Remove unnecessary setMessage() calls
git-svn-id: http://webgoat.googlecode.com/svn/trunk@200 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes
parent
f831487fa2
commit
a2f99be11a
@ -101,7 +101,6 @@ public class FindProfile extends DefaultLessonAction
|
|||||||
&& searchName.indexOf("alert") > -1
|
&& searchName.indexOf("alert") > -1
|
||||||
&& searchName.indexOf("</script>") > -1)
|
&& searchName.indexOf("</script>") > -1)
|
||||||
{
|
{
|
||||||
s.setMessage("Welcome to stage 6 - more input validation");
|
|
||||||
setStageComplete(s, CrossSiteScripting.STAGE5);
|
setStageComplete(s, CrossSiteScripting.STAGE5);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -84,7 +84,6 @@ public class UpdateProfile extends DefaultLessonAction
|
|||||||
if (CrossSiteScripting.STAGE2.equals(getStage(s)))
|
if (CrossSiteScripting.STAGE2.equals(getStage(s)))
|
||||||
{
|
{
|
||||||
setStageComplete(s, CrossSiteScripting.STAGE2);
|
setStageComplete(s, CrossSiteScripting.STAGE2);
|
||||||
s.setMessage("Welcome to stage 3 - demonstrate Stored XSS again");
|
|
||||||
}
|
}
|
||||||
throw e;
|
throw e;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -221,7 +221,6 @@ public class ViewProfile extends DefaultLessonAction
|
|||||||
&& address1.indexOf("</script>") > -1)
|
&& address1.indexOf("</script>") > -1)
|
||||||
{
|
{
|
||||||
setStageComplete(s, CrossSiteScripting.STAGE1);
|
setStageComplete(s, CrossSiteScripting.STAGE1);
|
||||||
s.setMessage("Welcome to stage 2 - implement input validation");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (CrossSiteScripting.STAGE3.equals(stage))
|
else if (CrossSiteScripting.STAGE3.equals(stage))
|
||||||
@ -231,8 +230,6 @@ public class ViewProfile extends DefaultLessonAction
|
|||||||
&& address2.indexOf("alert") > -1
|
&& address2.indexOf("alert") > -1
|
||||||
&& address2.indexOf("</script>") > -1)
|
&& address2.indexOf("</script>") > -1)
|
||||||
{
|
{
|
||||||
s
|
|
||||||
.setMessage("Welcome to stage 4 - implement output encoding");
|
|
||||||
setStageComplete(s, CrossSiteScripting.STAGE3);
|
setStageComplete(s, CrossSiteScripting.STAGE3);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -240,8 +237,6 @@ public class ViewProfile extends DefaultLessonAction
|
|||||||
{
|
{
|
||||||
if (employee.getAddress1().toLowerCase().indexOf("<") > -1)
|
if (employee.getAddress1().toLowerCase().indexOf("<") > -1)
|
||||||
{
|
{
|
||||||
s
|
|
||||||
.setMessage("Welcome to stage 5 - demonstrate reflected XSS");
|
|
||||||
setStageComplete(s, CrossSiteScripting.STAGE4);
|
setStageComplete(s, CrossSiteScripting.STAGE4);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -128,8 +128,6 @@ public class UpdateProfile extends DefaultLessonAction
|
|||||||
if (DBCrossSiteScripting.STAGE2.equals(getStage(s)) && e.getMessage().contains("ORA-06512") &&
|
if (DBCrossSiteScripting.STAGE2.equals(getStage(s)) && e.getMessage().contains("ORA-06512") &&
|
||||||
!employee.getAddress1().matches("^[a-zA-Z0-9,\\. ]{0,80}$"))
|
!employee.getAddress1().matches("^[a-zA-Z0-9,\\. ]{0,80}$"))
|
||||||
{
|
{
|
||||||
s
|
|
||||||
.setMessage("You have successfully completed this lesson");
|
|
||||||
setStageComplete(s, DBCrossSiteScripting.STAGE2);
|
setStageComplete(s, DBCrossSiteScripting.STAGE2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -175,7 +175,6 @@ public class Login extends DefaultLessonAction
|
|||||||
statement.setString(2, password);
