYo7))Z1q{?haa&q3Jb0n z-Q|jk@;>GK!smw5-e>sm^?9Ae>oP~hf-X%vl*GaO%&LZmcI~So%^!nvm^@ za^ma0D%to>sx+sGIV=4o4vHsYp;4tHBR@VL{JI$ueE#sq?#iwnyUF(n$|*;Q3!A&3 z(`j*EX99_e2P7!nZ3|oQ>Ei;+_l-ycC!MvM|6EpF^p)gLeC_a|^giX0|l8+n79u<~n5r&Q3`>-iPl8raN zZjga>HF?K7+t*dv?k}J?;@7>Z{**B^=+*f=&DQu%`{Z6DcQ?y>LW$ig@m(oH)GIi{P z>Y1VXnnA7Ls+|?_$yn$EF=OQE7DPBT7e1IO`z>)!$tI6Wn~pY#8j?SHkF8+bpu;V%Wtf{wn=Qb};=C&F*T{1`dz3U3PJz1!{o z`uFa?TmV0q^mW%zb1C!3U@r%Sj;0~DRNXEj7Pv%!O9Z$?fJ+3pM1V^KxI}-i8CN^1|-ga#2Jt{0}^LI z;tWWf0f{q!B?4F?fF%N0B7h|VSR#NW0$3vdAF)Iv(2DYye}WvK)9)Y+Nb?uV0j=nO znTCx21?J@s~_JBsAFhAd0A!9U38uK^k1BClLh*ng@ zkiic~tr7MET2UH<;2$6hNE@vvi+N>(R2IfSAO*lA2uKBuI*XZbfmA|}O(Cn}c91sA zgg{yaviutt0yVSlkBAXP|93$k58Ah3I)m9a3#Yqhv5ykR@a#;!CcNHl&JB zE0EG4?WLdXL8ezg=45;YWNq6BVG)1@WG#(U41ri6L+&@n0*#Wy!0il=GPI%$2C{9n zLMzH)ep4-wWoShdhRn8r3^$%2eMLS;xbKf4z1a722@11_jDCc80jd0Z$O~k^Ak+(_ zSIdzqBZvNpzd(lSuh<6UsE{G~)A~0F1F6$57zSj3&@hm~5FiHf-3AXU9GQv%nW>CH z8ZZ|FvOt;wjg+wj!F?f(=~sl??-wHjS!b&c;b2Y%d=(iYqzvSokc(R$u9G~5%*;Sq z#tG7U1}~MuAm|LFyAgT@r1E!s268emK?8y>L%65lOK7P9X%d8`ffSG6G?1R^gw&D6 zKdBn# zf+UNOdLvx~okE}-NGp=L9LS00Ss(=et3GJtTaNWc7Kbs&Qc z#&wV{F7v-3J0Sc|W(R~rpdFA&u{LB5V>=)`%n{n90ED#zaSpSK>Eq? zKw7GVeC(6IaUKwUa1uTW4D^6(eiA((wIL-)4?_B}1=2u{^l#7}$jKpR1Oq;hn*nlT zwT9qJUIFtzQ6ETs;N9U<{wMK++z9Y34<65OGyFn-AcYMg*S_pGq_zkH1j1`W+VE`# zE((4cNh60tXdsZmFB}MRcY-W_BSD~3$o3X66$Cmphx%D|BZPwt5jY5hH--%Pf8Kz} zh!E&hg*SW|;K`H_ct;^f3o@%eO#UHLI?1CGzQ`=cAhqAHPUPx_d7b1IuWLmKnC={et<_ZupeMR6|f&dfc*gM z2Vg${`{A!AF|Z$i{Q&$A!2baJ55WHb{12tT{{X++!-!JgfB26rB;bEQoQYum0`~oZ z`3o?A0p>5j`~{gq4(tbDKO8;`<}VPz3lRSRTL&Qi0mMIm_y-XGfPteAK>P!Ue?X$Y z;Ls=#|3Hp?`WI?hAbt{w31M!n^h#{~aK>Q?