diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java b/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java index e75f5dcdf..06efc9c0f 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java @@ -30,7 +30,7 @@ */ package org.owasp.webgoat.controller; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.session.Course; import org.owasp.webgoat.session.WebSession; import org.springframework.security.core.context.SecurityContext; @@ -79,8 +79,8 @@ public class StartLesson { //GrantedAuthority authority = context.getAuthentication().getAuthorities().iterator().next(); String path = request.getRequestURL().toString(); // we now got /a/b/c/AccessControlMatrix.lesson String lessonName = path.substring(path.lastIndexOf('/') + 1, path.indexOf(".lesson")); - List lessons = course.getLessons(); - Optional lesson = lessons.stream() + List lessons = course.getLessons(); + Optional lesson = lessons.stream() .filter(l -> l.getId().equals(lessonName)) .findFirst(); ws.setCurrentLesson(lesson.get()); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Hint.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Hint.java index 2f3363d9b..f2a1fa4b0 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Hint.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Hint.java @@ -26,8 +26,7 @@ */ package org.owasp.webgoat.lessons; -import lombok.Getter; -import lombok.Setter; +import lombok.Value; /** *

Hint class.

@@ -35,12 +34,9 @@ import lombok.Setter; * @author rlawson * @version $Id: $Id */ -@Getter -@Setter +@Value public class Hint { private String hint; - private String lesson; private String assignmentPath; - private int number; } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Lesson.java similarity index 56% rename from webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java rename to webgoat-container/src/main/java/org/owasp/webgoat/lessons/Lesson.java index 16eca3f45..80828deb8 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Lesson.java @@ -1,63 +1,45 @@ -package org.owasp.webgoat.lessons; - -import com.google.common.collect.Lists; -import lombok.Setter; -import org.owasp.webgoat.session.Screen; - -import java.util.List; - -/** - * ************************************************************************************************ - *

- *

- * This file is part of WebGoat, an Open Web Application Security Project utility. For details, - * please see http://www.owasp.org/ - *

- * Copyright (c) 2002 - 20014 Bruce Mayhew - *

+/* + * This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/ + * + * Copyright (c) 2002 - 2019 Bruce Mayhew + * * This program is free software; you can redistribute it and/or modify it under the terms of the * GNU General Public License as published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. - *

+ * * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. - *

+ * * You should have received a copy of the GNU General Public License along with this program; if * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * 02111-1307, USA. - *

- * Getting Source ============== - *

- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software - * projects. * - * @author Bruce Mayhew WebGoat - * @version $Id: $Id - * @since October 28, 2003 + * Getting Source ============== + * + * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -public abstract class AbstractLesson extends Screen implements Comparable { + +package org.owasp.webgoat.lessons; + +import lombok.Getter; +import lombok.Setter; +import lombok.Singular; + +import java.util.List; + +@Getter +@Setter +public abstract class Lesson { private static int count = 1; - private Integer id = null; - - private Integer ranking; - - @Setter private List assignments; - public List getAssignments() { - if (assignments == null) { - return Lists.newArrayList(); - } - return assignments; - } - /** * Constructor for the Lesson object */ - public AbstractLesson() { + public Lesson() { id = ++count; } @@ -72,34 +54,6 @@ public abstract class AbstractLesson extends Screen implements ComparableSetter for the field ranking.

- * - * @param ranking a {@link java.lang.Integer} object. - */ - public void setRanking(Integer ranking) { - this.ranking = ranking; - } - - - /** - * {@inheritDoc} - *

- * Description of the Method - */ - public int compareTo(Object obj) { - return this.getRanking().compareTo(((AbstractLesson) obj).getRanking()); - } - - /** - * {@inheritDoc} - *

- * Description of the Method - */ - public boolean equals(Object obj) { - return this.getScreenId() == ((AbstractLesson) obj).getScreenId(); - } - /** * Gets the category attribute of the Lesson object * @@ -109,13 +63,6 @@ public abstract class AbstractLesson extends Screen implements ComparablegetDefaultRanking.

- * - * @return a {@link java.lang.Integer} object. - */ - protected abstract Integer getDefaultRanking(); - /** *

getDefaultCategory.

* @@ -123,29 +70,6 @@ public abstract class AbstractLesson extends Screen implements ComparablegetDefaultHidden.

- * - * @return a boolean. - */ - protected abstract boolean getDefaultHidden(); - - /** - * Gets the hintCount attribute of the Lesson object - * - * @return The hintCount value - */ - public int getHintCount() { - return getHints().size(); - } - - /** - *

getHints.

- * - * @return a {@link java.util.List} object. - */ - public abstract List getHints(); - /** * Gets the title attribute of the HelloScreen object * @@ -153,28 +77,6 @@ public abstract class AbstractLesson extends Screen implements ComparableReturns the default "path" portion of a lesson's URL.

*

@@ -218,5 +120,4 @@ public abstract class AbstractLesson extends Screen implements ComparableWebGoat - * @since October 28, 2003 - * @version $Id: $Id - */ -package org.owasp.webgoat.lessons; - -//// TODO: 11/8/2016 remove -public abstract class LessonAdapter extends AbstractLesson { - - - /** - *

getDefaultHidden.

- * - * @return a boolean. - */ - protected boolean getDefaultHidden() { - return false; - } - - /** - * Initiates lesson restart functionality. Lessons should override this for - * lesson specific actions - */ - public void restartLesson() { - // Do Nothing - called when restart lesson is pressed. Each lesson can do something - } - - private final static Integer DEFAULT_RANKING = 1000; - - /** - *

getDefaultRanking.

