General cleanup of warnings, fixed a few method scope issues and incorrect use of static references to categories
git-svn-id: http://webgoat.googlecode.com/svn/trunk@30 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
parent
fae3c3f047
commit
e5b3b00b0f
@ -19,7 +19,7 @@ import org.owasp.webgoat.session.WebSession;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
public class LessonSource extends HammerHead
|
public class LessonSource extends HammerHead
|
||||||
|
|||||||
@ -44,7 +44,7 @@ import org.owasp.webgoat.session.WebgoatProperties;
|
|||||||
* published by OWASP under the GPL. You should read and accept the LICENSE before you use, modify
|
* published by OWASP under the GPL. You should read and accept the LICENSE before you use, modify
|
||||||
* and/or redistribute this software.
|
* and/or redistribute this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
public abstract class AbstractLesson extends Screen implements Comparable
|
public abstract class AbstractLesson extends Screen implements Comparable
|
||||||
@ -139,7 +139,7 @@ public abstract class AbstractLesson extends Screen implements Comparable
|
|||||||
final static IMG previousGrey = new IMG( "images/left14.gif" ).setAlt( "Previous" ).setBorder( 0 ).setHspace( 0 )
|
final static IMG previousGrey = new IMG( "images/left14.gif" ).setAlt( "Previous" ).setBorder( 0 ).setHspace( 0 )
|
||||||
.setVspace( 0 );
|
.setVspace( 0 );
|
||||||
|
|
||||||
private static Vector categories = new Vector();
|
private static Vector<Category> categories = new Vector<Category>();
|
||||||
private Integer ranking;
|
private Integer ranking;
|
||||||
private Category category;
|
private Category category;
|
||||||
private boolean hidden;
|
private boolean hidden;
|
||||||
@ -275,7 +275,7 @@ public abstract class AbstractLesson extends Screen implements Comparable
|
|||||||
protected abstract boolean getDefaultHidden();
|
protected abstract boolean getDefaultHidden();
|
||||||
|
|
||||||
|
|
||||||
public void setCategory(String categoryName)
|
public void setCategory_DELETE_ME(String categoryName)
|
||||||
{
|
{
|
||||||
if (categoryName != null)
|
if (categoryName != null)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -103,7 +103,7 @@ public class AccessControlMatrix extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "Many sites attempt to restrict access to resources by role." );
|
hints.add( "Many sites attempt to restrict access to resources by role." );
|
||||||
hints.add( "Developers frequently make mistakes implementing this scheme." );
|
hints.add( "Developers frequently make mistakes implementing this scheme." );
|
||||||
hints.add( "Attempt combinations of users, roles, and resources." );
|
hints.add( "Attempt combinations of users, roles, and resources." );
|
||||||
@ -126,7 +126,7 @@ public class AccessControlMatrix extends LessonAdapter
|
|||||||
private List getResources( List rl )
|
private List getResources( List rl )
|
||||||
{
|
{
|
||||||
// return the resources allowed for these roles
|
// return the resources allowed for these roles
|
||||||
ArrayList list = new ArrayList();
|
ArrayList<String> list = new ArrayList<String>();
|
||||||
|
|
||||||
if ( rl.contains( roles[0] ) )
|
if ( rl.contains( roles[0] ) )
|
||||||
{
|
{
|
||||||
@ -165,7 +165,7 @@ public class AccessControlMatrix extends LessonAdapter
|
|||||||
|
|
||||||
private List getRoles( String user )
|
private List getRoles( String user )
|
||||||
{
|
{
|
||||||
ArrayList list = new ArrayList();
|
ArrayList<String> list = new ArrayList<String>();
|
||||||
|
|
||||||
if ( user.equals( users[0] ) )
|
if ( user.equals( users[0] ) )
|
||||||
{
|
{
|
||||||
|
|||||||
@ -21,7 +21,7 @@ import org.owasp.webgoat.session.WebSession;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
public class BasicAuthentication extends LessonAdapter
|
public class BasicAuthentication extends LessonAdapter
|
||||||
@ -37,12 +37,6 @@ public class BasicAuthentication extends LessonAdapter
|
|||||||
private final static String HEADER_NAME = "header";
|
private final static String HEADER_NAME = "header";
|
||||||
private final static String HEADER_VALUE = "value";
|
private final static String HEADER_VALUE = "value";
|
||||||
|
|
||||||
/**
|
|
||||||
* Save the session so it can be used in a staged lesson
|
|
||||||
*/
|
|
||||||
private WebSession session = null;
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Description of the Method
|
* Description of the Method
|
||||||
*
|
*
|
||||||
@ -51,7 +45,6 @@ public class BasicAuthentication extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
protected Element createContent( WebSession s )
|
protected Element createContent( WebSession s )
|
||||||
{
|
{
|
||||||
session = s;
|
|
||||||
return super.createStagedContent(s);
|
return super.createStagedContent(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -218,7 +211,7 @@ public class BasicAuthentication extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
public List getHints()
|
public List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
// int stage = getLessonTracker(session, BASIC).getStage();
|
// int stage = getLessonTracker(session, BASIC).getStage();
|
||||||
|
|
||||||
// switch ( stage )
|
// switch ( stage )
|
||||||
|
|||||||
@ -108,7 +108,7 @@ public class BlindSqlInjection extends LessonAdapter
|
|||||||
*
|
*
|
||||||
* @return The category value
|
* @return The category value
|
||||||
*/
|
*/
|
||||||
public Category getCategory()
|
protected Category getDefaultCategory()
|
||||||
{
|
{
|
||||||
return AbstractLesson.A6;
|
return AbstractLesson.A6;
|
||||||
}
|
}
|
||||||
@ -151,7 +151,7 @@ public class BlindSqlInjection extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
if (runningOnWindows()) {
|
if (runningOnWindows()) {
|
||||||
hints.add( "Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. " +
|
hints.add( "Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. " +
|
||||||
"Create a SQL statement that you can use as a true/false test and then " +
|
"Create a SQL statement that you can use as a true/false test and then " +
|
||||||
|
|||||||
@ -14,7 +14,7 @@ import org.owasp.webgoat.session.WebSession;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
public class BufferOverflow extends LessonAdapter
|
public class BufferOverflow extends LessonAdapter
|
||||||
@ -52,7 +52,7 @@ public class BufferOverflow extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
public List getHints()
|
public List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "Lesson Hint 1" );
|
hints.add( "Lesson Hint 1" );
|
||||||
hints.add( "Lesson Hint 2" );
|
hints.add( "Lesson Hint 2" );
|
||||||
|
|
||||||
|
|||||||
@ -2,13 +2,10 @@ package org.owasp.webgoat.lessons;
|
|||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Arrays;
|
|
||||||
|
|
||||||
import org.apache.ecs.Element;
|
import org.apache.ecs.Element;
|
||||||
import org.apache.ecs.ElementContainer;
|
import org.apache.ecs.ElementContainer;
|
||||||
import org.apache.ecs.StringElement;
|
import org.apache.ecs.StringElement;
|
||||||
import org.apache.ecs.html.B;
|
|
||||||
import org.apache.ecs.html.H1;
|
|
||||||
import org.apache.ecs.html.Input;
|
import org.apache.ecs.html.Input;
|
||||||
import org.apache.ecs.html.P;
|
import org.apache.ecs.html.P;
|
||||||
import org.apache.ecs.html.TD;
|
import org.apache.ecs.html.TD;
|
||||||
@ -90,7 +87,7 @@ public class CSRF extends LessonAdapter {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected List getHints() {
|
protected List getHints() {
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "Enter some text and try to include an image in there." );
|
hints.add( "Enter some text and try to include an image in there." );
|
||||||
hints.add( "The format of an image in html is <pre><img src=\"[URL]\" width=\"1\" height=\"1\" /></pre>");
|
hints.add( "The format of an image in html is <pre><img src=\"[URL]\" width=\"1\" height=\"1\" /></pre>");
|
||||||
hints.add( "In order to make the picture almost invisible try to add width=\"1\" and height=\"1\"." );
|
hints.add( "In order to make the picture almost invisible try to add width=\"1\" and height=\"1\"." );
|
||||||
|
|||||||
@ -1,5 +1,14 @@
|
|||||||
package org.owasp.webgoat.lessons;
|
package org.owasp.webgoat.lessons;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
|
||||||
|
* Application Security Project (http://www.owasp.org) This software package org.owasp.webgoat.is published by OWASP
|
||||||
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
|
* this software.
