General cleanup of warnings, fixed a few method scope issues and incorrect use of static references to categories

git-svn-id: http://webgoat.googlecode.com/svn/trunk@30 4033779f-a91e-0410-96ef-6bf7bf53c507
2006-11-03 23:55:08 +00:00 · 2006-11-03 23:55:08 +00:00 · e5b3b00b0f
commit e5b3b00b0f
parent fae3c3f047
38 changed files with 94 additions and 265 deletions
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/LessonSource.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/LessonSource.java
@ -19,7 +19,7 @@ import org.owasp.webgoat.session.WebSession;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
 public class LessonSource extends HammerHead
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java
@ -44,7 +44,7 @@ import org.owasp.webgoat.session.WebgoatProperties;
 * published by OWASP under the GPL. You should read and accept the LICENSE before you use, modify
 * and/or redistribute this software.
 * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created October 28, 2003
 */
 public abstract class AbstractLesson extends Screen implements Comparable
@ -139,7 +139,7 @@ public abstract class AbstractLesson extends Screen implements Comparable
 	final static IMG previousGrey = new IMG( "images/left14.gif" ).setAlt( "Previous" ).setBorder( 0 ).setHspace( 0 )
 			.setVspace( 0 );
-	private static Vector categories = new Vector();
+	private static Vector<Category> categories = new Vector<Category>();
 	private Integer ranking;
 	private Category category;
 	private boolean hidden;
@ -275,7 +275,7 @@ public abstract class AbstractLesson extends Screen implements Comparable
 	protected abstract boolean getDefaultHidden();
-	public void setCategory(String categoryName)
+	public void setCategory_DELETE_ME(String categoryName)
 	{
 		if (categoryName != null)
 		{
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java
@ -103,7 +103,7 @@ public class AccessControlMatrix extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Many sites attempt to restrict access to resources by role." );
 		hints.add( "Developers frequently make mistakes implementing this scheme." );
 		hints.add( "Attempt combinations of users, roles, and resources." );
@ -126,7 +126,7 @@ public class AccessControlMatrix extends LessonAdapter
 	private List getResources( List rl )
 	{
 		// return the resources allowed for these roles
-		ArrayList list = new ArrayList();
+		ArrayList<String> list = new ArrayList<String>();
 		if ( rl.contains( roles[0] ) )
 		{
@ -165,7 +165,7 @@ public class AccessControlMatrix extends LessonAdapter
 	private List getRoles( String user )
 	{
-		ArrayList list = new ArrayList();
+		ArrayList<String> list = new ArrayList<String>();
 		if ( user.equals( users[0] ) )
 		{
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java
@ -21,7 +21,7 @@ import org.owasp.webgoat.session.WebSession;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
 public class BasicAuthentication extends LessonAdapter
@ -37,12 +37,6 @@ public class BasicAuthentication extends LessonAdapter
 	private final static String HEADER_NAME =  "header";
 	private final static String HEADER_VALUE = "value";
 	/**
 	 * Save the session so it can be used in a staged lesson
 	 */
 	private WebSession session = null;
 	/**
 	 *  Description of the Method
 	 *
@ -51,7 +45,6 @@ public class BasicAuthentication extends LessonAdapter
 	 */
 	protected Element createContent( WebSession s )
 	{
 		session = s;
 		return super.createStagedContent(s);
 	}
@ -218,7 +211,7 @@ public class BasicAuthentication extends LessonAdapter
 	 */
 	public List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 //		int stage = getLessonTracker(session, BASIC).getStage();
 //		switch ( stage )
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java
@ -108,7 +108,7 @@ public class BlindSqlInjection extends LessonAdapter
 	 *
 	 * @return    The category value
 	 */
-	public Category getCategory()
+	protected Category getDefaultCategory()
 	{
 		return AbstractLesson.A6;
 	}
@ -151,7 +151,7 @@ public class BlindSqlInjection extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		if (runningOnWindows()) {
 			hints.add( "Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. " +
 					"Create a SQL statement that you can use as a true/false test and then " +
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java
@ -14,7 +14,7 @@ import org.owasp.webgoat.session.WebSession;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
