Merge pull request WebGoat#667 from WebGoat/spring-boot-2

Spring boot 2
qpioneer · Sep 24, 2019 · 686d8b0 · 686d8b0
2 parents 3ec4592 + d080b3e
commit 686d8b0
Show file tree

Hide file tree

Showing 300 changed files with 5,800 additions and 5,150 deletions.
diff --git a/LICENSE.txt b/LICENSE.txt
@@ -0,0 +1,19 @@
+This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
+
+Copyright (c) 2002 - 2019 Bruce Mayhew
+
+This program is free software; you can redistribute it and/or modify it under the terms of the
+GNU General Public License as published by the Free Software Foundation; either version 2 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with this program; if
+not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307, USA.
+
+Getting Source ==============
+
+Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
diff --git a/pom.xml b/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>1.5.21.RELEASE</version>
+        <version>2.1.8.RELEASE</version>
     </parent>
 
     <licenses>

diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml
@@ -121,8 +121,7 @@
         </dependency>
         <dependency>
             <groupId>org.thymeleaf.extras</groupId>
-            <artifactId>thymeleaf-extras-springsecurity4</artifactId>
-            <version>2.1.2.RELEASE</version>
+            <artifactId>thymeleaf-extras-springsecurity5</artifactId>
         </dependency>
         <dependency>
             <groupId>org.hsqldb</groupId>

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java b/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
@@ -39,12 +39,15 @@
 import org.owasp.webgoat.asciidoc.WebWolfMacro;
 import org.owasp.webgoat.asciidoc.WebWolfRootMacro;
 import org.owasp.webgoat.i18n.Language;
-import org.thymeleaf.TemplateProcessingParameters;
-import org.thymeleaf.resourceresolver.IResourceResolver;
-import org.thymeleaf.templateresolver.TemplateResolver;
-
-import java.io.*;
-import java.nio.charset.StandardCharsets;
+import org.thymeleaf.IEngineConfiguration;
+import org.thymeleaf.templateresolver.FileTemplateResolver;
+import org.thymeleaf.templateresource.ITemplateResource;
+import org.thymeleaf.templateresource.StringTemplateResource;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.StringWriter;
 import java.util.Map;
 
 import static org.asciidoctor.Asciidoctor.Factory.create;
@@ -57,80 +60,64 @@
  * </code>
  */
 @Slf4j
-public class AsciiDoctorTemplateResolver extends TemplateResolver {
+public class AsciiDoctorTemplateResolver extends FileTemplateResolver {
 
     private static final Asciidoctor asciidoctor = create();
     private static final String PREFIX = "doc:";
     private final Language language;
 
     public AsciiDoctorTemplateResolver(Language language) {
         this.language = language;
-
-        setResourceResolver(new AdocResourceResolver());
         setResolvablePatterns(Sets.newHashSet(PREFIX + "*"));
     }
 
