dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

All successful

Browse Source
This commit is contained in:
Nanne Baars
2019-09-20 07:59:04 +02:00
parent d7a2596670
commit e8d086ac9b
93 changed files with 293 additions and 1110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AccountVerificationHelper.java
View File

@ -31,7 +31,7 @@ import java.util.Map;
public class AccountVerificationHelper {
//simulating database storage of verification credentials
private static final Integer verifyUserId = new Integer(1223445);
private static final Integer verifyUserId = 1223445;
private static final Map<String,String> userSecQuestions = new HashMap<>();
static {
userSecQuestions.put("secQuestion0","Dr. Watson");

17
webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AuthBypass.java
View File

@ -22,31 +22,18 @@
package org.owasp.webgoat.auth_bypass;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
@Component
public class AuthBypass extends NewLesson {
public class AuthBypass extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.AUTHENTICATION;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 30;
}
@Override
public String getTitle() {
return "auth-bypass.title";

17
webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictions.java
View File

@ -22,30 +22,17 @@
package org.owasp.webgoat.bypass_restrictions;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
@Component
public class BypassRestrictions extends NewLesson {
public class BypassRestrictions extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.CLIENT_SIDE;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 2;
}
@Override
public String getTitle() {
return "bypass-restrictions.title";

6
webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java
View File

@ -4,6 +4,7 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@ -20,9 +21,12 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class)
public class BypassRestrictionsFrontendValidationTest extends LessonTest {
@Autowired
private BypassRestrictions bypassRestrictions;
@Before
public void setup() {
when(webSession.getCurrentLesson()).thenReturn(new BypassRestrictions());
when(webSession.getCurrentLesson()).thenReturn(bypassRestrictions);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}

17
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/ChallengeIntro.java
View File

@ -1,32 +1,19 @@
package org.owasp.webgoat.challenges;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import java.util.List;
import org.owasp.webgoat.lessons.Lesson;
/**
* @author nbaars
* @since 3/21/17.
*/
public class ChallengeIntro extends NewLesson {
public class ChallengeIntro extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.CHALLENGE;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override
public String getTitle() {
return "challenge0.title";

17
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Challenge1.java
View File

@ -1,34 +1,21 @@
package org.owasp.webgoat.challenges.challenge1;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* @author nbaars
* @since 3/21/17.
*/
@Component
public class Challenge1 extends NewLesson {
public class Challenge1 extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.CHALLENGE;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override
public String getTitle() {
return "challenge1.title";

17
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Challenge5.java
View File

@ -22,35 +22,22 @@
package org.owasp.webgoat.challenges.challenge5;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* @author nbaars
* @since 3/21/17.
*/
@Component
public class Challenge5 extends NewLesson {
public class Challenge5 extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.CHALLENGE;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override
public String getTitle() {
return "challenge5.title";

17
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge6/Challenge6.java
View File

@ -1,34 +1,21 @@
package org.owasp.webgoat.challenges.challenge6;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* @author nbaars
* @since 3/21/17.
*/
@Component
public class Challenge6 extends NewLesson {
public class Challenge6 extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.CHALLENGE;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override
public String getTitle() {
return "challenge6.title";

17
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Challenge7.java
View File

@ -1,34 +1,21 @@
package org.owasp.webgoat.challenges.challenge7;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* @author nbaars
* @since 3/21/17.
*/
@Component
public class Challenge7 extends NewLesson {
public class Challenge7 extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.CHALLENGE;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override
public String getTitle() {
return "challenge7.title";

17
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge8/Challenge8.java
View File

@ -1,34 +1,21 @@
package org.owasp.webgoat.challenges.challenge8;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* @author nbaars
* @since 3/21/17.
*/
@Component
public class Challenge8 extends NewLesson {
public class Challenge8 extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.CHALLENGE;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override
public String getTitle() {
return "challenge8.title";

17
webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevTools.java
View File

