Files
doc
java
org
owasp
webgoat
controller
lessons
ClientSideFiltering
CrossSiteScripting
DBCrossSiteScripting
DBSQLInjection
GoatHillsFinancial
RoleBasedAccessControl
SQLInjection
admin
instructor
model
AbstractLesson.java
AccessControlMatrix.java
BackDoors.java
BasicAuthentication.java
BlindNumericSqlInjection.java
BlindScript.java
BlindStringSqlInjection.java
BypassHtmlFieldRestrictions.java
CSRF.java
Category.java
Challenge2Screen.java
ClientSideValidation.java
CommandInjection.java
ConcurrencyCart.java
CsrfPromptByPass.java
CsrfTokenByPass.java
DOMInjection.java
DOMXSS.java
DOS_Login.java
DangerousEval.java
Encoding.java
FailOpenAuthentication.java
ForcedBrowsing.java
ForgotPassword.java
HiddenFieldTampering.java
HowToWork.java
HtmlClues.java
HttpBasics.java
HttpBasicsController.java
HttpOnly.java
HttpSplitting.java
InsecureLogin.java
JSONInjection.java
JavaScriptValidation.java
LessonAdapter.java
LogSpoofing.java
MaliciousFileExecution.java
MultiLevelLogin1.java
MultiLevelLogin2.java
NewLesson.java
OffByOne.java
PasswordStrength.java
PathBasedAccessControl.java
Phishing.java
RandomLessonAdapter.java
ReflectedXSS.java
RemoteAdminFlaw.java
SameOriginPolicyProtection.java
SequentialLessonAdapter.java
SessionFixation.java
SilentTransactions.java
SoapRequest.java
SqlAddData.java
SqlModifyData.java
SqlNumericInjection.java
SqlStringInjection.java
StoredXss.java
ThreadSafetyProblem.java
TomcatSetup.java
TraceXSS.java
UncheckedEmail.java
UsefulTools.java
WSDLScanning.java
WeakAuthenticationCookie.java
WeakSessionID.java
WelcomeScreen.java
WsSAXInjection.java
WsSqlInjection.java
XMLInjection.java
XPATHInjection.java
service
servlets
session
util
Catcher.java
HammerHead.java
LessonSource.java
resources
scripts
tomcatconf
webapp
.gitignore
README.txt
build.xml
pom.xml
webgoat for SQL Server.bat
webgoat.bat
webgoat.sh
webgoat_8080.bat
webscarab.bat
WebGoat/java/org/owasp/webgoat/lessons/HttpBasicsController.java

108 lines
3.0 KiB
Java

package org.owasp.webgoat.lessons;
import java.util.ArrayList;
import java.util.List;
import org.apache.log4j.Logger;
import org.owasp.webgoat.lessons.model.HttpBasicsModel;
import org.owasp.webgoat.session.WebSession;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
/**
* <p>
* Handles the "HTTP Basics" lesson. Contains all
* mapping methods for that lesson as well as all helper methods
* used by those mappers.
* </p>
*
*/
@Controller
public class HttpBasicsController extends LessonAdapter {
protected static Logger logger = Logger.getLogger("controller");
// [url] path used by this lesson
private final String PAGE_PATH = "httpBasics.do";
// The (apache) tile used by this lesson, as specified in tiles-definitions.xml
private String TILE_NAME = "http-basics";
// ID attribute associated with the JSP's form.
private String FORM_NAME = "command";
/**
* @see {@link org.owasp.webgoat.lessons.AbstractLesson#getPath()}
* @see {@link org.owasp.webgoat.lessons.AbstractLesson#getLink()}
*/
protected String getPath() {
return PAGE_PATH;
}
/**
* Handles GET requests for this lesson.
* @return
*/
@RequestMapping(value = PAGE_PATH, method = RequestMethod.GET)
public ModelAndView displayPage() {
return new ModelAndView(TILE_NAME, FORM_NAME, new HttpBasicsModel());
}
/**
* Handles POST requests for this lesson. Takes the user's name and displays
* a reversed copy of it.
*
* @param httpBasicsModel
* @param model
* @return
*/
@RequestMapping(value = PAGE_PATH, method = RequestMethod.POST)
public ModelAndView processSubmit(
@ModelAttribute("")HttpBasicsModel httpBasicsModel, ModelMap model) {
StringBuffer personName = new StringBuffer(httpBasicsModel.getPersonName());
httpBasicsModel.setPersonName(personName.reverse().toString());
return new ModelAndView(TILE_NAME, FORM_NAME, httpBasicsModel);
}
public Category getCategory()
{
return Category.GENERAL;
}
/**
* Gets the hints attribute of the HelloScreen object
*
* @return The hints value
*/
public List<String> getHints(WebSession s)
{
List<String> hints = new ArrayList<String>();
hints.add("Type in your name and press 'go'");
hints.add("Turn on Show Parameters or other features");
hints.add("Try to intercept the request with WebScarab");
hints.add("Press the Show Lesson Plan button to view a lesson summary");
hints.add("Press the Show Solution button to view a lesson solution");
return hints;
}
protected String getInstructions()
{
return null;
}
public String getTitle()
{
// TODO: GET RID OF THE "(Spring MVC)" BELOW LATER!!!!"
return "HTTP Basics (Spring MVC)";
}
}