dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

All successful

Browse Source
This commit is contained in:
Nanne Baars 2019-09-20 07:59:04 +02:00
parent d7a2596670
commit e8d086ac9b
93 changed files with 293 additions and 1110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java
View File

@ -30,7 +30,7 @@
*/ */
package org.owasp.webgoat.controller; package org.owasp.webgoat.controller;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.session.Course; import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContext;
@ -79,8 +79,8 @@ public class StartLesson {
//GrantedAuthority authority = context.getAuthentication().getAuthorities().iterator().next(); //GrantedAuthority authority = context.getAuthentication().getAuthorities().iterator().next();
String path = request.getRequestURL().toString(); // we now got /a/b/c/AccessControlMatrix.lesson String path = request.getRequestURL().toString(); // we now got /a/b/c/AccessControlMatrix.lesson
String lessonName = path.substring(path.lastIndexOf('/') + 1, path.indexOf(".lesson")); String lessonName = path.substring(path.lastIndexOf('/') + 1, path.indexOf(".lesson"));
List<? extends AbstractLesson> lessons = course.getLessons(); List<? extends Lesson> lessons = course.getLessons();
Optional<? extends AbstractLesson> lesson = lessons.stream() Optional<? extends Lesson> lesson = lessons.stream()
.filter(l -> l.getId().equals(lessonName)) .filter(l -> l.getId().equals(lessonName))
.findFirst(); .findFirst();
ws.setCurrentLesson(lesson.get()); ws.setCurrentLesson(lesson.get());

8
webgoat-container/src/main/java/org/owasp/webgoat/lessons/Hint.java
View File

@ -26,8 +26,7 @@
*/ */
package org.owasp.webgoat.lessons; package org.owasp.webgoat.lessons;
import lombok.Getter; import lombok.Value;
import lombok.Setter;
/** /**
* <p>Hint class.</p> * <p>Hint class.</p>
@ -35,12 +34,9 @@ import lombok.Setter;
* @author rlawson * @author rlawson
* @version $Id: $Id * @version $Id: $Id
*/ */
@Getter @Value
@Setter
public class Hint { public class Hint {
private String hint; private String hint;
private String lesson;
private String assignmentPath; private String assignmentPath;
private int number;
} }

145
webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java → webgoat-container/src/main/java/org/owasp/webgoat/lessons/Lesson.java
View File

@ -1,63 +1,45 @@
package org.owasp.webgoat.lessons; /*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
import com.google.common.collect.Lists; *
import lombok.Setter; * Copyright (c) 2002 - 2019 Bruce Mayhew
import org.owasp.webgoat.session.Screen; *
import java.util.List;
/**
* ************************************************************************************************
* <p>
* <p>
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the * This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the * GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version. * License, or (at your option) any later version.
* <p> *
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* <p> *
* You should have received a copy of the GNU General Public License along with this program; if * You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA. * 02111-1307, USA.
* <p>
* Getting Source ==============
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
* *
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a> * Getting Source ==============
* @version $Id: $Id *
* @since October 28, 2003 * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
public abstract class AbstractLesson extends Screen implements Comparable<Object> {
package org.owasp.webgoat.lessons;
import lombok.Getter;
import lombok.Setter;
import lombok.Singular;
import java.util.List;
@Getter
@Setter
public abstract class Lesson {
private static int count = 1; private static int count = 1;
private Integer id = null; private Integer id = null;
private Integer ranking;
@Setter
private List<Assignment> assignments; private List<Assignment> assignments;
public List<Assignment> getAssignments() {
if (assignments == null) {
return Lists.newArrayList();
}
return assignments;
}
/** /**
* Constructor for the Lesson object * Constructor for the Lesson object
*/ */
public AbstractLesson() { public Lesson() {
id = ++count; id = ++count;
} }
@ -72,34 +54,6 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
return className.substring(className.lastIndexOf('.') + 1); return className.substring(className.lastIndexOf('.') + 1);
} }
/**
* <p>Setter for the field <code>ranking</code>.</p>
*
* @param ranking a {@link java.lang.Integer} object.
*/
public void setRanking(Integer ranking) {
this.ranking = ranking;
}
/**
* {@inheritDoc}
* <p>
* Description of the Method
*/
public int compareTo(Object obj) {
return this.getRanking().compareTo(((AbstractLesson) obj).getRanking());
}
/**
* {@inheritDoc}
* <p>
* Description of the Method
*/
public boolean equals(Object obj) {
return this.getScreenId() == ((AbstractLesson) obj).getScreenId();
}
/** /**
* Gets the category attribute of the Lesson object * Gets the category attribute of the Lesson object
* *
@ -109,13 +63,6 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
return getDefaultCategory(); return getDefaultCategory();
} }
/**
* <p>getDefaultRanking.</p>
*
* @return a {@link java.lang.Integer} object.
*/
protected abstract Integer getDefaultRanking();
/** /**
* <p>getDefaultCategory.</p> * <p>getDefaultCategory.</p>
* *
@ -123,29 +70,6 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
*/ */
protected abstract Category getDefaultCategory(); protected abstract Category getDefaultCategory();
/**
* <p>getDefaultHidden.</p>
*
* @return a boolean.
*/
protected abstract boolean getDefaultHidden();
/**
* Gets the hintCount attribute of the Lesson object
*
* @return The hintCount value
*/
public int getHintCount() {
return getHints().size();
}
/**
* <p>getHints.</p>
*
* @return a {@link java.util.List} object.
*/
public abstract List<String> getHints();
/** /**
* Gets the title attribute of the HelloScreen object * Gets the title attribute of the HelloScreen object
* *
@ -153,28 +77,6 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
*/ */
public abstract String getTitle(); public abstract String getTitle();
/**
* Gets the ranking attribute of the Lesson object
*
* @return The ranking value
*/
public Integer getRanking() {
if (ranking != null) {
return ranking;
} else {
return getDefaultRanking();
}
}
/**
* Gets the uniqueID attribute of the AbstractLesson object
*
* @return The uniqueID value
*/
public int getScreenId() {
return id.intValue();
}
/** /**
* <p>Returns the default "path" portion of a lesson's URL.</p> * <p>Returns the default "path" portion of a lesson's URL.</p>
* <p> * <p>
@ -218,5 +120,4 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
} }
public abstract String getId(); public abstract String getId();
} }

86
webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
View File

@ -1,86 +0,0 @@
/**
*************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @since October 28, 2003
* @version $Id: $Id
*/
package org.owasp.webgoat.lessons;
//// TODO: 11/8/2016 remove
public abstract class LessonAdapter extends AbstractLesson {
/**
* <p>getDefaultHidden.</p>
*
* @return a boolean.
*/
protected boolean getDefaultHidden() {
return false;
}
/**
* Initiates lesson restart functionality. Lessons should override this for
* lesson specific actions
*/
public void restartLesson() {
// Do Nothing - called when restart lesson is pressed. Each lesson can do something
}
private final static Integer DEFAULT_RANKING = 1000;
/**
* <p>getDefaultRanking.</p>
*
* @return a {@link java.lang.Integer} object.
*/
protected Integer getDefaultRanking() {
return DEFAULT_RANKING;
}
/**
* provide a default submitMethod of lesson does not implement
*
* @return a {@link java.lang.String} object.
*/
public String getSubmitMethod() {
return "GET";
}
/**
* Fill in a descriptive title for this lesson. The title of the lesson.
* This will appear above the control area at the top of the page. This
* field will be rendered as html.
*
* @return The title value
*/
public String getTitle() {
return "Untitled Lesson " + getScreenId();
}
}

10
webgoat-container/src/main/java/org/owasp/webgoat/plugins/CourseConfiguration.java
View File

@ -27,9 +27,8 @@ import org.apache.commons.lang3.ArrayUtils;
import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentHints; import org.owasp.webgoat.assignments.AssignmentHints;
import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.lessons.NewLesson;
import org.owasp.webgoat.session.Course; import org.owasp.webgoat.session.Course;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
@ -40,7 +39,6 @@ import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -51,11 +49,11 @@ import static java.util.stream.Collectors.toList;
@Configuration @Configuration
public class CourseConfiguration { public class CourseConfiguration {
private final List<NewLesson> lessons; private final List<Lesson> lessons;
private final List<AssignmentEndpoint> assignments; private final List<AssignmentEndpoint> assignments;
private final Map<String, List<AssignmentEndpoint>> assignmentsByPackage; private final Map<String, List<AssignmentEndpoint>> assignmentsByPackage;
public CourseConfiguration(List<NewLesson> lessons, List<AssignmentEndpoint> assignments) { public CourseConfiguration(List<Lesson> lessons, List<AssignmentEndpoint> assignments) {
this.lessons = lessons; this.lessons = lessons;
this.assignments = assignments; this.assignments = assignments;
assignmentsByPackage = this.assignments.stream().collect(groupingBy(a -> a.getClass().getPackageName())); assignmentsByPackage = this.assignments.stream().collect(groupingBy(a -> a.getClass().getPackageName()));
@ -67,7 +65,7 @@ public class CourseConfiguration {
return new Course(lessons); return new Course(lessons);
} }
private List<Assignment> createAssignment(AbstractLesson lesson) { private List<Assignment> createAssignment(Lesson lesson) {
var endpoints = assignmentsByPackage.get(lesson.getClass().getPackageName()); var endpoints = assignmentsByPackage.get(lesson.getClass().getPackageName());
if (CollectionUtils.isEmpty(endpoints)) { if (CollectionUtils.isEmpty(endpoints)) {
log.warn("Lesson: {} has no endpoints, is this intentionally?", lesson.getTitle()); log.warn("Lesson: {} has no endpoints, is this intentionally?", lesson.getTitle());

32
webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginResource.java
View File

@ -1,32 +0,0 @@
package org.owasp.webgoat.plugins;
import lombok.AllArgsConstructor;
import lombok.Getter;
import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.lessons.NewLesson;
import java.net.URL;
import java.util.List;
import java.util.stream.Collectors;
@AllArgsConstructor
@Getter
public class PluginResource {
private final URL location;
private final List<Class> classes;
public List<Class> getLessons() {
return classes.stream().filter(c -> c.getSuperclass() == NewLesson.class).collect(Collectors.toList());
}
public List<Class<AssignmentEndpoint>> getAssignments(Class lesson) {
return classes.stream().
filter(c -> c.getSuperclass() == AssignmentEndpoint.class).
filter(c -> c.getPackage().equals(lesson.getPackage())).
map(c -> (Class<AssignmentEndpoint>) c).
collect(Collectors.toList());
}
}