@ -22,35 +22,22 @@
package org.owasp.webgoat.chrome_dev_tools;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* @author TMelzer
* @since 30.11.18
*/
@Component
public class ChromeDevTools extends NewLesson {
public class ChromeDevTools extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.GENERAL;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 4;
}
@Override
public String getTitle() {
return "chrome-dev-tools.title";

7
webgoat-lessons/chrome-dev-tools/src/test/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevToolsTest.java
View File

@ -17,6 +17,7 @@ import static org.hamcrest.CoreMatchers.is;
import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
/**
* @author Benedikt Stuhrmann
* @since 13/03/19.
@ -25,18 +26,16 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
public class ChromeDevToolsTest extends LessonTest {
@Autowired
private WebgoatContext context;
private ChromeDevTools cdt;
@Before
public void setup() {
ChromeDevTools cdt = new ChromeDevTools();
when(webSession.getCurrentLesson()).thenReturn(cdt);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
@Test
public void NetworkAssignmentTest_Success() throws Exception{
public void NetworkAssignmentTest_Success() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/ChromeDevTools/network")
.param("network_num", "123456")
.param("number", "123456"))

19
webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIA.java
View File

@ -1,34 +1,21 @@
package org.owasp.webgoat.cia;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* @author BenediktStuhrmann
* @since 11/2/18.
*/
@Component
public class CIA extends NewLesson {
public class CIA extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.GENERAL;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 3;
}
@Override
public String getTitle() {
return "cia.title";
@ -38,4 +25,4 @@ public class CIA extends NewLesson {
public String getId() {
return "CIA";
}
}
}

4
webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java
View File

@ -24,13 +24,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
public class CIAQuizTest extends LessonTest {
@Autowired
private WebgoatContext context;
private CIA cia;
@Before
public void setup() {
CIA cia = new CIA();
when(webSession.getCurrentLesson()).thenReturn(cia);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}

19
webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFiltering.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.client_side_filtering;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,25 +34,13 @@ import java.util.List;
* @since October 12, 2016
*/
@Component
public class ClientSideFiltering extends NewLesson {
public class ClientSideFiltering extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.CLIENT_SIDE;
}
@Override
public List<String> getHints() {
return Lists.newArrayList("Many sites attempt to restrict access to resources by role.",
"Developers frequently make mistakes implementing this scheme.",
"Attempt combinations of users, roles, and resources.");
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override
public String getTitle() {
return "client.side.filtering.title";

6
webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringFreeAssignmentTest.java
View File

@ -5,6 +5,7 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@ -21,14 +22,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class)
public class ClientSideFilteringFreeAssignmentTest extends LessonTest {
private MockMvc mockMvc;
@Autowired
private ClientSideFiltering clientSideFiltering;
@Before
public void setup() {
ClientSideFiltering clientSideFiltering = new ClientSideFiltering();
when(webSession.getCurrentLesson()).thenReturn(clientSideFiltering);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
}
@Test

4
webgoat-lessons/command-injection/src/main/java/org/owasp/webgoat/plugin/CommandInjection.java
View File

@ -2,7 +2,7 @@ package org.owasp.webgoat.plugin;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.AbstractLesson;
import java.util.List;
@ -35,7 +35,7 @@ import java.util.List;
* @version $Id: $Id
* @since October 12, 2016
*/
public class HttpProxies extends NewLesson {
public class HttpProxies extends AbstractLesson {
@Override
public Category getDefaultCategory() {
return Category.GENERAL;

18
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScripting.java
View File

@ -23,30 +23,16 @@
package org.owasp.webgoat.xss;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component
public class CrossSiteScripting extends NewLesson {
public class CrossSiteScripting extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.XSS;
}
@Override
public List<String> getHints() {
List<String> hints = new ArrayList<String>();
return hints;
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override
public String getTitle() {
return "xss.title";

18
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingMitigation.java
View File