|
||||||
|
*
|
||||||
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
|
* @created October 28, 2003
|
||||||
|
*/
|
||||||
public class Category implements Comparable
|
public class Category implements Comparable
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|||||||
@ -43,7 +43,7 @@ import org.owasp.webgoat.util.ExecResults;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
public class Challenge2Screen extends LessonAdapter
|
public class Challenge2Screen extends LessonAdapter
|
||||||
@ -451,7 +451,7 @@ public class Challenge2Screen extends LessonAdapter
|
|||||||
{
|
{
|
||||||
//<START_OMIT_SOURCE>
|
//<START_OMIT_SOURCE>
|
||||||
|
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "You need to gain access to the Java source code for this lesson." );
|
hints.add( "You need to gain access to the Java source code for this lesson." );
|
||||||
hints.add( "Seriously, no more hints -- it's a CHALLENGE!" );
|
hints.add( "Seriously, no more hints -- it's a CHALLENGE!" );
|
||||||
hints.add( "Come on -- give it a rest!" );
|
hints.add( "Come on -- give it a rest!" );
|
||||||
|
|||||||
@ -54,19 +54,21 @@ public class CommandInjection extends LessonAdapter
|
|||||||
{
|
{
|
||||||
index = helpFile.indexOf(';');
|
index = helpFile.indexOf(';');
|
||||||
}
|
}
|
||||||
|
index = index + 1;
|
||||||
|
int helpFileLen = helpFile.length() -1; // subtract 1 for the closing quote
|
||||||
|
System.out.println("Command = [" + helpFile.substring(index, helpFileLen).trim().toLowerCase() + "]");
|
||||||
if (( osName.indexOf( "Windows" ) != -1 &&
|
if (( osName.indexOf( "Windows" ) != -1 &&
|
||||||
( helpFile.substring(index + 1).trim().toLowerCase().equals("netstat -a") ||
|
( helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("netstat -a") ||
|
||||||
helpFile.substring(index + 1).trim().toLowerCase().equals("dir") ||
|
helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("dir") ||
|
||||||
helpFile.substring(index + 1).trim().toLowerCase().equals("ls") ||
|
helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ls") ||
|
||||||
helpFile.substring(index + 1).trim().toLowerCase().equals("ifconfig") ||
|
helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ifconfig") ||
|
||||||
helpFile.substring(index + 1).trim().toLowerCase().equals("ipconfig") )) ||
|
helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ipconfig") )) ||
|
||||||
(helpFile.substring(index + 1).trim().toLowerCase().equals("netstat -a #") ||
|
(helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("netstat -a #") ||
|
||||||
helpFile.substring(index + 1).trim().toLowerCase().equals("dir #") ||
|
helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("dir #") ||
|
||||||
helpFile.substring(index + 1).trim().toLowerCase().equals("ls #") ||
|
helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ls #") ||
|
||||||
helpFile.substring(index + 1).trim().toLowerCase().equals("ls -l #") ||
|
helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ls -l #") ||
|
||||||
helpFile.substring(index + 1).trim().toLowerCase().equals("ifconfig #") ||
|
helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ifconfig #") ||
|
||||||
helpFile.substring(index + 1).trim().toLowerCase().equals("ipconfig #") ))
|
helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ipconfig #") ))
|
||||||
{
|
{
|
||||||
illegalCommand = false;
|
illegalCommand = false;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -140,7 +140,7 @@ public class CrossSiteScripting extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
|
|
||||||
// Stage 1
|
// Stage 1
|
||||||
hints.add( "You can put HTML tags in form input fields." );
|
hints.add( "You can put HTML tags in form input fields." );
|
||||||
|
|||||||
@ -3,7 +3,6 @@ package org.owasp.webgoat.lessons.CrossSiteScripting;
|
|||||||
import java.sql.ResultSet;
|
import java.sql.ResultSet;
|
||||||
import java.sql.SQLException;
|
import java.sql.SQLException;
|
||||||
import java.sql.Statement;
|
import java.sql.Statement;
|
||||||
import java.sql.PreparedStatement;
|
|
||||||
import java.util.regex.Matcher;
|
import java.util.regex.Matcher;
|
||||||
import java.util.regex.Pattern;
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
|
|||||||
@ -552,14 +552,10 @@ public class Encoding extends LessonAdapter
|
|||||||
public List getHints()
|
public List getHints()
|
||||||
{
|
{
|
||||||
|
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
|
|
||||||
hints.add( "Enter a string and press 'go'" );
|
hints.add( "Enter a string and press 'go'" );
|
||||||
|
|
||||||
hints.add( "Enter 'abc' and notice the rot13 encoding is 'nop' ( increase each letter by 13 characters )." );
|
hints.add( "Enter 'abc' and notice the rot13 encoding is 'nop' ( increase each letter by 13 characters )." );
|
||||||
|
|
||||||
hints.add( "Enter 'a c' and notice the url encoding is 'a+c' ( ' ' is converted to '+' )." );
|
hints.add( "Enter 'a c' and notice the url encoding is 'a+c' ( ' ' is converted to '+' )." );
|
||||||
|
|
||||||
return hints;
|
return hints;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -573,7 +569,6 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public String getInstructions(WebSession s)
|
public String getInstructions(WebSession s)
|
||||||
{
|
{
|
||||||
|
|
||||||
return "This lesson will familiarize the user with different encoding schemes. ";
|
return "This lesson will familiarize the user with different encoding schemes. ";
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -596,7 +591,6 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public String getTitle()
|
public String getTitle()
|
||||||
{
|
{
|
||||||
|
|
||||||
return ( "Encoding Basics" );
|
return ( "Encoding Basics" );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -613,27 +607,18 @@ public class Encoding extends LessonAdapter
|
|||||||
{
|
{
|
||||||
|
|
||||||
byte[] b = str.getBytes();
|
byte[] b = str.getBytes();
|
||||||
|
|
||||||
MessageDigest md = null;
|
MessageDigest md = null;
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
|
||||||
md = MessageDigest.getInstance( "MD5" );
|
md = MessageDigest.getInstance( "MD5" );
|
||||||
|
|
||||||
md.update( b );
|
