dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

All successful

Browse Source
This commit is contained in:
Nanne Baars
2019-09-20 07:59:04 +02:00
parent d7a2596670
commit e8d086ac9b
93 changed files with 293 additions and 1110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java
View File

@ -30,7 +30,7 @@
*/
package org.owasp.webgoat.controller;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.WebSession;
import org.springframework.security.core.context.SecurityContext;
@ -79,8 +79,8 @@ public class StartLesson {
//GrantedAuthority authority = context.getAuthentication().getAuthorities().iterator().next();
String path = request.getRequestURL().toString(); // we now got /a/b/c/AccessControlMatrix.lesson
String lessonName = path.substring(path.lastIndexOf('/') + 1, path.indexOf(".lesson"));
List<? extends AbstractLesson> lessons = course.getLessons();
Optional<? extends AbstractLesson> lesson = lessons.stream()
List<? extends Lesson> lessons = course.getLessons();
Optional<? extends Lesson> lesson = lessons.stream()
.filter(l -> l.getId().equals(lessonName))
.findFirst();
ws.setCurrentLesson(lesson.get());

8
webgoat-container/src/main/java/org/owasp/webgoat/lessons/Hint.java
View File

@ -26,8 +26,7 @@
*/
package org.owasp.webgoat.lessons;
import lombok.Getter;
import lombok.Setter;
import lombok.Value;
/**
* <p>Hint class.</p>
@ -35,12 +34,9 @@ import lombok.Setter;
* @author rlawson
* @version $Id: $Id
*/
@Getter
@Setter
@Value
public class Hint {
private String hint;
private String lesson;
private String assignmentPath;
private int number;
}

145
webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java → webgoat-container/src/main/java/org/owasp/webgoat/lessons/Lesson.java
View File

@ -1,63 +1,45 @@
package org.owasp.webgoat.lessons;
import com.google.common.collect.Lists;
import lombok.Setter;
import org.owasp.webgoat.session.Screen;
import java.util.List;
/**
* ************************************************************************************************
* <p>
* <p>
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p>
/*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2019 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
* <p>
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* <p>
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
* <p>
* Getting Source ==============
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @version $Id: $Id
* @since October 28, 2003
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/
public abstract class AbstractLesson extends Screen implements Comparable<Object> {
package org.owasp.webgoat.lessons;
import lombok.Getter;
import lombok.Setter;
import lombok.Singular;
import java.util.List;
@Getter
@Setter
public abstract class Lesson {
private static int count = 1;
private Integer id = null;
private Integer ranking;
@Setter
private List<Assignment> assignments;
public List<Assignment> getAssignments() {
if (assignments == null) {
return Lists.newArrayList();
}
return assignments;
}
/**
* Constructor for the Lesson object
*/
public AbstractLesson() {
public Lesson() {
id = ++count;
}
@ -72,34 +54,6 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
return className.substring(className.lastIndexOf('.') + 1);
}
/**
* <p>Setter for the field <code>ranking</code>.</p>
*
* @param ranking a {@link java.lang.Integer} object.
*/
public void setRanking(Integer ranking) {
this.ranking = ranking;
}
/**
* {@inheritDoc}
* <p>
* Description of the Method
*/
public int compareTo(Object obj) {
return this.getRanking().compareTo(((AbstractLesson) obj).getRanking());
}
/**
* {@inheritDoc}
* <p>
* Description of the Method
*/
public boolean equals(Object obj) {
return this.getScreenId() == ((AbstractLesson) obj).getScreenId();
}
/**
* Gets the category attribute of the Lesson object
*
@ -109,13 +63,6 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
return getDefaultCategory();
}
/**
* <p>getDefaultRanking.</p>
*
* @return a {@link java.lang.Integer} object.
*/
protected abstract Integer getDefaultRanking();
/**
* <p>getDefaultCategory.</p>
*
@ -123,29 +70,6 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
*/
protected abstract Category getDefaultCategory();
/**
* <p>getDefaultHidden.</p>
*
* @return a boolean.
*/
protected abstract boolean getDefaultHidden();
/**
* Gets the hintCount attribute of the Lesson object
*
* @return The hintCount value
*/
public int getHintCount() {
return getHints().size();
}
/**
* <p>getHints.</p>
*
* @return a {@link java.util.List} object.
*/
public abstract List<String> getHints();
/**
* Gets the title attribute of the HelloScreen object
*
@ -153,28 +77,6 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
*/
public abstract String getTitle();
/**
* Gets the ranking attribute of the Lesson object
*
* @return The ranking value
*/
public Integer getRanking() {
if (ranking != null) {
return ranking;
} else {
return getDefaultRanking();
}
}
/**
* Gets the uniqueID attribute of the AbstractLesson object
*
* @return The uniqueID value
*/
public int getScreenId() {
return id.intValue();
}
/**
* <p>Returns the default "path" portion of a lesson's URL.</p>
* <p>
@ -218,5 +120,4 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
}
public abstract String getId();
}

