Minor fixes
removed many System.out.printlns delete extra solutions directory - wrong location added 5.2 credits git-svn-id: http://webgoat.googlecode.com/svn/trunk@344 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
parent
14fa88396e
commit
243f8ca360
@ -89,8 +89,8 @@ public class BlindSqlInjection extends LessonAdapter
|
||||
ResultSet.CONCUR_READ_ONLY);
|
||||
ResultSet answer_results = answer_statement.executeQuery(answer_query);
|
||||
answer_results.first();
|
||||
System.out.println("Account: " + accountNumber);
|
||||
System.out.println("Answer : " + answer_results.getString(1));
|
||||
//System.out.println("Account: " + accountNumber);
|
||||
//System.out.println("Answer : " + answer_results.getString(1));
|
||||
if (accountNumber.toString().equals(answer_results.getString(1)))
|
||||
{
|
||||
makeSuccess(s);
|
||||
@ -233,7 +233,7 @@ public class BlindSqlInjection extends LessonAdapter
|
||||
super.handleRequest(s);
|
||||
} catch (Exception e)
|
||||
{
|
||||
System.out.println("Exception caught: " + e);
|
||||
//System.out.println("Exception caught: " + e);
|
||||
e.printStackTrace(System.out);
|
||||
}
|
||||
}
|
||||
|
||||
@ -721,7 +721,7 @@ public class Challenge2Screen extends SequentialLessonAdapter
|
||||
osw.write(message);
|
||||
} catch (Exception e)
|
||||
{
|
||||
System.out.println("Couldn't write " + message + " to " + s);
|
||||
//System.out.println("Couldn't write " + message + " to " + s);
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,10 +0,0 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||||
<title>Insert title here</title>
|
||||
</head>
|
||||
<body>
|
||||
stub stage 6
|
||||
</body>
|
||||
</html>
|
||||
@ -1,46 +0,0 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||||
<title>Solution Lab Block Stored XSS</title>
|
||||
<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
|
||||
</head>
|
||||
<body>
|
||||
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
|
||||
|
||||
<p><b>Concept / Topic To Teach:</b><br/>
|
||||
It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
|
||||
XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
|
||||
</p>
|
||||
|
||||
<p><b>General Goal(s):</b><br/>
|
||||
For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks.
|
||||
</p>
|
||||
|
||||
<p><b>Solution:</b><br/>
|
||||
You have to alter the method parseEmployeeProfile in the class UpdateProfile.java which is
|
||||
placed in the package org.owasp.webgoat.lessons.CrossSiteScripting<br/>
|
||||
The place to Code is marked! Following Code will work:<br/>
|
||||
</p>
|
||||
<p>
|
||||
<code>
|
||||
/**Your code**/<br/>
|
||||
String regex = "[\\s\\w-,]*";<br/>
|
||||
String stringToValidate = firstName+lastName+ssn+title+phone+address1+address2+<br/>startDate+ccn+disciplinaryActionDate+<br/>disciplinaryActionNotes+personalDescription;<br/>
|
||||
Pattern pattern = Pattern.compile(regex);<br/>
|
||||
validate(stringToValidate, pattern);<br/>
|
||||
/**End of your code**/
|
||||
</code>
|
||||
</p>
|
||||
<p>
|
||||
This Validation allows following:<br>
|
||||
\s = whitspace: \t\n\x0B\f\r<br>
|
||||
\w = word: a-zA-Z_0-9<br>
|
||||
and the characters - and ,
|
||||
</p>
|
||||
<p>
|
||||
Use of any other Character will throw a Validation Exception.
|
||||
</p>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
@ -1,26 +0,0 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||||
<title>Solution Lab Block Stored XSS</title>
|
||||
<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
|
||||
</head>
|
||||
<body>
|
||||
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
|
||||
|
||||
<p><b>Concept / Topic To Teach:</b><br/>
|
||||
It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
|
||||
XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
|
||||
</p>
|
||||
|
||||
<p><b>General Goal(s):</b><br/>
|
||||
For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks.
