fix: Stored Cross-Site Scripting Lesson

2023-08-25 20:37:56 +02:00
parent 8749137d1e
commit 368c046779
7 changed files with 10 additions and 15 deletions
--- a/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/CrossSiteScripting.java
@ -35,6 +35,6 @@ public class CrossSiteScripting extends Lesson {

  @Override
  public String getTitle() {
-    return "xss.title";
+    return "4.xss.title";
  }
 }
--- a/src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/stored/CrossSiteScriptingStored.java
@ -24,7 +24,9 @@ package org.owasp.webgoat.lessons.xss.stored;

 import org.owasp.webgoat.container.lessons.Category;
 import org.owasp.webgoat.container.lessons.Lesson;
+import org.springframework.stereotype.Component;

+@Component
 public class CrossSiteScriptingStored extends Lesson {
  @Override
  public Category getDefaultCategory() {
@ -33,6 +35,6 @@ public class CrossSiteScriptingStored extends Lesson {

  @Override
  public String getTitle() {
-    return "xss-stored.title";
+    return "5.xss-stored.title";
  }
 }
--- a/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java
@ -34,7 +34,6 @@ import org.springframework.web.bind.annotation.RestController;
@RestController
 public class StoredCrossSiteScriptingVerifier extends AssignmentEndpoint {

-  // TODO This assignment seems not to be in use in the UI
  @PostMapping("/CrossSiteScriptingStored/stored-xss-follow-up")
  @ResponseBody
  public AttackResult completed(@RequestParam String successMessage) {
@ -47,8 +46,3 @@ public class StoredCrossSiteScriptingVerifier extends AssignmentEndpoint {
    }
  }
 }
-
-// something like ...
-// http://localhost:8080/WebGoat/start.mvc#test/testParam=foobar&_someVar=234902384lotslsfjdOf9889080GarbageHere%3Cscript%3Ewebgoat.customjs.phoneHome();%3C%2Fscript%3E
-// or
-// http://localhost:8080/WebGoat/start.mvc#test/testParam=foobar&_someVar=234902384lotslsfjdOf9889080GarbageHere<script>webgoat.customjs.phoneHome();<%2Fscript>
--- a/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredXssComments.java
@ -72,7 +72,6 @@ public class StoredXssComments extends AssignmentEndpoint {
            "Can you post a comment, calling webgoat.customjs.phoneHome() ?"));
  }

-  // TODO This assignment seems not to be in use in the UI
  @GetMapping(
      path = "/CrossSiteScriptingStored/stored-xss",
      produces = MediaType.APPLICATION_JSON_VALUE,
@ -89,7 +88,6 @@ public class StoredXssComments extends AssignmentEndpoint {
    return allComments;
  }

-  // TODO This assignment seems not to be in use in the UI
  @PostMapping("/CrossSiteScriptingStored/stored-xss")
  @ResponseBody
  public AttackResult createNewComment(@RequestBody String commentStr) {