86
webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
View File

@ -1,86 +0,0 @@
/**
*************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @since October 28, 2003
* @version $Id: $Id
*/
package org.owasp.webgoat.lessons;
//// TODO: 11/8/2016 remove
public abstract class LessonAdapter extends AbstractLesson {
/**
* <p>getDefaultHidden.</p>
*
* @return a boolean.
*/
protected boolean getDefaultHidden() {
return false;
}
/**
* Initiates lesson restart functionality. Lessons should override this for
* lesson specific actions
*/
public void restartLesson() {
// Do Nothing - called when restart lesson is pressed. Each lesson can do something
}
private final static Integer DEFAULT_RANKING = 1000;
/**
* <p>getDefaultRanking.</p>
*
* @return a {@link java.lang.Integer} object.
*/
protected Integer getDefaultRanking() {
return DEFAULT_RANKING;
}
/**
* provide a default submitMethod of lesson does not implement
*
* @return a {@link java.lang.String} object.
*/
public String getSubmitMethod() {
return "GET";
}
/**
* Fill in a descriptive title for this lesson. The title of the lesson.
* This will appear above the control area at the top of the page. This
* field will be rendered as html.
*
* @return The title value
*/
public String getTitle() {
return "Untitled Lesson " + getScreenId();
}
}

50
webgoat-container/src/main/java/org/owasp/webgoat/lessons/NewLesson.java
View File

@ -1,50 +0,0 @@
package org.owasp.webgoat.lessons;
import java.util.List;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
* <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* <p>
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
* <p>
* Getting Source ==============
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
* <p>
*
* @author WebGoat
* @version $Id: $Id
* @since October 12, 2016
*/
public abstract class NewLesson extends LessonAdapter {
@Override
public abstract Category getDefaultCategory();
public abstract List<String> getHints();
@Override
public abstract Integer getDefaultRanking();
@Override
public abstract String getTitle();
@Override
public abstract String getId();
}

10
webgoat-container/src/main/java/org/owasp/webgoat/plugins/CourseConfiguration.java
View File

@ -27,9 +27,8 @@ import org.apache.commons.lang3.ArrayUtils;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentHints;
import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.session.Course;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@ -40,7 +39,6 @@ import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
@ -51,11 +49,11 @@ import static java.util.stream.Collectors.toList;
@Configuration
public class CourseConfiguration {
private final List<NewLesson> lessons;
private final List<Lesson> lessons;
private final List<AssignmentEndpoint> assignments;
private final Map<String, List<AssignmentEndpoint>> assignmentsByPackage;
public CourseConfiguration(List<NewLesson> lessons, List<AssignmentEndpoint> assignments) {
public CourseConfiguration(List<Lesson> lessons, List<AssignmentEndpoint> assignments) {
this.lessons = lessons;
this.assignments = assignments;
assignmentsByPackage = this.assignments.stream().collect(groupingBy(a -> a.getClass().getPackageName()));
@ -67,7 +65,7 @@ public class CourseConfiguration {
return new Course(lessons);
}
private List<Assignment> createAssignment(AbstractLesson lesson) {
private List<Assignment> createAssignment(Lesson lesson) {
var endpoints = assignmentsByPackage.get(lesson.getClass().getPackageName());
if (CollectionUtils.isEmpty(endpoints)) {
log.warn("Lesson: {} has no endpoints, is this intentionally?", lesson.getTitle());

32
webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginResource.java
View File

