From e6fcd4176cc14f2acdcabdb44d466adcabd691a6 Mon Sep 17 00:00:00 2001 From: "rogan.dawes" Date: Tue, 10 Jul 2007 11:53:34 +0000 Subject: [PATCH] Make it possible to return per-stage hints git-svn-id: http://webgoat.googlecode.com/svn/trunk@144 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../org/owasp/webgoat/lessons/AbstractLesson.java | 14 ++++++++------ .../owasp/webgoat/lessons/AccessControlMatrix.java | 2 +- .../org/owasp/webgoat/lessons/BackDoors.java | 2 +- .../owasp/webgoat/lessons/BasicAuthentication.java | 2 +- .../owasp/webgoat/lessons/BlindSqlInjection.java | 2 +- .../org/owasp/webgoat/lessons/BufferOverflow.java | 2 +- .../JavaSource/org/owasp/webgoat/lessons/CSRF.java | 2 +- .../owasp/webgoat/lessons/Challenge2Screen.java | 2 +- .../owasp/webgoat/lessons/CommandInjection.java | 2 +- .../CrossSiteScripting/CrossSiteScripting.java | 2 +- .../org/owasp/webgoat/lessons/DOMInjection.java | 2 +- .../org/owasp/webgoat/lessons/DOS_Login.java | 2 +- .../org/owasp/webgoat/lessons/Encoding.java | 2 +- .../webgoat/lessons/FailOpenAuthentication.java | 2 +- .../org/owasp/webgoat/lessons/ForcedBrowsing.java | 2 +- .../org/owasp/webgoat/lessons/ForgotPassword.java | 2 +- .../webgoat/lessons/HiddenFieldTampering.java | 2 +- .../org/owasp/webgoat/lessons/HtmlClues.java | 2 +- .../org/owasp/webgoat/lessons/HttpBasics.java | 2 +- .../org/owasp/webgoat/lessons/HttpOnly.java | 2 +- .../org/owasp/webgoat/lessons/HttpSplitting.java | 2 +- .../org/owasp/webgoat/lessons/JSONInjection.java | 2 +- .../webgoat/lessons/JavaScriptValidation.java | 2 +- .../org/owasp/webgoat/lessons/LessonAdapter.java | 10 +++++----- .../org/owasp/webgoat/lessons/LogSpoofing.java | 2 +- .../webgoat/lessons/PathBasedAccessControl.java | 2 +- .../org/owasp/webgoat/lessons/Phishing.java | 2 +- .../org/owasp/webgoat/lessons/ReflectedXSS.java | 2 +- .../org/owasp/webgoat/lessons/RemoteAdminFlaw.java | 2 +- .../RoleBasedAccessControl.java | 2 +- .../webgoat/lessons/SQLInjection/SQLInjection.java | 2 +- .../owasp/webgoat/lessons/SilentTransactions.java | 2 +- .../org/owasp/webgoat/lessons/SoapRequest.java | 2 +- .../owasp/webgoat/lessons/SqlNumericInjection.java | 2 +- .../owasp/webgoat/lessons/SqlStringInjection.java | 2 +- .../org/owasp/webgoat/lessons/StoredXss.java | 2 +- .../owasp/webgoat/lessons/ThreadSafetyProblem.java | 2 +- .../org/owasp/webgoat/lessons/TraceXSS.java | 2 +- .../org/owasp/webgoat/lessons/UncheckedEmail.java | 2 +- .../org/owasp/webgoat/lessons/WSDLScanning.java | 2 +- .../webgoat/lessons/WeakAuthenticationCookie.java | 2 +- .../org/owasp/webgoat/lessons/WeakSessionID.java | 2 +- .../org/owasp/webgoat/lessons/WsSAXInjection.java | 2 +- .../org/owasp/webgoat/lessons/WsSqlInjection.java | 2 +- .../org/owasp/webgoat/lessons/XMLInjection.java | 2 +- .../org/owasp/webgoat/lessons/XPATHInjection.java | 2 +- .../owasp/webgoat/lessons/admin/ViewDatabase.java | 2 +- .../org/owasp/webgoat/session/WebSession.java | 12 +++++++----- 48 files changed, 65 insertions(+), 61 deletions(-) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java index cd53124ee..3da089dd1 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java @@ -353,27 +353,29 @@ public abstract class AbstractLesson extends Screen implements Comparable /** * Gets the hintCount attribute of the Lesson object + * @param s The user's WebSession * * @return The hintCount value */ - public int getHintCount() + public int getHintCount(WebSession s) { - return getHints().size(); + return getHints(s).size(); } - protected abstract List getHints(); + protected abstract List getHints(WebSession s); /** * Fill in a minor hint that will help people who basically get it, but * are stuck on somthing silly. + * @param s The users WebSession * * @return The hint1 value */ - public String getHint(int hintNumber) + public String getHint(WebSession s, int hintNumber) { - return (String) getHints().get(hintNumber); + return getHints(s).get(hintNumber); } @@ -409,7 +411,7 @@ public abstract class AbstractLesson extends Screen implements Comparable * Gets the content of lessonPlanURL * * @param s - * TODO + * The user's WebSession * * @return The HTML content of the current lesson plan */ diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java index 28f96c054..b221b8adc 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java @@ -135,7 +135,7 @@ public class AccessControlMatrix extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints.add("Many sites attempt to restrict access to resources by role."); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java index 3714f0664..a09b24dba 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java @@ -264,7 +264,7 @@ public class BackDoors extends LessonAdapter } - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints.add("Your user id is 101. Use it to see your information"); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java index b66456ede..916e4d449 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java @@ -272,7 +272,7 @@ public class BasicAuthentication extends LessonAdapter * * @return The hints value */ - public List getHints() + public List getHints(WebSession s) { List hints = new ArrayList(); // int stage = getLessonTracker(session, BASIC).getStage(); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java index 1194ab46e..941dde270 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java @@ -198,7 +198,7 @@ public class BlindSqlInjection extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); if (runningOnWindows()) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java index 4ce80a660..1a32440f9 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java @@ -73,7 +73,7 @@ public class BufferOverflow extends LessonAdapter * * @return The hints value */ - public List getHints() + public List getHints(WebSession s) { List hints = new ArrayList(); hints.add("Lesson Hint 1"); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java index fd43c79cb..0bb336f23 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java @@ -292,7 +292,7 @@ public class CSRF extends LessonAdapter { } @Override - protected List getHints() { + protected List getHints(WebSession s) { List hints = new ArrayList(); hints.add( "Enter some text and try to include an image in there." ); hints.add( "In order to make the picture almost invisible try to