|
||||
</p>
|
||||
|
||||
<p><b>Solution:</b><br/>
|
||||
You have to use a static method called encode(String s) which is part of the class org.owasp.webgoat.util.HtmlEncoder;
|
||||
<p>This method changes all special characters in the string. Now you have to use this method in the getEmployeeProfile method in the org.owasp.webgoat.lessons.CrossSiteScripting class.
|
||||
Replace all answer_results.getString(someString) with HtmlEncoder.encode(answer_results.getString(someString)) and you are done.</p>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
@ -1,11 +0,0 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||||
<title>Insert title here</title>
|
||||
</head>
|
||||
<body>
|
||||
stub stage5
|
||||
|
||||
</body>
|
||||
</html>
|
||||
@ -1,27 +0,0 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||||
<title>Solution Lab Block Stored XSS</title>
|
||||
<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
|
||||
</head>
|
||||
<body>
|
||||
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
|
||||
|
||||
<p><b>Concept / Topic To Teach:</b><br/>
|
||||
It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
|
||||
XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
|
||||
</p>
|
||||
|
||||
<p><b>General Goal(s):</b><br/>
|
||||
For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks.
|
||||
</p>
|
||||
|
||||
<p><b>Solution:</b><br/>
|
||||
Log in as David with david as password. Choose Bruce from the List and click
|
||||
on the 'ViewProfile' Button.
|
||||
|
||||
</p>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
@ -1,31 +0,0 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||||
<title>Solution Lab Block Stored XSS</title>
|
||||
<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
|
||||
</head>
|
||||
<body>
|
||||
<p><b>Lesson Plan Title:</b> How to Perform Cross Site Scripting (XSS)</p>
|
||||
|
||||
<p><b>Concept / Topic To Teach:</b><br/>
|
||||
It is always a good practice to scrub all inputs, especially those inputs that will later be used as parameters to OS commands, scripts, and database queries. It is particularly important for content that will be permanently stored somewhere. Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved.
|
||||
XSS can also occur when unvalidated user input is used in an HTTP response. In a reflected XSS attack, an attacker can craft a URL with the attack script and post it to another website, email it, or otherwise get a victim to click on it.
|
||||
</p>
|
||||
|
||||
<p><b>General Goal(s):</b><br/>
|
||||
For this exercise, you will perform stored and reflected XSS attacks. You will also implement code changes in the web application to defeat these attacks.
|
||||
</p>
|
||||
|
||||
<p><b>Solution:</b><br/>
|
||||
First Login as Tom with tom as password. Select Tom from the list and click on the View Profile Button.
|
||||
Now should appear Tom's Profile. Click on the 'Edit Profile' Button and try an XSS attack on the street filed.<br/>
|
||||
For example: <script>alert("Got Ya");</script><br/>
|
||||
Click on the UpdateProfile Button and Log out.</p><p>
|
||||
Now log in as Jerry with jerry as password. Select from the the list the profile of tom and hit the
|
||||
ViewProfile Button. Congratulation! You have completed the lesson.
|
||||
|
||||
</p>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
@ -137,7 +137,7 @@ public class ConcurrencyCart extends LessonAdapter
|
||||
|
||||
} catch (ParameterNotFoundException pnfe)
|
||||
{
|
||||
System.out.println("[DEBUG] no action selected, defaulting to createShoppingPage");
|
||||
//System.out.println("[DEBUG] no action selected, defaulting to createShoppingPage");
|
||||
ec = createShoppingPage(s, quantity1, quantity2, quantity3, quantity4);
|
||||
}
|
||||
|
||||
|
||||
@ -113,7 +113,7 @@ public class CrossSiteScripting extends GoatHillsFinancial
|
||||
|
||||
try
|
||||
{
|
||||
System.out.println("Solution: " + getLessonSolutionFileName(s));
|
||||
//System.out.println("Solution: " + getLessonSolutionFileName(s));
|
||||
src = readFromFile(new BufferedReader(new FileReader(s.getWebResource(getLessonSolutionFileName(s)))), false);
|
||||
} catch (IOException e)
|
||||
{
|
||||
@ -258,28 +258,28 @@ public class CrossSiteScripting extends GoatHillsFinancial
|
||||
}
|
||||
} catch (ParameterNotFoundException pnfe)
|
||||
{
|
||||
System.out.println("Missing parameter");
|
||||
//System.out.println("Missing parameter");
|
||||
