Update the messages issued when a stage is completed.
We provide an automatic message on completion, which is easy to override. Simply call setMessage() AFTER calling setStageComplete(). git-svn-id: http://webgoat.googlecode.com/svn/trunk@180 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes
parent
ab0423cb78
commit
184eaae260
@ -291,12 +291,11 @@ public class CrossSiteScripting extends GoatHillsFinancial
|
|||||||
|
|
||||||
public String htmlEncode(WebSession s, String text)
|
public String htmlEncode(WebSession s, String text)
|
||||||
{
|
{
|
||||||
//System.out.println("Testing for stage 4 completion in lesson " + getCurrentLesson().getName());
|
|
||||||
if (STAGE4.equals(getStage(s)) &&
|
if (STAGE4.equals(getStage(s)) &&
|
||||||
text.indexOf("<script>") > -1 && text.indexOf("alert") > -1 && text.indexOf("</script>") > -1)
|
text.indexOf("<script>") > -1 && text.indexOf("alert") > -1 && text.indexOf("</script>") > -1)
|
||||||
{
|
{
|
||||||
|
setStageComplete(s, STAGE4);
|
||||||
s.setMessage( "Welcome to stage 5 -- exploiting the data layer" );
|
s.setMessage( "Welcome to stage 5 -- exploiting the data layer" );
|
||||||
setStageComplete(s, STAGE5);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return HtmlEncoder.encode(text);
|
return HtmlEncoder.encode(text);
|
||||||
|
|||||||
@ -83,9 +83,8 @@ public class UpdateProfile extends DefaultLessonAction
|
|||||||
{
|
{
|
||||||
if (CrossSiteScripting.STAGE2.equals(getStage(s)))
|
if (CrossSiteScripting.STAGE2.equals(getStage(s)))
|
||||||
{
|
{
|
||||||
s
|
|
||||||
.setMessage("Welcome to stage 3 - demonstrate Stored XSS again");
|
|
||||||
setStageComplete(s, CrossSiteScripting.STAGE2);
|
setStageComplete(s, CrossSiteScripting.STAGE2);
|
||||||
|
s.setMessage("Welcome to stage 3 - demonstrate Stored XSS again");
|
||||||
}
|
}
|
||||||
throw e;
|
throw e;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -220,9 +220,8 @@ public class ViewProfile extends DefaultLessonAction
|
|||||||
&& address1.indexOf("alert") > -1
|
&& address1.indexOf("alert") > -1
|
||||||
&& address1.indexOf("</script>") > -1)
|
&& address1.indexOf("</script>") > -1)
|
||||||
{
|
{
|
||||||
s
|
|
||||||
.setMessage("Welcome to stage 2 - implement input validation");
|
|
||||||
setStageComplete(s, CrossSiteScripting.STAGE1);
|
setStageComplete(s, CrossSiteScripting.STAGE1);
|
||||||
|
s.setMessage("Welcome to stage 2 - implement input validation");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (CrossSiteScripting.STAGE3.equals(stage))
|
else if (CrossSiteScripting.STAGE3.equals(stage))
|
||||||
|
|||||||
@ -115,7 +115,6 @@ public class UpdateProfile extends DefaultLessonAction
|
|||||||
if (pass)
|
if (pass)
|
||||||
{
|
{
|
||||||
setStageComplete(s, DBCrossSiteScripting.STAGE1);
|
setStageComplete(s, DBCrossSiteScripting.STAGE1);
|
||||||
s.setMessage("Congratulations, you have completed " + DBCrossSiteScripting.STAGE1);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -157,7 +157,6 @@ public class Login extends DefaultLessonAction
|
|||||||
DBSQLInjection.PRIZE_EMPLOYEE_ID == Integer.parseInt(userId))
|
DBSQLInjection.PRIZE_EMPLOYEE_ID == Integer.parseInt(userId))
|
||||||
{
|
{
|
||||||
setStageComplete(s, DBSQLInjection.STAGE1);
|
setStageComplete(s, DBSQLInjection.STAGE1);
|
||||||
s.setMessage("Congratulations, you have completed " + DBSQLInjection.STAGE1);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch (SQLException sqle)
|
catch (SQLException sqle)
|
||||||
|
|||||||
@ -20,9 +20,9 @@ public abstract class RandomLessonAdapter extends LessonAdapter {
|
|||||||
RandomLessonTracker lt = getLessonTracker(s);
|
RandomLessonTracker lt = getLessonTracker(s);
|
||||||
lt.setStageComplete(stage, true);
|
lt.setStageComplete(stage, true);
|
||||||
if (lt.getCompleted()) {
|
if (lt.getCompleted()) {
|
||||||
