From e2e98574b54811385e6837a2b1dba319aa4b3f64 Mon Sep 17 00:00:00 2001
From: mayhew64 <mayhew64@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Mon, 19 Mar 2007 19:07:00 +0000
Subject: [PATCH] Detailed new lesson instructions

git-svn-id: http://webgoat.googlecode.com/svn/trunk@120 4033779f-a91e-0410-96ef-6bf7bf53c507
---
 .../owasp/webgoat/lessons/LessonAdapter.java  |   6 +-
 .../org/owasp/webgoat/lessons/NewLesson.java  |  13 +-
 .../WebContent/lesson_plans/NewLesson.html    |   9 +-
 .../project/doc/New Lesson Instructions.txt   | 293 +++++++++---------
 4 files changed, 154 insertions(+), 167 deletions(-)

diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java
index 1d896d222..1a1226a39 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java	
@@ -73,7 +73,7 @@ public abstract class LessonAdapter extends AbstractLesson
 	ec
 		.addElement(new Center().addElement(new H3()
 			.addElement(new StringElement(
-				"This lesson needs a creator."))));
+				"Detailed Lesson Creation Instructions."))));
 	ec.addElement(new P());
 	ec
 		.addElement(new StringElement(
@@ -99,7 +99,9 @@ public abstract class LessonAdapter extends AbstractLesson
 		ec.addElement(pre);
 	    }
 	    catch (Exception e)
-	    {}
+	    {
+	    	e.printStackTrace();
+	    }
 	}
 	return (ec);
     }
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java
index 1178a3ec3..11a34c44c 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java	
@@ -46,9 +46,10 @@ public class NewLesson extends LessonAdapter
      */
     protected Element createContent(WebSession s)
     {
-	// just to get the generic how to text.
-	makeSuccess(s);
-	return (new StringElement("Welcome to the WebGoat hall of fame !!"));
+	return super.createContent(s);
+	//makeSuccess(s);
+	//ec.addElement(new StringElement("Welcome to the WebGoat hall of fame !!"));
+	//return (ec);
     }
 
 
@@ -80,4 +81,10 @@ public class NewLesson extends LessonAdapter
     {
 	return ("How to add a new WebGoat lesson");
     }
+    
+    public Element getCredits()
+    {
+	return super.getCustomCredits("Created by: Your name goes here!", new StringElement(""));
+    }
+
 }
diff --git a/ webgoat/main/project/WebContent/lesson_plans/NewLesson.html b/ webgoat/main/project/WebContent/lesson_plans/NewLesson.html
index b2d62b68f..fff75b625 100644
--- a/ webgoat/main/project/WebContent/lesson_plans/NewLesson.html	
+++ b/ webgoat/main/project/WebContent/lesson_plans/NewLesson.html	
@@ -6,18 +6,11 @@
 <!-- Start Instructions -->
 Adding lessons to WebGoat is very easy. If you have an idea that would be suitable<br> 
 for a new lesson, follow these few simple instructions to implement it:<br><br>
-* Download the source code from <a href="http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824">here.</a><br><br>
+* Download the source code from <a href="http://code.google.com/p/webgoat/">here.</a><br><br>
 * Setup framework: follow the simple instructions in "HOW TO create the WebGoat workspace.txt" that comes with the project.<br><br>
 * You need to add two files for each new lesson: <br>
 &nbsp;&nbsp;- YourLesson.java to org.owasp.webgoat.lessons<br>
 &nbsp;&nbsp;- YourLesson.html to WebContent/lesson_plans<br><br>
-* YourLesson class must implement LessonAdapter and override the following methods:<br>
-&nbsp;- createContent: Use the <a href="http://jakarta.apache.org/site/downloads/downloads_ecs.cgi">ECS package</a> to develop HTML presented to the user.<br>
-&nbsp;- getCategory: Returns the category for which this lesson belongs (XSS, Injection flaws..etc)<br>
-&nbsp;- getHints: List of hints you would like to pass on to the users to point them in the right direction.<br>
-&nbsp;- getTitle: The title for your new lesson.<br>
-&nbsp;- getCredits: Your name goes here.<br><br>
-
 <!-- Stop Instructions -->
 <br>
  
diff --git a/ webgoat/main/project/doc/New Lesson Instructions.txt b/ webgoat/main/project/doc/New Lesson Instructions.txt
index 123a45888..1f8cd5246 100644
--- a/ webgoat/main/project/doc/New Lesson Instructions.txt	
+++ b/ webgoat/main/project/doc/New Lesson Instructions.txt	
@@ -1,63 +1,55 @@
-How to write a new WebGoat lesson
+Detailed instructions for adding a lesson
 
 All you have to do is implement the abstract methods in LessonAdapter.  
 Follow the outline below.
 
