dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
173 Commits 11 Branches 78 Tags
Commit Graph

173 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
rogan.dawes
5f5e2e829a The return type fix got lost. 
I don't know how to get back to the point in the SVN history
to fix this so that the build will actually work. I guess
I'd better just apply it here.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@177 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 13:40:01 +00:00
rogan.dawes
47a7619652 Fixes: Make sure procedures are created in the right scope/user 
Also, create the EMPLOYEE table first, since Oracle checks for it


git-svn-id: http://webgoat.googlecode.com/svn/trunk@176 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:41 +00:00
rogan.dawes
afb5b9e740 SQLPLUS does not process CREATE PROCEDURE lines without a trailing / 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@175 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:33 +00:00
rogan.dawes
7bb2c087a0 Add lesson plans for the DB labs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@174 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:26 +00:00
rogan.dawes
d1fe861a75 Add a DB Cross Site Scripting lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@173 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:13 +00:00
rogan.dawes
73035769aa Add stored procedures for the DB Cross Stie Scripting Lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@172 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:55:32 +00:00
rogan.dawes
bc2faede19 Add a new DBSQLInjection lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@171 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:55:23 +00:00
rogan.dawes
17fe003f2f Add stored procedures for the SQL Injection lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@170 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:54:33 +00:00
rogan.dawes
1bcb2f6539 Add an SQL file to set up the Oracle DB and WebGoat user 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@169 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:54:23 +00:00
rogan.dawes
4665256674 Construct a message automatically when we complete a stage 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@168 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:54:15 +00:00
rogan.dawes
26ed31df68 Only show the stage controls if the lesson is not complete 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@167 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:53:59 +00:00
rogan.dawes
d889f6e535 Reset to the first stage when restarting the lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@166 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:53:51 +00:00
rogan.dawes
7dee412ee1 Fix WebServices lessons to maintain a reference to WebgoatContext 
Since the webservices lessons are also created automatically by
Axis, which obviously does not have a reference to WebgoatContext,
and wouldn't call setWebgoatContext even if it did, we need to ensure
that each lesson created can still get to WebgoatContext.

Do this by maintaining a static reference to WebgoatContext that
all instances of the class can use.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@165 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:53:36 +00:00
rogan.dawes
76f654e820 Make sure that the underlying GoatHillsFinancial lesson remains hidden 
Naturally, we want derived classes to be visible automatically


git-svn-id: http://webgoat.googlecode.com/svn/trunk@164 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:53:18 +00:00
rogan.dawes
dc8914f4e1 Allow for simple restarting of a lesson. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@163 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:53:00 +00:00
rogan.dawes
f9a5a3700b Minor cleanups to address warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@162 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:52:44 +00:00
rogan.dawes
cb794dcb50 Calculate the stage changes correctly 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@161 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:52:23 +00:00
rogan.dawes
851974d7ce Remove strange stage transition code. 
It may be necessary, but I can't figure out what it is supposed to be doing


git-svn-id: http://webgoat.googlecode.com/svn/trunk@160 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:52:07 +00:00
rogan.dawes
402fe9d95c Updated stage descriptions to avoid duplication 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@159 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:51:53 +00:00
rogan.dawes
2bda4a81f3 Migrate the labs to direct/Random access stages 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@158 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:51:29 +00:00
rogan.dawes
f5e56c7081 Extract the stage-related code from LessonTracker into SequentialLessonTracker 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@157 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:50:32 +00:00
rogan.dawes
02560a2510 Move LessonAction and DefaultLessonAction to the GoatHillsFinancial package, since it is only ever used there 
Also update the signature of DefaultLessonAction's constructor to take a GoatHillsFinancial,
rather than an AbstractLesson


git-svn-id: http://webgoat.googlecode.com/svn/trunk@156 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 10:38:55 +00:00
rogan.dawes
6abdcbf640 Migrate other lessons to extending GoatHillsFinancial 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@155 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:57:54 +00:00
rogan.dawes
a71b6af562 Fix thinko. Each LAB nees to use its own local LessonActions when defined 
Each lesson simply overrides registerActions(classname) to do the necessary.
Also delete Actions which already exist in the base class package


