style sheet and advanced sql

fynch3r · Jul 19, 2019 · 656fa40 · 656fa40
1 parent 99435a1
commit 656fa40
Show file tree

Hide file tree

Showing 11 changed files with 38 additions and 26 deletions.
diff --git a/webgoat-container/src/main/resources/application.properties b/webgoat-container/src/main/resources/application.properties
@@ -1,3 +1,7 @@
+spring.mandatory-file-encoding=UTF-8
+spring.http.encoding.charset=UTF-8
+spring.http.encoding.enabled=true
+
 server.error.include-stacktrace=always
 server.error.path=/error.html
 server.session.timeout=600

diff --git a/webgoat-container/src/main/resources/static/css/main.css b/webgoat-container/src/main/resources/static/css/main.css
@@ -1001,9 +1001,15 @@ cookie-container {
     margin: 3px;
 }
 
+@keyframes blink { 
+   50% { border-color: white; } 
+}
+
 .cur-page {
-    border-bottom: 2px solid #000;
+    animation: blink 1.5s 2 forwards;
+    border: 3px solid blue;
     color:#aaa;
+    background-color: lightsalmon;
 }
 
 span.show-next-page, span.show-prev-page {

diff --git a/.../sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallenge.java b/.../sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallenge.java
@@ -20,7 +20,7 @@
  * @author nbaars
  * @since 4/8/17.
  */
-@AssignmentPath("SqlInjection/challenge")
+@AssignmentPath("/SqlInjectionAdvanced/challenge")
 @AssignmentHints(value = {"SqlInjectionChallenge1", "SqlInjectionChallenge2", "SqlInjectionChallenge3"})
 @Slf4j
 public class SqlInjectionChallenge extends AssignmentEndpoint {

diff --git a/...injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallengeLogin.java b/...injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallengeLogin.java
@@ -17,7 +17,7 @@
 
 import static org.springframework.web.bind.annotation.RequestMethod.POST;
 
-@AssignmentPath("SqlInjection/challenge_Login")
+@AssignmentPath("/SqlInjectionAdvanced/challenge_Login")
 @Slf4j
 @AssignmentHints(value ={"SqlInjectionChallengeHint1", "SqlInjectionChallengeHint2", "SqlInjectionChallengeHint3", "SqlInjectionChallengeHint4"})
 public class SqlInjectionChallengeLogin extends AssignmentEndpoint {

diff --git a/...s/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6a.java b/...s/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6a.java
@@ -42,7 +42,7 @@
  * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created October 28, 2003
  */
-@AssignmentPath("/SqlInjection/attack6a")
+@AssignmentPath("/SqlInjectionAdvanced/attack6a")
 @AssignmentHints(value = {"SqlStringInjectionHint-advanced-6a-1", "SqlStringInjectionHint-advanced-6a-2", "SqlStringInjectionHint-advanced-6a-3",
 "SqlStringInjectionHint-advanced-6a-4"})
 public class SqlInjectionLesson6a extends AssignmentEndpoint {

diff --git a/...s/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6b.java b/...s/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6b.java
@@ -47,7 +47,7 @@
  * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created October 28, 2003
  */
-@AssignmentPath("/SqlInjection/attack6b")
+@AssignmentPath("/SqlInjectionAdvanced/attack6b")
 public class SqlInjectionLesson6b extends AssignmentEndpoint {
 
     @RequestMapping(method = RequestMethod.POST)

diff --git a/...ssons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java b/...ssons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java
@@ -21,7 +21,7 @@
  * 3. add Request param with name of question to method head
  * For a more detailed description how to implement the quiz go to the quiz.js file in webgoat-container -> js
  */
-@AssignmentPath("/SqlInjection/quiz")
+@AssignmentPath("/SqlInjectionAdvanced/quiz")
 public class SqlInjectionQuiz extends AssignmentEndpoint {
 
     String[] solutions = {"Solution 4", "Solution 3", "Solution 2", "Solution 3", "Solution 4"};

diff --git a/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html b/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html
@@ -3,22 +3,24 @@
 <html xmlns:th="http://www.thymeleaf.org">
 <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/assignments.css}"/>
 
+<!-- 1 -->
 <div class="lesson-page-wrapper">
     <div class="adoc-content" th:replace="doc:SqlInjectionAdvanced_plan.adoc"></div>
 </div>
 
-
+<!-- 2 -->
 <div class="lesson-page-wrapper">
     <div class="adoc-content" th:replace="doc:SqlInjection_content6.adoc"></div>
 </div>
 