add width=\"1\" and height=\"1\"." ); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java index b5b098098..e9a09acc5 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java @@ -504,7 +504,7 @@ public class Challenge2Screen extends LessonAdapter * * @return The hints value */ - protected List getHints(WebSession s) + protected List getHints(WebSession s) { // diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java index 5479de649..8baf32b1d 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java @@ -333,7 +333,7 @@ public class CommandInjection extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java index 4f030819a..3e421bc0e 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java @@ -207,7 +207,7 @@ public class CrossSiteScripting extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java index 08d178014..d8fc9261a 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java @@ -173,7 +173,7 @@ public class DOMInjection extends LessonAdapter } - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java index 04d7c0f3f..0d48cf792 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java @@ -199,7 +199,7 @@ public class DOS_Login extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints.add("Use a SQL Injection to obtain the user names. "); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java index 29d0c2e25..5e09001e1 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java @@ -575,7 +575,7 @@ public class Encoding extends LessonAdapter * @return The hints value */ - public List getHints() + public List getHints(WebSession s) { List hints = new ArrayList(); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java index df23d6001..e8ab424a8 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java @@ -142,7 +142,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints.add("You can force errors during the authentication process."); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java index f2af9732b..fa6993d2c 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java @@ -116,7 +116,7 @@ public class ForcedBrowsing extends LessonAdapter * * @return The hints value */ - public List getHints() + public List getHints(WebSession s) { List hints = new ArrayList(); hints.add("Try to guess the URL for the config page"); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForgotPassword.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForgotPassword.java index ef03c1c27..7b1216f87 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForgotPassword.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForgotPassword.java @@ -299,7 +299,7 @@ public class ForgotPassword extends LessonAdapter * * @return The hints value */ - public List getHints() + public List getHints(WebSession s) { List hints = new ArrayList(); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java index 2575ec8ee..97c4c20f7 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java @@ -185,7 +185,7 @@ public class HiddenFieldTampering extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java index a0356ce76..814203747 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java @@ -198,7 +198,7 @@ public class HtmlClues extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java index ec4063cf9..fa8501025 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java @@ -93,7 +93,7 @@ public class HttpBasics extends LessonAdapter * * @return The hints value */ - public List getHints() + public List getHints(WebSession s) { List hints = new ArrayList(); hints.add("Type in your name and press 'go'"); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java index 7392e6df1..b98a15d4d 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java @@ -158,7 +158,7 @@ public class HttpOnly extends LessonAdapter { * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints.add( "Read the directions and try out the buttons." ); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java index 411256568..6311c1c5e 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java @@ -246,7 +246,7 @@ public class HttpSplitting extends LessonAdapter } - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java index 755e28380..9a9d0f226 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java @@ -284,7 +284,7 @@ public class JSONInjection extends LessonAdapter } - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints.add("JSON stands for JavaScript Object Notation."); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java index 13d01d421..0640e3f51 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java @@ -279,7 +279,7 @@ public class JavaScriptValidation extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java index b01158f13..961b6a1a2 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java @@ -223,9 +223,9 @@ public abstract class LessonAdapter extends AbstractLesson * * @return The hintCount value */ - public int getHintCount() + public int getHintCount(WebSession s) { - return getHints().size(); + return getHints(s).size(); } @@ -236,7 +236,7 @@ public abstract class LessonAdapter extends AbstractLesson * * @return The hint1 value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints.add("There are no hints defined."); @@ -245,9 +245,9 @@ public abstract class LessonAdapter extends AbstractLesson } - public String getHint(int hintNumber) + public String getHint(WebSession s, int hintNumber) { - return (String) getHints().get(hintNumber); + return (String) getHints(s).get(hintNumber); } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java index 91b70fd6b..b299d9c02 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java @@ -140,7 +140,7 @@ public class LogSpoofing extends LessonAdapter @Override - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints.add("Try to fool the humane eye by using new lines."); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java index 21834abd3..6677f0b38 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java @@ -250,7 +250,7 @@ public class PathBasedAccessControl extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java index 49acf0601..d4ecb1e06 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java @@ -171,7 +171,7 @@ public class Phishing extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java index cd880568c..1e46bbe42 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java @@ -241,7 +241,7 @@ public class ReflectedXSS extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java index 20071ba84..7bae6d0fd 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java @@ -82,7 +82,7 @@ public class RemoteAdminFlaw extends LessonAdapter * * @return The hints value */ - public List getHints() + public List getHints(WebSession s) { List hints = new ArrayList(); hints.add("WebGoat has 2 admin interfaces."); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java index 83bef96c8..ca1513f88 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java @@ -200,7 +200,7 @@ public class RoleBasedAccessControl extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java index 44ae8580f..c195b0d78 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java @@ -210,7 +210,7 @@ public class SQLInjection extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java index 676e4ff64..6c424633e 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java @@ -272,7 +272,7 @@ public class SilentTransactions extends LessonAdapter } - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints.add("Check the javascript in the HTML source."); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java index 49d198258..8e3f88cb9 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java @@ -97,7 +97,7 @@ public class SoapRequest extends LessonAdapter } - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java index 41a1c2b0d..d03f28a9b 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java @@ -343,7 +343,7 @@ public class SqlNumericInjection extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java index 40206bf2b..3418d9bd4 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java @@ -259,7 +259,7 @@ public class SqlStringInjection extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java index 79b468699..805f0d637 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java @@ -157,7 +157,7 @@ public class StoredXss extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints.add("You can put HTML tags in your message."); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java index 86c52d37e..1654228f4 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java @@ -137,7 +137,7 @@ public class ThreadSafetyProblem extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java index c15104c1e..e11078408 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java @@ -242,7 +242,7 @@ public class TraceXSS extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java index 47fb59693..0056eef90 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java @@ -215,7 +215,7 @@ public class UncheckedEmail extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints.add("Try sending an anonymous message to yourself."); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java index 59958daed..90d2245c1 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java @@ -99,7 +99,7 @@ public class WSDLScanning extends LessonAdapter } - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java index 50ece46db..3a9e02ccd 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java @@ -260,7 +260,7 @@ public class WeakAuthenticationCookie extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java index 6210511d0..4847ecf49 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java @@ -158,7 +158,7 @@ public class WeakSessionID extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSAXInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSAXInjection.java index 9509b2d56..ef022bd75 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSAXInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSAXInjection.java @@ -94,7 +94,7 @@ public class WsSAXInjection extends LessonAdapter } - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java index b40690718..864a153d0 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java @@ -87,7 +87,7 @@ public class WsSqlInjection extends LessonAdapter } - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java index 35984330a..608affaa1 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java @@ -338,7 +338,7 @@ public class XMLInjection extends LessonAdapter } - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java index 252b97801..cdfa1d427 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java @@ -242,7 +242,7 @@ public class XPATHInjection extends LessonAdapter } - protected List getHints() + protected List getHints(WebSession s) { // TODO Auto-generated method stub List hints = new ArrayList(); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ViewDatabase.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ViewDatabase.java index 5c5dd1c55..8509e9d49 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ViewDatabase.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ViewDatabase.java @@ -133,7 +133,7 @@ public class ViewDatabase extends LessonAdapter * * @return The hints value */ - protected List getHints() + protected List getHints(WebSession s) { List hints = new ArrayList(); hints.add("There are no hints defined"); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java index 76c52b388..11388d196 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java @@ -447,10 +447,12 @@ public class WebSession public String getHint() { String hint = null; - + int hints = getCurrentLesson().getHintCount(this); + if (getHintNum() > hints) + hintNum = -1; if ( getHintNum() >= 0 ) // FIXME - hint = getCurrentLesson().getHint( getHintNum() ); + hint = getCurrentLesson().getHint( this, getHintNum() ); return hint; } @@ -1015,7 +1017,7 @@ public class WebSession String hint = null; // FIXME - int maxHints = getCurrentLesson().getHintCount(); + int maxHints = getCurrentLesson().getHintCount(this); if ( hintNum < maxHints - 1 ) { hintNum++; @@ -1023,7 +1025,7 @@ public class WebSession // Hints are indexed from 0 getCurrentLesson().getLessonTracker( this ).setMaxHintLevel( getHintNum() + 1 ); - hint = (String) getCurrentLesson().getHint( getHintNum() ); + hint = (String) getCurrentLesson().getHint( this, getHintNum() ); } return hint; @@ -1040,7 +1042,7 @@ public class WebSession // Hints are indexed from 0 getCurrentLesson().getLessonTracker( this ).setMaxHintLevel( getHintNum() + 1 ); - hint = (String) getCurrentLesson().getHint( getHintNum() ); + hint = (String) getCurrentLesson().getHint( this, getHintNum() ); } return hint;