dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,676 Commits 11 Branches 78 Tags
Commit Graph

92 Commits

Author SHA1 Message Date
Nanne Baars
e49f5d610f #961: Give each user its own schema for the lessons 
This way we can reset a lesson using the database for each user and not for all users at once.
Also solves the issue that when someone solves the lesson it is solved for all users on the same WebGoat instance
 2021-04-16 13:28:07 +02:00
Nanne Baars
23f67b3d25 Remove unknown field which is set by reflection 2021-03-31 19:31:13 +02:00
Nanne Baars
1d6a5ca01b Run unit tests again and rewrite all to JUnit 5 
Due to the migration to Spring Boot 2.4 the Vintage dependency was no longer included by default, resulting in skipping all unit tests.
 2021-03-31 19:31:13 +02:00
Maxim Masiutin
ad5ab4ca2e
Fixes #321 (#935) 
Copyright year was "20014", replaced to "2014"
Fixed the old github.io URL which no longer exist
See https://github.com/WebGoat/WebGoat/issues/321
 2021-02-18 19:06:11 +01:00
avivmu
74b218b2a7
Use try with resources instead of try (#921) 
* Use try with resources instead of try

* Remove unused lesson

* Remove unused fields
 2021-01-13 18:21:04 +01:00
René Zubcevic
8235ea0f58
Custom menu (#901) 
* added way to customize menu

* fixed unit mock test

* updated release notes

* updated release notes

* default none exclude
 2020-11-27 14:36:57 +01:00
Nanne Baars
9b72610510 Extend XXE lesson with more content and add solution description 
Remove obsolete images
Add stylesheet items specific for asciidoctor so we can for icons and source numbering
 2020-05-22 10:10:42 +02:00
René Zubcevic
4e371b63d0
suppressing some useless log messages and banners in unit tests (#752) 
* suppressing some useless log messages and banners in unit tests

* some more log suppressed
 2020-01-25 12:11:45 +01:00
Nanne Baars
5dd6b31905 Adjust lesson template (#704) 
* Remove method `getId()` from all lessons as it defaults to the class name

* remove clean up endpoint

* remove unused class `RequestParameter`

* remove unused class `PluginLoadingFailure`

* Move `CourseConfiguration` to lesson package

* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat

* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`

* Put original solution back as well for SQL string injection

* review comments

* Add
 2019-11-17 13:39:56 +01:00
Nanne Baars
1a83e2825e Code style (#696) 
* Remove Guava dependency from WebGoat

* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting
 2019-11-03 18:11:09 +01:00
Nanne Baars
25dae3a4a8 Fix merge request 2019-10-30 08:28:14 +01:00
René Zubcevic
0319c477b1
XSS lesson completion fixes (#669) 
* XSS lesson completion fixes