@ -1,32 +0,0 @@
package org.owasp.webgoat.plugins;
import lombok.AllArgsConstructor;
import lombok.Getter;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.lessons.NewLesson;
import java.net.URL;
import java.util.List;
import java.util.stream.Collectors;
@AllArgsConstructor
@Getter
public class PluginResource {
private final URL location;
private final List<Class> classes;
public List<Class> getLessons() {
return classes.stream().filter(c -> c.getSuperclass() == NewLesson.class).collect(Collectors.toList());
}
public List<Class<AssignmentEndpoint>> getAssignments(Class lesson) {
return classes.stream().
filter(c -> c.getSuperclass() == AssignmentEndpoint.class).
filter(c -> c.getPackage().equals(lesson.getPackage())).
map(c -> (Class<AssignmentEndpoint>) c).
collect(Collectors.toList());
}
}

47
webgoat-container/src/main/java/org/owasp/webgoat/service/HintService.java
View File

@ -5,10 +5,9 @@
*/
package org.owasp.webgoat.service;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.lessons.Hint;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.session.WebSession;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
@ -41,42 +40,22 @@ public class HintService {
*/
@GetMapping(path = URL_HINTS_MVC, produces = "application/json")
@ResponseBody
public List<Hint> showHint() {
AbstractLesson l = webSession.getCurrentLesson();
List<Hint> hints = createLessonHints(l);
hints.addAll(createAssignmentHints(l));
return hints;
public List<Hint> getHints() {
Lesson l = webSession.getCurrentLesson();
return createAssignmentHints(l);
}
private List<Hint> createLessonHints(AbstractLesson l) {
if ( l != null ) {
return l.getHints().stream().map(h -> createHint(h, l.getName(), null)).collect(toList());
private List<Hint> createAssignmentHints(Lesson l) {
if (l != null) {
return l.getAssignments().stream()
.map(a -> createHint(a))
.flatMap(hints -> hints.stream())
.collect(toList());
}
return Lists.newArrayList();
return List.of();
}
private List<Hint> createAssignmentHints(AbstractLesson l) {
List<Hint> hints = Lists.newArrayList();
if ( l != null) {
List<Assignment> assignments = l.getAssignments();
assignments.stream().forEach(a -> { a.getHints(); createHints(a, hints);});
}
return hints;
}
private void createHints(Assignment a, List<Hint> hints) {
hints.addAll(a.getHints().stream().map(h -> createHint(h, null, a.getPath())).collect(toList()));
}
private Hint createHint(String hintText, String lesson, String assignmentName) {
Hint hint = new Hint();
hint.setHint(hintText);
if (lesson != null) {
hint.setLesson(lesson);
} else {
hint.setAssignmentPath(assignmentName);
}
return hint;
private List<Hint> createHint(Assignment a) {
return a.getHints().stream().map(h -> new Hint(h, a.getPath())).collect(toList());
}
}

4
webgoat-container/src/main/java/org/owasp/webgoat/service/LessonInfoService.java
View File

@ -1,7 +1,7 @@
package org.owasp.webgoat.service;
import lombok.AllArgsConstructor;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.LessonInfoModel;
import org.owasp.webgoat.session.WebSession;
import org.springframework.web.bind.annotation.RequestMapping;
@ -29,7 +29,7 @@ public class LessonInfoService {
@RequestMapping(path = "/service/lessoninfo.mvc", produces = "application/json")
public @ResponseBody
LessonInfoModel getLessonInfo() {
AbstractLesson lesson = webSession.getCurrentLesson();
Lesson lesson = webSession.getCurrentLesson();
return new LessonInfoModel(lesson.getTitle(), false, false, false);
}

