dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix NPE in IDOR lesson

Browse Source
This commit is contained in:
Àngel Ollé Blázquez 2023-08-26 02:12:41 +02:00
parent c3ec168d59
commit 3bc2e57c9c
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/org/owasp/webgoat/lessons/idor/IDORViewOtherProfile.java
View File

@ -56,7 +56,8 @@ public class IDORViewOtherProfile extends AssignmentEndpoint {
@ResponseBody
public AttackResult completed(@PathVariable("userId") String userId, HttpServletResponse resp) {
if (userSessionData.getValue("idor-authenticated-as").equals("tom")) {
Object obj = userSessionData.getValue("idor-authenticated-as");
if (obj != null && obj.equals("tom")) {
// going to use session auth to view this one
String authUserId = (String) userSessionData.getValue("idor-authenticated-user-id");
if (userId != null && !userId.equals(authUserId)) {