diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java index 944dba4ef..a1caa5266 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java @@ -45,7 +45,7 @@ public class Flag extends Endpoint { @PostConstruct public void initFlags() { - IntStream.range(1, 6).forEach(i -> FLAGS.put(i, UUID.randomUUID().toString())); + IntStream.range(1, 7).forEach(i -> FLAGS.put(i, UUID.randomUUID().toString())); FLAGS.entrySet().stream().forEach(e -> log.debug("Flag {} {}", e.getKey(), e.getValue())); } diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java index 743f67160..86586d36b 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java @@ -12,6 +12,7 @@ public interface SolutionConstants { String PASSWORD = "!!webgoat_admin_1234!!"; String SUPER_COUPON_CODE = "get_it_for_free"; String PASSWORD_TOM = "thisisasecretfortomonly"; + String PASSWORD_LARRY = "larryknows"; String JWT_PASSWORD = "victory"; } diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge4/Assignment4.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge4/Assignment4.java index 5d11bb839..199ac4d62 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge4/Assignment4.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge4/Assignment4.java @@ -1,133 +1,17 @@ package org.owasp.webgoat.plugin.challenge4; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.RandomStringUtils; import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentPath; -import org.owasp.webgoat.assignments.AttackResult; -import org.owasp.webgoat.plugin.Flag; -import org.owasp.webgoat.session.DatabaseUtilities; -import org.owasp.webgoat.session.WebSession; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.util.StringUtils; -import org.springframework.web.bind.annotation.PutMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.ResponseBody; - -import java.sql.*; - -import static org.owasp.webgoat.plugin.SolutionConstants.PASSWORD_TOM; -import static org.springframework.web.bind.annotation.RequestMethod.POST; /** * @author nbaars - * @since 4/8/17. + * @since 5/3/17. */ @AssignmentPath("/challenge/4") @Slf4j public class Assignment4 extends AssignmentEndpoint { - //Make it more random at runtime (good luck guessing) - private static final String USERS_TABLE_NAME = "challenge_users_" + RandomStringUtils.randomAlphabetic(16); - - @Autowired - private WebSession webSession; - - @PutMapping //assignment path is bounded to class so we use different http method :-) - @ResponseBody - public AttackResult registerNewUser(@RequestParam String username_reg, @RequestParam String email_reg, @RequestParam String password_reg) throws Exception { - AttackResult attackResult = checkArguments(username_reg, email_reg, password_reg); - - if (attackResult == null) { - Connection connection = DatabaseUtilities.getConnection(webSession); - checkDatabase(connection); - - String checkUserQuery = "select userid from " + USERS_TABLE_NAME + " where userid = '" + username_reg + "'"; - Statement statement = connection.createStatement(); - ResultSet resultSet = statement.executeQuery(checkUserQuery); - - if (resultSet.next()) { - attackResult = failed().feedback("user.exists").feedbackArgs(username_reg).build(); - } else { - PreparedStatement preparedStatement = connection.prepareStatement("INSERT INTO " + USERS_TABLE_NAME + " VALUES (?, ?, ?)"); - preparedStatement.setString(1, username_reg); - preparedStatement.setString(2, email_reg); - preparedStatement.setString(3, password_reg); - preparedStatement.execute(); - attackResult = success().feedback("user.created").feedbackArgs(username_reg).build(); - } - } - return attackResult; - } - - private AttackResult checkArguments(String username_reg, String email_reg, String password_reg) { - if (StringUtils.isEmpty(username_reg) || StringUtils.isEmpty(email_reg) || StringUtils.isEmpty(password_reg)) { - return failed().feedback("input.invalid").build(); - } - if (username_reg.length() > 250 || email_reg.length() > 30 || password_reg.length() > 30) { - return