47
webgoat-container/src/main/java/org/owasp/webgoat/service/HintService.java
View File

@ -5,10 +5,9 @@
*/ */
package org.owasp.webgoat.service; package org.owasp.webgoat.service;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.lessons.Hint; import org.owasp.webgoat.lessons.Hint;
import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
@ -41,42 +40,22 @@ public class HintService {
*/ */
@GetMapping(path = URL_HINTS_MVC, produces = "application/json") @GetMapping(path = URL_HINTS_MVC, produces = "application/json")
@ResponseBody @ResponseBody
public List<Hint> showHint() { public List<Hint> getHints() {
AbstractLesson l = webSession.getCurrentLesson(); Lesson l = webSession.getCurrentLesson();
List<Hint> hints = createLessonHints(l); return createAssignmentHints(l);
hints.addAll(createAssignmentHints(l));
return hints;
} }
private List<Hint> createLessonHints(AbstractLesson l) { private List<Hint> createAssignmentHints(Lesson l) {
if ( l != null ) { if (l != null) {
return l.getHints().stream().map(h -> createHint(h, l.getName(), null)).collect(toList()); return l.getAssignments().stream()
.map(a -> createHint(a))
.flatMap(hints -> hints.stream())
.collect(toList());
} }
return Lists.newArrayList(); return List.of();
} }
private List<Hint> createAssignmentHints(AbstractLesson l) { private List<Hint> createHint(Assignment a) {
List<Hint> hints = Lists.newArrayList(); return a.getHints().stream().map(h -> new Hint(h, a.getPath())).collect(toList());
if ( l != null) {
List<Assignment> assignments = l.getAssignments();
assignments.stream().forEach(a -> { a.getHints(); createHints(a, hints);});
}
return hints;
}
private void createHints(Assignment a, List<Hint> hints) {
hints.addAll(a.getHints().stream().map(h -> createHint(h, null, a.getPath())).collect(toList()));
}
private Hint createHint(String hintText, String lesson, String assignmentName) {
Hint hint = new Hint();
hint.setHint(hintText);
if (lesson != null) {
hint.setLesson(lesson);
} else {
hint.setAssignmentPath(assignmentName);
}
return hint;
} }
} }

4
webgoat-container/src/main/java/org/owasp/webgoat/service/LessonInfoService.java
View File

@ -1,7 +1,7 @@
package org.owasp.webgoat.service; package org.owasp.webgoat.service;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.LessonInfoModel; import org.owasp.webgoat.lessons.LessonInfoModel;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
@ -29,7 +29,7 @@ public class LessonInfoService {
@RequestMapping(path = "/service/lessoninfo.mvc", produces = "application/json") @RequestMapping(path = "/service/lessoninfo.mvc", produces = "application/json")
public @ResponseBody public @ResponseBody
LessonInfoModel getLessonInfo() { LessonInfoModel getLessonInfo() {
AbstractLesson lesson = webSession.getCurrentLesson(); Lesson lesson = webSession.getCurrentLesson();
return new LessonInfoModel(lesson.getTitle(), false, false, false); return new LessonInfoModel(lesson.getTitle(), false, false, false);
} }

8
webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java
View File

@ -29,7 +29,7 @@
package org.owasp.webgoat.service; package org.owasp.webgoat.service;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonMenuItem; import org.owasp.webgoat.lessons.LessonMenuItem;
import org.owasp.webgoat.lessons.LessonMenuItemType; import org.owasp.webgoat.lessons.LessonMenuItemType;
@ -43,7 +43,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator; import java.util.Comparator;
import java.util.List; import java.util.List;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ -81,13 +80,12 @@ public class LessonMenuService {
categoryItem.setName(category.getName()); categoryItem.setName(category.getName());
categoryItem.setType(LessonMenuItemType.CATEGORY); categoryItem.setType(LessonMenuItemType.CATEGORY);
// check for any lessons for this category // check for any lessons for this category
List<AbstractLesson> lessons = course.getLessons(category); List<Lesson> lessons = course.getLessons(category);
lessons = lessons.stream().sorted(Comparator.comparing(l -> l.getTitle())).collect(Collectors.toList()); lessons = lessons.stream().sorted(Comparator.comparing(l -> l.getTitle())).collect(Collectors.toList());
for (AbstractLesson lesson : lessons) { for (Lesson lesson : lessons) {
LessonMenuItem lessonItem = new LessonMenuItem(); LessonMenuItem lessonItem = new LessonMenuItem();
lessonItem.setName(lesson.getTitle()); lessonItem.setName(lesson.getTitle());
lessonItem.setLink(lesson.getLink()); lessonItem.setLink(lesson.getLink());
lessonItem.setRanking(lesson.getRanking());
lessonItem.setType(LessonMenuItemType.LESSON); lessonItem.setType(LessonMenuItemType.LESSON);
LessonTracker lessonTracker = userTracker.getLessonTracker(lesson); LessonTracker lessonTracker = userTracker.getLessonTracker(lesson);
lessonItem.setComplete(lessonTracker.isLessonSolved()); lessonItem.setComplete(lessonTracker.isLessonSolved());

4
webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java
View File

@ -4,7 +4,7 @@ import com.google.common.collect.Lists;
import com.google.common.collect.Maps; import com.google.common.collect.Maps;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.Getter; import lombok.Getter;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.lessons.LessonInfoModel; import org.owasp.webgoat.lessons.LessonInfoModel;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
@ -66,7 +66,7 @@ public class LessonProgressService {
@ResponseBody @ResponseBody
public List<LessonOverview> lessonOverview() { public List<LessonOverview> lessonOverview() {
UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName()); UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());
AbstractLesson currentLesson = webSession.getCurrentLesson(); Lesson currentLesson = webSession.getCurrentLesson();
List<LessonOverview> result = Lists.newArrayList(); List<LessonOverview> result = Lists.newArrayList();
if ( currentLesson != null ) { if ( currentLesson != null ) {
LessonTracker lessonTracker = userTracker.getLessonTracker(currentLesson); LessonTracker lessonTracker = userTracker.getLessonTracker(currentLesson);

4
webgoat-container/src/main/java/org/owasp/webgoat/service/LessonTitleService.java
View File

@ -1,6 +1,6 @@
package org.owasp.webgoat.service; package org.owasp.webgoat.service;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
@ -31,7 +31,7 @@ public class LessonTitleService {
public public
@ResponseBody @ResponseBody
String showPlan() { String showPlan() {
AbstractLesson lesson = webSession.getCurrentLesson(); Lesson lesson = webSession.getCurrentLesson();
return lesson != null ? lesson.getTitle() : ""; return lesson != null ? lesson.getTitle() : "";
} }

4
webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java
View File

@ -33,7 +33,7 @@ import lombok.AllArgsConstructor;
import lombok.Getter; import lombok.Getter;
import lombok.Setter; import lombok.Setter;
import org.owasp.webgoat.i18n.PluginMessages; import org.owasp.webgoat.i18n.PluginMessages;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.session.Course; import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.users.LessonTracker; import org.owasp.webgoat.users.LessonTracker;
@ -73,7 +73,7 @@ public class ReportCardService {
reportCard.setTotalNumberOfAssignments(course.getTotalOfAssignments()); reportCard.setTotalNumberOfAssignments(course.getTotalOfAssignments());
reportCard.setNumberOfAssignmentsSolved(userTracker.numberOfAssignmentsSolved()); reportCard.setNumberOfAssignmentsSolved(userTracker.numberOfAssignmentsSolved());
reportCard.setNumberOfLessonsSolved(userTracker.numberOfLessonsSolved()); reportCard.setNumberOfLessonsSolved(userTracker.numberOfLessonsSolved());
for (AbstractLesson lesson : lessons) { for (Lesson lesson : lessons) {
LessonTracker lessonTracker = userTracker.getLessonTracker(lesson); LessonTracker lessonTracker = userTracker.getLessonTracker(lesson);
LessonStatistics lessonStatistics = new LessonStatistics(); LessonStatistics lessonStatistics = new LessonStatistics();
lessonStatistics.setName(pluginMessages.getMessage(lesson.getTitle())); lessonStatistics.setName(pluginMessages.getMessage(lesson.getTitle()));

4
webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java
View File

@ -25,7 +25,7 @@ package org.owasp.webgoat.service;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.users.UserTracker; import org.owasp.webgoat.users.UserTracker;
import org.owasp.webgoat.users.UserTrackerRepository; import org.owasp.webgoat.users.UserTrackerRepository;
@ -56,7 +56,7 @@ public class RestartLessonService {
@RequestMapping(path = "/service/restartlesson.mvc", produces = "text/text") @RequestMapping(path = "/service/restartlesson.mvc", produces = "text/text")
@ResponseStatus(value = HttpStatus.OK) @ResponseStatus(value = HttpStatus.OK)
public void restartLesson() { public void restartLesson() {
AbstractLesson al = webSession.getCurrentLesson(); Lesson al = webSession.getCurrentLesson();
log.debug("Restarting lesson: " + al); log.debug("Restarting lesson: " + al);
UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName()); UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());

