Merge branch 'next' of https://github.com/WebGoat/WebGoat into next

Author: act-ive

newDesign/assets/css/main.css

@@ -74,16 +74,16 @@ img {
 #header .brand {
   float: left;
   width: 240px;
-  min-height: 80px;
-  padding: 0 0 0 10px;
+  height: 80px;
+  padding: 0;
   position: relative;
-  background: #e84c3d url('../img/logo.png') no-repeat 25px 26px;
+  background: url('../img/logoBG.jpg') no-repeat 0px 0px;
 }
 #header .logo {
   color: #fff;
   font-size: 1.7em;
   text-transform: uppercase;
-  padding: 23px 0 0 57px;
+  padding: 23px 0 0 75px;
   display: inline-block;
 }
 #header .logo span {
@@ -696,6 +696,16 @@ fieldset[disabled] .btn-warning.active {
   color: #fff;
   border: none;
 }
+/* ==========================================================================
+  Modal
+   ========================================================================== */
+.modal-footer .btn + .btn {
+  margin-bottom: 5px;
+}
+.modal .modal-body.modal-scroll {
+  max-height: 350px;
+  overflow-y: auto;
+}
 /* ==========================================================================
    Media Queries
    ========================================================================== */

newDesign/assets/img/logoBG.jpg

@@ -57,7 +57,7 @@
             	<h1>Lesson Title in here</h1>
             </div><!--lesson title end-->
             <div class="user-nav pull-right">
-            	<button type="button" class="btn btn-default">
+            	<button type="button" class="btn btn-default" data-toggle="modal" data-target="#aboutModal">
                 	<i class="fa fa-info"></i>
                 </button>
                 <button type="button" class="btn btn-default">
@@ -72,16 +72,7 @@ <h1>Lesson Title in here</h1>
         <aside class="sidebar">
             <div id="leftside-navigation" class="nano">
                 <ul class="nano-content">
-                	<li class="active">
-                        <a href="index.html"><i class="fa fa-home"></i><span>Home</span></a>
-                    </li>
-                    <li>
-                        <a href="about.html"><i class="fa fa-users"></i><span>About</span></a>
-                    </li>
-                    <li>
-                        <a href="contact.html"><i class="fa fa-envelope-o"></i><span>Contact</span></a>
-                    </li>
-                    <li class="sub-menu">
+                	<li class="sub-menu">
                         <a href=""><i class="fa fa-bars"></i><span>LESSONS</span></a>
                     </li>
                     <li class="sub-menu">
@@ -203,9 +194,9 @@ <h1>About WebGoat</h1>
             			<div class="panel">
             				<div class="panel-body">
             					<div align="left">
-            						<button type="button" class="btn btn-default">Params</button>
-            						<button type="button" class="btn btn-default">Hints</button>
-            						<button type="button" class="btn btn-default">Cookies</button>
+            						<button type="button" class="btn btn-default btn-sm">Params</button>
+            						<button type="button" class="btn btn-default btn-sm">Hints</button>
+            						<button type="button" class="btn btn-default btn-sm">Cookies</button>
             					</div>
             					<hr />
             					<h3>Hints</h3>
@@ -219,6 +210,100 @@ <h3>Hints</h3>
         </section>
         <!--main content end-->
 
+  	<!-- Basic Modal -->
+    <div class="modal fade" id="aboutModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
+        <div class="modal-dialog">
+            <div class="modal-content">
+                <div class="modal-header">
+                    <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
+                    <h3 class="modal-title" id="myModalLabel">About WebGoat</h3>
+                </div>
+                <div class="modal-body modal-scroll">
+                    <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean quis posuere sapien, at ornare neque. Curabitur commodo efficitur ante, at finibus ex faucibus ut. Vivamus id diam blandit, convallis justo sed, vehicula sem. Cras a semper ex. Etiam dignissim tempus metus, sit amet blandit arcu pulvinar ac. Mauris dignissim rutrum ante sit amet posuere. Proin mollis sapien augue, at tempor metus iaculis eu. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Cras elementum finibus tincidunt.</p>
+                    <p>Version</p>
+                    <p>OWASP Reference - probably text and image</p>
+                    <div class="row">
+                    	<div class="col-md-6">
+                  		  <p>WebGoat Authors
+                    			<ul>
+                    				<li>name...</li>
+                    				<li>name...</li>
+                    				<li>name...</li>
+                    			</ul>
+                  		  	</p>
+                    	</div>
+                    	<div class="col-md-6">
+							<p>WebGoat Design Team
+								<ul>
+									<li>name...</li>
+									<li>name...</li>
+									<li>name...</li>
+								</ul>
+							</p>
+						</div>
+					</div>
+					<div class="row">
+                    	<div class="col-md-6">
+							<p>Active Contributors
+								<ul>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+								</ul>
+							</p>
+						</div>
+						<div class="col-md-6">
+							<p>Past Contributors
+								<ul>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+									<li>name... (Role)</li>
+								</ul>
+							</p>
+						</div>
+					</div>
+                </div>
+                <div class="modal-footer">
+                    <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
+                </div>
+            </div>
+        </div>
+    </div>
+    <!-- End Basic Modal -->
+        
     </section>
     <!--Global JS-->
     <script src="assets/js/jquery-1.10.2.min.js"></script>