 public class BufferOverflow extends LessonAdapter
@ -52,7 +52,7 @@ public class BufferOverflow extends LessonAdapter
 	 */
 	public List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Lesson Hint 1" );
 		hints.add( "Lesson Hint 2" );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
@ -2,13 +2,10 @@ package org.owasp.webgoat.lessons;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Arrays;
 import org.apache.ecs.Element;
 import org.apache.ecs.ElementContainer;
 import org.apache.ecs.StringElement;
 import org.apache.ecs.html.B;
 import org.apache.ecs.html.H1;
 import org.apache.ecs.html.Input;
 import org.apache.ecs.html.P;
 import org.apache.ecs.html.TD;
@ -90,7 +87,7 @@ public class CSRF extends LessonAdapter {
 	@Override	
 	protected List getHints() {
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Enter some text and try to include an image in there." );
 		hints.add( "The format of an image in html is <pre>&lt;img src=\"[URL]\" width=\"1\" height=\"1\" /&gt;</pre>");		
 		hints.add( "In order to make the picture almost invisible try to add width=\"1\" and height=\"1\"." );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java
@ -1,5 +1,14 @@
 package org.owasp.webgoat.lessons;
 /**
 *  Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
 *  Application Security Project (http://www.owasp.org) This software package org.owasp.webgoat.is published by OWASP
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
 * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
 public class Category implements Comparable
 {
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java
@ -43,7 +43,7 @@ import org.owasp.webgoat.util.ExecResults;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
 public class Challenge2Screen extends LessonAdapter
@ -451,7 +451,7 @@ public class Challenge2Screen extends LessonAdapter
 	{
 		//<START_OMIT_SOURCE>
-	    List hints = new ArrayList();
+	    List<String> hints = new ArrayList<String>();
 		hints.add( "You need to gain access to the Java source code for this lesson." );	
 		hints.add( "Seriously, no more hints -- it's a CHALLENGE!" );
 		hints.add( "Come on -- give it a rest!" );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java
@ -54,19 +54,21 @@ public class CommandInjection extends LessonAdapter
 				{
 					index = helpFile.indexOf(';');
 				}
-				
+				index = index + 1;
 				int helpFileLen = helpFile.length() -1; // subtract 1 for the closing quote
 				System.out.println("Command = [" + helpFile.substring(index, helpFileLen).trim().toLowerCase() + "]");
 				if (( osName.indexOf( "Windows" ) != -1 &&
-						( helpFile.substring(index + 1).trim().toLowerCase().equals("netstat -a") ||
+						( helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("netstat -a") ||
-						  helpFile.substring(index + 1).trim().toLowerCase().equals("dir") ||
+						  helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("dir") ||
-						  helpFile.substring(index + 1).trim().toLowerCase().equals("ls") ||
+						  helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ls") ||
-						  helpFile.substring(index + 1).trim().toLowerCase().equals("ifconfig") ||
+						  helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ifconfig") ||
-						  helpFile.substring(index + 1).trim().toLowerCase().equals("ipconfig") )) ||
+						  helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ipconfig") )) ||
-					(helpFile.substring(index + 1).trim().toLowerCase().equals("netstat -a #") ||
+					(helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("netstat -a #") ||
-					 helpFile.substring(index + 1).trim().toLowerCase().equals("dir #") ||
+					 helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("dir #") ||
-					 helpFile.substring(index + 1).trim().toLowerCase().equals("ls #") ||
+					 helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ls #") ||
-					 helpFile.substring(index + 1).trim().toLowerCase().equals("ls -l #") ||
+					 helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ls -l #") ||
-					 helpFile.substring(index + 1).trim().toLowerCase().equals("ifconfig #") ||
+					 helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ifconfig #") ||
-					 helpFile.substring(index + 1).trim().toLowerCase().equals("ipconfig #") )) 
+					 helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("ipconfig #") )) 
 				{
 					illegalCommand = false;
 				} 
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