#p9J|AApZj7U;LCD z1^E{s|KcynRFHoG@-IOC1<2n7`I~UM3&`ID`J3c-C6K=f@;AxS?I3>>ILv0$h-x>e*pXkz<&VzhciRvmRd62mDFEpER+zng{$zz@J?E1Y-dKe-iK~o9w+?dMo=z zHHZ6(j|2WB;7iwp-fk7g!q$y9UvaK7XK!3wu{-XaKi4JjJ*SmlTj=>?{Y1awYHrI?RYose z`Xg%1MT7DM)cvTK!h1X)1fGQIka{zOb9)CY?1xI9^JR(t7mAQ0a!Nq=4d}iB-IgCf zw*>=qTYzp0&}{*JGobqhxa%9p^g7_K1MWKDt^@8m;I0GR*k7(ez+DI2by6uxa;14yADept3p~@knP%8uO;I0Gi`WA#2(qBZRIskVa0^D`LT?gECz+DI2b--Qkgwzo`*=b_VN`DEmf>fV~ zg(87kr6VIhK10@DH$#HY9|raVupbJ>4LaQNT84rD0r(%RARMqCfc*gM2Vg${`{67G zGH;jzx-G~oEu;ZSBeJ+s*ic8v;KIor57BOCgsKEt0Q*4}Zl1&BA25Fb><1}eKLGmy z*bl&d0QLhsAE6Ct0sEn70hyQZKAZ(~-+=BL(0v2CZ)g+>=)M8nHw)-=ejU(#1G;Z8 zgEe3U=)M8nH=z4wx{XFDVCo*W7y;ck!;L4%96lOl5C2JFjv-O7eLt4~`@sg-55Rta zf&L>;f&BpN2bj4+7zOqNupfZ^fXHH2UBJA50s;F0BXd+N2YwUayzi)Y6+V19 zD4y*eKh134QKArlw^_93lg2CloVH-^96YjMd${{59P+@ygVnwNXpaA5^ukxJ=ufBV z9wS%EANu}xr9$@5gJU7` z?SkI=w?8~ZsMO3!D){&FeA=gtN=O^5p9f1x1)ny22t$QvRG5cHrY=)jZ2))eEa>0qtxYgS?RxL8Cd;_pVtTd z3{r^eRT~)-@6U?UcAd}&U=>TG9`_7q<`Na$G><3kd`Nok^UQ4`T%Ja809V*$IYvRN zb!hGEH5dYUec2#wKo7=8C#_NT^W3ufNRxsyb%sy^s8WzBj2^O5H&_LM4;Qg0AVq>)xTg&YY_DRI87w zro+Ew-}Wse5;2~6eb}iqAgJF(V`if7y1;Ydm#U4>ng&u^$lW+K;-mUiTtn)X2Vo-2 zf4cHPv|Y0{NuGTK)0Jbe#9_(FvaX-NFBkpoers;f^8?yB0$~ZF=cy=KZ)UM`i1^0S zQM_4p2qe-iWl)d>R1c8#*ALn@(n#DN$~h<b18wG2#k@RZy zew8um_3bvc3^Z|xGO1sY3i|bk%dpjFl^=e@#waYfVsw`)DvJC{e8Xw)Gko~^yw2iv zWFr33v_rZ4;NdqS7X_#OOzFmYa)zZZHKYmIo+u~2?yHiG@1#om2`u8EfN@1pWLD9^ zf1-*Klv9op7dCf6r_%3BhWioJUs? zv2n^FrM*yi3pLR)Bv;@c&x)k5jk5JSk=9JndbyUh=d4{y3kk{8u@kC)pVW?pJ`gj0 z#lnRTrpkUxoKv#N~nKzvjzCKbI+lYsT)}tn;Ofq zxr`b46RGJ(`7v_b72XtF#*4FVnOxdJwEOG#kg@$?5td_=Q>yBy%yEP1%dgIe!fQ4e zg=ks3D0iJ#=S^p{h1U%DtDFchc z=2GU5QNTYsnugd?b-RdIV?!+ldQN(H5rd9476*SXz<&mGyWvm6Y#BWKMd^dnQl}_= z!8Joc!TekYt7aBJIe%*JYYS7(Q2!