diff --git a/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/plugin/CIAQuiz.java b/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/plugin/CIAQuiz.java index dcdb0561e..28f3a2f5b 100644 --- a/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/plugin/CIAQuiz.java +++ b/webgoat-lessons/cia/src/main/java/org/owasp/webgoat/plugin/CIAQuiz.java @@ -15,41 +15,41 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; -/** - * @TODO: Get JSON from file not from hardcoded string - * add a question: 1. Append new question to JSON string - * 2. add right solution to solutions array - * 3. add Request param with name of question to method head - */ @AssignmentPath("/cia/quiz") public class CIAQuiz extends AssignmentEndpoint { String[] solutions = {"Solution 3", "Solution 1", "Solution 4", "Solution 2"}; + boolean[] guesses = new boolean[solutions.length]; @RequestMapping(method = RequestMethod.POST) @ResponseBody public AttackResult completed(@RequestParam String[] question_0_solution, @RequestParam String[] question_1_solution, @RequestParam String[] question_2_solution, @RequestParam String[] question_3_solution) throws IOException { - boolean correct = false; - String[][] solutionsInput = {question_0_solution, question_1_solution, question_2_solution, question_3_solution}; - int counter = 0; - for(String[] sa : solutionsInput) { - for(String s : sa) { - if(sa.length == 1 && s.contains(this.solutions[counter])) { - correct = true; - break; - } else { - correct = false; - continue; - } + int correctAnswers = 0; + + String[] givenAnswers = {question_0_solution[0], question_1_solution[0], question_2_solution[0], question_3_solution[0]}; + + for(int i = 0; i < solutions.length; i++) { + if (givenAnswers[i].contains(solutions[i])) { + // answer correct + correctAnswers++; + guesses[i] = true; + } else { + // answer incorrect + guesses[i] = false; } - if(!correct) break; - counter++; } - if(correct) { + + if(correctAnswers == solutions.length) { return trackProgress(success().build()); } else { return trackProgress(failed().build()); } } + @RequestMapping(method = RequestMethod.GET) + @ResponseBody + public boolean[] getResults() { + return this.guesses; + } + } diff --git a/webgoat-lessons/cia/src/main/resources/html/CIA.html b/webgoat-lessons/cia/src/main/resources/html/CIA.html index 45c487026..7a458e78d 100644 --- a/webgoat-lessons/cia/src/main/resources/html/CIA.html +++ b/webgoat-lessons/cia/src/main/resources/html/CIA.html @@ -20,6 +20,7 @@
+
diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingQuiz.java b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingQuiz.java index a032faadf..8c8fd9b1a 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingQuiz.java +++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingQuiz.java @@ -10,42 +10,41 @@ import org.springframework.web.bind.annotation.ResponseBody; import java.io.IOException; - -/** - * @TODO: Get JSON from file not from hardcoded string - * add a question: 1. Append new question to JSON string - * 2. add right solution to solutions array - * 3. add Request param with name of question to method head - */ @AssignmentPath("/cross-site-scripting/quiz") public class CrossSiteScriptingQuiz extends AssignmentEndpoint { - String[] solutions = {"Solution 4", "Solution 3", "Solution 1", "Solution 2", "Solution 4"}; + String[] solutions = {"Solution 4", "Solution 3", "Solution 1", "Solution 2", "Solution 4"}; + boolean[] guesses = new boolean[solutions.length]; - @RequestMapping(method = RequestMethod.POST) - @ResponseBody - public AttackResult completed(@RequestParam String[] question_0_solution, @RequestParam String[] question_1_solution, @RequestParam String[] question_2_solution, @RequestParam String[] question_3_solution, @RequestParam String[] question_4_solution) throws IOException { - boolean correct = false; - String[][] solutionsInput = {question_0_solution, question_1_solution, question_2_solution, question_3_solution, question_4_solution}; - int counter = 0; - for(String[] sa : solutionsInput) { - for(String s : sa) { - if(sa.length == 1 && s.contains(this.solutions[counter])) { - correct = true; - break; - } else { - correct = false; - continue; - } - } - if(!correct) break; - counter++; - } - if(correct) { - return trackProgress(success().build()); + @RequestMapping(method = RequestMethod.POST) + @ResponseBody + public AttackResult completed(@RequestParam String[] question_0_solution, @RequestParam String[] question_1_solution, @RequestParam String[] question_2_solution, @RequestParam String[] question_3_solution, @RequestParam String[] question_4_solution) throws IOException { + int correctAnswers = 0; + + String[] givenAnswers = {question_0_solution[0], question_1_solution[0], question_2_solution[0], question_3_solution[0], question_4_solution[0]}; + + for(int i = 0; i < solutions.length; i++) { + if (givenAnswers[i].contains(solutions[i])) { + // answer correct + correctAnswers++; + guesses[i] = true; } else { - return trackProgress(failed().build()); + // answer incorrect + guesses[i] = false; } } + if(correctAnswers == solutions.length) { + return trackProgress(success().build()); + } else { + return trackProgress(failed().build()); + } + } + + @RequestMapping(method = RequestMethod.GET) + @ResponseBody + public boolean[] getResults() { + return this.guesses; + } + } diff --git a/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScripting.html b/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScripting.html index 680be7edd..6e7247ca2 100644 --- a/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScripting.html +++ b/webgoat-lessons/cross-site-scripting/src/main/resources/html/CrossSiteScripting.html @@ -173,6 +173,7 @@
+