pnfe.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (ValidationException ve)
|
||||
{
|
||||
System.out.println("Validation failed");
|
||||
//System.out.println("Validation failed");
|
||||
ve.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (UnauthenticatedException ue)
|
||||
{
|
||||
s.setMessage("Login failed");
|
||||
System.out.println("Authentication failure");
|
||||
//System.out.println("Authentication failure");
|
||||
ue.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
s.setMessage("You are not authorized to perform this function");
|
||||
System.out.println("Authorization failure");
|
||||
//System.out.println("Authorization failure");
|
||||
ue2.printStackTrace();
|
||||
} catch (Exception e)
|
||||
{
|
||||
// All other errors send the user to the generic error page
|
||||
System.out.println("handleRequest() error");
|
||||
//System.out.println("handleRequest() error");
|
||||
e.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
}
|
||||
|
||||
@ -104,11 +104,11 @@ public class FindProfile extends DefaultLessonAction
|
||||
chainedAction.handleRequest(s);
|
||||
} catch (UnauthenticatedException ue1)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue1.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue2.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
@ -94,11 +94,11 @@ public class UpdateProfile extends DefaultLessonAction
|
||||
chainedAction.handleRequest(s);
|
||||
} catch (UnauthenticatedException ue1)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue1.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue2.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
@ -186,28 +186,28 @@ public class DBCrossSiteScripting extends GoatHillsFinancial
|
||||
}
|
||||
} catch (ParameterNotFoundException pnfe)
|
||||
{
|
||||
System.out.println("Missing parameter");
|
||||
//System.out.println("Missing parameter");
|
||||
pnfe.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (ValidationException ve)
|
||||
{
|
||||
System.out.println("Validation failed");
|
||||
//System.out.println("Validation failed");
|
||||
ve.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (UnauthenticatedException ue)
|
||||
{
|
||||
s.setMessage("Login failed");
|
||||
System.out.println("Authentication failure");
|
||||
//System.out.println("Authentication failure");
|
||||
ue.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
s.setMessage("You are not authorized to perform this function");
|
||||
System.out.println("Authorization failure");
|
||||
//System.out.println("Authorization failure");
|
||||
ue2.printStackTrace();
|
||||
} catch (Exception e)
|
||||
{
|
||||
// All other errors send the user to the generic error page
|
||||
System.out.println("handleRequest() error");
|
||||
//System.out.println("handleRequest() error");
|
||||
e.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
}
|
||||
|
||||
@ -129,11 +129,11 @@ public class UpdateProfile extends DefaultLessonAction
|
||||
chainedAction.handleRequest(s);
|
||||
} catch (UnauthenticatedException ue1)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue1.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue2.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
@ -187,28 +187,28 @@ public class DBSQLInjection extends GoatHillsFinancial
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (ParameterNotFoundException pnfe)
|
||||
{
|
||||
System.out.println("Missing parameter");
|
||||
//System.out.println("Missing parameter");
|
||||
pnfe.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (ValidationException ve)
|
||||
{
|
||||
System.out.println("Validation failed");
|
||||
//System.out.println("Validation failed");
|
||||
ve.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (UnauthenticatedException ue)
|
||||
{
|
||||
s.setMessage("Login failed");
|
||||
System.out.println("Authentication failure");
|
||||
//System.out.println("Authentication failure");
|
||||
ue.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
s.setMessage("You are not authorized to perform this function");
|
||||
System.out.println("Authorization failure");
|
||||
//System.out.println("Authorization failure");
|
||||
ue2.printStackTrace();
|
||||
} catch (Exception e)
|
||||
{
|
||||
// All other errors send the user to the generic error page
|
||||
System.out.println("handleRequest() error");
|
||||
//System.out.println("handleRequest() error");
|
||||
e.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
}
|
||||
|
||||