@ -140,7 +140,7 @@ public class CrossSiteScripting extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		// Stage 1
 		hints.add( "You can put HTML tags in form input fields." );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/UpdateProfile.java
@ -3,7 +3,6 @@ package org.owasp.webgoat.lessons.CrossSiteScripting;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
 import java.sql.PreparedStatement;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java
@ -552,14 +552,10 @@ public class Encoding extends LessonAdapter
 	public List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Enter a string and press 'go'" );
 		hints.add( "Enter 'abc' and notice the rot13 encoding is 'nop' ( increase each letter by 13 characters )." );
 		hints.add( "Enter 'a c' and notice the url encoding is 'a+c' ( ' ' is converted to '+' )." );
 		return hints;
 	}
@ -573,7 +569,6 @@ public class Encoding extends LessonAdapter
 	public String getInstructions(WebSession s)
 	{
 		return "This lesson will familiarize the user with different encoding schemes.  ";
 	}
@ -596,7 +591,6 @@ public class Encoding extends LessonAdapter
 	public String getTitle()
 	{
 		return ( "Encoding Basics" );
 	}
@ -613,27 +607,18 @@ public class Encoding extends LessonAdapter
 	{
 		byte[] b = str.getBytes();
 		MessageDigest md = null;
 		try
 		{
 			md = MessageDigest.getInstance( "MD5" );
 			md.update( b );
 		}
 		catch ( NoSuchAlgorithmException e )
 		{
 			// it's got to be there
 			e.printStackTrace();
 		}
 		return ( base64Encode( md.digest() ) );
 	}
@ -648,29 +633,18 @@ public class Encoding extends LessonAdapter
 	public static String hashSHA( String str )
 	{
 		byte[] b = str.getBytes();
 		MessageDigest md = null;
 		try
 		{
 			md = MessageDigest.getInstance( "SHA-256" );
 			md.update( b );
 		}
 		catch ( NoSuchAlgorithmException e )
 		{
 			// it's got to be there
 			e.printStackTrace();
 		}
 		return ( base64Encode( md.digest() ) );
 	}
@ -685,40 +659,26 @@ public class Encoding extends LessonAdapter
 	public static String hexDecode( String hexString )
 	{
 		try
 		{
 			if ( ( hexString.length() % 3 ) != 0 )
 			{
 				return ( "String not comprised of Hex digit pairs." );
 			}
 			char[] chars = new char[hexString.length()];
 			char[] convChars = new char[hexString.length() / 3];
 			hexString.getChars( 0, hexString.length(), chars, 0 );
 			for ( int i = 1; i < hexString.length(); i += 3 )
 			{
 				String hexToken = new String( chars, i, 2 );
 				convChars[i / 3] = (char) Integer.parseInt( hexToken, 16 );
 			}
 			return new String( convChars );
 		}
 		catch ( NumberFormatException nfe )
 		{
 			return ( "String not comprised of Hex digits" );
 		}
 	}
@ -732,22 +692,14 @@ public class Encoding extends LessonAdapter
 	public static String hexEncode( String asciiString )
 	{
 		char[] ascii = new char[asciiString.length()];
 		asciiString.getChars( 0, asciiString.length(), ascii, 0 );
 		StringBuffer hexBuff = new StringBuffer();
 		for ( int i = 0; i < asciiString.length(); i++ )
 		{
 			hexBuff.append( "%" );
 			hexBuff.append( Integer.toHexString( ascii[i] ) );
 		}
 		return hexBuff.toString().toUpperCase();
 	}
@ -761,73 +713,40 @@ public class Encoding extends LessonAdapter
 	public static void main( String[] args )
 	{
 		try
 		{
 			String userInput = args[0];
 			String userKey = args[1];
 			System.out.println( "Working with: " + userInput );
 			System.out.print( "Base64 encoding: " );
 			System.out.println( base64Encode( userInput ) + " : " + base64Decode( userInput ) );
 			System.out.print( "Entity encoding: " );
 			System.out.println( HtmlEncoder.encode( userInput ) + " : " + HtmlEncoder.decode( userInput ) );
 			System.out.print( "Password based encryption (PBE): " );
 			System.out.println( encryptString( userInput, userKey ) + " : " + decryptString( userInput, userKey ) );
 			System.out.print( "MD5 hash: " );
 			System.out.println( hashMD5( userInput ) + " : " + "Cannot reverse a hash" );
 			System.out.print( "SHA-256 hash: " );
 			System.out.println( hashSHA( userInput ) + " : " + "Cannot reverse a hash" );
 			System.out.print( "Unicode encoding: " );
 			System.out.println( "Not Implemented" + " : " + "Not Implemented" );
 			System.out.print( "URL encoding: " );
 			System.out.println( urlEncode( userInput ) + " : " + urlDecode( userInput ) );
 			System.out.print( "Hex encoding: " );
 			System.out.println( hexEncode( userInput ) + " : " + hexDecode( userInput ) );
 			System.out.print( "Rot13 encoding: " );