md.update( b );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
catch ( NoSuchAlgorithmException e )
|
catch ( NoSuchAlgorithmException e )
|
||||||
{
|
{
|
||||||
|
|
||||||
// it's got to be there
|
// it's got to be there
|
||||||
|
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return ( base64Encode( md.digest() ) );
|
return ( base64Encode( md.digest() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -648,29 +633,18 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public static String hashSHA( String str )
|
public static String hashSHA( String str )
|
||||||
{
|
{
|
||||||
|
|
||||||
byte[] b = str.getBytes();
|
byte[] b = str.getBytes();
|
||||||
|
|
||||||
MessageDigest md = null;
|
MessageDigest md = null;
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
|
||||||
md = MessageDigest.getInstance( "SHA-256" );
|
md = MessageDigest.getInstance( "SHA-256" );
|
||||||
|
|
||||||
md.update( b );
|
md.update( b );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
catch ( NoSuchAlgorithmException e )
|
catch ( NoSuchAlgorithmException e )
|
||||||
{
|
{
|
||||||
|
|
||||||
// it's got to be there
|
// it's got to be there
|
||||||
|
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return ( base64Encode( md.digest() ) );
|
return ( base64Encode( md.digest() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -685,40 +659,26 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public static String hexDecode( String hexString )
|
public static String hexDecode( String hexString )
|
||||||
{
|
{
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
|
||||||
if ( ( hexString.length() % 3 ) != 0 )
|
if ( ( hexString.length() % 3 ) != 0 )
|
||||||
{
|
{
|
||||||
|
|
||||||
return ( "String not comprised of Hex digit pairs." );
|
return ( "String not comprised of Hex digit pairs." );
|
||||||
}
|
}
|
||||||
|
|
||||||
char[] chars = new char[hexString.length()];
|
char[] chars = new char[hexString.length()];
|
||||||
|
|
||||||
char[] convChars = new char[hexString.length() / 3];
|
char[] convChars = new char[hexString.length() / 3];
|
||||||
|
|
||||||
hexString.getChars( 0, hexString.length(), chars, 0 );
|
hexString.getChars( 0, hexString.length(), chars, 0 );
|
||||||
|
|
||||||
for ( int i = 1; i < hexString.length(); i += 3 )
|
for ( int i = 1; i < hexString.length(); i += 3 )
|
||||||
{
|
{
|
||||||
|
|
||||||
String hexToken = new String( chars, i, 2 );
|
String hexToken = new String( chars, i, 2 );
|
||||||
|
|
||||||
convChars[i / 3] = (char) Integer.parseInt( hexToken, 16 );
|
convChars[i / 3] = (char) Integer.parseInt( hexToken, 16 );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return new String( convChars );
|
return new String( convChars );
|
||||||
}
|
}
|
||||||
|
|
||||||
catch ( NumberFormatException nfe )
|
catch ( NumberFormatException nfe )
|
||||||
{
|
{
|
||||||
|
|
||||||
return ( "String not comprised of Hex digits" );
|
return ( "String not comprised of Hex digits" );
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -732,22 +692,14 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public static String hexEncode( String asciiString )
|
public static String hexEncode( String asciiString )
|
||||||
{
|
{
|
||||||
|
|
||||||
char[] ascii = new char[asciiString.length()];
|
char[] ascii = new char[asciiString.length()];
|
||||||
|
|
||||||
asciiString.getChars( 0, asciiString.length(), ascii, 0 );
|
asciiString.getChars( 0, asciiString.length(), ascii, 0 );
|
||||||
|
|
||||||
StringBuffer hexBuff = new StringBuffer();
|
StringBuffer hexBuff = new StringBuffer();
|
||||||
|
|
||||||
for ( int i = 0; i < asciiString.length(); i++ )
|
for ( int i = 0; i < asciiString.length(); i++ )
|
||||||
{
|
{
|
||||||
|
|
||||||
hexBuff.append( "%" );
|
hexBuff.append( "%" );
|
||||||
|
|
||||||
hexBuff.append( Integer.toHexString( ascii[i] ) );
|
hexBuff.append( Integer.toHexString( ascii[i] ) );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return hexBuff.toString().toUpperCase();
|
return hexBuff.toString().toUpperCase();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -761,73 +713,40 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public static void main( String[] args )
|
public static void main( String[] args )
|
||||||
{
|
{
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
|
||||||
String userInput = args[0];
|
String userInput = args[0];
|
||||||
|
|
||||||
String userKey = args[1];
|
String userKey = args[1];
|
||||||
|
|
||||||
System.out.println( "Working with: " + userInput );
|
System.out.println( "Working with: " + userInput );
|
||||||
|
|
||||||
System.out.print( "Base64 encoding: " );
|
System.out.print( "Base64 encoding: " );
|
||||||
|
|
||||||
System.out.println( base64Encode( userInput ) + " : " + base64Decode( userInput ) );
|
System.out.println( base64Encode( userInput ) + " : " + base64Decode( userInput ) );
|
||||||
|
|
||||||
System.out.print( "Entity encoding: " );
|
System.out.print( "Entity encoding: " );
|
||||||
|
|
||||||
System.out.println( HtmlEncoder.encode( userInput ) + " : " + HtmlEncoder.decode( userInput ) );
|
System.out.println( HtmlEncoder.encode( userInput ) + " : " + HtmlEncoder.decode( userInput ) );
|
||||||
|
|
||||||
System.out.print( "Password based encryption (PBE): " );
|
System.out.print( "Password based encryption (PBE): " );
|
||||||
|
|
||||||
System.out.println( encryptString( userInput, userKey ) + " : " + decryptString( userInput, userKey ) );
|
System.out.println( encryptString( userInput, userKey ) + " : " + decryptString( userInput, userKey ) );
|
||||||
|
|
||||||
System.out.print( "MD5 hash: " );
|
System.out.print( "MD5 hash: " );
|
||||||
|
|
||||||
System.out.println( hashMD5( userInput ) + " : " + "Cannot reverse a hash" );
|
System.out.println( hashMD5( userInput ) + " : " + "Cannot reverse a hash" );
|
||||||
|
|
||||||
System.out.print( "SHA-256 hash: " );
|
System.out.print( "SHA-256 hash: " );
|
||||||
|
|
||||||
System.out.println( hashSHA( userInput ) + " : " + "Cannot reverse a hash" );
|
System.out.println( hashSHA( userInput ) + " : " + "Cannot reverse a hash" );
|
||||||
|
|
||||||
System.out.print( "Unicode encoding: " );
|
System.out.print( "Unicode encoding: " );
|
||||||
|