16
webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java
View File

@ -1,7 +1,7 @@
package org.owasp.webgoat.session; package org.owasp.webgoat.session;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import java.util.List; import java.util.List;
@ -41,9 +41,9 @@ import static java.util.stream.Collectors.toList;
@Slf4j @Slf4j
public class Course { public class Course {
private List<? extends AbstractLesson> lessons; private List<? extends Lesson> lessons;
public Course(List<? extends AbstractLesson> lessons) { public Course(List<? extends Lesson> lessons) {
this.lessons = lessons; this.lessons = lessons;
} }
@ -61,7 +61,7 @@ public class Course {
* *
* @return The firstLesson value * @return The firstLesson value
*/ */
public AbstractLesson getFirstLesson() { public Lesson getFirstLesson() {
// Category 0 is the admin function. We want the first real category // Category 0 is the admin function. We want the first real category
// to be returned. This is normally the General category and the Http Basics lesson // to be returned. This is normally the General category and the Http Basics lesson
return getLessons(getCategories().get(0)).get(0); return getLessons(getCategories().get(0)).get(0);
@ -72,7 +72,7 @@ public class Course {
* *
* @return a {@link java.util.List} object. * @return a {@link java.util.List} object.
*/ */
public List<? extends AbstractLesson> getLessons() { public List<? extends Lesson> getLessons() {
return this.lessons; return this.lessons;
} }
@ -82,11 +82,11 @@ public class Course {
* @param category a {@link org.owasp.webgoat.lessons.Category} object. * @param category a {@link org.owasp.webgoat.lessons.Category} object.
* @return a {@link java.util.List} object. * @return a {@link java.util.List} object.
*/ */
public List<AbstractLesson> getLessons(Category category) { public List<Lesson> getLessons(Category category) {
return this.lessons.stream().filter(l -> l.getCategory() == category).sorted().collect(toList()); return this.lessons.stream().filter(l -> l.getCategory() == category).collect(toList());
} }
public void setLessons(List<AbstractLesson> lessons) { public void setLessons(List<Lesson> lessons) {
this.lessons = lessons; this.lessons = lessons;
} }

53
webgoat-container/src/main/java/org/owasp/webgoat/session/Screen.java
View File

@ -1,53 +0,0 @@
package org.owasp.webgoat.session;
/**
* *************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at
* https://github.com/WebGoat/WebGoat, a repository for free software projects.
*
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
* Security</a>
* @since October 28, 2003
* @version $Id: $Id
*/
public abstract class Screen {
/**
* Constructor for the Screen object
*/
public Screen() {
}
/**
* Fill in a descriptive title for this lesson
*
* @return The title value
*/
public abstract String getTitle();
}

10
webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java
View File

@ -1,7 +1,7 @@
package org.owasp.webgoat.session; package org.owasp.webgoat.session;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.users.WebGoatUser; import org.owasp.webgoat.users.WebGoatUser;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
@ -42,7 +42,7 @@ public class WebSession {
private final WebGoatUser currentUser; private final WebGoatUser currentUser;
private final WebgoatContext webgoatContext; private final WebgoatContext webgoatContext;
private AbstractLesson currentLesson; private Lesson currentLesson;
/** /**
* Constructor for the WebSession object * Constructor for the WebSession object
@ -79,16 +79,16 @@ public class WebSession {
* *
* @param lesson current lesson * @param lesson current lesson
*/ */
public void setCurrentLesson(AbstractLesson lesson) { public void setCurrentLesson(Lesson lesson) {
this.currentLesson = lesson; this.currentLesson = lesson;
} }
/** /**
* <p> getCurrentLesson. </p> * <p> getCurrentLesson. </p>
* *
* @return a {@link org.owasp.webgoat.lessons.AbstractLesson} object. * @return a {@link Lesson} object.
*/ */
public AbstractLesson getCurrentLesson() { public Lesson getCurrentLesson() {
return this.currentLesson; return this.currentLesson;
} }

7
webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java
View File

@ -1,10 +1,9 @@
package org.owasp.webgoat.users; package org.owasp.webgoat.users;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets; import com.google.common.collect.Sets;
import lombok.Getter; import lombok.Getter;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.Assignment;
import javax.persistence.*; import javax.persistence.*;
@ -64,9 +63,9 @@ public class LessonTracker {
//JPA //JPA
} }
public LessonTracker(AbstractLesson lesson) { public LessonTracker(Lesson lesson) {
lessonName = lesson.getId(); lessonName = lesson.getId();
allAssignments.addAll(lesson.getAssignments()); allAssignments.addAll(lesson.getAssignments() == null ? List.of() : lesson.getAssignments());
} }
public Optional<Assignment> getAssignment(String name) { public Optional<Assignment> getAssignment(String name) {

12
webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java
View File

@ -1,14 +1,12 @@
package org.owasp.webgoat.users; package org.owasp.webgoat.users;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets; import com.google.common.collect.Sets;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.Assignment;
import javax.persistence.*; import javax.persistence.*;
import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Optional; import java.util.Optional;
import java.util.Set; import java.util.Set;
@ -69,7 +67,7 @@ public class UserTracker {
* @param lesson the lesson * @param lesson the lesson
* @return a lesson tracker created if not already present * @return a lesson tracker created if not already present
*/ */
public LessonTracker getLessonTracker(AbstractLesson lesson) { public LessonTracker getLessonTracker(Lesson lesson) {
Optional<LessonTracker> lessonTracker = lessonTrackers Optional<LessonTracker> lessonTracker = lessonTrackers
.stream().filter(l -> l.getLessonName().equals(lesson.getId())).findFirst(); .stream().filter(l -> l.getLessonName().equals(lesson.getId())).findFirst();
if (!lessonTracker.isPresent()) { if (!lessonTracker.isPresent()) {
@ -91,18 +89,18 @@ public class UserTracker {
return lessonTrackers.stream().filter(l -> l.getLessonName().equals(id)).findFirst(); return lessonTrackers.stream().filter(l -> l.getLessonName().equals(id)).findFirst();
} }
public void assignmentSolved(AbstractLesson lesson, String assignmentName) { public void assignmentSolved(Lesson lesson, String assignmentName) {
LessonTracker lessonTracker = getLessonTracker(lesson); LessonTracker lessonTracker = getLessonTracker(lesson);
lessonTracker.incrementAttempts(); lessonTracker.incrementAttempts();
lessonTracker.assignmentSolved(assignmentName); lessonTracker.assignmentSolved(assignmentName);
} }
public void assignmentFailed(AbstractLesson lesson) { public void assignmentFailed(Lesson lesson) {
LessonTracker lessonTracker = getLessonTracker(lesson); LessonTracker lessonTracker = getLessonTracker(lesson);
lessonTracker.incrementAttempts(); lessonTracker.incrementAttempts();
} }
public void reset(AbstractLesson al) { public void reset(Lesson al) {
LessonTracker lessonTracker = getLessonTracker(al); LessonTracker lessonTracker = getLessonTracker(al);
lessonTracker.reset(); lessonTracker.reset();
} }

2
webgoat-container/src/test/java/org/owasp/webgoat/assignments/AssignmentEndpointTest.java
View File

@ -39,7 +39,7 @@ import org.springframework.web.servlet.i18n.FixedLocaleResolver;
import java.util.Locale; import java.util.Locale;
import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.anyString; import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
public class AssignmentEndpointTest { public class AssignmentEndpointTest {

21
webgoat-container/src/test/java/org/owasp/webgoat/service/HintServiceTest.java
View File

@ -8,12 +8,14 @@ import org.junit.runner.RunWith;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.Mockito; import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner; import org.mockito.junit.MockitoJUnitRunner;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import java.util.List;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import static org.owasp.webgoat.service.HintService.URL_HINTS_MVC; import static org.owasp.webgoat.service.HintService.URL_HINTS_MVC;
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
@ -28,24 +30,15 @@ public class HintServiceTest {
@Mock @Mock
private WebSession websession; private WebSession websession;
@Mock @Mock
private AbstractLesson lesson; private Lesson lesson;
@Mock
private Assignment assignment;
@Before @Before
public void setup() { public void setup() {
this.mockMvc = standaloneSetup(new HintService(websession)).build(); this.mockMvc = standaloneSetup(new HintService(websession)).build();
} }
@Test
public void onlyHintsOnLesson() throws Exception {
when(lesson.getName()).thenReturn("Test lesson");
when(lesson.getHints()).thenReturn(Lists.newArrayList("hint 1", "hint 2"));
when(websession.getCurrentLesson()).thenReturn(lesson);
mockMvc.perform(MockMvcRequestBuilders.get(URL_HINTS_MVC))
.andExpect(status().isOk())
.andExpect(jsonPath("$[0].hint", CoreMatchers.is("hint 1")))
.andExpect(jsonPath("$[0].lesson", CoreMatchers.is("Test lesson")));
}
@Test @Test
public void hintsPerAssignment() throws Exception { public void hintsPerAssignment() throws Exception {
Assignment assignment = Mockito.mock(Assignment.class); Assignment assignment = Mockito.mock(Assignment.class);
@ -54,7 +47,7 @@ public class HintServiceTest {
when(lesson.getAssignments()).thenReturn(Lists.newArrayList(assignment)); when(lesson.getAssignments()).thenReturn(Lists.newArrayList(assignment));
when(websession.getCurrentLesson()).thenReturn(lesson); when(websession.getCurrentLesson()).thenReturn(lesson);
mockMvc.perform(MockMvcRequestBuilders.get(URL_HINTS_MVC)) mockMvc.perform(MockMvcRequestBuilders.get(URL_HINTS_MVC))
.andExpect(status().isOk()).andDo(print()) .andExpect(status().isOk())
.andExpect(jsonPath("$[0].hint", CoreMatchers.is("hint 1"))) .andExpect(jsonPath("$[0].hint", CoreMatchers.is("hint 1")))
.andExpect(jsonPath("$[0].assignmentPath", CoreMatchers.is("/HttpBasics/attack1"))); .andExpect(jsonPath("$[0].assignmentPath", CoreMatchers.is("/HttpBasics/attack1")));
} }

16
webgoat-container/src/test/java/org/owasp/webgoat/service/LessonMenuServiceTest.java
View File

