show lesson solution

lawson89@gmail.com · lawson89@gmail.com · commit 5cf9b4752a91 · 2014-08-27T21:59:29.000-04:00
diff --git a/src/main/java/org/owasp/webgoat/HammerHead.java b/src/main/java/org/owasp/webgoat/HammerHead.java
@@ -129,6 +129,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
             // FIXME: If a response is written by updateSession(), do not
             // call makeScreen() and writeScreen()
             mySession = updateSession(request, response, context);
+            
             if (response.isCommitted()) {
                 logger.debug("Response already committed, exiting");
                 return;
diff --git a/src/main/java/org/owasp/webgoat/service/CookieService.java b/src/main/java/org/owasp/webgoat/service/CookieService.java
@@ -30,13 +30,16 @@
  */
 package org.owasp.webgoat.service;
 
+import java.util.Collections;
 import java.util.List;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpSession;
+import org.owasp.webgoat.lessons.model.RequestParameter;
 import org.owasp.webgoat.session.WebSession;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.servlet.ModelAndView;
 
 /**
  *
@@ -58,4 +61,23 @@ List<Cookie> showCookies(HttpSession session) {
         List<Cookie> cookies = ws.getCookiesOnLastRequest();
         return cookies;
     }
+
+    /**
+     * Returns cookies and params for current lesson
+     *
+     * @param session
+     * @return
+     */
+    @RequestMapping(value = "/cookies_widget.mvc", produces = "text/html")
+    public ModelAndView showCookiesAndParamsAsHtml(HttpSession session) {
+        ModelAndView model = new ModelAndView();
+        WebSession ws = getWebSession(session);
+        List<Cookie> cookies = ws.getCookiesOnLastRequest();
+        List<RequestParameter> listParms = ws.getParmsOnLastRequest();
+        Collections.sort(listParms);
+        model.addObject("wgcookies", cookies);
+        model.addObject("wgparams", listParms);
+        model.setViewName("widgets/cookies_and_params");
+        return model;
+    }
 }
diff --git a/src/main/java/org/owasp/webgoat/service/HintService.java b/src/main/java/org/owasp/webgoat/service/HintService.java
@@ -14,6 +14,7 @@
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.servlet.ModelAndView;
 
 /**
  *
@@ -53,4 +54,33 @@ List<Hint> showHint(HttpSession session) {
         }
         return listHints;
     }
+
+    @RequestMapping(value = "/hint_widget.mvc", produces = "text/html")
+    public
+            ModelAndView showHintsAsHtml(HttpSession session) {
+        ModelAndView model = new ModelAndView();
+        List<Hint> listHints = new ArrayList<Hint>();
+        model.addObject("hints", listHints);
+        WebSession ws = getWebSession(session);
+        AbstractLesson l = ws.getCurrentLesson();
+        if (l == null) {            
+            return model;
+        }
+        List<String> hints;
+        hints = l.getHintsPublic(ws);
+        if (hints == null) {
+            return model;
+        }
+        int idx = 0;
+        for (String h : hints) {
+            Hint hint = new Hint();
+            hint.setHint(h);
+            hint.setLesson(l.getName());
+            hint.setNumber(idx);
+            listHints.add(hint);
+            idx++;
+        }
+        model.setViewName("widgets/hints");
+        return model;
+    }
 }
diff --git a/src/main/java/org/owasp/webgoat/service/LessonPlanService.java b/src/main/java/org/owasp/webgoat/service/LessonPlanService.java
@@ -54,14 +54,15 @@ public class LessonPlanService extends BaseService {
      * @param session
      * @return
      */
-    @RequestMapping(value = "/lessonplan.mvc", produces = "application/json")
+    @RequestMapping(value = "/lessonplan.mvc", produces = "application/html")
     public @ResponseBody
-    SourceListing showSource(HttpSession session) {
+    String showPlan(HttpSession session) {
         WebSession ws = getWebSession(session);
-        String source = getSource(ws);
-        SourceListing sl = new SourceListing();
-        sl.setSource(source);
-        return sl;
+        String plan = getPlan(ws);
+        return plan;
+        //SourceListing sl = new SourceListing();
+        //sl.setSource(source);
+        //return sl;
     }
 
     /**
@@ -70,9 +71,9 @@ SourceListing showSource(HttpSession session) {
      * @param s Description of the Parameter
      * @return Description of the Return Value
      */
-    protected String getSource(WebSession s) {
+    protected String getPlan(WebSession s) {
 
-        String source = null;
+        String plan = null;
         int scr = s.getCurrentScreen();
         Course course = s.getCourse();
 
