dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,240 Commits 11 Branches 78 Tags
181549468124bc45cf3bda78409a7390cc6ffe69
Commit Graph

129 Commits

Author SHA1 Message Date
Nanne Baars
1815494681 Injection Flaws -> Limit Command Injection success to a set of commands and clarify this to the user #179 
- Defuse command boolean flag is no longer necessary due to a change in the lesson, removed this flag from the webgoat-container project
 2016-03-19 12:40:28 +01:00
Nanne Baars
7a7fb088ad #173 Added the URL for WebGoat to the console output 2016-03-18 14:38:49 +01:00
Nanne Baars
bc6b040f42 Injection Flaws | XPath Injection date file path issue #184 
- Enabled the lesson again because lesson has been fixed
 2016-03-18 13:39:18 +01:00
Nanne Baars
50c4d9c170 Removed duplicate entry 2016-03-18 13:17:10 +01:00
Nanne
5d393d1d65 Merge pull request #207 from span/weak-auth-cookie-enable 
Enable weak authentication cookie lesson
 2016-02-25 22:07:46 +01:00
Nanne
f5a5335e31 Merge pull request #205 from muzir/develop 
-- Remove raw type usage, add type check parameter.
 2016-02-25 22:06:24 +01:00
Daniel Kvist
a9a7c18592 Enable weak authentication cookie lesson if webgoat/webgoat#181 is not reproducible 2016-02-24 15:23:03 +01:00
muzir
25f08ea9b4 -- Remove raw type usage, add type check parameter. 
-- Remove unused variable and unused imports.
 2016-02-23 15:15:47 +02:00
Jason White
575c940655 #180, clean up 2016-02-18 21:26:32 -05:00
Jason White
7c65441c8e #180, better management of show* buttons 2016-02-18 19:44:12 -05:00
Ruslan Boyarsky
daa05dd192 Seems locale should not depend of request's Accept-Language header. 
Signed-off-by: Nanne Baars <nbaars@xebia.com>
 2016-02-12 23:42:21 +01:00
mayhew64
dbb75980c9 Merge pull request #197 from span/htmlencoder 
Fixes #195 by adding static initialisation of the maps
 2016-02-12 13:02:41 -05:00
Daniel Kvist
77c4a04d3d Fixes #195 by adding static initialisation of the maps rather then using the constructor 2016-02-04 23:27:31 +01:00
Daniel Kvist
59549e3b21 Add stage parameter in the session to keep track of current stage so that we do not reset the stage and recreate the database in the middle of a lesson. To do this a small refactor of WebSession was made which simply extracts some methods from the previously large update method. Ref #176. 2016-02-04 23:21:12 +01:00
Doug Morato
724c084abf Updading develop branch pom versions to 7.1-SNAPSHOT 2016-02-01 18:30:53 -05:00
Doug Morato
f825bead8b The OWASP WebGoat 7.0.1 Release 2016-02-01 18:09:48 -05:00
Daniel Kvist
370c34b7da Disable cross-site scripting lab 2016-02-01 21:47:28 +01:00
Doug Morato
35e9b36b00 [maven-release-plugin] prepare for next development iteration 2016-02-01 13:57:19 -05:00
Doug Morato
dcf1995fe8 [maven-release-plugin] prepare release 7.0 2016-02-01 13:57:16 -05:00
Doug Morato
6320c2d22d Fixining all the javadoc issues preventing the release 
In order to perfom a Sonatype OSS release, all the javadocs must pe corretly and completely parsed in order to pass the release requirement.
This comment is only adding "comments' pertaining to javadoc. NO CODE HAS BEEN CHANGED