git-svn-id: http://webgoat.googlecode.com/svn/trunk@154 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:57:24 +00:00
rogan.dawes
ac43a1c3cb Update solutions to match minor changes to the underlying lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@153 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:57:02 +00:00
rogan.dawes
1153caa7ff Extend GoatHillsFinancial, and remove duplicated inherited methods 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@152 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:56:38 +00:00
rogan.dawes
2c8ad02968 Remove unused method 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@151 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:56:18 +00:00
rogan.dawes
a1d52a73e0 Introduce the GoatHillsFinancial "lesson" 
This "lesson" is to be used as a base for the rest of the
LAB lessons. This should help to reduce the amount of
duplication across the lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@150 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:56:00 +00:00
rogan.dawes
0bdc36b2f6 Remove duplication of isAuthorizedForEmployee 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@149 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:55:10 +00:00
rogan.dawes
a8119f6982 Move Lesson specific checks out of DefaultLessonAction 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@148 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:54:55 +00:00
rogan.dawes
3dc1a04d62 Update the various lessons to specify their stage count 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@147 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:54:35 +00:00
rogan.dawes
3c2e63636c Provide a user-accessible mechanism for skipping stages 
Initially, this is only available when in debug mode
i.e. add &debug=true to the URL or set the flag in web.xml


git-svn-id: http://webgoat.googlecode.com/svn/trunk@146 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:54:12 +00:00
rogan.dawes
51cc4fb0b4 Take a simple approach to add direct stage access. 
Make it a numerical stage indicator. This allows the person to skip a stage
if they choose to, but it will effectively be marked as completed.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@145 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:53:54 +00:00
rogan.dawes
e6fcd4176c Make it possible to return per-stage hints 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@144 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:53:34 +00:00
rogan.dawes
d39975c299 Minor fixes - unused imports and generics 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@143 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:52:09 +00:00
rogan.dawes
661d8bcf62 Various type safety fixes (converting to generics) 
This appears to have fixed a possible bug, so is a good thing


git-svn-id: http://webgoat.googlecode.com/svn/trunk@142 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:51:40 +00:00
rogan.dawes
eaf12c706c Create WebgoatContext in HammerHead, rather than WebSession 
Now webgoatContext should effectively be a singleton, shared across
all WebSession instances. WebSession now initialises from WebgoatContext.

WebSession methods that refer to static "site wide" properties are deeted
and references to them updated to point to WebgoatContext


git-svn-id: http://webgoat.googlecode.com/svn/trunk@141 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:51:26 +00:00
rogan.dawes
53487970f6 Unify DatabaseUtilities.makeConnection() 
Remove the hack to support Web services lessons that do not have a WebSession
Now that they have their own reference to WebgoatContext, they do not need one


git-svn-id: http://webgoat.googlecode.com/svn/trunk@140 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:51:01 +00:00
rogan.dawes
ada66dae10 Pass webgoatContext to AbstractLesson, so all lessons can know their environment 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@139 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:50:36 +00:00
rogan.dawes
1849197784 Move database specific items into WebgoatContext 
Update DatabaseUtilities to use a webgoatContext to create a Connection


git-svn-id: http://webgoat.googlecode.com/svn/trunk@138 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:50:13 +00:00
rogan.dawes
c4d24dff3a Start process of moving shared data to a single place 
Shared fields like the database connection details will be
stored in a new class WebgoatContext.

For the moment, we create this object anew each time, but
we will eventually create it once, and pass it to the
constructor of WebSession, to provide initial values for
each user.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@137 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:57 +00:00
rogan.dawes
c3a5ec5ca8 Eliminate references to insance variable 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@136 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:41 +00:00
rogan.dawes
db2f11578a Replace casting with a suitable generic 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@135 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:28 +00:00
rogan.dawes
4cae9985f6 Fix a NullPointerException in DatabaseUtilities.writeTable 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@134 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:15 +00:00
rogan.dawes
b7bb9e4d17 Remove useless use of "file.separator" in getRealPath() 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@133 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:03 +00:00
rogan.dawes
2748e80d0d Make mySession a method scoped variable, not an instance var 
This should fix a concurrency bug, although it is unlikely to
be exploitable/exploited


git-svn-id: http://webgoat.googlecode.com/svn/trunk@132 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:48:53 +00:00
rogan.dawes
294580983d Remove methods tagged DELETE_ME 
Also remove associated imports which are no longer used


git-svn-id: http://webgoat.googlecode.com/svn/trunk@131 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:48:43 +00:00
rogan.dawes
52f23a20f4 Move maintanance of lesson categories from AbstractLesson into Category class 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@130 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:48:20 +00:00
rogan.dawes
747319aab5 Move definition of standard Categories to Category class 
Also update all the referring classes


git-svn-id: http://webgoat.googlecode.com/svn/trunk@129 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:48:02 +00:00
rogan.dawes
5f67544b24 Add mechanism to close DB connections 
Oracle ends up refusing connections if we don't close them


git-svn-id: http://webgoat.googlecode.com/svn/trunk@128 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:46:17 +00:00