Added Buffer Overflow lesson, added and updated solutions, fixed errors in lessons preventing them from being completed correctly

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@436 4033779f-a91e-0410-96ef-6bf7bf53c507
2011-08-12 03:00:27 +00:00
parent be8b4311e0
commit 4059bb5d33
110 changed files with 2590 additions and 1116 deletions
--- a/src/main/webapp/lessons/CrossSiteScripting/ListStaff.jsp
+++ b/src/main/webapp/lessons/CrossSiteScripting/ListStaff.jsp
@ -18,9 +18,11 @@
 			      	<%
 			      	List employees = (List) session.getAttribute("CrossSiteScripting." + CrossSiteScripting.STAFF_ATTRIBUTE_KEY);
 			      	Iterator i = employees.iterator();
+			      	EmployeeStub stub = (EmployeeStub) i.next();%>
+			      	<option selected value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
 					while (i.hasNext())
 					{
-						EmployeeStub stub = (EmployeeStub) i.next();%>
+						stub = (EmployeeStub) i.next();%>
 						<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
 					}%>
  </select>
@ -32,7 +34,7 @@
 				if (webSession.isAuthorizedInLesson(myUserId, CrossSiteScripting.CREATEPROFILE_ACTION))
 				{
 				%>
-					<input type="submit" name="action" value="<%=CrossSiteScripting.CREATEPROFILE_ACTION%>"/><br>
+					<input type="submit" disabled name="action" value="<%=CrossSiteScripting.CREATEPROFILE_ACTION%>"/><br>
 				<% 
 				}
 				%>
--- a/src/main/webapp/lessons/DBCrossSiteScripting/ListStaff.jsp
+++ b/src/main/webapp/lessons/DBCrossSiteScripting/ListStaff.jsp
@ -18,9 +18,11 @@
 			      	<%
 			      	List employees = (List) session.getAttribute("DBCrossSiteScripting." + DBCrossSiteScripting.STAFF_ATTRIBUTE_KEY);
 			      	Iterator i = employees.iterator();
+			      	EmployeeStub stub = (EmployeeStub) i.next();%>
+			      	<option selected value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
 					while (i.hasNext())
 					{
-						EmployeeStub stub = (EmployeeStub) i.next();%>
+						stub = (EmployeeStub) i.next();%>
 						<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
 					}%>
  </select>
@ -32,7 +34,7 @@
 				if (webSession.isAuthorizedInLesson(myUserId, DBCrossSiteScripting.CREATEPROFILE_ACTION))
 				{
 				%>
-					<input type="submit" name="action" value="<%=DBCrossSiteScripting.CREATEPROFILE_ACTION%>"/><br>
+					<input type="submit" disabled name="action" value="<%=DBCrossSiteScripting.CREATEPROFILE_ACTION%>"/><br>
 				<% 
 				}
 				%>
--- a/src/main/webapp/lessons/DBSQLInjection/ListStaff.jsp
+++ b/src/main/webapp/lessons/DBSQLInjection/ListStaff.jsp
@ -19,9 +19,11 @@
 			      	<%
 			      	List employees = (List) session.getAttribute("DBSQLInjection." + DBSQLInjection.STAFF_ATTRIBUTE_KEY);
 			      	Iterator i = employees.iterator();
+			      	EmployeeStub stub = (EmployeeStub) i.next();%>
+			      	<option selected value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
 					while (i.hasNext())
 					{
-						EmployeeStub stub = (EmployeeStub) i.next();%>
+						stub = (EmployeeStub) i.next();%>
 						<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
 					}%>
  </select>
@ -33,7 +35,7 @@
 				if (webSession.isAuthorizedInLesson(myUserId, DBSQLInjection.CREATEPROFILE_ACTION))
 				{
 				%>
-					<input type="submit" name="action" value="<%=DBSQLInjection.CREATEPROFILE_ACTION%>"/><br>
+					<input type="submit" disabled name="action" value="<%=DBSQLInjection.CREATEPROFILE_ACTION%>"/><br>
 				<% 
 				}
 				%>
--- a/src/main/webapp/lessons/GoatHillsFinancial/ListStaff.jsp
+++ b/src/main/webapp/lessons/GoatHillsFinancial/ListStaff.jsp
@ -19,9 +19,11 @@
 			      	<%
 			      	List employees = (List) session.getAttribute("GoatHillsFinancial." + GoatHillsFinancial.STAFF_ATTRIBUTE_KEY);
 			      	Iterator i = employees.iterator();
+			      	EmployeeStub stub = (EmployeeStub) i.next();%>
+			      	<option selected value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
 					while (i.hasNext())
 					{
-						EmployeeStub stub = (EmployeeStub) i.next();%>
+						stub = (EmployeeStub) i.next();%>
 						<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
 					}%>
  </select>
@ -33,7 +35,7 @@
 				if (webSession.isAuthorizedInLesson(myUserId, GoatHillsFinancial.CREATEPROFILE_ACTION))
 				{
 				%>
-					<input type="submit" name="action" value="<%=GoatHillsFinancial.CREATEPROFILE_ACTION%>"/><br>
+					<input type="submit" name="action" disabled value="<%=GoatHillsFinancial.CREATEPROFILE_ACTION%>"/><br>
 				<% 
 				}
 				%>
--- a/src/main/webapp/lessons/RoleBasedAccessControl/ListStaff.jsp
+++ b/src/main/webapp/lessons/RoleBasedAccessControl/ListStaff.jsp
@ -19,9 +19,11 @@
 			      	<%
 			      	List employees = (List) session.getAttribute("RoleBasedAccessControl." + RoleBasedAccessControl.STAFF_ATTRIBUTE_KEY);
 			      	Iterator i = employees.iterator();
+			      	EmployeeStub stub = (EmployeeStub) i.next();%>
+			      	<option selected value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
 					while (i.hasNext())
 					{
-						EmployeeStub stub = (EmployeeStub) i.next();%>
+						stub = (EmployeeStub) i.next();%>
 						<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
 					}%>
  </select>
@ -33,7 +35,7 @@
 				if (webSession.isAuthorizedInLesson(myUserId, RoleBasedAccessControl.CREATEPROFILE_ACTION))
 				{
 				%>
-					<input type="submit" name="action" value="<%=RoleBasedAccessControl.CREATEPROFILE_ACTION%>"/><br>
+					<input type="submit" name="action" disabled value="<%=RoleBasedAccessControl.CREATEPROFILE_ACTION%>"/><br>
 				<% 
 				}
 				%>
--- a/src/main/webapp/lessons/SQLInjection/ListStaff.jsp
+++ b/src/main/webapp/lessons/SQLInjection/ListStaff.jsp
@ -19,9 +19,11 @@
 			      	<%
 			      	List employees = (List) session.getAttribute("SQLInjection." + SQLInjection.STAFF_ATTRIBUTE_KEY);
 			      	Iterator i = employees.iterator();
+			      	EmployeeStub stub = (EmployeeStub) i.next();%>
+			      	<option selected value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
 					while (i.hasNext())
 					{
-						EmployeeStub stub = (EmployeeStub) i.next();%>
+						stub = (EmployeeStub) i.next();%>
 						<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
 					}%>
  </select>
@ -33,7 +35,7 @@
 				if (webSession.isAuthorizedInLesson(myUserId, SQLInjection.CREATEPROFILE_ACTION))
 				{
 				%>
-					<input type="submit" name="action" value="<%=SQLInjection.CREATEPROFILE_ACTION%>"/><br>
+					<input type="submit" disabled name="action" value="<%=SQLInjection.CREATEPROFILE_ACTION%>"/><br>
 				<% 
 				}
 				%>