|
||||||
System.out.println( "Not Implemented" + " : " + "Not Implemented" );
|
System.out.println( "Not Implemented" + " : " + "Not Implemented" );
|
||||||
|
|
||||||
System.out.print( "URL encoding: " );
|
System.out.print( "URL encoding: " );
|
||||||
|
|
||||||
System.out.println( urlEncode( userInput ) + " : " + urlDecode( userInput ) );
|
System.out.println( urlEncode( userInput ) + " : " + urlDecode( userInput ) );
|
||||||
|
|
||||||
System.out.print( "Hex encoding: " );
|
System.out.print( "Hex encoding: " );
|
||||||
|
|
||||||
System.out.println( hexEncode( userInput ) + " : " + hexDecode( userInput ) );
|
System.out.println( hexEncode( userInput ) + " : " + hexDecode( userInput ) );
|
||||||
|
|
||||||
System.out.print( "Rot13 encoding: " );
|
System.out.print( "Rot13 encoding: " );
|
||||||
|
|
||||||
System.out.println( rot13( userInput ) + " : " + rot13( userInput ) );
|
System.out.println( rot13( userInput ) + " : " + rot13( userInput ) );
|
||||||
|
|
||||||
System.out.print( "XOR with password: " );
|
System.out.print( "XOR with password: " );
|
||||||
|
|
||||||
System.out.println( xorEncode( userInput, userKey ) + " : " + xorDecode( userInput, userKey ) );
|
System.out.println( xorEncode( userInput, userKey ) + " : " + xorDecode( userInput, userKey ) );
|
||||||
|
|
||||||
System.out.print( "Double unicode encoding is..." );
|
System.out.print( "Double unicode encoding is..." );
|
||||||
|
|
||||||
System.out.println( "Not Implemented" + " : " + "Not Implemented" );
|
System.out.println( "Not Implemented" + " : " + "Not Implemented" );
|
||||||
|
|
||||||
System.out.print( "Double URL encoding: " );
|
System.out.print( "Double URL encoding: " );
|
||||||
|
|
||||||
System.out.println( urlEncode( urlEncode( userInput ) ) + " : " + urlDecode( urlDecode( userInput ) ) );
|
System.out.println( urlEncode( urlEncode( userInput ) ) + " : " + urlDecode( urlDecode( userInput ) ) );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
catch ( Exception e )
|
catch ( Exception e )
|
||||||
{
|
{
|
||||||
|
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -868,31 +787,20 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
private TR makeTitleRow( String description, String value1, String value2 )
|
private TR makeTitleRow( String description, String value1, String value2 )
|
||||||
{
|
{
|
||||||
|
|
||||||
TD desc = new TD().addElement( new B().addElement( description ) );
|
TD desc = new TD().addElement( new B().addElement( description ) );
|
||||||
|
|
||||||
TD val1 = new TD().addElement( new B().addElement( value1 ) );
|
TD val1 = new TD().addElement( new B().addElement( value1 ) );
|
||||||
TD val2 = new TD().addElement( new B().addElement( value2 ) );
|
TD val2 = new TD().addElement( new B().addElement( value2 ) );
|
||||||
|
|
||||||
desc.setAlign( "center" );
|
desc.setAlign( "center" );
|
||||||
|
|
||||||
val1.setAlign( "center" );
|
val1.setAlign( "center" );
|
||||||
|
|
||||||
val2.setAlign( "center" );
|
val2.setAlign( "center" );
|
||||||
|
|
||||||
TR tr = new TR();
|
TR tr = new TR();
|
||||||
|
|
||||||
tr.addElement( desc );
|
tr.addElement( desc );
|
||||||
|
|
||||||
tr.addElement( val1 );
|
tr.addElement( val1 );
|
||||||
|
|
||||||
tr.addElement( val2 );
|
tr.addElement( val2 );
|
||||||
|
|
||||||
return ( tr );
|
return ( tr );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Description of the Method
|
* Description of the Method
|
||||||
*
|
*
|
||||||
@ -902,56 +810,35 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public static synchronized String rot13( String input )
|
public static synchronized String rot13( String input )
|
||||||
{
|
{
|
||||||
|
|
||||||
StringBuffer output = new StringBuffer();
|
StringBuffer output = new StringBuffer();
|
||||||
|
|
||||||
if ( input != null )
|
if ( input != null )
|
||||||
{
|
{
|
||||||
|
|
||||||
for ( int i = 0; i < input.length(); i++ )
|
for ( int i = 0; i < input.length(); i++ )
|
||||||
{
|
{
|
||||||
|
|
||||||
char inChar = input.charAt( i );
|
char inChar = input.charAt( i );
|
||||||
|
|
||||||
if ( ( inChar >= 'A' ) & ( inChar <= 'Z' ) )
|
if ( ( inChar >= 'A' ) & ( inChar <= 'Z' ) )
|
||||||
{
|
{
|
||||||
|
|
||||||
inChar += 13;
|
inChar += 13;
|
||||||
|
|
||||||
if ( inChar > 'Z' )
|
if ( inChar > 'Z' )
|
||||||
{
|
{
|
||||||
|
|
||||||
inChar -= 26;
|
inChar -= 26;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ( inChar >= 'a' ) & ( inChar <= 'z' ) )
|
if ( ( inChar >= 'a' ) & ( inChar <= 'z' ) )
|
||||||
{
|
{
|
||||||
|
|
||||||
inChar += 13;
|
inChar += 13;
|
||||||
|
|
||||||
if ( inChar > 'z' )
|
if ( inChar > 'z' )
|
||||||
{
|
{
|
||||||
|
|
||||||
inChar -= 26;
|
inChar -= 26;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
output.append( inChar );
|
output.append( inChar );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return output.toString();
|
return output.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Description of the Method
|
* Description of the Method
|
||||||
*
|
*
|
||||||
@ -961,31 +848,21 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public static String unicodeDecode( String str )
|
public static String unicodeDecode( String str )
|
||||||
{
|
{
|
||||||
|
|
||||||
// FIXME: TOTALLY EXPERIMENTAL
|
// FIXME: TOTALLY EXPERIMENTAL
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
|
||||||
ByteBuffer bbuf = ByteBuffer.allocate( str.length() );
|
ByteBuffer bbuf = ByteBuffer.allocate( str.length() );
|
||||||
|
|
||||||
bbuf.put( str.getBytes() );
|
bbuf.put( str.getBytes() );
|
||||||
|
|
||||||
Charset charset = Charset.forName( "ISO-8859-1" );
|
Charset charset = Charset.forName( "ISO-8859-1" );
|
||||||
|
|
||||||
CharsetDecoder decoder = charset.newDecoder();
|
CharsetDecoder decoder = charset.newDecoder();
|
||||||
|
|
||||||
CharBuffer cbuf = decoder.decode( bbuf );
|
CharBuffer cbuf = decoder.decode( bbuf );
|
||||||
|
|
||||||
return ( cbuf.toString() );
|
return ( cbuf.toString() );
|
||||||
}
|
}
|
||||||
|
|
||||||
catch ( Exception e )
|
catch ( Exception e )
|
||||||
{
|
{
|
||||||
|
|
||||||
return ( "Encoding problem" );
|
return ( "Encoding problem" );