failed().feedback("input.invalid").build(); - } - return null; - } - - @RequestMapping(method = POST) - @ResponseBody - public AttackResult login(@RequestParam String username_login, @RequestParam String password_login) throws Exception { - Connection connection = DatabaseUtilities.getConnection(webSession); - checkDatabase(connection); - - PreparedStatement statement = connection.prepareStatement("select password from " + USERS_TABLE_NAME + " where userid = ? and password = ?"); - statement.setString(1, username_login); - statement.setString(2, password_login); - ResultSet resultSet = statement.executeQuery(); - - if (resultSet.next() && "tom".equals(username_login)) { - return success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(4)).build(); - } else { - return failed().feedback("challenge.close").build(); - } - } - - private void checkDatabase(Connection connection) throws SQLException { - try { - Statement statement = connection.createStatement(); - statement.execute("select 1 from " + USERS_TABLE_NAME); - } catch (SQLException e) { - createChallengeTable(connection); - } - } - - private void createChallengeTable(Connection connection) { - Statement statement = null; - try { - statement = connection.createStatement(); - String dropTable = "DROP TABLE " + USERS_TABLE_NAME; - statement.executeUpdate(dropTable); - } catch (SQLException e) { - log.info("Delete failed, this does not point to an error table might not have been present..."); - } - log.debug("Challenge 4 - Creating tables for users {}", USERS_TABLE_NAME); - try { - String createTableStatement = "CREATE TABLE " + USERS_TABLE_NAME - + " (" + "userid varchar(250)," - + "email varchar(30)," - + "password varchar(30)" - + ")"; - statement.executeUpdate(createTableStatement); - - String insertData1 = "INSERT INTO " + USERS_TABLE_NAME + " VALUES ('larry', 'larry@webgoat.org', 'larryknows')"; - String insertData2 = "INSERT INTO " + USERS_TABLE_NAME + " VALUES ('tom', 'tom@webgoat.org', '" + PASSWORD_TOM + "')"; - String insertData3 = "INSERT INTO " + USERS_TABLE_NAME + " VALUES ('alice', 'alice@webgoat.org', 'rt*(KJ()LP())$#**')"; - String insertData4 = "INSERT INTO " + USERS_TABLE_NAME + " VALUES ('eve', 'eve@webgoat.org', '**********')"; - statement.executeUpdate(insertData1); - statement.executeUpdate(insertData2); - statement.executeUpdate(insertData3); - statement.executeUpdate(insertData4); - } catch (SQLException e) { - log.error("Unable create table", e); - } - } + //just empty, posting the flag will mark the challenge as done as well no need to specify an endpoint here } - diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Views.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge4/Views.java similarity index 81% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Views.java rename to webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge4/Views.java index 4d72b4cd5..e9f47594c 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Views.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge4/Views.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.plugin.challenge5; +package org.owasp.webgoat.plugin.challenge4; /** * @author nbaars diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Vote.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge4/Vote.java similarity index 96% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Vote.java rename to webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge4/Vote.java index 79eaafd73..ccb51c3b1 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Vote.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge4/Vote.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.plugin.challenge5; +package org.owasp.webgoat.plugin.challenge4; import com.fasterxml.jackson.annotation.JsonView; import lombok.Getter; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/VotesEndpoint.