dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix NPE when request does not contain parameter (#739)

Browse Source
This commit is contained in:
Nanne Baars 2020-01-05 15:14:53 +01:00 committed by René Zubcevic
parent 0d7daf60d9
commit 71f2d2968f
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFGetFlag.java
View File

@ -30,10 +30,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Random; import java.util.Random;
@ -51,7 +48,7 @@ public class CSRFGetFlag {
@RequestMapping(path = "/csrf/basic-get-flag", produces = {"application/json"}, method = RequestMethod.POST) @RequestMapping(path = "/csrf/basic-get-flag", produces = {"application/json"}, method = RequestMethod.POST)
@ResponseBody @ResponseBody
public Map<String, Object> invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { public Map<String, Object> invoke(HttpServletRequest req) {
Map<String, Object> response = new HashMap<>(); Map<String, Object> response = new HashMap<>();
@ -61,7 +58,7 @@ public class CSRFGetFlag {
if (referer.equals("NULL")) { if (referer.equals("NULL")) {
if (req.getParameter("csrf").equals("true")) { if ("true".equals(req.getParameter("csrf"))) {
Random random = new Random(); Random random = new Random();
userSessionData.setValue("csrf-get-success", random.nextInt(65536)); userSessionData.setValue("csrf-get-success", random.nextInt(65536));
response.put("success", true); response.put("success", true);