Detailed new lesson instructions
git-svn-id: http://webgoat.googlecode.com/svn/trunk@120 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
parent
34fca43216
commit
e2e98574b5
@ -73,7 +73,7 @@ public abstract class LessonAdapter extends AbstractLesson
|
||||
ec
|
||||
.addElement(new Center().addElement(new H3()
|
||||
.addElement(new StringElement(
|
||||
"This lesson needs a creator."))));
|
||||
"Detailed Lesson Creation Instructions."))));
|
||||
ec.addElement(new P());
|
||||
ec
|
||||
.addElement(new StringElement(
|
||||
@ -99,7 +99,9 @@ public abstract class LessonAdapter extends AbstractLesson
|
||||
ec.addElement(pre);
|
||||
}
|
||||
catch (Exception e)
|
||||
{}
|
||||
{
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
return (ec);
|
||||
}
|
||||
|
||||
@ -46,9 +46,10 @@ public class NewLesson extends LessonAdapter
|
||||
*/
|
||||
protected Element createContent(WebSession s)
|
||||
{
|
||||
// just to get the generic how to text.
|
||||
makeSuccess(s);
|
||||
return (new StringElement("Welcome to the WebGoat hall of fame !!"));
|
||||
return super.createContent(s);
|
||||
//makeSuccess(s);
|
||||
//ec.addElement(new StringElement("Welcome to the WebGoat hall of fame !!"));
|
||||
//return (ec);
|
||||
}
|
||||
|
||||
|
||||
@ -80,4 +81,10 @@ public class NewLesson extends LessonAdapter
|
||||
{
|
||||
return ("How to add a new WebGoat lesson");
|
||||
}
|
||||
|
||||
public Element getCredits()
|
||||
{
|
||||
return super.getCustomCredits("Created by: Your name goes here!", new StringElement(""));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -6,18 +6,11 @@
|
||||
<!-- Start Instructions -->
|
||||
Adding lessons to WebGoat is very easy. If you have an idea that would be suitable<br>
|
||||
for a new lesson, follow these few simple instructions to implement it:<br><br>
|
||||
* Download the source code from <a href="http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824">here.</a><br><br>
|
||||
* Download the source code from <a href="http://code.google.com/p/webgoat/">here.</a><br><br>
|
||||
* Setup framework: follow the simple instructions in "HOW TO create the WebGoat workspace.txt" that comes with the project.<br><br>
|
||||
* You need to add two files for each new lesson: <br>
|
||||
- YourLesson.java to org.owasp.webgoat.lessons<br>
|
||||
- YourLesson.html to WebContent/lesson_plans<br><br>
|
||||
* YourLesson class must implement LessonAdapter and override the following methods:<br>
|
||||
- createContent: Use the <a href="http://jakarta.apache.org/site/downloads/downloads_ecs.cgi">ECS package</a> to develop HTML presented to the user.<br>
|
||||
- getCategory: Returns the category for which this lesson belongs (XSS, Injection flaws..etc)<br>
|
||||
- getHints: List of hints you would like to pass on to the users to point them in the right direction.<br>
|
||||
- getTitle: The title for your new lesson.<br>
|
||||
- getCredits: Your name goes here.<br><br>
|
||||
|
||||
<!-- Stop Instructions -->
|
||||
<br>
|
||||
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
How to write a new WebGoat lesson
|
||||
Detailed instructions for adding a lesson
|
||||
|
||||
All you have to do is implement the abstract methods in LessonAdapter.
|
||||
Follow the outline below.
|
||||
|
||||
WebGoat uses the Element Construction Set from the Jakarta project.
|
||||
You should read up on the API for ECS at
|
||||
http://www.peerfear.org/alexandria/content/html/javadoc/ecs/HEAD/index.html.
|
||||
http://jakarta.apache.org/site/downloads/downloads_ecs.cgi.
|
||||
In addition you can look at the other lessons for examples of how to use the ECS.
|
||||
|
||||
|
||||
@ -16,16 +16,8 @@ Step 1: Set up the framework
|
||||
import org.apache.ecs.*;
|
||||
import org.apache.ecs.html.*;
|
||||
|
||||
/**
|
||||
* Copyright (c) 2002 Free Software Foundation developed under the
|
||||
* custody of the Open Web Application Security Project
|
||||
* (http://www.owasp.org) This software package is published by OWASP
|
||||
* under the GPL. You should read and accept the LICENSE before you
|
||||
* use, modify and/or redistribute this software.
|
||||
*
|
||||
* @author jwilliams@aspectsecurity.com
|
||||
* @created November 6, 2002
|
||||
*/
|
||||
// Add copyright text - use text from another lesson
|
||||
|
||||
public class NewLesson extends LessonAdapter
|
||||
{
|
||||
|
||||
@ -79,7 +71,8 @@ below:
|
||||
ElementContainer ec = new ElementContainer();
|
||||
try
|
||||
{
|
||||
// get some input from the user -- see ParameterParser for details
|
||||
// get some input from the user -- see ParameterParser
|
||||
// for details
|
||||
String userInput = s.getParser().getStringParameter(INPUT, "");
|
||||
|
||||
// do something with the input
|
||||
@ -93,7 +86,7 @@ below:
|
||||
|
||||
// Tell the lesson tracker the lesson has completed.
|
||||
// This should occur when the user has 'hacked' the lesson.
|
||||
getLessonTracker( s ).setCompleted( true );
|
||||
makeSuccess(s);
|
||||
|
||||
}
|
||||
catch (Exception e)
|
||||
@ -104,14 +97,15 @@ below:
|
||||
return (ec);
|
||||
}
|
||||
|
||||
ECS is quite powerful -- see the Encoding lesson for an example of how to use
|
||||
it to create a table with rows and rows of output.
|
||||
ECS is quite powerful -- see the Encoding lesson for an example of how
|
||||
to use it to create a table with rows and rows of output.
|
||||
|
||||
|
||||
Step 3: Implement the other methods
|
||||
|
||||
The other methods in the LessonAdapter class help the lesson plug into the overall
|
||||
WebGoat framework. They are simple and should only take a few minutes to implement.
|
||||
The other methods in the LessonAdapter class help the lesson plug into
|
||||
the overall WebGoat framework. They are simple and should only take a
|
||||
few minutes to implement.
|
||||
|
||||
public String getCategory()
|
||||
{
|
||||
@ -177,18 +171,9 @@ WebGoat framework. They are simple and should only take a few minutes to implem
|
||||
|
||||
Step 4: Build and test
|
||||
|
||||
Once you've implemented your new lesson, you can use ant to build and deploy
|
||||
your new web application. First you want to remove the webgoat .war *AND*
|
||||
the webgoat directory from your webapps directory. Then, from your webgoat
|
||||
directory, type:
|
||||
|
||||
> ant install
|
||||
|
||||
This will compile your new lesson and "install" the path into Tomcat.
|
||||
You only need to "install" once. If you make changes to the web application
|
||||
and want to test them, you can use:
|
||||
|
||||
> ant reload
|
||||
Once you've implemented your new lesson, you can test the lesson by
|
||||
starting the Tomcat server (within Eclipse). See the
|
||||
"HOW TO create the WebGoat workspace.txt" document in the WebGoat root.
|
||||
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user