@ -23,28 +23,14 @@
package org.owasp.webgoat.xss;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import java.util.ArrayList;
import java.util.List;
public class CrossSiteScriptingMitigation extends NewLesson {
public class CrossSiteScriptingMitigation extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.XSS;
}
@Override
public List<String> getHints() {
List<String> hints = new ArrayList<String>();
return hints;
}
@Override
public Integer getDefaultRanking() {
return 3;
}
@Override
public String getTitle() {
return "xss-mitigation.title";

18
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingStored.java
View File

@ -23,28 +23,14 @@
package org.owasp.webgoat.xss;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import java.util.ArrayList;
import java.util.List;
public class CrossSiteScriptingStored extends NewLesson {
public class CrossSiteScriptingStored extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.XSS;
}
@Override
public List<String> getHints() {
List<String> hints = new ArrayList<String>();
return hints;
}
@Override
public Integer getDefaultRanking() {
return 2;
}
@Override
public String getTitle() {
return "xss-stored.title";

6
webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/DOMCrossSiteScriptingTest.java
View File

@ -28,10 +28,13 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.junit.MockitoJUnitRunner;
import org.owasp.webgoat.assignments.AssignmentEndpointTest;
import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.xss.DOMCrossSiteScripting;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import java.util.List;
import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@ -48,7 +51,8 @@ public class DOMCrossSiteScriptingTest extends AssignmentEndpointTest {
DOMCrossSiteScripting domXss = new DOMCrossSiteScripting();
init(domXss);
this.mockMvc = standaloneSetup(domXss).build();
when(webSession.getCurrentLesson()).thenReturn(new CrossSiteScripting());
CrossSiteScripting xss = new CrossSiteScripting();
when(webSession.getCurrentLesson()).thenReturn(xss);
when(userSessionData.getValue("randValue")).thenReturn(randVal);
}

4
webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/StoredXssCommentsTest.java
View File

@ -26,16 +26,14 @@ import org.hamcrest.CoreMatchers;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.runners.MockitoJUnitRunner;
import org.mockito.junit.MockitoJUnitRunner;
import org.owasp.webgoat.assignments.AssignmentEndpointTest;
import org.owasp.webgoat.xss.StoredXssComments;
import org.springframework.http.MediaType;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
import org.springframework.test.web.servlet.ResultActions;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;

14
webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRF.java
View File

@ -24,7 +24,7 @@ package org.owasp.webgoat.csrf;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
@ -33,22 +33,12 @@ import java.util.List;
* Created by jason on 9/29/17.
*/
@Component
public class CSRF extends NewLesson {
public class CSRF extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.REQUEST_FORGERIES;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override
public String getTitle() { return "csrf.title"; }

7
webgoat-lessons/csrf/src/test/java/org/owasp/webgoat/csrf/CSRFFeedbackTest.java
View File

@ -27,6 +27,7 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@ -46,13 +47,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class)
public class CSRFFeedbackTest extends LessonTest {
@Autowired
private CSRF csrf;
@Before
public void setup() {
CSRF csrf = new CSRF();
when(webSession.getCurrentLesson()).thenReturn(csrf);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
when(webSession.getCurrentLesson()).thenReturn(new CSRF());
}
@Test

17
webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTampering.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.html_tampering;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,22 +34,12 @@ import java.util.List;
* @since October 12, 2016
*/
@Component
public class HtmlTampering extends NewLesson {
public class HtmlTampering extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.CLIENT_SIDE;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 3;
}
@Override
public String getTitle() {
return "html-tampering.title";

17
webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasics.java
View File

@ -22,30 +22,17 @@
package org.owasp.webgoat.http_basics;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
@Component
public class HttpBasics extends NewLesson {
public class HttpBasics extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.GENERAL;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override
public String getTitle() {
return "http-basics.title";

17
webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpProxies.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.http_proxies;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,22 +34,12 @@ import java.util.List;
* @since October 12, 2016
*/
@Component
public class HttpProxies extends NewLesson {
public class HttpProxies extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.GENERAL;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 2;
}
@Override
public String getTitle() {
return "http-proxies.title";