@ -29,9 +29,8 @@ import org.junit.runner.RunWith;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.Mockito; import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner; import org.mockito.junit.MockitoJUnitRunner;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.session.Course; import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.users.LessonTracker; import org.owasp.webgoat.users.LessonTracker;
@ -40,8 +39,7 @@ import org.owasp.webgoat.users.UserTrackerRepository;
import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import static org.mockito.Matchers.any; import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import static org.owasp.webgoat.service.LessonMenuService.URL_LESSONMENU_MVC; import static org.owasp.webgoat.service.LessonMenuService.URL_LESSONMENU_MVC;
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
@ -71,14 +69,14 @@ public class LessonMenuServiceTest {
@Test @Test
public void lessonsShouldBeOrdered() throws Exception { public void lessonsShouldBeOrdered() throws Exception {
NewLesson l1 = Mockito.mock(NewLesson.class); Lesson l1 = Mockito.mock(Lesson.class);
NewLesson l2 = Mockito.mock(NewLesson.class); Lesson l2 = Mockito.mock(Lesson.class);
when(l1.getTitle()).thenReturn("ZA"); when(l1.getTitle()).thenReturn("ZA");
when(l2.getTitle()).thenReturn("AA"); when(l2.getTitle()).thenReturn("AA");
when(lessonTracker.isLessonSolved()).thenReturn(false); when(lessonTracker.isLessonSolved()).thenReturn(false);
when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1, l2)); when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1, l2));
when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL)); when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL));
when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker); when(userTracker.getLessonTracker(any(Lesson.class))).thenReturn(lessonTracker);
when(userTrackerRepository.findByUser(any())).thenReturn(userTracker); when(userTrackerRepository.findByUser(any())).thenReturn(userTracker);
mockMvc.perform(MockMvcRequestBuilders.get(URL_LESSONMENU_MVC)) mockMvc.perform(MockMvcRequestBuilders.get(URL_LESSONMENU_MVC))
@ -89,12 +87,12 @@ public class LessonMenuServiceTest {
@Test @Test
public void lessonCompleted() throws Exception { public void lessonCompleted() throws Exception {
NewLesson l1 = Mockito.mock(NewLesson.class); Lesson l1 = Mockito.mock(Lesson.class);
when(l1.getTitle()).thenReturn("ZA"); when(l1.getTitle()).thenReturn("ZA");
when(lessonTracker.isLessonSolved()).thenReturn(true); when(lessonTracker.isLessonSolved()).thenReturn(true);
when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1)); when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1));
when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL)); when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL));
when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker); when(userTracker.getLessonTracker(any(Lesson.class))).thenReturn(lessonTracker);
when(userTrackerRepository.findByUser(any())).thenReturn(userTracker); when(userTrackerRepository.findByUser(any())).thenReturn(userTracker);
mockMvc.perform(MockMvcRequestBuilders.get(URL_LESSONMENU_MVC)) mockMvc.perform(MockMvcRequestBuilders.get(URL_LESSONMENU_MVC))

9
webgoat-container/src/test/java/org/owasp/webgoat/service/LessonProgressServiceTest.java
View File

@ -6,7 +6,7 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner; import org.mockito.runners.MockitoJUnitRunner;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.users.LessonTracker; import org.owasp.webgoat.users.LessonTracker;
@ -20,8 +20,7 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import java.util.List; import java.util.List;
import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.is;
import static org.mockito.Matchers.any; import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@ -61,7 +60,7 @@ public class LessonProgressServiceTest {
private MockMvc mockMvc; private MockMvc mockMvc;
@Mock @Mock
private AbstractLesson lesson; private Lesson lesson;
@Mock @Mock
private UserTracker userTracker; private UserTracker userTracker;
@Mock @Mock
@ -75,7 +74,7 @@ public class LessonProgressServiceTest {
public void setup() { public void setup() {
Assignment assignment = new Assignment("test", "test", List.of()); Assignment assignment = new Assignment("test", "test", List.of());
when(userTrackerRepository.findByUser(any())).thenReturn(userTracker); when(userTrackerRepository.findByUser(any())).thenReturn(userTracker);
when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker); when(userTracker.getLessonTracker(any(Lesson.class))).thenReturn(lessonTracker);
when(websession.getCurrentLesson()).thenReturn(lesson); when(websession.getCurrentLesson()).thenReturn(lesson);
when(lessonTracker.getLessonOverview()).thenReturn(Maps.newHashMap(assignment, true)); when(lessonTracker.getLessonOverview()).thenReturn(Maps.newHashMap(assignment, true));
this.mockMvc = MockMvcBuilders.standaloneSetup(new LessonProgressService(userTrackerRepository, websession)).build(); this.mockMvc = MockMvcBuilders.standaloneSetup(new LessonProgressService(userTrackerRepository, websession)).build();

11
webgoat-container/src/test/java/org/owasp/webgoat/service/ReportCardServiceTest.java
View File

@ -1,13 +1,12 @@
package org.owasp.webgoat.service; package org.owasp.webgoat.service;
import com.beust.jcommander.internal.Lists;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner; import org.mockito.junit.MockitoJUnitRunner;
import org.owasp.webgoat.i18n.PluginMessages; import org.owasp.webgoat.i18n.PluginMessages;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.session.Course; import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.users.LessonTracker; import org.owasp.webgoat.users.LessonTracker;
@ -20,8 +19,8 @@ import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import java.util.List; import java.util.List;
import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.is;
import static org.mockito.Matchers.any; import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.anyString; import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@ -36,7 +35,7 @@ public class ReportCardServiceTest {
@Mock @Mock
private UserTracker userTracker; private UserTracker userTracker;
@Mock @Mock
private AbstractLesson lesson; private Lesson lesson;
@Mock @Mock
private LessonTracker lessonTracker; private LessonTracker lessonTracker;
@Mock @Mock
@ -60,7 +59,7 @@ public class ReportCardServiceTest {
when(course.getTotalOfAssignments()).thenReturn(10); when(course.getTotalOfAssignments()).thenReturn(10);
when(course.getLessons()).thenAnswer(x -> List.of(lesson)); when(course.getLessons()).thenAnswer(x -> List.of(lesson));
when(userTrackerRepository.findByUser(any())).thenReturn(userTracker); when(userTrackerRepository.findByUser(any())).thenReturn(userTracker);
when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker); when(userTracker.getLessonTracker(any(Lesson.class))).thenReturn(lessonTracker);
mockMvc.perform(MockMvcRequestBuilders.get("/service/reportcard.mvc")) mockMvc.perform(MockMvcRequestBuilders.get("/service/reportcard.mvc"))
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(jsonPath("$.totalNumberOfLessons", is(1))) .andExpect(jsonPath("$.totalNumberOfLessons", is(1)))

8
webgoat-container/src/test/java/org/owasp/webgoat/session/LessonTrackerTest.java
View File

@ -2,7 +2,7 @@ package org.owasp.webgoat.session;
import com.google.common.collect.Lists; import com.google.common.collect.Lists;
import org.junit.Test; import org.junit.Test;
import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Lesson;
import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.users.LessonTracker; import org.owasp.webgoat.users.LessonTracker;
@ -47,7 +47,7 @@ public class LessonTrackerTest {
@Test @Test
public void allAssignmentsSolvedShouldMarkLessonAsComplete() { public void allAssignmentsSolvedShouldMarkLessonAsComplete() {
AbstractLesson lesson = mock(AbstractLesson.class); Lesson lesson = mock(Lesson.class);
when(lesson.getAssignments()).thenReturn(Lists.newArrayList(new Assignment("assignment", "assignment", List.of("")))); when(lesson.getAssignments()).thenReturn(Lists.newArrayList(new Assignment("assignment", "assignment", List.of(""))));
LessonTracker lessonTracker = new LessonTracker(lesson); LessonTracker lessonTracker = new LessonTracker(lesson);
lessonTracker.assignmentSolved("assignment"); lessonTracker.assignmentSolved("assignment");
@ -57,7 +57,7 @@ public class LessonTrackerTest {
@Test @Test
public void noAssignmentsSolvedShouldMarkLessonAsInComplete() { public void noAssignmentsSolvedShouldMarkLessonAsInComplete() {
AbstractLesson lesson = mock(AbstractLesson.class); Lesson lesson = mock(Lesson.class);
Assignment a1 = new Assignment("a1"); Assignment a1 = new Assignment("a1");
Assignment a2 = new Assignment("a2"); Assignment a2 = new Assignment("a2");
List<Assignment> assignments = Lists.newArrayList(a1, a2); List<Assignment> assignments = Lists.newArrayList(a1, a2);
@ -72,7 +72,7 @@ public class LessonTrackerTest {
@Test @Test
public void solvingSameAssignmentShouldNotAddItTwice() { public void solvingSameAssignmentShouldNotAddItTwice() {
AbstractLesson lesson = mock(AbstractLesson.class); Lesson lesson = mock(Lesson.class);
Assignment a1 = new Assignment("a1"); Assignment a1 = new Assignment("a1");
List<Assignment> assignments = Lists.newArrayList(a1); List<Assignment> assignments = Lists.newArrayList(a1);
when(lesson.getAssignments()).thenReturn(assignments); when(lesson.getAssignments()).thenReturn(assignments);

3
webgoat-container/src/test/java/org/owasp/webgoat/users/UserServiceTest.java
View File

@ -3,7 +3,7 @@ package org.owasp.webgoat.users;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner; import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import static org.mockito.Matchers.any; import static org.mockito.Matchers.any;
@ -24,5 +24,4 @@ public class UserServiceTest {
UserService userService = new UserService(userRepository, userTrackerRepository); UserService userService = new UserService(userRepository, userTrackerRepository);
userService.loadUserByUsername("unknown"); userService.loadUserByUsername("unknown");
} }
} }

14
webgoat-container/src/test/java/org/owasp/webgoat/users/UserTrackerRepositoryTest.java
View File

@ -6,7 +6,7 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest; import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.context.junit4.SpringRunner;
@ -17,23 +17,13 @@ import java.util.List;
@RunWith(SpringRunner.class) @RunWith(SpringRunner.class)
public class UserTrackerRepositoryTest { public class UserTrackerRepositoryTest {
private class TestLesson extends NewLesson { private class TestLesson extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.AJAX_SECURITY; return Category.AJAX_SECURITY;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 12;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "test"; return "test";

2
webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java
View File

@ -3,7 +3,7 @@ package org.owasp.webgoat.users;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner; import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.validation.BeanPropertyBindingResult; import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.validation.Errors; import org.springframework.validation.Errors;

2
webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AccountVerificationHelper.java
View File

@ -31,7 +31,7 @@ import java.util.Map;
public class AccountVerificationHelper { public class AccountVerificationHelper {
//simulating database storage of verification credentials //simulating database storage of verification credentials
private static final Integer verifyUserId = new Integer(1223445); private static final Integer verifyUserId = 1223445;
private static final Map<String,String> userSecQuestions = new HashMap<>(); private static final Map<String,String> userSecQuestions = new HashMap<>();
static { static {
userSecQuestions.put("secQuestion0","Dr. Watson"); userSecQuestions.put("secQuestion0","Dr. Watson");