@ -82,11 +82,11 @@ public class Login extends DefaultLessonAction
|
||||
chainedAction.handleRequest(s);
|
||||
} catch (UnauthenticatedException ue1)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue1.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue2.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
@ -66,11 +66,11 @@ public class DeleteProfile extends DefaultLessonAction
|
||||
chainedAction.handleRequest(s);
|
||||
} catch (UnauthenticatedException ue1)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue1.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue2.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
@ -69,11 +69,11 @@ public class FindProfile extends DefaultLessonAction
|
||||
chainedAction.handleRequest(s);
|
||||
} catch (UnauthenticatedException ue1)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue1.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue2.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
@ -220,29 +220,29 @@ public class GoatHillsFinancial extends RandomLessonAdapter
|
||||
}
|
||||
} catch (ParameterNotFoundException pnfe)
|
||||
{
|
||||
System.out.println("Missing parameter");
|
||||
//System.out.println("Missing parameter");
|
||||
pnfe.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (ValidationException ve)
|
||||
{
|
||||
System.out.println("Validation failed");
|
||||
//System.out.println("Validation failed");
|
||||
ve.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (UnauthenticatedException ue)
|
||||
{
|
||||
s.setMessage("Login failed");
|
||||
System.out.println("Authentication failure");
|
||||
//System.out.println("Authentication failure");
|
||||
ue.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
s.setMessage("You are not authorized to perform this function");
|
||||
System.out.println("Authorization failure");
|
||||
//System.out.println("Authorization failure");
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
ue2.printStackTrace();
|
||||
} catch (Exception e)
|
||||
{
|
||||
// All other errors send the user to the generic error page
|
||||
System.out.println("handleRequest() error");
|
||||
//System.out.println("handleRequest() error");
|
||||
e.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
}
|
||||
|
||||
@ -75,11 +75,11 @@ public class Login extends DefaultLessonAction
|
||||
chainedAction.handleRequest(s);
|
||||
} catch (UnauthenticatedException ue1)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue1.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue2.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
@ -58,11 +58,11 @@ public class Logout extends DefaultLessonAction
|
||||
chainedAction.handleRequest(s);
|
||||
} catch (UnauthenticatedException ue1)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue1.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue2.printStackTrace();
|
||||
}
|
||||
|
||||
|
||||
@ -94,11 +94,11 @@ public class UpdateProfile extends DefaultLessonAction
|
||||
chainedAction.handleRequest(s);
|
||||
} catch (UnauthenticatedException ue1)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue1.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue2.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
@ -678,7 +678,7 @@ public class MultiLevelLogin2 extends LessonAdapter
|
||||
|
||||
if ((results != null) && (results.first() == true))
|
||||
{
|
||||
System.out.println(results.getString("tanValue"));
|
||||
//System.out.println(results.getString("tanValue"));
|
||||
return results.getString("tanValue");
|
||||
|
||||
}
|
||||
|
||||
@ -69,11 +69,11 @@ public class DeleteProfile extends DefaultLessonAction
|
||||
chainedAction.handleRequest(s);
|
||||
} catch (UnauthenticatedException ue1)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue1.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue2.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
@ -250,18 +250,18 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (ParameterNotFoundException pnfe)
|
||||
{
|
||||
System.out.println("Missing parameter");
|
||||
//System.out.println("Missing parameter");
|
||||
pnfe.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (ValidationException ve)
|
||||
{
|
||||
System.out.println("Validation failed");
|
||||
//System.out.println("Validation failed");
|
||||
ve.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (UnauthenticatedException ue)
|
||||
{
|
||||
s.setMessage("Login failed");
|
||||
System.out.println("Authentication failure");
|
||||