17
webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOR.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.idor;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,23 +34,13 @@ import java.util.List;
* @since January 3, 2017
*/
@Component
public class IDOR extends NewLesson {
public class IDOR extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.ACCESS_CONTROL;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 20;
}
@Override
public String getTitle() {
return "idor.title";

17
webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserialization.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.deserialization;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,22 +34,12 @@ import java.util.List;
* @since October 12, 2016
*/
@Component
public class InsecureDeserialization extends NewLesson {
public class InsecureDeserialization extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INSECURE_DESERIALIZATION;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override
public String getTitle() {
return "insecure-deserialization.title";

17
webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLogin.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.insecure_login;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,22 +34,12 @@ import java.util.List;
* @since October 12, 2016
*/
@Component
public class InsecureLogin extends NewLesson {
public class InsecureLogin extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INSECURE_COMMUNICATION;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override
public String getTitle() {
return "insecure-login.title";

17
webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWT.java
View File

@ -22,35 +22,22 @@
package org.owasp.webgoat.jwt;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* @author nbaars
* @since 3/22/17.
*/
@Component
public class JWT extends NewLesson {
public class JWT extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.AUTHENTICATION;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 40;
}
@Override
public String getTitle() {
return "jwt.title";

7
webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java
View File

@ -7,6 +7,8 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.core.AutoConfigureCache;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@ -25,12 +27,13 @@ public class JWTFinalEndpointTest extends LessonTest {
private static final String TOKEN_JERRY = "eyJraWQiOiJ3ZWJnb2F0X2tleSIsImFsZyI6IkhTNTEyIn0.eyJhdWQiOiJ3ZWJnb2F0Lm9yZyIsImVtYWlsIjoiamVycnlAd2ViZ29hdC5jb20iLCJ1c2VybmFtZSI6IkplcnJ5In0.xBc5FFwaOcuxjdr_VJ16n8Jb7vScuaZulNTl66F2MWF1aBe47QsUosvbjWGORNcMPiPNwnMu1Yb0WZVNrp2ZXA";
@Autowired
private JWT jwt;
@Before
public void setup() {
JWT jwt = new JWT();
when(webSession.getCurrentLesson()).thenReturn(jwt);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
}
@Test

5
webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java
View File

@ -29,6 +29,7 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.MvcResult;
@ -46,9 +47,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class)
public class JWTRefreshEndpointTest extends LessonTest {
@Autowired
private JWT jwt;
@Before
public void setup() {
JWT jwt = new JWT();
when(webSession.getCurrentLesson()).thenReturn(jwt);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");

5
webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java
View File

@ -29,6 +29,7 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@ -47,9 +48,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class)
public class JWTSecretKeyEndpointTest extends LessonTest {
@Autowired
private JWT jwt;
@Before
public void setup() {
JWT jwt = new JWT();
when(webSession.getCurrentLesson()).thenReturn(jwt);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");

5
webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java
View File

@ -30,6 +30,7 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.MvcResult;
@ -53,9 +54,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class)
public class JWTVotesEndpointTest extends LessonTest {
@Autowired
private JWT jwt;
@Before
public void setup() {
JWT jwt = new JWT();
when(webSession.getCurrentLesson()).thenReturn(jwt);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");

17
webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionAC.java
View File

@ -22,31 +22,18 @@
package org.owasp.webgoat.missing_ac;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
@Component
public class MissingFunctionAC extends NewLesson {
public class MissingFunctionAC extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.ACCESS_CONTROL;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 40;
}
@Override
public String getTitle() {
return "missing-function-access-control.title";

1
webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionYourHashTest.java
View File

@ -36,7 +36,6 @@ import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

17
webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/PasswordReset.java
View File

@ -23,29 +23,16 @@
package org.owasp.webgoat.password_reset;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component
public class PasswordReset extends NewLesson {
public class PasswordReset extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.AUTHENTICATION;
}
@Override
public List<String> getHints() {
return new ArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override
public String getTitle() {
return "password-reset.title";