 			System.out.println( rot13( userInput ) + " : " + rot13( userInput ) );
 			System.out.print( "XOR with password: " );
 			System.out.println( xorEncode( userInput, userKey ) + " : " + xorDecode( userInput, userKey ) );
 			System.out.print( "Double unicode encoding is..." );
 			System.out.println( "Not Implemented" + " : " + "Not Implemented" );
 			System.out.print( "Double URL encoding: " );
 			System.out.println( urlEncode( urlEncode( userInput ) ) + " : " + urlDecode( urlDecode( userInput ) ) );
 		}
 		catch ( Exception e )
 		{
 			e.printStackTrace();
 		}
 	}
@ -868,31 +787,20 @@ public class Encoding extends LessonAdapter
 	private TR makeTitleRow( String description, String value1, String value2 )
 	{
 		TD desc = new TD().addElement( new B().addElement( description ) );
 		TD val1 = new TD().addElement( new B().addElement( value1 ) );
 		TD val2 = new TD().addElement( new B().addElement( value2 ) );
 		desc.setAlign( "center" );
 		val1.setAlign( "center" );
 		val2.setAlign( "center" );
 		TR tr = new TR();
 		tr.addElement( desc );
 		tr.addElement( val1 );
 		tr.addElement( val2 );
 		return ( tr );
 	}
 	/**
 	 *  Description of the Method
 	 *
@ -902,56 +810,35 @@ public class Encoding extends LessonAdapter
 	public static synchronized String rot13( String input )
 	{
 		StringBuffer output = new StringBuffer();
 		if ( input != null )
 		{
 			for ( int i = 0; i < input.length(); i++ )
 			{
 				char inChar = input.charAt( i );
 				if ( ( inChar >= 'A' ) & ( inChar <= 'Z' ) )
 				{
 					inChar += 13;
 					if ( inChar > 'Z' )
 					{
 						inChar -= 26;
 					}
 				}
 				if ( ( inChar >= 'a' ) & ( inChar <= 'z' ) )
 				{
 					inChar += 13;
 					if ( inChar > 'z' )
 					{
 						inChar -= 26;
 					}
 				}
 				output.append( inChar );
 			}
 		}
 		return output.toString();
 	}
 	/**
 	 *  Description of the Method
 	 *
@ -961,31 +848,21 @@ public class Encoding extends LessonAdapter
 	public static String unicodeDecode( String str )
 	{
 		// FIXME: TOTALLY EXPERIMENTAL
 		try
 		{
 			ByteBuffer bbuf = ByteBuffer.allocate( str.length() );
 			bbuf.put( str.getBytes() );
 			Charset charset = Charset.forName( "ISO-8859-1" );
 			CharsetDecoder decoder = charset.newDecoder();
 			CharBuffer cbuf = decoder.decode( bbuf );
 			return ( cbuf.toString() );
 		}
 		catch ( Exception e )
 		{
 			return ( "Encoding problem" );
 		}
 	}
@ -999,27 +876,18 @@ public class Encoding extends LessonAdapter
 	public static String unicodeEncode( String str )
 	{
 		// FIXME: TOTALLY EXPERIMENTAL
 		try
 		{
 			Charset charset = Charset.forName( "ISO-8859-1" );
 			CharsetEncoder encoder = charset.newEncoder();
 			ByteBuffer bbuf = encoder.encode( CharBuffer.wrap( str ) );
 			return ( new String( bbuf.array() ) );
 		}
 		catch ( Exception e )
 		{
 			return ( "Encoding problem" );
 		}
 	}
@ -1033,19 +901,14 @@ public class Encoding extends LessonAdapter
 	public static String urlDecode( String str )
 	{
 		try
 		{
 			return ( URLDecoder.decode( str, "UTF-8" ) );
 		}
 		catch ( Exception e )
 		{
 			return ( "Decoding error" );
 		}
 	}
@ -1059,19 +922,14 @@ public class Encoding extends LessonAdapter
 	public static String urlEncode( String str )
 	{
 		try
 		{
 			return ( URLEncoder.encode( str, "UTF-8" ) );
 		}
 		catch ( Exception e )
 		{
 			return ( "Encoding error" );
 		}
 	}
@ -1086,38 +944,23 @@ public class Encoding extends LessonAdapter
 	public static synchronized char[] xor( String input, String userKey )
 	{
 		if ( ( userKey == null ) || ( userKey.trim().length() == 0 ) )
 		{
 			userKey = "Goober";
 		}
 		char[] xorChars = userKey.toCharArray();
 		int keyLen = xorChars.length;
 		char[] inputChars = null;
 		char[] outputChars = null;
 		if ( input != null )
 		{
 			inputChars = input.toCharArray();
 			outputChars = new char[inputChars.length];
 			for ( int i = 0; i < inputChars.length; i++ )
 			{
 				outputChars[i] = (char) ( inputChars[i] ^ xorChars[i % keyLen] );
 			}
 		}
 		return outputChars;
 	}
@ -1133,21 +976,15 @@ public class Encoding extends LessonAdapter
 	public static synchronized String xorDecode( String input, String userKey )
 	{
 		try
 		{
 			String decoded = base64Decode( input );
 			return new String( xor( decoded, userKey ) );
 		}
 		catch ( Exception e )
 		{
 			return "String not XOR encoded.";
 		}
 	}
@ -1162,24 +999,15 @@ public class Encoding extends LessonAdapter