Signed-off-by: Doug Morato <dm@corp.io>
 2016-01-31 23:14:50 -05:00
mayhew64
416fda799b issue #147 disabling broken lessons 2016-01-30 13:45:26 -05:00
Jason White
76fa797857 #167 removing refrences to github.io in code 2016-01-18 06:42:05 -05:00
Jason White
07f0cea0a0 #165 cleaning up interim code 2016-01-14 09:03:43 -05:00
Jason White
b3541231bc #165 provide default and ability to override in lesson 2016-01-14 09:01:47 -05:00
Nanne Baars
e1be080eea Forced browsing lesson does not show success #143 2016-01-06 18:47:59 +02:00
Nanne Baars
23a1f9e38e Removed obsolete classes 2015-12-08 22:58:33 +01:00
Nanne Baars
5dfd1c44e9 Moving lesson utilities to common project instead of AbstractLesson 2015-12-03 22:52:11 +01:00
Jason White
539985c59e #45 finally won't see two 'Stored XSS lessons hightlighted 2015-12-02 15:08:32 -05:00
Jason White
0628a27b34 clean up 2015-12-02 15:06:10 -05:00
Jason White
d4af09c72a #133 hiding hint on change of lesson/loesson load 2015-12-02 14:05:22 -05:00
mayhew64
023966fbb1 changed back to compile phase, package phase breaks the war-exec.jar construction 2015-11-30 08:51:53 -05:00
mayhew64
511ed91130 Merge pull request #147 from ilatypov/master 
Tidy up CSRF lessons.
 2015-11-24 19:44:24 -05:00
slav pilus
4c538ee398 #66 Fixing jar plugin lifecycle issue 2015-11-12 20:49:51 +00:00
Ilguiz Latypov
ea1d852cda Convert the message number parameter into the MVC route part. Correct the result of the restart lesson button. 2015-11-07 05:43:40 -05:00
Ilguiz Latypov
de71f2700e Let user-composed (CSRF) attacks send one-request actions, as opposed to the address bar MVC links requesting lessons. The lesson display servlets have javascript that requests data and actions. 2015-11-07 05:43:31 -05:00
Doug Morato
ba20f8d14b Fix javax.mail dependecy and update versions 
Signed-off-by: Doug Morato <dm@corp.io>
 2015-10-27 22:15:14 -04:00
Doug Morato
4a43a5572e Unregister JDBC drivers, Fixes #134 
Upon calling the maven tomcat7:shutdown goal, a severe error message was thrown because of not unloading the JDBC drivers.

Signed-off-by: Doug Morato <dm@corp.io>
 2015-10-26 18:23:27 -04:00
Nanne Baars
789a57e792 SEVERE: The web application [/WebGoat] appears to have started a thread named [pool-7-thread-5] but has failed to stop it. This is very likely to create a memory leak #124 2015-10-26 21:38:30 +01:00
Doug Morato
44d944bceb Merge pull request #129 from dougmorato/master 
Maven-tomcat plugin fix and correct typo on JS file
 2015-10-26 10:09:16 -04:00
Nanne Baars
94ae466dbd Cannot serialize session attribute #123 2015-10-26 07:52:26 +01:00
Doug Morato
345e3cc7cb Fix typo on JS file 
Signed-off-by: Doug Morato <dm@corp.io>
 2015-10-25 22:53:56 -04:00
Doug Morato
441543100f Revert tomcat7 maven plugin to 2.1 
Knonw bug on version 2.2 of the tomcat7-maven-plugin on extracting the temp directories for exec jar

Info: https://issues.apache.org/jira/browse/MTOMCAT-211
https://fisheye6.atlassian.com/changelog/tomcat?cs=1539956
https://fisheye6.atlassian.com/changelog/tomcat?cs=1539209
Signed-off-by: Doug Morato <dm@corp.io>
 2015-10-25 22:51:28 -04:00
Doug Morato
8bffb76e5b Merge pull request #127 from misfir3/master 
items ommited from menu spinner and some more clean up
 2015-10-25 22:28:17 -04:00
Doug Morato
7e2d36ee48 Coveralls should be on Parent Pom 
moving the coverall plugin to the parent pom level

Signed-off-by: Doug Morato <dm@corp.io>
 2015-10-24 20:26:17 -04:00
Doug Morato
cffb515851 Adding Coveralls support 
Coveralls.IO is free service to report on Code Coverage for Open-Source projects. Enabling the reporting using the maven cobertura plugin

Signed-off-by: Doug Morato <dm@corp.io>
 2015-10-24 19:40:39 -04:00
Jason White
ab29afec3c code cleanup 2015-10-24 13:15:14 -05:00
Jason White
fc2360b49b #41 ... one more 2015-10-24 13:12:44 -05:00
Jason White
e3df816fb9 #41 omitted on earlier commit 2015-10-24 13:10:43 -05:00
Jason White
45db051f30 removing redundant line, adding hasPlan to special challenge case handling 2015-10-24 11:45:49 -05:00
Jason White
d52dfe87c4 Merge remote-tracking branch 'upstream/master' 2015-10-24 09:12:02 -05:00