17
webgoat-lessons/auth-bypass/src/main/java/org/owasp/webgoat/auth_bypass/AuthBypass.java
View File

@ -22,31 +22,18 @@
package org.owasp.webgoat.auth_bypass; package org.owasp.webgoat.auth_bypass;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
@Component @Component
public class AuthBypass extends NewLesson { public class AuthBypass extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.AUTHENTICATION; return Category.AUTHENTICATION;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 30;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "auth-bypass.title"; return "auth-bypass.title";

17
webgoat-lessons/bypass-restrictions/src/main/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictions.java
View File

@ -22,30 +22,17 @@
package org.owasp.webgoat.bypass_restrictions; package org.owasp.webgoat.bypass_restrictions;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
@Component @Component
public class BypassRestrictions extends NewLesson { public class BypassRestrictions extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.CLIENT_SIDE; return Category.CLIENT_SIDE;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 2;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "bypass-restrictions.title"; return "bypass-restrictions.title";

6
webgoat-lessons/bypass-restrictions/src/test/java/org/owasp/webgoat/bypass_restrictions/BypassRestrictionsFrontendValidationTest.java
View File

@ -4,6 +4,7 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@ -20,9 +21,12 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class BypassRestrictionsFrontendValidationTest extends LessonTest { public class BypassRestrictionsFrontendValidationTest extends LessonTest {
@Autowired
private BypassRestrictions bypassRestrictions;
@Before @Before
public void setup() { public void setup() {
when(webSession.getCurrentLesson()).thenReturn(new BypassRestrictions()); when(webSession.getCurrentLesson()).thenReturn(bypassRestrictions);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
} }

17
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/ChallengeIntro.java
View File

@ -1,32 +1,19 @@
package org.owasp.webgoat.challenges; package org.owasp.webgoat.challenges;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import java.util.List;
/** /**
* @author nbaars * @author nbaars
* @since 3/21/17. * @since 3/21/17.
*/ */
public class ChallengeIntro extends NewLesson { public class ChallengeIntro extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.CHALLENGE; return Category.CHALLENGE;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "challenge0.title"; return "challenge0.title";

17
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge1/Challenge1.java
View File

@ -1,34 +1,21 @@
package org.owasp.webgoat.challenges.challenge1; package org.owasp.webgoat.challenges.challenge1;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* @author nbaars * @author nbaars
* @since 3/21/17. * @since 3/21/17.
*/ */
@Component @Component
public class Challenge1 extends NewLesson { public class Challenge1 extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.CHALLENGE; return Category.CHALLENGE;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "challenge1.title"; return "challenge1.title";

17
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Challenge5.java
View File

@ -22,35 +22,22 @@
package org.owasp.webgoat.challenges.challenge5; package org.owasp.webgoat.challenges.challenge5;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* @author nbaars * @author nbaars
* @since 3/21/17. * @since 3/21/17.
*/ */
@Component @Component
public class Challenge5 extends NewLesson { public class Challenge5 extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.CHALLENGE; return Category.CHALLENGE;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "challenge5.title"; return "challenge5.title";

17
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge6/Challenge6.java
View File

@ -1,34 +1,21 @@
package org.owasp.webgoat.challenges.challenge6; package org.owasp.webgoat.challenges.challenge6;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* @author nbaars * @author nbaars
* @since 3/21/17. * @since 3/21/17.
*/ */
@Component @Component
public class Challenge6 extends NewLesson { public class Challenge6 extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.CHALLENGE; return Category.CHALLENGE;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "challenge6.title"; return "challenge6.title";

17
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/Challenge7.java
View File

@ -1,34 +1,21 @@
package org.owasp.webgoat.challenges.challenge7; package org.owasp.webgoat.challenges.challenge7;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* @author nbaars * @author nbaars
* @since 3/21/17. * @since 3/21/17.
*/ */
@Component @Component
public class Challenge7 extends NewLesson { public class Challenge7 extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.CHALLENGE; return Category.CHALLENGE;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "challenge7.title"; return "challenge7.title";

17
webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge8/Challenge8.java
View File

@ -1,34 +1,21 @@
package org.owasp.webgoat.challenges.challenge8; package org.owasp.webgoat.challenges.challenge8;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* @author nbaars * @author nbaars
* @since 3/21/17. * @since 3/21/17.
*/ */
@Component @Component
public class Challenge8 extends NewLesson { public class Challenge8 extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.CHALLENGE; return Category.CHALLENGE;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "challenge8.title"; return "challenge8.title";

17
webgoat-lessons/chrome-dev-tools/src/main/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevTools.java
View File

@ -22,35 +22,22 @@
package org.owasp.webgoat.chrome_dev_tools; package org.owasp.webgoat.chrome_dev_tools;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* @author TMelzer * @author TMelzer
* @since 30.11.18 * @since 30.11.18
*/ */
@Component @Component
public class ChromeDevTools extends NewLesson { public class ChromeDevTools extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.GENERAL; return Category.GENERAL;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 4;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "chrome-dev-tools.title"; return "chrome-dev-tools.title";

7
webgoat-lessons/chrome-dev-tools/src/test/java/org/owasp/webgoat/chrome_dev_tools/ChromeDevToolsTest.java
View File

@ -17,6 +17,7 @@ import static org.hamcrest.CoreMatchers.is;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
/** /**
* @author Benedikt Stuhrmann * @author Benedikt Stuhrmann
* @since 13/03/19. * @since 13/03/19.
@ -25,18 +26,16 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
public class ChromeDevToolsTest extends LessonTest { public class ChromeDevToolsTest extends LessonTest {
@Autowired @Autowired
private WebgoatContext context; private ChromeDevTools cdt;
@Before @Before
public void setup() { public void setup() {
ChromeDevTools cdt = new ChromeDevTools();
when(webSession.getCurrentLesson()).thenReturn(cdt); when(webSession.getCurrentLesson()).thenReturn(cdt);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
} }
@Test @Test
public void NetworkAssignmentTest_Success() throws Exception{ public void NetworkAssignmentTest_Success() throws Exception {
mockMvc.perform(MockMvcRequestBuilders.post("/ChromeDevTools/network") mockMvc.perform(MockMvcRequestBuilders.post("/ChromeDevTools/network")
.param("network_num", "123456") .param("network_num", "123456")
.param("number", "123456")) .param("number", "123456"))

19
webgoat-lessons/cia/src/main/java/org/owasp/webgoat/cia/CIA.java
View File

@ -1,34 +1,21 @@
package org.owasp.webgoat.cia; package org.owasp.webgoat.cia;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* @author BenediktStuhrmann * @author BenediktStuhrmann
* @since 11/2/18. * @since 11/2/18.
*/ */
@Component @Component
public class CIA extends NewLesson { public class CIA extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.GENERAL; return Category.GENERAL;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 3;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "cia.title"; return "cia.title";
@ -38,4 +25,4 @@ public class CIA extends NewLesson {
public String getId() { public String getId() {
return "CIA"; return "CIA";
} }
} }

4
webgoat-lessons/cia/src/test/java/org/owasp/webgoat/cia/CIAQuizTest.java
View File

@ -24,13 +24,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
public class CIAQuizTest extends LessonTest { public class CIAQuizTest extends LessonTest {
@Autowired @Autowired
private WebgoatContext context; private CIA cia;
@Before @Before
public void setup() { public void setup() {
CIA cia = new CIA();
when(webSession.getCurrentLesson()).thenReturn(cia); when(webSession.getCurrentLesson()).thenReturn(cia);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
} }

19
webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/client_side_filtering/ClientSideFiltering.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.client_side_filtering; package org.owasp.webgoat.client_side_filtering;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* ************************************************************************************************ * ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,25 +34,13 @@ import java.util.List;
* @since October 12, 2016 * @since October 12, 2016
*/ */
@Component @Component
public class ClientSideFiltering extends NewLesson { public class ClientSideFiltering extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.CLIENT_SIDE; return Category.CLIENT_SIDE;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList("Many sites attempt to restrict access to resources by role.",
"Developers frequently make mistakes implementing this scheme.",
"Attempt combinations of users, roles, and resources.");
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "client.side.filtering.title"; return "client.side.filtering.title";

6
webgoat-lessons/client-side-filtering/src/test/java/org/owasp/webgoat/client_side_filtering/ClientSideFilteringFreeAssignmentTest.java
View File

@ -5,6 +5,7 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@ -21,14 +22,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class ClientSideFilteringFreeAssignmentTest extends LessonTest { public class ClientSideFilteringFreeAssignmentTest extends LessonTest {
private MockMvc mockMvc; @Autowired
private ClientSideFiltering clientSideFiltering;
@Before @Before
public void setup() { public void setup() {
ClientSideFiltering clientSideFiltering = new ClientSideFiltering();
when(webSession.getCurrentLesson()).thenReturn(clientSideFiltering); when(webSession.getCurrentLesson()).thenReturn(clientSideFiltering);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
} }
@Test @Test

4
webgoat-lessons/command-injection/src/main/java/org/owasp/webgoat/plugin/CommandInjection.java
View File

@ -2,7 +2,7 @@ package org.owasp.webgoat.plugin;
import com.beust.jcommander.internal.Lists; import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.AbstractLesson;
import java.util.List; import java.util.List;
@ -35,7 +35,7 @@ import java.util.List;
* @version $Id: $Id * @version $Id: $Id
* @since October 12, 2016 * @since October 12, 2016
*/ */
public class HttpProxies extends NewLesson { public class HttpProxies extends AbstractLesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.GENERAL; return Category.GENERAL;

18
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScripting.java
View File

@ -23,30 +23,16 @@
package org.owasp.webgoat.xss; package org.owasp.webgoat.xss;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component @Component
public class CrossSiteScripting extends NewLesson { public class CrossSiteScripting extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.XSS; return Category.XSS;
} }
@Override
public List<String> getHints() {
List<String> hints = new ArrayList<String>();
return hints;
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "xss.title"; return "xss.title";

18
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingMitigation.java
View File

