From a9fe7e60990227d213872df3f194790552a29a2d Mon Sep 17 00:00:00 2001 From: "rogan.dawes" Date: Wed, 25 Jul 2007 12:57:57 +0000 Subject: [PATCH] Implement non-coding modes for the labs git-svn-id: http://webgoat.googlecode.com/svn/trunk@211 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../lessons/CrossSiteScripting/CrossSiteScripting.java | 4 +++- .../DBCrossSiteScripting/DBCrossSiteScripting.java | 4 +++- .../webgoat/lessons/DBSQLInjection/DBSQLInjection.java | 4 +++- .../RoleBasedAccessControl/RoleBasedAccessControl.java | 4 +++- .../owasp/webgoat/lessons/SQLInjection/SQLInjection.java | 4 +++- .../org/owasp/webgoat/session/WebgoatContext.java | 9 +++++++++ webgoat/main/project/WebContent/WEB-INF/web-unix.xml | 5 +++++ webgoat/main/project/WebContent/WEB-INF/web-windows.xml | 5 +++++ webgoat/main/project/WebContent/WEB-INF/web.xml | 5 +++++ 9 files changed, 39 insertions(+), 5 deletions(-) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java index 09489f9e6..cc394ba60 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java @@ -197,7 +197,9 @@ public class CrossSiteScripting extends GoatHillsFinancial @Override public String[] getStages() { - return new String[] {STAGE1, STAGE2, STAGE3, STAGE4, STAGE5, STAGE6}; + if (getWebgoatContext().isCodingExercises()) + return new String[] {STAGE1, STAGE2, STAGE3, STAGE4, STAGE5, STAGE6}; + return new String[] {STAGE1, STAGE3, STAGE5}; } public void handleRequest(WebSession s) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java index cf2eea621..5c149c70c 100755 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java @@ -153,7 +153,9 @@ public class DBCrossSiteScripting extends GoatHillsFinancial @Override public String[] getStages() { - return new String[] {STAGE1, STAGE2}; + if (getWebgoatContext().isCodingExercises()) + return new String[] {STAGE1, STAGE2}; + return new String[] {STAGE1}; } public void handleRequest(WebSession s) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java index b601de862..e8ccedb4f 100755 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java @@ -124,7 +124,9 @@ public class DBSQLInjection extends GoatHillsFinancial @Override public String[] getStages() { - return new String[] {STAGE1, STAGE2}; + if (getWebgoatContext().isCodingExercises()) + return new String[] {STAGE1, STAGE2}; + return new String[] {STAGE1}; } /** diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java index c58f81d89..23b5ca4d1 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java @@ -123,7 +123,9 @@ public class RoleBasedAccessControl extends GoatHillsFinancial @Override public String[] getStages() { - return new String[] {STAGE1, STAGE2, STAGE3, STAGE4}; + if (getWebgoatContext().isCodingExercises()) + return new String[] {STAGE1, STAGE2, STAGE3, STAGE4}; + return new String[] {STAGE1, STAGE3}; } /** diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java index b8adbe977..4f6210f77 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java @@ -131,7 +131,9 @@ public class SQLInjection extends GoatHillsFinancial @Override public String[] getStages() { - return new String[] {STAGE1, STAGE2, STAGE3, STAGE4}; + if (getWebgoatContext().isCodingExercises()) + return new String[] {STAGE1, STAGE2, STAGE3, STAGE4}; + return new String[] {STAGE1, STAGE3}; } /** diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java index a7fcbef3e..588a21601 100755 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java @@ -14,6 +14,8 @@ public class WebgoatContext { public final static String ENTERPRISE = "Enterprise"; + public final static String CODING_EXERCISES = "CodingExercises"; + public final static String SHOWCOOKIES = "ShowCookies"; public final static String SHOWPARAMS = "ShowParams"; @@ -52,6 +54,8 @@ public class WebgoatContext { private boolean enterprise = false; + private boolean codingExercises = false; + private String feedbackAddress = "webgoat@owasp.org"; private boolean isDebug = false; @@ -74,6 +78,7 @@ public class WebgoatContext { showSource = "true".equals( servlet.getInitParameter( SHOWSOURCE ) ); defuseOSCommands = "true".equals( servlet.getInitParameter( DEFUSEOSCOMMANDS ) ); enterprise = "true".equals( servlet.getInitParameter( ENTERPRISE ) ); + codingExercises = "true".equals( servlet.getInitParameter( CODING_EXERCISES ) ); feedbackAddress = servlet.getInitParameter( FEEDBACK_ADDRESS ) != null ? servlet .getInitParameter( FEEDBACK_ADDRESS ) : feedbackAddress; showRequest = "true".equals( servlet.getInitParameter( SHOWREQUEST ) ); @@ -141,6 +146,10 @@ public class WebgoatContext { return enterprise; } + public boolean isCodingExercises() { + return codingExercises; + } + public String getFeedbackAddress() { return feedbackAddress; } diff --git a/ webgoat/main/project/WebContent/WEB-INF/web-unix.xml b/ webgoat/main/project/WebContent/WEB-INF/web-unix.xml index e488f348e..a7acfa348 100644 --- a/ webgoat/main/project/WebContent/WEB-INF/web-unix.xml +++ b/ webgoat/main/project/WebContent/WEB-INF/web-unix.xml @@ -131,6 +131,11 @@ true + + CodingExercises + true + + diff --git a/ webgoat/main/project/WebContent/WEB-INF/web-windows.xml b/ webgoat/main/project/WebContent/WEB-INF/web-windows.xml index e488f348e..a7acfa348 100644 --- a/ webgoat/main/project/WebContent/WEB-INF/web-windows.xml +++ b/ webgoat/main/project/WebContent/WEB-INF/web-windows.xml @@ -131,6 +131,11 @@ true + + CodingExercises + true + + diff --git a/ webgoat/main/project/WebContent/WEB-INF/web.xml b/ webgoat/main/project/WebContent/WEB-INF/web.xml index e488f348e..a7acfa348 100755 --- a/ webgoat/main/project/WebContent/WEB-INF/web.xml +++ b/ webgoat/main/project/WebContent/WEB-INF/web.xml @@ -131,6 +131,11 @@ true + + CodingExercises + true + +