Make it possible to return per-stage hints

git-svn-id: http://webgoat.googlecode.com/svn/trunk@144 4033779f-a91e-0410-96ef-6bf7bf53c507

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java

@@ -353,27 +353,29 @@ public abstract class AbstractLesson extends Screen implements Comparable
 
     /**
      * Gets the hintCount attribute of the Lesson object
+     * @param s The user's WebSession
      * 
      * @return The hintCount value
      */
-    public int getHintCount()
+    public int getHintCount(WebSession s)
     {
-	return getHints().size();
+	return getHints(s).size();
     }
 
 
-    protected abstract List getHints();
+    protected abstract List<String> getHints(WebSession s);
 
 
     /**
      * Fill in a minor hint that will help people who basically get it, but
      * are stuck on somthing silly.
+     * @param s The users WebSession
      * 
      * @return The hint1 value
      */
-    public String getHint(int hintNumber)
+    public String getHint(WebSession s, int hintNumber)
     {
-	return (String) getHints().get(hintNumber);
+	return getHints(s).get(hintNumber);
     }
 
 
@@ -409,7 +411,7 @@ public abstract class AbstractLesson extends Screen implements Comparable
      * Gets the content of lessonPlanURL
      * 
      * @param s
-     *        TODO
+     *        The user's WebSession
      * 
      * @return The HTML content of the current lesson plan
      */

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AccessControlMatrix.java

@@ -135,7 +135,7 @@ public class AccessControlMatrix extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 		List<String> hints = new ArrayList<String>();
 		hints.add("Many sites attempt to restrict access to resources by role.");

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java

@@ -264,7 +264,7 @@ public class BackDoors extends LessonAdapter
     }
 
 
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints.add("Your user id is 101. Use it to see your information");

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java

@@ -272,7 +272,7 @@ public class BasicAuthentication extends LessonAdapter
      *
      * @return    The hints value
      */
-    public List getHints()
+    public List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	//		int stage = getLessonTracker(session, BASIC).getStage();

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java

@@ -198,7 +198,7 @@ public class BlindSqlInjection extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	if (runningOnWindows())

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BufferOverflow.java

@@ -73,7 +73,7 @@ public class BufferOverflow extends LessonAdapter
      *
      * @return    The hints value
      */
-    public List getHints()
+    public List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints.add("Lesson Hint 1");

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java

@@ -292,7 +292,7 @@ public class CSRF extends LessonAdapter {
 	}
 
 	@Override	
-	protected List getHints() {
+	protected List<String> getHints(WebSession s) {
 		List<String> hints = new ArrayList<String>();
 		hints.add( "Enter some text and try to include an image in there." );
 		hints.add( "In order to make the picture almost invisible try to add width=\"1\" and height=\"1\"." );

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java

@@ -504,7 +504,7 @@ public class Challenge2Screen extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints(WebSession s)
+    protected List<String> getHints(WebSession s)
     {
 	//<START_OMIT_SOURCE>
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java

@@ -333,7 +333,7 @@ public class CommandInjection extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java

@@ -207,7 +207,7 @@ public class CrossSiteScripting extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOMInjection.java

@@ -173,7 +173,7 @@ public class DOMInjection extends LessonAdapter
     }
 
 
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 
 	List<String> hints = new ArrayList<String>();

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java

@@ -199,7 +199,7 @@ public class DOS_Login extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints.add("Use a SQL Injection to obtain the user names. ");

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Encoding.java

@@ -575,7 +575,7 @@ public class Encoding extends LessonAdapter
 	 * @return    The hints value
 	 */
 
-	public List getHints()
+	public List<String> getHints(WebSession s)
 	{
 
 		List<String> hints = new ArrayList<String>();

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/FailOpenAuthentication.java

@@ -142,7 +142,7 @@ public class FailOpenAuthentication extends WeakAuthenticationCookie
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints.add("You can force errors during the authentication process.");

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java

@@ -116,7 +116,7 @@ public class ForcedBrowsing extends LessonAdapter
      *
      * @return    The hints value
      */
-    public List getHints()
+    public List<String> getHints(WebSession s)
     {
     	List<String> hints = new ArrayList<String>();
 		hints.add("Try to guess the URL for the config page");

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForgotPassword.java

@@ -299,7 +299,7 @@ public class ForgotPassword extends LessonAdapter
      *
      * @return    The hints value
      */
-    public List getHints()
+    public List<String> getHints(WebSession s)
     {
 		List<String> hints = new ArrayList<String>();
 		

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java

@@ -185,7 +185,7 @@ public class HiddenFieldTampering extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HtmlClues.java

@@ -198,7 +198,7 @@ public class HtmlClues extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java

@@ -93,7 +93,7 @@ public class HttpBasics extends LessonAdapter
      *
      * @return    The hints value
      */
-    public List getHints()
+    public List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints.add("Type in your name and press 'go'");

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpOnly.java

@@ -158,7 +158,7 @@ public class HttpOnly extends LessonAdapter {
 	 *
 	 * @return    The hints value
 	 */
-	protected List getHints()
+	protected List<String> getHints(WebSession s)
 	{
 		List<String> hints = new ArrayList<String>();
 		hints.add( "Read the directions and try out the buttons." );

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java

@@ -246,7 +246,7 @@ public class HttpSplitting extends LessonAdapter
     }
 
 
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 
 	List<String> hints = new ArrayList<String>();

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JSONInjection.java

@@ -284,7 +284,7 @@ public class JSONInjection extends LessonAdapter
     }
 
 
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints.add("JSON stands for JavaScript Object Notation.");