- * - * @return a {@link java.lang.Integer} object. - */ - protected Integer getDefaultRanking() { - return DEFAULT_RANKING; - } - - /** - * provide a default submitMethod of lesson does not implement - * - * @return a {@link java.lang.String} object. - */ - public String getSubmitMethod() { - return "GET"; - } - - /** - * Fill in a descriptive title for this lesson. The title of the lesson. - * This will appear above the control area at the top of the page. This - * field will be rendered as html. - * - * @return The title value - */ - public String getTitle() { - return "Untitled Lesson " + getScreenId(); - } - - -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/CourseConfiguration.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/CourseConfiguration.java index d7cdad692..c9629c975 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/CourseConfiguration.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/CourseConfiguration.java @@ -27,9 +27,8 @@ import org.apache.commons.lang3.ArrayUtils; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.lessons.Assignment; -import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.session.Course; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -40,7 +39,6 @@ import org.springframework.web.bind.annotation.PutMapping; import org.springframework.web.bind.annotation.RequestMapping; import java.lang.reflect.Method; -import java.util.Arrays; import java.util.List; import java.util.Map; @@ -51,11 +49,11 @@ import static java.util.stream.Collectors.toList; @Configuration public class CourseConfiguration { - private final List lessons; + private final List lessons; private final List assignments; private final Map> assignmentsByPackage; - public CourseConfiguration(List lessons, List assignments) { + public CourseConfiguration(List lessons, List assignments) { this.lessons = lessons; this.assignments = assignments; assignmentsByPackage = this.assignments.stream().collect(groupingBy(a -> a.getClass().getPackageName())); @@ -67,7 +65,7 @@ public class CourseConfiguration { return new Course(lessons); } - private List createAssignment(AbstractLesson lesson) { + private List createAssignment(Lesson lesson) { var endpoints = assignmentsByPackage.get(lesson.getClass().getPackageName()); if (CollectionUtils.isEmpty(endpoints)) { log.warn("Lesson: {} has no endpoints, is this intentionally?", lesson.getTitle()); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginResource.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginResource.java deleted file mode 100644 index 1acdd6097..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginResource.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.owasp.webgoat.plugins; - -import lombok.AllArgsConstructor; -import lombok.Getter; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.lessons.NewLesson; - -import java.net.URL; -import java.util.List; -import java.util.stream.Collectors; - -@AllArgsConstructor -@Getter -public class PluginResource { - - private final URL location; - private final List classes; - - public List getLessons() { - return classes.stream().filter(c -> c.getSuperclass() == NewLesson.class).collect(Collectors.toList()); - } - - public List> getAssignments(Class lesson) { - return classes.stream(). - filter(c -> c.getSuperclass() == AssignmentEndpoint.class). - filter(c -> c.getPackage().equals(lesson.getPackage())). - map(c -> (Class) c). - collect(Collectors.toList()); - } - - -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/HintService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/HintService.java index f6d290aed..b0743f865 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/HintService.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/HintService.java @@ -5,10 +5,9 @@ */ package org.owasp.webgoat.service; -import com.google.common.collect.Lists; -import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.Hint; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.session.WebSession; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.ResponseBody; @@ -41,42 +40,22 @@ public class HintService { */ @GetMapping(path = URL_HINTS_MVC, produces = "application/json") @ResponseBody - public List showHint() { - AbstractLesson l = webSession.getCurrentLesson(); - List hints = createLessonHints(l); - hints.addAll(createAssignmentHints(l)); - return hints; - + public List getHints() { + Lesson l = webSession.getCurrentLesson(); + return createAssignmentHints(l); } - private List createLessonHints(AbstractLesson l) { - if ( l != null ) { - return l.getHints().stream().map(h -> createHint(h, l.getName(), null)).collect(toList()); + private List createAssignmentHints(Lesson l) { + if (l != null) { + return l.getAssignments().stream() + .map(a -> createHint(a)) + .flatMap(hints -> hints.stream()) + .collect(toList()); } - return Lists.newArrayList(); + return List.of(); } - private List createAssignmentHints(AbstractLesson l) { - List hints = Lists.newArrayList(); - if ( l != null) { - List assignments = l.getAssignments(); - assignments.stream().forEach(a -> { a.getHints(); createHints(a, hints);}); - } - return hints; - } - - private void createHints(Assignment a, List hints) { - hints.addAll(a.getHints().stream().map(h -> createHint(h, null, a.getPath())).collect(toList())); - } - - private Hint createHint(String hintText, String lesson, String assignmentName) { - Hint hint = new Hint(); - hint.setHint(hintText); - if (lesson != null) { - hint.setLesson(lesson); - } else { - hint.setAssignmentPath(assignmentName); - } - return hint; + private List createHint(Assignment a) { + return a.getHints().stream().map(h -> new Hint(h, a.getPath())).collect(toList()); } } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonInfoService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonInfoService.java index 927868f3e..9396e0225 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonInfoService.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonInfoService.java @@ -1,7 +1,7 @@ package org.owasp.webgoat.service; import lombok.AllArgsConstructor; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.lessons.LessonInfoModel; import org.owasp.webgoat.session.WebSession; import org.springframework.web.bind.annotation.RequestMapping; @@ -29,7 +29,7 @@ public class LessonInfoService { @RequestMapping(path = "/service/lessoninfo.mvc", produces = "application/json") public @ResponseBody LessonInfoModel getLessonInfo() { - AbstractLesson lesson = webSession.getCurrentLesson(); + Lesson lesson = webSession.getCurrentLesson(); return new LessonInfoModel(lesson.getTitle(), false, false, false); } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java index 25b1e617e..62864d562 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java @@ -29,7 +29,7 @@ package org.owasp.webgoat.service; import lombok.AllArgsConstructor; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.LessonMenuItem; import org.owasp.webgoat.lessons.LessonMenuItemType; @@ -43,7 +43,6 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import java.util.ArrayList; -import java.util.Collections; import java.util.Comparator; import java.util.List; import java.util.stream.Collectors; @@ -81,13 +80,12 @@ public class LessonMenuService { categoryItem.setName(category.getName()); categoryItem.setType(LessonMenuItemType.CATEGORY); // check for any lessons for this category - List lessons = course.getLessons(category); + List lessons = course.getLessons(category); lessons = lessons.stream().sorted(Comparator.comparing(l -> l.getTitle())).collect(Collectors.toList()); - for (AbstractLesson lesson : lessons) { + for (Lesson lesson : lessons) { LessonMenuItem lessonItem = new LessonMenuItem(); lessonItem.setName(lesson.getTitle()); lessonItem.setLink(lesson.getLink()); - lessonItem.setRanking(lesson.getRanking()); lessonItem.setType(LessonMenuItemType.LESSON); LessonTracker lessonTracker = userTracker.getLessonTracker(lesson); lessonItem.setComplete(lessonTracker.isLessonSolved()); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java index cba3a1017..52b02542e 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java @@ -4,7 +4,7 @@ import com.google.common.collect.Lists; import com.google.common.collect.Maps; import lombok.AllArgsConstructor; import lombok.Getter; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.LessonInfoModel; import org.owasp.webgoat.session.WebSession; @@ -66,7 +66,7 @@ public class LessonProgressService { @ResponseBody public List lessonOverview() { UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName()); - AbstractLesson currentLesson = webSession.getCurrentLesson(); + Lesson currentLesson = webSession.getCurrentLesson(); List result = Lists.newArrayList(); if ( currentLesson != null ) { LessonTracker lessonTracker = userTracker.getLessonTracker(currentLesson); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonTitleService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonTitleService.java index c3d7a82b5..40d4e9459 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonTitleService.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonTitleService.java @@ -1,6 +1,6 @@ package org.owasp.webgoat.service; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.session.WebSession; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -31,7 +31,7 @@ public class LessonTitleService { public @ResponseBody String showPlan() { - AbstractLesson lesson = webSession.getCurrentLesson(); + Lesson lesson = webSession.getCurrentLesson(); return lesson != null ? lesson.getTitle() : ""; } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java index 8dfa40fef..c382e2947 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java @@ -33,7 +33,7 @@ import lombok.AllArgsConstructor; import lombok.Getter; import lombok.Setter; import org.owasp.webgoat.i18n.PluginMessages; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.session.Course; import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.users.LessonTracker; @@ -73,7 +73,7 @@ public class ReportCardService { reportCard.setTotalNumberOfAssignments(course.getTotalOfAssignments()); reportCard.setNumberOfAssignmentsSolved(userTracker.numberOfAssignmentsSolved()); reportCard.setNumberOfLessonsSolved(userTracker.numberOfLessonsSolved()); - for (AbstractLesson lesson : lessons) { + for (Lesson lesson : lessons) { LessonTracker lessonTracker = userTracker.getLessonTracker(lesson); LessonStatistics lessonStatistics = new LessonStatistics(); lessonStatistics.setName(pluginMessages.getMessage(lesson.getTitle())); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java index b207b4ce1..b2f503f48 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java @@ -25,7 +25,7 @@ package org.owasp.webgoat.service; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.users.UserTracker; import org.owasp.webgoat.users.UserTrackerRepository; @@ -56,7 +56,7 @@ public class RestartLessonService { @RequestMapping(path = "/service/restartlesson.mvc", produces = "text/text") @ResponseStatus(value = HttpStatus.OK) public void restartLesson() { - AbstractLesson al = webSession.getCurrentLesson(); + Lesson al = webSession.getCurrentLesson(); log.debug("Restarting lesson: " + al); UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName()); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java index a01c1265b..b4ede6ed3 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java @@ -1,7 +1,7 @@ package org.owasp.webgoat.session; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.lessons.Category; import java.util.List; @@ -41,9 +41,9 @@ import static java.util.stream.Collectors.toList; @Slf4j public class Course { - private List lessons; + private List lessons; - public Course(List lessons) { + public Course(List lessons) { this.lessons = lessons; } @@ -61,7 +61,7 @@ public class Course { * * @return The firstLesson value */ - public AbstractLesson getFirstLesson() { + public Lesson getFirstLesson() { // Category 0 is the admin function. We want the first real category // to be returned. This is normally the General category and the Http Basics lesson return getLessons(getCategories().get(0)).get(0); @@ -72,7 +72,7 @@ public class Course { * * @return a {@link java.util.List} object. */ - public List getLessons() { + public List getLessons() { return this.lessons; } @@ -82,11 +82,11 @@ public class Course { * @param category a {@link org.owasp.webgoat.lessons.Category} object. * @return a {@link java.util.List} object. */ - public List getLessons(Category category) { - return this.lessons.stream().filter(l -> l.getCategory() == category).sorted().collect(toList()); + public List getLessons(Category category) { + return this.lessons.stream().filter(l -> l.getCategory() == category).collect(toList()); } - public void setLessons(List lessons) { + public void setLessons(List lessons) { this.lessons = lessons; } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/Screen.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/Screen.java deleted file mode 100644 index fae5c7fe7..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/Screen.java +++ /dev/null @@ -1,53 +0,0 @@ -package org.owasp.webgoat.session; - -/** - * ************************************************************************************************* - * - * - * This file is part of WebGoat, an Open Web Application Security Project - * utility. For details, please see http://www.owasp.org/ - * - * Copyright (c) 2002 - 20014 Bruce Mayhew - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free Software - * Foundation; either version 2 of the License, or (at your option) any later - * version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more - * details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 59 Temple - * Place - Suite 330, Boston, MA 02111-1307, USA. - * - * Getting Source ============== - * - * Source for this application is maintained at - * https://github.com/WebGoat/WebGoat, a repository for free software projects. - * - * @author Jeff Williams Aspect - * Security - * @since October 28, 2003 - * @version $Id: $Id - */ -public abstract class Screen { - - /** - * Constructor for the Screen object - */ - public Screen() { - } - - - /** - * Fill in a descriptive title for this lesson - * - * @return The title value - */ - public abstract String getTitle(); - - -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java index 33196575a..b1088b377 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java @@ -1,7 +1,7 @@ package org.owasp.webgoat.session; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.users.WebGoatUser; import org.springframework.security.core.context.SecurityContextHolder; @@ -42,7 +42,7 @@ public class WebSession { private final WebGoatUser currentUser; private final WebgoatContext webgoatContext; - private AbstractLesson currentLesson; + private Lesson currentLesson; /** * Constructor for the WebSession object @@ -79,16 +79,16 @@ public class WebSession { * * @param lesson current lesson */ - public void setCurrentLesson(AbstractLesson lesson) { + public void setCurrentLesson(Lesson lesson) { this.currentLesson = lesson; } /** *

getCurrentLesson.

