Skip to content

Commit

Permalink
Hints per lesson (WebGoat#314)
Browse files Browse the repository at this point in the history 
Squashing and merging ...

* Each assigment should have the options to have its own set of hints WebGoat#278

* Updating lessons due to changes from WebGoat#278

* Enable i18n client side WebGoat#312

* IDOR move hints to assignment and enable i18n WebGoat#312
  • Loading branch information
@nbaars @misfir3
nbaars authored and misfir3 committed Jan 24, 2017
1 parent 6d727b9 commit 0779f7a
Show file tree
Hide file tree
Showing 56 changed files with 484 additions and 363 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,3 +36,4 @@ UserDatabase.mv.db
webgoat-container/src/main/webapp/users/guest.org.owasp.webgoat.plugin.*.props
webgoat-container/src/main/webapp/plugin_lessons/dist-*.pom
webgoat-lessons/**/target
**/*.jar
12 changes: 12 additions & 0 deletions webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
*/
package org.owasp.webgoat;

import com.fasterxml.jackson.annotation.JsonInclude;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.apache.catalina.Context;
Expand All @@ -49,8 +50,10 @@
import org.springframework.boot.web.support.SpringBootServletInitializer;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;

import java.io.File;
import java.util.Arrays;
Expand All @@ -68,6 +71,15 @@ public static void main(String[] args) throws Exception {
SpringApplication.run(WebGoat.class, args);
}

@Bean
@Primary
public Jackson2ObjectMapperBuilder jacksonBuilder() {
Jackson2ObjectMapperBuilder builder = new Jackson2ObjectMapperBuilder();
builder.indentOutput(true);
builder.serializationInclusion(JsonInclude.Include.NON_NULL);
return builder;
}

@Bean(name = "pluginTargetDirectory")
public File pluginTargetDirectory(@Value("${webgoat.user.directory}") final String webgoatHome) {
return new File(webgoatHome);
Expand Down
8 changes: 7 additions & 1 deletion webgoat-container/src/main/java/org/owasp/webgoat/endpoints/AssignmentEndpoint.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@
*/
package org.owasp.webgoat.endpoints;

import lombok.Getter;
import org.owasp.webgoat.i18n.LabelManager;
import org.owasp.webgoat.i18n.LabelProvider;
import org.owasp.webgoat.lessons.AttackResult;
import org.owasp.webgoat.session.UserSessionData;
import org.owasp.webgoat.session.UserTracker;
Expand All @@ -50,6 +53,9 @@ public abstract class AssignmentEndpoint extends Endpoint {
private WebSession webSession;
@Autowired
private UserSessionData userSessionData;
@Autowired
@Getter
private LabelManager labelProvider;


//// TODO: 11/13/2016 events better fit?
Expand All @@ -72,6 +78,6 @@ protected UserSessionData getUserSessionData() {

@Override
public final String getPath() {
return this.getClass().getAnnotationsByType(Path.class)[0].value();
return this.getClass().getAnnotationsByType(AssignmentPath.class)[0].value();
}
}
16 changes: 16 additions & 0 deletions webgoat-container/src/main/java/org/owasp/webgoat/endpoints/AssignmentHints.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
package org.owasp.webgoat.endpoints;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
* Created by nbaars on 1/14/17.
*/
@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
public @interface AssignmentHints {

String[] value() default {};
}
18 changes: 18 additions & 0 deletions webgoat-container/src/main/java/org/owasp/webgoat/endpoints/AssignmentPath.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package org.owasp.webgoat.endpoints;

import org.springframework.core.annotation.AliasFor;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
* Created by nbaars on 1/14/17.
*/
@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
public @interface AssignmentPath {

String value();
}
46 changes: 35 additions & 11 deletions webgoat-container/src/main/java/org/owasp/webgoat/i18n/LabelManager.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@

package org.owasp.webgoat.i18n;

import org.owasp.webgoat.session.LabelDebugger;
import org.springframework.stereotype.Component;

import java.io.Serializable;
import java.util.Locale;


Expand Down Expand Up @@ -33,22 +37,42 @@
* @version $Id: $Id
* @author dm
*/
public interface LabelManager
@Component
public class LabelManager
{
private static final long serialVersionUID = 1L;