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/JavaScriptValidation.java

@@ -279,7 +279,7 @@ public class JavaScriptValidation extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java

@@ -223,9 +223,9 @@ public abstract class LessonAdapter extends AbstractLesson
      *
      * @return    The hintCount value
      */
-    public int getHintCount()
+    public int getHintCount(WebSession s)
     {
-	return getHints().size();
+	return getHints(s).size();
     }
 
 
@@ -236,7 +236,7 @@ public abstract class LessonAdapter extends AbstractLesson
      *
      * @return    The hint1 value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints.add("There are no hints defined.");
@@ -245,9 +245,9 @@ public abstract class LessonAdapter extends AbstractLesson
     }
 
 
-    public String getHint(int hintNumber)
+    public String getHint(WebSession s, int hintNumber)
     {
-	return (String) getHints().get(hintNumber);
+	return (String) getHints(s).get(hintNumber);
     }
 
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java

@@ -140,7 +140,7 @@ public class LogSpoofing extends LessonAdapter
 
 
     @Override
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints.add("Try to fool the humane eye by using new lines.");

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/PathBasedAccessControl.java

@@ -250,7 +250,7 @@ public class PathBasedAccessControl extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java

@@ -171,7 +171,7 @@ public class Phishing extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java

@@ -241,7 +241,7 @@ public class ReflectedXSS extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RemoteAdminFlaw.java

@@ -82,7 +82,7 @@ public class RemoteAdminFlaw extends LessonAdapter
      *
      * @return    The hints value
      */
-    public List getHints()
+    public List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints.add("WebGoat has 2 admin interfaces.");

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java

@@ -200,7 +200,7 @@ public class RoleBasedAccessControl extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java

@@ -210,7 +210,7 @@ public class SQLInjection extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SilentTransactions.java

@@ -272,7 +272,7 @@ public class SilentTransactions extends LessonAdapter
     }
 
 
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints.add("Check the javascript in the HTML source.");

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java

@@ -97,7 +97,7 @@ public class SoapRequest extends LessonAdapter
     }
 
 
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java

@@ -343,7 +343,7 @@ public class SqlNumericInjection extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java

@@ -259,7 +259,7 @@ public class SqlStringInjection extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java

@@ -157,7 +157,7 @@ public class StoredXss extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints.add("You can put HTML tags in your message.");

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java

@@ -137,7 +137,7 @@ public class ThreadSafetyProblem extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/TraceXSS.java

@@ -242,7 +242,7 @@ public class TraceXSS extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java

@@ -215,7 +215,7 @@ public class UncheckedEmail extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints.add("Try sending an anonymous message to yourself.");

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java

@@ -99,7 +99,7 @@ public class WSDLScanning extends LessonAdapter
     }
 
 
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakAuthenticationCookie.java

@@ -260,7 +260,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WeakSessionID.java

@@ -158,7 +158,7 @@ public class WeakSessionID extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSAXInjection.java

@@ -94,7 +94,7 @@ public class WsSAXInjection extends LessonAdapter
     }
 
 
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java

@@ -87,7 +87,7 @@ public class WsSqlInjection extends LessonAdapter
     }
 
 
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XMLInjection.java

@@ -338,7 +338,7 @@ public class XMLInjection extends LessonAdapter
     }
 
 
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 
 	List<String> hints = new ArrayList<String>();

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/XPATHInjection.java

@@ -242,7 +242,7 @@ public class XPATHInjection extends LessonAdapter
     }
 
 
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	// TODO Auto-generated method stub
 	List<String> hints = new ArrayList<String>();

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ViewDatabase.java

@@ -133,7 +133,7 @@ public class ViewDatabase extends LessonAdapter
      *
      * @return    The hints value
      */
-    protected List getHints()
+    protected List<String> getHints(WebSession s)
     {
 	List<String> hints = new ArrayList<String>();
 	hints.add("There are no hints defined");

webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java

@@ -447,10 +447,12 @@ public class WebSession
 	public String getHint()
 	{
 		String hint = null;
-
+		int hints = getCurrentLesson().getHintCount(this);
+		if (getHintNum() > hints)
+			hintNum = -1;
 		if ( getHintNum() >= 0 )
 			// FIXME
-			hint = getCurrentLesson().getHint( getHintNum() );
+			hint = getCurrentLesson().getHint( this, getHintNum() );
 
 		return hint;
 	}
@@ -1015,7 +1017,7 @@ public class WebSession
 		String hint = null;
 
 		// FIXME
-		int maxHints = getCurrentLesson().getHintCount();
+		int maxHints = getCurrentLesson().getHintCount(this);
 		if ( hintNum < maxHints - 1 )
 		{
 			hintNum++;
@@ -1023,7 +1025,7 @@ public class WebSession
 			// Hints are indexed from 0
 			getCurrentLesson().getLessonTracker( this ).setMaxHintLevel( getHintNum() + 1 );
 
-			hint = (String) getCurrentLesson().getHint( getHintNum() );
+			hint = (String) getCurrentLesson().getHint( this, getHintNum() );
 		}
 
 		return hint;
@@ -1040,7 +1042,7 @@ public class WebSession
 			// Hints are indexed from 0
 			getCurrentLesson().getLessonTracker( this ).setMaxHintLevel( getHintNum() + 1 );
 
-			hint = (String) getCurrentLesson().getHint( getHintNum() );
+			hint = (String) getCurrentLesson().getHint( this, getHintNum() );
 		}
 
 		return hint;