* - * @return a {@link org.owasp.webgoat.lessons.AbstractLesson} object. + * @return a {@link Lesson} object. */ - public AbstractLesson getCurrentLesson() { + public Lesson getCurrentLesson() { return this.currentLesson; } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java b/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java index 7d1d5d859..639b32e02 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java @@ -1,10 +1,9 @@ package org.owasp.webgoat.users; -import com.google.common.collect.Lists; import com.google.common.collect.Sets; import lombok.Getter; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.lessons.Assignment; import javax.persistence.*; @@ -64,9 +63,9 @@ public class LessonTracker { //JPA } - public LessonTracker(AbstractLesson lesson) { + public LessonTracker(Lesson lesson) { lessonName = lesson.getId(); - allAssignments.addAll(lesson.getAssignments()); + allAssignments.addAll(lesson.getAssignments() == null ? List.of() : lesson.getAssignments()); } public Optional getAssignment(String name) { diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java index 1cc4920ea..675650e2a 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java @@ -1,14 +1,12 @@ package org.owasp.webgoat.users; -import com.google.common.collect.Lists; import com.google.common.collect.Sets; import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.lessons.Assignment; import javax.persistence.*; -import java.util.List; import java.util.Map; import java.util.Optional; import java.util.Set; @@ -69,7 +67,7 @@ public class UserTracker { * @param lesson the lesson * @return a lesson tracker created if not already present */ - public LessonTracker getLessonTracker(AbstractLesson lesson) { + public LessonTracker getLessonTracker(Lesson lesson) { Optional lessonTracker = lessonTrackers .stream().filter(l -> l.getLessonName().equals(lesson.getId())).findFirst(); if (!lessonTracker.isPresent()) { @@ -91,18 +89,18 @@ public class UserTracker { return lessonTrackers.stream().filter(l -> l.getLessonName().equals(id)).findFirst(); } - public void assignmentSolved(AbstractLesson lesson, String assignmentName) { + public void assignmentSolved(Lesson lesson, String assignmentName) { LessonTracker lessonTracker = getLessonTracker(lesson); lessonTracker.incrementAttempts(); lessonTracker.assignmentSolved(assignmentName); } - public void assignmentFailed(AbstractLesson lesson) { + public void assignmentFailed(Lesson lesson) { LessonTracker lessonTracker = getLessonTracker(lesson); lessonTracker.incrementAttempts(); } - public void reset(AbstractLesson al) { + public void reset(Lesson al) { LessonTracker lessonTracker = getLessonTracker(al); lessonTracker.reset(); } diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/assignments/AssignmentEndpointTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/assignments/AssignmentEndpointTest.java index 06eaca861..bd2d33b4f 100644 --- a/webgoat-container/src/test/java/org/owasp/webgoat/assignments/AssignmentEndpointTest.java +++ b/webgoat-container/src/test/java/org/owasp/webgoat/assignments/AssignmentEndpointTest.java @@ -39,7 +39,7 @@ import org.springframework.web.servlet.i18n.FixedLocaleResolver; import java.util.Locale; import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Matchers.anyString; +import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.Mockito.when; public class AssignmentEndpointTest { diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/service/HintServiceTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/service/HintServiceTest.java index 7dcf0a3c3..a9aa3f1e0 100644 --- a/webgoat-container/src/test/java/org/owasp/webgoat/service/HintServiceTest.java +++ b/webgoat-container/src/test/java/org/owasp/webgoat/service/HintServiceTest.java @@ -8,12 +8,14 @@ import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.session.WebSession; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; +import java.util.List; + import static org.mockito.Mockito.when; import static org.owasp.webgoat.service.HintService.URL_HINTS_MVC; import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; @@ -28,24 +30,15 @@ public class HintServiceTest { @Mock private WebSession websession; @Mock - private AbstractLesson lesson; + private Lesson lesson; + @Mock + private Assignment assignment; @Before public void setup() { this.mockMvc = standaloneSetup(new HintService(websession)).build(); } - @Test - public void onlyHintsOnLesson() throws Exception { - when(lesson.getName()).thenReturn("Test lesson"); - when(lesson.getHints()).thenReturn(Lists.newArrayList("hint 1", "hint 2")); - when(websession.getCurrentLesson()).thenReturn(lesson); - mockMvc.perform(MockMvcRequestBuilders.get(URL_HINTS_MVC)) - .andExpect(status().isOk()) - .andExpect(jsonPath("$[0].hint", CoreMatchers.is("hint 1"))) - .andExpect(jsonPath("$[0].lesson", CoreMatchers.is("Test lesson"))); - } - @Test public void hintsPerAssignment() throws Exception { Assignment assignment = Mockito.mock(Assignment.class); @@ -54,7 +47,7 @@ public class HintServiceTest { when(lesson.getAssignments()).thenReturn(Lists.newArrayList(assignment)); when(websession.getCurrentLesson()).thenReturn(lesson); mockMvc.perform(MockMvcRequestBuilders.get(URL_HINTS_MVC)) - .andExpect(status().isOk()).andDo(print()) + .andExpect(status().isOk()) .andExpect(jsonPath("$[0].hint", CoreMatchers.is("hint 1"))) .andExpect(jsonPath("$[0].assignmentPath", CoreMatchers.is("/HttpBasics/attack1"))); } diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonMenuServiceTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonMenuServiceTest.java index ee62ad4bd..0d2482175 100644 --- a/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonMenuServiceTest.java +++ b/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonMenuServiceTest.java @@ -29,9 +29,8 @@ import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; -import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.session.Course; import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.users.LessonTracker; @@ -40,8 +39,7 @@ import org.owasp.webgoat.users.UserTrackerRepository; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -import static org.mockito.Matchers.any; -import static org.mockito.Matchers.anyString; +import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.when; import static org.owasp.webgoat.service.LessonMenuService.URL_LESSONMENU_MVC; import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; @@ -71,14 +69,14 @@ public class LessonMenuServiceTest { @Test public void lessonsShouldBeOrdered() throws Exception { - NewLesson l1 = Mockito.mock(NewLesson.class); - NewLesson l2 = Mockito.mock(NewLesson.class); + Lesson l1 = Mockito.mock(Lesson.class); + Lesson l2 = Mockito.mock(Lesson.class); when(l1.getTitle()).thenReturn("ZA"); when(l2.getTitle()).thenReturn("AA"); when(lessonTracker.isLessonSolved()).thenReturn(false); when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1, l2)); when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL)); - when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker); + when(userTracker.getLessonTracker(any(Lesson.class))).thenReturn(lessonTracker); when(userTrackerRepository.findByUser(any())).thenReturn(userTracker); mockMvc.perform(MockMvcRequestBuilders.get(URL_LESSONMENU_MVC)) @@ -89,12 +87,12 @@ public class LessonMenuServiceTest { @Test public void lessonCompleted() throws Exception { - NewLesson l1 = Mockito.mock(NewLesson.class); + Lesson l1 = Mockito.mock(Lesson.class); when(l1.getTitle()).thenReturn("ZA"); when(lessonTracker.isLessonSolved()).thenReturn(true); when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1)); when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL)); - when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker); + when(userTracker.getLessonTracker(any(Lesson.class))).thenReturn(lessonTracker); when(userTrackerRepository.findByUser(any())).thenReturn(userTracker); mockMvc.perform(MockMvcRequestBuilders.get(URL_LESSONMENU_MVC)) diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonProgressServiceTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonProgressServiceTest.java index 9b8427938..9dad43bdd 100644 --- a/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonProgressServiceTest.java +++ b/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonProgressServiceTest.java @@ -6,7 +6,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.runners.MockitoJUnitRunner; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.users.LessonTracker; @@ -20,8 +20,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders; import java.util.List; import static org.hamcrest.CoreMatchers.is; -import static org.mockito.Matchers.any; -import static org.mockito.Matchers.anyString; +import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -61,7 +60,7 @@ public class LessonProgressServiceTest { private MockMvc mockMvc; @Mock - private AbstractLesson lesson; + private Lesson lesson; @Mock private UserTracker userTracker; @Mock @@ -75,7 +74,7 @@ public class LessonProgressServiceTest { public void setup() { Assignment assignment = new Assignment("test", "test", List.of()); when(userTrackerRepository.findByUser(any())).thenReturn(userTracker); - when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker); + when(userTracker.getLessonTracker(any(Lesson.class))).thenReturn(lessonTracker); when(websession.getCurrentLesson()).thenReturn(lesson); when(lessonTracker.getLessonOverview()).thenReturn(Maps.newHashMap(assignment, true)); this.mockMvc = MockMvcBuilders.standaloneSetup(new LessonProgressService(userTrackerRepository, websession)).build(); diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/service/ReportCardServiceTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/service/ReportCardServiceTest.java index 17e657330..4e00e7db7 100644 --- a/webgoat-container/src/test/java/org/owasp/webgoat/service/ReportCardServiceTest.java +++ b/webgoat-container/src/test/java/org/owasp/webgoat/service/ReportCardServiceTest.java @@ -1,13 +1,12 @@ package org.owasp.webgoat.service; -import com.beust.jcommander.internal.Lists; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.junit.MockitoJUnitRunner; import org.owasp.webgoat.i18n.PluginMessages; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.session.Course; import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.users.LessonTracker; @@ -20,8 +19,8 @@ import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import java.util.List; import static org.hamcrest.CoreMatchers.is; -import static org.mockito.Matchers.any; -import static org.mockito.Matchers.anyString; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -36,7 +35,7 @@ public class ReportCardServiceTest { @Mock private UserTracker userTracker; @Mock - private AbstractLesson lesson; + private Lesson lesson; @Mock private LessonTracker lessonTracker; @Mock @@ -60,7 +59,7 @@ public class ReportCardServiceTest { when(course.getTotalOfAssignments()).thenReturn(10); when(course.getLessons()).thenAnswer(x -> List.of(lesson)); when(userTrackerRepository.findByUser(any())).thenReturn(userTracker); - when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker); + when(userTracker.getLessonTracker(any(Lesson.class))).thenReturn(lessonTracker); mockMvc.perform(MockMvcRequestBuilders.get("/service/reportcard.mvc")) .andExpect(status().isOk()) .andExpect(jsonPath("$.totalNumberOfLessons", is(1))) diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/session/LessonTrackerTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/session/LessonTrackerTest.java index 10a2d2ce4..efec099cf 100644 --- a/webgoat-container/src/test/java/org/owasp/webgoat/session/LessonTrackerTest.java +++ b/webgoat-container/src/test/java/org/owasp/webgoat/session/LessonTrackerTest.java @@ -2,7 +2,7 @@ package org.owasp.webgoat.session; import com.google.common.collect.Lists; import org.junit.Test; -import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.Lesson; import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.users.LessonTracker; @@ -47,7 +47,7 @@ public class LessonTrackerTest { @Test public void allAssignmentsSolvedShouldMarkLessonAsComplete() { - AbstractLesson lesson = mock(AbstractLesson.class); + Lesson lesson = mock(Lesson.class); when(lesson.getAssignments()).thenReturn(Lists.newArrayList(new Assignment("assignment", "assignment", List.of("")))); LessonTracker lessonTracker = new LessonTracker(lesson); lessonTracker.assignmentSolved("assignment"); @@ -57,7 +57,7 @@ public class LessonTrackerTest { @Test public void noAssignmentsSolvedShouldMarkLessonAsInComplete() { - AbstractLesson lesson = mock(AbstractLesson.class); + Lesson lesson = mock(Lesson.class); Assignment a1 = new Assignment("a1"); Assignment a2 = new Assignment("a2"); List assignments = Lists.newArrayList(a1, a2); @@ -72,7 +72,7 @@ public class LessonTrackerTest { @Test public void solvingSameAssignmentShouldNotAddItTwice() { - AbstractLesson lesson = mock(AbstractLesson.class); + Lesson lesson = mock(Lesson.class); Assignment a1 = new Assignment("a1"); List assignments = Lists.newArrayList(a1); when(lesson.getAssignments()).thenReturn(assignments); diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/users/UserServiceTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserServiceTest.java index b4128f79a..5b0619398 100644 --- a/webgoat-container/src/test/java/org/owasp/webgoat/users/UserServiceTest.java +++ b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserServiceTest.java @@ -3,7 +3,7 @@ package org.owasp.webgoat.users; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; -import