From a2f99be11a326eb74c9c90d82946a7a787efc42f Mon Sep 17 00:00:00 2001 From: "rogan.dawes" Date: Wed, 18 Jul 2007 13:37:24 +0000 Subject: [PATCH] Remove unnecessary setMessage() calls git-svn-id: http://webgoat.googlecode.com/svn/trunk@200 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../webgoat/lessons/CrossSiteScripting/FindProfile.java | 1 - .../lessons/CrossSiteScripting/UpdateProfile.java | 1 - .../webgoat/lessons/CrossSiteScripting/ViewProfile.java | 5 ----- .../lessons/DBCrossSiteScripting/UpdateProfile.java | 2 -- .../org/owasp/webgoat/lessons/DBSQLInjection/Login.java | 1 - .../org/owasp/webgoat/lessons/RandomLessonAdapter.java | 9 ++++++--- .../lessons/RoleBasedAccessControl/DeleteProfile.java | 1 - .../RoleBasedAccessControl/RoleBasedAccessControl.java | 4 ---- .../lessons/RoleBasedAccessControl/ViewProfile.java | 1 - .../org/owasp/webgoat/lessons/SQLInjection/Login.java | 1 - .../owasp/webgoat/lessons/SQLInjection/ViewProfile.java | 2 -- .../RoleBasedAccessControl/RoleBasedAccessControl_i.java | 2 -- 12 files changed, 6 insertions(+), 24 deletions(-) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java index ef8e128b2..42bc14f07 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/FindProfile.java @@ -101,7 +101,6 @@ public class FindProfile extends DefaultLessonAction && searchName.indexOf("alert") > -1 && searchName.indexOf("") > -1) { - s.setMessage("Welcome to stage 6 - more input validation"); setStageComplete(s, CrossSiteScripting.STAGE5); } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java index 8fe7f40b0..55f8521d5 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java @@ -84,7 +84,6 @@ public class UpdateProfile extends DefaultLessonAction if (CrossSiteScripting.STAGE2.equals(getStage(s))) { setStageComplete(s, CrossSiteScripting.STAGE2); - s.setMessage("Welcome to stage 3 - demonstrate Stored XSS again"); } throw e; } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java index 44d3ecde1..0f4003972 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/ViewProfile.java @@ -221,7 +221,6 @@ public class ViewProfile extends DefaultLessonAction && address1.indexOf("") > -1) { setStageComplete(s, CrossSiteScripting.STAGE1); - s.setMessage("Welcome to stage 2 - implement input validation"); } } else if (CrossSiteScripting.STAGE3.equals(stage)) @@ -231,8 +230,6 @@ public class ViewProfile extends DefaultLessonAction && address2.indexOf("alert") > -1 && address2.indexOf("") > -1) { - s - .setMessage("Welcome to stage 4 - implement output encoding"); setStageComplete(s, CrossSiteScripting.STAGE3); } } @@ -240,8 +237,6 @@ public class ViewProfile extends DefaultLessonAction { if (employee.getAddress1().toLowerCase().indexOf("<") > -1) { - s - .setMessage("Welcome to stage 5 - demonstrate reflected XSS"); setStageComplete(s, CrossSiteScripting.STAGE4); } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java index 00f39cd0c..0d7865fa3 100755 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/UpdateProfile.java @@ -128,8 +128,6 @@ public class UpdateProfile extends DefaultLessonAction if (DBCrossSiteScripting.STAGE2.equals(getStage(s)) && e.getMessage().contains("ORA-06512") && !employee.getAddress1().matches("^[a-zA-Z0-9,\\. ]{0,80}$")) { - s - .setMessage("You have successfully completed this lesson"); setStageComplete(s, DBCrossSiteScripting.STAGE2); } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java index f09eb173d..7c5deb678 100755 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java @@ -175,7 +175,6 @@ public class Login extends DefaultLessonAction statement.setString(2, password); statement.execute(); setStageComplete(s, DBSQLInjection.STAGE2); - s.setMessage("Congratulations, you have completed " + DBSQLInjection.STAGE2); } catch (SQLException sqle2){} } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RandomLessonAdapter.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RandomLessonAdapter.java index 37efa3e23..402757a83 100755 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RandomLessonAdapter.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RandomLessonAdapter.java @@ -22,13 +22,16 @@ public abstract class RandomLessonAdapter extends LessonAdapter { if (lt.getCompleted()) { s.setMessage("Congratulations, you have completed this lab"); } else { - String message = "You have completed " + stage + "."; + s.setMessage("You have completed " + stage + "."); if (! stage.equals(lt.getStage())) - message = message + " Welcome to " + lt.getStage(); - s.setMessage(message); + s.setMessage(" Welcome to " + lt.getStage()); } } + public boolean isStageComplete(WebSession s, String stage) { + return getLessonTracker(s).hasCompleted(stage); + } + @Override public RandomLessonTracker getLessonTracker(WebSession s) { return (RandomLessonTracker) super.getLessonTracker(s); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/DeleteProfile.