     @Override
-    protected String computeResourceName(TemplateProcessingParameters params) {
-        String templateName = params.getTemplateName();
-        return templateName.substring(PREFIX.length());
-    }
-
-    private class AdocResourceResolver implements IResourceResolver {
-
-        @Override
-        public InputStream getResourceAsStream(TemplateProcessingParameters params, String resourceName) {
-            try (InputStream is = readInputStreamOrFallbackToEnglish(resourceName, language)) {
-                if (is == null) {
-                    log.warn("Resource name: {} not found, did you add the adoc file?", resourceName);
-                    return new ByteArrayInputStream(new byte[0]);
-                } else {
-                    StringWriter writer = new StringWriter();
-                    JavaExtensionRegistry extensionRegistry = asciidoctor.javaExtensionRegistry();
-                    extensionRegistry.inlineMacro("webWolfLink", WebWolfMacro.class);
-                    extensionRegistry.inlineMacro("webWolfRootLink", WebWolfRootMacro.class);
-                    extensionRegistry.inlineMacro("webGoatVersion", WebGoatVersionMacro.class);
-
-                    asciidoctor.convert(new InputStreamReader(is), writer, createAttributes());
-                    return new ByteArrayInputStream(writer.getBuffer().toString().getBytes(StandardCharsets.UTF_8));
-                }
-            } catch (IOException e) {
-                //no html yet
-                return new ByteArrayInputStream(new byte[0]);
+    protected ITemplateResource computeTemplateResource(IEngineConfiguration configuration, String ownerTemplate, String template, String resourceName, String characterEncoding, Map<String, Object> templateResolutionAttributes) {
+        var templateName = resourceName.substring(PREFIX.length());
+        try (InputStream is = readInputStreamOrFallbackToEnglish(templateName, language)) {
+            if (is == null) {
+                log.warn("Resource name: {} not found, did you add the adoc file?", templateName);
+                return new StringTemplateResource("");
+            } else {
+                StringWriter writer = new StringWriter();
+                JavaExtensionRegistry extensionRegistry = asciidoctor.javaExtensionRegistry();
+                extensionRegistry.inlineMacro("webWolfLink", WebWolfMacro.class);
+                extensionRegistry.inlineMacro("webWolfRootLink", WebWolfRootMacro.class);
+                extensionRegistry.inlineMacro("webGoatVersion", WebGoatVersionMacro.class);
+
+                asciidoctor.convert(new InputStreamReader(is), writer, createAttributes());
+                return new StringTemplateResource(writer.getBuffer().toString());
             }
+        } catch (IOException e) {
+            //no html yet
+            return new StringTemplateResource("");
         }
+    }
 
-        /**
-         * The resource name is for example HttpBasics_content1.adoc. This is always located in the following directory:
-         * <code>plugin/HttpBasics/lessonPlans/en/HttpBasics_content1.adoc</code>
-         */
-        private String computeResourceName(String resourceName, String language) {
-            return String.format("lessonPlans/%s/%s", language, resourceName);
-        }
+    /**
+     * The resource name is for example HttpBasics_content1.adoc. This is always located in the following directory:
+     * <code>plugin/HttpBasics/lessonPlans/en/HttpBasics_content1.adoc</code>
+     */
+    private String computeResourceName(String resourceName, String language) {
+        return String.format("lessonPlans/%s/%s", language, resourceName);
+    }
 
-        private InputStream readInputStreamOrFallbackToEnglish(String resourceName, Language language) {
-            InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(computeResourceName(resourceName, language.getLocale().getLanguage()));
-            if (is == null) {
-                is = Thread.currentThread().getContextClassLoader().getResourceAsStream(computeResourceName(resourceName, "en"));
-            }
-            return is;
+    private InputStream readInputStreamOrFallbackToEnglish(String resourceName, Language language) {
+        InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(computeResourceName(resourceName, language.getLocale().getLanguage()));
+        if (is == null) {
+            is = Thread.currentThread().getContextClassLoader().getResourceAsStream(computeResourceName(resourceName, "en"));
         }
+        return is;
+    }
 
-        private Map<String, Object> createAttributes() {
-            Map<String, Object> attributes = Maps.newHashMap();
-            attributes.put("source-highlighter", "coderay");
-            attributes.put("backend", "xhtml");
-
-            Map<String, Object> options = Maps.newHashMap();
-            options.put("attributes", attributes);
+    private Map<String, Object> createAttributes() {
+        Map<String, Object> attributes = Maps.newHashMap();
+        attributes.put("source-highlighter", "coderay");
+        attributes.put("backend", "xhtml");
 
-            return options;
-        }
+        Map<String, Object> options = Maps.newHashMap();
+        options.put("attributes", attributes);
 