+<!-- 3 -->
 <div class="lesson-page-wrapper">
     <div class="adoc-content" th:replace="doc:SqlInjection_content6a.adoc"></div>
     <div class="attack-container">
         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
         <form class="attack-form" accept-charset="UNKNOWN"
               method="POST" name="form"
-              action="/WebGoat/SqlInjection/attack6a"
+              action="/WebGoat/SqlInjectionAdvanced/attack6a"
               enctype="application/json;charset=UTF-8">
             <table>
                 <tr>
@@ -29,15 +31,10 @@
                     <td></td>
                 </tr>
             </table>
-        </form>
-        <div class="attack-feedback"></div>
-        <div class="attack-output"></div>
-    </div>
-    <div class="attack-container">
-        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+        </form>        
         <form class="attack-form" accept-charset="UNKNOWN"
               method="POST" name="form"
-              action="/WebGoat/SqlInjection/attack6b"
+              action="/WebGoat/SqlInjectionAdvanced/attack6b"
               enctype="application/json;charset=UTF-8">
             <table>
                 <tr>
@@ -54,6 +51,7 @@
     </div>
 </div>
 
+<!-- 4 -->
 <div class="lesson-page-wrapper">
     <div class="adoc-content" th:replace="doc:SqlInjection_content6c.adoc"></div>
 </div>
@@ -83,7 +81,7 @@
                                 <div class="col-lg-12">
                                     <form id="login-form" class="attack-form" accept-charset="UNKNOWN"
                                           method="POST" name="form"
-                                          action="SqlInjection/challenge_Login"
+                                          action="SqlInjectionAdvanced/challenge_Login"
                                           enctype="application/json;charset=UTF-8" role="form">
                                         <div class="form-group">
                                             <input type="text" name="username_login" id="username4" tabindex="1"
@@ -119,7 +117,7 @@
                                     </form>
                                     <form id="register-form" class="attack-form" accept-charset="UNKNOWN"
                                           method="PUT" name="form"
-                                          action="SqlInjection/challenge"
+                                          action="SqlInjectionAdvanced/challenge"
                                           enctype="application/json;charset=UTF-8" style="display: none;" role="form">
                                         <div class="form-group">
                                             <input type="text" name="username_reg" id="username" tabindex="1"
@@ -172,7 +170,7 @@
             <div class="container-fluid">
                 <form id="quiz-form" class="attack-form" accept-charset="UNKNOWN"
                       method="POST" name="form"
-                      action="SqlInjection/quiz"
+                      action="/WebGoat/SqlInjectionAdvanced/quiz"
                       enctype="application/json;charset=UTF-8" role="form">
                     <div id="q_container"></div>
                     <br />

diff --git a/...jection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java b/...jection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java
@@ -30,7 +30,7 @@ public void setup() throws Exception {
 
     @Test
     public void wrongSolution() throws Exception {
-        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
+        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
                 .param("userid_6a", "John"))
 
                 .andExpect(status().isOk())
@@ -39,7 +39,7 @@ public void wrongSolution() throws Exception {
 
     @Test
     public void wrongNumberOfColumns() throws Exception {
-        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
+        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
                 .param("userid_6a", "Smith' union select userid,user_name, password,cookie from user_system_data --"))
 
                 .andExpect(status().isOk())
@@ -49,7 +49,7 @@ public void wrongNumberOfColumns() throws Exception {
 
     @Test
     public void wrongDataTypeOfColumns() throws Exception {
-        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
+        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
                 .param("userid_6a", "Smith' union select 1,password, 1,'2','3', '4',1 from user_system_data --"))
 
                 .andExpect(status().isOk())
@@ -59,7 +59,7 @@ public void wrongDataTypeOfColumns() throws Exception {
 
     @Test
     public void correctSolution() throws Exception {
-        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
+        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
                 .param("userid_6a", "Smith'; SELECT * from user_system_data; --"))
                 .andExpect(status().isOk())
                 .andExpect(jsonPath("$.lessonCompleted", is(false)))
@@ -68,7 +68,7 @@ public void correctSolution() throws Exception {
 
     @Test
     public void noResultsReturned() throws Exception {
-        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
+        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
                 .param("userid_6a", "Smith' and 1 = 2 --"))
 
                 .andExpect(status().isOk())
@@ -78,7 +78,7 @@ public void noResultsReturned() throws Exception {
 
     @Test
     public void noUnionUsed() throws Exception {
-        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6a")
+        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
                 .param("userid_6a", "S'; Select * from user_system_data; --"))
 
                 .andExpect(status().isOk())

diff --git a/...jection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6bTest.java b/...jection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6bTest.java
@@ -29,15 +29,15 @@ public void setup() throws Exception {
 
     @Test
     public void submitCorrectPassword() throws Exception {
-        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b")
+        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6b")
                 .param("userid_6b", "passW0rD"))
 
                 .andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true)));
     }
 
     @Test
     public void submitWrongPassword() throws Exception {
-        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b")
+        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6b")
                 .param("userid_6b", "John"))
 
                 .andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(false)));

diff --git a/webwolf/src/main/resources/application.properties b/webwolf/src/main/resources/application.properties
@@ -1,3 +1,7 @@
+spring.mandatory-file-encoding=UTF-8
+spring.http.encoding.charset=UTF-8
+spring.http.encoding.enabled=true
+
 server.error.include-stacktrace=always
 server.error.path=/error.html
 server.session.timeout=6000