From 181549468124bc45cf3bda78409a7390cc6ffe69 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Sat, 19 Mar 2016 12:40:28 +0100
Subject: [PATCH] Injection Flaws -> Limit Command Injection success to a set
 of commands and clarify this to the user #179   - Defuse command boolean flag
 is no longer necessary due to a change in the lesson, removed this flag from
 the webgoat-container project

---
 .../org/owasp/webgoat/session/WebgoatContext.java | 15 ---------------
 webgoat-container/src/main/webapp/WEB-INF/web.xml |  4 ----
 2 files changed, 19 deletions(-)

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
index c2f8c97ff..23faed378 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
@@ -51,9 +51,6 @@ public class WebgoatContext {
     /** Constant <code>SHOWHINTS="ShowHints"</code> */
     public final static String SHOWHINTS = "ShowHints";
 
-    /** Constant <code>DEFUSEOSCOMMANDS="DefuseOSCommands"</code> */
-    public final static String DEFUSEOSCOMMANDS = "DefuseOSCommands";
-
     /** Constant <code>FEEDBACK_ADDRESS_HTML="FeedbackAddressHTML"</code> */
     public final static String FEEDBACK_ADDRESS_HTML = "FeedbackAddressHTML";
 
@@ -86,8 +83,6 @@ public class WebgoatContext {
 
     private boolean showSolution = false;
 
-    private boolean defuseOSCommands = false;
-
     private boolean enterprise = false;
 
     private boolean codingExercises = false;
@@ -123,7 +118,6 @@ public class WebgoatContext {
         showCookies = "true".equals(getParameter(servlet, SHOWCOOKIES));
         showSource = "true".equals(getParameter(servlet, SHOWSOURCE));
         showSolution = "true".equals(getParameter(servlet, SHOWSOLUTION));
-        defuseOSCommands = "true".equals(getParameter(servlet, DEFUSEOSCOMMANDS));
         enterprise = "true".equals(getParameter(servlet, ENTERPRISE));
         codingExercises = "true".equals(getParameter(servlet, CODING_EXERCISES));
         feedbackAddressHTML = getParameter(servlet, FEEDBACK_ADDRESS_HTML) != null ? getParameter(servlet,
@@ -192,15 +186,6 @@ public class WebgoatContext {
         return (databasePassword);
     }
 
-    /**
-     * <p>isDefuseOSCommands.</p>
-     *
-     * @return a boolean.
-     */
-    public boolean isDefuseOSCommands() {
-        return defuseOSCommands;
-    }
-
     /**
      * <p>isEnterprise.</p>
      *
diff --git a/webgoat-container/src/main/webapp/WEB-INF/web.xml b/webgoat-container/src/main/webapp/WEB-INF/web.xml
index 6431ce4f7..e566c64bf 100644
--- a/webgoat-container/src/main/webapp/WEB-INF/web.xml
+++ b/webgoat-container/src/main/webapp/WEB-INF/web.xml
@@ -126,10 +126,6 @@
             <param-name>CookieDebug</param-name>
             <param-value>true</param-value>
         </init-param>
-        <init-param>
-            <param-name>DefuseOSCommands</param-name>
-            <param-value>false</param-value>
-        </init-param>
         <init-param>
             <param-name>Enterprise</param-name>
             <param-value>true</param-value>