 	public static synchronized String xorEncode( String input, String userKey )
 	{
 		return base64Encode( xor( input, userKey ) );
 	}
 	static
 	{
 		for ( int i = 0; i < entities.length; ++i )
 		{
 			e2i.put( entities[i][0], entities[i][1] );
 			i2e.put( entities[i][1], entities[i][0] );
 		}
 	}
 }
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java
@ -114,7 +114,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "You can force errors during the authentication process." );
 		hints.add( "You can change length, existance, or values of authentication parameters." );
 		hints.add( "Try removing a parameter ENTIRELY with <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>." );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java
@ -63,7 +63,7 @@ public class ForcedBrowsing extends LessonAdapter
 	 */
 	public List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Try to guess the URL for the config page" );
 		hints.add( "The config page is guessable and hackable" );
 		hints.add( "Play with the URL and try to guess what the can you replace 'attack' with." );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java
@ -147,7 +147,7 @@ public class HiddenFieldTampering extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "This application is using hidden fields to transmit price information to the server." );
 		hints.add( "Use a program to intercept and change the value in the hidden field." );
 		hints.add( "Use <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A> to change the price of the TV from " + 
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java
@ -163,7 +163,7 @@ public class HtmlClues extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "You can view the HTML source by selecting 'view source' in the browser menu." );
 		hints.add( "There are lots of clues in the HTML" );
 		hints.add( "Search for the word HIDDEN, look at URLs, look for comments." );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java
@ -68,7 +68,7 @@ public class HttpBasics extends LessonAdapter
 	 */
 	public List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Type in your name and press 'go'" );
 		hints.add( "Turn on Show Parameters or other features" );
 		hints.add( "Press the Show Lesson Plan button to view a lesson summary" );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
@ -83,14 +83,14 @@ public class HttpSplitting extends LessonAdapter {
 		return ( ec );	
 	}
-	public Category getCategory()
+	protected Category getDefaultCategory()
 	{
-		return LessonAdapter.GENERAL;
+		return AbstractLesson.GENERAL;
 	}
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Enter a language for the system to search by." );
 		hints.add( "Use CR (%0d) and LF (%0a) for a new line" );
 		hints.add( "The Content-Length: 0 will tell the server that the first request is over." );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java
@ -7,7 +7,6 @@ import java.util.List;
 import org.apache.ecs.Element;
 import org.apache.ecs.ElementContainer;
 import org.apache.ecs.HtmlColor;
 import org.apache.ecs.StringElement;
 import org.apache.ecs.html.Center;
 import org.apache.ecs.html.H3;
@ -17,7 +16,6 @@ import org.apache.ecs.html.PRE;
 import org.apache.ecs.html.TD;
 import org.apache.ecs.html.TR;
 import org.apache.ecs.html.Table;
 import org.owasp.webgoat.session.WebSession;
 /**
@ -26,12 +24,12 @@ import org.owasp.webgoat.session.WebSession;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
 public abstract class LessonAdapter extends AbstractLesson
 {
-    final static IMG ASPECT_LOGO = new IMG( "images/logos/aspect.jpg" ).setAlt( "Aspect Security" ).setBorder( 0 ).setHspace( 0 ).setVspace( 0 );
+    final static IMG WEBGOAT_LOGO = new IMG( "images/logos/WebGoat.jpg" ).setAlt( "WebGoat Logo" ).setBorder( 0 ).setHspace( 0 ).setVspace( 0 );
 	/**
 	 *  Description of the Method
 	 *
@ -199,7 +197,7 @@ public abstract class LessonAdapter extends AbstractLesson
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "There are no hints defined." );
 		return hints;
@ -217,7 +215,14 @@ public abstract class LessonAdapter extends AbstractLesson
 	 */
 	public Element getCredits()
 	{
-		return getCustomCredits("Sponsored by&nbsp;", ASPECT_LOGO);
+		if (getClass().getResource("images/logos/WebGoat.jpg") != null )
 		{
 			return getCustomCredits("Presented by&nbsp;", WEBGOAT_LOGO);
 		} 
 		else
 		{
 			return new StringElement();
 		}
 	}
 	/**
@ -316,8 +321,6 @@ public abstract class LessonAdapter extends AbstractLesson
 	 */
