From ac410be6d9b95bc9c973c247df480d0f43194fb4 Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 20 Sep 2014 01:37:51 -0400 Subject: [PATCH] Fix WEB-151 - tolerate missing user cookie attribute in challenge stage2 --- .../java/org/owasp/webgoat/lessons/Challenge2Screen.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/owasp/webgoat/lessons/Challenge2Screen.java b/src/main/java/org/owasp/webgoat/lessons/Challenge2Screen.java index 6812baf59..d3c6a1846 100644 --- a/src/main/java/org/owasp/webgoat/lessons/Challenge2Screen.java +++ b/src/main/java/org/owasp/webgoat/lessons/Challenge2Screen.java @@ -210,7 +210,12 @@ public class Challenge2Screen extends SequentialLessonAdapter .createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY); // pull the USER_COOKIE from the cookies - String cookie = URLDecoder.decode(getCookie(s),"utf-8"); + String cookie = getCookie(s); + if (null == cookie) { + cookie = ""; + } else { + cookie = URLDecoder.decode(cookie,"utf-8"); + } String user = Encoding.base64Decode(cookie); String query = "SELECT * FROM user_data WHERE last_name = '" + user + "'";