dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

removed possible NullpointerException and System.out

Browse Source
This commit is contained in:
Rene Zubcevic
2019-03-26 17:31:40 +01:00
committed by Nanne Baars
parent 203b5fe717
commit 48d926491f
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScripting.java
View File

@ -57,7 +57,6 @@ public class DOMCrossSiteScripting extends AssignmentEndpoint {
userSessionData.setValue("randValue",number.nextInt()); userSessionData.setValue("randValue",number.nextInt());
if (param1 == 42 && param2 == 24 && request.getHeader("webgoat-requested-by").equals("dom-xss-vuln")) { if (param1 == 42 && param2 == 24 && request.getHeader("webgoat-requested-by").equals("dom-xss-vuln")) {
System.out.println(userSessionData.getValue("randValue") + " << randValue");
return trackProgress(success().output("phoneHome Response is " + userSessionData.getValue("randValue").toString()).build()); return trackProgress(success().output("phoneHome Response is " + userSessionData.getValue("randValue").toString()).build());
} else { } else {
return trackProgress(failed().build()); return trackProgress(failed().build());

3
webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/DOMCrossSiteScriptingVerifier.java
View File

@ -55,8 +55,9 @@ public class DOMCrossSiteScriptingVerifier extends AssignmentEndpoint {
AttackResult completed(@RequestParam String successMessage) throws IOException { AttackResult completed(@RequestParam String successMessage) throws IOException {
UserSessionData userSessionData = getUserSessionData(); UserSessionData userSessionData = getUserSessionData();
String answer = (String) userSessionData.getValue("randValue");
if (successMessage.equals(userSessionData.getValue("randValue").toString())) { if (successMessage.equals(answer)) {
return trackProgress(success().feedback("xss-dom-message-success").build()); return trackProgress(success().feedback("xss-dom-message-success").build());
} else { } else {
return trackProgress(failed().feedback("xss-dom-message-failure").build()); return trackProgress(failed().feedback("xss-dom-message-failure").build());