 WebGoat uses the Element Construction Set from the Jakarta project.  
 You should read up on the API for ECS at 
-http://www.peerfear.org/alexandria/content/html/javadoc/ecs/HEAD/index.html.
+http://jakarta.apache.org/site/downloads/downloads_ecs.cgi.
 In addition you can look at the other lessons for examples of how to use the ECS.
 
 
 
 Step 1: Set up the framework
 
-		import java.util.*;
-		import org.apache.ecs.*;
-		import org.apache.ecs.html.*;
-		
-		/**
-		 *  Copyright (c) 2002 Free Software Foundation developed under the 
-		 *  custody of the Open Web Application Security Project 
-		 *  (http://www.owasp.org) This software package is published by OWASP
-		 *  under the GPL. You should read and accept the LICENSE before you 
-		 *  use, modify and/or redistribute this software.
-		 *
-		 * @author     jwilliams@aspectsecurity.com
-		 * @created    November 6, 2002
-		 */
-		public class NewLesson extends LessonAdapter
-		{
-		
-			protected Element createContent(WebSession s)
-			{
-				return( new StringElement( "Hello World" ) );
-			}
-		
-			public String getCategory()
-			{
-			}
-		
-			protected List getHints()
-			{
-			}
-		
-			protected String getInstructions()
-			{
-			}
-		
-			protected Element getMenuItem()
-			{
-			}
-		
-			protected Integer getRanking()
-			{
-			}
-		
-			public String getTitle()
-			{
-			}
-		}
+import java.util.*;
+import org.apache.ecs.*;
+import org.apache.ecs.html.*;
+
+// Add copyright text - use text from another lesson 
+
+public class NewLesson extends LessonAdapter
+{
+
+	protected Element createContent(WebSession s)
+	{
+		return( new StringElement( "Hello World" ) );
+	}
+
+	public String getCategory()
+	{
+	}
+
+	protected List getHints()
+	{
+	}
+
+	protected String getInstructions()
+	{
+	}
+
+	protected Element getMenuItem()
+	{
+	}
+
+	protected Integer getRanking()
+	{
+	}
+
+	public String getTitle()
+	{
+	}
+}
 		
 
 
@@ -71,124 +63,117 @@ should be handled on a single page, so you'll need to design your lesson to
 work that way.  A good generic pattern for the createContent method is shown 
 below:
 
-	// define a constant for the field name
-	private static final String INPUT = "input";
-		
-	protected Element createContent(WebSession s)
-	{
-		ElementContainer ec = new ElementContainer();
-		try
-		{
-			// get some input from the user -- see ParameterParser for details
-			String userInput = s.getParser().getStringParameter(INPUT, "");
-
-			// do something with the input
-			//   -- SQL query?
-			//   -- Runtime.exec?
-			//   -- Some other dangerous thing
-				
-			// generate some output -- a string and an input field
-			ec.addElement(new StringElement("Enter a string: "));
-			ec.addElement( new Input(Input.TEXT, INPUT, userInput) );
-				
-			// Tell the lesson tracker the lesson has completed.
-			// This should occur when the user has 'hacked' the lesson.
-			getLessonTracker(  s ).setCompleted( true );
-
-		}
-		catch (Exception e)
-		{
-			s.setMessage("Error generating " + this.getClass().getName());
-			e.printStackTrace();
-		}
-		return (ec);
-	}
+// define a constant for the field name
+private static final String INPUT = "input";
 	
-ECS is quite powerful -- see the Encoding lesson for an example of how to use 
-it to create a table with rows and rows of output.
+protected Element createContent(WebSession s)
+{
+	ElementContainer ec = new ElementContainer();
+	try
+	{
+		// get some input from the user -- see ParameterParser 
+		// for details
+		String userInput = s.getParser().getStringParameter(INPUT, "");
+
+		// do something with the input
+		//   -- SQL query?
+		//   -- Runtime.exec?
+		//   -- Some other dangerous thing
+			
+		// generate some output -- a string and an input field
+		ec.addElement(new StringElement("Enter a string: "));
+		ec.addElement( new Input(Input.TEXT, INPUT, userInput) );
+			
+		// Tell the lesson tracker the lesson has completed.
+		// This should occur when the user has 'hacked' the lesson.
+		makeSuccess(s);
+
+	}
+	catch (Exception e)
+	{
+		s.setMessage("Error generating " + this.getClass().getName());
+		e.printStackTrace();
+	}
+	return (ec);
+}
+	
+ECS is quite powerful -- see the Encoding lesson for an example of how 
+to use it to create a table with rows and rows of output.
 
