diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java index 576027bb4..be8b5c94f 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java @@ -164,13 +164,6 @@ public abstract class AbstractLesson extends Screen implements Comparable */ public abstract Element getCredits(); - /** - * Get the number of stages provided by this lesson - * - * @return the number of stages - */ - public abstract int getStageCount(); - /** * Description of the Method * @@ -614,23 +607,6 @@ public abstract class AbstractLesson extends Screen implements Comparable public abstract void setCurrentAction(WebSession s, String lessonScreen); - - public void setStage(WebSession s, int stage) - { - // System.out.println("Changed to stage " + stage); - getLessonTracker(s).setStage(stage); - } - - - public int getStage(WebSession s) - { - int stage = getLessonTracker(s).getStage(); - - // System.out.println("In stage " + stage); - return stage; - } - - /** * Override this method to implement accesss control in a lesson. * diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java index a09b24dba..52ffa1b02 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java @@ -52,7 +52,7 @@ import org.owasp.webgoat.session.WebSession; * * @author Sherif Koussa Macadamian Technologies. */ -public class BackDoors extends LessonAdapter +public class BackDoors extends SequentialLessonAdapter { private static Connection connection = null; diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java index 916e4d449..824126a0e 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java @@ -47,7 +47,7 @@ import org.owasp.webgoat.session.WebSession; * @author Bruce Mayhew WebGoat * @created October 28, 2003 */ -public class BasicAuthentication extends LessonAdapter +public class BasicAuthentication extends SequentialLessonAdapter { private static final String EMPTY_STRING = ""; diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java index e9a09acc5..becb97a70 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java @@ -69,7 +69,7 @@ import org.owasp.webgoat.util.ExecResults; * @author Bruce Mayhew WebGoat * @created October 28, 2003 */ -public class Challenge2Screen extends LessonAdapter +public class Challenge2Screen extends SequentialLessonAdapter { private static final String USER_COOKIE = "user"; diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java index c88cae48e..943dd8103 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java @@ -17,6 +17,7 @@ import org.owasp.webgoat.session.UnauthenticatedException; import org.owasp.webgoat.session.UnauthorizedException; import org.owasp.webgoat.session.ValidationException; import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.util.HtmlEncoder; /** /******************************************************************************* @@ -286,4 +287,18 @@ public class CrossSiteScripting extends GoatHillsFinancial return "LAB: Cross Site Scripting (XSS)"; } + public String htmlEncode(WebSession s, String text) + { + //System.out.println("Testing for stage 4 completion in lesson " + getCurrentLesson().getName()); + if (getStage(s) == 4 && + text.indexOf("") > -1) + { + s.setMessage( "Welcome to stage 5 -- exploiting the data layer" ); + // Set a phantom stage value to setup for the 4-5 transition + setStage(s, 1005); + } + + return HtmlEncoder.encode(text); + } + } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DefaultLessonAction.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DefaultLessonAction.java index 1fc226e71..19fcf1a74 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DefaultLessonAction.