Merge branch 'release/v8.0.0.M18'

2018-06-20 16:32:31 +02:00
parent 9af0054b5b c7da546249
commit 12123ef13b
29 changed files with 93 additions and 73 deletions
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6a.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6a.java
@ -1,10 +1,11 @@

-package org.owasp.webgoat.plugin.introduction;
+package org.owasp.webgoat.plugin.advanced;

 import org.owasp.webgoat.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.assignments.AssignmentHints;
 import org.owasp.webgoat.assignments.AssignmentPath;
 import org.owasp.webgoat.assignments.AttackResult;
+import org.owasp.webgoat.plugin.introduction.SqlInjectionLesson5a;
 import org.owasp.webgoat.session.DatabaseUtilities;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@ -55,7 +56,6 @@ public class SqlInjectionLesson6a extends AssignmentEndpoint {
    AttackResult completed(@RequestParam String userid_6a) throws IOException {
        return injectableQuery(userid_6a);
        // The answer: Smith' union select userid,user_name, password,cookie,cookie, cookie,userid from user_system_data --
-
    }

    protected AttackResult injectableQuery(String accountName) {
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6b.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6b.java
@ -1,5 +1,5 @@

-package org.owasp.webgoat.plugin.introduction;
+package org.owasp.webgoat.plugin.advanced;

 import org.owasp.webgoat.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.assignments.AssignmentPath;
--- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6a.adoc
+++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6a.adoc
@ -3,7 +3,7 @@
 Lets try to exploit a join to another table.  One of the tables in the WebGoat database is:

 -------------------------------------------------------
-CREATE TABLE user_system_data (userid varchar(5) not null primary key,
+CREATE TABLE user_system_data (userid int not null primary key,
 			                   user_name varchar(12),
 			                   password varchar(10),
 			                   cookie varchar(30));
--- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java
+++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java
@ -64,7 +64,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {

                .andExpect(status().isOk())
                .andExpect(jsonPath("$.lessonCompleted", is(true)))
-                .andExpect(jsonPath("$.feedback", containsString("dave")));
+                .andExpect(jsonPath("$.feedback", containsString("passW0rD")));
    }

    @Test
--- a/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6bTest.java
+++ b/webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6bTest.java
@ -30,7 +30,7 @@ public class SqlInjectionLesson6bTest extends LessonTest {
    @Test
    public void submitCorrectPassword() throws Exception {
        mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b")
-                .param("userid_6b", "dave"))
+                .param("userid_6b", "passW0rD"))

                .andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true)));
    }