org.mockito.runners.MockitoJUnitRunner; +import org.mockito.junit.MockitoJUnitRunner; import org.springframework.security.core.userdetails.UsernameNotFoundException; import static org.mockito.Matchers.any; @@ -24,5 +24,4 @@ public class UserServiceTest { UserService userService = new UserService(userRepository, userTrackerRepository); userService.loadUserByUsername("unknown"); } - } \ No newline at end of file diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/users/UserTrackerRepositoryTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserTrackerRepositoryTest.java index 142a6c8c7..2ebcb61ae 100644 --- a/webgoat-container/src/test/java/org/owasp/webgoat/users/UserTrackerRepositoryTest.java +++ b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserTrackerRepositoryTest.java @@ -6,7 +6,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest; import org.springframework.test.context.junit4.SpringRunner; @@ -17,23 +17,13 @@ import java.util.List; @RunWith(SpringRunner.class) public class UserTrackerRepositoryTest { - private class TestLesson extends NewLesson { + private class TestLesson extends Lesson { @Override public Category getDefaultCategory() { return Category.AJAX_SECURITY; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 12; - } - @Override public String getTitle() { return "test"; diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java index c2f767e44..f88a50e44 100644 --- a/webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java +++ b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java @@ -3,7 +3,7 @@ package org.owasp.webgoat.users; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; -import org.mockito.runners.MockitoJUnitRunner; +import org.mockito.junit.MockitoJUnitRunner; import org.springframework.validation.BeanPropertyBindingResult; import org.springframework.validation.Errors; diff --git a/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AccountVerificationHelper.java b/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AccountVerificationHelper.java index 8fa85b097..0d0032d5d 100644 --- a/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AccountVerificationHelper.java +++ b/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AccountVerificationHelper.java @@ -31,7 +31,7 @@ import java.util.Map; public class AccountVerificationHelper { //simulating database storage of verification credentials - private static final Integer verifyUserId = new Integer(1223445); + private static final Integer verifyUserId = 1223445; private static final Map userSecQuestions = new HashMap<>(); static { userSecQuestions.put("secQuestion0","Dr. Watson"); diff --git a/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AuthBypass.java b/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AuthBypass.java index f7b69eb37..47d3ab822 100644 --- a/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AuthBypass.java +++ b/webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AuthBypass.java @@ -22,31 +22,18 @@ package org.owasp.webgoat.auth_bypass; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - @Component -public class AuthBypass extends NewLesson { +public class AuthBypass extends Lesson { @Override public Category getDefaultCategory() { return Category.AUTHENTICATION; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 30; - } - @Override public String getTitle() { return "auth-bypass.title"; diff --git a/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictions.java b/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictions.java index 49bee5c45..460b5f8fb 100644 --- a/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictions.java +++ b/webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictions.java @@ -22,30 +22,17 @@ package org.owasp.webgoat.bypass_restrictions; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - @Component -public class BypassRestrictions extends NewLesson { +public class BypassRestrictions extends Lesson { @Override public Category getDefaultCategory() { return Category.CLIENT_SIDE; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 2; - } - @Override public String getTitle() { return "bypass-restrictions.title"; diff --git a/webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java b/webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java index a18bd3620..6cc54799c 100644 --- a/webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java +++ b/webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java @@ -4,6 +4,7 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -20,9 +21,12 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @RunWith(SpringJUnit4ClassRunner.class) public class BypassRestrictionsFrontendValidationTest extends LessonTest { + @Autowired + private BypassRestrictions bypassRestrictions; + @Before public void setup() { - when(webSession.getCurrentLesson()).thenReturn(new BypassRestrictions()); + when(webSession.getCurrentLesson()).thenReturn(bypassRestrictions); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); } diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/ChallengeIntro.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/ChallengeIntro.java index e05406ff7..9afdb83d4 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/ChallengeIntro.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/ChallengeIntro.java @@ -1,32 +1,19 @@ package org.owasp.webgoat.challenges; -import com.google.common.collect.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; - -import java.util.List; +import org.owasp.webgoat.lessons.Lesson; /** * @author nbaars * @since 3/21/17. */ -public class ChallengeIntro extends NewLesson { +public class ChallengeIntro extends Lesson { @Override public Category getDefaultCategory() { return Category.CHALLENGE; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 10; - } - @Override public String getTitle() { return "challenge0.title"; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Challenge1.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Challenge1.java index 84ba33f06..20945ca7f 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Challenge1.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Challenge1.java @@ -1,34 +1,21 @@ package org.owasp.webgoat.challenges.challenge1; -import com.google.common.collect.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * @author nbaars * @since 3/21/17. */ @Component -public class Challenge1 extends NewLesson { +public class Challenge1 extends Lesson { @Override public Category getDefaultCategory() { return Category.CHALLENGE; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 10; - } - @Override public String getTitle() { return "challenge1.title"; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Challenge5.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Challenge5.java index 24cd89320..0c97011d7 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Challenge5.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Challenge5.java @@ -22,35 +22,22 @@ package org.owasp.webgoat.challenges.challenge5; -import com.google.common.collect.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * @author nbaars * @since 3/21/17. */ @Component -public class Challenge5 extends NewLesson { +public class Challenge5 extends Lesson { @Override public Category getDefaultCategory() { return Category.CHALLENGE; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 10; - } - @Override public String getTitle() { return "challenge5.title"; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge6/Challenge6.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge6/Challenge6.java index 158677234..1dc3544b3 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge6/Challenge6.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge6/Challenge6.java @@ -1,34 +1,21 @@ package org.owasp.webgoat.challenges.challenge6; -import com.google.common.collect.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * @author nbaars * @since 3/21/17. */ @Component -public class Challenge6 extends NewLesson { +public class Challenge6 extends Lesson { @Override public Category getDefaultCategory() { return Category.CHALLENGE; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 10; - } - @Override public String getTitle() { return "challenge6.title"; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Challenge7.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Challenge7.java index dfde3c74a..75f96c85f 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Challenge7.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Challenge7.java @@ -1,34 +1,21 @@ package org.owasp.webgoat.challenges.challenge7; -import com.google.common.collect.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * @author nbaars * @since 3/21/17. */ @Component -public class Challenge7 extends NewLesson { +public class Challenge7 extends Lesson { @Override public Category getDefaultCategory() { return Category.CHALLENGE; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 10; - } - @Override public String getTitle() { return "challenge7.title"; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge8/Challenge8.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge8/Challenge8.java index 0f576ad30..51f23beb2 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge8/Challenge8.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge8/Challenge8.java @@ -1,34 +1,21 @@ package org.owasp.webgoat.challenges.challenge8; -import com.google.common.collect.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * @author nbaars * @since 3/21/17. */ @Component -public class Challenge8 extends NewLesson { +public class Challenge8 extends Lesson { @Override public Category getDefaultCategory() { return Category.CHALLENGE; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 10; - } - @Override public String getTitle() { return "challenge8.title"; diff --git a/webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevTools.java b/webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevTools.java index 5c478d0ba..79fb9370d 100644 --- a/webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevTools.java +++ b/webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevTools.java @@ -22,35 +22,22 @@ package org.owasp.webgoat.chrome_dev_tools; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * @author TMelzer * @since 30.11.18 */ @Component -public class ChromeDevTools extends NewLesson { +public class ChromeDevTools extends Lesson { @Override public Category getDefaultCategory() { return Category.GENERAL; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 4; - } - @Override public String getTitle() { return "chrome-dev-tools.title"; diff --git a/webgoat-lessons/chrome-dev-tools/src/test/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevToolsTest.java b/webgoat-lessons/chrome-dev-tools/src/test/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevToolsTest.java index 2829d57c3..677976e49 100644 --- a/webgoat-lessons/chrome-dev-tools/src/test/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevToolsTest.java +++ b/webgoat-lessons/chrome-dev-tools/src/test/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevToolsTest.java @@ -17,6 +17,7 @@ import static org.hamcrest.CoreMatchers.is; import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + /** * @author Benedikt Stuhrmann * @since 13/03/19. @@ -25,18 +26,16 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. public class ChromeDevToolsTest extends LessonTest { @Autowired - private WebgoatContext context; + private ChromeDevTools cdt; @Before public void setup() { - ChromeDevTools cdt = new ChromeDevTools(); when(webSession.getCurrentLesson()).thenReturn(cdt); - when(webSession.getWebgoatContext()).thenReturn(context); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); } @Test - public void NetworkAssignmentTest_Success() throws Exception{ + public void NetworkAssignmentTest_Success() throws Exception { mockMvc.perform(MockMvcRequestBuilders.post("/ChromeDevTools/network") .param("network_num", "123456") .param("number", "123456")) diff --git a/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIA.java b/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIA.java index 671e3b56a..74e9147f9 100644 --- a/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIA.java +++ b/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIA.java @@ -1,34 +1,21 @@ package org.owasp.webgoat.cia; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * @author BenediktStuhrmann * @since 11/2/18. */ @Component -public class CIA extends NewLesson { +public class CIA extends Lesson { @Override public Category getDefaultCategory() { return Category.GENERAL; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 3; - } - @Override public String getTitle() { return "cia.title"; @@ -38,4 +25,4 @@ public class CIA extends NewLesson { public String getId() { return "CIA"; } -} +} \ No newline at end of file diff --git a/webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java b/webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java index e8e3fe576..6618a349e 100644 --- a/webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java +++ b/webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java @@ -24,13 +24,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. public class CIAQuizTest extends LessonTest { @Autowired - private WebgoatContext context; + private CIA cia; @Before public void setup() { - CIA cia = new CIA(); when(webSession.getCurrentLesson()).thenReturn(cia); - when(webSession.getWebgoatContext()).thenReturn(context); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); } diff --git a/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFiltering.java b/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFiltering.java index 0cc46b5a9..1d84974e3 100644 --- a/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFiltering.java +++ b/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFiltering.java @@ -1,12 +1,9 @@ package org.owasp.webgoat.client_side_filtering; -import com.google.common.collect.