|
statement.setString(2, password);
|
||||||
statement.execute();
|
statement.execute();
|
||||||
setStageComplete(s, DBSQLInjection.STAGE2);
|
setStageComplete(s, DBSQLInjection.STAGE2);
|
||||||
s.setMessage("Congratulations, you have completed " + DBSQLInjection.STAGE2);
|
|
||||||
}
|
}
|
||||||
catch (SQLException sqle2){}
|
catch (SQLException sqle2){}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -22,13 +22,16 @@ public abstract class RandomLessonAdapter extends LessonAdapter {
|
|||||||
if (lt.getCompleted()) {
|
if (lt.getCompleted()) {
|
||||||
s.setMessage("Congratulations, you have completed this lab");
|
s.setMessage("Congratulations, you have completed this lab");
|
||||||
} else {
|
} else {
|
||||||
String message = "You have completed " + stage + ".";
|
s.setMessage("You have completed " + stage + ".");
|
||||||
if (! stage.equals(lt.getStage()))
|
if (! stage.equals(lt.getStage()))
|
||||||
message = message + " Welcome to " + lt.getStage();
|
s.setMessage(" Welcome to " + lt.getStage());
|
||||||
s.setMessage(message);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean isStageComplete(WebSession s, String stage) {
|
||||||
|
return getLessonTracker(s).hasCompleted(stage);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public RandomLessonTracker getLessonTracker(WebSession s) {
|
public RandomLessonTracker getLessonTracker(WebSession s) {
|
||||||
return (RandomLessonTracker) super.getLessonTracker(s);
|
return (RandomLessonTracker) super.getLessonTracker(s);
|
||||||
|
|||||||
@ -170,7 +170,6 @@ public class DeleteProfile extends DefaultLessonAction
|
|||||||
RoleBasedAccessControl.DELETEPROFILE_ACTION))
|
RoleBasedAccessControl.DELETEPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
setStageComplete(s, RoleBasedAccessControl.STAGE1);
|
setStageComplete(s, RoleBasedAccessControl.STAGE1);
|
||||||
s.setMessage("Welcome to stage 2 -- protecting the business layer");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch (ParameterNotFoundException e)
|
catch (ParameterNotFoundException e)
|
||||||
|
|||||||
@ -241,7 +241,6 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
|
|||||||
!isAuthorized(s, getUserId(s), RoleBasedAccessControl.DELETEPROFILE_ACTION))
|
!isAuthorized(s, getUserId(s), RoleBasedAccessControl.DELETEPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
setStageComplete(s, STAGE2);
|
setStageComplete(s, STAGE2);
|
||||||
s.setMessage( "Welcome to stage 3 -- exploiting the data layer" );
|
|
||||||
}
|
}
|
||||||
} catch (ParameterNotFoundException pnfe)
|
} catch (ParameterNotFoundException pnfe)
|
||||||
{
|
{
|
||||||
@ -263,7 +262,6 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
|
|||||||
|
|
||||||
if (!action.isAuthorizedForEmployee(s, userId, employeeId))
|
if (!action.isAuthorizedForEmployee(s, userId, employeeId))
|
||||||
{
|
{
|
||||||
s.setMessage("Congratulations. You have successfully completed this lesson.");
|
|
||||||
setStageComplete(s, STAGE4);
|
setStageComplete(s, STAGE4);
|
||||||
}
|
}
|
||||||
} catch (Exception e)
|
} catch (Exception e)
|
||||||
@ -376,7 +374,6 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
|
|||||||
if (RoleBasedAccessControl.DELETEPROFILE_ACTION.equals(requestedActionName) &&
|
if (RoleBasedAccessControl.DELETEPROFILE_ACTION.equals(requestedActionName) &&
|
||||||
!isAuthorized(s, getUserId(s), RoleBasedAccessControl.DELETEPROFILE_ACTION))