 	protected Element getCustomCredits(String text, IMG logo) 
 	{
 		ElementContainer ec = new  ElementContainer();
 		Table t = new Table().setCellSpacing( 0 ).setCellPadding( 0 ).setBorder( 0 ).setWidth("90%").setAlign("RIGHT");
 	    TR tr = new TR();
 		tr.addElement( new TD(text).setVAlign("MIDDLE").setAlign("RIGHT").setWidth("100%"));
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java
@ -1,22 +1,21 @@
 package org.owasp.webgoat.lessons;
 import java.util.ArrayList;
 import java.util.List;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
 import java.util.ArrayList;
 import java.util.List;
 import org.apache.ecs.Element;
 import org.apache.ecs.StringElement;
 import org.owasp.webgoat.session.ECSFactory;
 import org.owasp.webgoat.session.WebSession;
 import org.apache.ecs.ElementContainer;
 import org.apache.ecs.HtmlColor;
 import org.apache.ecs.StringElement;
 import org.apache.ecs.html.Input;
 import org.apache.ecs.html.PRE;
 import org.apache.ecs.html.TD;
 import org.apache.ecs.html.TR;
 import org.apache.ecs.html.Table;
-import org.apache.ecs.html.PRE;
+import org.owasp.webgoat.session.ECSFactory;
-import org.apache.ecs.HtmlColor;
+import org.owasp.webgoat.session.WebSession;
 /**
 *  Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
@ -102,7 +101,7 @@ public class LogSpoofing extends LessonAdapter {
 	@Override
 	protected List getHints() {
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Try to fool the humane eye by using new lines." );
 		hints.add( "Use CR (%0d) and LF (%0a) for a new line." );
 		hints.add( "Try: fooledYa%0d%0aLogin Succeeded for username: admin" );
@ -116,8 +115,8 @@ public class LogSpoofing extends LessonAdapter {
 	}
 	@Override
-	public Category getCategory() {
+	protected Category getDefaultCategory() {
-		return super.A6;
+		return AbstractLesson.A6;
 	}
 }
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ParameterInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ParameterInjection.java
@ -11,7 +11,7 @@ import org.owasp.webgoat.session.WebSession;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
 public class ParameterInjection extends LessonAdapter
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java
@ -24,7 +24,7 @@ import org.owasp.webgoat.session.WebSession;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
 public class PathBasedAccessControl extends LessonAdapter
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java
@ -27,7 +27,7 @@ import org.owasp.webgoat.util.HtmlEncoder;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
@ -188,7 +188,7 @@ public class ReflectedXSS extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "A simple script is &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;." );
 		hints.add( "Can you get the script to disclose the JSESSIONID cookie?" );
 		hints.add( "You can use &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; to access the session id cookie" );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java
@ -13,7 +13,7 @@ import org.owasp.webgoat.session.WebSession;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
 public class RemoteAdminFlaw extends LessonAdapter
@ -61,7 +61,7 @@ public class RemoteAdminFlaw extends LessonAdapter
 	 */
 	public List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "WebGoat has 2 admin interfaces." );
 		hints.add( "WebGoat has one admin interface that is controlled via a URL parameter and is 'hackable'" );
 		hints.add( "WebGoat has one admin interface that is controlled via server side security constraints and should not be 'hackable'" );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
@ -135,7 +135,7 @@ public class RoleBasedAccessControl extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Many sites attempt to restrict access to resources by role." );
 		hints.add( "Developers frequently make mistakes implementing this scheme." );
 		hints.add( "Attempt combinations of users, roles, and resources." );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
@ -144,7 +144,7 @@ public class SQLInjection extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "The application is taking your input and inserting it at the end of a pre-formed SQL command." );
 		hints.add( "This is the code for the query being built and issued by WebGoat:<br><br> " +
 					"\"SELECT * FROM employee WHERE userid = \" + userId + \" and password = \" + password" );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
