dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: SQL advanced assignment 5 (#2047)

Browse Source 
- Add and show correct hints
- Fix solving the lesson immediately when you register as tom. Now uses `informationMessage` to display a message in the UI
- Add Playwright test

Closes: gh-2045
This commit is contained in:
Nanne Baars
2025-03-02 20:31:05 +01:00
committed by GitHub
parent c37a8e8c19
commit e9f79cc739
20 changed files with 189 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/it/java/org/owasp/webgoat/integration/SqlInjectionAdvancedIntegrationTest.java
View File

@ -15,17 +15,16 @@ public class SqlInjectionAdvancedIntegrationTest extends IntegrationTest {
startLesson("SqlInjectionAdvanced");
Map<String, Object> params = new HashMap<>();
params.clear();
params.put("username_reg", "tom' AND substring(password,1,1)='t");
params.put("password_reg", "password");
params.put("email_reg", "someone@microsoft.com");
params.put("confirm_password", "password");
checkAssignmentWithPUT(webGoatUrlConfig.url("SqlInjectionAdvanced/challenge"), params, true);
checkAssignmentWithPUT(webGoatUrlConfig.url("SqlInjectionAdvanced/register"), params, false);
params.clear();
params.put("username_login", "tom");
params.put("password_login", "thisisasecretfortomonly");
checkAssignment(webGoatUrlConfig.url("SqlInjectionAdvanced/challenge_Login"), params, true);
checkAssignment(webGoatUrlConfig.url("SqlInjectionAdvanced/login"), params, true);
params.clear();
params.put("userid_6a", "'; SELECT * FROM user_system_data;--");
@ -59,7 +58,5 @@ public class SqlInjectionAdvancedIntegrationTest extends IntegrationTest {
"question_4_solution",
"Solution 4: The database registers 'Robert' ); DROP TABLE Students;--'.");
checkAssignment(webGoatUrlConfig.url("SqlInjectionAdvanced/quiz"), params, true);
checkResults("SqlInjectionAdvanced");
}
}