7
webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java
View File

@ -6,6 +6,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mockito;
import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@ -17,10 +18,12 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class)
public class SecurityQuestionAssignmentTest extends LessonTest {
@Autowired
private PasswordReset passwordReset;
@Before
public void setup() {
PasswordReset assignment = new PasswordReset();
Mockito.when(webSession.getCurrentLesson()).thenReturn(assignment);
Mockito.when(webSession.getCurrentLesson()).thenReturn(passwordReset);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
Mockito.when(webSession.getUserName()).thenReturn("unit-test");
}

17
webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswords.java
View File

@ -22,35 +22,22 @@
package org.owasp.webgoat.secure_password;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* @author BenediktStuhrmann
* @since 12/2/18.
*/
@Component
public class SecurePasswords extends NewLesson {
public class SecurePasswords extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.AUTHENTICATION;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 3;
}
@Override
public String getTitle() {
return "secure-passwords.title";

17
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionAdvanced.java
View File

@ -23,29 +23,16 @@
package org.owasp.webgoat.sql_injection.advanced;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component
public class SqlInjectionAdvanced extends NewLesson {
public class SqlInjectionAdvanced extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INJECTION;
}
@Override
public List<String> getHints() {
return new ArrayList<>();
}
@Override
public Integer getDefaultRanking() {
return 2;
}
@Override
public String getTitle() {
return "sql.advanced.title";

24
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjection.java
View File

@ -22,37 +22,17 @@
package org.owasp.webgoat.sql_injection.introduction;
import java.util.ArrayList;
import java.util.List;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
@Component
public class SqlInjection extends NewLesson {
public class SqlInjection extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INJECTION;
}
@Override
public List<String> getHints() {
List<String> hints = new ArrayList<String>();
// hints.add(getLabelManager().get("SqlStringInjectionHint1"));
// hints.add(getLabelManager().get("SqlStringInjectionHint2"));
// hints.add(getLabelManager().get("SqlStringInjectionHint3"));
// hints.add(getLabelManager().get("SqlStringInjectionHint4"));
// hints.add(getLabelManager().get("SqlStringInjectionHint5"));
return hints;
}
@Override
public Integer getDefaultRanking() {
return 0;
}
@Override
public String getTitle() {
return "sql.injection.title";

17
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionMitigations.java
View File

@ -23,29 +23,16 @@
package org.owasp.webgoat.sql_injection.mitigation;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component
public class SqlInjectionMitigations extends NewLesson {
public class SqlInjectionMitigations extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INJECTION;
}
@Override
public List<String> getHints() {
return new ArrayList<>();
}
@Override
public Integer getDefaultRanking() {
return 3;
}
@Override
public String getTitle() {
return "sql.mitigation.title";

46
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/SqlLessonTest.java Normal file
View File

@ -0,0 +1,46 @@
/*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2019 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/
package org.owasp.webgoat.sql_injection;
import org.junit.Before;
import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.sql_injection.introduction.SqlInjection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import static org.mockito.Mockito.when;
public class SqlLessonTest extends LessonTest {
@Autowired
private SqlInjection sql = new SqlInjection();
@Before
public void setup() {
when(webSession.getCurrentLesson()).thenReturn(sql);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
}

14
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10Test.java
View File

@ -27,6 +27,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@ -42,21 +43,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 11/07/18.
*/
@RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson10Test extends LessonTest {
@Autowired
private WebgoatContext context;
public class SqlInjectionLesson10Test extends SqlLessonTest {
private String completedError = "JSON path \"lessonCompleted\"";
@Before
public void setup() {
SqlInjection sql = new SqlInjection();
when(webSession.getCurrentLesson()).thenReturn(sql);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
@Test
public void tableExistsIsFailure() throws Exception {
try {