@ -23,28 +23,14 @@
package org.owasp.webgoat.xss; package org.owasp.webgoat.xss;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import java.util.ArrayList; public class CrossSiteScriptingMitigation extends Lesson {
import java.util.List;
public class CrossSiteScriptingMitigation extends NewLesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.XSS; return Category.XSS;
} }
@Override
public List<String> getHints() {
List<String> hints = new ArrayList<String>();
return hints;
}
@Override
public Integer getDefaultRanking() {
return 3;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "xss-mitigation.title"; return "xss-mitigation.title";

18
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/xss/CrossSiteScriptingStored.java
View File

@ -23,28 +23,14 @@
package org.owasp.webgoat.xss; package org.owasp.webgoat.xss;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import java.util.ArrayList; public class CrossSiteScriptingStored extends Lesson {
import java.util.List;
public class CrossSiteScriptingStored extends NewLesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.XSS; return Category.XSS;
} }
@Override
public List<String> getHints() {
List<String> hints = new ArrayList<String>();
return hints;
}
@Override
public Integer getDefaultRanking() {
return 2;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "xss-stored.title"; return "xss-stored.title";

6
webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/DOMCrossSiteScriptingTest.java
View File

@ -28,10 +28,13 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.mockito.junit.MockitoJUnitRunner; import org.mockito.junit.MockitoJUnitRunner;
import org.owasp.webgoat.assignments.AssignmentEndpointTest; import org.owasp.webgoat.assignments.AssignmentEndpointTest;
import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.xss.DOMCrossSiteScripting; import org.owasp.webgoat.xss.DOMCrossSiteScripting;
import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import java.util.List;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@ -48,7 +51,8 @@ public class DOMCrossSiteScriptingTest extends AssignmentEndpointTest {
DOMCrossSiteScripting domXss = new DOMCrossSiteScripting(); DOMCrossSiteScripting domXss = new DOMCrossSiteScripting();
init(domXss); init(domXss);
this.mockMvc = standaloneSetup(domXss).build(); this.mockMvc = standaloneSetup(domXss).build();
when(webSession.getCurrentLesson()).thenReturn(new CrossSiteScripting()); CrossSiteScripting xss = new CrossSiteScripting();
when(webSession.getCurrentLesson()).thenReturn(xss);
when(userSessionData.getValue("randValue")).thenReturn(randVal); when(userSessionData.getValue("randValue")).thenReturn(randVal);
} }

4
webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/xss/StoredXssCommentsTest.java
View File

@ -26,16 +26,14 @@ import org.hamcrest.CoreMatchers;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.mockito.runners.MockitoJUnitRunner; import org.mockito.junit.MockitoJUnitRunner;
import org.owasp.webgoat.assignments.AssignmentEndpointTest; import org.owasp.webgoat.assignments.AssignmentEndpointTest;
import org.owasp.webgoat.xss.StoredXssComments;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.MvcResult;
import org.springframework.test.web.servlet.ResultActions; import org.springframework.test.web.servlet.ResultActions;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;

14
webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRF.java
View File

@ -24,7 +24,7 @@ package org.owasp.webgoat.csrf;
import com.beust.jcommander.internal.Lists; import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List; import java.util.List;
@ -33,22 +33,12 @@ import java.util.List;
* Created by jason on 9/29/17. * Created by jason on 9/29/17.
*/ */
@Component @Component
public class CSRF extends NewLesson { public class CSRF extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.REQUEST_FORGERIES; return Category.REQUEST_FORGERIES;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override @Override
public String getTitle() { return "csrf.title"; } public String getTitle() { return "csrf.title"; }

7
webgoat-lessons/csrf/src/test/java/org/owasp/webgoat/csrf/CSRFFeedbackTest.java
View File

@ -27,6 +27,7 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@ -46,13 +47,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class CSRFFeedbackTest extends LessonTest { public class CSRFFeedbackTest extends LessonTest {
@Autowired
private CSRF csrf;
@Before @Before
public void setup() { public void setup() {
CSRF csrf = new CSRF();
when(webSession.getCurrentLesson()).thenReturn(csrf); when(webSession.getCurrentLesson()).thenReturn(csrf);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
when(webSession.getCurrentLesson()).thenReturn(new CSRF());
} }
@Test @Test

17
webgoat-lessons/html-tampering/src/main/java/org/owasp/webgoat/html_tampering/HtmlTampering.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.html_tampering; package org.owasp.webgoat.html_tampering;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* ************************************************************************************************ * ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,22 +34,12 @@ import java.util.List;
* @since October 12, 2016 * @since October 12, 2016
*/ */
@Component @Component
public class HtmlTampering extends NewLesson { public class HtmlTampering extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.CLIENT_SIDE; return Category.CLIENT_SIDE;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 3;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "html-tampering.title"; return "html-tampering.title";

17
webgoat-lessons/http-basics/src/main/java/org/owasp/webgoat/http_basics/HttpBasics.java
View File

@ -22,30 +22,17 @@
package org.owasp.webgoat.http_basics; package org.owasp.webgoat.http_basics;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
@Component @Component
public class HttpBasics extends NewLesson { public class HttpBasics extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.GENERAL; return Category.GENERAL;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "http-basics.title"; return "http-basics.title";

17
webgoat-lessons/http-proxies/src/main/java/org/owasp/webgoat/http_proxies/HttpProxies.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.http_proxies; package org.owasp.webgoat.http_proxies;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* ************************************************************************************************ * ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,22 +34,12 @@ import java.util.List;
* @since October 12, 2016 * @since October 12, 2016
*/ */
@Component @Component
public class HttpProxies extends NewLesson { public class HttpProxies extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.GENERAL; return Category.GENERAL;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 2;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "http-proxies.title"; return "http-proxies.title";

17
webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOR.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.idor; package org.owasp.webgoat.idor;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* ************************************************************************************************ * ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,23 +34,13 @@ import java.util.List;
* @since January 3, 2017 * @since January 3, 2017
*/ */
@Component @Component
public class IDOR extends NewLesson { public class IDOR extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.ACCESS_CONTROL; return Category.ACCESS_CONTROL;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 20;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "idor.title"; return "idor.title";

17
webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserialization.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.deserialization; package org.owasp.webgoat.deserialization;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* ************************************************************************************************ * ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,22 +34,12 @@ import java.util.List;
* @since October 12, 2016 * @since October 12, 2016
*/ */
@Component @Component
public class InsecureDeserialization extends NewLesson { public class InsecureDeserialization extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.INSECURE_DESERIALIZATION; return Category.INSECURE_DESERIALIZATION;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "insecure-deserialization.title"; return "insecure-deserialization.title";

17
webgoat-lessons/insecure-login/src/main/java/org/owasp/webgoat/insecure_login/InsecureLogin.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.insecure_login; package org.owasp.webgoat.insecure_login;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* ************************************************************************************************ * ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,22 +34,12 @@ import java.util.List;
* @since October 12, 2016 * @since October 12, 2016
*/ */
@Component @Component
public class InsecureLogin extends NewLesson { public class InsecureLogin extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.INSECURE_COMMUNICATION; return Category.INSECURE_COMMUNICATION;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "insecure-login.title"; return "insecure-login.title";

17
webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWT.java
View File

@ -22,35 +22,22 @@
package org.owasp.webgoat.jwt; package org.owasp.webgoat.jwt;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* @author nbaars * @author nbaars
* @since 3/22/17. * @since 3/22/17.
*/ */
@Component @Component
public class JWT extends NewLesson { public class JWT extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.AUTHENTICATION; return Category.AUTHENTICATION;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 40;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "jwt.title"; return "jwt.title";

7
webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTFinalEndpointTest.java
View File

@ -7,6 +7,8 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.core.AutoConfigureCache;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@ -25,12 +27,13 @@ public class JWTFinalEndpointTest extends LessonTest {
private static final String TOKEN_JERRY = "eyJraWQiOiJ3ZWJnb2F0X2tleSIsImFsZyI6IkhTNTEyIn0.eyJhdWQiOiJ3ZWJnb2F0Lm9yZyIsImVtYWlsIjoiamVycnlAd2ViZ29hdC5jb20iLCJ1c2VybmFtZSI6IkplcnJ5In0.xBc5FFwaOcuxjdr_VJ16n8Jb7vScuaZulNTl66F2MWF1aBe47QsUosvbjWGORNcMPiPNwnMu1Yb0WZVNrp2ZXA"; private static final String TOKEN_JERRY = "eyJraWQiOiJ3ZWJnb2F0X2tleSIsImFsZyI6IkhTNTEyIn0.eyJhdWQiOiJ3ZWJnb2F0Lm9yZyIsImVtYWlsIjoiamVycnlAd2ViZ29hdC5jb20iLCJ1c2VybmFtZSI6IkplcnJ5In0.xBc5FFwaOcuxjdr_VJ16n8Jb7vScuaZulNTl66F2MWF1aBe47QsUosvbjWGORNcMPiPNwnMu1Yb0WZVNrp2ZXA";
@Autowired
private JWT jwt;
@Before @Before
public void setup() { public void setup() {
JWT jwt = new JWT();
when(webSession.getCurrentLesson()).thenReturn(jwt); when(webSession.getCurrentLesson()).thenReturn(jwt);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
} }
@Test @Test

5
webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTRefreshEndpointTest.java
View File

@ -29,6 +29,7 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.MvcResult;
@ -46,9 +47,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class JWTRefreshEndpointTest extends LessonTest { public class JWTRefreshEndpointTest extends LessonTest {
@Autowired
private JWT jwt;
@Before @Before
public void setup() { public void setup() {
JWT jwt = new JWT();
when(webSession.getCurrentLesson()).thenReturn(jwt); when(webSession.getCurrentLesson()).thenReturn(jwt);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test"); when(webSession.getUserName()).thenReturn("unit-test");

5
webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTSecretKeyEndpointTest.java
View File

@ -29,6 +29,7 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@ -47,9 +48,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class JWTSecretKeyEndpointTest extends LessonTest { public class JWTSecretKeyEndpointTest extends LessonTest {
@Autowired
private JWT jwt;
@Before @Before
public void setup() { public void setup() {
JWT jwt = new JWT();
when(webSession.getCurrentLesson()).thenReturn(jwt); when(webSession.getCurrentLesson()).thenReturn(jwt);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test"); when(webSession.getUserName()).thenReturn("unit-test");