s.setMessage("Congratulations, you have completed this lesson");
|
s.setMessage("Congratulations, you have completed this lab");
|
||||||
} else {
|
} else {
|
||||||
String message = "You have completed stage " + stage + ".";
|
String message = "You have completed " + stage + ".";
|
||||||
if (! stage.equals(lt.getStage()))
|
if (! stage.equals(lt.getStage()))
|
||||||
message = message + " Welcome to " + lt.getStage();
|
message = message + " Welcome to " + lt.getStage();
|
||||||
s.setMessage(message);
|
s.setMessage(message);
|
||||||
|
|||||||
@ -169,9 +169,8 @@ public class DeleteProfile extends DefaultLessonAction
|
|||||||
if (!isAuthorized(s, userId,
|
if (!isAuthorized(s, userId,
|
||||||
RoleBasedAccessControl.DELETEPROFILE_ACTION))
|
RoleBasedAccessControl.DELETEPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
s
|
|
||||||
.setMessage("Welcome to stage 2 -- protecting the business layer");
|
|
||||||
setStageComplete(s, RoleBasedAccessControl.STAGE1);
|
setStageComplete(s, RoleBasedAccessControl.STAGE1);
|
||||||
|
s.setMessage("Welcome to stage 2 -- protecting the business layer");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch (ParameterNotFoundException e)
|
catch (ParameterNotFoundException e)
|
||||||
|
|||||||
@ -240,8 +240,8 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
|
|||||||
if (RoleBasedAccessControl.DELETEPROFILE_ACTION.equals(requestedActionName) &&
|
if (RoleBasedAccessControl.DELETEPROFILE_ACTION.equals(requestedActionName) &&
|
||||||
!isAuthorized(s, getUserId(s), RoleBasedAccessControl.DELETEPROFILE_ACTION))
|
!isAuthorized(s, getUserId(s), RoleBasedAccessControl.DELETEPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
s.setMessage( "Welcome to stage 3 -- exploiting the data layer" );
|
|
||||||
setStageComplete(s, STAGE2);
|
setStageComplete(s, STAGE2);
|
||||||
|
s.setMessage( "Welcome to stage 3 -- exploiting the data layer" );
|
||||||
}
|
}
|
||||||
} catch (ParameterNotFoundException pnfe)
|
} catch (ParameterNotFoundException pnfe)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -98,8 +98,8 @@ public class ViewProfile extends DefaultLessonAction
|
|||||||
if (RoleBasedAccessControl.STAGE3.equals(getStage(s))
|
if (RoleBasedAccessControl.STAGE3.equals(getStage(s))
|
||||||
&& !isAuthorizedForEmployee(s, userId, employeeId))
|
&& !isAuthorizedForEmployee(s, userId, employeeId))
|
||||||
{
|
{
|
||||||
s.setMessage("Welcome to stage 4 -- protecting the data layer");
|
|
||||||
setStageComplete(s, RoleBasedAccessControl.STAGE3);
|
setStageComplete(s, RoleBasedAccessControl.STAGE3);
|
||||||
|
s.setMessage("Welcome to stage 4 -- protecting the data layer");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch (ParameterNotFoundException e)
|
catch (ParameterNotFoundException e)
|
||||||
|
|||||||
@ -276,7 +276,6 @@ public class Login extends DefaultLessonAction
|
|||||||
if (Integer.parseInt(employeeId) == SQLInjection.PRIZE_EMPLOYEE_ID
|
if (Integer.parseInt(employeeId) == SQLInjection.PRIZE_EMPLOYEE_ID
|
||||||
&& isAuthenticated(s))
|
&& isAuthenticated(s))
|
||||||
{
|
{
|
||||||
s.setMessage("Welcome to stage 2");
|
|
||||||
setStageComplete(s, SQLInjection.STAGE1);
|
setStageComplete(s, SQLInjection.STAGE1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -234,7 +234,6 @@ public class ViewProfile extends DefaultLessonAction
|
|||||||
&& !isAuthorizedForEmployee(s, Integer
|
&& !isAuthorizedForEmployee(s, Integer
|
||||||
.parseInt(userId), employee.getId()))
|
.parseInt(userId), employee.getId()))
|
||||||
{
|
{
|
||||||
s.setMessage("Welcome to stage 4");
|
|
||||||
setStageComplete(s, SQLInjection.STAGE3);
|
setStageComplete(s, SQLInjection.STAGE3);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
File diff suppressed because one or more lines are too long
Loading…
x
Reference in New Issue
Block a user