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * ************************************************************************************************ * This file is part of WebGoat, an Open Web Application Security Project utility. For details, @@ -37,25 +34,13 @@ import java.util.List; * @since October 12, 2016 */ @Component -public class ClientSideFiltering extends NewLesson { +public class ClientSideFiltering extends Lesson { @Override public Category getDefaultCategory() { return Category.CLIENT_SIDE; } - @Override - public List getHints() { - return Lists.newArrayList("Many sites attempt to restrict access to resources by role.", - "Developers frequently make mistakes implementing this scheme.", - "Attempt combinations of users, roles, and resources."); - } - - @Override - public Integer getDefaultRanking() { - return 10; - } - @Override public String getTitle() { return "client.side.filtering.title"; diff --git a/webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringFreeAssignmentTest.java b/webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringFreeAssignmentTest.java index 0d934fcd0..c003166b9 100644 --- a/webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringFreeAssignmentTest.java +++ b/webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringFreeAssignmentTest.java @@ -5,6 +5,7 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; @@ -21,14 +22,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @RunWith(SpringJUnit4ClassRunner.class) public class ClientSideFilteringFreeAssignmentTest extends LessonTest { - private MockMvc mockMvc; + @Autowired + private ClientSideFiltering clientSideFiltering; @Before public void setup() { - ClientSideFiltering clientSideFiltering = new ClientSideFiltering(); when(webSession.getCurrentLesson()).thenReturn(clientSideFiltering); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - when(webSession.getUserName()).thenReturn("unit-test"); } @Test diff --git a/webgoat-lessons/command-injection/src/main/java/org/owasp/webgoat/plugin/CommandInjection.java b/webgoat-lessons/command-injection/src/main/java/org/owasp/webgoat/plugin/CommandInjection.java index ad87c7c20..b409bbbc4 100644 --- a/webgoat-lessons/command-injection/src/main/java/org/owasp/webgoat/plugin/CommandInjection.java +++ b/webgoat-lessons/command-injection/src/main/java/org/owasp/webgoat/plugin/CommandInjection.java @@ -2,7 +2,7 @@ package org.owasp.webgoat.plugin; import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.AbstractLesson; import java.util.List; @@ -35,7 +35,7 @@ import java.util.List; * @version $Id: $Id * @since October 12, 2016 */ -public class HttpProxies extends NewLesson { +public class HttpProxies extends AbstractLesson { @Override public Category getDefaultCategory() { return Category.GENERAL; diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScripting.java b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScripting.java index 5f55cc34f..0a62c18b3 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScripting.java +++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScripting.java @@ -23,30 +23,16 @@ package org.owasp.webgoat.xss; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.ArrayList; -import java.util.List; - @Component -public class CrossSiteScripting extends NewLesson { +public class CrossSiteScripting extends Lesson { @Override public Category getDefaultCategory() { return Category.XSS; } - @Override - public List getHints() { - List hints = new ArrayList(); - return hints; - } - - @Override - public Integer getDefaultRanking() { - return 1; - } - @Override public String getTitle() { return "xss.title"; diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingMitigation.java b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingMitigation.java index 862076c78..5a7839baf 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingMitigation.java +++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingMitigation.java @@ -23,28 +23,14 @@ package org.owasp.webgoat.xss; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; -import java.util.ArrayList; -import java.util.List; - -public class CrossSiteScriptingMitigation extends NewLesson { +public class CrossSiteScriptingMitigation extends Lesson { @Override public Category getDefaultCategory() { return Category.XSS; } - @Override - public List getHints() { - List hints = new ArrayList(); - return hints; - } - - @Override - public Integer getDefaultRanking() { - return 3; - } - @Override public String getTitle() { return "xss-mitigation.title"; diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingStored.java b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingStored.java index cee6c8619..e1701a498 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingStored.java +++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingStored.java @@ -23,28 +23,14 @@ package org.owasp.webgoat.xss; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; -import java.util.ArrayList; -import java.util.List; - -public class CrossSiteScriptingStored extends NewLesson { +public class CrossSiteScriptingStored extends Lesson { @Override public Category getDefaultCategory() { return Category.XSS; } - @Override - public List getHints() { - List hints = new ArrayList(); - return hints; - } - - @Override - public Integer getDefaultRanking() { - return 2; - } - @Override public String getTitle() { return "xss-stored.title"; diff --git a/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/DOMCrossSiteScriptingTest.java b/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/DOMCrossSiteScriptingTest.java index c20c268d7..17f8ba81f 100644 --- a/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/DOMCrossSiteScriptingTest.java +++ b/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/DOMCrossSiteScriptingTest.java @@ -28,10 +28,13 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.junit.MockitoJUnitRunner; import org.owasp.webgoat.assignments.AssignmentEndpointTest; +import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.xss.DOMCrossSiteScripting; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; +import java.util.List; + import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -48,7 +51,8 @@ public class DOMCrossSiteScriptingTest extends AssignmentEndpointTest { DOMCrossSiteScripting domXss = new DOMCrossSiteScripting(); init(domXss); this.mockMvc = standaloneSetup(domXss).build(); - when(webSession.getCurrentLesson()).thenReturn(new CrossSiteScripting()); + CrossSiteScripting xss = new CrossSiteScripting(); + when(webSession.getCurrentLesson()).thenReturn(xss); when(userSessionData.getValue("randValue")).thenReturn(randVal); } diff --git a/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/StoredXssCommentsTest.java b/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/StoredXssCommentsTest.java index 8941396d5..b5ec4bb72 100644 --- a/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/StoredXssCommentsTest.java +++ b/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/StoredXssCommentsTest.java @@ -26,16 +26,14 @@ import org.hamcrest.CoreMatchers; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; -import org.mockito.runners.MockitoJUnitRunner; +import org.mockito.junit.MockitoJUnitRunner; import org.owasp.webgoat.assignments.AssignmentEndpointTest; -import org.owasp.webgoat.xss.StoredXssComments; import org.springframework.http.MediaType; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.ResultActions; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; - import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; diff --git a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRF.java b/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRF.java index 0613e7001..7d278d2f8 100644 --- a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRF.java +++ b/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRF.java @@ -24,7 +24,7 @@ package org.owasp.webgoat.csrf; import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; import java.util.List; @@ -33,22 +33,12 @@ import java.util.List; * Created by jason on 9/29/17. */ @Component -public class CSRF extends NewLesson { +public class CSRF extends Lesson { @Override public Category getDefaultCategory() { return Category.REQUEST_FORGERIES; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 1; - } - @Override public String getTitle() { return "csrf.title"; } diff --git a/webgoat-lessons/csrf/src/test/java/org/owasp/webgoat/csrf/CSRFFeedbackTest.java b/webgoat-lessons/csrf/src/test/java/org/owasp/webgoat/csrf/CSRFFeedbackTest.java index bcca01d23..7daf0fd81 100644 --- a/webgoat-lessons/csrf/src/test/java/org/owasp/webgoat/csrf/CSRFFeedbackTest.java +++ b/webgoat-lessons/csrf/src/test/java/org/owasp/webgoat/csrf/CSRFFeedbackTest.java @@ -27,6 +27,7 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -46,13 +47,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @RunWith(SpringJUnit4ClassRunner.class) public class CSRFFeedbackTest extends LessonTest { + @Autowired + private CSRF csrf; + @Before public void setup() { - CSRF csrf = new CSRF(); when(webSession.getCurrentLesson()).thenReturn(csrf); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - when(webSession.getUserName()).thenReturn("unit-test"); - when(webSession.getCurrentLesson()).thenReturn(new CSRF()); } @Test diff --git a/webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTampering.java b/webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTampering.java index fdf177e9a..401eb541f 100644 --- a/webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTampering.java +++ b/webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTampering.java @@ -1,12 +1,9 @@ package org.owasp.webgoat.html_tampering; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * ************************************************************************************************ * This file is part of WebGoat, an Open Web Application Security Project utility. For details, @@ -37,22 +34,12 @@ import java.util.List; * @since October 12, 2016 */ @Component -public class HtmlTampering extends NewLesson { +public class HtmlTampering extends Lesson { @Override public Category getDefaultCategory() { return Category.CLIENT_SIDE; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 3; - } - @Override public String getTitle() { return "html-tampering.title"; diff --git a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasics.java b/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasics.java index 7c31d3798..59c35eec4 100644 --- a/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasics.java +++ b/webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasics.java @@ -22,30 +22,17 @@ package org.owasp.webgoat.http_basics; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - @Component -public class HttpBasics extends NewLesson { +public class HttpBasics extends Lesson { @Override public Category getDefaultCategory() { return Category.GENERAL; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 1; - } - @Override public String getTitle() { return "http-basics.title"; diff --git a/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpProxies.java b/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpProxies.java index 3ef60bc75..53c3c3ee8 100644 --- a/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpProxies.java +++ b/webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpProxies.java @@ -1,12 +1,9 @@ package org.owasp.webgoat.http_proxies; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * ************************************************************************************************ * This file is part of WebGoat, an Open Web Application Security Project utility. For details, @@ -37,22 +34,12 @@ import java.util.List; * @since October 12, 2016 */ @Component -public class HttpProxies extends NewLesson { +public class HttpProxies extends Lesson { @Override public Category getDefaultCategory() { return Category.GENERAL; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 2; - } - @Override public String getTitle() { return "http-proxies.title"; diff --git a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOR.java b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOR.java index 3651d0104..f2bfcc3a5 100644 --- a/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOR.java +++ b/webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOR.java @@ -1,12 +1,9 @@ package org.owasp.webgoat.idor; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * ************************************************************************************************ * This file is part of WebGoat, an Open Web Application Security Project utility. For details, @@ -37,23 +34,13 @@ import java.util.List; * @since January 3, 2017 */ @Component -public class IDOR extends NewLesson { +public class IDOR extends Lesson { @Override public Category getDefaultCategory() { return Category.ACCESS_CONTROL; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 20; - } - @Override public String getTitle() { return "idor.title"; diff --git a/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserialization.java b/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserialization.java