5
webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java
View File

@ -30,6 +30,7 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.MvcResult;
@ -53,9 +54,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class JWTVotesEndpointTest extends LessonTest { public class JWTVotesEndpointTest extends LessonTest {
@Autowired
private JWT jwt;
@Before @Before
public void setup() { public void setup() {
JWT jwt = new JWT();
when(webSession.getCurrentLesson()).thenReturn(jwt); when(webSession.getCurrentLesson()).thenReturn(jwt);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test"); when(webSession.getUserName()).thenReturn("unit-test");

17
webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionAC.java
View File

@ -22,31 +22,18 @@
package org.owasp.webgoat.missing_ac; package org.owasp.webgoat.missing_ac;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
@Component @Component
public class MissingFunctionAC extends NewLesson { public class MissingFunctionAC extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.ACCESS_CONTROL; return Category.ACCESS_CONTROL;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 40;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "missing-function-access-control.title"; return "missing-function-access-control.title";

1
webgoat-lessons/missing-function-ac/src/test/java/org/owasp/webgoat/missing_ac/MissingFunctionYourHashTest.java
View File

@ -36,7 +36,6 @@ import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

17
webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/PasswordReset.java
View File

@ -23,29 +23,16 @@
package org.owasp.webgoat.password_reset; package org.owasp.webgoat.password_reset;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component @Component
public class PasswordReset extends NewLesson { public class PasswordReset extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.AUTHENTICATION; return Category.AUTHENTICATION;
} }
@Override
public List<String> getHints() {
return new ArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "password-reset.title"; return "password-reset.title";

7
webgoat-lessons/password-reset/src/main/test/java/org/owasp/webgoat/password_reset/SecurityQuestionAssignmentTest.java
View File

@ -6,6 +6,7 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.mockito.Mockito; import org.mockito.Mockito;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mock.web.MockHttpSession; import org.springframework.mock.web.MockHttpSession;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@ -17,10 +18,12 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class SecurityQuestionAssignmentTest extends LessonTest { public class SecurityQuestionAssignmentTest extends LessonTest {
@Autowired
private PasswordReset passwordReset;
@Before @Before
public void setup() { public void setup() {
PasswordReset assignment = new PasswordReset(); Mockito.when(webSession.getCurrentLesson()).thenReturn(passwordReset);
Mockito.when(webSession.getCurrentLesson()).thenReturn(assignment);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
Mockito.when(webSession.getUserName()).thenReturn("unit-test"); Mockito.when(webSession.getUserName()).thenReturn("unit-test");
} }

17
webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswords.java
View File

@ -22,35 +22,22 @@
package org.owasp.webgoat.secure_password; package org.owasp.webgoat.secure_password;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* @author BenediktStuhrmann * @author BenediktStuhrmann
* @since 12/2/18. * @since 12/2/18.
*/ */
@Component @Component
public class SecurePasswords extends NewLesson { public class SecurePasswords extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.AUTHENTICATION; return Category.AUTHENTICATION;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 3;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "secure-passwords.title"; return "secure-passwords.title";

17
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionAdvanced.java
View File

@ -23,29 +23,16 @@
package org.owasp.webgoat.sql_injection.advanced; package org.owasp.webgoat.sql_injection.advanced;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component @Component
public class SqlInjectionAdvanced extends NewLesson { public class SqlInjectionAdvanced extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.INJECTION; return Category.INJECTION;
} }
@Override
public List<String> getHints() {
return new ArrayList<>();
}
@Override
public Integer getDefaultRanking() {
return 2;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "sql.advanced.title"; return "sql.advanced.title";

24
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjection.java
View File

@ -22,37 +22,17 @@
package org.owasp.webgoat.sql_injection.introduction; package org.owasp.webgoat.sql_injection.introduction;
import java.util.ArrayList;
import java.util.List;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
@Component @Component
public class SqlInjection extends NewLesson { public class SqlInjection extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.INJECTION; return Category.INJECTION;
} }
@Override
public List<String> getHints() {
List<String> hints = new ArrayList<String>();
// hints.add(getLabelManager().get("SqlStringInjectionHint1"));
// hints.add(getLabelManager().get("SqlStringInjectionHint2"));
// hints.add(getLabelManager().get("SqlStringInjectionHint3"));
// hints.add(getLabelManager().get("SqlStringInjectionHint4"));
// hints.add(getLabelManager().get("SqlStringInjectionHint5"));
return hints;
}
@Override
public Integer getDefaultRanking() {
return 0;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "sql.injection.title"; return "sql.injection.title";

17
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionMitigations.java
View File

@ -23,29 +23,16 @@
package org.owasp.webgoat.sql_injection.mitigation; package org.owasp.webgoat.sql_injection.mitigation;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component @Component
public class SqlInjectionMitigations extends NewLesson { public class SqlInjectionMitigations extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.INJECTION; return Category.INJECTION;
} }
@Override
public List<String> getHints() {
return new ArrayList<>();
}
@Override
public Integer getDefaultRanking() {
return 3;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "sql.mitigation.title"; return "sql.mitigation.title";

60
webgoat-container/src/main/java/org/owasp/webgoat/lessons/NewLesson.java → webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/SqlLessonTest.java
View File

@ -1,50 +1,46 @@
package org.owasp.webgoat.lessons; /*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
import java.util.List; *
* Copyright (c) 2002 - 2019 Bruce Mayhew
/** *
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the * This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the * GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version. * License, or (at your option) any later version.
* <p> *
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* <p> *
* You should have received a copy of the GNU General Public License along with this program; if * You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA. * 02111-1307, USA.
* <p>
* Getting Source ==============
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
* <p>
* *
* @author WebGoat * Getting Source ==============
* @version $Id: $Id *
* @since October 12, 2016 * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
public abstract class NewLesson extends LessonAdapter {
@Override package org.owasp.webgoat.sql_injection;
public abstract Category getDefaultCategory();
public abstract List<String> getHints(); import org.junit.Before;
import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.sql_injection.introduction.SqlInjection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@Override import static org.mockito.Mockito.when;
public abstract Integer getDefaultRanking();
@Override public class SqlLessonTest extends LessonTest {
public abstract String getTitle();
@Autowired
private SqlInjection sql = new SqlInjection();
@Before
public void setup() {
when(webSession.getCurrentLesson()).thenReturn(sql);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
@Override
public abstract String getId();
} }

14
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10Test.java
View File

@ -27,6 +27,7 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.session.WebgoatContext; import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@ -42,21 +43,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 11/07/18. * @since 11/07/18.
*/ */
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson10Test extends LessonTest { public class SqlInjectionLesson10Test extends SqlLessonTest {
@Autowired
private WebgoatContext context;
private String completedError = "JSON path \"lessonCompleted\""; private String completedError = "JSON path \"lessonCompleted\"";
@Before
public void setup() {
SqlInjection sql = new SqlInjection();
when(webSession.getCurrentLesson()).thenReturn(sql);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
@Test @Test
public void tableExistsIsFailure() throws Exception { public void tableExistsIsFailure() throws Exception {
try { try {

14
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5aTest.java
View File

@ -6,6 +6,7 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.session.WebgoatContext; import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.owasp.webgoat.sql_injection.introduction.SqlInjection; import org.owasp.webgoat.sql_injection.introduction.SqlInjection;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@ -24,18 +25,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 5/21/17. * @since 5/21/17.
*/ */
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson5aTest extends LessonTest { public class SqlInjectionLesson5aTest extends SqlLessonTest {
@Autowired
private WebgoatContext context;
@Before
public void setup() throws Exception {
SqlInjection sql = new SqlInjection();
when(webSession.getCurrentLesson()).thenReturn(sql);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
@Test @Test
public void knownAccountShouldDisplayData() throws Exception { public void knownAccountShouldDisplayData() throws Exception {

9
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6aTest.java
View File

@ -26,6 +26,7 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@ -41,13 +42,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 6/15/17. * @since 6/15/17.
*/ */
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson6aTest extends LessonTest { public class SqlInjectionLesson6aTest extends SqlLessonTest {
@Before
public void setup() throws Exception {
when(webSession.getCurrentLesson()).thenReturn(new SqlInjection());
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
@Test @Test
public void wrongSolution() throws Exception { public void wrongSolution() throws Exception {

9
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson6bTest.java
View File

@ -26,6 +26,7 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.owasp.webgoat.sql_injection.introduction.SqlInjection; import org.owasp.webgoat.sql_injection.introduction.SqlInjection;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@ -41,13 +42,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 6/16/17. * @since 6/16/17.
*/ */
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson6bTest extends LessonTest { public class SqlInjectionLesson6bTest extends SqlLessonTest {
@Before
public void setup() throws Exception {
when(webSession.getCurrentLesson()).thenReturn(new SqlInjection());
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
@Test @Test
public void submitCorrectPassword() throws Exception { public void submitCorrectPassword() throws Exception {

14
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8Test.java
View File

@ -27,6 +27,7 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.session.WebgoatContext; import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.owasp.webgoat.sql_injection.introduction.SqlInjection; import org.owasp.webgoat.sql_injection.introduction.SqlInjection;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@ -44,18 +45,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 11/07/18. * @since 11/07/18.
*/ */
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson8Test extends LessonTest { public class SqlInjectionLesson8Test extends SqlLessonTest {
@Autowired
private WebgoatContext context;
@Before
public void setup() {
SqlInjection sql = new SqlInjection();
when(webSession.getCurrentLesson()).thenReturn(sql);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
@Test @Test
public void oneAccount() throws Exception { public void oneAccount() throws Exception {

14
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9Test.java
View File

@ -27,6 +27,7 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.session.WebgoatContext; import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@ -43,21 +44,10 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 11/07/18. * @since 11/07/18.
*/ */
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson9Test extends LessonTest { public class SqlInjectionLesson9Test extends SqlLessonTest {
@Autowired
private WebgoatContext context;
private String completedError = "JSON path \"lessonCompleted\""; private String completedError = "JSON path \"lessonCompleted\"";
@Before
public void setup() {
SqlInjection sql = new SqlInjection();
when(webSession.getCurrentLesson()).thenReturn(sql);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
@Test @Test
public void oneAccount() throws Exception { public void oneAccount() throws Exception {
try { try {

15
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/sql_injection/mitigation/SqlInjectionLesson12aTest.java
View File