@ -30,7 +30,7 @@ import org.owasp.webgoat.session.WebSession;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
 public class SqlNumericInjection extends LessonAdapter
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
@ -26,7 +26,7 @@ import org.owasp.webgoat.session.WebSession;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
 public class SqlStringInjection extends LessonAdapter
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java
@ -123,7 +123,7 @@ public class StoredXss extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "You can put HTML tags in your message." );
 		hints.add( "Bury a SCRIPT tag in the message to attack anyone who reads it." );
 		hints.add( "Enter this: &lt;script language=\"javascript\" type=\"text/javascript\"&gt;alert(\"Ha Ha Ha\");&lt;/script&gt; in the message field." );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java
@ -104,7 +104,7 @@ public class ThreadSafetyProblem extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Web applications handle many HTTP requests at the same time." );
 		hints.add( "Developers use variables that are not thread safe." );
 		hints.add( "Show the Java source code and trace the 'currentUser' variable" );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java
@ -26,7 +26,7 @@ import org.owasp.webgoat.util.HtmlEncoder;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
@ -31,7 +31,7 @@ import org.owasp.webgoat.session.WebSession;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
@ -179,7 +179,7 @@ public class UncheckedEmail extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "Try sending an anonymous message to yourself." );
 		hints.add( "Try inserting some html or javascript code in the message field" );
 		hints.add( "Look at the hidden fields in the HTML.");
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java
@ -232,7 +232,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
 	 */
 	protected List getHints()
 	{
-		List hints = new ArrayList();
+		List<String> hints = new ArrayList<String>();
 		hints.add( "The server skips authentication if you send the right cookie." );
 		hints.add( "Is the AuthCookie value guessable knowing the username and password?" );
 		hints.add( "Add 'AuthCookie=********;' to the Cookie: header using <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A>." );
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/session/Course.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/session/Course.java
@ -20,7 +20,7 @@ import org.owasp.webgoat.lessons.Category;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 28, 2003
 */
 public class Course
@ -223,7 +223,7 @@ public class Course
 	 */
 	public List getCategories()
 	{
-		List categories = new ArrayList();
+		List<Category> categories = new ArrayList<Category>();
 		Iterator iter = lessons.iterator();
 		while ( iter.hasNext() )
@ -333,7 +333,7 @@ public class Course
 	 */
 	private List getLessons( Category category, List roles )
 	{
-		List lessonList = new ArrayList();
+		List<AbstractLesson> lessonList = new ArrayList<AbstractLesson>();
 		Iterator iter = lessons.iterator();
 		while ( iter.hasNext() )
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java
@ -1,16 +1,15 @@
 package org.owasp.webgoat.session;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.FileNotFoundException;
-import java.io.IOException;
+import java.io.FileOutputStream;
 import java.util.Properties;
 /**
 *  Description of the Class
 *
- * @author     Bruce Mayhew
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 29, 2003
 */
 public class LessonTracker
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/session/UserTracker.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/session/UserTracker.java
@ -15,7 +15,7 @@ import org.apache.catalina.users.MemoryUserDatabase;
 *  under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
 *  this software.
 *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created    October 29, 2003
 */
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java
@ -337,7 +337,7 @@ public class WebSession
 	public List getRoles()
 	{
-		List roles = new ArrayList();
+		List<String> roles = new ArrayList<String>();
 		roles.add(AbstractLesson.USER_ROLE);
 		if (isAdmin())
@ -440,7 +440,7 @@ public class WebSession
 	public String getRestartLink()
 	{
-		List parameters = new ArrayList();
+		List<String> parameters = new ArrayList<String>();
 		String screenValue = request.getParameter(SCREEN);
 		if (screenValue != null)