dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: challenge 7 (#1433)

Browse Source
This commit is contained in:
Nanne Baars 2023-02-22 22:55:48 +01:00 committed by GitHub
parent 61dac201f0
commit e50986a098
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 92 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
src/it/java/org/owasp/webgoat/ChallengeIntegrationTest.java
View File

@ -7,12 +7,14 @@ import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;
import org.springframework.http.HttpStatus;
public class ChallengeIntegrationTest extends IntegrationTest {
@Test
public void testChallenge1() {
void testChallenge1() {
startLesson("Challenge1");
byte[] resultBytes =
@ -67,7 +69,7 @@ public class ChallengeIntegrationTest extends IntegrationTest {
}
@Test
public void testChallenge5() {
void testChallenge5() {
startLesson("Challenge5");
Map<String, Object> params = new HashMap<>();
@ -107,4 +109,62 @@ public class ChallengeIntegrationTest extends IntegrationTest {
.get("find { it.username == \"" + this.getUser() + "\" }.flagsCaptured");
assertTrue(capturefFlags.contains("Without password"));
}
@Test
void testChallenge7() {
startLesson("Challenge7");
cleanMailbox();
// One should first be able to download git.zip from WebGoat
RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
.get(url("/WebGoat/challenge/7/.git"))
.then()
.statusCode(200)
.extract()
.asString();
// Should send an email to WebWolf inbox this should give a hint to the link being static
RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
.formParams("email", getUser() + "@webgoat.org")
.post(url("/WebGoat/challenge/7"))
.then()
.statusCode(200)
.extract()
.asString();
// Check whether email has been received
var responseBody =
RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("WEBWOLFSESSION", getWebWolfCookie())
.get(webWolfUrl("/mail"))
.then()
.extract()
.response()
.getBody()
.asString();
Assertions.assertThat(responseBody).contains("Hi, you requested a password reset link");
// Call reset link with admin link
String result =
RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("JSESSIONID", getWebGoatCookie())
.get(url("/challenge/7/reset-password/{link}"), "375afe1104f4a487a73823c50a9292a2")
.then()
.statusCode(HttpStatus.ACCEPTED.value())
.extract()
.asString();
String flag = result.substring(result.indexOf("flag") + 6, result.indexOf("flag") + 42);
checkAssignment(url("/WebGoat/challenge/flag"), Map.of("flag", flag), true);
}
}

11
src/it/java/org/owasp/webgoat/IntegrationTest.java
View File

@ -11,6 +11,7 @@ import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.springframework.http.HttpStatus;
public abstract class IntegrationTest {
@ -252,4 +253,14 @@ public abstract class IntegrationTest {
.getBody()
.asString();
}
public void cleanMailbox() {
RestAssured.given()
.when()
.relaxedHTTPSValidation()
.cookie("WEBWOLFSESSION", getWebWolfCookie())
.delete(webWolfUrl("/mail"))
.then()
.statusCode(HttpStatus.ACCEPTED.value());
}
}

2
src/main/java/org/owasp/webgoat/lessons/challenges/SolutionConstants.java
View File

@ -32,6 +32,4 @@ public interface SolutionConstants {
// TODO should be random generated when starting the server
String PASSWORD = "!!webgoat_admin_1234!!";
String PASSWORD_TOM = "thisisasecretfortomonly";
String ADMIN_PASSWORD_LINK = "375afe1104f4a487a73823c50a9292a2";
}

11
src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java
View File

@ -9,7 +9,6 @@ import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
import org.owasp.webgoat.container.assignments.AttackResult;
import org.owasp.webgoat.lessons.challenges.Email;
import org.owasp.webgoat.lessons.challenges.Flags;
import org.owasp.webgoat.lessons.challenges.SolutionConstants;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.HttpStatus;
@ -32,6 +31,8 @@ import org.springframework.web.client.RestTemplate;
@Slf4j
public class Assignment7 extends AssignmentEndpoint {
public static final String ADMIN_PASSWORD_LINK = "375afe1104f4a487a73823c50a9292a2";
private static final String TEMPLATE =
"Hi, you requested a password reset link, please use this <a target='_blank'"
+ " href='%s:8080/WebGoat/challenge/7/reset-password/%s'>link</a> to reset your"
@ -56,15 +57,13 @@ public class Assignment7 extends AssignmentEndpoint {
@GetMapping("/challenge/7/reset-password/{link}")
public ResponseEntity<String> resetPassword(@PathVariable(value = "link") String link) {
if (link.equals(SolutionConstants.ADMIN_PASSWORD_LINK)) {
if (link.equals(ADMIN_PASSWORD_LINK)) {
return ResponseEntity.accepted()
.body(
"<h1>Success!!</h1>"
+ "<img src='/WebGoat/images/hi-five-cat.jpg'>"
+ "<br/><br/>Here is your flag: "
+ "<b>"
+ flags.getFlag(7)
+ "</b>");
+ flags.getFlag(7));
}
return ResponseEntity.status(HttpStatus.I_AM_A_TEAPOT)
.body("That is not the reset link for admin");
@ -99,6 +98,6 @@ public class Assignment7 extends AssignmentEndpoint {
@GetMapping(value = "/challenge/7/.git", produces = MediaType.APPLICATION_OCTET_STREAM_VALUE)
@ResponseBody
public ClassPathResource git() {
return new ClassPathResource("challenge7/git.zip");
return new ClassPathResource("lessons/challenges/challenge7/git.zip");
}
}

21
src/main/java/org/owasp/webgoat/webwolf/mailbox/MailboxController.java
View File

@ -23,26 +23,27 @@
package org.owasp.webgoat.webwolf.mailbox;
import java.util.List;
import lombok.AllArgsConstructor;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
@RestController
@AllArgsConstructor
@RequiredArgsConstructor
@Slf4j
public class MailboxController {
private final MailboxRepository mailboxRepository;
@GetMapping(value = "/mail")
@GetMapping("/mail")
public ModelAndView mail() {
UserDetails user =
(UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
@ -56,9 +57,15 @@ public class MailboxController {
return modelAndView;
}
@PostMapping(value = "/mail")
public ResponseEntity<?> sendEmail(@RequestBody Email email) {
@PostMapping("/mail")
@ResponseStatus(HttpStatus.CREATED)
public void sendEmail(@RequestBody Email email) {
mailboxRepository.save(email);
return ResponseEntity.status(HttpStatus.CREATED).build();
}
@DeleteMapping("/mail")
@ResponseStatus(HttpStatus.ACCEPTED)
public void deleteAllMail() {
mailboxRepository.deleteAll();
}
}