Merge branch 'develop' of https://github.com/WebGoat/WebGoat into dev…

…elop
Key20 · Feb 6, 2017 · 85ef7ee · 85ef7ee
2 parents fbd37b3 + ae82df3
commit 85ef7ee
Show file tree

Hide file tree

Showing 79 changed files with 1,169 additions and 930 deletions.
diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml
@@ -166,6 +166,18 @@
                     </filesets>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>3.0.2</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>test-jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
@@ -31,20 +31,23 @@
 package org.owasp.webgoat;
 
 import com.google.common.collect.Sets;
+import org.owasp.webgoat.i18n.Messages;
+import org.owasp.webgoat.i18n.PluginMessages;
 import org.owasp.webgoat.session.Course;
 import org.owasp.webgoat.session.LabelDebugger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.LocaleResolver;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+import org.springframework.web.servlet.i18n.SessionLocaleResolver;
 import org.thymeleaf.extras.springsecurity4.dialect.SpringSecurityDialect;
 import org.thymeleaf.spring4.SpringTemplateEngine;
 import org.thymeleaf.spring4.templateresolver.SpringResourceTemplateResolver;
-import org.thymeleaf.templatemode.StandardTemplateModeHandlers;
 import org.thymeleaf.templateresolver.TemplateResolver;
 
 import java.io.File;
@@ -114,6 +117,24 @@ public void addResourceHandlers(ResourceHandlerRegistry registry) {
         registry.addResourceHandler("/plugin_lessons/**").addResourceLocations("file:///" + pluginTargetDirectory.toString() + "/");
     }
 
+    @Bean
+    public PluginMessages pluginMessages(Messages messages) {
+        return new PluginMessages(messages);
+    }
+
+    @Bean
+    public Messages messageSource(LocaleResolver localeResolver) {
+        Messages messages = new Messages(localeResolver);
+        messages.setBasename("classpath:/i18n/messages");
+        return messages;
+    }
+
+    @Bean
+    public LocaleResolver localeResolver() {
+        SessionLocaleResolver slr = new SessionLocaleResolver();
+        return slr;
+    }
+
     @Bean
     public HammerHead hammerHead(Course course) {
         return new HammerHead(course);

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
@@ -34,6 +34,7 @@
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.catalina.Context;
+import org.owasp.webgoat.i18n.PluginMessages;
 import org.owasp.webgoat.plugins.PluginClassLoader;
 import org.owasp.webgoat.plugins.PluginEndpointPublisher;
 import org.owasp.webgoat.plugins.PluginsExtractor;
@@ -91,8 +92,8 @@ public PluginClassLoader pluginClassLoader() {
     }
 
     @Bean
-    public PluginsExtractor pluginsLoader(@Qualifier("pluginTargetDirectory") File pluginTargetDirectory, PluginClassLoader classLoader) {
-        return new PluginsExtractor(pluginTargetDirectory, classLoader);
+    public PluginsExtractor pluginsLoader(@Qualifier("pluginTargetDirectory") File pluginTargetDirectory, PluginClassLoader classLoader, PluginMessages messages) {
+        return new PluginsExtractor(pluginTargetDirectory, classLoader, messages);
     }
 
     @Bean

diff --git a/...webgoat/endpoints/AssignmentEndpoint.java → ...bgoat/assignments/AssignmentEndpoint.java b/...webgoat/endpoints/AssignmentEndpoint.java → ...bgoat/assignments/AssignmentEndpoint.java
@@ -1,9 +1,8 @@
-/**
- * ************************************************************************************************
+/*
  * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
  * please see http://www.owasp.org/
  * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2017 Bruce Mayhew
  * <p>
  * This program is free software; you can redistribute it and/or modify it under the terms of the
  * GNU General Public License as published by the Free Software Foundation; either version 2 of the
@@ -23,19 +22,15 @@
  * projects.
  * <p>
  */
-package org.owasp.webgoat.endpoints;
+package org.owasp.webgoat.assignments;
 
 import lombok.Getter;
-import org.owasp.webgoat.i18n.LabelManager;
-import org.owasp.webgoat.i18n.LabelProvider;
-import org.owasp.webgoat.lessons.AttackResult;
+import org.owasp.webgoat.i18n.PluginMessages;
 import org.owasp.webgoat.session.UserSessionData;
 import org.owasp.webgoat.session.UserTracker;
 import org.owasp.webgoat.session.WebSession;
 import org.springframework.beans.factory.annotation.Autowired;
 
-import javax.ws.rs.Path;
-
 /**
  * Each lesson can define an endpoint which can support the lesson. So for example if you create a lesson which uses JavaScript and
  * needs to call out to the server to fetch data you can define an endpoint in that lesson. WebGoat will pick up this endpoint and
@@ -53,11 +48,10 @@ public abstract class AssignmentEndpoint extends Endpoint {
 	private WebSession webSession;
     @Autowired
     private UserSessionData userSessionData;
-    @Autowired
     @Getter
-    private LabelManager labelProvider;
+    @Autowired
+    private PluginMessages messages;
 
