dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
200 Commits 11 Branches 78 Tags
Commit Graph

200 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
rogan.dawes
add34a24dc Make the test for the Auth header name case-insensitive 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@204 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:55:18 +00:00
rogan.dawes
043c0e5926 Remove Microsoft quotes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@203 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:58 +00:00
rogan.dawes
fb76b4916f Unify web.xml files. Also update the webgoat contact email address 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@202 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:42 +00:00
rogan.dawes
f9b5f8eddf Show completion of individual lesson stages 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@201 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:31 +00:00
rogan.dawes
a2f99be11a Remove unnecessary setMessage() calls 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@200 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:37:24 +00:00
rogan.dawes
f831487fa2 Add descriptions to the stages 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@199 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:36:42 +00:00
rogan.dawes
002dbbf53c Point the windows config file to use the HSQLDB database 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@198 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:36:11 +00:00
rogan.dawes
5fd4b44303 Fix line endings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@197 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:36:02 +00:00
rogan.dawes
c65faceb1a A recent change to AbstractLesson.getLink() broke visit tracking 
Fix the lesson tracking to be more specific.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@196 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:35:42 +00:00
rogan.dawes
c1ddbd078f Correctly specify an in-memory database 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@195 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:35:31 +00:00
rogan.dawes
ee8e9d91bb Mark SequentialLessonAdapter as abstract to prevent instantiation 
Otherwise it shows up as an "Untitled Lesson"


git-svn-id: http://webgoat.googlecode.com/svn/trunk@194 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:35:22 +00:00
rogan.dawes
0c2e04c655 Remove unused import 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@193 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:35:06 +00:00
rogan.dawes
7af27f7d1b Make per-user in-memory databases actually work 
Previously we would just get a connection to the same database, regardless
of the user specified in the connect string. Trying to create
HSQLDB users did not seem to work. Non-ADMIN users don't have
CREATE TABLE privileges, it seems, and I couldn't find docs that
describe how to GRANT CREATE TABLE privileges. Go figure.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@192 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:34:53 +00:00
rogan.dawes
cf047786f3 An INSERT statement cannot be executed as a query 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@191 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:34:31 +00:00
rogan.dawes
d04371884b Allow WebGoat to create per-user databases 
This creates the infrastructure to allow WebGoat to create per-user
databases, so that any modifications made by one user do not affect
other users. Some lessons may have made provision for this internally
(e.g. CrossSiteScripting lesson), but this simplifies things generally.

This also switches the default database from Access on windows, and
Enhydra on Unix/other platforms to using HSQLDB, in an "in-memory"
configuration. We may get performance problems from having too many
instances of the database in memory at once at sites that have 10's
of users banging on a central WebGoat. Only time will tell.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@190 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:34:14 +00:00
rogan.dawes
9d19fa2433 Remove unused code to clean up warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@189 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:33:14 +00:00
rogan.dawes
9e352396d3 Remove warnings by generic'ising users of Collections classes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@188 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:32:59 +00:00
rogan.dawes
e41a5ca395 Removed unused code that was generating warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@187 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:32:31 +00:00
rogan.dawes
4a70fdac26 Add automatically generated serialVersionUID to silence warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@186 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:32:08 +00:00
rogan.dawes
d709ff9506 Fix warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@185 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:31:42 +00:00
rogan.dawes
9ea97126b8 Use AbstractLesson.getLink() and getFormAction() more 
Rather than constructing URL's manually all the time, rather
make use of existing mechanisms to create the URL, and use
it consistently.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@184 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:31:11 +00:00
rogan.dawes
e27aaccb45 Make multi-stage lessons show the individual stages in the menu 
While we are about it, make AbstractLesson.getLink() include
the category (i.e. menu), so that the menu selection script
will still work.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@183 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:29:53 +00:00
rogan.dawes
77ab0c5406 Update stage completion message 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@182 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:29:33 +00:00
rogan.dawes
84f3b5033d Minor changes to the challenge screen 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@181 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:29:15 +00:00
rogan.dawes
184eaae260 Update the messages issued when a stage is completed. 
We provide an automatic message on completion, which is easy to override.
Simply call setMessage() AFTER calling setStageComplete().