 
 Step 3: Implement the other methods
 
-The other methods in the LessonAdapter class help the lesson plug into the overall
-WebGoat framework.  They are simple and should only take a few minutes to implement.
+The other methods in the LessonAdapter class help the lesson plug into 
+the overall WebGoat framework.  They are simple and should only take a 
+few minutes to implement.
 
-		public String getCategory()
-		{
-			// The default category is "General" Only override this
-			// method if you wish to create a new category or if you
-			// wish this lesson to reside within a category other the
-			// "General"
-				
-			return( "NewCategory" );  // or use an existing category
-		}
+public String getCategory()
+{
+	// The default category is "General" Only override this
+	// method if you wish to create a new category or if you
+	// wish this lesson to reside within a category other the
+	// "General"
 		
-		protected List getHints()
-		{
-			// Hints will be returned to the user in the order they 
-			// appear below.  The user must click on the "next hint"
-			// button before the hint will be displayed.
-				
-			List hints = new ArrayList();
-			hints.add("A general hint to put users on the right track");
-			hints.add("A hint that gives away a little piece of the problem");
-			hints.add("A hint that basically gives the answer");
-			return hints;
-		}
-		
-		protected String getInstructions()
-		{
-			// Instructions will rendered as html and will appear below
-			// the area and above the actual lesson area.
-			// Instructions should provide the user with the general setup
-			// and goal of the lesson.
-				
-			return("The text that goes at the top of the page");
-		}
-		
-		protected Element getMenuItem()
-		{
-			// This is the text of the link that will appear on
-			// the left hand menus under the appropriate category.
-			// Their is a limited amount of horizontal space in
-			// this area before wrapping will occur.
-				
-			return( "MyLesson" );
-		}
-		
-		protected Integer getRanking()
-		{
-			// The ranking denotes the order in which the menu item
-			// will appear in menu list for each category.  The lowest
-			// number will appear as the first lesson.
-				
-			return new Integer(10);
-		}
+	return( "NewCategory" );  // or use an existing category
+}
 
-		public String getTitle()
-		{
-			// The title of the lesson.  This will appear above the
-			// control area at the top of the page.  This field will
-			// be rendered as html.
-				
-			return ("My Lesson's Short Title");
-		}
+protected List getHints()
+{
+	// Hints will be returned to the user in the order they 
+	// appear below.  The user must click on the "next hint"
+	// button before the hint will be displayed.
+		
+	List hints = new ArrayList();
+	hints.add("A general hint to put users on the right track");
+	hints.add("A hint that gives away a little piece of the problem");
+	hints.add("A hint that basically gives the answer");
+	return hints;
+}
+
+protected String getInstructions()
+{
+	// Instructions will rendered as html and will appear below
+	// the area and above the actual lesson area.
+	// Instructions should provide the user with the general setup
+	// and goal of the lesson.
+		
+	return("The text that goes at the top of the page");
+}
+
+protected Element getMenuItem()
+{
+	// This is the text of the link that will appear on
+	// the left hand menus under the appropriate category.
+	// Their is a limited amount of horizontal space in
+	// this area before wrapping will occur.
+		
+	return( "MyLesson" );
+}
+
+protected Integer getRanking()
+{
+	// The ranking denotes the order in which the menu item
+	// will appear in menu list for each category.  The lowest
+	// number will appear as the first lesson.
+		
+	return new Integer(10);
+}
+
+public String getTitle()
+{
+	// The title of the lesson.  This will appear above the
+	// control area at the top of the page.  This field will
+	// be rendered as html.
+		
+	return ("My Lesson's Short Title");
+}
 
 
 Step 4: Build and test
 
-Once you've implemented your new lesson, you can use ant to build and deploy 
-your new web application.  First you want to remove the webgoat .war *AND* 
-the webgoat directory from your webapps directory.  Then, from your webgoat 
-directory, type:
-
-	> ant install
-	
-This will compile your new lesson and "install" the path into Tomcat.  
-You only need to "install" once.  If you make changes to the web application 
-and want to test them, you can use:
-
-	> ant reload
+Once you've implemented your new lesson, you can test the lesson by
+starting the Tomcat server (within Eclipse). See the
+"HOW TO create the WebGoat workspace.txt" document in the WebGoat root.