//System.out.println("Authentication failure");
|
||||
ue.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
@ -306,13 +306,13 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
|
||||
}
|
||||
}
|
||||
|
||||
System.out.println("Authorization failure");
|
||||
//System.out.println("Authorization failure");
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
ue2.printStackTrace();
|
||||
} catch (Exception e)
|
||||
{
|
||||
// All other errors send the user to the generic error page
|
||||
System.out.println("handleRequest() error");
|
||||
//System.out.println("handleRequest() error");
|
||||
e.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
}
|
||||
@ -377,18 +377,18 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (ParameterNotFoundException pnfe)
|
||||
{
|
||||
System.out.println("Missing parameter");
|
||||
//System.out.println("Missing parameter");
|
||||
pnfe.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (ValidationException ve)
|
||||
{
|
||||
System.out.println("Validation failed");
|
||||
//System.out.println("Validation failed");
|
||||
ve.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (UnauthenticatedException ue)
|
||||
{
|
||||
s.setMessage("Login failed");
|
||||
System.out.println("Authentication failure");
|
||||
//System.out.println("Authentication failure");
|
||||
ue.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
@ -432,13 +432,13 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
|
||||
}
|
||||
|
||||
s.setMessage("You are not authorized to perform this function");
|
||||
System.out.println("Authorization failure");
|
||||
//System.out.println("Authorization failure");
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
ue2.printStackTrace();
|
||||
} catch (Exception e)
|
||||
{
|
||||
// All other errors send the user to the generic error page
|
||||
System.out.println("handleRequest() error");
|
||||
//System.out.println("handleRequest() error");
|
||||
e.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
}
|
||||
|
||||
@ -98,11 +98,11 @@ public class UpdateProfile extends DefaultLessonAction
|
||||
chainedAction.handleRequest(s);
|
||||
} catch (UnauthenticatedException ue1)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue1.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue2.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
@ -82,11 +82,11 @@ public class Login extends DefaultLessonAction
|
||||
chainedAction.handleRequest(s);
|
||||
} catch (UnauthenticatedException ue1)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue1.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
System.out.println("Internal server error");
|
||||
//System.out.println("Internal server error");
|
||||
ue2.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
@ -203,28 +203,28 @@ public class SQLInjection extends GoatHillsFinancial
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (ParameterNotFoundException pnfe)
|
||||
{
|
||||
System.out.println("Missing parameter");
|
||||
//System.out.println("Missing parameter");
|
||||
pnfe.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (ValidationException ve)
|
||||
{
|
||||
System.out.println("Validation failed");
|
||||
//System.out.println("Validation failed");
|
||||
ve.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
} catch (UnauthenticatedException ue)
|
||||
{
|
||||
s.setMessage("Login failed");
|
||||
System.out.println("Authentication failure");
|
||||
//System.out.println("Authentication failure");
|
||||
ue.printStackTrace();
|
||||
} catch (UnauthorizedException ue2)
|
||||
{
|
||||
s.setMessage("You are not authorized to perform this function");
|
||||
System.out.println("Authorization failure");
|
||||
//System.out.println("Authorization failure");
|
||||
ue2.printStackTrace();
|
||||
} catch (Exception e)
|
||||
{
|
||||
// All other errors send the user to the generic error page
|
||||
System.out.println("handleRequest() error");
|
||||
//System.out.println("handleRequest() error");
|
||||
e.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
}
|
||||
|
||||
@ -117,7 +117,7 @@ public class ViewProfile extends DefaultLessonAction
|
||||
.getInt("salary"), answer_results.getString("ccn"), answer_results
|
||||
.getInt("ccn_limit"), answer_results.getString("disciplined_date"), answer_results
|
||||
.getString("disciplined_notes"), answer_results.getString("personal_description"));
|
||||
System.out.println("Profile: " + profile);
|
||||
