Small fixes june 2020 (#857)

* issue 849 * another integration test for a challenge * fixing issue 848 * updated link for issue 833 * fix for 847
2020-07-08 19:26:09 +02:00
parent ba8444dd85
commit 317573c897
13 changed files with 108 additions and 86 deletions
--- a/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_changing_content_type_solution.adoc
+++ b/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_changing_content_type_solution.adoc
@ -35,7 +35,7 @@ JSON parse error: Unexpected character '{' (code 123) in prolog; expected

 This error message appears because we are still sending a json message towards the endpoint, so if we intercept and change change the json message to a xml message:

-[souce]
+[source]
 ----
 POST http://localhost:8080/WebGoat/xxe/content-type HTTP/1.1
 Content-Type: application/xml
--- a/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_mitigation.adoc
+++ b/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_mitigation.adoc
@ -20,6 +20,6 @@ xif.setProperty(XMLInputFactory.SUPPORT_DTD, true);
 For more information about configuration, see https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html[XXE prevention sheet]


-==== Validate
+=== Validate

 Implement proper validation for the Content-type and Accept header do not simply rely on the framework to handle the incoming request. If the client specifies a proper accept header return with a `406/Not Acceptable.