#272 Fix lesson client side filtering

2016-11-15 12:46:00 +01:00 · 2016-11-15 12:46:00 +01:00 · 44f5c60e78
commit 44f5c60e78
parent 00f0ee8942
3 changed files with 13 additions and 94 deletions
--- a/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/plugin/ClientSideFiltering.java
+++ b/webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/plugin/ClientSideFiltering.java
@ -39,7 +39,7 @@ public class ClientSideFiltering extends NewLesson {

    @Override
    public Category getDefaultCategory() {
-        return Category.ACCESS_CONTROL;
+        return Category.AJAX_SECURITY;
    }

    @Override
--- a/webgoat-lessons/client-side-filtering/src/main/resources/plugin/ClientSideFiltering/js/clientSideFiltering.js
+++ b/webgoat-lessons/client-side-filtering/src/main/resources/plugin/ClientSideFiltering/js/clientSideFiltering.js
@ -1,92 +1,23 @@
 var dataFetched = false;
-var json;
-
-//TODO: reimplement this

 function selectUser() {

-   var newEmployeeID = document.getElementById("UserSelect").options[document.getElementById("UserSelect").selectedIndex].value;
-
-   if (navigator.userAgent.indexOf("MSIE ") == -1) {
-       document.getElementById("employeeRecord").innerHTML = document.getElementById(newEmployeeID).innerHTML;
-   }
-   else {
-       //IE is a buggy ....
-
-       var TR = document.createElement("tr");
-       var TD0 = document.createElement("td");
-       var TD1 = document.createElement("td");
-       var TD2 = document.createElement("td");
-       var TD3 = document.createElement("td");
-       var TD4 = document.createElement("td");
-
-       var text0 = document.createTextNode(document.getElementById(newEmployeeID).childNodes[0].firstChild.nodeValue);
-       var text1 = document.createTextNode(document.getElementById(newEmployeeID).childNodes[1].firstChild.nodeValue);
-       var text2 = document.createTextNode(document.getElementById(newEmployeeID).childNodes[2].firstChild.nodeValue);
-       var text3 = document.createTextNode(document.getElementById(newEmployeeID).childNodes[3].firstChild.nodeValue);
-       var text4 = document.createTextNode(document.getElementById(newEmployeeID).childNodes[4].firstChild.nodeValue);
-
-       TD0.appendChild(text0);
-       TD1.appendChild(text1);
-       TD2.appendChild(text2);
-       TD3.appendChild(text3);
-       TD4.appendChild(text4);
-
-       TR.appendChild(TD0);
-       TR.appendChild(TD1);
-       TR.appendChild(TD2);
-       TR.appendChild(TD3);
-       TR.appendChild(TD4);
-
-       document.getElementById("employeeRecord").appendChild(TR);
-   }
-
+    var newEmployeeID = $("#UserSelect").val();
+    document.getElementById("employeeRecord").innerHTML = document.getElementById(newEmployeeID).innerHTML;
 }

 function fetchUserData() {
-   if (!dataFetched) {
-       dataFetched = true;
-       ajaxFunction(document.getElementById("userID").value);
-   }
+    if (!dataFetched) {
+        dataFetched = true;
+        ajaxFunction(document.getElementById("userID").value);
+    }
 }

 function ajaxFunction(userId) {
-
-   var xmlHttp;
-   try {
-
-       // Firefox, Opera 8.0+, Safari
-       xmlHttp = new XMLHttpRequest();
-
-   }
-   catch (e) {
-
-       // Internet Explorer
-       try {
-           xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
-       }
-       catch (e) {
-           try {
-
-               xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
-           }
-           catch (e) {
-               alert("Your browser does not support AJAX!");
-               return false;
-           }
-       }
-   }
-   xmlHttp.onreadystatechange = function () {
-       var result = xmlHttp.responseText;
-
-       if (xmlHttp.readyState == 4) {
-           //We need to do this because IE is buggy
-           var newdiv = document.createElement("div");
-           newdiv.innerHTML = result;
-           var container = document.getElementById("hiddenEmployeeRecords");
-           container.appendChild(newdiv);
-       }
-   }
-   xmlHttp.open("GET", "/WebGoat/clientSideFiltering/salaries?userId=" + userId, true);
-   xmlHttp.send(null);
+    $.get("clientSideFiltering/salaries?userId=" + userId, function (result, status) {
+        var newdiv = document.createElement("div");
+        newdiv.innerHTML = result;
+        var container = document.getElementById("hiddenEmployeeRecords");
+        container.appendChild(newdiv);
+    });
 }
--- a/webgoat-lessons/client-side-filtering/src/main/resources/plugin/ClientSideFiltering/lessonPlans/en/ClientSideFiltering.html
+++ b/webgoat-lessons/client-side-filtering/src/main/resources/plugin/ClientSideFiltering/lessonPlans/en/ClientSideFiltering.html
@ -1,12 +0,0 @@
-<div align="Center">
-<p><b>Lesson Plan Title: </b>Client Side Filtering</p>
-</div>
-<p><b>Concept / Topic To Teach:</b> </p>
-<!-- Start Instructions -->
-It is always a good practice to send to the client only information which they are supposed
-to have access to.  In this lesson, too much information is being sent to the client, creating
-a serious access control problem.
-<!-- Stop Instructions -->
-<p><b>General Goal(s):</b> </p>
-For this exercise, your mission is exploit the extraneous information being returned by the
-server to discover information to which you should not have access.