14
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java
View File

@ -6,6 +6,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.owasp.webgoat.sql_injection.introduction.SqlInjection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@ -24,18 +25,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 5/21/17.
*/
@RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson5aTest extends LessonTest {
@Autowired
private WebgoatContext context;
@Before
public void setup() throws Exception {
SqlInjection sql = new SqlInjection();
when(webSession.getCurrentLesson()).thenReturn(sql);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
public class SqlInjectionLesson5aTest extends SqlLessonTest {
@Test
public void knownAccountShouldDisplayData() throws Exception {

9
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java
View File

@ -26,6 +26,7 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@ -41,13 +42,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 6/15/17.
*/
@RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson6aTest extends LessonTest {
@Before
public void setup() throws Exception {
when(webSession.getCurrentLesson()).thenReturn(new SqlInjection());
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
public class SqlInjectionLesson6aTest extends SqlLessonTest {
@Test
public void wrongSolution() throws Exception {

9
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6bTest.java
View File

@ -26,6 +26,7 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.owasp.webgoat.sql_injection.introduction.SqlInjection;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@ -41,13 +42,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 6/16/17.
*/
@RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson6bTest extends LessonTest {
@Before
public void setup() throws Exception {
when(webSession.getCurrentLesson()).thenReturn(new SqlInjection());
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
public class SqlInjectionLesson6bTest extends SqlLessonTest {
@Test
public void submitCorrectPassword() throws Exception {

14
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java
View File

@ -27,6 +27,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.owasp.webgoat.sql_injection.introduction.SqlInjection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@ -44,18 +45,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 11/07/18.
*/
@RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson8Test extends LessonTest {
@Autowired
private WebgoatContext context;
@Before
public void setup() {
SqlInjection sql = new SqlInjection();
when(webSession.getCurrentLesson()).thenReturn(sql);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
public class SqlInjectionLesson8Test extends SqlLessonTest {
@Test
public void oneAccount() throws Exception {

14
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java
View File

@ -27,6 +27,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@ -43,21 +44,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 11/07/18.
*/
@RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson9Test extends LessonTest {
@Autowired
private WebgoatContext context;
public class SqlInjectionLesson9Test extends SqlLessonTest {
private String completedError = "JSON path \"lessonCompleted\"";
@Before
public void setup() {
SqlInjection sql = new SqlInjection();
when(webSession.getCurrentLesson()).thenReturn(sql);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
@Test
public void oneAccount() throws Exception {
try {

15
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson12aTest.java
View File

@ -3,6 +3,7 @@ package org.owasp.webgoat.sql_injection.mitigation;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.owasp.webgoat.sql_injection.introduction.SqlInjection;
import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.session.WebgoatContext;
@ -21,19 +22,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 5/21/17.
*/
@RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson12aTest extends LessonTest {
@Autowired
private WebgoatContext context;
@Before
public void setup() {
SqlInjection sql = new SqlInjection();
when(webSession.getCurrentLesson()).thenReturn(sql);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
public class SqlInjectionLesson12aTest extends SqlLessonTest {
@Test
public void knownAccountShouldDisplayData() throws Exception {

17
webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRF.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.ssrf;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,22 +34,12 @@ import java.util.List;
* @since October 12, 2016
*/
@Component
public class SSRF extends NewLesson {
public class SSRF extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.REQUEST_FORGERIES;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 2;
}
@Override
public String getTitle() {
return "ssrf.title";

4
webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java
View File

@ -4,6 +4,7 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
@ -21,10 +22,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class)
public class SSRFTest1 extends LessonTest {
@Autowired
private SSRF ssrf;
@Before
public void setup() throws Exception {
SSRF ssrf = new SSRF();
when(webSession.getCurrentLesson()).thenReturn(ssrf);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}

4
webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java
View File

@ -26,6 +26,7 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
@ -43,10 +44,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class)
public class SSRFTest2 extends LessonTest {
@Autowired
private SSRF ssrf;
@Before
public void setup() throws Exception {
SSRF ssrf = new SSRF();
when(webSession.getCurrentLesson()).thenReturn(ssrf);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}

