removed possible NullpointerException and System.out

2019-03-26 17:31:40 +01:00 · 2019-03-26 17:31:40 +01:00 · 48d926491f
commit 48d926491f
parent 203b5fe717
2 changed files with 2 additions and 2 deletions
--- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java
+++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java
@ -57,7 +57,6 @@ public class DOMCrossSiteScripting extends AssignmentEndpoint {
        userSessionData.setValue("randValue",number.nextInt());

        if (param1 == 42 && param2 == 24 && request.getHeader("webgoat-requested-by").equals("dom-xss-vuln")) {
-            System.out.println(userSessionData.getValue("randValue") + " << randValue");
            return trackProgress(success().output("phoneHome Response is " + userSessionData.getValue("randValue").toString()).build());
        } else {
            return trackProgress(failed().build());
--- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScriptingVerifier.java
+++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScriptingVerifier.java
@ -55,8 +55,9 @@ public class DOMCrossSiteScriptingVerifier extends AssignmentEndpoint {
    AttackResult completed(@RequestParam String successMessage)  throws IOException {

        UserSessionData userSessionData = getUserSessionData();
+        String answer = (String) userSessionData.getValue("randValue");

-        if (successMessage.equals(userSessionData.getValue("randValue").toString())) {
+        if (successMessage.equals(answer)) {
            return trackProgress(success().feedback("xss-dom-message-success").build());
        } else {
            return trackProgress(failed().feedback("xss-dom-message-failure").build());