git-svn-id: http://webgoat.googlecode.com/svn/trunk@180 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:29:07 +00:00
rogan.dawes
ab0423cb78 Update the stage descriptions and instructions 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@179 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:28:24 +00:00
rogan.dawes
ad7f4aec68 Re-add Aspect credits for various lessons 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@178 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:28:02 +00:00
rogan.dawes
5f5e2e829a The return type fix got lost. 
I don't know how to get back to the point in the SVN history
to fix this so that the build will actually work. I guess
I'd better just apply it here.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@177 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 13:40:01 +00:00
rogan.dawes
47a7619652 Fixes: Make sure procedures are created in the right scope/user 
Also, create the EMPLOYEE table first, since Oracle checks for it


git-svn-id: http://webgoat.googlecode.com/svn/trunk@176 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:41 +00:00
rogan.dawes
afb5b9e740 SQLPLUS does not process CREATE PROCEDURE lines without a trailing / 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@175 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:33 +00:00
rogan.dawes
7bb2c087a0 Add lesson plans for the DB labs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@174 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:26 +00:00
rogan.dawes
d1fe861a75 Add a DB Cross Site Scripting lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@173 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:56:13 +00:00
rogan.dawes
73035769aa Add stored procedures for the DB Cross Stie Scripting Lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@172 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:55:32 +00:00
rogan.dawes
bc2faede19 Add a new DBSQLInjection lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@171 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:55:23 +00:00
rogan.dawes
17fe003f2f Add stored procedures for the SQL Injection lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@170 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:54:33 +00:00
rogan.dawes
1bcb2f6539 Add an SQL file to set up the Oracle DB and WebGoat user 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@169 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:54:23 +00:00
rogan.dawes
4665256674 Construct a message automatically when we complete a stage 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@168 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:54:15 +00:00
rogan.dawes
26ed31df68 Only show the stage controls if the lesson is not complete 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@167 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:53:59 +00:00
rogan.dawes
d889f6e535 Reset to the first stage when restarting the lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@166 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:53:51 +00:00
rogan.dawes
7dee412ee1 Fix WebServices lessons to maintain a reference to WebgoatContext 
Since the webservices lessons are also created automatically by
Axis, which obviously does not have a reference to WebgoatContext,
and wouldn't call setWebgoatContext even if it did, we need to ensure
that each lesson created can still get to WebgoatContext.

Do this by maintaining a static reference to WebgoatContext that
all instances of the class can use.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@165 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:53:36 +00:00
rogan.dawes
76f654e820 Make sure that the underlying GoatHillsFinancial lesson remains hidden 
Naturally, we want derived classes to be visible automatically


git-svn-id: http://webgoat.googlecode.com/svn/trunk@164 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:53:18 +00:00
rogan.dawes
dc8914f4e1 Allow for simple restarting of a lesson. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@163 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:53:00 +00:00
rogan.dawes
f9a5a3700b Minor cleanups to address warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@162 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:52:44 +00:00
rogan.dawes
cb794dcb50 Calculate the stage changes correctly 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@161 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:52:23 +00:00
rogan.dawes
851974d7ce Remove strange stage transition code. 
It may be necessary, but I can't figure out what it is supposed to be doing


git-svn-id: http://webgoat.googlecode.com/svn/trunk@160 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:52:07 +00:00
rogan.dawes
402fe9d95c Updated stage descriptions to avoid duplication 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@159 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:51:53 +00:00
rogan.dawes
2bda4a81f3 Migrate the labs to direct/Random access stages 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@158 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:51:29 +00:00
rogan.dawes
f5e56c7081 Extract the stage-related code from LessonTracker into SequentialLessonTracker 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@157 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:50:32 +00:00
rogan.dawes
02560a2510 Move LessonAction and DefaultLessonAction to the GoatHillsFinancial package, since it is only ever used there 
Also update the signature of DefaultLessonAction's constructor to take a GoatHillsFinancial,
rather than an AbstractLesson


git-svn-id: http://webgoat.googlecode.com/svn/trunk@156 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 10:38:55 +00:00
rogan.dawes
6abdcbf640 Migrate other lessons to extending GoatHillsFinancial 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@155 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:57:54 +00:00