//System.out.println("Profile: " + profile);
|
||||
/*
|
||||
* System.out.println("Retrieved employee from db: " + profile.getFirstName() + " " +
|
||||
* profile.getLastName() + " (" + profile.getId() + ")");
|
||||
|
||||
@ -111,8 +111,8 @@ public class SameOriginPolicyProtection extends LessonAdapter
|
||||
int hiddenWGStatusInt = s.getParser().getIntParameter("hiddenWGStatus", 0);
|
||||
int hiddenGoogleStatusInt = s.getParser().getIntParameter("hiddenGoogleStatus", 0);
|
||||
|
||||
System.out.println("hiddenWGStatus:" + hiddenWGStatusInt);
|
||||
System.out.println("hiddenGoogleStatusInt:" + hiddenGoogleStatusInt);
|
||||
//System.out.println("hiddenWGStatus:" + hiddenWGStatusInt);
|
||||
//System.out.println("hiddenGoogleStatusInt:" + hiddenGoogleStatusInt);
|
||||
|
||||
if (hiddenWGStatusInt == 1 && hiddenGoogleStatusInt == 1)
|
||||
{
|
||||
|
||||
@ -86,7 +86,7 @@ public abstract class SequentialLessonAdapter extends LessonAdapter
|
||||
} catch (Exception e)
|
||||
{
|
||||
s.setMessage("Error generating " + this.getClass().getName());
|
||||
System.out.println(e);
|
||||
//System.out.println(e);
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
|
||||
@ -127,7 +127,7 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
|
||||
if (sid.equals("NOVALIDSESSION"))
|
||||
{
|
||||
System.out.println("STAGE 5");
|
||||
//System.out.println("STAGE 5");
|
||||
getLessonTracker(s).setStage(5);
|
||||
}
|
||||
|
||||
@ -213,7 +213,7 @@ public class SessionFixation extends SequentialLessonAdapter
|
||||
@Override
|
||||
protected Element doStage5(WebSession s) throws Exception
|
||||
{
|
||||
System.out.println("Doing stage 5");
|
||||
//System.out.println("Doing stage 5");
|
||||
return createStage5Content(s);
|
||||
}
|
||||
|
||||
|
||||
@ -344,7 +344,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
|
||||
super.handleRequest(s);
|
||||
} catch (Exception e)
|
||||
{
|
||||
System.out.println("Exception caught: " + e);
|
||||
//System.out.println("Exception caught: " + e);
|
||||
e.printStackTrace(System.out);
|
||||
}
|
||||
}
|
||||
|
||||
@ -273,7 +273,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
|
||||
super.handleRequest(s);
|
||||
} catch (Exception e)
|
||||
{
|
||||
System.out.println("Exception caught: " + e);
|
||||
//System.out.println("Exception caught: " + e);
|
||||
e.printStackTrace(System.out);
|
||||
}
|
||||
}
|
||||
|
||||
@ -189,7 +189,7 @@ public class ThreadSafetyProblem extends LessonAdapter
|
||||
super.handleRequest(s);
|
||||
} catch (Exception e)
|
||||
{
|
||||
System.out.println("Exception caught: " + e);
|
||||
//System.out.println("Exception caught: " + e);
|
||||
e.printStackTrace(System.out);
|
||||
}
|
||||
}
|
||||
|
||||
@ -109,20 +109,20 @@ public class RoleBasedAccessControl_i extends RoleBasedAccessControl
|
||||
}
|
||||
catch (ParameterNotFoundException pnfe)
|
||||
{
|
||||
System.out.println("Missing parameter");
|
||||
//System.out.println("Missing parameter");
|
||||
pnfe.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
}
|
||||
catch (ValidationException ve)
|
||||
{
|
||||
System.out.println("Validation failed");
|
||||
//System.out.println("Validation failed");
|
||||
ve.printStackTrace();
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
}
|
||||
catch (UnauthenticatedException ue)
|
||||
{
|
||||
s.setMessage("Login failed");
|
||||
System.out.println("Authentication failure");
|
||||
//System.out.println("Authentication failure");
|
||||
ue.printStackTrace();
|
||||
}
|
||||
catch (UnauthorizedException ue2)
|
||||
@ -168,7 +168,7 @@ public class RoleBasedAccessControl_i extends RoleBasedAccessControl
|
||||
}
|
||||
|
||||
s.setMessage("You are not authorized to perform this function");
|
||||
System.out.println("Authorization failure");
|
||||
// System.out.println("Authorization failure");
|
||||
setCurrentAction(s, ERROR_ACTION);
|
||||
ue2.printStackTrace();
|
||||
}
|
||||
|
||||
@ -74,7 +74,7 @@
|
||||
|
||||
<property name="app.name" value="WebGoat"/>
|
||||
<property name="app.path" value="/${app.name}"/>
|
||||
<property name="app.version" value="5.1"/> <!-- UPDATE THIS! -->
|
||||
<property name="app.version" value="5.2"/> <!-- UPDATE THIS! -->
|
||||
<property name="build.home" value="${basedir}/build"/>
|
||||
<property name="catalina.home" value="${basedir}/../tomcat"/> <!-- UPDATE THIS! -->
|
||||
<property name="dist.home" value="${basedir}/dist"/>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user