From be305518509069e94e8b2695760faefba483e2ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=80ngel=20Oll=C3=A9=20Bl=C3=A1zquez?= <angel@olleb.com>
Date: Sun, 27 Aug 2023 14:23:34 +0200
Subject: [PATCH] fix: potential NPE in the stored XSS assignment

---
 .../lessons/xss/stored/StoredCrossSiteScriptingVerifier.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java b/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java
index 1b5d9f96f..9502c5f77 100644
--- a/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java
+++ b/src/main/java/org/owasp/webgoat/lessons/xss/stored/StoredCrossSiteScriptingVerifier.java
@@ -39,7 +39,7 @@ public class StoredCrossSiteScriptingVerifier extends AssignmentEndpoint {
   public AttackResult completed(@RequestParam String successMessage) {
     UserSessionData userSessionData = getUserSessionData();
 
-    if (successMessage.equals(userSessionData.getValue("randValue").toString())) {
+    if (successMessage.equals(userSessionData.getValue("randValue"))) {
       return success(this).feedback("xss-stored-callback-success").build();
     } else {
       return failed(this).feedback("xss-stored-callback-failure").build();