dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Navigation and links are not the same after reboot #194

Browse Source
This commit is contained in:
Nanne Baars 2016-09-10 16:14:10 +02:00
parent 4133089d09
commit 8050bd52c4
1 changed files with 43 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
View File

@ -35,35 +35,37 @@ import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import static java.lang.Math.abs;
/** /**
************************************************************************************************* * ************************************************************************************************
* * <p>
* * <p>
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/ * please see http://www.owasp.org/
* * <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew * Copyright (c) 2002 - 20014 Bruce Mayhew
* * <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the * This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the * GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version. * License, or (at your option) any later version.
* * <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details. * General Public License for more details.
* * <p>
* You should have received a copy of the GNU General Public License along with this program; if * You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA. * 02111-1307, USA.
* * <p>
* Getting Source ============== * Getting Source ==============
* * <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects. * projects.
* *
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a> * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @since October 28, 2003
* @version $Id: $Id * @version $Id: $Id
* @since October 28, 2003
*/ */
public abstract class AbstractLesson extends Screen implements Comparable<Object> { public abstract class AbstractLesson extends Screen implements Comparable<Object> {
@ -74,7 +76,9 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
*/ */
public final static String ADMIN_ROLE = "admin"; public final static String ADMIN_ROLE = "admin";
/** Constant <code>CHALLENGE_ROLE="challenge"</code> */ /**
* Constant <code>CHALLENGE_ROLE="challenge"</code>
*/
public final static String CHALLENGE_ROLE = "challenge"; public final static String CHALLENGE_ROLE = "challenge";
/** /**
@ -120,7 +124,9 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
* Constructor for the Lesson object * Constructor for the Lesson object
*/ */
public AbstractLesson() { public AbstractLesson() {
id = new Integer(++count); //based on the class name derive an id so the screenId is fixed, should not give clashes based on
//the fact we use the classname and the size is limited
id = abs(this.getClass().getSimpleName().hashCode());
} }
/** /**
@ -185,7 +191,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* {@inheritDoc} * {@inheritDoc}
* * <p>
* Description of the Method * Description of the Method
*/ */
public int compareTo(Object obj) { public int compareTo(Object obj) {
@ -194,7 +200,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* {@inheritDoc} * {@inheritDoc}
* * <p>
* Description of the Method * Description of the Method
*/ */
public boolean equals(Object obj) { public boolean equals(Object obj) {
@ -368,6 +374,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
// @TODO we need to restrict access at the service layer // @TODO we need to restrict access at the service layer
// rather than passing session object around // rather than passing session object around
/** /**
* <p>getHintsPublic.</p> * <p>getHintsPublic.</p>
* *
@ -383,9 +390,9 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
* Fill in a minor hint that will help people who basically get it, but are * Fill in a minor hint that will help people who basically get it, but are
* stuck on somthing silly. * stuck on somthing silly.
* *
* @param s The users WebSession * @param s The users WebSession
* @return The hint1 value
* @param hintNumber a int. * @param hintNumber a int.
* @return The hint1 value
*/ */
public String getHint(WebSession s, int hintNumber) { public String getHint(WebSession s, int hintNumber) {
return "Hint: " + getHints(s).get(hintNumber); return "Hint: " + getHints(s).get(hintNumber);
@ -394,8 +401,8 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* Gets the instructions attribute of the AbstractLesson object * Gets the instructions attribute of the AbstractLesson object
* *
* @return The instructions value
* @param s a {@link org.owasp.webgoat.session.WebSession} object. * @param s a {@link org.owasp.webgoat.session.WebSession} object.
* @return The instructions value
*/ */
public abstract String getInstructions(WebSession s); public abstract String getInstructions(WebSession s);
@ -613,12 +620,12 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* <p>Returns the default "path" portion of a lesson's URL.</p> * <p>Returns the default "path" portion of a lesson's URL.</p>
* * <p>
* * <p>
* Legacy webgoat lesson links are of the form * Legacy webgoat lesson links are of the form
* "attack?Screen=Xmenu=Ystage=Z". This method returns the path portion of * "attack?Screen=Xmenu=Ystage=Z". This method returns the path portion of
* the url, i.e., "attack" in the string above. * the url, i.e., "attack" in the string above.
