Commit Graph

154 Commits

Author SHA1 Message Date
dc8914f4e1 Allow for simple restarting of a lesson.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@163 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-11 12:53:00 +00:00
f9a5a3700b Minor cleanups to address warnings
git-svn-id: http://webgoat.googlecode.com/svn/trunk@162 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-11 12:52:44 +00:00
cb794dcb50 Calculate the stage changes correctly
git-svn-id: http://webgoat.googlecode.com/svn/trunk@161 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-11 12:52:23 +00:00
851974d7ce Remove strange stage transition code.
It may be necessary, but I can't figure out what it is supposed to be doing


git-svn-id: http://webgoat.googlecode.com/svn/trunk@160 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-11 12:52:07 +00:00
402fe9d95c Updated stage descriptions to avoid duplication
git-svn-id: http://webgoat.googlecode.com/svn/trunk@159 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-11 12:51:53 +00:00
2bda4a81f3 Migrate the labs to direct/Random access stages
git-svn-id: http://webgoat.googlecode.com/svn/trunk@158 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-11 12:51:29 +00:00
f5e56c7081 Extract the stage-related code from LessonTracker into SequentialLessonTracker
git-svn-id: http://webgoat.googlecode.com/svn/trunk@157 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-11 12:50:32 +00:00
02560a2510 Move LessonAction and DefaultLessonAction to the GoatHillsFinancial package, since it is only ever used there
Also update the signature of DefaultLessonAction's constructor to take a GoatHillsFinancial,
rather than an AbstractLesson


git-svn-id: http://webgoat.googlecode.com/svn/trunk@156 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-11 10:38:55 +00:00
6abdcbf640 Migrate other lessons to extending GoatHillsFinancial
git-svn-id: http://webgoat.googlecode.com/svn/trunk@155 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:57:54 +00:00
a71b6af562 Fix thinko. Each LAB nees to use its own local LessonActions when defined
Each lesson simply overrides registerActions(classname) to do the necessary.
Also delete Actions which already exist in the base class package


git-svn-id: http://webgoat.googlecode.com/svn/trunk@154 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:57:24 +00:00
ac43a1c3cb Update solutions to match minor changes to the underlying lesson
git-svn-id: http://webgoat.googlecode.com/svn/trunk@153 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:57:02 +00:00
1153caa7ff Extend GoatHillsFinancial, and remove duplicated inherited methods
git-svn-id: http://webgoat.googlecode.com/svn/trunk@152 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:56:38 +00:00
2c8ad02968 Remove unused method
git-svn-id: http://webgoat.googlecode.com/svn/trunk@151 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:56:18 +00:00
a1d52a73e0 Introduce the GoatHillsFinancial "lesson"
This "lesson" is to be used as a base for the rest of the
LAB lessons. This should help to reduce the amount of
duplication across the lessons.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@150 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:56:00 +00:00
0bdc36b2f6 Remove duplication of isAuthorizedForEmployee
git-svn-id: http://webgoat.googlecode.com/svn/trunk@149 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:55:10 +00:00
a8119f6982 Move Lesson specific checks out of DefaultLessonAction
git-svn-id: http://webgoat.googlecode.com/svn/trunk@148 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:54:55 +00:00
3dc1a04d62 Update the various lessons to specify their stage count
git-svn-id: http://webgoat.googlecode.com/svn/trunk@147 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:54:35 +00:00
3c2e63636c Provide a user-accessible mechanism for skipping stages
Initially, this is only available when in debug mode
i.e. add &debug=true to the URL or set the flag in web.xml


git-svn-id: http://webgoat.googlecode.com/svn/trunk@146 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:54:12 +00:00
51cc4fb0b4 Take a simple approach to add direct stage access.
Make it a numerical stage indicator. This allows the person to skip a stage
if they choose to, but it will effectively be marked as completed.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@145 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:53:54 +00:00
e6fcd4176c Make it possible to return per-stage hints
git-svn-id: http://webgoat.googlecode.com/svn/trunk@144 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:53:34 +00:00
d39975c299 Minor fixes - unused imports and generics
git-svn-id: http://webgoat.googlecode.com/svn/trunk@143 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:52:09 +00:00
661d8bcf62 Various type safety fixes (converting to generics)
This appears to have fixed a possible bug, so is a good thing


git-svn-id: http://webgoat.googlecode.com/svn/trunk@142 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:51:40 +00:00
eaf12c706c Create WebgoatContext in HammerHead, rather than WebSession
Now webgoatContext should effectively be a singleton, shared across
all WebSession instances. WebSession now initialises from WebgoatContext.

