fix: JWT kid/jku lessons (#1949)

* refactor: rewrite hints Use active voice and fix grammar issues. * fix: use Thymeleaf `th:action` * fix: JWT kid/jku lessons Split the JavaScript into two files they pointed to the same URL The JWTs are now valid, they parse successfully. The paths now include `/kid` and `/jku` to make sure the hints match accordingly in the UI. Otherwise `/delete` would pick up both hints from both assignments as the paths overlap. Closes: #1715 * fix: update to latest pre-commit version * fix: increase timeouts for server to start during integration tests
2024-11-07 15:45:33 +01:00
parent d59153d6d7
commit e1e00bca73
46 changed files with 133 additions and 122 deletions
--- a/src/main/resources/lessons/sqlinjection/html/SqlInjectionMitigations.html
+++ b/src/main/resources/lessons/sqlinjection/html/SqlInjectionMitigations.html
@@ -23,7 +23,7 @@
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_jdbc_completion.adoc}"></div>
    <div class="attack-container">
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
-        <form class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="SqlInjectionMitigations/attack10a">
+        <form class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" th:action="@{/SqlInjectionMitigations/attack10a}">
            <div>
                <p>Connection conn = DriverManager.<input type="text" name="field1" id="field1" />(DBURL, DBUSER, DBPW);</p>
                <p><input type="text" name="field2" id="field2" /> = conn.<input type="text" name="field3" id="field3" />("SELECT status FROM users WHERE name=<input type="text" name="field4" id="field4" /> AND mail=<input type="text" name="field5" id="field5" />");</p>
@@ -42,7 +42,7 @@
 <div class="lesson-page-wrapper">
    <div class="adoc-content" th:replace="~{doc:lessons/sqlinjection/documentation/SqlInjection_jdbc_newcode.adoc}"></div>
    <div class="attack-container" style="border: none !important; height: 100%; min-height: 300px;">
-        <form id="codesubmit" style="height: 100%; min-height: 300px;" class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" action="SqlInjectionMitigations/attack10b">
+        <form id="codesubmit" style="height: 100%; min-height: 300px;" class="attack-form" accept-charset="UNKNOWN" method="POST" name="form" th:action="@{/SqlInjectionMitigations/attack10b}">
            <div>
                <div id="editor" style="position: absolute; top: 0; right: 0; bottom: 0; left: 0; height: 300px;" name="editor"></div>
                <script th:src="@{/js/libs/ace.js}" type="text/javascript" charset="utf-8"></script>
@@ -72,7 +72,7 @@
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
-              action="SqlOnlyInputValidation/attack"
+              th:action="@{/SqlInjectionMitigations/attack}"
              enctype="application/json;charset=UTF-8">
            <table>
                <tr>
@@ -95,7 +95,7 @@
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
-              action="SqlOnlyInputValidationOnKeywords/attack"
+              th:action="@{/SqlInjectionMitigations/attack}"
              enctype="application/json;charset=UTF-8">
            <table>
                <tr>
@@ -124,7 +124,7 @@
        <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
        <form class="attack-form" accept-charset="UNKNOWN"
              method="POST" name="form"
-              action="SqlInjectionMitigations/attack12a">
+              th:action="@{/SqlInjectionMitigations/attack12a}">
            <div class="container-fluid">
                <div class="row">
                    <div class="panel panel-primary">
@@ -173,7 +173,7 @@
                <br/>
            </div>
        </form>
-        <form class="attack-form" method="POST" name="form" action="SqlInjectionMitigations/attack12a">
+        <form class="attack-form" method="POST" name="form" th:action="@{/SqlInjectionMitigations/attack12a}">
            <div class="form-group">
                <div class="input-group">
                    <div class="input-group-addon">IP address webgoat-prd server:</div>