dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update the messages issued when a stage is completed.

Browse Source 
We provide an automatic message on completion, which is easy to override.
Simply call setMessage() AFTER calling setStageComplete().


git-svn-id: http://webgoat.googlecode.com/svn/trunk@180 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes 2007-07-18 13:29:07 +00:00
parent ab0423cb78
commit 184eaae260
12 changed files with 9 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
View File

@ -291,12 +291,11 @@ public class CrossSiteScripting extends GoatHillsFinancial
public String htmlEncode(WebSession s, String text)
{
//System.out.println("Testing for stage 4 completion in lesson " + getCurrentLesson().getName());
if (STAGE4.equals(getStage(s)) &&
text.indexOf("<script>") > -1 && text.indexOf("alert") > -1 && text.indexOf("</script>") > -1)
{
setStageComplete(s, STAGE4);
s.setMessage( "Welcome to stage 5 -- exploiting the data layer" );
setStageComplete(s, STAGE5);
}
return HtmlEncoder.encode(text);

3
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java
View File

@ -83,9 +83,8 @@ public class UpdateProfile extends DefaultLessonAction
{
if (CrossSiteScripting.STAGE2.equals(getStage(s)))
{
s
.setMessage("Welcome to stage 3 - demonstrate Stored XSS again");
setStageComplete(s, CrossSiteScripting.STAGE2);
s.setMessage("Welcome to stage 3 - demonstrate Stored XSS again");
}
throw e;
}

3
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java
View File

@ -220,9 +220,8 @@ public class ViewProfile extends DefaultLessonAction
&& address1.indexOf("alert") > -1
&& address1.indexOf("</script>") > -1)
{
s
.setMessage("Welcome to stage 2 - implement input validation");
setStageComplete(s, CrossSiteScripting.STAGE1);
s.setMessage("Welcome to stage 2 - implement input validation");
}
}
else if (CrossSiteScripting.STAGE3.equals(stage))

1
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java
View File

@ -115,7 +115,6 @@ public class UpdateProfile extends DefaultLessonAction
if (pass)
{
setStageComplete(s, DBCrossSiteScripting.STAGE1);
s.setMessage("Congratulations, you have completed " + DBCrossSiteScripting.STAGE1);
}
}
}

1
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java
View File

@ -157,7 +157,6 @@ public class Login extends DefaultLessonAction
DBSQLInjection.PRIZE_EMPLOYEE_ID == Integer.parseInt(userId))
{
setStageComplete(s, DBSQLInjection.STAGE1);
s.setMessage("Congratulations, you have completed " + DBSQLInjection.STAGE1);
}
}
catch (SQLException sqle)

4
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RandomLessonAdapter.java
View File

@ -20,9 +20,9 @@ public abstract class RandomLessonAdapter extends LessonAdapter {
RandomLessonTracker lt = getLessonTracker(s);
lt.setStageComplete(stage, true);
if (lt.getCompleted()) {
s.setMessage("Congratulations, you have completed this lesson");
s.setMessage("Congratulations, you have completed this lab");
} else {
String message = "You have completed stage " + stage + ".";
String message = "You have completed " + stage + ".";
if (! stage.equals(lt.getStage()))
message = message + " Welcome to " + lt.getStage();
s.setMessage(message);

3
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/DeleteProfile.java
View File

@ -169,9 +169,8 @@ public class DeleteProfile extends DefaultLessonAction
if (!isAuthorized(s, userId,
RoleBasedAccessControl.DELETEPROFILE_ACTION))
{
s
.setMessage("Welcome to stage 2 -- protecting the business layer");
setStageComplete(s, RoleBasedAccessControl.STAGE1);
s.setMessage("Welcome to stage 2 -- protecting the business layer");
}
}
catch (ParameterNotFoundException e)

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
View File

@ -240,8 +240,8 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
if (RoleBasedAccessControl.DELETEPROFILE_ACTION.equals(requestedActionName) &&
!isAuthorized(s, getUserId(s), RoleBasedAccessControl.DELETEPROFILE_ACTION))
{
s.setMessage( "Welcome to stage 3 -- exploiting the data layer" );
setStageComplete(s, STAGE2);
s.setMessage( "Welcome to stage 3 -- exploiting the data layer" );
}
} catch (ParameterNotFoundException pnfe)
{

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/ViewProfile.java
View File

@ -98,8 +98,8 @@ public class ViewProfile extends DefaultLessonAction
if (RoleBasedAccessControl.STAGE3.equals(getStage(s))
&& !isAuthorizedForEmployee(s, userId, employeeId))
{
s.setMessage("Welcome to stage 4 -- protecting the data layer");
setStageComplete(s, RoleBasedAccessControl.STAGE3);
s.setMessage("Welcome to stage 4 -- protecting the data layer");
}
}
catch (ParameterNotFoundException e)

1
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/Login.java
View File

@ -276,7 +276,6 @@ public class Login extends DefaultLessonAction
if (Integer.parseInt(employeeId) == SQLInjection.PRIZE_EMPLOYEE_ID
&& isAuthenticated(s))
{
s.setMessage("Welcome to stage 2");
setStageComplete(s, SQLInjection.STAGE1);
}
}

1
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ViewProfile.java
View File

@ -234,7 +234,6 @@ public class ViewProfile extends DefaultLessonAction
&& !isAuthorizedForEmployee(s, Integer
.parseInt(userId), employee.getId()))
{
s.setMessage("Welcome to stage 4");
setStageComplete(s, SQLInjection.STAGE3);
}
}

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/RoleBasedAccessControl_i.java
View File

File diff suppressed because one or more lines are too long