dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,518 Commits 11 Branches 78 Tags
Commit Graph

196 Commits

Author SHA1 Message Date
unknown
38f1d52bf3 Corrected typos and poor grammar found in the SQL Injection lessons. 2021-04-16 13:29:01 +02:00
Nanne Baars
e49f5d610f #961: Give each user its own schema for the lessons 
This way we can reset a lesson using the database for each user and not for all users at once.
Also solves the issue that when someone solves the lesson it is solved for all users on the same WebGoat instance
 2021-04-16 13:28:07 +02:00
unknown
82198424df Corrected typos and poor grammar found in the SQL Injection lessons. 2021-04-02 21:31:11 +02:00
Nanne Baars
ba2cb7d14f #974: Update the lesson text 2021-04-02 07:31:19 +02:00
Nanne Baars
de453fad84 Fix issue with labels in SQL lessons 2021-04-01 17:48:32 +02:00
Nanne Baars
59c96f9890 Fix lesson it no marks it as solved if the user uses a different username 2021-03-31 19:32:47 +02:00
Nanne Baars
f7d3fd586e Remove the span added to the feedback 2021-03-31 19:32:47 +02:00
Nanne Baars
798afc756b Remove as it matches the normal success message 2021-03-31 19:32:47 +02:00
Nanne Baars
14621003d7 Remove banner.txt as you can set it with a property in application.properties 2021-03-31 19:31:13 +02:00
Nanne Baars
cda852f4e8 Run unit tests again for all lessons and rewrite all to JUnit 5 
Due to the migration to Spring Boot 2.4 the Vintage dependency was no longer included by default, resulting in skipping all unit tests.
 2021-03-31 19:31:13 +02:00
Nanne Baars
ae6d448aa0 Replace ${revision} with real version as Maven 
The CI pipeline should take care of this.
 2021-03-31 19:31:13 +02:00
webgoat-github
b8bdb8f432 Updating to the new development version 2021-03-30 14:05:26 +00:00
Àngel Ollé Blázquez
e114360a5f Fix SQL Injection 2021-03-29 08:28:36 +02:00
Nanne Baars
d4da2d0efa Convert lesson into using DB instead of using regular expression to check the solution 2021-03-15 17:48:13 +01:00
Nanne Baars
f2ab5c1968 Update JWT lesson 2021-03-15 17:48:13 +01:00
NatasG
00c4be63f0
Fix sql injection line comments issue. (#925) 2021-01-19 10:47:04 +01:00
Kelly Marchewa
2e581d6bdb
docs: update SQLi lesson text (#928) 
- corrected typos/grammar issues
  - restructured sentences for clarity
 2021-01-19 10:29:16 +01:00
Gabriel M. Schuyler
b1495a8cd5
Fix typo (#909) 2020-12-03 14:23:23 +01:00
René Zubcevic
574039902d changed version to snapshot version and introduced revision parameter 
for it
 2020-11-27 12:15:19 +01:00
Eskil Andréen
74cca6d185
Add missing trailing double quote in sql query (#897) 2020-11-19 07:45:07 +01:00
Nanne Baars
7b8523dcab #839: fix the SQL statement as this one does not express that the orderBy clause input is user input 2020-11-04 20:35:05 +01:00
Nanne Baars
641d75e734 Link to the original lesson for the goal 2020-10-20 22:09:49 +02:00
René Zubcevic
317573c897
Small fixes june 2020 (#857) 
* issue 849

* another integration test for a challenge

* fixing issue 848

* updated link for issue 833

* fix for 847
 2020-07-08 19:26:09 +02:00
Nanne Baars
39740e069e New release 2020-05-22 14:10:31 +02:00
Nanne Baars
1aad57ba55 Fix the syntax differences between HSQL and Postgres 2020-04-27 11:45:41 +02:00
Nanne Baars
54610868fe Fix the syntax differences between HSQL and Postgres 2020-04-27 11:45:41 +02:00
Satoshi SAKAO
d7ae3a4391 fix typo 2020-04-27 10:44:39 +02:00
Satoshi SAKAO
608728b135 fix asciidoc italic format 2020-04-27 10:44:39 +02:00
René Zubcevic
88eb4d7b26 ace editor added without all the nonsense around it 2020-04-26 16:45:56 +02:00
René Zubcevic
6f532683a1 lessonplan character updates so it also works on Windows Cp125 2020-04-20 12:54:18 +02:00
Nanne Baars
96412da04e Remove unused imports and parameters 2020-04-19 15:42:50 +02:00
Nanne Baars
3b7481c2a7 Update method signature 2020-04-19 15:42:50 +02:00
Nanne Baars
407e19638f Add two more assignments for SQL injection where only filtering is applied. 2020-04-19 15:42:50 +02:00
Nanne Baars
6c25cf8e43 Add path traversal lesson 2020-03-10 08:03:48 +01:00
René Zubcevic
4e371b63d0
suppressing some useless log messages and banners in unit tests (#752) 
* suppressing some useless log messages and banners in unit tests

* some more log suppressed
 2020-01-25 12:11:45 +01:00
Nanne Baars
5dd6b31905 Adjust lesson template (#704) 
* Remove method `getId()` from all lessons as it defaults to the class name

* remove clean up endpoint

* remove unused class `RequestParameter`

* remove unused class `PluginLoadingFailure`

* Move `CourseConfiguration` to lesson package

* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat

* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`

* Put original solution back as well for SQL string injection

* review comments

* Add
 2019-11-17 13:39:56 +01:00
Nanne Baars
f40b6ffd31 Moving back to snapshot 2019-11-13 12:27:26 +01:00
Nanne Baars
fe2ac1b8d4 New release, updating pom.xml 2019-11-12 09:22:45 +01:00
Nanne Baars
e07a2aff48 Fix mistake the SQL exception should be throws otherwise users cannot see the table name (servers) makes it impossible to 
solve the assignment. Add explicit test for this to guard against future mistakes
 2019-11-11 21:17:51 +01:00
Nanne Baars
7d48427d4f Integrate ZAP 2.8.0 (no HUB) as the setup is different also update the filtering as usual ZAP exclusion is again broken 2019-11-11 21:17:51 +01:00
Cotonne
8da4342430 Improve readability of query (#685) 
thanks! and do not forget to clean your .webgoat... local db related files
 2019-11-04 13:28:35 +01:00
Nanne Baars
1a83e2825e Code style (#696) 
* Remove Guava dependency from WebGoat

* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting
 2019-11-03 18:11:09 +01:00
Nanne Baars
25dae3a4a8 Fix merge request 2019-10-30 08:28:14 +01:00
Nanne Baars
e783c0c1f1 SQL: Cannot use apostrophe/quotes on string literals #662 2019-10-30 08:28:14 +01:00
Nanne Baars
96d11697d4 SQL Injection lesson 6 minor mistakes in examples #663 2019-10-30 08:28:14 +01:00
Nanne Baars
a0933d83d5 Reworked all the SQL statements to be uppercase 2019-10-30 08:28:14 +01:00
René Zubcevic
e0ac4a1083
lessons in correct order and scoreboard visible again (#680) 2019-10-10 09:45:43 +02:00
Choe Hyeong Jin
b481ed70e8 Fix typo in SQL Injection(Introduction) (#675) 
Fix typo `date` to `data` which seems more appropriate in context.
 2019-10-03 10:01:35 +02:00
Nanne Baars
dad9c75ee0 Fix tests after updating from develop, changes applied for migrating to Spring Boot 2 2019-09-23 17:35:04 +02:00
Nanne Baars
35c1305ce9 Merge conflicts resolved 2019-09-23 07:34:27 +02:00