17
webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponents.java
View File

@ -23,29 +23,16 @@
package org.owasp.webgoat.vulnerable_components;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component
public class VulnerableComponents extends NewLesson {
public class VulnerableComponents extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.VULNERABLE_COMPONENTS;
}
@Override
public List<String> getHints() {
return new ArrayList();
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override
public String getTitle() {
return "vulnerable-components.title";

17
webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/introduction/WebGoatIntroduction.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.introduction;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,22 +34,12 @@ import java.util.List;
* @since October 12, 2016
*/
@Component
public class WebGoatIntroduction extends NewLesson {
public class WebGoatIntroduction extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INTRODUCTION;
}
@Override
public List<String> getHints() {
return new ArrayList();
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override
public String getTitle() {
return "webgoat.title";

17
webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/LessonTemplate.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.template;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.List;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,23 +34,13 @@ import java.util.List;
* @since January 3, 2017
*/
@Component
public class LessonTemplate extends NewLesson {
public class LessonTemplate extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.GENERAL;
}
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 30;
}
@Override
public String getTitle() {
return "lesson-template.title";

2
webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-attack.adoc
View File

@ -5,7 +5,7 @@ Each lesson can contain multiple assignments, first let's define a lesson class
[source]
----
@Component
public class LessonTemplate extends NewLesson {
public class LessonTemplate extends AbstractLesson {
@Override
public Category getDefaultCategory() {
return Category.GENERAL;

17
webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/WebWolfIntroduction.java
View File

@ -23,29 +23,16 @@
package org.owasp.webgoat.webwolf_introduction;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component
public class WebWolfIntroduction extends NewLesson {
public class WebWolfIntroduction extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.INTRODUCTION;
}
@Override
public List<String> getHints() {
return new ArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override
public String getTitle() {
return "webwolf.title";

21
webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/XXE.java
View File

@ -23,34 +23,17 @@
package org.owasp.webgoat.xxe;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component
public class XXE extends NewLesson {
public class XXE extends Lesson {
@Override
public Category getDefaultCategory() {
return Category.XXE;
}
@Override
public List<String> getHints() {
List<String> hints = new ArrayList<String>();
hints.add("Try submitting the form and see what happens");
hints.add("XXE stands for XML External Entity attack");
hints.add("Try to include your own DTD");
return hints;
}
@Override
public Integer getDefaultRanking() {
return 4;
}
@Override
public String getTitle() {
return "xxe.title";

6
webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java
View File

@ -34,6 +34,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class)
public class BlindSendFileAssignmentTest extends LessonTest {
@Autowired
private XXE xxe;
@Autowired
private Comments comments;
@Value("${webgoat.user.directory}")
@ -45,11 +47,9 @@ public class BlindSendFileAssignmentTest extends LessonTest {
public WireMockRule webwolfServer = new WireMockRule(wireMockConfig().dynamicPort());
@Before
public void setup() throws Exception {
XXE xxe = new XXE();
public void setup() {
when(webSession.getCurrentLesson()).thenReturn(xxe);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
port = webwolfServer.port();
}

6
webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java
View File

@ -47,15 +47,15 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class)
public class ContentTypeAssignmentTest extends LessonTest {
@Autowired
private XXE xxe;
@Autowired
private Comments comments;
@Before
public void setup() throws Exception {
XXE xxe = new XXE();
public void setup() {
when(webSession.getCurrentLesson()).thenReturn(xxe);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
}
@Test

8
webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java
View File

@ -28,6 +28,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.xxe.XXE;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@ -43,12 +44,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class)
public class SimpleXXETest extends LessonTest {
@Autowired
private XXE xxe;
@Before
public void setup() throws Exception {
XXE xxe = new XXE();
public void setup() {
when(webSession.getCurrentLesson()).thenReturn(xxe);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
}
@Test