e49f5d610f
#961 : Give each user its own schema for the lessons
...
This way we can reset a lesson using the database for each user and not for all users at once.
Also solves the issue that when someone solves the lesson it is solved for all users on the same WebGoat instance
2021-04-16 13:28:07 +02:00
b3f7a5338e
Update to latest versions
2021-04-03 10:58:22 +02:00
23f67b3d25
Remove unknown field which is set by reflection
2021-03-31 19:31:13 +02:00
1d6a5ca01b
Run unit tests again and rewrite all to JUnit 5
...
Due to the migration to Spring Boot 2.4 the Vintage dependency was no longer included by default, resulting in skipping all unit tests.
2021-03-31 19:31:13 +02:00
ae6d448aa0
Replace ${revision} with real version as Maven
...
The CI pipeline should take care of this.
2021-03-31 19:31:13 +02:00
b8bdb8f432
Updating to the new development version
2021-03-30 14:05:26 +00:00
ead1d6fffb
Bootstrap requires jQuery
2021-03-15 17:48:13 +01:00
9b81cb44fa
Bootstrap loads now, otherwise dropdown etc does not work
2021-03-15 17:48:13 +01:00
142631c7a0
WIP
2021-03-15 17:48:13 +01:00
ad5ab4ca2e
Fixes #321 ( #935 )
...
Copyright year was "20014", replaced to "2014"
Fixed the old github.io URL which no longer exist
See https://github.com/WebGoat/WebGoat/issues/321
2021-02-18 19:06:11 +01:00
74b218b2a7
Use try with resources instead of try ( #921 )
...
* Use try with resources instead of try
* Remove unused lesson
* Remove unused fields
2021-01-13 18:21:04 +01:00
8235ea0f58
Custom menu ( #901 )
...
* added way to customize menu
* fixed unit mock test
* updated release notes
* updated release notes
* default none exclude
2020-11-27 14:36:57 +01:00
6bee0f3fa6
layout of page improved and ordered ranking ( #903 )
2020-11-27 13:58:58 +01:00
574039902d
changed version to snapshot version and introduced revision parameter
...
for it
2020-11-27 12:15:19 +01:00
f3e3cbd45f
Improve navigation bar ( #890 )
...
* Remove Raspberry pi Docker file
* Remove old show-source/solution and plan button
* Remove commented out code
* Improve navigation
* Remove underline from navigation and remove margin of left navigation button
* Make arrow a bit smaller so it aligns a bit better with the navigation bar itself
2020-11-13 07:24:52 +01:00
db3015e0bc
When current lesson is not set do not try to remove selected class as there is no element selected.
...
The current lesson is now selected correctly so it makes it easier to see which item in the menu is selected
2020-11-04 21:33:57 +01:00
fa9b5ae87d
Remove option to hide menu with the lessons
2020-11-04 21:33:57 +01:00
36cf028334
Remove blinking navigation buttons
2020-11-04 21:33:57 +01:00
39740e069e
New release
2020-05-22 14:10:31 +02:00
9b72610510
Extend XXE lesson with more content and add solution description
...
Remove obsolete images
Add stylesheet items specific for asciidoctor so we can for icons and source numbering
2020-05-22 10:10:42 +02:00
f520c3589c
flag submission fixed ( #812 )
2020-05-07 11:04:00 +02:00
832d6432fc
fix for JWT green button and WebWolf intro green button and added jwt int tests ( #808 )
2020-05-07 08:28:45 +02:00
9dea696c4c
added int test for IDOR and fixed green button issue ( #801 )
2020-04-29 12:12:11 +02:00
2398949396
added ace js for java
2020-04-28 09:33:54 +02:00
54610868fe
Fix the syntax differences between HSQL and Postgres
2020-04-27 11:45:41 +02:00
88eb4d7b26
ace editor added without all the nonsense around it
2020-04-26 16:45:56 +02:00
4f649234a9
Fix Java 11 issue where the order of methods returned in AssignmentEndpoint subclasses returned wrong method for determining the mapping of an assignment. Now we walk over all methods until we find one which has for example a @GetMapping with AttackResult or ResponseEntity<AttackResult as return type. If no such method is found an exception is thrown
2020-04-19 15:42:50 +02:00
089952e9ad
quiz fix for CIA, SQL Injection Advanced and XSS + XSS description
...