index 5eaf38f11..f93104405 100644 --- a/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserialization.java +++ b/webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserialization.java @@ -1,12 +1,9 @@ package org.owasp.webgoat.deserialization; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * ************************************************************************************************ * This file is part of WebGoat, an Open Web Application Security Project utility. For details, @@ -37,22 +34,12 @@ import java.util.List; * @since October 12, 2016 */ @Component -public class InsecureDeserialization extends NewLesson { +public class InsecureDeserialization extends Lesson { @Override public Category getDefaultCategory() { return Category.INSECURE_DESERIALIZATION; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 1; - } - @Override public String getTitle() { return "insecure-deserialization.title"; diff --git a/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLogin.java b/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLogin.java index 1a39bd48e..f8f7bf428 100644 --- a/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLogin.java +++ b/webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLogin.java @@ -1,12 +1,9 @@ package org.owasp.webgoat.insecure_login; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * ************************************************************************************************ * This file is part of WebGoat, an Open Web Application Security Project utility. For details, @@ -37,22 +34,12 @@ import java.util.List; * @since October 12, 2016 */ @Component -public class InsecureLogin extends NewLesson { +public class InsecureLogin extends Lesson { @Override public Category getDefaultCategory() { return Category.INSECURE_COMMUNICATION; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 1; - } - @Override public String getTitle() { return "insecure-login.title"; diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWT.java b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWT.java index 7fad8a7a0..9b85fefbb 100644 --- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWT.java +++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWT.java @@ -22,35 +22,22 @@ package org.owasp.webgoat.jwt; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * @author nbaars * @since 3/22/17. */ @Component -public class JWT extends NewLesson { +public class JWT extends Lesson { @Override public Category getDefaultCategory() { return Category.AUTHENTICATION; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 40; - } - @Override public String getTitle() { return "jwt.title"; diff --git a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java index 1806e8f0b..f07334549 100644 --- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java +++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java @@ -7,6 +7,8 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.core.AutoConfigureCache; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -25,12 +27,13 @@ public class JWTFinalEndpointTest extends LessonTest { private static final String TOKEN_JERRY = "eyJraWQiOiJ3ZWJnb2F0X2tleSIsImFsZyI6IkhTNTEyIn0.eyJhdWQiOiJ3ZWJnb2F0Lm9yZyIsImVtYWlsIjoiamVycnlAd2ViZ29hdC5jb20iLCJ1c2VybmFtZSI6IkplcnJ5In0.xBc5FFwaOcuxjdr_VJ16n8Jb7vScuaZulNTl66F2MWF1aBe47QsUosvbjWGORNcMPiPNwnMu1Yb0WZVNrp2ZXA"; + @Autowired + private JWT jwt; + @Before public void setup() { - JWT jwt = new JWT(); when(webSession.getCurrentLesson()).thenReturn(jwt); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - when(webSession.getUserName()).thenReturn("unit-test"); } @Test diff --git a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java index 4af19fa05..c196855ec 100644 --- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java +++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java @@ -29,6 +29,7 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.MvcResult; @@ -46,9 +47,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @RunWith(SpringJUnit4ClassRunner.class) public class JWTRefreshEndpointTest extends LessonTest { + @Autowired + private JWT jwt; + @Before public void setup() { - JWT jwt = new JWT(); when(webSession.getCurrentLesson()).thenReturn(jwt); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); when(webSession.getUserName()).thenReturn("unit-test"); diff --git a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java index 072b60ca6..13f6d9ae3 100644 --- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java +++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java @@ -29,6 +29,7 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -47,9 +48,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @RunWith(SpringJUnit4ClassRunner.class) public class JWTSecretKeyEndpointTest extends LessonTest { + @Autowired + private JWT jwt; + @Before public void setup() { - JWT jwt = new JWT(); when(webSession.getCurrentLesson()).thenReturn(jwt); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); when(webSession.getUserName()).thenReturn("unit-test"); diff --git a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java index d37d1012b..58a866a00 100644 --- a/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java +++ b/webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java @@ -30,6 +30,7 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.MvcResult; @@ -53,9 +54,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @RunWith(SpringJUnit4ClassRunner.class) public class JWTVotesEndpointTest extends LessonTest { + @Autowired + private JWT jwt; + @Before public void setup() { - JWT jwt = new JWT(); when(webSession.getCurrentLesson()).thenReturn(jwt); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); when(webSession.getUserName()).thenReturn("unit-test"); diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionAC.java b/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionAC.java index 145003f89..8a91d15c0 100644 --- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionAC.java +++ b/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionAC.java @@ -22,31 +22,18 @@ package org.owasp.webgoat.missing_ac; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - @Component -public class MissingFunctionAC extends NewLesson { +public class MissingFunctionAC extends Lesson { @Override public Category getDefaultCategory() { return Category.ACCESS_CONTROL; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 40; - } - @Override public String getTitle() { return "missing-function-access-control.title"; diff --git a/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionYourHashTest.java b/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionYourHashTest.java index 5e92152d6..def9adfa1 100644 --- a/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionYourHashTest.java +++ b/webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionYourHashTest.java @@ -36,7 +36,6 @@ import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Matchers.anyString; import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; diff --git a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/PasswordReset.java b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/PasswordReset.java index ef04461fb..bc486e70d 100644 --- a/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/PasswordReset.java +++ b/webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/PasswordReset.java @@ -23,29 +23,16 @@ package org.owasp.webgoat.password_reset; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.ArrayList; -import java.util.List; - @Component -public class PasswordReset extends NewLesson { +public class PasswordReset extends Lesson { @Override public Category getDefaultCategory() { return Category.AUTHENTICATION; } - @Override - public List getHints() { - return new ArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 10; - } - @Override public String getTitle() { return "password-reset.title"; diff --git a/webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java b/webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java index 5def51ecc..d4e65990b 100644 --- a/webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java +++ b/webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java @@ -6,6 +6,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mockito; import org.owasp.webgoat.plugins.LessonTest; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpSession; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; @@ -17,10 +18,12 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @RunWith(SpringJUnit4ClassRunner.class) public class SecurityQuestionAssignmentTest extends LessonTest { + @Autowired + private PasswordReset passwordReset; + @Before public void setup() { - PasswordReset assignment = new PasswordReset(); - Mockito.when(webSession.getCurrentLesson()).thenReturn(assignment); + Mockito.when(webSession.getCurrentLesson()).thenReturn(passwordReset); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); Mockito.when(webSession.getUserName()).thenReturn("unit-test"); } diff --git a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswords.java b/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswords.java index 05a8fa803..d926461f5 100644 --- a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswords.java +++ b/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswords.java @@ -22,35 +22,22 @@ package org.owasp.webgoat.secure_password; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * @author BenediktStuhrmann * @since 12/2/18. */ @Component -public class SecurePasswords extends NewLesson { +public class SecurePasswords extends Lesson { @Override public Category getDefaultCategory() { return Category.AUTHENTICATION; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 3; - } - @Override public String getTitle() { return "secure-passwords.title"; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionAdvanced.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionAdvanced.java index 3d0c6de75..d9864fc38 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionAdvanced.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionAdvanced.java @@ -23,29 +23,16 @@ package org.owasp.webgoat.sql_injection.advanced; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.ArrayList; -import java.util.List; - @Component -public class SqlInjectionAdvanced extends NewLesson { +public class SqlInjectionAdvanced extends Lesson { @Override public Category getDefaultCategory() { return Category.INJECTION; } - @Override - public List getHints() { - return new ArrayList<>(); - } - - @Override - public Integer getDefaultRanking() { - return 2; - } - @Override public String getTitle() { return "sql.advanced.title"; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjection.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjection.java index d4ad9ea30..7b2f4c842 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjection.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjection.java @@ -22,37 +22,17 @@ package org.owasp.webgoat.sql_injection.introduction; -import java.util.ArrayList; -import java.util.List; - import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; @Component -public class SqlInjection extends NewLesson { +public class SqlInjection extends Lesson { @Override public Category getDefaultCategory() { return Category.INJECTION; } - @Override - public List getHints() { - List hints = new ArrayList(); - -// hints.add(getLabelManager().get("SqlStringInjectionHint1")); -// hints.add(getLabelManager().get("SqlStringInjectionHint2")); -// hints.add(getLabelManager().get("SqlStringInjectionHint3")); -// hints.add(getLabelManager().get("SqlStringInjectionHint4")); -// hints.add(getLabelManager().get("SqlStringInjectionHint5")); - return hints; - } - - @Override - public Integer getDefaultRanking() { - return 0; - } - @Override public String getTitle() { return "sql.injection.title"; diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionMitigations.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionMitigations.java index 7e3c5ec44..7ea37924f 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionMitigations.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionMitigations.java @@ -23,29 +23,16 @@ package org.owasp.webgoat.sql_injection.mitigation; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.ArrayList; -import java.util.List; - @Component -public class SqlInjectionMitigations extends NewLesson { +public class SqlInjectionMitigations extends Lesson { @Override public Category getDefaultCategory() { return Category.INJECTION; } - @Override - public List getHints() { - return new ArrayList<>(); - } - - @Override - public Integer getDefaultRanking() { - return 3; - } - @Override public String getTitle() { return "sql.mitigation.title"; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/NewLesson.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/SqlLessonTest.java similarity index 50% rename from webgoat-container/src/main/java/org/owasp/webgoat/lessons/NewLesson.java rename to webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/SqlLessonTest.java index 450404dbc..cf183f89d 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/NewLesson.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/SqlLessonTest.java @@ -1,50 +1,46 @@ -package org.owasp.webgoat.lessons; - -import java.util.List; - -/** - * ************************************************************************************************ - * This file is part of WebGoat, an Open Web Application Security Project utility. For details, - * please see http://www.owasp.org/ - *