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/DeleteProfile.java index 0417b732a..0a21282c1 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/DeleteProfile.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/DeleteProfile.java @@ -170,7 +170,6 @@ public class DeleteProfile extends DefaultLessonAction RoleBasedAccessControl.DELETEPROFILE_ACTION)) { setStageComplete(s, RoleBasedAccessControl.STAGE1); - s.setMessage("Welcome to stage 2 -- protecting the business layer"); } } catch (ParameterNotFoundException e) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java index a2ac0935f..3d52765ae 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java @@ -241,7 +241,6 @@ public class RoleBasedAccessControl extends GoatHillsFinancial !isAuthorized(s, getUserId(s), RoleBasedAccessControl.DELETEPROFILE_ACTION)) { setStageComplete(s, STAGE2); - s.setMessage( "Welcome to stage 3 -- exploiting the data layer" ); } } catch (ParameterNotFoundException pnfe) { @@ -263,7 +262,6 @@ public class RoleBasedAccessControl extends GoatHillsFinancial if (!action.isAuthorizedForEmployee(s, userId, employeeId)) { - s.setMessage("Congratulations. You have successfully completed this lesson."); setStageComplete(s, STAGE4); } } catch (Exception e) @@ -376,7 +374,6 @@ public class RoleBasedAccessControl extends GoatHillsFinancial if (RoleBasedAccessControl.DELETEPROFILE_ACTION.equals(requestedActionName) && !isAuthorized(s, getUserId(s), RoleBasedAccessControl.DELETEPROFILE_ACTION)) { - s.setMessage( "Welcome to stage 3 -- exploiting the data layer" ); setStageComplete(s, STAGE2); } } catch (ParameterNotFoundException pnfe) @@ -399,7 +396,6 @@ public class RoleBasedAccessControl extends GoatHillsFinancial if (!action.isAuthorizedForEmployee(s, userId, employeeId)) { - s.setMessage("Congratulations. You have successfully completed this lesson."); setStageComplete(s, STAGE4); } } catch (Exception e) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/ViewProfile.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/ViewProfile.java index 46a0ffd9a..7ad8c8aad 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/ViewProfile.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/ViewProfile.java @@ -99,7 +99,6 @@ public class ViewProfile extends DefaultLessonAction && !isAuthorizedForEmployee(s, userId, employeeId)) { setStageComplete(s, RoleBasedAccessControl.STAGE3); - s.setMessage("Welcome to stage 4 -- protecting the data layer"); } } catch (ParameterNotFoundException e) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/Login.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/Login.java index 90ad0120f..7cdbf5c0b 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/Login.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/Login.java @@ -286,7 +286,6 @@ public class Login extends DefaultLessonAction && !isAuthenticated(s) && login_BACKUP(s, employeeId, password)) { - s.setMessage("Welcome to stage 3"); setStageComplete(s, SQLInjection.STAGE2); } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ViewProfile.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ViewProfile.java index 3ffcdbee0..22f6b9fdf 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ViewProfile.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ViewProfile.java @@ -255,8 +255,6 @@ public class ViewProfile extends DefaultLessonAction if (targetEmployee != null && targetEmployee.getId() == SQLInjection.PRIZE_EMPLOYEE_ID) { - s - .setMessage("Congratulations. You have successfully completed this lesson"); setStageComplete(s, SQLInjection.STAGE4); } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/RoleBasedAccessControl_i.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/RoleBasedAccessControl_i.java index 46d290c44..eb3b0fc15 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/RoleBasedAccessControl_i.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/RoleBasedAccessControl/RoleBasedAccessControl_i.java @@ -137,7 +137,6 @@ public class RoleBasedAccessControl_i extends RoleBasedAccessControl !isAuthorized(s, getUserId(s), GoatHillsFinancial.DELETEPROFILE_ACTION)) { setStageComplete(s, STAGE2); - s.setMessage( "Welcome to stage 3 -- exploiting the data layer" ); } } catch (ParameterNotFoundException pnfe) { @@ -159,7 +158,6 @@ public class RoleBasedAccessControl_i extends RoleBasedAccessControl if (!action.isAuthorizedForEmployee(s, userId, employeeId)) { - s.setMessage("Congratulations. You have successfully completed this lesson."); setStageComplete(s, STAGE4); } } catch (Exception e)