dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add a new lesson "How to add a new lesson" under new category "New Lessons"

Browse Source 
Modified the existing lessons to present the solution in the last hint

git-svn-id: http://webgoat.googlecode.com/svn/trunk@31 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
sherif.fathy
2006-11-11 22:41:42 +00:00
parent e5b3b00b0f
commit 99779ea2e9
9 changed files with 46 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java
View File

@ -103,6 +103,8 @@ public abstract class AbstractLesson extends Screen implements Comparable
* Description of the Field
*/
public final static Category WEB_SERVICES = new Category( "Web Services", new Integer( 1110 ) );
public final static Category NEW_LESSON = new Category ( "New Lessons" , new Integer ( 1210 ) );
public final static Category ADMIN_FUNCTIONS = new Category( "Admin Functions", new Integer( 10 ) );
@ -160,6 +162,7 @@ public abstract class AbstractLesson extends Screen implements Comparable
categories.add(A9);
categories.add(A10);
categories.add(WEB_SERVICES);
categories.add(NEW_LESSON);
categories.add(ADMIN_FUNCTIONS);
categories.add(GENERAL);
categories.add(CODE_QUALITY);

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
View File

@ -89,8 +89,8 @@ public class CSRF extends LessonAdapter {
protected List getHints() {
List<String> hints = new ArrayList<String>();
hints.add( "Enter some text and try to include an image in there." );
hints.add( "The format of an image in html is <pre>&lt;img src=\"[URL]\" width=\"1\" height=\"1\" /&gt;</pre>");
hints.add( "In order to make the picture almost invisible try to add width=\"1\" and height=\"1\"." );
hints.add( "The format of an image in html is <pre>&lt;img src=\"[URL]\" width=\"1\" height=\"1\" /&gt;</pre>");
return hints;
}

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java
View File

@ -67,7 +67,7 @@ public class ForcedBrowsing extends LessonAdapter
hints.add( "Try to guess the URL for the config page" );
hints.add( "The config page is guessable and hackable" );
hints.add( "Play with the URL and try to guess what the can you replace 'attack' with." );
hints.add( "Try to navigate to http://localhost:8080/WebGoat/config" );
return hints;
}

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
View File

@ -95,7 +95,7 @@ public class HttpSplitting extends LessonAdapter {
hints.add( "Use CR (%0d) and LF (%0a) for a new line" );
hints.add( "The Content-Length: 0 will tell the server that the first request is over." );
hints.add( "A 200 OK message looks like this: HTTP/1.1 200 OK" );
hints.add( "Try French%0d%0aContent-Length: 0%0d%0aHTTP/1.1 200 OK" );
return hints;
}

20
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ParameterInjection.java → webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/NewLesson.java
View File

@ -11,10 +11,10 @@ import org.owasp.webgoat.session.WebSession;
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
* this software.
*
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @author Sherif Koussa <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
public class ParameterInjection extends LessonAdapter
public class NewLesson extends LessonAdapter
{
/**
* Description of the Method
@ -25,22 +25,20 @@ public class ParameterInjection extends LessonAdapter
protected Element createContent( WebSession s )
{
// just to get the generic how to text.
return super.createContent(s);
makeSuccess(s);
return( new StringElement( "Welcome to the WebGoat hall of fame !!" ) );
}
/**
* Gets the category attribute of the CommandInjection object
* Gets the category attribute of the NEW_LESSON object
*
* @return The category value
*/
protected Category getDefaultCategory()
{
return AbstractLesson.A6;
return AbstractLesson.NEW_LESSON;
}
private final static Integer DEFAULT_RANKING = new Integer(40);
private final static Integer DEFAULT_RANKING = new Integer(10);
protected Integer getDefaultRanking()
{
@ -54,12 +52,12 @@ public class ParameterInjection extends LessonAdapter
*/
public String getTitle()
{
return ( "How to Perform Parameter Injection" );
return ( "How to add a new WebGoat lesson" );
}
public Element getCredits()
{
return new StringElement("This screen created by: Your name could go here");
return new StringElement("This screen created by: Sherif Koussa");
}
}