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DefaultLessonAction.java @@ -5,7 +5,6 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; -import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl; import org.owasp.webgoat.session.ParameterNotFoundException; import org.owasp.webgoat.session.UnauthenticatedException; diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java index d04b28994..7286e3d16 100755 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java @@ -9,7 +9,7 @@ import org.apache.ecs.Element; import org.apache.ecs.ElementContainer; import org.apache.ecs.html.A; import org.apache.ecs.html.IMG; -import org.owasp.webgoat.lessons.LessonAdapter; +import org.owasp.webgoat.lessons.SequentialLessonAdapter; import org.owasp.webgoat.session.ParameterNotFoundException; import org.owasp.webgoat.session.UnauthenticatedException; import org.owasp.webgoat.session.UnauthorizedException; @@ -45,7 +45,7 @@ import org.owasp.webgoat.session.WebSession; * * For details, please see http://code.google.com/p/webgoat/ */ -public class GoatHillsFinancial extends LessonAdapter +public class GoatHillsFinancial extends SequentialLessonAdapter { public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0)); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java index 6311c1c5e..74f68d5aa 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java @@ -46,7 +46,7 @@ import org.owasp.webgoat.session.WebSession; * @created September 30, 2006 */ -public class HttpSplitting extends LessonAdapter +public class HttpSplitting extends SequentialLessonAdapter { private final static String LANGUAGE = "language"; diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java index e5c0fdc5c..b87072645 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java @@ -107,90 +107,6 @@ public abstract class LessonAdapter extends AbstractLesson } - protected Element createStagedContent(WebSession s) - { - try - { - int stage = getLessonTracker(s).getStage(); - //int stage = Integer.parseInt( getLessonTracker(s).getLessonProperties().getProperty(WebSession.STAGE,"1")); - - switch (stage) - { - case 1: - return (doStage1(s)); - case 2: - return (doStage2(s)); - case 3: - return (doStage3(s)); - case 4: - return (doStage4(s)); - case 5: - return (doStage5(s)); - case 6: - return (doStage6(s)); - default: - throw new Exception("Invalid stage"); - } - } - catch (Exception e) - { - s.setMessage("Error generating " + this.getClass().getName()); - System.out.println(e); - e.printStackTrace(); - } - - return (new StringElement("")); - } - - - protected Element doStage1(WebSession s) throws Exception - { - ElementContainer ec = new ElementContainer(); - ec.addElement("Stage 1 Stub"); - return ec; - } - - - protected Element doStage2(WebSession s) throws Exception - { - ElementContainer ec = new ElementContainer(); - ec.addElement("Stage 2 Stub"); - return ec; - } - - - protected Element doStage3(WebSession s) throws Exception - { - ElementContainer ec = new ElementContainer(); - ec.addElement("Stage 3 Stub"); - return ec; - } - - - protected Element doStage4(WebSession s) throws Exception - { - ElementContainer ec = new ElementContainer(); - ec.addElement("Stage 4 Stub"); - return ec; - } - - - protected Element doStage5(WebSession s) throws Exception - { - ElementContainer ec = new ElementContainer(); - ec.addElement("Stage 5 Stub"); - return ec; - } - - - protected Element doStage6(WebSession s) throws Exception - { - ElementContainer ec = new ElementContainer(); - ec.addElement("Stage 6 Stub"); - return ec; - } - - /** * Gets the category attribute of the LessonAdapter object. The default category is "General" Only * override this method if you wish to create a new category or if you wish this lesson to reside @@ -382,11 +298,4 @@ public abstract class LessonAdapter extends AbstractLesson return t; } - /* By default returns 1 stage. - * (non-Javadoc) - * @see org.owasp.webgoat.lessons.AbstractLesson#getStageCount() - */ - public int getStageCount() { - return 1; - } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SequentialLessonAdapter.