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge4/VotesEndpoint.java similarity index 98% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/VotesEndpoint.java rename to webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge4/VotesEndpoint.java index b233bb509..619e35c13 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/VotesEndpoint.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge4/VotesEndpoint.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.plugin.challenge5; +package org.owasp.webgoat.plugin.challenge4; import com.google.common.collect.Maps; import io.jsonwebtoken.*; @@ -89,7 +89,7 @@ public class VotesEndpoint { if ("Guest".equals(user) || !validUsers.contains(user)) { value.setSerializationView(Views.GuestView.class); } else { - ((Collection) value.getValue()).forEach(v -> v.setFlag(FLAGS.get(5))); + ((Collection) value.getValue()).forEach(v -> v.setFlag(FLAGS.get(4))); value.setSerializationView(isAdmin ? Views.AdminView.class : Views.UserView.class); } } catch (JwtException e) { diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Assignment5.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Assignment5.java deleted file mode 100644 index 193ebdb03..000000000 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Assignment5.java +++ /dev/null @@ -1,17 +0,0 @@ -package org.owasp.webgoat.plugin.challenge5; - -import lombok.extern.slf4j.Slf4j; -import org.owasp.webgoat.assignments.AssignmentEndpoint; -import org.owasp.webgoat.assignments.AssignmentPath; - -/** - * @author nbaars - * @since 5/3/17. - */ -@AssignmentPath("/challenge/5") -@Slf4j -public class Assignment5 extends AssignmentEndpoint { - - //just empty, posting the flag will mark the challenge as done as well no need to specify an endpoint here - -} diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java new file mode 100644 index 000000000..0d987e4a8 --- /dev/null +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Assignment5.java @@ -0,0 +1,92 @@ +package org.owasp.webgoat.plugin.challenge5.challenge6; + +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.RandomStringUtils; +import org.owasp.webgoat.assignments.AssignmentEndpoint; +import org.owasp.webgoat.assignments.AssignmentPath; +import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.plugin.Flag; +import org.owasp.webgoat.session.DatabaseUtilities; +import org.owasp.webgoat.session.WebSession; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; + +import java.sql.*; + +import static org.owasp.webgoat.plugin.SolutionConstants.PASSWORD_TOM; +import static org.springframework.web.bind.annotation.RequestMethod.POST; + +/** + * @author nbaars + * @since 4/8/17. + */ +@AssignmentPath("/challenge/5") +@Slf4j +public class Assignment5 extends AssignmentEndpoint { + + //Make it more random at runtime (good luck guessing) + private static final String USERS_TABLE_NAME = "challenge_users_" + RandomStringUtils.randomAlphabetic(16); + + @Autowired + private WebSession webSession; + + @RequestMapping(method = POST) + @ResponseBody + public AttackResult login(@RequestParam String username_login, @RequestParam String password_login) throws Exception { + Connection connection = DatabaseUtilities.getConnection(webSession); + checkDatabase(connection); + + PreparedStatement statement = connection.prepareStatement("select password from " + USERS_TABLE_NAME + " where userid = '" + username_login + "' and password = '" + password_login + "'"); + ResultSet resultSet = statement.executeQuery(); + + if (resultSet.next()) { + return success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(5)).build(); + } else { + return failed().feedback("challenge.close").build(); + } + } + + private void checkDatabase(Connection connection) throws SQLException { + try { + Statement statement = connection.createStatement(); + statement.execute("select 1 from " + USERS_TABLE_NAME); + } catch (SQLException e) { + createChallengeTable(connection); + } + } + + private void createChallengeTable(Connection connection) { + Statement statement = null; + try { + statement = connection.createStatement(); + String dropTable = "DROP TABLE " + USERS_TABLE_NAME; + statement.executeUpdate(dropTable); + } catch (SQLException e) { + log.info("Delete failed, this does not point to an error table might not have been present..."); + } + log.debug("Challenge 5 - Creating tables for users {}", USERS_TABLE_NAME); + try { + String createTableStatement = "CREATE TABLE " + USERS_TABLE_NAME + + " (" + "userid varchar(250)," + + "email varchar(30)," + + "password varchar(30)" + + ")"; + statement.executeUpdate(createTableStatement); + + String insertData1 = "INSERT INTO " + USERS_TABLE_NAME + " VALUES ('larry', 'larry@webgoat.org', 'larryknows')"; + String insertData2 = "INSERT INTO " + USERS_TABLE_NAME + " VALUES ('tom', 'tom@webgoat.org', '" + PASSWORD_TOM + "')"; + String insertData3 = "INSERT INTO " + USERS_TABLE_NAME + " VALUES ('alice', 'alice@webgoat.org', 'rt*(KJ()LP())$#**')"; + String insertData4 = "INSERT INTO " + USERS_TABLE_NAME + " VALUES ('eve', 'eve@webgoat.org', '**********')"; + statement.executeUpdate(insertData1); + statement.executeUpdate(insertData2); + statement.executeUpdate(insertData3); + statement.executeUpdate(insertData4); + } catch (SQLException e) { + log.error("Unable create table", e); + } + } + +} + diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Challenge5.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Challenge5.java similarity index 92% rename from webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Challenge5.java rename to webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Challenge5.java index d0b431493..140162828 100644 --- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/Challenge5.java +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge5/challenge6/Challenge5.java @@ -1,4 +1,4 @@ -package org.owasp.webgoat.plugin.challenge5; +package org.owasp.webgoat.plugin.challenge5.challenge6; import com.google.common.collect.Lists; import org.owasp.webgoat.lessons.Category; diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge6/Assignment6.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge6/Assignment6.java new file mode 100644 index 000000000..256cc5e86 --- /dev/null +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge6/Assignment6.java @@ -0,0 +1,133 @@ +package org.owasp.webgoat.plugin.challenge6; + +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.RandomStringUtils; +import org.owasp.webgoat.assignments.AssignmentEndpoint; +import org.owasp.webgoat.assignments.AssignmentPath; +import org.owasp.webgoat.assignments.AttackResult; +import org.owasp.webgoat.plugin.Flag; +import org.owasp.webgoat.session.DatabaseUtilities; +import org.owasp.webgoat.session.WebSession; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.util.StringUtils; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; + +import java.sql.*; + +import static org.owasp.webgoat.plugin.SolutionConstants.PASSWORD_TOM; +import static org.springframework.web.bind.annotation.RequestMethod.POST; + +/** + * @author nbaars + * @since 4/8/17. + */ +@AssignmentPath("/challenge/6") +@Slf4j +public class Assignment6 extends AssignmentEndpoint { + + //Make it more random at runtime (good luck guessing) + private static final String USERS_TABLE_NAME = "challenge_users_" + RandomStringUtils.randomAlphabetic(16); + + @Autowired + private WebSession webSession; + + @PutMapping //assignment path is bounded to class so we use different http method :-) + @ResponseBody + public AttackResult registerNewUser(@RequestParam String username_reg, @RequestParam String email_reg, @RequestParam String password_reg) throws Exception { + AttackResult attackResult = checkArguments(username_reg, email_reg, password_reg); + + if (attackResult == null) { + Connection connection = DatabaseUtilities.getConnection(webSession); + checkDatabase(connection); + + String checkUserQuery = "select userid from " + USERS_TABLE_NAME + " where userid = '" + username_reg + "'"; + Statement statement = connection.createStatement(); + ResultSet resultSet = statement.executeQuery(checkUserQuery); + + if (resultSet.next()) { + attackResult = failed().feedback("user.exists").feedbackArgs(username_reg).build(); + } else { + PreparedStatement preparedStatement = connection.prepareStatement("INSERT INTO " + USERS_TABLE_NAME + " VALUES (?, ?, ?)"); + preparedStatement.setString(1, username_reg); + preparedStatement.setString(2, email_reg); + preparedStatement.setString(3, password_reg); + preparedStatement.execute(); + attackResult = success().feedback("user.created").feedbackArgs(username_reg).build(); + } + } + return attackResult; + } + + private AttackResult checkArguments(String username_reg, String email_reg, String password_reg) { + if (StringUtils.isEmpty(username_reg) || StringUtils.isEmpty(email_reg) || StringUtils.isEmpty(password_reg)) { + return failed().feedback("input.invalid").build(); + } + if (username_reg.length() > 250 || email_reg.length() > 30 || password_reg.length() > 30) { + return failed().feedback("input.invalid").build(); + } + return null; + } + + @RequestMapping(method = POST) + @ResponseBody + public AttackResult login(@RequestParam String username_login, @RequestParam String password_login) throws Exception { + Connection connection = DatabaseUtilities.getConnection(webSession); + checkDatabase(connection); + + PreparedStatement statement = connection.prepareStatement("select password from " + USERS_TABLE_NAME + " where userid = ? and password = ?"); + statement.setString(1, username_login); + statement.setString(2, password_login); + ResultSet resultSet = statement.executeQuery(); + + if (resultSet.next() && "tom".equals(username_login)) { + return success().feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(6)).build(); + } else { + return failed().feedback("challenge.close").build(); + } + } + + private void checkDatabase(Connection connection) throws SQLException { + try { + Statement statement = connection.createStatement(); + statement.execute("select 1 from " + USERS_TABLE_NAME); + } catch (SQLException e) { + createChallengeTable(connection); + } + } + + private void createChallengeTable(Connection connection) { + Statement statement = null; + try { + statement = connection.createStatement(); + String dropTable = "DROP TABLE " + USERS_TABLE_NAME; + statement.executeUpdate(dropTable); + } catch (SQLException e) { + log.info("Delete failed, this does not point to an error table might not have been present..."); + } + log.debug("Challenge 6 - Creating tables for users {}", USERS_TABLE_NAME); + try { + String createTableStatement = "CREATE TABLE " + USERS_TABLE_NAME + + " (" + "userid varchar(250)," + + "email varchar(30)," + + "password varchar(30)" + + ")"; + statement.executeUpdate(createTableStatement); + + String insertData1 = "INSERT INTO " + USERS_TABLE_NAME + " VALUES ('larry', 'larry@webgoat.org', 'larryknows')"; + String insertData2 = "INSERT INTO " + USERS_TABLE_NAME + " VALUES ('tom', 'tom@webgoat.org', '" + PASSWORD_TOM + "')"; + String insertData3 = "INSERT INTO " + USERS_TABLE_NAME + " VALUES ('alice', 'alice@webgoat.org', 'rt*(KJ()LP())$#**')"; + String insertData4 = "INSERT INTO " + USERS_TABLE_NAME + " VALUES ('eve', 'eve@webgoat.org', '**********')"; + statement.executeUpdate(insertData1); + statement.executeUpdate(insertData2); + statement.executeUpdate(insertData3); + statement.executeUpdate(insertData4); + } catch (SQLException e) { + log.error("Unable create table", e); + } + } + +} + diff --git a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge6/Challenge6.java b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge6/Challenge6.java new file mode 100644 index 000000000..f7b7b65f1 --- /dev/null +++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/challenge6/Challenge6.java @@ -0,0 +1,39 @@ +package org.owasp.webgoat.plugin.challenge6; + +import com.google.common.collect.Lists; +import org.owasp.webgoat.lessons.Category; +import org.owasp.webgoat.lessons.NewLesson; + +import java.util.List; + +/** + * @author nbaars + * @since 3/21/17. + */ +public class Challenge6 extends NewLesson { + + @Override + public Category getDefaultCategory() { + return Category.CHALLENGE; + } + + @Override + public List getHints() { + return Lists.newArrayList(); + } + + @Override + public Integer getDefaultRanking() { + return 10; + } + + @Override + public String getTitle() { + return "challenge6.title"; + } + + @Override + public String getId() { + return "Challenge6"; + } +} diff --git a/webgoat-lessons/challenge/src/main/resources/css/challenge2.css b/webgoat-lessons/challenge/src/main/resources/css/challenge2.css index 7bca52cbe..038ee6d9d 100644 --- a/webgoat-lessons/challenge/src/main/resources/css/challenge2.css +++ b/webgoat-lessons/challenge/src/main/resources/css/challenge2.css @@ -11,8 +11,8 @@ li.active{border-bottom:3px solid silver;} .btn-plus{cursor:pointer;font-size:7px;display:flex;align-items:center;padding:5px;padding-left:10px;padding-right:10px;border:1px solid gray;border-radius:2px;border-left:0px;} div.section > div {width:100%;display:inline-flex;} div.section > div > input {margin:0px;padding-left:5px;font-size:10px;padding-right:5px;max-width:18%;text-align:center;} -.attr,.attr2{cursor:pointer;margin-right:5px;height:20px;font-size:10px;padding:2px;border:1px solid gray;border-radius:2px;} -.attr.active,.attr2.active{ border:1px solid orange;} +.attr,.attr2{cursor:pointer;margin-right:5px;height:20px;font-size:11px;padding:2px;border:1px solid gray;border-radius:2px;} +.attr.active,.attr2.active{ border:2px solid orange;} @media (max-width: 426px) { .container {margin-top:0px !important;} diff --git a/webgoat-lessons/challenge/src/main/resources/css/challenge4.css b/webgoat-lessons/challenge/src/main/resources/css/challenge4.css index 6a8635ae6..590e2a4b0 100644 --- a/webgoat-lessons/challenge/src/main/resources/css/challenge4.css +++ b/webgoat-lessons/challenge/src/main/resources/css/challenge4.css @@ -1,96 +1,12 @@ -.panel-login { - border-color: #ccc; - -webkit-box-shadow: 0px 2px 3px 0px rgba(0,0,0,0.2); - -moz-box-shadow: 0px 2px 3px 0px rgba(0,0,0,0.2); - box-shadow: 0px 2px 3px 0px rgba(0,0,0,0.2); +a.list-group-item { + height:auto; } -.panel-login>.panel-heading { - color: #00415d; - background-color: #fff; - border-color: #fff; - text-align:center; +a.list-group-item.active small { + color:#fff; } -.panel-login>.panel-heading a{ - text-decoration: none; - color: #666; - font-weight: bold; - font-size: 15px; - -webkit-transition: all 0.1s linear; - -moz-transition: all 0.1s linear; - transition: all 0.1s linear; -} -.panel-login>.panel-heading a.active{ - color: #029f5b; - font-size: 18px; -} -.panel-login>.panel-heading hr{ - margin-top: 10px; - margin-bottom: 0px; - clear: both; - border: 0; - height: 1px; - background-image: -webkit-linear-gradient(left,rgba(0, 0, 0, 0),rgba(0, 0, 0, 0.15),rgba(0, 0, 0, 0)); - background-image: -moz-linear-gradient(left,rgba(0,0,0,0),rgba(0,0,0,0.15),rgba(0,0,0,0)); - background-image: -ms-linear-gradient(left,rgba(0,0,0,0),rgba(0,0,0,0.15),rgba(0,0,0,0)); - background-image: -o-linear-gradient(left,rgba(0,0,0,0),rgba(0,0,0,0.15),rgba(0,0,0,0)); -} -.panel-login input[type="text"],.panel-login input[type="email"],.panel-login input[type="password"] { - height: 45px; - border: 1px solid #ddd; - font-size: 16px; - -webkit-transition: all 0.1s linear; - -moz-transition: all 0.1s linear; - transition: all 0.1s linear; -} -.panel-login input:hover, -.panel-login input:focus { - outline:none; - -webkit-box-shadow: none; - -moz-box-shadow: none; - box-shadow: none; - border-color: #ccc; -} -.btn-login { - background-color: #59B2E0; - outline: none; - color: #fff; - font-size: 14px; - height: auto; - font-weight: normal; - padding: 14px 0; - text-transform: uppercase; - border-color: #59B2E6; -} -.btn-login:hover, -.btn-login:focus { - color: #fff; - background-color: #53A3CD; - border-color: #53A3CD; -} -.forgot-password { - text-decoration: underline; - color: #888; -} -.forgot-password:hover, -.forgot-password:focus { - text-decoration: underline; - color: #666; -} - -.btn-register { - background-color: #1CB94E; - outline: none; - color: #fff; - font-size: 14px; - height: auto; - font-weight: normal; - padding: 14px 0; - text-transform: uppercase; - border-color: #1CB94A; -} -.btn-register:hover, -.btn-register:focus { - color: #fff; - background-color: #1CA347; - border-color: #1CA347; +.stars { + margin:20px auto 1px; } +.img-responsive { + min-width: 100%; +} \ No newline at end of file diff --git a/webgoat-lessons/challenge/src/main/resources/css/challenge5.css b/webgoat-lessons/challenge/src/main/resources/css/challenge5.css deleted file mode 100644 index 590e2a4b0..000000000 --- a/webgoat-lessons/challenge/src/main/resources/css/challenge5.css +++ /dev/null @@ -1,12 +0,0 @@ -a.list-group-item { - height:auto; -} -a.list-group-item.active small { - color:#fff; -} -.stars { - margin:20px auto 1px; -} -.img-responsive { - min-width: 100%; -} \ No newline at end of file diff --git a/webgoat-lessons/challenge/src/main/resources/css/challenge6.css b/webgoat-lessons/challenge/src/main/resources/css/challenge6.css new file mode 100644 index 000000000..6a8635ae6 --- /dev/null +++ b/webgoat-lessons/challenge/src/main/resources/css/challenge6.css @@ -0,0 +1,96 @@ +.panel-login { + border-color: #ccc; + -webkit-box-shadow: 0px 2px 3px 0px rgba(0,0,0,0.2); + -moz-box-shadow: 0px 2px 3px 0px rgba(0,0,0,0.2); + box-shadow: 0px 2px 3px 0px rgba(0,0,0,0.2); +} +.panel-login>.panel-heading { + color: #00415d; + background-color: #fff; + border-color: #fff; + text-align:center; +} +.panel-login>.panel-heading a{ + text-decoration: none; + color: #666; + font-weight: bold; + font-size: 15px; + -webkit-transition: all 0.1s linear; + -moz-transition: all 0.1s linear; + transition: all 0.1s linear; +} +.panel-login>.panel-heading a.active{ + color: #029f5b; + font-size: 18px; +} +.panel-login>.panel-heading hr{ + margin-top: 10px; + margin-bottom: 0px; + clear: both; + border: 0; + height: 1px; + background-image: -webkit-linear-gradient(left,rgba(0, 0, 0, 0),rgba(0, 0, 0, 0.15),rgba(0, 0, 0, 0)); + background-image: -moz-linear-gradient(left,rgba(0,0,0,0),rgba(0,0,0,0.15),rgba(0,0,0,0)); + background-image: -ms-linear-gradient(left,rgba(0,0,0,0),rgba(0,0,0,0.15),rgba(0,0,0,0)); + background-image: -o-linear-gradient(left,rgba(0,0,0,0),rgba(0,0,0,0.15),rgba(0,0,0,0)); +} +.panel-login input[type="text"],.panel-login input[type="email"],.panel-login input[type="password"] { + height: 45px; + border: 1px solid #ddd; + font-size: 16px; + -webkit-transition: all 0.1s linear; + -moz-transition: all 0.1s linear; + transition: all 0.1s linear; +} +.panel-login input:hover, +.panel-login input:focus { + outline:none; + -webkit-box-shadow: none; + -moz-box-shadow: none; + box-shadow: none; + border-color: #ccc; +} +.btn-login { + background-color: #59B2E0; + outline: none; + color: #fff; + font-size: 14px; + height: auto; + font-weight: normal; + padding: 14px 0; + text-transform: uppercase; + border-color: #59B2E6; +} +.btn-login:hover, +.btn-login:focus { + color: #fff; + background-color: #53A3CD; + border-color: #53A3CD; +} +.forgot-password { + text-decoration: underline; + color: #888; +} +.forgot-password:hover, +.forgot-password:focus { + text-decoration: underline; + color: #666; +} + +.btn-register { + background-color: #1CB94E; + outline: none; + color: #fff; + font-size: 14px; + height: auto; + font-weight: normal; + padding: 14px 0; + text-transform: uppercase; + border-color: #1CB94A; +} +.btn-register:hover, +.btn-register:focus { + color: #fff; + background-color: #1CA347; + border-color: #1CA347; +} diff --git a/webgoat-lessons/challenge/src/main/resources/html/Challenge4.html b/webgoat-lessons/challenge/src/main/resources/html/Challenge4.html index 9f34c287a..f760beffe 100644 --- a/webgoat-lessons/challenge/src/main/resources/html/Challenge4.html +++ b/webgoat-lessons/challenge/src/main/resources/html/Challenge4.html @@ -6,100 +6,50 @@
+
+
-
-