@@ -81,14 +82,12 @@ protected String getSource(WebSession s) {
             AbstractLesson lesson = course.getLesson(s, scr, AbstractLesson.USER_ROLE);
 
             if (lesson != null) {
-                source = lesson.getRawSource(s);
+                plan = lesson.getLessonPlan(s);
             }
         }
-        if (source == null) {
-            return "Source code is not available. Contact "
-                    + s.getWebgoatContext().getFeedbackAddressHTML();
+        if (plan == null) {
+            plan = "Plan is not available for this lesson.";
         }
-        return (source.replaceAll("(?s)" + START_SOURCE_SKIP + ".*" + END_SOURCE_SKIP,
-                "Code Section Deliberately Omitted"));
+        return plan;
     }
 }
diff --git a/src/main/java/org/owasp/webgoat/service/ParameterService.java b/src/main/java/org/owasp/webgoat/service/ParameterService.java
@@ -33,7 +33,6 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
-import java.util.Map;
 import javax.servlet.http.HttpSession;
 import org.owasp.webgoat.lessons.model.RequestParameter;
 import org.owasp.webgoat.session.WebSession;
@@ -61,9 +60,8 @@ public class ParameterService extends BaseService {
     @RequestMapping(value = "/parameter.mvc", produces = "application/json")
     public @ResponseBody
     List<RequestParameter> showParameters(HttpSession session) {
-        List<RequestParameter> listParms = new ArrayList<RequestParameter>();
         WebSession ws = getWebSession(session);
-        listParms = ws.getParmsOnLastRequest();
+        List<RequestParameter> listParms = ws.getParmsOnLastRequest();
         Collections.sort(listParms);
         return listParms;
     }
diff --git a/src/main/java/org/owasp/webgoat/service/SourceService.java b/src/main/java/org/owasp/webgoat/service/SourceService.java
@@ -34,7 +34,6 @@
 import static org.owasp.webgoat.LessonSource.END_SOURCE_SKIP;
 import static org.owasp.webgoat.LessonSource.START_SOURCE_SKIP;
 import org.owasp.webgoat.lessons.AbstractLesson;
-import org.owasp.webgoat.lessons.model.SourceListing;
 import org.owasp.webgoat.session.Course;
 import org.owasp.webgoat.session.WebSession;
 import org.springframework.stereotype.Controller;
@@ -54,14 +53,18 @@ public class SourceService extends BaseService {
      * @param session
      * @return
      */
-    @RequestMapping(value = "/source.mvc", produces = "application/json")
+    @RequestMapping(value = "/source.mvc", produces = "application/text")
     public @ResponseBody
-    SourceListing showSource(HttpSession session) {
+    String showSource(HttpSession session) {
         WebSession ws = getWebSession(session);
         String source = getSource(ws);
-        SourceListing sl = new SourceListing();
-        sl.setSource(source);
-        return sl;
+        if (source == null) {
+            source = "No source listing found";
+        }
+        return source;
+        //SourceListing sl = new SourceListing();
+        //sl.setSource(source);
+        //return sl;
     }
 
     /**
@@ -85,8 +88,7 @@ protected String getSource(WebSession s) {
             }
         }
         if (source == null) {
-            return "Source code is not available. Contact "
-                    + s.getWebgoatContext().getFeedbackAddressHTML();
+            return "Source code is not available for this lesson.";
         }
         return (source.replaceAll("(?s)" + START_SOURCE_SKIP + ".*" + END_SOURCE_SKIP,
                 "Code Section Deliberately Omitted"));
diff --git a/src/main/webapp/WEB-INF/pages/main_new.jsp b/src/main/webapp/WEB-INF/pages/main_new.jsp
@@ -117,7 +117,55 @@
 				
 			    </div>
                		</div>
-                </div>            
+                </div> 
+                <div class="row" id="lesson_cookies_row">
+               		<div class="col-md-12">
+                            <h4>Lesson Parameters and Cookies</h4>
+               			<div class="panel" >
+                                    <div class="panel-body" id="lesson_cookies">	
+
+                                    </div>                                    
+               			</div>
+               		</div>
+                </div>   
+                <div class="row" id="lesson_hint_row">
+               		<div class="col-md-12">
+                            <h4>Lesson Hints</h4>
+               			<div class="panel" >
+                                    <div class="panel-body" id="lesson_hint">	
+
+                                    </div>                                    
+               			</div>
+               		</div>
+                </div>                 
+                <div class="row" id="lesson_plan_row">
+               		<div class="col-md-12">
+                            <h4>Lesson Plan</h4>
+               			<div class="panel" >
+                                    <div class="panel-body" id="lesson_plan">	
+
+                                    </div>                                    
+               			</div>
+               		</div>
+                </div> 
+                <div class="row" id="lesson_solution_row">
+               		<div class="col-md-12">
+                            <h4>Lesson Solution</h4>
+               			<div class="panel" >
+                                    <div class="panel-body" id="lesson_solution">				
+                                    </div>                                    
+               			</div>
+               		</div>
+                </div> 
+                <div class="row" id="lesson_source_row">
+               		<div class="col-md-12">
+                            <h4>Lesson Source Code</h4>
+               			<div class="panel" >
+                                    <div class="panel-body" id="lesson_source">				
+                                    </div>                                    
+               			</div>
+               		</div>
+                </div> 
             </section>
         </section>
 