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SequentialLessonAdapter.java new file mode 100755 index 000000000..7b8f7b55a --- /dev/null +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SequentialLessonAdapter.java @@ -0,0 +1,139 @@ +package org.owasp.webgoat.lessons; + +import org.apache.ecs.Element; +import org.apache.ecs.ElementContainer; +import org.apache.ecs.StringElement; +import org.owasp.webgoat.session.LessonTracker; +import org.owasp.webgoat.session.SequentialLessonTracker; +import org.owasp.webgoat.session.WebSession; + +public class SequentialLessonAdapter extends LessonAdapter { + + + public void setStage(WebSession s, int stage) + { + // System.out.println("Changed to stage " + stage); + getLessonTracker(s).setStage(stage); + } + + /* By default returns 1 stage. + * (non-Javadoc) + */ + public int getStageCount() { + return 1; + } + + public int getStage(WebSession s) + { + int stage = getLessonTracker(s).getStage(); + + // System.out.println("In stage " + stage); + return stage; + } + + @Override + public SequentialLessonTracker getLessonTracker(WebSession s) { + return (SequentialLessonTracker) super.getLessonTracker(s); + } + + + @Override + public SequentialLessonTracker getLessonTracker(WebSession s, AbstractLesson lesson) { + return (SequentialLessonTracker) super.getLessonTracker(s, lesson); + } + + + @Override + public SequentialLessonTracker getLessonTracker(WebSession s, String userNameOverride) { + return (SequentialLessonTracker) super.getLessonTracker(s, userNameOverride); + } + + @Override + public LessonTracker createLessonTracker() { + return new SequentialLessonTracker(); + } + + protected Element createStagedContent(WebSession s) + { + try + { + int stage = getLessonTracker(s).getStage(); + //int stage = Integer.parseInt( getLessonTracker(s).getLessonProperties().getProperty(WebSession.STAGE,"1")); + + switch (stage) + { + case 1: + return (doStage1(s)); + case 2: + return (doStage2(s)); + case 3: + return (doStage3(s)); + case 4: + return (doStage4(s)); + case 5: + return (doStage5(s)); + case 6: + return (doStage6(s)); + default: + throw new Exception("Invalid stage"); + } + } + catch (Exception e) + { + s.setMessage("Error generating " + this.getClass().getName()); + System.out.println(e); + e.printStackTrace(); + } + + return (new StringElement("")); + } + + + protected Element doStage1(WebSession s) throws Exception + { + ElementContainer ec = new ElementContainer(); + ec.addElement("Stage 1 Stub"); + return ec; + } + + + protected Element doStage2(WebSession s) throws Exception + { + ElementContainer ec = new ElementContainer(); + ec.addElement("Stage 2 Stub"); + return ec; + } + + + protected Element doStage3(WebSession s) throws Exception + { + ElementContainer ec = new ElementContainer(); + ec.addElement("Stage 3 Stub"); + return ec; + } + + + protected Element doStage4(WebSession s) throws Exception + { + ElementContainer ec = new ElementContainer(); + ec.addElement("Stage 4 Stub"); + return ec; + } + + + protected Element doStage5(WebSession s) throws Exception + { + ElementContainer ec = new ElementContainer(); + ec.addElement("Stage 5 Stub"); + return ec; + } + + + protected Element doStage6(WebSession s) throws Exception + { + ElementContainer ec = new ElementContainer(); + ec.addElement("Stage 6 Stub"); + return ec; + } + +} diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java index 8e3f88cb9..692a32608 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java @@ -61,7 +61,7 @@ import org.owasp.webgoat.session.WebSession; * TODO To change the template for this generated type comment go to * Window - Preferences - Java - Code Style - Code Templates */ -public class SoapRequest extends LessonAdapter +public class SoapRequest extends SequentialLessonAdapter { /* TEST CODE diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java index d03f28a9b..2c4323c61 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java @@ -55,7 +55,7 @@ import org.owasp.webgoat.session.WebSession; * @author Bruce Mayhew WebGoat * @created October 28, 2003 */ -public class SqlNumericInjection extends LessonAdapter +public class SqlNumericInjection extends SequentialLessonAdapter { private final static String STATION_ID = "station"; diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java index 3418d9bd4..e278cfc02 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java @@ -51,7 +51,7 @@ import org.owasp.webgoat.session.WebSession; * @author Bruce Mayhew WebGoat * @created October 28, 2003 */ -public class SqlStringInjection extends LessonAdapter +public class SqlStringInjection extends SequentialLessonAdapter { private final static String ACCT_NAME = "account_name"; diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java index 241e28253..8d3ebe573 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java @@ -42,8 +42,6 @@ public class LessonTracker private boolean completed = false; - private int currentStage = 1; - private int maxHintLevel = 0; private int numVisits = 0; @@ -72,18 +70,6 @@ public class LessonTracker } - public int getStage() - { - return currentStage; - } - - - public void setStage(int stage) - { - currentStage = stage; - } - - /** * Gets the maxHintLevel attribute of the LessonTracker object * @@ -175,15 +161,13 @@ public class LessonTracker * * @param props The new properties value */ - private void setProperties(Properties props, Screen screen) + protected void setProperties(Properties props, Screen screen) { completed = Boolean.valueOf( props.getProperty(screen.getTitle() + ".completed")) .booleanValue(); maxHintLevel = Integer.parseInt(props.getProperty(screen.getTitle() + ".maxHintLevel")); - currentStage = Integer.parseInt(props.getProperty(screen.getTitle() - + ".currentStage")); numVisits = Integer.parseInt(props.getProperty(screen.getTitle() + ".numVisits")); viewedCookies = Boolean.valueOf( @@ -367,8 +351,6 @@ public class LessonTracker //System.out.println( "Storing data to" + fileName ); lessonProperties.setProperty(screen.getTitle() + ".completed", Boolean .toString(completed)); - lessonProperties.setProperty(screen.getTitle() + ".currentStage", - Integer.toString(currentStage)); lessonProperties.setProperty(screen.getTitle() + ".maxHintLevel", Integer.toString(maxHintLevel)); lessonProperties.setProperty(screen.getTitle() + ".numVisits", Integer @@ -417,7 +399,6 @@ public class LessonTracker StringBuffer buff = new StringBuffer(); buff.append("LessonTracker:" + "\n"); buff.append(" - completed:.......... " + completed + "\n"); - buff.append(" - currentStage:....... " + currentStage + "\n"); buff.append(" - maxHintLevel:....... " + maxHintLevel + "\n"); buff.append(" - numVisits:.......... " + numVisits + "\n"); buff.append(" - viewedCookies:...... " + viewedCookies + "\n"); diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/SequentialLessonTracker.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/SequentialLessonTracker.java new file mode 100755 index 000000000..bf0e1102f --- /dev/null +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/SequentialLessonTracker.java @@ -0,0 +1,39 @@ +package org.owasp.webgoat.session; + +import java.util.Properties; + +public class SequentialLessonTracker extends LessonTracker { + + private int currentStage = 1; + + + + public int getStage() + { + return currentStage; + } + + + public void setStage(int stage) + { + currentStage = stage; + } + + protected void setProperties(Properties props, Screen screen) + { + super.setProperties(props, screen); + currentStage = Integer.parseInt(props.getProperty(screen.getTitle() + + ".currentStage")); + } + + public void store(WebSession s, Screen screen, String user) + { + lessonProperties.setProperty(screen.getTitle() + ".currentStage", + Integer.toString(currentStage)); + super.store(s, screen, user); + } + + public String toString() { + return super.toString() + " - currentStage:....... " + currentStage + "\n"; + } +} diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java index 07fabc360..d8740d25f 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java @@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletResponse; import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Category; +import org.owasp.webgoat.lessons.SequentialLessonAdapter; /******************************************************************************* * @@ -907,9 +908,14 @@ public class WebSession } else if (myParser.getRawParameter( STAGE, null ) != null) { - int stage = myParser.getIntParameter(STAGE, getCurrentLesson().getStage(this)); - if (stage > 0 && stage <= getCurrentLesson().getStageCount()) - getCurrentLesson().setStage(this, stage); + AbstractLesson al = getCurrentLesson(); + if (al instanceof SequentialLessonAdapter) + { + SequentialLessonAdapter sla = (SequentialLessonAdapter) al; + int stage = myParser.getIntParameter(STAGE, sla.getStage(this)); + if (stage > 0 && stage <= sla.getStageCount()) + sla.setStage(this, stage); + } } // else update global variables for the current screen else @@ -981,9 +987,14 @@ public class WebSession private void restartLesson(int lessonId) { - System.out.println("Restarting lesson: " + getLesson(lessonId)); - getCurrentLesson().getLessonTracker( this ).setStage(1); - getCurrentLesson().getLessonTracker( this ).setCompleted(false); + AbstractLesson al = getLesson(lessonId); + System.out.println("Restarting lesson: " + al); + al.getLessonTracker( this ).setCompleted(false); + if (al instanceof SequentialLessonAdapter) + { + SequentialLessonAdapter sla = (SequentialLessonAdapter) al; + sla.getLessonTracker( this ).setStage(1); + } } /** @@ -1063,23 +1074,6 @@ public class WebSession return currentMenu; } - public String htmlEncode(String s) - { - //System.out.println("Testing for stage 4 completion in lesson " + getCurrentLesson().getName()); - if (getCurrentLesson().getName().equals("CrossSiteScripting")) - { - if (getCurrentLesson().getStage(this) == 4 && - s.indexOf("") > -1) - { - setMessage( "Welcome to stage 5 -- exploiting the data layer" ); - // Set a phantom stage value to setup for the 4-5 transition - getCurrentLesson().setStage(this, 1005); - } - } - - return ParameterParser.htmlEncode(s); - } - public WebgoatContext getWebgoatContext() { return webgoatContext; } diff --git a/ webgoat/main/project/WebContent/lessons/CrossSiteScripting/ViewProfile.jsp b/ webgoat/main/project/WebContent/lessons/CrossSiteScripting/ViewProfile.jsp index 65861cef7..fbeda49e6 100644 --- a/ webgoat/main/project/WebContent/lessons/CrossSiteScripting/ViewProfile.jsp +++ b/ webgoat/main/project/WebContent/lessons/CrossSiteScripting/ViewProfile.jsp @@ -6,6 +6,7 @@ STAGE 4 FIXES Look for the <-- STAGE 4 - FIX <% WebSession webSession = ((WebSession)session.getAttribute("websession")); Employee employee = (Employee) session.getAttribute("CrossSiteScripting." + CrossSiteScripting.EMPLOYEE_ATTRIBUTE_KEY); + CrossSiteScripting lesson = (CrossSiteScripting) webSession.getCurrentLesson(); // int myUserId = getIntSessionAttribute(webSession, "CrossSiteScripting." + CrossSiteScripting.USER_ID); %>
Welcome Back <%=webSession.getUserNameInLesson()%>
@@ -83,7 +84,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession")); - <%=webSession.htmlEncode(employee.getPersonalDescription())%> + <%=lesson.htmlEncode(webSession, employee.getPersonalDescription())%> Manager: @@ -112,7 +113,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession")); <% - if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.EDITPROFILE_ACTION)) + if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.LISTSTAFF_ACTION)) { %>
@@ -161,9 +162,9 @@ WebSession webSession = ((WebSession)session.getAttribute("websession")); <% - if (webSession.getCurrentLesson().getStage(webSession) == 1005) + if (lesson.getStage(webSession) == 1005) { - webSession.getCurrentLesson().setStage(webSession, 5); + lesson.setStage(webSession, 5); //System.out.println("Reloading ViewProfile.jsp for stage 5 transition"); String thisPage = webSession.getCurrentLink(); //System.out.println("Redirecting to " + thisPage); diff --git a/ webgoat/main/project/WebContent/main.jsp b/ webgoat/main/project/WebContent/main.jsp index b261471e5..92e6cfb25 100644 --- a/ webgoat/main/project/WebContent/main.jsp +++ b/ webgoat/main/project/WebContent/main.jsp @@ -8,6 +8,7 @@ AbstractLesson currentLesson = webSession.getCurrentLesson(); %> +<%@page import="org.owasp.webgoat.lessons.SequentialLessonAdapter"%> @@ -197,18 +198,23 @@ StringBuffer buildList = new StringBuffer(); Close this Window <% - if (webSession.isDebug()&& webSession.getCurrentLesson().getStageCount() > 1) { + AbstractLesson al = webSession.getCurrentLesson(); + if (al instanceof SequentialLessonAdapter) + { + SequentialLessonAdapter sla = (SequentialLessonAdapter) al; + if (webSession.isDebug()&& sla.getStageCount() > 1) { %>
<% } + } %>
<%=webSession.getInstructions()%>
<%=webSession.getMessage()%>