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -999,27 +876,18 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public static String unicodeEncode( String str )
|
public static String unicodeEncode( String str )
|
||||||
{
|
{
|
||||||
|
|
||||||
// FIXME: TOTALLY EXPERIMENTAL
|
// FIXME: TOTALLY EXPERIMENTAL
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
|
||||||
Charset charset = Charset.forName( "ISO-8859-1" );
|
Charset charset = Charset.forName( "ISO-8859-1" );
|
||||||
|
|
||||||
CharsetEncoder encoder = charset.newEncoder();
|
CharsetEncoder encoder = charset.newEncoder();
|
||||||
|
|
||||||
ByteBuffer bbuf = encoder.encode( CharBuffer.wrap( str ) );
|
ByteBuffer bbuf = encoder.encode( CharBuffer.wrap( str ) );
|
||||||
|
|
||||||
return ( new String( bbuf.array() ) );
|
return ( new String( bbuf.array() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
catch ( Exception e )
|
catch ( Exception e )
|
||||||
{
|
{
|
||||||
|
|
||||||
return ( "Encoding problem" );
|
return ( "Encoding problem" );
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1033,19 +901,14 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public static String urlDecode( String str )
|
public static String urlDecode( String str )
|
||||||
{
|
{
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
|
||||||
return ( URLDecoder.decode( str, "UTF-8" ) );
|
return ( URLDecoder.decode( str, "UTF-8" ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
catch ( Exception e )
|
catch ( Exception e )
|
||||||
{
|
{
|
||||||
|
|
||||||
return ( "Decoding error" );
|
return ( "Decoding error" );
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1059,19 +922,14 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public static String urlEncode( String str )
|
public static String urlEncode( String str )
|
||||||
{
|
{
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
|
||||||
return ( URLEncoder.encode( str, "UTF-8" ) );
|
return ( URLEncoder.encode( str, "UTF-8" ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
catch ( Exception e )
|
catch ( Exception e )
|
||||||
{
|
{
|
||||||
|
|
||||||
return ( "Encoding error" );
|
return ( "Encoding error" );
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1086,38 +944,23 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public static synchronized char[] xor( String input, String userKey )
|
public static synchronized char[] xor( String input, String userKey )
|
||||||
{
|
{
|
||||||
|
|
||||||
if ( ( userKey == null ) || ( userKey.trim().length() == 0 ) )
|
if ( ( userKey == null ) || ( userKey.trim().length() == 0 ) )
|
||||||
{
|
{
|
||||||
|
|
||||||
userKey = "Goober";
|
userKey = "Goober";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
char[] xorChars = userKey.toCharArray();
|
char[] xorChars = userKey.toCharArray();
|
||||||
|
|
||||||
int keyLen = xorChars.length;
|
int keyLen = xorChars.length;
|
||||||
|
|
||||||
char[] inputChars = null;
|
char[] inputChars = null;
|
||||||
|
|
||||||
char[] outputChars = null;
|
char[] outputChars = null;
|
||||||
|
|
||||||
if ( input != null )
|
if ( input != null )
|
||||||
{
|
{
|
||||||
|
|
||||||
inputChars = input.toCharArray();
|
inputChars = input.toCharArray();
|
||||||
|
|
||||||
outputChars = new char[inputChars.length];
|
outputChars = new char[inputChars.length];
|
||||||
|
|
||||||
for ( int i = 0; i < inputChars.length; i++ )
|
for ( int i = 0; i < inputChars.length; i++ )
|
||||||
{
|
{
|
||||||
|
|
||||||
outputChars[i] = (char) ( inputChars[i] ^ xorChars[i % keyLen] );
|
outputChars[i] = (char) ( inputChars[i] ^ xorChars[i % keyLen] );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return outputChars;
|
return outputChars;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1133,21 +976,15 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public static synchronized String xorDecode( String input, String userKey )
|
public static synchronized String xorDecode( String input, String userKey )
|
||||||
{
|
{
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
|
||||||
String decoded = base64Decode( input );
|
String decoded = base64Decode( input );
|
||||||
|
|
||||||
return new String( xor( decoded, userKey ) );
|
return new String( xor( decoded, userKey ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
catch ( Exception e )
|
catch ( Exception e )
|
||||||
{
|
{
|
||||||
|
|
||||||
return "String not XOR encoded.";
|
return "String not XOR encoded.";
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1162,24 +999,15 @@ public class Encoding extends LessonAdapter
|
|||||||
|
|
||||||
public static synchronized String xorEncode( String input, String userKey )
|
public static synchronized String xorEncode( String input, String userKey )
|
||||||
{
|
{
|
||||||
|
|
||||||
return base64Encode( xor( input, userKey ) );
|
return base64Encode( xor( input, userKey ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
static
|
static
|
||||||
{
|
{
|
||||||
|
|
||||||
for ( int i = 0; i < entities.length; ++i )
|
for ( int i = 0; i < entities.length; ++i )
|
||||||
{
|
{
|
||||||
|
|
||||||
e2i.put( entities[i][0], entities[i][1] );
|
e2i.put( entities[i][0], entities[i][1] );
|
||||||
|
|
||||||
i2e.put( entities[i][1], entities[i][0] );
|
i2e.put( entities[i][1], entities[i][0] );
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -114,7 +114,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "You can force errors during the authentication process." );
|
hints.add( "You can force errors during the authentication process." );
|
||||||
hints.add( "You can change length, existance, or values of authentication parameters." );
|
hints.add( "You can change length, existance, or values of authentication parameters." );
|
||||||
hints.add( "Try removing a parameter ENTIRELY with <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>." );
|
hints.add( "Try removing a parameter ENTIRELY with <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>." );
|
||||||
|
|||||||
@ -63,7 +63,7 @@ public class ForcedBrowsing extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
public List getHints()
|
public List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "Try to guess the URL for the config page" );
|