8
webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java
View File

@ -29,7 +29,7 @@
package org.owasp.webgoat.service;
import lombok.AllArgsConstructor;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonMenuItem;
import org.owasp.webgoat.lessons.LessonMenuItemType;
@ -43,7 +43,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.stream.Collectors;
@ -81,13 +80,12 @@ public class LessonMenuService {
categoryItem.setName(category.getName());
categoryItem.setType(LessonMenuItemType.CATEGORY);
// check for any lessons for this category
List<AbstractLesson> lessons = course.getLessons(category);
List<Lesson> lessons = course.getLessons(category);
lessons = lessons.stream().sorted(Comparator.comparing(l -> l.getTitle())).collect(Collectors.toList());
for (AbstractLesson lesson : lessons) {
for (Lesson lesson : lessons) {
LessonMenuItem lessonItem = new LessonMenuItem();
lessonItem.setName(lesson.getTitle());
lessonItem.setLink(lesson.getLink());
lessonItem.setRanking(lesson.getRanking());
lessonItem.setType(LessonMenuItemType.LESSON);
LessonTracker lessonTracker = userTracker.getLessonTracker(lesson);
lessonItem.setComplete(lessonTracker.isLessonSolved());

4
webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java
View File

@ -4,7 +4,7 @@ import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import lombok.AllArgsConstructor;
import lombok.Getter;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.lessons.LessonInfoModel;
import org.owasp.webgoat.session.WebSession;
@ -66,7 +66,7 @@ public class LessonProgressService {
@ResponseBody
public List<LessonOverview> lessonOverview() {
UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());
AbstractLesson currentLesson = webSession.getCurrentLesson();
Lesson currentLesson = webSession.getCurrentLesson();
List<LessonOverview> result = Lists.newArrayList();
if ( currentLesson != null ) {
LessonTracker lessonTracker = userTracker.getLessonTracker(currentLesson);

4
webgoat-container/src/main/java/org/owasp/webgoat/service/LessonTitleService.java
View File

@ -1,6 +1,6 @@
package org.owasp.webgoat.service;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.session.WebSession;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@ -31,7 +31,7 @@ public class LessonTitleService {
public
@ResponseBody
String showPlan() {
AbstractLesson lesson = webSession.getCurrentLesson();
Lesson lesson = webSession.getCurrentLesson();
return lesson != null ? lesson.getTitle() : "";
}

4
webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java
View File

@ -33,7 +33,7 @@ import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.Setter;
import org.owasp.webgoat.i18n.PluginMessages;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.users.LessonTracker;
@ -73,7 +73,7 @@ public class ReportCardService {
reportCard.setTotalNumberOfAssignments(course.getTotalOfAssignments());
reportCard.setNumberOfAssignmentsSolved(userTracker.numberOfAssignmentsSolved());
reportCard.setNumberOfLessonsSolved(userTracker.numberOfLessonsSolved());
for (AbstractLesson lesson : lessons) {
for (Lesson lesson : lessons) {
LessonTracker lessonTracker = userTracker.getLessonTracker(lesson);
LessonStatistics lessonStatistics = new LessonStatistics();
lessonStatistics.setName(pluginMessages.getMessage(lesson.getTitle()));

4
webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java
View File

@ -25,7 +25,7 @@ package org.owasp.webgoat.service;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.users.UserTracker;
import org.owasp.webgoat.users.UserTrackerRepository;
@ -56,7 +56,7 @@ public class RestartLessonService {
@RequestMapping(path = "/service/restartlesson.mvc", produces = "text/text")
@ResponseStatus(value = HttpStatus.OK)
public void restartLesson() {
AbstractLesson al = webSession.getCurrentLesson();
Lesson al = webSession.getCurrentLesson();
log.debug("Restarting lesson: " + al);
UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());

16
webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java
View File

@ -1,7 +1,7 @@
package org.owasp.webgoat.session;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Category;
import java.util.List;
@ -41,9 +41,9 @@ import static java.util.stream.Collectors.toList;
@Slf4j
public class Course {
private List<? extends AbstractLesson> lessons;
private List<? extends Lesson> lessons;
public Course(List<? extends AbstractLesson> lessons) {
public Course(List<? extends Lesson> lessons) {
this.lessons = lessons;
}
@ -61,7 +61,7 @@ public class Course {
*
* @return The firstLesson value
*/
public AbstractLesson getFirstLesson() {
public Lesson getFirstLesson() {
// Category 0 is the admin function. We want the first real category
// to be returned. This is normally the General category and the Http Basics lesson
return getLessons(getCategories().get(0)).get(0);
@ -72,7 +72,7 @@ public class Course {
*
* @return a {@link java.util.List} object.
*/
public List<? extends AbstractLesson> getLessons() {
public List<? extends Lesson> getLessons() {
return this.lessons;
}
@ -82,11 +82,11 @@ public class Course {
* @param category a {@link org.owasp.webgoat.lessons.Category} object.
* @return a {@link java.util.List} object.
*/
public List<AbstractLesson> getLessons(Category category) {
return this.lessons.stream().filter(l -> l.getCategory() == category).sorted().collect(toList());
public List<Lesson> getLessons(Category category) {
return this.lessons.stream().filter(l -> l.getCategory() == category).collect(toList());
}
public void setLessons(List<AbstractLesson> lessons) {
public void setLessons(List<Lesson> lessons) {
this.lessons = lessons;
}

