From 8b61811278d52207c84ec2e031344595effe6596 Mon Sep 17 00:00:00 2001 From: Max Geldner Date: Tue, 11 Dec 2018 11:13:38 +0100 Subject: [PATCH] Added doc to quiz js --- webgoat-container/src/main/resources/static/js/quiz.js | 9 +++++++++ .../owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java | 2 +- .../src/main/resources/html/SqlInjectionAdvanced.html | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/webgoat-container/src/main/resources/static/js/quiz.js b/webgoat-container/src/main/resources/static/js/quiz.js index 8dcdf4e28..e1f844063 100644 --- a/webgoat-container/src/main/resources/static/js/quiz.js +++ b/webgoat-container/src/main/resources/static/js/quiz.js @@ -1,3 +1,12 @@ +/** +This is the basic javascript that can be used for a quiz assignment. It is made for single choice quizzes (tho a multiple choice extension should be easy to make). +Basic steps for implementing a quiz: +1. HTML: include this js script file for the assignment, build a basic form, where you include a #q_container div element, create a submit button with "Quiz_solutions" as name attribute +2. JSON: Create a JSON-file with the name questions_lesson_name.json, include a span element #quiz_id with lesson_name as the data-quiz_id attribute. Build a JSON file like the one in sql-injection -> resources -> js +3. Java: Create a normal assignment that has a String[] where the correct solutions are contained in the form of "Solution [i]", replace [i] with the position of the solution beginning at 1. + The request parameters will contain the answer in full text with "Solution [i]" in front of the text. Use them to check the answers validity. +**/ + $(function () { var json = ""; var client = new XMLHttpRequest(); diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java index 02a2a4a11..8040b4fe6 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java @@ -16,10 +16,10 @@ import java.sql.SQLException; import java.sql.Statement; /** - * @TODO: Get JSON from file not from hardcoded string * add a question: 1. Append new question to JSON string * 2. add right solution to solutions array * 3. add Request param with name of question to method head + * For a more detailed description how to implement the quiz go to the quiz.js file in webgoat-container -> js */ @AssignmentPath("/SqlInjection/quiz") public class SqlInjectionQuiz extends AssignmentEndpoint { diff --git a/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html b/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html index 278a56c2a..6a8ad5964 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html +++ b/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html @@ -173,7 +173,7 @@ method="POST" name="form" action="SqlInjection/quiz" enctype="application/json;charset=UTF-8" role="form"> -
+