hints.add( "Try to guess the URL for the config page" );
|
||||||
hints.add( "The config page is guessable and hackable" );
|
hints.add( "The config page is guessable and hackable" );
|
||||||
hints.add( "Play with the URL and try to guess what the can you replace 'attack' with." );
|
hints.add( "Play with the URL and try to guess what the can you replace 'attack' with." );
|
||||||
|
|||||||
@ -147,7 +147,7 @@ public class HiddenFieldTampering extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "This application is using hidden fields to transmit price information to the server." );
|
hints.add( "This application is using hidden fields to transmit price information to the server." );
|
||||||
hints.add( "Use a program to intercept and change the value in the hidden field." );
|
hints.add( "Use a program to intercept and change the value in the hidden field." );
|
||||||
hints.add( "Use <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A> to change the price of the TV from " +
|
hints.add( "Use <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A> to change the price of the TV from " +
|
||||||
|
|||||||
@ -163,7 +163,7 @@ public class HtmlClues extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "You can view the HTML source by selecting 'view source' in the browser menu." );
|
hints.add( "You can view the HTML source by selecting 'view source' in the browser menu." );
|
||||||
hints.add( "There are lots of clues in the HTML" );
|
hints.add( "There are lots of clues in the HTML" );
|
||||||
hints.add( "Search for the word HIDDEN, look at URLs, look for comments." );
|
hints.add( "Search for the word HIDDEN, look at URLs, look for comments." );
|
||||||
|
|||||||
@ -68,7 +68,7 @@ public class HttpBasics extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
public List getHints()
|
public List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "Type in your name and press 'go'" );
|
hints.add( "Type in your name and press 'go'" );
|
||||||
hints.add( "Turn on Show Parameters or other features" );
|
hints.add( "Turn on Show Parameters or other features" );
|
||||||
hints.add( "Press the Show Lesson Plan button to view a lesson summary" );
|
hints.add( "Press the Show Lesson Plan button to view a lesson summary" );
|
||||||
|
|||||||
@ -83,14 +83,14 @@ public class HttpSplitting extends LessonAdapter {
|
|||||||
return ( ec );
|
return ( ec );
|
||||||
}
|
}
|
||||||
|
|
||||||
public Category getCategory()
|
protected Category getDefaultCategory()
|
||||||
{
|
{
|
||||||
return LessonAdapter.GENERAL;
|
return AbstractLesson.GENERAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "Enter a language for the system to search by." );
|
hints.add( "Enter a language for the system to search by." );
|
||||||
hints.add( "Use CR (%0d) and LF (%0a) for a new line" );
|
hints.add( "Use CR (%0d) and LF (%0a) for a new line" );
|
||||||
hints.add( "The Content-Length: 0 will tell the server that the first request is over." );
|
hints.add( "The Content-Length: 0 will tell the server that the first request is over." );
|
||||||
|
|||||||
@ -7,7 +7,6 @@ import java.util.List;
|
|||||||
|
|
||||||
import org.apache.ecs.Element;
|
import org.apache.ecs.Element;
|
||||||
import org.apache.ecs.ElementContainer;
|
import org.apache.ecs.ElementContainer;
|
||||||
import org.apache.ecs.HtmlColor;
|
|
||||||
import org.apache.ecs.StringElement;
|
import org.apache.ecs.StringElement;
|
||||||
import org.apache.ecs.html.Center;
|
import org.apache.ecs.html.Center;
|
||||||
import org.apache.ecs.html.H3;
|
import org.apache.ecs.html.H3;
|
||||||
@ -17,7 +16,6 @@ import org.apache.ecs.html.PRE;
|
|||||||
import org.apache.ecs.html.TD;
|
import org.apache.ecs.html.TD;
|
||||||
import org.apache.ecs.html.TR;
|
import org.apache.ecs.html.TR;
|
||||||
import org.apache.ecs.html.Table;
|
import org.apache.ecs.html.Table;
|
||||||
|
|
||||||
import org.owasp.webgoat.session.WebSession;
|
import org.owasp.webgoat.session.WebSession;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -26,12 +24,12 @@ import org.owasp.webgoat.session.WebSession;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
public abstract class LessonAdapter extends AbstractLesson
|
public abstract class LessonAdapter extends AbstractLesson
|
||||||
{
|
{
|
||||||
final static IMG ASPECT_LOGO = new IMG( "images/logos/aspect.jpg" ).setAlt( "Aspect Security" ).setBorder( 0 ).setHspace( 0 ).setVspace( 0 );
|
final static IMG WEBGOAT_LOGO = new IMG( "images/logos/WebGoat.jpg" ).setAlt( "WebGoat Logo" ).setBorder( 0 ).setHspace( 0 ).setVspace( 0 );
|
||||||
/**
|
/**
|
||||||
* Description of the Method
|
* Description of the Method
|
||||||
*
|
*
|
||||||
@ -199,7 +197,7 @@ public abstract class LessonAdapter extends AbstractLesson
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "There are no hints defined." );
|
hints.add( "There are no hints defined." );
|
||||||
|
|
||||||
return hints;
|
return hints;
|
||||||
@ -217,7 +215,14 @@ public abstract class LessonAdapter extends AbstractLesson
|
|||||||
*/
|
*/
|
||||||
public Element getCredits()
|
public Element getCredits()
|
||||||
{
|
{
|
||||||
return getCustomCredits("Sponsored by ", ASPECT_LOGO);
|
if (getClass().getResource("images/logos/WebGoat.jpg") != null )
|
||||||
|
{
|
||||||
|
return getCustomCredits("Presented by ", WEBGOAT_LOGO);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return new StringElement();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -316,8 +321,6 @@ public abstract class LessonAdapter extends AbstractLesson
|
|||||||
*/
|
*/
|
||||||
protected Element getCustomCredits(String text, IMG logo)
|
protected Element getCustomCredits(String text, IMG logo)
|
||||||
{
|
{
|
||||||
ElementContainer ec = new ElementContainer();
|
|
||||||
|
|
||||||
Table t = new Table().setCellSpacing( 0 ).setCellPadding( 0 ).setBorder( 0 ).setWidth("90%").setAlign("RIGHT");
|
Table t = new Table().setCellSpacing( 0 ).setCellPadding( 0 ).setBorder( 0 ).setWidth("90%").setAlign("RIGHT");
|
||||||
TR tr = new TR();
|
TR tr = new TR();
|
||||||
tr.addElement( new TD(text).setVAlign("MIDDLE").setAlign("RIGHT").setWidth("100%"));
|
tr.addElement( new TD(text).setVAlign("MIDDLE").setAlign("RIGHT").setWidth("100%"));
