dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix issue with looking for all directories one present should be enough

Browse Source
This commit is contained in:
Nanne Baars 2021-03-28 18:36:15 +02:00 committed by Nanne Baars
parent 68a53bc5dc
commit ce6e4d2090
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/ContentTypeAssignment.java
View File

@ -41,7 +41,7 @@ import javax.servlet.http.HttpServletRequest;
public class ContentTypeAssignment extends AssignmentEndpoint { public class ContentTypeAssignment extends AssignmentEndpoint {
private static final String[] DEFAULT_LINUX_DIRECTORIES = {"usr", "etc", "var"}; private static final String[] DEFAULT_LINUX_DIRECTORIES = {"usr", "etc", "var"};
private static final String[] DEFAULT_WINDOWS_DIRECTORIES = {"Windows", "Program Files (x86)", "Program Files"}; private static final String[] DEFAULT_WINDOWS_DIRECTORIES = {"Windows", "Program Files (x86)", "Program Files", "pagefile.sys"};
@Value("${webgoat.server.directory}") @Value("${webgoat.server.directory}")
private String webGoatHomeDirectory; private String webGoatHomeDirectory;
@ -83,9 +83,9 @@ public class ContentTypeAssignment extends AssignmentEndpoint {
private boolean checkSolution(Comment comment) { private boolean checkSolution(Comment comment) {
String[] directoriesToCheck = OS.isFamilyMac() || OS.isFamilyUnix() ? DEFAULT_LINUX_DIRECTORIES : DEFAULT_WINDOWS_DIRECTORIES; String[] directoriesToCheck = OS.isFamilyMac() || OS.isFamilyUnix() ? DEFAULT_LINUX_DIRECTORIES : DEFAULT_WINDOWS_DIRECTORIES;
boolean success = true; boolean success = false;
for (String directory : directoriesToCheck) { for (String directory : directoriesToCheck) {
success &= org.apache.commons.lang3.StringUtils.contains(comment.getText(), directory); success |= org.apache.commons.lang3.StringUtils.contains(comment.getText(), directory);
} }
return success; return success;
} }

6
webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/SimpleXXE.java
View File

@ -54,7 +54,7 @@ import javax.servlet.http.HttpServletRequest;
public class SimpleXXE extends AssignmentEndpoint { public class SimpleXXE extends AssignmentEndpoint {
private static final String[] DEFAULT_LINUX_DIRECTORIES = {"usr", "etc", "var"}; private static final String[] DEFAULT_LINUX_DIRECTORIES = {"usr", "etc", "var"};
private static final String[] DEFAULT_WINDOWS_DIRECTORIES = {"Windows", "Program Files (x86)", "Program Files"}; private static final String[] DEFAULT_WINDOWS_DIRECTORIES = {"Windows", "Program Files (x86)", "Program Files", "pagefile.sys"};
@Value("${webgoat.server.directory}") @Value("${webgoat.server.directory}")
private String webGoatHomeDirectory; private String webGoatHomeDirectory;
@ -88,9 +88,9 @@ public class SimpleXXE extends AssignmentEndpoint {
private boolean checkSolution(Comment comment) { private boolean checkSolution(Comment comment) {
String[] directoriesToCheck = OS.isFamilyMac() || OS.isFamilyUnix() ? DEFAULT_LINUX_DIRECTORIES : DEFAULT_WINDOWS_DIRECTORIES; String[] directoriesToCheck = OS.isFamilyMac() || OS.isFamilyUnix() ? DEFAULT_LINUX_DIRECTORIES : DEFAULT_WINDOWS_DIRECTORIES;
boolean success = true; boolean success = false;
for (String directory : directoriesToCheck) { for (String directory : directoriesToCheck) {
success &= org.apache.commons.lang3.StringUtils.contains(comment.getText(), directory); success |= org.apache.commons.lang3.StringUtils.contains(comment.getText(), directory);
} }
return success; return success;
} }