Inserted quiz into sql injection advanced

2018-11-06 12:12:35 +01:00 · 2018-11-06 12:12:35 +01:00 · cd3f7ea924
commit cd3f7ea924
parent 14f4b42ba5
4 changed files with 92 additions and 0 deletions
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionQuiz.java
@ -0,0 +1,55 @@
+package org.owasp.webgoat.plugin.advanced;
+
+import org.owasp.webgoat.assignments.AssignmentEndpoint;
+import org.owasp.webgoat.assignments.AssignmentPath;
+import org.owasp.webgoat.assignments.AttackResult;
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import java.io.IOException;
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+/**
+ * @TODO: Get JSON from file not from hardcoded string
+ * add a question: 1. Append new question to JSON string
+ * 2. add right solution to solutions array
+ * 3. add Request param with name of question to method head
+ */
+@AssignmentPath("/SqlInjection/quiz")
+public class SqlInjectionQuiz extends AssignmentEndpoint {
+
+    String[] solutions = {"Solution 4", "Solution 3", "Solution 2", "Solution 3", "Solution 4"};
+
+    @RequestMapping(method = RequestMethod.POST)
+    @ResponseBody
+    public AttackResult completed(@RequestParam String[] question_0_solution, @RequestParam String[] question_1_solution, @RequestParam String[] question_2_solution, @RequestParam String[] question_3_solution, @RequestParam String[] question_4_solution) throws IOException {
+        boolean correct = false;
+        String[][] solutionsInput = {question_0_solution, question_1_solution, question_2_solution, question_3_solution, question_4_solution};
+        int counter = 0;
+        for(String[] sa : solutionsInput) {
+            for(String s : sa) {
+                if(sa.length == 1 && s.contains(this.solutions[counter])) {
+                    correct = true;
+                    break;
+                } else {
+                    correct = false;
+                    continue;
+                }
+            }
+            if(!correct) break;
+            counter++;
+        }
+        if(correct) {
+            return trackProgress(success().build());
+        } else {
+            return trackProgress(failed().build());
+        }
+    }
+
+}
--- a/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html
+++ b/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html
@ -161,6 +161,23 @@
        <div class="attack-output"></div>
    </div>
 </div>
+<div class="lesson-page-wrapper">
+    <script th:src="@{/lesson_js/quiz.js}" language="JavaScript"></script>
+    <div class="adoc-content" th:replace="doc:SqlInjection_quiz.adoc"></div>
+        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
+        <div class="container-fluid">
+            <form id="quiz-form" class="attack-form" accept-charset="UNKNOWN"
+                  method="POST" name="form"
+                  action="SqlInjection/quiz"
+                  enctype="application/json;charset=UTF-8" role="form">
+            <div id="q_container"></div>
+                <br />
+            <input name="Quiz_solutions" value="Submit answers" type="SUBMIT"/>
+            </form>
+        </div>
+        <div class="attack-feedback"></div>
+        <div class="attack-output"></div>
+</div>


 </html>
--- a/webgoat-lessons/sql-injection/src/main/resources/js/quiz.js
+++ b/webgoat-lessons/sql-injection/src/main/resources/js/quiz.js
@ -0,0 +1,19 @@
+$(function () {
+    console.log("entry");
+    let questionsJson = '{"questions": [ { "text": "What is the difference between a prepared statement and a statement?", "solutions": { "1": "Prepared statements are statements with hard-coded parameters.", "2": "Prepared statements are not stored in the database.", "3": "A statement is faster.", "4": "A statement has got values instead of a prepared statement" } }, { "text": "Which one of the following characters is a placeholder for variables?", "solutions": { "1": "\'", "2": "=", "3": "?", "4": "!" } }, { "text": "How can prepared statements be faster than statements?", "solutions": { "1": "They are not static so they can compile better written code than statements.", "2": "Prepared statements are compiled once by the database management system waiting for input and are pre-compiled this way.", "3": "Prepared statements are stored and wait for input it raises performance considerably.", "4": "Oracle optimized prepared statements. Because of the minimal use of the database\'s resources it is faster." } }, { "text": "How can a prepared statement prevent SQL-Injection?", "solutions": { "1": "Prepared statements have got an inner check to distinguish between input and logical errors.", "2": "Prepared statements use the placeholders to make rules what input is allowed to use.", "3": "Placeholders can prevent that the user\'s input gets attached to the SQL query resulting in a seperation of code and data.", "4": "Prepared statements always read inputs literally and never mixes it with its SQL commands." } }, { "text": "What happens if a person with malicious intent writes into a register form :Robert\'); DROP TABLE Students;-- that has a prepared statement?", "solutions": { "1": "The table Students and all of its content will be deleted.", "2": "The input deletes all students with the name Robert.", "3": "The database registers: \'Robert\' and deletes the table afterwards.", "4": "The database registers: \'Robert\' ); DROP TABLE Students;--\'." } } ] }';
+    var questionsObj = JSON.parse(questionsJson);
+    let html = "";
+    jQuery.each(questionsObj, function(i, obj) {
+        jQuery.each(obj, function(j, quest) {
+          html += "<div id='question_" + j + "' class='quiz_question attack-container' name='question'><p>" + (j+1) + ".&nbsp;" + quest.text + "</p>";
+          html += "<fieldset>";
+          jQuery.each(quest.solutions, function(k, solution) {
+          //question_' + j + '_solution_' + k + '" value="' + solution + '
+            solution = "Solution " + k + ": " + solution;
+            html += '<input type="checkbox" name="question_' + j +'_solution" value="' + solution + '">' + solution + '<br>';
+          });
+          html += "</fieldset></div>";
+        });
+    });
+    document.getElementById("q_container").innerHTML = html;
+});
--- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_quiz.adoc
+++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_quiz.adoc
@ -0,0 +1 @@
+Now it's time for a quiz! It is recommended to do all SQL-Injection lessons before trying the quiz. Answer all questions correctly to complete the assignment.
				`@ -0,0 +1 @@`
				`Now it's time for a quiz! It is recommended to do all SQL-Injection lessons before trying the quiz. Answer all questions correctly to complete the assignment.`