|
||||||
|
|||||||
@ -1,22 +1,21 @@
|
|||||||
package org.owasp.webgoat.lessons;
|
package org.owasp.webgoat.lessons;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.List;
|
|
||||||
import java.io.UnsupportedEncodingException;
|
import java.io.UnsupportedEncodingException;
|
||||||
import java.net.URLDecoder;
|
import java.net.URLDecoder;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
import org.apache.ecs.Element;
|
import org.apache.ecs.Element;
|
||||||
import org.apache.ecs.StringElement;
|
|
||||||
import org.owasp.webgoat.session.ECSFactory;
|
|
||||||
import org.owasp.webgoat.session.WebSession;
|
|
||||||
|
|
||||||
import org.apache.ecs.ElementContainer;
|
import org.apache.ecs.ElementContainer;
|
||||||
|
import org.apache.ecs.HtmlColor;
|
||||||
|
import org.apache.ecs.StringElement;
|
||||||
import org.apache.ecs.html.Input;
|
import org.apache.ecs.html.Input;
|
||||||
|
import org.apache.ecs.html.PRE;
|
||||||
import org.apache.ecs.html.TD;
|
import org.apache.ecs.html.TD;
|
||||||
import org.apache.ecs.html.TR;
|
import org.apache.ecs.html.TR;
|
||||||
import org.apache.ecs.html.Table;
|
import org.apache.ecs.html.Table;
|
||||||
import org.apache.ecs.html.PRE;
|
import org.owasp.webgoat.session.ECSFactory;
|
||||||
import org.apache.ecs.HtmlColor;
|
import org.owasp.webgoat.session.WebSession;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
|
* Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
|
||||||
@ -102,7 +101,7 @@ public class LogSpoofing extends LessonAdapter {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected List getHints() {
|
protected List getHints() {
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "Try to fool the humane eye by using new lines." );
|
hints.add( "Try to fool the humane eye by using new lines." );
|
||||||
hints.add( "Use CR (%0d) and LF (%0a) for a new line." );
|
hints.add( "Use CR (%0d) and LF (%0a) for a new line." );
|
||||||
hints.add( "Try: fooledYa%0d%0aLogin Succeeded for username: admin" );
|
hints.add( "Try: fooledYa%0d%0aLogin Succeeded for username: admin" );
|
||||||
@ -116,8 +115,8 @@ public class LogSpoofing extends LessonAdapter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Category getCategory() {
|
protected Category getDefaultCategory() {
|
||||||
return super.A6;
|
return AbstractLesson.A6;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -11,7 +11,7 @@ import org.owasp.webgoat.session.WebSession;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
public class ParameterInjection extends LessonAdapter
|
public class ParameterInjection extends LessonAdapter
|
||||||
|
|||||||
@ -24,7 +24,7 @@ import org.owasp.webgoat.session.WebSession;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
public class PathBasedAccessControl extends LessonAdapter
|
public class PathBasedAccessControl extends LessonAdapter
|
||||||
|
|||||||
@ -27,7 +27,7 @@ import org.owasp.webgoat.util.HtmlEncoder;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -188,7 +188,7 @@ public class ReflectedXSS extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "A simple script is <SCRIPT>alert('bang!');</SCRIPT>." );
|
hints.add( "A simple script is <SCRIPT>alert('bang!');</SCRIPT>." );
|
||||||
hints.add( "Can you get the script to disclose the JSESSIONID cookie?" );
|
hints.add( "Can you get the script to disclose the JSESSIONID cookie?" );
|
||||||
hints.add( "You can use <SCRIPT>alert(document.cookie);</SCRIPT> to access the session id cookie" );
|
hints.add( "You can use <SCRIPT>alert(document.cookie);</SCRIPT> to access the session id cookie" );
|
||||||
|
|||||||
@ -13,7 +13,7 @@ import org.owasp.webgoat.session.WebSession;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
public class RemoteAdminFlaw extends LessonAdapter
|
public class RemoteAdminFlaw extends LessonAdapter
|
||||||
@ -61,7 +61,7 @@ public class RemoteAdminFlaw extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
public List getHints()
|
public List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "WebGoat has 2 admin interfaces." );
|
hints.add( "WebGoat has 2 admin interfaces." );
|
||||||
hints.add( "WebGoat has one admin interface that is controlled via a URL parameter and is 'hackable'" );
|
hints.add( "WebGoat has one admin interface that is controlled via a URL parameter and is 'hackable'" );
|
||||||
hints.add( "WebGoat has one admin interface that is controlled via server side security constraints and should not be 'hackable'" );
|
hints.add( "WebGoat has one admin interface that is controlled via server side security constraints and should not be 'hackable'" );
|
||||||
|
|||||||
@ -135,7 +135,7 @@ public class RoleBasedAccessControl extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "Many sites attempt to restrict access to resources by role." );
|
hints.add( "Many sites attempt to restrict access to resources by role." );
|
||||||
hints.add( "Developers frequently make mistakes implementing this scheme." );
|
hints.add( "Developers frequently make mistakes implementing this scheme." );
|
||||||
hints.add( "Attempt combinations of users, roles, and resources." );
|
hints.add( "Attempt combinations of users, roles, and resources." );
|
||||||
|
|||||||
@ -144,7 +144,7 @@ public class SQLInjection extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "The application is taking your input and inserting it at the end of a pre-formed SQL command." );
|
hints.add( "The application is taking your input and inserting it at the end of a pre-formed SQL command." );
|
||||||
hints.add( "This is the code for the query being built and issued by WebGoat:<br><br> " +
|
hints.add( "This is the code for the query being built and issued by WebGoat:<br><br> " +
|
||||||
"\"SELECT * FROM employee WHERE userid = \" + userId + \" and password = \" + password" );
|
"\"SELECT * FROM employee WHERE userid = \" + userId + \" and password = \" + password" );
|
||||||
|
|||||||
@ -30,7 +30,7 @@ import org.owasp.webgoat.session.WebSession;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
public class SqlNumericInjection extends LessonAdapter
|
public class SqlNumericInjection extends LessonAdapter
|
||||||
|
|||||||