* removed log all

* lesson progress capable of deprecated assignments in the database

* fixed unit test for lesson progress
 2019-09-29 14:46:18 +02:00
Nanne Baars
e8d086ac9b All successful 2019-09-20 07:59:04 +02:00
Nanne Baars
82ad0a7cc7 Finally working 2019-09-18 17:53:43 +02:00
Nanne Baars
f774364461 Working unit tests 2019-09-13 20:05:25 +02:00
Nanne Baars
dceb375d5e WIP 2019-09-13 18:57:40 +02:00
Nanne Baars
5e6f825e64 WIP 2019-09-13 16:42:13 +02:00
Nanne Baars
361249c666 First attempt at moving to Spring Boot 2 2019-09-12 17:22:03 +02:00
Nanne Baars
ff530e926e Use separate project for integration tests so we can start WebGoat and WebWolf 2019-08-25 17:43:14 +02:00
Nanne Baars
216b29fca2 Clean up in pom files 2019-07-24 20:37:32 +02:00
Nanne Baars
dda6f674a3 Last assignment for JWT tokens finished 2018-05-23 14:28:19 +02:00
Nanne Baars
8b8a89a8ab Add extra informational message when a failure occurs while sending an email from WebGoat to WebWolf. 2018-04-28 16:01:57 +02:00
Nanne Baars
e4ca0c4836 Make report working again 2018-04-27 19:26:01 +02:00
nbaars
b99b554522 Version: docker 8.0.0.M9 Multiple users can't finalize the same lesson #432 2018-01-29 15:29:48 +01:00
nbaars
c6e86861fe Removed Mongodb, so we do not have issues with downloading the embedded Mongodb. Moved back to JPA and use HSQLDB for storing user information. 2017-12-29 22:12:21 +01:00
Nanne Baars
3ee1a1ca16 Travis now builds Docker and create a Github release. 
Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
 2017-10-18 10:54:16 +02:00
Nanne Baars
6cb526aa43 Maven build generates too much output for Travis CI 2017-10-08 01:58:03 +02:00
Nanne Baars
8a982dedb5 Updated XXE lesson so it also uses WebWolf 2017-10-07 13:46:34 +02:00
Nanne Baars
46c536554c - Added new challenges 
- Added new webapplication called WebWolf to make attacks more realistic
- Added WebWolf lesson to explain the concepts behind this new application
 2017-09-12 23:12:10 +02:00
Nanne Baars
e808abd504 Added testcase for SQL lesson 6a 2017-06-16 00:23:40 +02:00
Nanne Baars
129e9deba9 Added testcase for SQL injection lesson 2017-05-21 16:40:52 +02:00
Nanne Baars
0ad1f0d147 Fixing Travis issues while building 2017-05-21 13:28:29 +02:00
Nanne Baars
877de6ebd4 Updated XXE lessons with challenge screens 2017-05-21 12:24:42 +02:00
Nanne Baars
a676fffc4e Added Gatling performance testing 2017-05-03 09:40:57 +02:00
Nanne Baars
454e8d4c14 Solving an assignment twice adds its again which breaks the UI because the endpoint for lessonoverview returns mulitple values for the same assignment. 2017-05-02 04:38:30 +02:00
Nanne Baars
eb7a6bd2be Creating endpoint for the scoreboard 2017-05-02 02:29:47 +02:00
Nanne Baars
d66db56c86 Added test for LessonMenuService. 2017-04-16 07:28:35 +02:00
Nanne Baars
fbf2d1b422 Added validation to detect duplicate users during registration 2017-04-08 08:30:14 +02:00
Nanne Baars
9833637abf Fixed exception while logging in with unknown user 2017-03-23 21:46:21 +01:00
Nanne Baars
259fd19c1b - Introduced user registration 
- Now using Spring Boot for classloading, this way local development does not need to restart the complete server
- Fixed all kinds of dependencies on the names of the lessons necessary to keep in mind during the creation of a lesson.
- Simplied loading of resources, by adding resource mappings in MvcConfig.
- Refactored plugin loading, now only one class is left for loading the lessons.
 2017-03-22 11:35:14 +01:00
Nanne Baars
2d6235e4f0 Provide Server-side service to support UI localization #265 
- Now also enabled for adoc
 2017-03-02 21:17:21 +01:00
Nanne Baars
ae82df3fb4 Fixed issue with loading messages in different language. As a standalone jar you can write properties back to messages.properties, this approach worked when you run with exploded classpath (target/classes etc). However failed when running inside Docker container. 2017-02-05 21:54:07 +01:00
Nanne Baars
d25700434e Added tests for assignments 2017-01-31 23:28:59 +01:00
Nanne Baars
ee5a12d205 Provide Server-side service to support UI localization #265 (#322) 
merging
 2017-01-31 11:52:33 -05:00
Nanne Baars
0779f7a3d0 Hints per lesson (#314) 
Squashing and merging ...

* Each assigment should have the options to have its own set of hints #278

* Updating lessons due to changes from #278

* Enable i18n client side #312

* IDOR move hints to assignment and enable i18n #312
 2017-01-24 09:34:06 -05:00
Nanne Baars
badbabd439 Fixing can't login to webgoat #307 2017-01-15 16:28:19 +01:00
Nanne Baars
e2cb9ceae0 #277 Re-institute admin functionality for WebGoat 8 
- Report card functionality is back
 2016-12-31 18:27:20 +01:00
Nanne Baars
9c03b6f63b #276 Automatic lesson summary page 
- Basic overview of all the assignments needed to be solved in a lesson
 - Clicking on a link will jump to the correct page with the assignment
 - Lesson completed also updates lesson overview immediately
 2016-12-28 10:14:34 +01:00
Nanne Baars
b8b632905d Fixing failing unit test 2016-12-08 22:06:21 +01:00
Jason White
3ab86d69ca temporary commenting out test additions that were breaking build/run 2016-12-07 08:46:13 -05:00