newDesign/index.html

@@ -26,7 +26,7 @@
             <resource>
                 <directory>${basedir}/src/main/java</directory>
             </resource>
-                        <resource>
+            <resource>
                 <directory>${basedir}/src/main/resources</directory>
             </resource>
         </resources>
@@ -88,6 +88,11 @@
             <artifactId>axis-ant</artifactId>
             <version>1.2</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.3.2</version>
+        </dependency>
         <dependency>
             <groupId>commons-fileupload</groupId>
             <artifactId>commons-fileupload</artifactId>

pom.xml

@@ -17,7 +17,7 @@
  * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
  * please see http://www.owasp.org/
  * 
- * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
  * 
  * This program is free software; you can redistribute it and/or modify it under the terms of the
  * GNU General Public License as published by the Free Software Foundation; either version 2 of the
@@ -33,10 +33,10 @@
  * 
  * Getting Source ==============
  * 
- * Source for this application is maintained at code.google.com, a repository for free software
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
  * projects.
  * 
- * For details, please see http://code.google.com/p/webgoat/
+ * For details, please see http://webgoat.github.io
  * 
  * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created March 13, 2007

src/main/java/org/owasp/webgoat/Catcher.java

@@ -31,7 +31,7 @@
  * This file is part of WebGoat, an Open Web Application Security Project
  * utility. For details, please see http://www.owasp.org/
  *
- * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
  *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License as published by the Free Software
@@ -49,10 +49,10 @@
  *
  * Getting Source ==============
  *
- * Source for this application is maintained at code.google.com, a repository
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
  * for free software projects.
  *
- * For details, please see http://code.google.com/p/webgoat/
+ * For details, please see http://webgoat.github.io
  *
  *
  * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect

src/main/java/org/owasp/webgoat/HammerHead.java

@@ -16,7 +16,7 @@
  * This file is part of WebGoat, an Open Web Application Security Project
  * utility. For details, please see http://www.owasp.org/
  *
- * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
  *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License as published by the Free Software
@@ -34,10 +34,10 @@
  *
  * Getting Source ==============
  *
- * Source for this application is maintained at code.google.com, a repository
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
  * for free software projects.
  *
- * For details, please see http://code.google.com/p/webgoat/
+ * For details, please see http://webgoat.github.io
  *
  * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created October 28, 2003

src/main/java/org/owasp/webgoat/LessonSource.java

@@ -5,12 +5,17 @@
  */
 package org.owasp.webgoat.controller;
 
+import java.util.Collection;
+import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
-import org.owasp.webgoat.session.Course;
+import org.apache.commons.lang3.StringUtils;
 import org.owasp.webgoat.session.WebSession;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -28,6 +33,9 @@ public class Start {
 
     private static final String WELCOMED = "welcomed";
 
+    @Autowired
+    private ServletContext servletContext;
+
     @RequestMapping(value = "start.mvc", method = {RequestMethod.GET, RequestMethod.POST})
     public ModelAndView start(HttpServletRequest request,
             @RequestParam(value = "error", required = false) String error,
@@ -40,12 +48,32 @@ public ModelAndView start(HttpServletRequest request,
             model.setViewName("redirect:/login.mvc");
             return model;
         }
+        String role = getRole();
+        String user = request.getUserPrincipal().getName();
+        model.addObject("role", role);
+        model.addObject("user", user);
+
+        String contactEmail = servletContext.getInitParameter("email");
+        model.addObject("contactEmail", contactEmail);
 
         // if everything ok then go to webgoat UI
         model.setViewName("main_new");
         return model;
     }
 
+    private String getRole() {
+        Collection<GrantedAuthority> authorities = (Collection<GrantedAuthority>) SecurityContextHolder.getContext().getAuthentication().getAuthorities();
+        String role = "N/A";
+        for (GrantedAuthority authority : authorities) {
+            authority.getAuthority();
+            role = authority.getAuthority();
+            role = StringUtils.lowerCase(role);
+            role = StringUtils.remove(role, "role_");
+            break;
+        }
+        return role;
+    }
+
     public boolean checkWebSession(HttpSession session) {
         Object o = session.getAttribute(WebSession.SESSION);
         if (o == null) {

src/main/java/org/owasp/webgoat/controller/Start.java

@@ -42,7 +42,7 @@
  * This file is part of WebGoat, an Open Web Application Security Project
  * utility. For details, please see http://www.owasp.org/
  *
- * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
  *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License as published by the Free Software
@@ -60,10 +60,10 @@
  *
  * Getting Source ==============
  *
- * Source for this application is maintained at code.google.com, a repository
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
  * for free software projects.
  *
- * For details, please see http://code.google.com/p/webgoat/
+ * For details, please see http://webgoat.github.io
  *
  * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created October 28, 2003

src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java

@@ -20,7 +20,7 @@
  * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
  * please see http://www.owasp.org/
  * 
- * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
  * 
  * This program is free software; you can redistribute it and/or modify it under the terms of the
  * GNU General Public License as published by the Free Software Foundation; either version 2 of the
@@ -36,10 +36,10 @@
  * 
  * Getting Source ==============
  * 
- * Source for this application is maintained at code.google.com, a repository for free software
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
  * projects.
  * 
- * For details, please see http://code.google.com/p/webgoat/
+ * For details, please see http://webgoat.github.io
  * 
  * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @created October 28, 2003