-        @Override
-        public String getName() {
-            return "adocResourceResolver";
-        }
+        return options;
     }
-
 }
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java b/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java
@@ -1,47 +1,46 @@
 /**
- *************************************************************************************************
- *
- *
+ * ************************************************************************************************
+ * <p>
+ * <p>
  * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
  * please see http://www.owasp.org/
- *
+ * <p>
  * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
+ * <p>
  * This program is free software; you can redistribute it and/or modify it under the terms of the
  * GNU General Public License as published by the Free Software Foundation; either version 2 of the
  * License, or (at your option) any later version.
- *
+ * <p>
  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
  * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * General Public License for more details.
- *
+ * <p>
  * You should have received a copy of the GNU General Public License along with this program; if
  * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
  * 02111-1307, USA.
- *
+ * <p>
  * Getting Source ==============
- *
+ * <p>
  * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
  * projects.
  *
  * @author WebGoat
- * @since October 28, 2003
  * @version $Id: $Id
+ * @since October 28, 2003
  */
 package org.owasp.webgoat;
 
 import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 import com.google.common.io.ByteStreams;
-import lombok.SneakyThrows;
 import org.springframework.core.io.ResourceLoader;
-import org.thymeleaf.TemplateProcessingParameters;
-import org.thymeleaf.resourceresolver.IResourceResolver;
-import org.thymeleaf.templateresolver.TemplateResolver;
+import org.thymeleaf.IEngineConfiguration;
+import org.thymeleaf.templateresolver.FileTemplateResolver;
+import org.thymeleaf.templateresource.ITemplateResource;
+import org.thymeleaf.templateresource.StringTemplateResource;
 
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.InputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.Map;
 
 /**
@@ -53,42 +52,29 @@
  *
  * Thymeleaf will invoke this resolver based on the prefix and this implementation will resolve the html in the plugins directory
  */
-public class LessonTemplateResolver extends TemplateResolver {
+public class LessonTemplateResolver extends FileTemplateResolver {
 
     private final static String PREFIX = "lesson:";
-    private final File pluginTargetDirectory;
     private ResourceLoader resourceLoader;
     private Map<String, byte[]> resources = Maps.newHashMap();
 
-    public LessonTemplateResolver(File pluginTargetDirectory, ResourceLoader resourceLoader) {
-        this.pluginTargetDirectory = pluginTargetDirectory;
+    public LessonTemplateResolver(ResourceLoader resourceLoader) {
         this.resourceLoader = resourceLoader;
-        setResourceResolver(new LessonResourceResolver());
         setResolvablePatterns(Sets.newHashSet(PREFIX + "*"));
     }
 
     @Override
-    protected String computeResourceName(TemplateProcessingParameters params) {
-        String templateName = params.getTemplateName();
-        return templateName.substring(PREFIX.length());
-    }
-
-    private class LessonResourceResolver implements IResourceResolver {
-
-        @Override
-        @SneakyThrows
-        public InputStream getResourceAsStream(TemplateProcessingParameters params, String resourceName) {
-            byte[] resource = resources.get(resourceName);
-            if (resource == null) {
-                resource = ByteStreams.toByteArray(resourceLoader.getResource("classpath:/html/" + resourceName + ".html").getInputStream());
-                resources.put(resourceName, resource);
+    protected ITemplateResource computeTemplateResource(IEngineConfiguration configuration, String ownerTemplate, String template, String resourceName, String characterEncoding, Map<String, Object> templateResolutionAttributes) {
+        var templateName = resourceName.substring(PREFIX.length());;
+        byte[] resource = resources.get(templateName);
+        if (resource == null) {
+            try {
+                resource = ByteStreams.toByteArray(resourceLoader.getResource("classpath:/html/" + templateName + ".html").getInputStream());
+            } catch (IOException e) {
+                e.printStackTrace();
             }
-            return new ByteArrayInputStream(resource);
-        }
-
-        @Override
-        public String getName() {
-            return "lessonResourceResolver";
+            resources.put(resourceName, resource);
         }
+        return new StringTemplateResource(new String(resource, StandardCharsets.UTF_8));
     }
-}
+}