dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Extract the stage-related code from LessonTracker into SequentialLessonTracker

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@157 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes
2007-07-11 12:50:32 +00:00
parent 02560a2510
commit f5e56c7081
18 changed files with 234 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java
View File

@ -164,13 +164,6 @@ public abstract class AbstractLesson extends Screen implements Comparable
*/
public abstract Element getCredits();
/**
* Get the number of stages provided by this lesson
*
* @return the number of stages
*/
public abstract int getStageCount();
/**
* Description of the Method
*
@ -614,23 +607,6 @@ public abstract class AbstractLesson extends Screen implements Comparable
public abstract void setCurrentAction(WebSession s, String lessonScreen);
public void setStage(WebSession s, int stage)
{
// System.out.println("Changed to stage " + stage);
getLessonTracker(s).setStage(stage);
}
public int getStage(WebSession s)
{
int stage = getLessonTracker(s).getStage();
// System.out.println("In stage " + stage);
return stage;
}
/**
* Override this method to implement accesss control in a lesson.
*

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java
View File

@ -52,7 +52,7 @@ import org.owasp.webgoat.session.WebSession;
*
* @author Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies.</a>
*/
public class BackDoors extends LessonAdapter
public class BackDoors extends SequentialLessonAdapter
{
private static Connection connection = null;

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java
View File

@ -47,7 +47,7 @@ import org.owasp.webgoat.session.WebSession;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
public class BasicAuthentication extends LessonAdapter
public class BasicAuthentication extends SequentialLessonAdapter
{
private static final String EMPTY_STRING = "";

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java
View File

@ -69,7 +69,7 @@ import org.owasp.webgoat.util.ExecResults;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
public class Challenge2Screen extends LessonAdapter
public class Challenge2Screen extends SequentialLessonAdapter
{
private static final String USER_COOKIE = "user";

15
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
View File

@ -17,6 +17,7 @@ import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.ValidationException;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.HtmlEncoder;
/**
/*******************************************************************************
@ -286,4 +287,18 @@ public class CrossSiteScripting extends GoatHillsFinancial
return "LAB: Cross Site Scripting (XSS)";
}
public String htmlEncode(WebSession s, String text)
{
//System.out.println("Testing for stage 4 completion in lesson " + getCurrentLesson().getName());
if (getStage(s) == 4 &&
text.indexOf("<script>") > -1 && text.indexOf("alert") > -1 && text.indexOf("</script>") > -1)
{
s.setMessage( "Welcome to stage 5 -- exploiting the data layer" );
// Set a phantom stage value to setup for the 4-5 transition
setStage(s, 1005);
}
return HtmlEncoder.encode(text);
}
}

1
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/DefaultLessonAction.java
View File

@ -5,7 +5,6 @@ import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.UnauthenticatedException;

4
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java
View File

@ -9,7 +9,7 @@ import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.A;
import org.apache.ecs.html.IMG;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
@ -45,7 +45,7 @@ import org.owasp.webgoat.session.WebSession;
*
* For details, please see http://code.google.com/p/webgoat/
*/
public class GoatHillsFinancial extends LessonAdapter
public class GoatHillsFinancial extends SequentialLessonAdapter
{
public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
View File

@ -46,7 +46,7 @@ import org.owasp.webgoat.session.WebSession;
* @created September 30, 2006
*/
public class HttpSplitting extends LessonAdapter
public class HttpSplitting extends SequentialLessonAdapter
{
private final static String LANGUAGE = "language";