WebSession methods that refer to static "site wide" properties are deeted
and references to them updated to point to WebgoatContext


git-svn-id: http://webgoat.googlecode.com/svn/trunk@141 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:51:26 +00:00
53487970f6 Unify DatabaseUtilities.makeConnection()
Remove the hack to support Web services lessons that do not have a WebSession
Now that they have their own reference to WebgoatContext, they do not need one


git-svn-id: http://webgoat.googlecode.com/svn/trunk@140 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:51:01 +00:00
ada66dae10 Pass webgoatContext to AbstractLesson, so all lessons can know their environment
git-svn-id: http://webgoat.googlecode.com/svn/trunk@139 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:50:36 +00:00
1849197784 Move database specific items into WebgoatContext
Update DatabaseUtilities to use a webgoatContext to create a Connection


git-svn-id: http://webgoat.googlecode.com/svn/trunk@138 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:50:13 +00:00
c4d24dff3a Start process of moving shared data to a single place
Shared fields like the database connection details will be
stored in a new class WebgoatContext.

For the moment, we create this object anew each time, but
we will eventually create it once, and pass it to the
constructor of WebSession, to provide initial values for
each user.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@137 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:49:57 +00:00
c3a5ec5ca8 Eliminate references to insance variable
git-svn-id: http://webgoat.googlecode.com/svn/trunk@136 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:49:41 +00:00
db2f11578a Replace casting with a suitable generic
git-svn-id: http://webgoat.googlecode.com/svn/trunk@135 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:49:28 +00:00
4cae9985f6 Fix a NullPointerException in DatabaseUtilities.writeTable
git-svn-id: http://webgoat.googlecode.com/svn/trunk@134 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:49:15 +00:00
b7bb9e4d17 Remove useless use of "file.separator" in getRealPath()
git-svn-id: http://webgoat.googlecode.com/svn/trunk@133 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:49:03 +00:00
2748e80d0d Make mySession a method scoped variable, not an instance var
This should fix a concurrency bug, although it is unlikely to
be exploitable/exploited


git-svn-id: http://webgoat.googlecode.com/svn/trunk@132 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:48:53 +00:00
294580983d Remove methods tagged DELETE_ME
Also remove associated imports which are no longer used


git-svn-id: http://webgoat.googlecode.com/svn/trunk@131 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:48:43 +00:00
52f23a20f4 Move maintanance of lesson categories from AbstractLesson into Category class
git-svn-id: http://webgoat.googlecode.com/svn/trunk@130 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:48:20 +00:00
747319aab5 Move definition of standard Categories to Category class
Also update all the referring classes


git-svn-id: http://webgoat.googlecode.com/svn/trunk@129 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:48:02 +00:00
5f67544b24 Add mechanism to close DB connections
Oracle ends up refusing connections if we don't close them


git-svn-id: http://webgoat.googlecode.com/svn/trunk@128 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:46:17 +00:00
6f5e7c37f7 Add infrastructure to enable setting of username and password for DB access
git-svn-id: http://webgoat.googlecode.com/svn/trunk@127 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-10 11:46:01 +00:00
e19c3353e7 Added a catch block for the "ParameterNotFoundException". Failure to catch this exception lead to an error message when the DOS lesson is viewed.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@125 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-04-05 16:14:39 +00:00
20484796f9 EditProfile.jsp was missing a closing div tag. Removed some unused imports in LessonSource.java
git-svn-id: http://webgoat.googlecode.com/svn/trunk@124 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-04-05 15:33:51 +00:00
adc1387ed2 git-svn-id: http://webgoat.googlecode.com/svn/trunk@123 4033779f-a91e-0410-96ef-6bf7bf53c507 2007-03-22 21:18:07 +00:00
f66d74cd58 Draft for solving the labs
git-svn-id: http://webgoat.googlecode.com/svn/trunk@122 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-03-22 21:01:06 +00:00
25f47916cc Rename CookieCatcher to Catcher
git-svn-id: http://webgoat.googlecode.com/svn/trunk@121 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-03-20 19:05:46 +00:00
e2e98574b5 Detailed new lesson instructions
git-svn-id: http://webgoat.googlecode.com/svn/trunk@120 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-03-19 19:07:00 +00:00
34fca43216 New Phishing Lesson
git-svn-id: http://webgoat.googlecode.com/svn/trunk@119 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-03-19 17:47:37 +00:00
ee6ed2e978 Add FAQ for running WebGoat on your host IP
git-svn-id: http://webgoat.googlecode.com/svn/trunk@118 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-03-09 17:25:55 +00:00
30b00f969f git-svn-id: http://webgoat.googlecode.com/svn/trunk@117 4033779f-a91e-0410-96ef-6bf7bf53c507 2007-02-26 03:43:30 +00:00
a2abbfaf1e Changed tag case. removed unused import
git-svn-id: http://webgoat.googlecode.com/svn/trunk@116 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-02-25 18:39:38 +00:00
d8680dcfc3 Removed credit from New Lesson. Removed extra "." from start page
git-svn-id: http://webgoat.googlecode.com/svn/trunk@115 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-02-22 01:09:43 +00:00
81582162d3 Modified intro text to be consistent in size with new logos. Modified credits in BlindSqlInjection.java.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@114 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-02-06 15:32:12 +00:00
5408328434 git-svn-id: http://webgoat.googlecode.com/svn/trunk@113 4033779f-a91e-0410-96ef-6bf7bf53c507 2007-02-05 23:04:24 +00:00