3.3 KiB
3.3 KiB
To include lesson template in build
- Edit the webgoat-server/pom.xml file and uncomment the section under
<!--uncommment below to run/include lesson template in WebGoat Build-->
- Also uncomment in webgoat-lessons/pom.xml where it says
<!-- uncomment below to include lesson template in build, also uncomment the dependency in webgoat-server/pom.xml-->
To add a lesson to WebGoat
There are a number of moving parts and this sample lesson will help you navigate those parts. Most of your work will be done in two directories. To start though, you can copy this directory with the name of your-lesson in the webgoat-lessons directory.
-
The POM file
- Change the line to give your lesson its own artifactId.
That should be all you need to do there:
<artifactId>webgoat-lesson-template</artifactId> - Change the line to give your lesson its own artifactId.
-
The Base Class
- The name of the class (file and class name) to better match your lesson. (e.g.
sql-injection>>SqlInjection) - The category in which you want your lesson to be in. You can create a new category if you want, or put in an issue to have one added.
- The
defaultRankingwill move your lesson up or down in the categories list. - Implement a new key name pair
lesson-template.title(the key) and update the same key/value pairyour.key=your valuein src/main/resources/i18n/WebGoatLabels.properties. - Implement a new value for the
getIdmethod, which leads us to...
- The name of the class (file and class name) to better match your lesson. (e.g.
-
The HTML content framing
- Rename the provided file in src/main/resources/html using your value from the
getIdmethod in your lesson's base class:
e.g.
public String getId() { return "your-lesson"; }>>your-lesson.html - Modify that file following the commented instructions in there.
- In conjunction with this file you.
- Rename the provided file in src/main/resources/html using your value from the
-
Assignment Endpoints
- In the above html file, you will see an example of an 'attack form'. You can create endpoints to handle these attacks and provide the user feedback and simulated output. See the example file here as well as other existing lessons for ways to extend these. You will extend the
AssignmentEndpointas the example will show: - You can also create supporting (non-assignment) endpoints, that are not evaluated/graded.
- See other lesson examples for creating unit/integration tests for your project as well.
- In the above html file, you will see an example of an 'attack form'. You can create endpoints to handle these attacks and provide the user feedback and simulated output. See the example file here as well as other existing lessons for ways to extend these. You will extend the
-
Getting your lesson to show up
-
Modify the webgoat-lessons/pom.xml to include your project in the
<modules>section:<modules> <!-- ... --> <module>webgoat-lesson-template</module> <!-- ... --> </modules> -
Modify the webgoat-server/pom.xml to add your project as a dependency in the
<dependencies>section:<dependencies> <!-- .... > <dependency> <groupId>org.owasp.webgoat.lesson</groupId> <artifactId>your-artfifact-id-here</artifactId> <version>${project.version}</version> </dependency> <!-- .... > </dependencies>
-
-
You should be ready to run and test your project. Please create issues at https://github.com/WebGoat/WebGoat if there errors or confusion with this documentation/template