change in alert(document.cookie)
2020-04-17 15:33:26 +02:00
b8abc99faf
fix for scoreboard after js refactoring
2020-04-08 12:05:01 +02:00
e921fb66a9
actual working version of vulnerable components part 5
2020-04-08 12:05:01 +02:00
e25f7a7560
clean up and update js
2020-04-08 12:05:01 +02:00
c4153ecbfb
Maven owasp dep update ( #776 )
...
* add pmd and owasp dependency check through -P owasp profile
* suppress full stack trace in log
* revert to spring 2.2.0 as 2.2.4 failed in travis
* added owasp dependency check maven configuration details to vulenerable
lesson page 7
2020-04-06 16:01:09 +02:00
3ece45b3d4
Fix for not passing the content-type
2020-03-10 08:03:48 +01:00
6b7678fb1d
Remove old files
2020-03-10 08:03:48 +01:00
6c25cf8e43
Add path traversal lesson
2020-03-10 08:03:48 +01:00
a8118a14cd
add support for status 403 feedback from e.g. ModSecurity/CRS
2020-02-28 23:06:42 +01:00
4e371b63d0
suppressing some useless log messages and banners in unit tests ( #752 )
...
* suppressing some useless log messages and banners in unit tests
* some more log suppressed
2020-01-25 12:11:45 +01:00
edd6b7d7cf
Reset lesson bug ( #741 )
...
* Remove old code from UI
* Remove old code
* Remove old functions
* Remove unnecessary divs
* Remove logging to console
* Clear lesson messages (checkmark, output text etc) when lesson resets
2020-01-05 20:22:50 +01:00
0d7daf60d9
Fix broken e-mail link ( #738 )
2020-01-05 15:05:51 +01:00
59076fc9ef
adjusted WebWolfMacro
2019-12-23 17:08:33 +01:00
b5e5dd1d13
Crypto lesson ( #712 )
...
* crypto lesson added
* signing assignment
* integration test added for signing assignment
* added more hints
* corrections after rebase
* added some explanation
* added security defaults assignment
2019-11-23 21:52:14 +01:00
9c0b7f8233
Fix version substitution so WebGot home directory contains version number instead of @project.version@ in the name ( #710 )
2019-11-17 14:33:24 +01:00
5dd6b31905
Adjust lesson template ( #704 )
...
* Remove method `getId()` from all lessons as it defaults to the class name
* remove clean up endpoint
* remove unused class `RequestParameter`
* remove unused class `PluginLoadingFailure`
* Move `CourseConfiguration` to lesson package
* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat
* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`
* Put original solution back as well for SQL string injection
* review comments
* Add
2019-11-17 13:39:56 +01:00
f40b6ffd31
Moving back to snapshot
2019-11-13 12:27:26 +01:00
fe2ac1b8d4
New release, updating pom.xml
2019-11-12 09:22:45 +01:00
f7b794bf68
Race condition in counting number of attempts #567 ( #697 )
...
Add version to Hibernate mapping so we get optimistic locking this solves
number of parallel calls trying to update/guess and mess with the lesson
counter
2019-11-03 18:14:15 +01:00
1a83e2825e
Code style ( #696 )
...
* Remove Guava dependency from WebGoat
* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting
2019-11-03 18:11:09 +01:00
710adfae20
Upgrade to latest Spring Boot version
2019-10-30 08:28:14 +01:00
9b87fd602c
Explicitly set session persistence to false (result in non serializable exception)
2019-10-30 08:28:14 +01:00
689e3de7a4
Final changes for splitting SQL WebGoat and lessons
2019-10-30 08:28:14 +01:00