@ -3,6 +3,7 @@ package org.owasp.webgoat.sql_injection.mitigation;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.sql_injection.SqlLessonTest;
import org.owasp.webgoat.sql_injection.introduction.SqlInjection; import org.owasp.webgoat.sql_injection.introduction.SqlInjection;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.session.WebgoatContext; import org.owasp.webgoat.session.WebgoatContext;
@ -21,19 +22,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
* @since 5/21/17. * @since 5/21/17.
*/ */
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class SqlInjectionLesson12aTest extends LessonTest { public class SqlInjectionLesson12aTest extends SqlLessonTest {
@Autowired
private WebgoatContext context;
@Before
public void setup() {
SqlInjection sql = new SqlInjection();
when(webSession.getCurrentLesson()).thenReturn(sql);
when(webSession.getWebgoatContext()).thenReturn(context);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
}
@Test @Test
public void knownAccountShouldDisplayData() throws Exception { public void knownAccountShouldDisplayData() throws Exception {

17
webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRF.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.ssrf; package org.owasp.webgoat.ssrf;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* ************************************************************************************************ * ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,22 +34,12 @@ import java.util.List;
* @since October 12, 2016 * @since October 12, 2016
*/ */
@Component @Component
public class SSRF extends NewLesson { public class SSRF extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.REQUEST_FORGERIES; return Category.REQUEST_FORGERIES;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 2;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "ssrf.title"; return "ssrf.title";

4
webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest1.java
View File

@ -4,6 +4,7 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultHandlers; import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
@ -21,10 +22,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class SSRFTest1 extends LessonTest { public class SSRFTest1 extends LessonTest {
@Autowired
private SSRF ssrf;
@Before @Before
public void setup() throws Exception { public void setup() throws Exception {
SSRF ssrf = new SSRF();
when(webSession.getCurrentLesson()).thenReturn(ssrf); when(webSession.getCurrentLesson()).thenReturn(ssrf);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
} }

4
webgoat-lessons/ssrf/src/test/java/org/owasp/webgoat/ssrf/SSRFTest2.java
View File

@ -26,6 +26,7 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultHandlers; import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
@ -43,10 +44,11 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class SSRFTest2 extends LessonTest { public class SSRFTest2 extends LessonTest {
@Autowired
private SSRF ssrf;
@Before @Before
public void setup() throws Exception { public void setup() throws Exception {
SSRF ssrf = new SSRF();
when(webSession.getCurrentLesson()).thenReturn(ssrf); when(webSession.getCurrentLesson()).thenReturn(ssrf);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
} }

17
webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponents.java
View File

@ -23,29 +23,16 @@
package org.owasp.webgoat.vulnerable_components; package org.owasp.webgoat.vulnerable_components;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component @Component
public class VulnerableComponents extends NewLesson { public class VulnerableComponents extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.VULNERABLE_COMPONENTS; return Category.VULNERABLE_COMPONENTS;
} }
@Override
public List<String> getHints() {
return new ArrayList();
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "vulnerable-components.title"; return "vulnerable-components.title";

17
webgoat-lessons/webgoat-introduction/src/main/java/org/owasp/webgoat/introduction/WebGoatIntroduction.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.introduction; package org.owasp.webgoat.introduction;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
/** /**
* ************************************************************************************************ * ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,22 +34,12 @@ import java.util.List;
* @since October 12, 2016 * @since October 12, 2016
*/ */
@Component @Component
public class WebGoatIntroduction extends NewLesson { public class WebGoatIntroduction extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.INTRODUCTION; return Category.INTRODUCTION;
} }
@Override
public List<String> getHints() {
return new ArrayList();
}
@Override
public Integer getDefaultRanking() {
return 1;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "webgoat.title"; return "webgoat.title";

17
webgoat-lessons/webgoat-lesson-template/src/main/java/org/owasp/webgoat/template/LessonTemplate.java
View File

@ -1,12 +1,9 @@
package org.owasp.webgoat.template; package org.owasp.webgoat.template;
import com.beust.jcommander.internal.Lists;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.List;
/** /**
* ************************************************************************************************ * ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
@ -37,23 +34,13 @@ import java.util.List;
* @since January 3, 2017 * @since January 3, 2017
*/ */
@Component @Component
public class LessonTemplate extends NewLesson { public class LessonTemplate extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.GENERAL; return Category.GENERAL;
} }
@Override
public List<String> getHints() {
return Lists.newArrayList();
}
@Override
public Integer getDefaultRanking() {
return 30;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "lesson-template.title"; return "lesson-template.title";

2
webgoat-lessons/webgoat-lesson-template/src/main/resources/lessonPlans/en/lesson-template-attack.adoc
View File

@ -5,7 +5,7 @@ Each lesson can contain multiple assignments, first let's define a lesson class
[source] [source]
---- ----
@Component @Component
public class LessonTemplate extends NewLesson { public class LessonTemplate extends AbstractLesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.GENERAL; return Category.GENERAL;

17
webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/webwolf_introduction/WebWolfIntroduction.java
View File

@ -23,29 +23,16 @@
package org.owasp.webgoat.webwolf_introduction; package org.owasp.webgoat.webwolf_introduction;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component @Component
public class WebWolfIntroduction extends NewLesson { public class WebWolfIntroduction extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.INTRODUCTION; return Category.INTRODUCTION;
} }
@Override
public List<String> getHints() {
return new ArrayList();
}
@Override
public Integer getDefaultRanking() {
return 10;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "webwolf.title"; return "webwolf.title";

21
webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/XXE.java
View File

@ -23,34 +23,17 @@
package org.owasp.webgoat.xxe; package org.owasp.webgoat.xxe;
import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.NewLesson; import org.owasp.webgoat.lessons.Lesson;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component @Component
public class XXE extends NewLesson { public class XXE extends Lesson {
@Override @Override
public Category getDefaultCategory() { public Category getDefaultCategory() {
return Category.XXE; return Category.XXE;
} }
@Override
public List<String> getHints() {
List<String> hints = new ArrayList<String>();
hints.add("Try submitting the form and see what happens");
hints.add("XXE stands for XML External Entity attack");
hints.add("Try to include your own DTD");
return hints;
}
@Override
public Integer getDefaultRanking() {
return 4;
}
@Override @Override
public String getTitle() { public String getTitle() {
return "xxe.title"; return "xxe.title";

6
webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/BlindSendFileAssignmentTest.java
View File

@ -34,6 +34,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class BlindSendFileAssignmentTest extends LessonTest { public class BlindSendFileAssignmentTest extends LessonTest {
@Autowired
private XXE xxe;
@Autowired @Autowired
private Comments comments; private Comments comments;
@Value("${webgoat.user.directory}") @Value("${webgoat.user.directory}")
@ -45,11 +47,9 @@ public class BlindSendFileAssignmentTest extends LessonTest {
public WireMockRule webwolfServer = new WireMockRule(wireMockConfig().dynamicPort()); public WireMockRule webwolfServer = new WireMockRule(wireMockConfig().dynamicPort());
@Before @Before
public void setup() throws Exception { public void setup() {
XXE xxe = new XXE();
when(webSession.getCurrentLesson()).thenReturn(xxe); when(webSession.getCurrentLesson()).thenReturn(xxe);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
port = webwolfServer.port(); port = webwolfServer.port();
} }

6
webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/ContentTypeAssignmentTest.java
View File

@ -47,15 +47,15 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class ContentTypeAssignmentTest extends LessonTest { public class ContentTypeAssignmentTest extends LessonTest {
@Autowired
private XXE xxe;
@Autowired @Autowired
private Comments comments; private Comments comments;
@Before @Before
public void setup() throws Exception { public void setup() {
XXE xxe = new XXE();
when(webSession.getCurrentLesson()).thenReturn(xxe); when(webSession.getCurrentLesson()).thenReturn(xxe);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
} }
@Test @Test

8
webgoat-lessons/xxe/src/test/java/org/owasp/webgoat/xxe/SimpleXXETest.java
View File

@ -28,6 +28,7 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.owasp.webgoat.plugins.LessonTest; import org.owasp.webgoat.plugins.LessonTest;
import org.owasp.webgoat.xxe.XXE; import org.owasp.webgoat.xxe.XXE;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@ -43,12 +44,13 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(SpringJUnit4ClassRunner.class)
public class SimpleXXETest extends LessonTest { public class SimpleXXETest extends LessonTest {
@Autowired
private XXE xxe;
@Before @Before
public void setup() throws Exception { public void setup() {
XXE xxe = new XXE();
when(webSession.getCurrentLesson()).thenReturn(xxe); when(webSession.getCurrentLesson()).thenReturn(xxe);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build(); this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();
when(webSession.getUserName()).thenReturn("unit-test");
} }
@Test @Test

3
webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java
View File

@ -28,6 +28,7 @@ import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.SpringApplication; import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
import org.springframework.util.StringUtils;
/** /**
* Main entry point, this project is here to get all the lesson jars included to the final jar file * Main entry point, this project is here to get all the lesson jars included to the final jar file
@ -40,7 +41,7 @@ import org.springframework.boot.web.servlet.support.SpringBootServletInitializer
public class StartWebGoat extends SpringBootServletInitializer { public class StartWebGoat extends SpringBootServletInitializer {
public static void main(String[] args) { public static void main(String[] args) {
log.info("Starting WebGoat with args: {}", args); log.info("Starting WebGoat with args: {}", StringUtils.arrayToCommaDelimitedString(args));
System.setProperty("spring.config.name", "application-webgoat"); System.setProperty("spring.config.name", "application-webgoat");
SpringApplication.run(StartWebGoat.class, args); SpringApplication.run(StartWebGoat.class, args);
} }

3
webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java
View File

@ -27,12 +27,13 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(MockitoJUnitRunner.class)
public class UserServiceTest { public class UserServiceTest {
@Mock @Mock

3
webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java
View File

@ -28,6 +28,7 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.validation.BindException; import org.springframework.validation.BindException;
@ -35,7 +36,7 @@ import static junit.framework.TestCase.assertTrue;
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
@RunWith(SpringJUnit4ClassRunner.class) @RunWith(MockitoJUnitRunner.class)
public class UserValidatorTest { public class UserValidatorTest {
@Mock @Mock