@ -26,7 +26,7 @@ import org.owasp.webgoat.session.WebSession;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
public class SqlStringInjection extends LessonAdapter
|
public class SqlStringInjection extends LessonAdapter
|
||||||
|
|||||||
@ -123,7 +123,7 @@ public class StoredXss extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "You can put HTML tags in your message." );
|
hints.add( "You can put HTML tags in your message." );
|
||||||
hints.add( "Bury a SCRIPT tag in the message to attack anyone who reads it." );
|
hints.add( "Bury a SCRIPT tag in the message to attack anyone who reads it." );
|
||||||
hints.add( "Enter this: <script language=\"javascript\" type=\"text/javascript\">alert(\"Ha Ha Ha\");</script> in the message field." );
|
hints.add( "Enter this: <script language=\"javascript\" type=\"text/javascript\">alert(\"Ha Ha Ha\");</script> in the message field." );
|
||||||
|
|||||||
@ -104,7 +104,7 @@ public class ThreadSafetyProblem extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "Web applications handle many HTTP requests at the same time." );
|
hints.add( "Web applications handle many HTTP requests at the same time." );
|
||||||
hints.add( "Developers use variables that are not thread safe." );
|
hints.add( "Developers use variables that are not thread safe." );
|
||||||
hints.add( "Show the Java source code and trace the 'currentUser' variable" );
|
hints.add( "Show the Java source code and trace the 'currentUser' variable" );
|
||||||
|
|||||||
@ -26,7 +26,7 @@ import org.owasp.webgoat.util.HtmlEncoder;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|||||||
@ -31,7 +31,7 @@ import org.owasp.webgoat.session.WebSession;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -179,7 +179,7 @@ public class UncheckedEmail extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "Try sending an anonymous message to yourself." );
|
hints.add( "Try sending an anonymous message to yourself." );
|
||||||
hints.add( "Try inserting some html or javascript code in the message field" );
|
hints.add( "Try inserting some html or javascript code in the message field" );
|
||||||
hints.add( "Look at the hidden fields in the HTML.");
|
hints.add( "Look at the hidden fields in the HTML.");
|
||||||
|
|||||||
@ -232,7 +232,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
|
|||||||
*/
|
*/
|
||||||
protected List getHints()
|
protected List getHints()
|
||||||
{
|
{
|
||||||
List hints = new ArrayList();
|
List<String> hints = new ArrayList<String>();
|
||||||
hints.add( "The server skips authentication if you send the right cookie." );
|
hints.add( "The server skips authentication if you send the right cookie." );
|
||||||
hints.add( "Is the AuthCookie value guessable knowing the username and password?" );
|
hints.add( "Is the AuthCookie value guessable knowing the username and password?" );
|
||||||
hints.add( "Add 'AuthCookie=********;' to the Cookie: header using <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>." );
|
hints.add( "Add 'AuthCookie=********;' to the Cookie: header using <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>." );
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import org.owasp.webgoat.lessons.Category;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 28, 2003
|
* @created October 28, 2003
|
||||||
*/
|
*/
|
||||||
public class Course
|
public class Course
|
||||||
@ -223,7 +223,7 @@ public class Course
|
|||||||
*/
|
*/
|
||||||
public List getCategories()
|
public List getCategories()
|
||||||
{
|
{
|
||||||
List categories = new ArrayList();
|
List<Category> categories = new ArrayList<Category>();
|
||||||
Iterator iter = lessons.iterator();
|
Iterator iter = lessons.iterator();
|
||||||
|
|
||||||
while ( iter.hasNext() )
|
while ( iter.hasNext() )
|
||||||
@ -333,7 +333,7 @@ public class Course
|
|||||||
*/
|
*/
|
||||||
private List getLessons( Category category, List roles )
|
private List getLessons( Category category, List roles )
|
||||||
{
|
{
|
||||||
List lessonList = new ArrayList();
|
List<AbstractLesson> lessonList = new ArrayList<AbstractLesson>();
|
||||||
|
|
||||||
Iterator iter = lessons.iterator();
|
Iterator iter = lessons.iterator();
|
||||||
while ( iter.hasNext() )
|
while ( iter.hasNext() )
|
||||||
|
|||||||
@ -1,16 +1,15 @@
|
|||||||
package org.owasp.webgoat.session;
|
package org.owasp.webgoat.session;
|
||||||
|
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.io.FileOutputStream;
|
|
||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
import java.io.IOException;
|
import java.io.FileOutputStream;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Description of the Class
|
* Description of the Class
|
||||||
*
|
*
|
||||||
* @author Bruce Mayhew
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 29, 2003
|
* @created October 29, 2003
|
||||||
*/
|
*/
|
||||||
public class LessonTracker
|
public class LessonTracker
|
||||||
|
|||||||
@ -15,7 +15,7 @@ import org.apache.catalina.users.MemoryUserDatabase;
|
|||||||
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
|
||||||
* this software.
|
* this software.
|
||||||
*
|
*
|
||||||
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
|
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||||
* @created October 29, 2003
|
* @created October 29, 2003
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|||||||
@ -337,7 +337,7 @@ public class WebSession
|
|||||||
|
|
||||||
public List getRoles()
|
public List getRoles()
|
||||||
{
|
{
|
||||||
List roles = new ArrayList();
|
List<String> roles = new ArrayList<String>();
|
||||||
|
|
||||||
roles.add(AbstractLesson.USER_ROLE);
|
roles.add(AbstractLesson.USER_ROLE);
|
||||||
if (isAdmin())
|
if (isAdmin())
|
||||||
@ -440,7 +440,7 @@ public class WebSession
|
|||||||
|
|
||||||
public String getRestartLink()
|
public String getRestartLink()
|
||||||
{
|
{
|
||||||
List parameters = new ArrayList();
|
List<String> parameters = new ArrayList<String>();
|
||||||
|
|
||||||
String screenValue = request.getParameter(SCREEN);
|
String screenValue = request.getParameter(SCREEN);
|
||||||
if (screenValue != null)
|
if (screenValue != null)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user