/**
* <p>setLocale.</p>
*
* @param locale a {@link java.util.Locale} object.
*/
public void setLocale(Locale locale);
private LabelProvider labelProvider;
private LabelDebugger labelDebugger;
private Locale locale = new Locale(LabelProvider.DEFAULT_LANGUAGE);

/**
* <p>get.</p>
* <p>Constructor for LabelManagerImpl.</p>
*
* @param labelKey a {@link java.lang.String} object.
* @return a {@link java.lang.String} object.
* @param labelProvider a {@link LabelProvider} object.
*/
public String get(String labelKey);
protected LabelManager(LabelProvider labelProvider, LabelDebugger labelDebugger) {
this.labelDebugger = labelDebugger;
this.labelProvider = labelProvider;
}

/** {@inheritDoc} */
public void setLocale(Locale locale)
{
if (locale != null)
{
this.locale = locale;
}
}

/** {@inheritDoc} */
public String get(String labelKey, Object... params)
{
String label = labelProvider.get(locale, labelKey, params);
if (labelDebugger.isEnabled()) {
label = "<font color=\"#00CD00\">" + label + "</font>";
}
return label;
}

}
78 changes: 0 additions & 78 deletions webgoat-container/src/main/java/org/owasp/webgoat/i18n/LabelManagerImpl.java
View file

This file was deleted.

4 changes: 2 additions & 2 deletions webgoat-container/src/main/java/org/owasp/webgoat/i18n/LabelProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,8 @@ public ClassLoader getClassLoader() {
* @param strName a {@link java.lang.String} object.
* @return a {@link java.lang.String} object.
*/
public String get(Locale locale, String strName) {
return pluginLabels.getMessage(strName, null, useLocaleOrFallbackToEnglish(locale));
public String get(Locale locale, String strName, Object... params) {
return pluginLabels.getMessage(strName, params, useLocaleOrFallbackToEnglish(locale));
}

private Locale useLocaleOrFallbackToEnglish(Locale locale) {
Expand Down
8 changes: 1 addition & 7 deletions webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,13 +124,6 @@ public Category getCategory() {
*/
protected abstract boolean getDefaultHidden();

/**
* <p>getSubmitMethod</p>
*
* @return a {@link java.lang.String} object.
*/
public abstract String getSubmitMethod();

/**
* Gets the hintCount attribute of the Lesson object
*
Expand Down Expand Up @@ -219,4 +212,5 @@ public String toString() {
}

public abstract String getId();

}
7 changes: 7 additions & 0 deletions webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,11 @@

import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NonNull;
import lombok.RequiredArgsConstructor;

import java.io.Serializable;
import java.util.List;

/**
* ************************************************************************************************
Expand Down Expand Up @@ -35,10 +38,14 @@
* @since November 25, 2016
*/
@AllArgsConstructor
@RequiredArgsConstructor
@Getter
public class Assignment implements Serializable {

@NonNull
private final String name;
@NonNull
private final String path;
private List<String> hints;

}
61 changes: 6 additions & 55 deletions webgoat-container/src/main/java/org/owasp/webgoat/lessons/Hint.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,70 +26,21 @@
*/
package org.owasp.webgoat.lessons;

import lombok.Getter;
import lombok.Setter;

/**
* <p>Hint class.</p>
*
* @author rlawson
* @version $Id: $Id
*/
@Getter
@Setter
public class Hint {

private String hint;
private String lesson;
private String assignmentPath;
private int number;

/**
* <p>Getter for the field <code>hint</code>.</p>
*
* @return the hint
*/
public String getHint() {
return hint;
}

/**
* <p>Setter for the field <code>hint</code>.</p>
*
* @param hint the hint to set
*/
public void setHint(String hint) {
this.hint = hint;
}

/**
* <p>Getter for the field <code>lesson</code>.</p>
*
* @return the lesson
*/
public String getLesson() {
return lesson;
}

/**
* <p>Setter for the field <code>lesson</code>.</p>
*
* @param lesson the lesson to set
*/
public void setLesson(String lesson) {
this.lesson = lesson;
}

/**
* <p>Getter for the field <code>number</code>.</p>
*
* @return the number
*/
public int getNumber() {
return number;
}

/**
* <p>Setter for the field <code>number</code>.</p>
*
* @param number the number to set
*/
public void setNumber(int number) {
this.number = number;
}

}
Loading

0 comments on commit 0779f7a

Please sign in to comment.