|
!isAuthorized(s, getUserId(s), RoleBasedAccessControl.DELETEPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
s.setMessage( "Welcome to stage 3 -- exploiting the data layer" );
|
|
||||||
setStageComplete(s, STAGE2);
|
setStageComplete(s, STAGE2);
|
||||||
}
|
}
|
||||||
} catch (ParameterNotFoundException pnfe)
|
} catch (ParameterNotFoundException pnfe)
|
||||||
@ -399,7 +396,6 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
|
|||||||
|
|
||||||
if (!action.isAuthorizedForEmployee(s, userId, employeeId))
|
if (!action.isAuthorizedForEmployee(s, userId, employeeId))
|
||||||
{
|
{
|
||||||
s.setMessage("Congratulations. You have successfully completed this lesson.");
|
|
||||||
setStageComplete(s, STAGE4);
|
setStageComplete(s, STAGE4);
|
||||||
}
|
}
|
||||||
} catch (Exception e)
|
} catch (Exception e)
|
||||||
|
|||||||
@ -99,7 +99,6 @@ public class ViewProfile extends DefaultLessonAction
|
|||||||
&& !isAuthorizedForEmployee(s, userId, employeeId))
|
&& !isAuthorizedForEmployee(s, userId, employeeId))
|
||||||
{
|
{
|
||||||
setStageComplete(s, RoleBasedAccessControl.STAGE3);
|
setStageComplete(s, RoleBasedAccessControl.STAGE3);
|
||||||
s.setMessage("Welcome to stage 4 -- protecting the data layer");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch (ParameterNotFoundException e)
|
catch (ParameterNotFoundException e)
|
||||||
|
|||||||
@ -286,7 +286,6 @@ public class Login extends DefaultLessonAction
|
|||||||
&& !isAuthenticated(s)
|
&& !isAuthenticated(s)
|
||||||
&& login_BACKUP(s, employeeId, password))
|
&& login_BACKUP(s, employeeId, password))
|
||||||
{
|
{
|
||||||
s.setMessage("Welcome to stage 3");
|
|
||||||
setStageComplete(s, SQLInjection.STAGE2);
|
setStageComplete(s, SQLInjection.STAGE2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -255,8 +255,6 @@ public class ViewProfile extends DefaultLessonAction
|
|||||||
if (targetEmployee != null
|
if (targetEmployee != null
|
||||||
&& targetEmployee.getId() == SQLInjection.PRIZE_EMPLOYEE_ID)
|
&& targetEmployee.getId() == SQLInjection.PRIZE_EMPLOYEE_ID)
|
||||||
{
|
{
|
||||||
s
|
|
||||||
.setMessage("Congratulations. You have successfully completed this lesson");
|
|
||||||
setStageComplete(s, SQLInjection.STAGE4);
|
setStageComplete(s, SQLInjection.STAGE4);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -137,7 +137,6 @@ public class RoleBasedAccessControl_i extends RoleBasedAccessControl
|
|||||||
!isAuthorized(s, getUserId(s), GoatHillsFinancial.DELETEPROFILE_ACTION))
|
!isAuthorized(s, getUserId(s), GoatHillsFinancial.DELETEPROFILE_ACTION))
|
||||||
{
|
{
|
||||||
setStageComplete(s, STAGE2);
|
setStageComplete(s, STAGE2);
|
||||||
s.setMessage( "Welcome to stage 3 -- exploiting the data layer" );
|
|
||||||
}
|
}
|
||||||
} catch (ParameterNotFoundException pnfe)
|
} catch (ParameterNotFoundException pnfe)
|
||||||
{
|
{
|
||||||
@ -159,7 +158,6 @@ public class RoleBasedAccessControl_i extends RoleBasedAccessControl
|
|||||||
|
|
||||||
if (!action.isAuthorizedForEmployee(s, userId, employeeId))
|
if (!action.isAuthorizedForEmployee(s, userId, employeeId))
|
||||||
{
|
{
|
||||||
s.setMessage("Congratulations. You have successfully completed this lesson.");
|
|
||||||
setStageComplete(s, STAGE4);
|
setStageComplete(s, STAGE4);
|
||||||
}
|
}
|
||||||
} catch (Exception e)
|
} catch (Exception e)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user