Inserted quiz into sql injection advanced

2018-11-06 12:12:35 +01:00 · 2018-11-06 12:12:35 +01:00 · cd3f7ea924
commit cd3f7ea924
parent 14f4b42ba5
4 changed files with 92 additions and 0 deletions
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java
@ -0,0 +1,55 @@
 package org.owasp.webgoat.plugin.advanced;
 import org.owasp.webgoat.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.assignments.AssignmentPath;
 import org.owasp.webgoat.assignments.AttackResult;
 import org.owasp.webgoat.session.DatabaseUtilities;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import java.io.IOException;
 import java.sql.Connection;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
 /**
 * @TODO: Get JSON from file not from hardcoded string
 * add a question: 1. Append new question to JSON string
 * 2. add right solution to solutions array
 * 3. add Request param with name of question to method head
 */
@AssignmentPath("/SqlInjection/quiz")
 public class SqlInjectionQuiz extends AssignmentEndpoint {
    String[] solutions = {"Solution 4", "Solution 3", "Solution 2", "Solution 3", "Solution 4"};
    @RequestMapping(method = RequestMethod.POST)
    @ResponseBody
    public AttackResult completed(@RequestParam String[] question_0_solution, @RequestParam String[] question_1_solution, @RequestParam String[] question_2_solution, @RequestParam String[] question_3_solution, @RequestParam String[] question_4_solution) throws IOException {
        boolean correct = false;
        String[][] solutionsInput = {question_0_solution, question_1_solution, question_2_solution, question_3_solution, question_4_solution};
        int counter = 0;
        for(String[] sa : solutionsInput) {
            for(String s : sa) {
                if(sa.length == 1 && s.contains(this.solutions[counter])) {
                    correct = true;
                    break;
                } else {
                    correct = false;
                    continue;
                }
            }
            if(!correct) break;
            counter++;
        }
        if(correct) {
            return trackProgress(success().build());
        } else {
            return trackProgress(failed().build());
        }
    }
 }
--- a/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html
+++ b/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html
@ -161,6 +161,23 @@
        <div class="attack-output"></div>
    </div>
 </div>
 <div class="lesson-page-wrapper">
    <script th:src="@{/lesson_js/quiz.js}" language="JavaScript"></script>
    <div class="adoc-content" th:replace="doc:SqlInjection_quiz.adoc"></div>
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <div class="container-fluid">
            <form id="quiz-form" class="attack-form" accept-charset="UNKNOWN"
                  method="POST" name="form"
                  action="SqlInjection/quiz"
                  enctype="application/json;charset=UTF-8" role="form">
            <div id="q_container"></div>
                <br />
            <input name="Quiz_solutions" value="Submit answers" type="SUBMIT"/>
            </form>
        </div>
        <div class="attack-feedback"></div>
        <div class="attack-output"></div>
 </div>
 </html>
--- a/webgoat-lessons/sql-injection/src/main/resources/js/quiz.js
+++ b/webgoat-lessons/sql-injection/src/main/resources/js/quiz.js
@ -0,0 +1,19 @@
 $(function () {
    console.log("entry");
    let questionsJson = '{"questions": [ { "text": "What is the difference between a prepared statement and a statement?", "solutions": { "1": "Prepared statements are statements with hard-coded parameters.", "2": "Prepared statements are not stored in the database.", "3": "A statement is faster.", "4": "A statement has got values instead of a prepared statement" } }, { "text": "Which one of the following characters is a placeholder for variables?", "solutions": { "1": "\'", "2": "=", "3": "?", "4": "!" } }, { "text": "How can prepared statements be faster than statements?", "solutions": { "1": "They are not static so they can compile better written code than statements.", "2": "Prepared statements are compiled once by the database management system waiting for input and are pre-compiled this way.", "3": "Prepared statements are stored and wait for input it raises performance considerably.", "4": "Oracle optimized prepared statements. Because of the minimal use of the database\'s resources it is faster." } }, { "text": "How can a prepared statement prevent SQL-Injection?", "solutions": { "1": "Prepared statements have got an inner check to distinguish between input and logical errors.", "2": "Prepared statements use the placeholders to make rules what input is allowed to use.", "3": "Placeholders can prevent that the user\'s input gets attached to the SQL query resulting in a seperation of code and data.", "4": "Prepared statements always read inputs literally and never mixes it with its SQL commands." } }, { "text": "What happens if a person with malicious intent writes into a register form :Robert\'); DROP TABLE Students;-- that has a prepared statement?", "solutions": { "1": "The table Students and all of its content will be deleted.", "2": "The input deletes all students with the name Robert.", "3": "The database registers: \'Robert\' and deletes the table afterwards.", "4": "The database registers: \'Robert\' ); DROP TABLE Students;--\'." } } ] }';
    var questionsObj = JSON.parse(questionsJson);
    let html = "";
    jQuery.each(questionsObj, function(i, obj) {
        jQuery.each(obj, function(j, quest) {
          html += "<div id='question_" + j + "' class='quiz_question attack-container' name='question'><p>" + (j+1) + ".&nbsp;" + quest.text + "</p>";
          html += "<fieldset>";
          jQuery.each(quest.solutions, function(k, solution) {
          //question_' + j + '_solution_' + k + '" value="' + solution + '
            solution = "Solution " + k + ": " + solution;
            html += '<input type="checkbox" name="question_' + j +'_solution" value="' + solution + '">' + solution + '<br>';
          });
          html += "</fieldset></div>";
        });
    });
    document.getElementById("q_container").innerHTML = html;
 });
--- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_quiz.adoc
+++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_quiz.adoc
@ -0,0 +1 @@
 Now it's time for a quiz! It is recommended to do all SQL-Injection lessons before trying the quiz. Answer all questions correctly to complete the assignment.
		`@ -0,0 +1 @@`
							`Now it's time for a quiz! It is recommended to do all SQL-Injection lessons before trying the quiz. Answer all questions correctly to complete the assignment.`