dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/feature/spring-boot' into feature/spring-boot

Browse Source
This commit is contained in:
Jason White
2016-06-28 17:04:12 +02:00
parent 501ec1f9e0 966e5b9e0a
commit f203f38702
6 changed files with 129 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonDescription.java Normal file
View File

@ -0,0 +1,55 @@
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
* <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* <p>
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
* <p>
* Getting Source ==============
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
* <p>
*
* @author WebGoat
* @version $Id: $Id
* @since May 15, 2016
*/
package org.owasp.webgoat.plugins;
import java.util.List;
public class LessonDescription {
private String name;
private String title;
private String category;
private int ranking;
private List<String> hints;
}
/**
lesson:
name: Access Control Matrix
title: Using an Access Control Matrix
category: ACCESS_CONTROL
ranking: 10
hints:
- Many sites attempt to restrict access to resources by role.
- Developers frequently make mistakes implementing this scheme.
- Attempt combinations of users, roles, and resources.
*/

23
webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java
View File

@ -3,12 +3,10 @@ package org.owasp.webgoat.plugins;
import com.google.common.base.Optional;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.LessonEndpointMapping;
import org.springframework.util.StringUtils;
import java.io.File;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.HashMap;
@ -36,7 +34,6 @@ public class Plugin {
private Map<String, File> lessonPlansLanguageFiles = new HashMap<>();
private List<File> pluginFiles = Lists.newArrayList();
private File lessonSourceFile;
private List<Class> lessonEndpoints = Lists.newArrayList();
public Plugin(PluginClassLoader classLoader) {
this.classLoader = classLoader;
@ -50,22 +47,6 @@ public class Plugin {
public void findLesson(List<String> classes) {
for (String clazzName : classes) {
findLesson(clazzName);
findLessonEndpoints(clazzName);
}
}
private void findLessonEndpoints(String name) {
String realClassName = StringUtils.trimLeadingCharacter(name, '/').replaceAll("/", ".").replaceAll(".class", "");
try {
Class endpointClass = classLoader.loadClass(realClassName);
Annotation annotation = endpointClass.getAnnotation(LessonEndpointMapping.class);
if (annotation != null ) {
this.lessonEndpoints.add(endpointClass);
}
} catch (ClassNotFoundException e) {
e.printStackTrace();
//ignore
}
}
@ -104,10 +85,6 @@ public class Plugin {
}
}
public List<Class> getLessonEndpoints() {
return lessonEndpoints;
}
/**
* <p>rewritePaths.</p>
*

14
webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
View File

@ -27,8 +27,8 @@ import java.util.concurrent.CompletionService;
import java.util.concurrent.ExecutorCompletionService;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.jar.JarFile;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
/**
* <p>PluginsLoader class.</p>
@ -58,11 +58,11 @@ public class PluginsLoader {
public List<Plugin> loadPlugins() {
List<Plugin> plugins = Lists.newArrayList();
try {
File jarFile = new File(this.getClass().getProtectionDomain().getCodeSource().getLocation().getFile());
if (jarFile.isDirectory()) {
extractToTempDirectoryFromExplodedDirectory(jarFile);
URL location = this.getClass().getProtectionDomain().getCodeSource().getLocation();
if (ResourceUtils.isFileURL(location)) {
extractToTempDirectoryFromExplodedDirectory(ResourceUtils.getFile(location));
} else {
extractToTempDirectoryFromJarFile(jarFile);
extractToTempDirectoryFromJarFile(ResourceUtils.getFile(ResourceUtils.extractJarFileURL(location)));
}
List<URL> jars = listJars();
plugins = processPlugins(jars);
@ -73,7 +73,7 @@ public class PluginsLoader {
}
private void extractToTempDirectoryFromJarFile(File jarFile) throws IOException {
JarFile jar = new JarFile(jarFile);
ZipFile jar = new ZipFile(jarFile);
Enumeration<? extends ZipEntry> entries = jar.entries();
while (entries.hasMoreElements()) {
ZipEntry zipEntry = entries.nextElement();
@ -83,7 +83,7 @@ public class PluginsLoader {
}
}
private void unpack(JarFile jar, ZipEntry zipEntry) throws IOException {
private void unpack(ZipFile jar, ZipEntry zipEntry) throws IOException {
try (InputStream inputStream = jar.getInputStream(zipEntry)) {
String name = zipEntry.getName();
if (name.lastIndexOf("/") != -1) {