dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Detailed new lesson instructions

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@120 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64 2007-03-19 19:07:00 +00:00
parent 34fca43216
commit e2e98574b5
4 changed files with 154 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java
View File

@ -73,7 +73,7 @@ public abstract class LessonAdapter extends AbstractLesson
ec ec
.addElement(new Center().addElement(new H3() .addElement(new Center().addElement(new H3()
.addElement(new StringElement( .addElement(new StringElement(
"This lesson needs a creator.")))); "Detailed Lesson Creation Instructions."))));
ec.addElement(new P()); ec.addElement(new P());
ec ec
.addElement(new StringElement( .addElement(new StringElement(
@ -99,7 +99,9 @@ public abstract class LessonAdapter extends AbstractLesson
ec.addElement(pre); ec.addElement(pre);
} }
catch (Exception e) catch (Exception e)
{} {
e.printStackTrace();
}
} }
return (ec); return (ec);
} }

13
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java
View File

@ -46,9 +46,10 @@ public class NewLesson extends LessonAdapter
*/ */
protected Element createContent(WebSession s) protected Element createContent(WebSession s)
{ {
// just to get the generic how to text. return super.createContent(s);
makeSuccess(s); //makeSuccess(s);
return (new StringElement("Welcome to the WebGoat hall of fame !!")); //ec.addElement(new StringElement("Welcome to the WebGoat hall of fame !!"));
//return (ec);
} }
@ -80,4 +81,10 @@ public class NewLesson extends LessonAdapter
{ {
return ("How to add a new WebGoat lesson"); return ("How to add a new WebGoat lesson");
} }
public Element getCredits()
{
return super.getCustomCredits("Created by: Your name goes here!", new StringElement(""));
}
} }

9
webgoat/main/project/WebContent/lesson_plans/NewLesson.html
View File

@ -6,18 +6,11 @@
<!-- Start Instructions --> <!-- Start Instructions -->
Adding lessons to WebGoat is very easy. If you have an idea that would be suitable<br> Adding lessons to WebGoat is very easy. If you have an idea that would be suitable<br>
for a new lesson, follow these few simple instructions to implement it:<br><br> for a new lesson, follow these few simple instructions to implement it:<br><br>
* Download the source code from <a href="http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824">here.</a><br><br> * Download the source code from <a href="http://code.google.com/p/webgoat/">here.</a><br><br>
* Setup framework: follow the simple instructions in "HOW TO create the WebGoat workspace.txt" that comes with the project.<br><br> * Setup framework: follow the simple instructions in "HOW TO create the WebGoat workspace.txt" that comes with the project.<br><br>
* You need to add two files for each new lesson: <br> * You need to add two files for each new lesson: <br>
&nbsp;&nbsp;- YourLesson.java to org.owasp.webgoat.lessons<br> &nbsp;&nbsp;- YourLesson.java to org.owasp.webgoat.lessons<br>
&nbsp;&nbsp;- YourLesson.html to WebContent/lesson_plans<br><br> &nbsp;&nbsp;- YourLesson.html to WebContent/lesson_plans<br><br>
* YourLesson class must implement LessonAdapter and override the following methods:<br>
&nbsp;- createContent: Use the <a href="http://jakarta.apache.org/site/downloads/downloads_ecs.cgi">ECS package</a> to develop HTML presented to the user.<br>
&nbsp;- getCategory: Returns the category for which this lesson belongs (XSS, Injection flaws..etc)<br>
&nbsp;- getHints: List of hints you would like to pass on to the users to point them in the right direction.<br>
&nbsp;- getTitle: The title for your new lesson.<br>
&nbsp;- getCredits: Your name goes here.<br><br>
<!-- Stop Instructions --> <!-- Stop Instructions -->
<br> <br>

45
webgoat/main/project/doc/New Lesson Instructions.txt
View File

@ -1,11 +1,11 @@
How to write a new WebGoat lesson Detailed instructions for adding a lesson
All you have to do is implement the abstract methods in LessonAdapter. All you have to do is implement the abstract methods in LessonAdapter.
Follow the outline below. Follow the outline below.
WebGoat uses the Element Construction Set from the Jakarta project. WebGoat uses the Element Construction Set from the Jakarta project.
You should read up on the API for ECS at You should read up on the API for ECS at
http://www.peerfear.org/alexandria/content/html/javadoc/ecs/HEAD/index.html. http://jakarta.apache.org/site/downloads/downloads_ecs.cgi.
In addition you can look at the other lessons for examples of how to use the ECS. In addition you can look at the other lessons for examples of how to use the ECS.
@ -16,16 +16,8 @@ Step 1: Set up the framework
import org.apache.ecs.*; import org.apache.ecs.*;
import org.apache.ecs.html.*; import org.apache.ecs.html.*;
/** // Add copyright text - use text from another lesson
* Copyright (c) 2002 Free Software Foundation developed under the
* custody of the Open Web Application Security Project
* (http://www.owasp.org) This software package is published by OWASP
* under the GPL. You should read and accept the LICENSE before you
* use, modify and/or redistribute this software.
*
* @author jwilliams@aspectsecurity.com
* @created November 6, 2002
*/
public class NewLesson extends LessonAdapter public class NewLesson extends LessonAdapter
{ {
@ -79,7 +71,8 @@ below:
ElementContainer ec = new ElementContainer(); ElementContainer ec = new ElementContainer();
try try
{ {
// get some input from the user -- see ParameterParser for details // get some input from the user -- see ParameterParser
// for details
String userInput = s.getParser().getStringParameter(INPUT, ""); String userInput = s.getParser().getStringParameter(INPUT, "");
// do something with the input // do something with the input
@ -93,7 +86,7 @@ below:
// Tell the lesson tracker the lesson has completed. // Tell the lesson tracker the lesson has completed.
// This should occur when the user has 'hacked' the lesson. // This should occur when the user has 'hacked' the lesson.
getLessonTracker( s ).setCompleted( true ); makeSuccess(s);
} }
catch (Exception e) catch (Exception e)
@ -104,14 +97,15 @@ below:
return (ec); return (ec);
} }
ECS is quite powerful -- see the Encoding lesson for an example of how to use ECS is quite powerful -- see the Encoding lesson for an example of how
it to create a table with rows and rows of output. to use it to create a table with rows and rows of output.
Step 3: Implement the other methods Step 3: Implement the other methods
The other methods in the LessonAdapter class help the lesson plug into the overall The other methods in the LessonAdapter class help the lesson plug into
WebGoat framework. They are simple and should only take a few minutes to implement. the overall WebGoat framework. They are simple and should only take a
few minutes to implement.
public String getCategory() public String getCategory()
{ {
@ -177,18 +171,9 @@ WebGoat framework. They are simple and should only take a few minutes to implem
Step 4: Build and test Step 4: Build and test
Once you've implemented your new lesson, you can use ant to build and deploy Once you've implemented your new lesson, you can test the lesson by
your new web application. First you want to remove the webgoat .war *AND* starting the Tomcat server (within Eclipse). See the
the webgoat directory from your webapps directory. Then, from your webgoat "HOW TO create the WebGoat workspace.txt" document in the WebGoat root.
directory, type:
> ant install
This will compile your new lesson and "install" the path into Tomcat.
You only need to "install" once. If you make changes to the web application
and want to test them, you can use:
> ant reload