|l7R~8D`E_RaZhaBSxns;BsPhQdlliniDKh?s zRE5yrG_l8bjr>U((`3Km9eeR(;OdW6{}&tLm%d-BUYI7l-E6Gr z#RT80=nZ~RF*b*3+*4aght)yBC&oqF#qZgwWH%M&-GsDvd1h z@EP2Rl~vLEFztXXe1CrA7N6VKwGpR8rDL_V3so`oJEa}{5?&#d9e?i3zdAGbEQR_? z6J>?b4+knW(w0c#^+uMBapgpXAEFOA!iv4}wTt}t5)$H;b6@E2DF^BHJ#ecXt(Vnv z9M+)NsGd<06QW%`#`u}ASmi1q9gudjTo1!;%_JPWpWic1p4BX0CyCaQB4%lx@xAR?kE#Ndq^S1{d<-p zyD;@V=aorpSLy*_8pky?hX%bJ1-{&qbBDix)j2h(D-;;ha2y$yPM?t3(_B_pQ=47rK8>@aXm+$Ht?(=E*h`(S-@Vut zRF^SCH#QOyO;c&aTyX%$I&q?fnMXi;HrtPTk9ZBfXGRRm!*S%Hz0UQUj%L0yo}v-6 za?jHH|6qynm*%wd7Zc1eQi*@dd$F8`?${mPOHGR2`m)742TUg-szY|Uz3sYrvsl@U z+cbpPpNS#k)HiJKpFswn-jqgOXPeB?30KGu$>xxl_%8R@BgEz+(}mf10?(BoUM_1n z_v-bLaxUT9^CZpCsKPWIm7QekeWdD4H3P51uSe$^XPZV{V=+m2x5PJb6Q?Du7SqYRBJX6H zWN#LFp^`$U{N@`GQeC@f3J94vOraz*JR! z-Cq3TU5?=hzaquWz8)8Q%ofLmAFF(3^C^BE;ZJu-*w;l#DC`9Ju~8>H+%=O!$iOVrF4WnP&iv4;z>Q7z0LvOBHSBQKz&|%IIbk1EX_LyF~L!8j_BxPO*8uN;#bx%{dh0dx6d?pq}$BUsI2E}j{5+L3W_C4e0~tDH{jaV zdrNqxw~a>Y&bN*iClc`qi`6DFqBSKB?#`dB1pAH$46Jmf4{uu^YLYOnsOqp?&S)jB zMN~e^skoa)kQw>-k>X-8m7tR$Wx4lQi&yq*-%bvU8FnC0X6aty1p(vUVx{O-hPtyH zUCw7yzOA0S*Z+lTmz-;CR#(j~o>NKH=cxmNoK-}r+T(NbxkKpOS0?S^0=pa*hFVe> zwa|4L=MQ?urJf}f7u=_G$G?)zp)}SV$QScADZ6-DqjJr3u%2j_muvn#fqiQz>3l-T zm(60U+GRo@Z?>!4u>5j$#biZ~PQlEfw{i7bsWf?&%%*FOiM?4TMW?1z&s@IM;#9g^ zVLHNq<<@>w0zWxs62(Z=jt4vrwVWO_krsd7VaZs|OBxo2O(RkYNR`|_1>QoD}w zb_Mp-qir4Er#;r4Yv2Cv|AP4ZozF25rWhyhj{;ag&akIV5qh~sV6e}vzoQw;i8CW;y_U-M|)2-^%>T$J?+F#&~I>+JV z$)aj9bmLAWV;NV8Si|SCnXQwydHVb679)ip0GG&sh5b#;|`ifO=N}4hUgt_qwFz%yv6*aXjIybCdc?a4(fY4LKh`vt|U3O=xlRp>10RF-`;$;U70qe=T4tl z;xdLp-zfl5A|OfxM2UbX5fCK;qC`NH2#68^Q6eBp1Vo8|C=n1P0-{7flt^hLaEX+O z`^{AhyeW=XIFZ#rlb)&8e1paB?s8stAcztHi8CN^1|-ga#2Jt{^Y7&F{OiOS`u_o! CvIQsr delta 97 zcmX@JkM+SsrVSOoo9(66F}f=#l&2=8=O>mZq~#>0E0m{KM}{O<_*LcP`nzP8_=h+e zMP?cpMCFEM`Gn+T`-fzgL}j@eMrI|O`sIci`(`