dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Build cleanup in order to create a complete developer distribution. More menu cleanup

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@217 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2008-01-03 21:09:17 +00:00
parent f6e0cb7ed0
commit 23e7fe1f4f
9 changed files with 88 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java
View File

@ -7,7 +7,9 @@ import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.A;
import org.apache.ecs.html.IMG;
import org.apache.ecs.html.P;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
@ -77,20 +79,38 @@ public class AccessControlMatrix extends LessonAdapter
String user = s.getParser().getRawParameter(USER, users[0]);
String resource = s.getParser().getRawParameter(RESOURCE, resources[0]);
String credentials = getRoles(user).toString();
ec.addElement(new P().addElement("Change user:"));
ec.addElement(ECSFactory.makePulldown(USER, users, user, 1));
ec.addElement(new P());
Table t = new Table().setCellSpacing(0).setCellPadding(2)
.setBorder(0).setWidth("90%").setAlign("center");
if (s.isColor())
{
t.setBorder(1);
}
TR tr = new TR();
tr.addElement(new TD().addElement("Change user:"));
tr.addElement(new TD().addElement(ECSFactory.makePulldown(USER, users, user, 1)));
t.addElement(tr);
// These two lines would allow the user to select the resource from a list
// Didn't seem right to me so I made them type it in.
// ec.addElement( new P().addElement( "Choose a resource:" ) );
// ec.addElement( ECSFactory.makePulldown( RESOURCE, resources, resource, 1 ) );
ec.addElement(new P().addElement("Select resource: "));
ec.addElement(ECSFactory.makePulldown(RESOURCE, resources, resource, 1));
ec.addElement(new P());
ec.addElement(ECSFactory.makeButton("Check Access"));
tr = new TR();
tr.addElement(new TD().addElement("Select resource: "));
tr.addElement(new TD().addElement(ECSFactory.makePulldown(RESOURCE, resources, resource, 1)));
t.addElement(tr);
tr = new TR();
tr.addElement(new TD(" ").setColSpan(2).setAlign("center"));
t.addElement(tr);
tr = new TR();
tr.addElement(new TD(ECSFactory.makeButton("Check Access")).setColSpan(2).setAlign("center"));
t.addElement(tr);
ec.addElement(t);
if (isAllowed(user, resource))
{
if (!getRoles(user).contains("Admin")

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
View File

@ -278,7 +278,7 @@ public class CSRF extends LessonAdapter {
@Override
protected Category getDefaultCategory() {
return Category.ACCESS_CONTROL;
return Category.XSS;
}
private final static Integer DEFAULT_RANKING = new Integer(120);

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
View File

@ -288,7 +288,7 @@ public class CrossSiteScripting extends GoatHillsFinancial
*/
public String getTitle()
{
return "LAB: Cross Site Scripting (XSS)";
return "LAB: Cross Site Scripting";
}
public String htmlEncode(WebSession s, String text)

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java
View File

@ -228,7 +228,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
*/
protected Category getDefaultCategory()
{
return Category.AUTHENTICATION;
return Category.SESSION_MANAGEMENT;
}
/**