- * Copyright (c) 2002 - 20014 Bruce Mayhew - *

+/* + * This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/ + * + * Copyright (c) 2002 - 2019 Bruce Mayhew + * * This program is free software; you can redistribute it and/or modify it under the terms of the * GNU General Public License as published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. - *

+ * * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. - *

+ * * You should have received a copy of the GNU General Public License along with this program; if * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * 02111-1307, USA. - *

- * Getting Source ============== - *

- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software - * projects. - *

* - * @author WebGoat - * @version $Id: $Id - * @since October 12, 2016 + * Getting Source ============== + * + * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. */ -public abstract class NewLesson extends LessonAdapter { - @Override - public abstract Category getDefaultCategory(); +package org.owasp.webgoat.sql_injection; - public abstract List getHints(); +import org.junit.Before; +import org.owasp.webgoat.plugins.LessonTest; +import org.owasp.webgoat.session.WebgoatContext; +import org.owasp.webgoat.sql_injection.introduction.SqlInjection; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.web.servlet.setup.MockMvcBuilders; - @Override - public abstract Integer getDefaultRanking(); +import static org.mockito.Mockito.when; - @Override - public abstract String getTitle(); +public class SqlLessonTest extends LessonTest { + + @Autowired + private SqlInjection sql = new SqlInjection(); + + @Before + public void setup() { + when(webSession.getCurrentLesson()).thenReturn(sql); + this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); + } - @Override - public abstract String getId(); } diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10Test.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10Test.java index 1a1c8d50d..003608896 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10Test.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10Test.java @@ -27,6 +27,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.session.WebgoatContext; +import org.owasp.webgoat.sql_injection.SqlLessonTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; @@ -42,21 +43,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @since 11/07/18. */ @RunWith(SpringJUnit4ClassRunner.class) -public class SqlInjectionLesson10Test extends LessonTest { - - @Autowired - private WebgoatContext context; +public class SqlInjectionLesson10Test extends SqlLessonTest { private String completedError = "JSON path \"lessonCompleted\""; - @Before - public void setup() { - SqlInjection sql = new SqlInjection(); - when(webSession.getCurrentLesson()).thenReturn(sql); - when(webSession.getWebgoatContext()).thenReturn(context); - this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - } - @Test public void tableExistsIsFailure() throws Exception { try { diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java index b838eb0d9..f07d93547 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java @@ -6,6 +6,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.session.WebgoatContext; +import org.owasp.webgoat.sql_injection.SqlLessonTest; import org.owasp.webgoat.sql_injection.introduction.SqlInjection; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @@ -24,18 +25,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @since 5/21/17. */ @RunWith(SpringJUnit4ClassRunner.class) -public class SqlInjectionLesson5aTest extends LessonTest { - - @Autowired - private WebgoatContext context; - - @Before - public void setup() throws Exception { - SqlInjection sql = new SqlInjection(); - when(webSession.getCurrentLesson()).thenReturn(sql); - when(webSession.getWebgoatContext()).thenReturn(context); - this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - } +public class SqlInjectionLesson5aTest extends SqlLessonTest { @Test public void knownAccountShouldDisplayData() throws Exception { diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java index 5b432146a..9496ee068 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java @@ -26,6 +26,7 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; +import org.owasp.webgoat.sql_injection.SqlLessonTest; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -41,13 +42,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @since 6/15/17. */ @RunWith(SpringJUnit4ClassRunner.class) -public class SqlInjectionLesson6aTest extends LessonTest { - - @Before - public void setup() throws Exception { - when(webSession.getCurrentLesson()).thenReturn(new SqlInjection()); - this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - } +public class SqlInjectionLesson6aTest extends SqlLessonTest { @Test public void wrongSolution() throws Exception { diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6bTest.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6bTest.java index d0b082c1a..7210d4d94 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6bTest.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6bTest.java @@ -26,6 +26,7 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; +import org.owasp.webgoat.sql_injection.SqlLessonTest; import org.owasp.webgoat.sql_injection.introduction.SqlInjection; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; @@ -41,13 +42,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @since 6/16/17. */ @RunWith(SpringJUnit4ClassRunner.class) -public class SqlInjectionLesson6bTest extends LessonTest { - - @Before - public void setup() throws Exception { - when(webSession.getCurrentLesson()).thenReturn(new SqlInjection()); - this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - } +public class SqlInjectionLesson6bTest extends SqlLessonTest { @Test public void submitCorrectPassword() throws Exception { diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java index 25ae1320b..97ad55831 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java @@ -27,6 +27,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.session.WebgoatContext; +import org.owasp.webgoat.sql_injection.SqlLessonTest; import org.owasp.webgoat.sql_injection.introduction.SqlInjection; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @@ -44,18 +45,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @since 11/07/18. */ @RunWith(SpringJUnit4ClassRunner.class) -public class SqlInjectionLesson8Test extends LessonTest { - - @Autowired - private WebgoatContext context; - - @Before - public void setup() { - SqlInjection sql = new SqlInjection(); - when(webSession.getCurrentLesson()).thenReturn(sql); - when(webSession.getWebgoatContext()).thenReturn(context); - this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - } +public class SqlInjectionLesson8Test extends SqlLessonTest { @Test public void oneAccount() throws Exception { diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java index 9e58c7703..58fa7ef0d 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java @@ -27,6 +27,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.session.WebgoatContext; +import org.owasp.webgoat.sql_injection.SqlLessonTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; @@ -43,21 +44,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @since 11/07/18. */ @RunWith(SpringJUnit4ClassRunner.class) -public class SqlInjectionLesson9Test extends LessonTest { - - @Autowired - private WebgoatContext context; +public class SqlInjectionLesson9Test extends SqlLessonTest { private String completedError = "JSON path \"lessonCompleted\""; - @Before - public void setup() { - SqlInjection sql = new SqlInjection(); - when(webSession.getCurrentLesson()).thenReturn(sql); - when(webSession.getWebgoatContext()).thenReturn(context); - this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - } - @Test public void oneAccount() throws Exception { try { diff --git a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson12aTest.java b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson12aTest.java index cbe847de4..ce989c176 100644 --- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson12aTest.java +++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson12aTest.java @@ -3,6 +3,7 @@ package org.owasp.webgoat.sql_injection.mitigation; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; +import org.owasp.webgoat.sql_injection.SqlLessonTest; import org.owasp.webgoat.sql_injection.introduction.SqlInjection; import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.session.WebgoatContext; @@ -21,19 +22,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. * @since 5/21/17. */ @RunWith(SpringJUnit4ClassRunner.class) -public class SqlInjectionLesson12aTest extends LessonTest { - - @Autowired - private WebgoatContext context; - - @Before - public void setup() { - SqlInjection sql = new SqlInjection(); - - when(webSession.getCurrentLesson()).thenReturn(sql); - when(webSession.getWebgoatContext()).thenReturn(context); - this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - } +public class SqlInjectionLesson12aTest extends SqlLessonTest { @Test public void knownAccountShouldDisplayData() throws Exception { diff --git a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRF.java b/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRF.java index 8d5832954..9936fed43 100644 --- a/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRF.java +++ b/webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRF.java @@ -1,12 +1,9 @@ package org.owasp.webgoat.ssrf; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * ************************************************************************************************ * This file is part of WebGoat, an Open Web Application Security Project utility. For details, @@ -37,22 +34,12 @@ import java.util.List; * @since October 12, 2016 */ @Component -public class SSRF extends NewLesson { +public class SSRF extends Lesson { @Override public Category getDefaultCategory() { return Category.REQUEST_FORGERIES; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 2; - } - @Override public String getTitle() { return "ssrf.title"; diff --git a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java index d8744802e..99a14aa1c 100644 --- a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java +++ b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java @@ -4,6 +4,7 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.result.MockMvcResultHandlers; @@ -21,10 +22,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @RunWith(SpringJUnit4ClassRunner.class) public class SSRFTest1 extends LessonTest { + @Autowired + private SSRF ssrf; @Before public void setup() throws Exception { - SSRF ssrf = new SSRF(); when(webSession.getCurrentLesson()).thenReturn(ssrf); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); } diff --git a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java index 323adf1ba..2625212b7 100644 --- a/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java +++ b/webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java @@ -26,6 +26,7 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.result.MockMvcResultHandlers; @@ -43,10 +44,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @RunWith(SpringJUnit4ClassRunner.class) public