diff --git a/pom.xml b/pom.xml index db333c99b..93d9efab1 100644 --- a/pom.xml +++ b/pom.xml @@ -295,8 +295,8 @@ org.projectlombok lombok - 1.16.10 provided + true org.apache.commons diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml index a9a14bee9..ce2250357 100644 --- a/webgoat-container/pom.xml +++ b/webgoat-container/pom.xml @@ -92,29 +92,6 @@ never - - maven-clean-plugin - - - - ${project.basedir}/src/main/resources/plugin_lessons - - **/*.jar - **/*.pom - - - - ${user.home}/.webgoat/ - - **/*.jar - **/org/** - **/plugin/** - - - - - - org.apache.maven.plugins maven-jar-plugin @@ -135,14 +112,6 @@ com.fasterxml.jackson.datatype jackson-datatype-jsr310 - - org.projectlombok - lombok - - - org.projectlombok - lombok - org.springframework.boot spring-boot-starter-web @@ -152,10 +121,6 @@ spring-boot-starter-actuator - org.springframework.boot - spring-boot-starter-cache - - org.asciidoctor asciidoctorj 1.5.4 @@ -169,6 +134,13 @@ commons-lang3 ${commons-lang3.version} + + com.google.guava + guava + ${guava.version} + + + io.gatling.highcharts gatling-charts-highcharts @@ -210,19 +182,6 @@ test - - - commons-fileupload - commons-fileupload - ${commons-fileupload.version} - - - - com.google.guava - guava - ${guava.version} - - diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/SolutionService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/SolutionService.java deleted file mode 100644 index 2314ac6d5..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/SolutionService.java +++ /dev/null @@ -1,66 +0,0 @@ -/** - * ************************************************************************************************* - *

- *

- * This file is part of WebGoat, an Open Web Application Security Project - * utility. For details, please see http://www.owasp.org/ - *

- * Copyright (c) 2002 - 20014 Bruce Mayhew - *

- * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free Software - * Foundation; either version 2 of the License, or (at your option) any later - * version. - *

- * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more - * details. - *

- * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 59 Temple - * Place - Suite 330, Boston, MA 02111-1307, USA. - *

- * Getting Source ============== - *

- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository - * for free software projects. - */ -package org.owasp.webgoat.service; - -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.ResponseBody; - -/** - *

SolutionService class.

- * - * @author rlawson - * @version $Id: $Id - */ -@Controller -public class SolutionService { - - /** - * Returns solution for current attack - * - * @return a {@link java.lang.String} object. - */ - @RequestMapping(path = "/service/solution.mvc", produces = "text/html") - public - @ResponseBody - String showSolution() { - //// TODO: 11/6/2016 to decide not sure about the role in WebGoat 8 - String source = getSolution(); - return source; - } - - /** - *

getSolution.

- * - * @return a {@link java.lang.String} object. - */ - protected String getSolution() { - return "Solution is not available"; - } -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/SourceService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/SourceService.java deleted file mode 100644 index 15267f29d..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/SourceService.java +++ /dev/null @@ -1,82 +0,0 @@ -/** - * ************************************************************************************************* - *

- *

- * This file is part of WebGoat, an Open Web Application Security Project - * utility. For details, please see http://www.owasp.org/ - *

- * Copyright (c) 2002 - 20014 Bruce Mayhew - *

- * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free Software - * Foundation; either version 2 of the License, or (at your option) any later - * version. - *

- * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more - * details. - *

- * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 59 Temple - * Place - Suite 330, Boston, MA 02111-1307, USA. - *

- * Getting Source ============== - *

- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository - * for free software projects. - */ -package org.owasp.webgoat.service; - -import org.apache.commons.lang3.StringEscapeUtils; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.ResponseBody; - -import javax.servlet.http.HttpSession; - -/** - *

SourceService class.

- * - * @author rlawson - * @version $Id: $Id - */ -@Controller -//TODO REMOVE! -public class SourceService { - - /** - * Description of the Field - */ - public final static String START_SOURCE_SKIP = "START_OMIT_SOURCE"; - - /** Constant END_SOURCE_SKIP="END_OMIT_SOURCE" */ - public final static String END_SOURCE_SKIP = "END_OMIT_SOURCE"; - - /** - * Returns source for current attack - * - * @param session a {@link javax.servlet.http.HttpSession} object. - * @return a {@link java.lang.String} object. - */ - @RequestMapping(path = "/service/source.mvc", produces = "application/text") - public - @ResponseBody - String showSource(HttpSession session) { - //// TODO: 11/6/2016 to decide not sure about the role in WebGoat 8 - String source = getSource(); - if (source == null) { - source = "No source listing found"; - } - return StringEscapeUtils.escapeHtml4(source); - } - - /** - * Description of the Method - * - * @return Description of the Return Value - */ - protected String getSource() { - return "Source code is not available for this lesson."; - } -} diff --git a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/BlindSendFileAssignment.java b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/BlindSendFileAssignment.java index 0f8fcbdc9..750aaf876 100644 --- a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/BlindSendFileAssignment.java +++ b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/BlindSendFileAssignment.java @@ -1,7 +1,8 @@ package org.owasp.webgoat.plugin; +import com.google.common.base.Charsets; +import com.google.common.io.Files; import lombok.SneakyThrows; -import org.apache.commons.io.FileUtils; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentPath; import org.owasp.webgoat.assignments.AttackResult; @@ -63,7 +64,7 @@ public class BlindSendFileAssignment extends AssignmentEndpoint { if (!targetDirectory.exists()) { targetDirectory.mkdir(); } - FileUtils.write(new File(targetDirectory, "secret.txt"), CONTENTS); + Files.write(CONTENTS, new File(targetDirectory, "secret.txt"), Charsets.UTF_8); } @RequestMapping(method = RequestMethod.POST, consumes = MediaType.ALL_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) diff --git a/webgoat-server/pom.xml b/webgoat-server/pom.xml index e2308f714..f1c8d29ec 100644 --- a/webgoat-server/pom.xml +++ b/webgoat-server/pom.xml @@ -211,6 +211,7 @@ org.springframework.boot spring-boot-maven-plugin + true