dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

some cleanup, and removing unneeded ClassNotFoundExceptions

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@361 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
brandon.devries
2008-08-12 14:33:22 +00:00
parent 9c84df3d6c
commit 775fdad7c4
10 changed files with 34 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
View File

@ -149,6 +149,9 @@ public class CrossSiteScripting extends GoatHillsFinancial
hints.add("Stage2: The java.util.regex package is useful for filtering string values.");
// Stage 3
hints
.add("Stage3: Browsers recognize and decode HTML entity encoded content after parsing and interpretting HTML tags.");
hints.add("Stage3: An HTML entity encoder is provided in the ParameterParser class.");
// Stage 4
hints
@ -177,7 +180,7 @@ public class CrossSiteScripting extends GoatHillsFinancial
{
instructions = "Stage 1: Execute a Stored Cross Site Scripting (XSS) attack.<br>"
+ "As 'Tom', execute a Stored XSS attack against the Street field on the Edit Profile page. "
+ "Verify that 'Jerry' is affected by the attack. <br/>The passwords for the accounts are the prenames.";
+ "Verify that 'Jerry' is affected by the attack. <br/>(The passwords for the accounts are the first names.)";
}
else if (STAGE2.equals(stage))
{

1
main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java
View File

@ -17,7 +17,6 @@ import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.ValidationException;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.HtmlEncoder;
/***************************************************************************************************

4
main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java
View File

@ -378,10 +378,6 @@ public class UpdateProfile extends DefaultLessonAction
{
sqle.printStackTrace();
s.setMessage("Error updating employee profile");
} catch (ClassNotFoundException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
return uid + 1;
}

4
main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java
View File

@ -4,18 +4,14 @@ package org.owasp.webgoat.lessons.CrossSiteScripting;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import org.apache.ecs.xhtml.html;
import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
import org.owasp.webgoat.session.Employee;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.ParameterParser;
import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.ValidationException;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.HtmlEncoder;
import com.sun.corba.se.spi.activation.Server;
/***************************************************************************************************

17
main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java
View File

@ -118,10 +118,6 @@ public class UpdateProfile extends DefaultLessonAction
setStageComplete(s, DBCrossSiteScripting.STAGE2);
}
} catch (ClassNotFoundException e)
{
s.setMessage("Error updating employee profile");
e.printStackTrace();
}
try
@ -146,10 +142,7 @@ public class UpdateProfile extends DefaultLessonAction
return DBCrossSiteScripting.VIEWPROFILE_ACTION;
}
public void changeEmployeeProfile(WebSession s, int userId, int subjectId, Employee employee) throws SQLException,
ClassNotFoundException
{
try
public void changeEmployeeProfile(WebSession s, int userId, int subjectId, Employee employee) throws SQLException
{
String update = " { CALL UPDATE_EMPLOYEE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?) }";
CallableStatement call = WebSession.getConnection(s).prepareCall(update);
@ -171,10 +164,6 @@ public class UpdateProfile extends DefaultLessonAction
call.setString(15, employee.getDisciplinaryActionNotes());
call.setString(16, employee.getPersonalDescription());
call.executeUpdate();
} catch (ClassNotFoundException e)
{
e.printStackTrace();
}
}
public void createEmployeeProfile(WebSession s, int userId, Employee employee) throws UnauthorizedException
@ -230,10 +219,6 @@ public class UpdateProfile extends DefaultLessonAction
{
sqle.printStackTrace();
s.setMessage("Error updating employee profile");
} catch (ClassNotFoundException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
return uid + 1;
}

4
main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/UpdateProfile.java
View File

@ -167,10 +167,6 @@ public class UpdateProfile extends DefaultLessonAction
{
sqle.printStackTrace();
s.setMessage("Error updating employee profile");
} catch (ClassNotFoundException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
return uid + 1;
}

4
main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/UpdateProfile.java
View File

@ -213,10 +213,6 @@ public class UpdateProfile extends DefaultLessonAction
{
sqle.printStackTrace();
s.setMessage("Error updating employee profile");
} catch (ClassNotFoundException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
return uid + 1;
}

2
main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
View File

@ -115,7 +115,7 @@ public class SQLInjection extends GoatHillsFinancial
.add("Many of WebGoat's database queries are already parameterized. Search the project for PreparedStatement.");
// Stage 3
hints.add("Try entering an employee_id of [ 101 OR 1=1 ORDER BY salary ].");
hints.add("Try entering an employee_id of [ 101 or 1=1 order by salary desc ].");
// Stage 4