* * <p>
* Newer, Spring-Controller-based classes will override this method to * Newer, Spring-Controller-based classes will override this method to
* return "*.do"-styled paths. * return "*.do"-styled paths.
* *
@ -630,7 +637,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* Get the link that can be used to request this screen. * Get the link that can be used to request this screen.
* * <p>
* Rendering the link in the browser may result in Javascript sending * Rendering the link in the browser may result in Javascript sending
* additional requests to perform necessary actions or to obtain data * additional requests to perform necessary actions or to obtain data
* relevant to the lesson or the element of the lesson selected by the * relevant to the lesson or the element of the lesson selected by the
@ -645,13 +652,13 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
// mvc update: // mvc update:
return link return link
.append("/").append(getScreenId()) .append("/").append(getScreenId())
.append("/").append(getCategory().getRanking()).toString(); .append("/").append(getCategory().getRanking()).toString();
} }
/** /**
* Get the link to the target servlet. * Get the link to the target servlet.
* * <p>
* Unlike getLink() this method does not require rendering the output of * Unlike getLink() this method does not require rendering the output of
* the request to the link in order to execute the servlet's method with * the request to the link in order to execute the servlet's method with
* conventional HTTP query parameters. * conventional HTTP query parameters.
@ -662,8 +669,8 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
StringBuffer link = new StringBuffer("attack"); StringBuffer link = new StringBuffer("attack");
return link return link
.append("?Screen=").append(getScreenId()) .append("?Screen=").append(getScreenId())
.append("&menu=").append(getCategory().getRanking()).toString(); .append("&menu=").append(getCategory().getRanking()).toString();
} }
/** /**
@ -694,16 +701,16 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
*/ */
public abstract String getCurrentAction(WebSession s); public abstract String getCurrentAction(WebSession s);
/** /**
* Initiates lesson restart functionality * Initiates lesson restart functionality
*/ */
public abstract void restartLesson(); public abstract void restartLesson();
/** /**
* <p>setCurrentAction.</p> * <p>setCurrentAction.</p>
* *
* @param s a {@link org.owasp.webgoat.session.WebSession} object. * @param s a {@link org.owasp.webgoat.session.WebSession} object.
* @param lessonScreen a {@link java.lang.String} object. * @param lessonScreen a {@link java.lang.String} object.
*/ */
public abstract void setCurrentAction(WebSession s, String lessonScreen); public abstract void setCurrentAction(WebSession s, String lessonScreen);
@ -711,7 +718,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* Override this method to implement accesss control in a lesson. * Override this method to implement accesss control in a lesson.
* *
* @param s a {@link org.owasp.webgoat.session.WebSession} object. * @param s a {@link org.owasp.webgoat.session.WebSession} object.
* @param functionId a {@link java.lang.String} object. * @param functionId a {@link java.lang.String} object.
* @param employeeId a int. * @param employeeId a int.
* @return a boolean. * @return a boolean.
@ -723,9 +730,9 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* Override this method to implement accesss control in a lesson. * Override this method to implement accesss control in a lesson.
* *
* @param s a {@link org.owasp.webgoat.session.WebSession} object. * @param s a {@link org.owasp.webgoat.session.WebSession} object.
* @param functionId a {@link java.lang.String} object. * @param functionId a {@link java.lang.String} object.
* @param role a {@link java.lang.String} object. * @param role a {@link java.lang.String} object.
* @return a boolean. * @return a boolean.
*/ */
public boolean isAuthorized(WebSession s, String role, String functionId) { public boolean isAuthorized(WebSession s, String role, String functionId) {
@ -914,7 +921,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
/** /**
* <p>Setter for the field <code>lessonPlanFileName</code>.</p> * <p>Setter for the field <code>lessonPlanFileName</code>.</p>
* *
* @param lang a {@link java.lang.String} object. * @param lang a {@link java.lang.String} object.
* @param lessonPlanFileName a {@link java.lang.String} object. * @param lessonPlanFileName a {@link java.lang.String} object.
*/ */
public void setLessonPlanFileName(String lang, String lessonPlanFileName) { public void setLessonPlanFileName(String lang, String lessonPlanFileName) {
@ -999,6 +1006,4 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
} }
} }