merging
This commit is contained in:
Nanne Baars
misfir3
@ -1,59 +0,0 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentHints;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* *************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project
|
||||
* utility. For details, please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 20014 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under
|
||||
* the terms of the GNU General Public License as published by the Free Software
|
||||
* Foundation; either version 2 of the License, or (at your option) any later
|
||||
* version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
* details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with
|
||||
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
|
||||
* Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
|
||||
* for free software projects.
|
||||
*
|
||||
* For details, please see http://webgoat.github.io
|
||||
*
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@AssignmentPath("/HttpBasics/intercept-request")
|
||||
public class HttpBasicsInterceptRequest extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.GET)
|
||||
public @ResponseBody AttackResult completed(HttpServletRequest request) throws IOException {
|
||||
if (request.getHeader("x-request-intercepted").toLowerCase().equals("true") && request.getParameter("changeMe").equals("Requests are tampered easily")) {
|
||||
return trackProgress(AttackResult.success("Well done, you tampered the request as expected"));
|
||||
} else {
|
||||
return trackProgress(AttackResult.failed("Please try again. Make sure to make all the changes. And case sensitivity may matter ... or not, you never know!"));
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,48 +1,44 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import com.beust.jcommander.internal.Lists;
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentHints;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.assignments.AssignmentHints;
|
||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
||||
import org.owasp.webgoat.assignments.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* *************************************************************************************************
|
||||
*
|
||||
*
|
||||
* <p>
|
||||
* <p>
|
||||
* This file is part of WebGoat, an Open Web Application Security Project
|
||||
* utility. For details, please see http://www.owasp.org/
|
||||
*
|
||||
* <p>
|
||||
* Copyright (c) 2002 - 20014 Bruce Mayhew
|
||||
*
|
||||
* <p>
|
||||
* This program is free software; you can redistribute it and/or modify it under
|
||||
* the terms of the GNU General Public License as published by the Free Software
|
||||
* Foundation; either version 2 of the License, or (at your option) any later
|
||||
* version.
|
||||
*
|
||||
* <p>
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
* details.
|
||||
*
|
||||
* <p>
|
||||
* You should have received a copy of the GNU General Public License along with
|
||||
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
|
||||
* Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* <p>
|
||||
* Getting Source ==============
|
||||
*
|
||||
* <p>
|
||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
|
||||
* for free software projects.
|
||||
*
|
||||
* <p>
|
||||
* For details, please see http://webgoat.github.io
|
||||
*
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
@ -52,12 +48,17 @@ import java.util.List;
|
||||
@AssignmentHints({"http-basics.hints.http_basics_lesson.1"})
|
||||
public class HttpBasicsLesson extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public @ResponseBody AttackResult completed(@RequestParam String person) throws IOException {
|
||||
if (!person.toString().equals("")) {
|
||||
return trackProgress(AttackResult.success(getLabelProvider().get("http-basics.reversed", new StringBuffer(person).reverse().toString())));
|
||||
} else {
|
||||
return trackProgress(AttackResult.failed(getLabelProvider().get("http-basics.close")));
|
||||
}
|
||||
}
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public
|
||||
@ResponseBody
|
||||
AttackResult completed(@RequestParam String person) throws IOException {
|
||||
if (!person.toString().equals("")) {
|
||||
return trackProgress(success()
|
||||
.feedback("http-basics.reversed")
|
||||
.feedbackArgs(new StringBuffer(person).reverse().toString())
|
||||
.build());
|
||||
} else {
|
||||
return trackProgress(failed().feedback("http-basics.close").build());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,24 +1,18 @@
|
||||
package org.owasp.webgoat.plugin;
|
||||
|
||||
import com.beust.jcommander.internal.Lists;
|
||||
import org.owasp.webgoat.endpoints.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.endpoints.AssignmentHints;
|
||||
import org.owasp.webgoat.endpoints.AssignmentPath;
|
||||
import org.owasp.webgoat.lessons.AttackResult;
|
||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.assignments.AssignmentHints;
|
||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
||||
import org.owasp.webgoat.assignments.AttackResult;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Path;
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* *************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project
|
||||
* utility. For details, please see http://www.owasp.org/
|
||||
*
|
||||
@ -55,16 +49,15 @@ public class HttpBasicsQuiz extends AssignmentEndpoint {
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public @ResponseBody AttackResult completed(@RequestParam String answer, @RequestParam String magic_answer, @RequestParam String magic_num, HttpServletRequest request) throws IOException {
|
||||
if ("POST".equals(answer.toUpperCase()) && magic_answer.equals(magic_num)) {
|
||||
return trackProgress(AttackResult.success());
|
||||
return trackProgress(success().build());
|
||||
} else {
|
||||
StringBuffer message = new StringBuffer();
|
||||
if (!"POST".equals(answer.toUpperCase())) {
|
||||
message.append(getLabelProvider().get("http-basics.incorrect"));
|
||||
return trackProgress(failed().feedback("http-basics.incorrect").build());
|
||||
}
|
||||
if (!magic_answer.equals(magic_num)){
|
||||
message.append(getLabelProvider().get("http-basics.magic"));
|
||||
return trackProgress(failed().feedback("http-basics.magic").build());
|
||||
}
|
||||
return trackProgress(AttackResult.failed(getLabelProvider().get("http-basics.close", message.toString())));
|
||||
}
|
||||
return trackProgress(failed().build());
|
||||
}
|
||||
}
|
||||
|
||||
@ -10,6 +10,5 @@ http-basics.hints.http_basic_quiz.2=Try to intercept the request with <a href='h
|
||||
|
||||
http-basics.reversed=The server has reversed your name: {0}
|
||||
|
||||
http-basics.close=You are close, try again: {0}
|
||||
http-basics.incorrect=the HTTP Command is incorrect.
|
||||
http-basics.magic=the magic number is incorrect.
|
||||
http-basics.incorrect=You are close, try again: the HTTP Command is incorrect.
|
||||
http-basics.magic=You are close, try again: the magic number is incorrect.
|
||||
Reference in New Issue
Block a user