-
 	//// TODO: 11/13/2016 events better fit?
     protected AttackResult trackProgress(AttackResult attackResult) {
         if (attackResult.assignmentSolved()) {
@@ -80,4 +74,32 @@ protected UserSessionData getUserSessionData() {
     public final String getPath() {
         return this.getClass().getAnnotationsByType(AssignmentPath.class)[0].value();
     }
+
+    /**
+     * Convenience method for create a successful result:
+     *
+     * - Assignment is set to solved
+     * - Feedback message is set to 'assignment.solved'
+     *
+     * Of course you can overwrite these values in a specific lesson
+     *
+     * @return a builder for creating a result from a lesson
+     */
+    protected AttackResult.AttackResultBuilder success() {
+        return AttackResult.builder(messages).lessonCompleted(true).feedback("assignment.solved");
+    }
+
+    /**
+     * Convenience method for create a failed result:
+     *
+     * - Assignment is set to not solved
+     * - Feedback message is set to 'assignment.not.solved'
+     *
+     * Of course you can overwrite these values in a specific lesson
+     *
+     * @return a builder for creating a result from a lesson
+     */
+    protected AttackResult.AttackResultBuilder failed() {
+        return AttackResult.builder(messages).lessonCompleted(false).feedback("assignment.not.solved");
+    }
 }
diff --git a/...sp/webgoat/endpoints/AssignmentHints.java → .../webgoat/assignments/AssignmentHints.java b/...sp/webgoat/endpoints/AssignmentHints.java → .../webgoat/assignments/AssignmentHints.java
@@ -1,4 +1,4 @@
-package org.owasp.webgoat.endpoints;
+package org.owasp.webgoat.assignments;
 
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;

diff --git a/...asp/webgoat/endpoints/AssignmentPath.java → ...p/webgoat/assignments/AssignmentPath.java b/...asp/webgoat/endpoints/AssignmentPath.java → ...p/webgoat/assignments/AssignmentPath.java
@@ -1,6 +1,4 @@
-package org.owasp.webgoat.endpoints;
-
-import org.springframework.core.annotation.AliasFor;
+package org.owasp.webgoat.assignments;
 
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java b/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java
@@ -0,0 +1,94 @@
+/*
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ * <p>
+ * Copyright (c) 2002 - 2017 Bruce Mayhew
+ * <p>
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ * <p>
+ * Getting Source ==============
+ * <p>
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ * <p>
+ */
+
+package org.owasp.webgoat.assignments;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import org.owasp.webgoat.i18n.PluginMessages;
+
+@AllArgsConstructor
+public class AttackResult {
+
+    public static class AttackResultBuilder {
+
+        private boolean lessonCompleted;
+        private PluginMessages messages;
+        private Object[] feedbackArgs;
+        private String feedbackResourceBundleKey;
+        private String output;
+        private Object[] outputArgs;
+
+        public AttackResultBuilder(PluginMessages messages) {
+            this.messages = messages;
+        }
+
+        public AttackResultBuilder lessonCompleted(boolean lessonCompleted) {
+            this.lessonCompleted = lessonCompleted;
+            this.feedbackResourceBundleKey = "lesson.completed";
+            return this;
+        }
+
+        public AttackResultBuilder feedbackArgs(Object... args) {
+            this.feedbackArgs = args;
+            return this;
+        }
+
+        public AttackResultBuilder feedback(String resourceBundleKey) {
+            this.feedbackResourceBundleKey = resourceBundleKey;
+            return this;
+        }
+
+        public AttackResultBuilder output(String output) {
+            this.output = output;
+            return this;
+        }
+
+        public AttackResultBuilder outputArgs(Object... args) {
+            this.outputArgs = args;
+            return this;
+        }
+
+        public AttackResult build() {
+            return new AttackResult(lessonCompleted, messages.getMessage(feedbackResourceBundleKey, feedbackArgs), messages.getMessage(output, output, outputArgs));
+        }
+    }
+
+    @Getter
+    private boolean lessonCompleted;
+    @Getter
+    private String feedback;
+    @Getter
+    private String output;
+
+
+    public static AttackResultBuilder builder(PluginMessages messages) {
+        return new AttackResultBuilder(messages);
+    }
+
+    public boolean assignmentSolved() {
+        return lessonCompleted;
+    }
+}
diff --git a/...org/owasp/webgoat/endpoints/Endpoint.java → ...g/owasp/webgoat/assignments/Endpoint.java b/...org/owasp/webgoat/endpoints/Endpoint.java → ...g/owasp/webgoat/assignments/Endpoint.java
@@ -1,17 +1,8 @@
-package org.owasp.webgoat.endpoints;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint;
-
-import java.io.File;
-
-/**
- * ************************************************************************************************
+/*
  * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
  * please see http://www.owasp.org/
  * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * Copyright (c) 2002 - 2017 Bruce Mayhew
  * <p>
  * This program is free software; you can redistribute it and/or modify it under the terms of the
  * GNU General Public License as published by the Free Software Foundation; either version 2 of the
@@ -30,11 +21,16 @@
  * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
  * projects.
  * <p>
- *
- * @author nbaars
- * @version $Id: $Id
- * @since November 13, 2016
  */
+
+package org.owasp.webgoat.assignments;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint;
+
+import java.io.File;
+
 public abstract class Endpoint implements MvcEndpoint {
 
     @Autowired

diff --git a/...er/src/main/java/org/owasp/webgoat/i18n/ExposedReloadableResourceMessageBundleSource.java b/...er/src/main/java/org/owasp/webgoat/i18n/ExposedReloadableResourceMessageBundleSource.java