class SSRFTest2 extends LessonTest { + @Autowired + private SSRF ssrf; @Before public void setup() throws Exception { - SSRF ssrf = new SSRF(); when(webSession.getCurrentLesson()).thenReturn(ssrf); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); } diff --git a/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponents.java b/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponents.java index 7f2458191..a500aef42 100644 --- a/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponents.java +++ b/webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponents.java @@ -23,29 +23,16 @@ package org.owasp.webgoat.vulnerable_components; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.ArrayList; -import java.util.List; - @Component -public class VulnerableComponents extends NewLesson { +public class VulnerableComponents extends Lesson { @Override public Category getDefaultCategory() { return Category.VULNERABLE_COMPONENTS; } - @Override - public List getHints() { - return new ArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 1; - } - @Override public String getTitle() { return "vulnerable-components.title"; diff --git a/webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/introduction/WebGoatIntroduction.java b/webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/introduction/WebGoatIntroduction.java index 6c2a64d36..015c4b2c5 100644 --- a/webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/introduction/WebGoatIntroduction.java +++ b/webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/introduction/WebGoatIntroduction.java @@ -1,12 +1,9 @@ package org.owasp.webgoat.introduction; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.ArrayList; -import java.util.List; - /** * ************************************************************************************************ * This file is part of WebGoat, an Open Web Application Security Project utility. For details, @@ -37,22 +34,12 @@ import java.util.List; * @since October 12, 2016 */ @Component -public class WebGoatIntroduction extends NewLesson { +public class WebGoatIntroduction extends Lesson { @Override public Category getDefaultCategory() { return Category.INTRODUCTION; } - @Override - public List getHints() { - return new ArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 1; - } - @Override public String getTitle() { return "webgoat.title"; diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/LessonTemplate.java b/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/LessonTemplate.java index 00d15dbec..bf42c59d7 100644 --- a/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/LessonTemplate.java +++ b/webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/LessonTemplate.java @@ -1,12 +1,9 @@ package org.owasp.webgoat.template; -import com.beust.jcommander.internal.Lists; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.List; - /** * ************************************************************************************************ * This file is part of WebGoat, an Open Web Application Security Project utility. For details, @@ -37,23 +34,13 @@ import java.util.List; * @since January 3, 2017 */ @Component -public class LessonTemplate extends NewLesson { +public class LessonTemplate extends Lesson { @Override public Category getDefaultCategory() { return Category.GENERAL; } - @Override - public List getHints() { - return Lists.newArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 30; - } - @Override public String getTitle() { return "lesson-template.title"; diff --git a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-attack.adoc b/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-attack.adoc index fb07ed7d4..03090f97e 100644 --- a/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-attack.adoc +++ b/webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-attack.adoc @@ -5,7 +5,7 @@ Each lesson can contain multiple assignments, first let's define a lesson class [source] ---- @Component -public class LessonTemplate extends NewLesson { +public class LessonTemplate extends AbstractLesson { @Override public Category getDefaultCategory() { return Category.GENERAL; diff --git a/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/WebWolfIntroduction.java b/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/WebWolfIntroduction.java index fd03b66f7..fa6ea6a21 100644 --- a/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/WebWolfIntroduction.java +++ b/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/WebWolfIntroduction.java @@ -23,29 +23,16 @@ package org.owasp.webgoat.webwolf_introduction; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.ArrayList; -import java.util.List; - @Component -public class WebWolfIntroduction extends NewLesson { +public class WebWolfIntroduction extends Lesson { @Override public Category getDefaultCategory() { return Category.INTRODUCTION; } - @Override - public List getHints() { - return new ArrayList(); - } - - @Override - public Integer getDefaultRanking() { - return 10; - } - @Override public String getTitle() { return "webwolf.title"; diff --git a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/XXE.java b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/XXE.java index 8bb749da9..b7777299c 100644 --- a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/XXE.java +++ b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/XXE.java @@ -23,34 +23,17 @@ package org.owasp.webgoat.xxe; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.lessons.NewLesson; +import org.owasp.webgoat.lessons.Lesson; import org.springframework.stereotype.Component; -import java.util.ArrayList; -import java.util.List; - @Component -public class XXE extends NewLesson { +public class XXE extends Lesson { @Override public Category getDefaultCategory() { return Category.XXE; } - @Override - public List getHints() { - List hints = new ArrayList(); - hints.add("Try submitting the form and see what happens"); - hints.add("XXE stands for XML External Entity attack"); - hints.add("Try to include your own DTD"); - return hints; - } - - @Override - public Integer getDefaultRanking() { - return 4; - } - @Override public String getTitle() { return "xxe.title"; diff --git a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java index c3fcd87be..8effc48ce 100644 --- a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java +++ b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java @@ -34,6 +34,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @RunWith(SpringJUnit4ClassRunner.class) public class BlindSendFileAssignmentTest extends LessonTest { + @Autowired + private XXE xxe; @Autowired private Comments comments; @Value("${webgoat.user.directory}") @@ -45,11 +47,9 @@ public class BlindSendFileAssignmentTest extends LessonTest { public WireMockRule webwolfServer = new WireMockRule(wireMockConfig().dynamicPort()); @Before - public void setup() throws Exception { - XXE xxe = new XXE(); + public void setup() { when(webSession.getCurrentLesson()).thenReturn(xxe); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - when(webSession.getUserName()).thenReturn("unit-test"); port = webwolfServer.port(); } diff --git a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java index aedc7517e..df9034660 100644 --- a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java +++ b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java @@ -47,15 +47,15 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @RunWith(SpringJUnit4ClassRunner.class) public class ContentTypeAssignmentTest extends LessonTest { + @Autowired + private XXE xxe; @Autowired private Comments comments; @Before - public void setup() throws Exception { - XXE xxe = new XXE(); + public void setup() { when(webSession.getCurrentLesson()).thenReturn(xxe); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - when(webSession.getUserName()).thenReturn("unit-test"); } @Test diff --git a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java index 960af3bd7..73e298865 100644 --- a/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java +++ b/webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java @@ -28,6 +28,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.xxe.XXE; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders; @@ -43,12 +44,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. @RunWith(SpringJUnit4ClassRunner.class) public class SimpleXXETest extends LessonTest { + @Autowired + private XXE xxe; + @Before - public void setup() throws Exception { - XXE xxe = new XXE(); + public void setup() { when(webSession.getCurrentLesson()).thenReturn(xxe); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); - when(webSession.getUserName()).thenReturn("unit-test"); } @Test diff --git a/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java b/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java index 9efe30895..6c5f56ee4 100644 --- a/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java +++ b/webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java @@ -28,6 +28,7 @@ import lombok.extern.slf4j.Slf4j; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; +import org.springframework.util.StringUtils; /** * Main entry point, this project is here to get all the lesson jars included to the final jar file @@ -40,7 +41,7 @@ import org.springframework.boot.web.servlet.support.SpringBootServletInitializer public class StartWebGoat extends SpringBootServletInitializer { public static void main(String[] args) { - log.info("Starting WebGoat with args: {}", args); + log.info("Starting WebGoat with args: {}", StringUtils.arrayToCommaDelimitedString(args)); System.setProperty("spring.config.name", "application-webgoat"); SpringApplication.run(StartWebGoat.class, args); } diff --git a/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java b/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java index 92c37b5dd..4a365150a 100644 --- a/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java +++ b/webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java @@ -27,12 +27,13 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.InjectMocks; import org.mockito.Mock; +import org.mockito.junit.MockitoJUnitRunner; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import static org.mockito.Mockito.*; -@RunWith(SpringJUnit4ClassRunner.class) +@RunWith(MockitoJUnitRunner.class) public class UserServiceTest { @Mock diff --git a/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java b/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java index 8c3ad6a51..44e6e9470 100644 --- a/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java +++ b/webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java @@ -28,6 +28,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.InjectMocks; import org.mockito.Mock; +import org.mockito.junit.MockitoJUnitRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.validation.BindException; @@ -35,7 +36,7 @@ import static junit.framework.TestCase.assertTrue; import static org.junit.Assert.assertFalse; import static org.mockito.Mockito.when; -@RunWith(SpringJUnit4ClassRunner.class) +@RunWith(MockitoJUnitRunner.class) public class UserValidatorTest { @Mock