@@ -140,6 +188,7 @@
                     event.preventDefault();
                     $.get(this.href, {}, function(reply) {
                         $("#lesson_content").html(reply);
+                        goat.utils.showLessonSource();
                     }, "html");
                 });
                 app.init();
@@ -196,40 +245,13 @@
                     alert('status: ' + statusText + '\n\nresponseText: \n' + responseText +
                             '\n\nThe output div should have already been updated with the responseText.');
                 }
+                // JASON - SEE THIS HOOK
+                // update lesson cookies and params
+                // make any embedded forms ajaxy
+                goat.utils.showLessonCookiesAndParams();
                 goat.utils.makeFormsAjax();
             }
 
         </script>
     </body>
-        <!-- Modals -->        
-        <script type="text/ng-template" id="showSource.html">
-            <div class="modal-header">
-                <button class="btn btn-primary pull-right" ng-click="ok()">Close</button>            
-                <h3 class="modal-title">Lesson Source</h3>
-                
-            </div>
-            <div class="modal-body">
-                <pre>{{lessonSource}}</pre>
-            </div>
-            <div class="modal-footer">
-                <button class="btn btn-primary" ng-click="ok()">Close</button>                
-            </div>
-        </script>
-        
-        <script type="text/ng-template" id="showSolution.html">
-            <div class="modal-header">
-                <button class="btn btn-primary pull-right" ng-click="ok()">Close</button>            
-                <h3 class="modal-title">Lesson Solution</h3>
-                
-            </div>
-            <div class="modal-body" ng-include="lessonSolutionUrl">
-            
-            </div>
-            <div class="modal-footer">
-                <button class="btn btn-primary" ng-click="ok()">Close</button>                
-            </div>
-        </script>
-
-
-
 </html>
diff --git a/src/main/webapp/WEB-INF/pages/widgets/cookies_and_params.jsp b/src/main/webapp/WEB-INF/pages/widgets/cookies_and_params.jsp
@@ -0,0 +1,39 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%-- 
+    Document   : hints
+    Created on : Aug 27, 2014, 3:41:46 PM
+    Author     : rlawson
+--%>
+
+<%@page contentType="text/html" pageEncoding="windows-1252"%>
+<div class="col-md-6">
+    <table class="table table-condensed table-striped">
+        <caption><span class="label label-default">Parameters</span></caption>
+        <thead>
+            <tr><th>Name</th><th>Value</th></tr>
+        </thead>
+        <tbody>
+            <c:forEach var="wgparam" items="${wgparams}" varStatus="status">
+                <tr><td><span class="label label-info">${wgparam.name}</span></td><td>${wgparam.value}</td></tr>
+            </c:forEach>  
+        </tbody>
+    </table>
+</div>
+<div class="col-md-6">
+    <table class="table table-condensed  table-striped">
+        <caption><span class="label label-default">Cookies</span></caption>
+        <thead>
+            <tr><th>Name</th><th>Value</th></tr>
+        </thead>
+        <tbody>
+            <c:forEach var="wgcookie" items="${wgcookies}" varStatus="status">
+                <tr><td><span class="label label-info">${wgcookie.name}</span></td><td>${wgcookie.value}</td></tr>
+            </c:forEach>  
+        </tbody>
+    </table>
+</div>
+
+
+
+
+
diff --git a/src/main/webapp/WEB-INF/pages/widgets/hints.jsp b/src/main/webapp/WEB-INF/pages/widgets/hints.jsp
@@ -0,0 +1,27 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%-- 
+    Document   : hints
+    Created on : Aug 27, 2014, 3:41:46 PM
+    Author     : rlawson
+--%>
+
+<%@page contentType="text/html" pageEncoding="windows-1252"%>
+<div class="panel-group" id="accordion">
+    <c:forEach var="hint" items="${hints}" varStatus="status">
+        <div class="panel panel-default">
+            <div class="panel-heading">
+                <h3 class="panel-title">
+                    <a data-toggle="collapse" data-parent="#accordion" href="#collapse_${hint.number}">
+                        Hint-${hint.number}
+                    </a>
+                </h3>
+            </div>
+            <div id="collapse_${hint.number}" class="panel-collapse collapse">
+                <div class="panel-body">
+                    ${hint.hint}
+                </div>
+            </div>
+        </div>
+    </c:forEach>
+</div>
+
diff --git a/src/main/webapp/js/goatControllers.js b/src/main/webapp/js/goatControllers.js
diff --git a/src/main/webapp/js/goatUtil.js b/src/main/webapp/js/goatUtil.js
diff --git a/src/main/webapp/lesson_content.jsp b/src/main/webapp/lesson_content.jsp