53
webgoat-container/src/main/java/org/owasp/webgoat/session/Screen.java
View File

@ -1,53 +0,0 @@
package org.owasp.webgoat.session;
/**
* *************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at
* https://github.com/WebGoat/WebGoat, a repository for free software projects.
*
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
* Security</a>
* @since October 28, 2003
* @version $Id: $Id
*/
public abstract class Screen {
/**
* Constructor for the Screen object
*/
public Screen() {
}
/**
* Fill in a descriptive title for this lesson
*
* @return The title value
*/
public abstract String getTitle();
}

10
webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java
View File

@ -1,7 +1,7 @@
package org.owasp.webgoat.session;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.users.WebGoatUser;
import org.springframework.security.core.context.SecurityContextHolder;
@ -42,7 +42,7 @@ public class WebSession {
private final WebGoatUser currentUser;
private final WebgoatContext webgoatContext;
private AbstractLesson currentLesson;
private Lesson currentLesson;
/**
* Constructor for the WebSession object
@ -79,16 +79,16 @@ public class WebSession {
*
* @param lesson current lesson
*/
public void setCurrentLesson(AbstractLesson lesson) {
public void setCurrentLesson(Lesson lesson) {
this.currentLesson = lesson;
}
/**
* <p> getCurrentLesson. </p>
*
* @return a {@link org.owasp.webgoat.lessons.AbstractLesson} object.
* @return a {@link Lesson} object.
*/
public AbstractLesson getCurrentLesson() {
public Lesson getCurrentLesson() {
return this.currentLesson;
}

7
webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java
View File

@ -1,10 +1,9 @@
package org.owasp.webgoat.users;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import lombok.Getter;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Assignment;
import javax.persistence.*;
@ -64,9 +63,9 @@ public class LessonTracker {
//JPA
}
public LessonTracker(AbstractLesson lesson) {
public LessonTracker(Lesson lesson) {
lessonName = lesson.getId();
allAssignments.addAll(lesson.getAssignments());
allAssignments.addAll(lesson.getAssignments() == null ? List.of() : lesson.getAssignments());
}
public Optional<Assignment> getAssignment(String name) {

12
webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java
View File

@ -1,14 +1,12 @@
package org.owasp.webgoat.users;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Assignment;
import javax.persistence.*;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
@ -69,7 +67,7 @@ public class UserTracker {
* @param lesson the lesson
* @return a lesson tracker created if not already present
*/
public LessonTracker getLessonTracker(AbstractLesson lesson) {
public LessonTracker getLessonTracker(Lesson lesson) {
Optional<LessonTracker> lessonTracker = lessonTrackers
.stream().filter(l -> l.getLessonName().equals(lesson.getId())).findFirst();
if (!lessonTracker.isPresent()) {
@ -91,18 +89,18 @@ public class UserTracker {
return lessonTrackers.stream().filter(l -> l.getLessonName().equals(id)).findFirst();
}
public void assignmentSolved(AbstractLesson lesson, String assignmentName) {
public void assignmentSolved(Lesson lesson, String assignmentName) {
LessonTracker lessonTracker = getLessonTracker(lesson);
lessonTracker.incrementAttempts();
lessonTracker.assignmentSolved(assignmentName);
}
public void assignmentFailed(AbstractLesson lesson) {
public void assignmentFailed(Lesson lesson) {
LessonTracker lessonTracker = getLessonTracker(lesson);
lessonTracker.incrementAttempts();
}
public void reset(AbstractLesson al) {
public void reset(Lesson al) {
LessonTracker lessonTracker = getLessonTracker(al);
lessonTracker.reset();
}