Implement non-coding modes for the labs

git-svn-id: http://webgoat.googlecode.com/svn/trunk@211 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-25 12:57:57 +00:00 · 2007-07-25 12:57:57 +00:00 · a9fe7e6099
commit a9fe7e6099
parent f62eb33c4b
9 changed files with 39 additions and 5 deletions
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
@ -197,7 +197,9 @@ public class CrossSiteScripting extends GoatHillsFinancial

    @Override
 	public String[] getStages() {
+    	if (getWebgoatContext().isCodingExercises())
    		return new String[] {STAGE1, STAGE2, STAGE3, STAGE4, STAGE5, STAGE6};
+    	return new String[] {STAGE1, STAGE3, STAGE5};
 	}

    public void handleRequest(WebSession s)
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java
@ -153,7 +153,9 @@ public class DBCrossSiteScripting extends GoatHillsFinancial

    @Override
 	public String[] getStages() {
+    	if (getWebgoatContext().isCodingExercises())
    		return new String[] {STAGE1, STAGE2};
+    	return new String[] {STAGE1};
 	}

    public void handleRequest(WebSession s)
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
@ -124,7 +124,9 @@ public class DBSQLInjection extends GoatHillsFinancial

    @Override
 	public String[] getStages() {
+    	if (getWebgoatContext().isCodingExercises())
    		return new String[] {STAGE1, STAGE2};
+    	return new String[] {STAGE1};
 	}

    /**
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
@ -123,7 +123,9 @@ public class RoleBasedAccessControl extends GoatHillsFinancial

    @Override
 	public String[] getStages() {
+    	if (getWebgoatContext().isCodingExercises())
    		return new String[] {STAGE1, STAGE2, STAGE3, STAGE4};
+    	return new String[] {STAGE1, STAGE3};
 	}

    /**
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
@ -131,7 +131,9 @@ public class SQLInjection extends GoatHillsFinancial

    @Override
 	public String[] getStages() {
+    	if (getWebgoatContext().isCodingExercises())
    		return new String[] {STAGE1, STAGE2, STAGE3, STAGE4};
+    	return new String[] {STAGE1, STAGE3};
 	}

    /**
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java
@ -14,6 +14,8 @@ public class WebgoatContext {

 	public final static String ENTERPRISE = "Enterprise";

+	public final static String CODING_EXERCISES = "CodingExercises";
+	
 	public final static String SHOWCOOKIES = "ShowCookies";

 	public final static String SHOWPARAMS = "ShowParams";
@ -52,6 +54,8 @@ public class WebgoatContext {

 	private boolean enterprise = false;

+	private boolean codingExercises = false;
+	
 	private String feedbackAddress = "<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>";

 	private boolean isDebug = false;
@ -74,6 +78,7 @@ public class WebgoatContext {
 		showSource = "true".equals( servlet.getInitParameter( SHOWSOURCE ) );
 		defuseOSCommands = "true".equals( servlet.getInitParameter( DEFUSEOSCOMMANDS ) );
 		enterprise = "true".equals( servlet.getInitParameter( ENTERPRISE ) );
+		codingExercises = "true".equals( servlet.getInitParameter( CODING_EXERCISES ) );
 		feedbackAddress = servlet.getInitParameter( FEEDBACK_ADDRESS ) != null ? servlet
 				.getInitParameter( FEEDBACK_ADDRESS ) : feedbackAddress;
 		showRequest = "true".equals( servlet.getInitParameter( SHOWREQUEST ) );
@ -141,6 +146,10 @@ public class WebgoatContext {
 		return enterprise;
 	}

+	public boolean isCodingExercises() {
+		return codingExercises;
+	}
+	
 	public String getFeedbackAddress() {
 		return feedbackAddress;
 	}
--- a/webgoat/main/project/WebContent/WEB-INF/web-unix.xml
+++ b/webgoat/main/project/WebContent/WEB-INF/web-unix.xml
@ -131,6 +131,11 @@
            <param-value>true</param-value>
      </init-param>
      
+      <init-param>
+            <param-name>CodingExercises</param-name>
+            <param-value>true</param-value>
+      </init-param>
+      
      <init-param>
      		<!-- Specify an address where you would like comments to be sent.  -->
      		<!-- This can be any URL or HTML tags, and will appear on the report card and lesson incomplete pages -->
--- a/webgoat/main/project/WebContent/WEB-INF/web-windows.xml
+++ b/webgoat/main/project/WebContent/WEB-INF/web-windows.xml
@ -131,6 +131,11 @@
            <param-value>true</param-value>
      </init-param>
      
+      <init-param>
+            <param-name>CodingExercises</param-name>
+            <param-value>true</param-value>
+      </init-param>
+      
      <init-param>
      		<!-- Specify an address where you would like comments to be sent.  -->
      		<!-- This can be any URL or HTML tags, and will appear on the report card and lesson incomplete pages -->
--- a/webgoat/main/project/WebContent/WEB-INF/web.xml
+++ b/webgoat/main/project/WebContent/WEB-INF/web.xml
@ -131,6 +131,11 @@
            <param-value>true</param-value>
      </init-param>
      
+      <init-param>
+            <param-name>CodingExercises</param-name>
+            <param-value>true</param-value>
+      </init-param>
+      
      <init-param>
      		<!-- Specify an address where you would like comments to be sent.  -->
      		<!-- This can be any URL or HTML tags, and will appear on the report card and lesson incomplete pages -->