91
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java
View File

@ -107,90 +107,6 @@ public abstract class LessonAdapter extends AbstractLesson
}
protected Element createStagedContent(WebSession s)
{
try
{
int stage = getLessonTracker(s).getStage();
//int stage = Integer.parseInt( getLessonTracker(s).getLessonProperties().getProperty(WebSession.STAGE,"1"));
switch (stage)
{
case 1:
return (doStage1(s));
case 2:
return (doStage2(s));
case 3:
return (doStage3(s));
case 4:
return (doStage4(s));
case 5:
return (doStage5(s));
case 6:
return (doStage6(s));
default:
throw new Exception("Invalid stage");
}
}
catch (Exception e)
{
s.setMessage("Error generating " + this.getClass().getName());
System.out.println(e);
e.printStackTrace();
}
return (new StringElement(""));
}
protected Element doStage1(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement("Stage 1 Stub");
return ec;
}
protected Element doStage2(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement("Stage 2 Stub");
return ec;
}
protected Element doStage3(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement("Stage 3 Stub");
return ec;
}
protected Element doStage4(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement("Stage 4 Stub");
return ec;
}
protected Element doStage5(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement("Stage 5 Stub");
return ec;
}
protected Element doStage6(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement("Stage 6 Stub");
return ec;
}
/**
* Gets the category attribute of the LessonAdapter object. The default category is "General" Only
* override this method if you wish to create a new category or if you wish this lesson to reside
@ -382,11 +298,4 @@ public abstract class LessonAdapter extends AbstractLesson
return t;
}
/* By default returns 1 stage.
* (non-Javadoc)
* @see org.owasp.webgoat.lessons.AbstractLesson#getStageCount()
*/
public int getStageCount() {
return 1;
}
}

139
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SequentialLessonAdapter.java Executable file
View File

@ -0,0 +1,139 @@
package org.owasp.webgoat.lessons;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.owasp.webgoat.session.LessonTracker;
import org.owasp.webgoat.session.SequentialLessonTracker;
import org.owasp.webgoat.session.WebSession;
public class SequentialLessonAdapter extends LessonAdapter {
public void setStage(WebSession s, int stage)
{
// System.out.println("Changed to stage " + stage);
getLessonTracker(s).setStage(stage);
}
/* By default returns 1 stage.
* (non-Javadoc)
*/
public int getStageCount() {
return 1;
}
public int getStage(WebSession s)
{
int stage = getLessonTracker(s).getStage();
// System.out.println("In stage " + stage);
return stage;
}
@Override
public SequentialLessonTracker getLessonTracker(WebSession s) {
return (SequentialLessonTracker) super.getLessonTracker(s);
}
@Override
public SequentialLessonTracker getLessonTracker(WebSession s, AbstractLesson lesson) {
return (SequentialLessonTracker) super.getLessonTracker(s, lesson);
}
@Override
public SequentialLessonTracker getLessonTracker(WebSession s, String userNameOverride) {
return (SequentialLessonTracker) super.getLessonTracker(s, userNameOverride);
}
@Override
public LessonTracker createLessonTracker() {
return new SequentialLessonTracker();
}
protected Element createStagedContent(WebSession s)
{
try
{
int stage = getLessonTracker(s).getStage();
//int stage = Integer.parseInt( getLessonTracker(s).getLessonProperties().getProperty(WebSession.STAGE,"1"));
switch (stage)
{
case 1:
return (doStage1(s));
case 2:
return (doStage2(s));
case 3:
return (doStage3(s));
case 4:
return (doStage4(s));
case 5:
return (doStage5(s));
case 6:
return (doStage6(s));
default:
throw new Exception("Invalid stage");
}
}
catch (Exception e)
{
s.setMessage("Error generating " + this.getClass().getName());
System.out.println(e);
e.printStackTrace();
}
return (new StringElement(""));
}
protected Element doStage1(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement("Stage 1 Stub");
return ec;
}
protected Element doStage2(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement("Stage 2 Stub");
return ec;
}
protected Element doStage3(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement("Stage 3 Stub");
return ec;
}
protected Element doStage4(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement("Stage 4 Stub");
return ec;
}
protected Element doStage5(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement("Stage 5 Stub");
return ec;
}
protected Element doStage6(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement("Stage 6 Stub");
return ec;
}
}

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java
View File

@ -61,7 +61,7 @@ import org.owasp.webgoat.session.WebSession;
* TODO To change the template for this generated type comment go to
* Window - Preferences - Java - Code Style - Code Templates
*/
public class SoapRequest extends LessonAdapter
public class SoapRequest extends SequentialLessonAdapter
{
/* TEST CODE

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
View File

@ -55,7 +55,7 @@ import org.owasp.webgoat.session.WebSession;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
public class SqlNumericInjection extends LessonAdapter
public class SqlNumericInjection extends SequentialLessonAdapter
{
private final static String STATION_ID = "station";

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
View File

@ -51,7 +51,7 @@ import org.owasp.webgoat.session.WebSession;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
public class SqlStringInjection extends LessonAdapter
public class SqlStringInjection extends SequentialLessonAdapter
{
private final static String ACCT_NAME = "account_name";