Hook up random lesson. A little too hard on the tutorial. Might need …

…to ease up on the RNG.
ilatypov · Aug 14, 2012 · ef4b578 · ef4b578
1 parent 5c51d78
commit ef4b578
Show file tree

Hide file tree

Showing 4 changed files with 111 additions and 17 deletions.
diff --git a/WebGoat/App_Code/WeakRandom.cs b/WebGoat/App_Code/WeakRandom.cs
@@ -5,27 +5,38 @@ namespace OWASP.WebGoat.NET.App_Code
     public class WeakRandom
     {
         private uint _seed = 7;
-
+
+        public WeakRandom() {}
+
         public WeakRandom(uint seed)
         {
-            //Get a first high number so it looks random.
-            if (seed < 100)
-                _seed = _seed ^ 3;
-            else
-                _seed = seed;
+            _seed = seed;
         }
 
         public uint Next(uint min, uint max)
         {
             if (min >= max)
                 throw new Exception("Min must be smaller than max");
 
-            unchecked
+            unchecked //Just use next number from overflow
             {
-                _seed = _seed ^ 2;
+                _seed = _seed * _seed + _seed;
             }
 
             return _seed % (max - min) + min;
         }
+
+        public uint Peek(uint min, uint max)
+        {
+            if (min >= max)
+                throw new Exception("Min must be smaller than max");
+
+            unchecked //Just use next number from overflow
+            {
+                var seed = _seed * _seed + _seed;
+
+                return seed % (max - min) + min;
+            }
+        }
     }
 }
diff --git a/WebGoat/Content/Random.aspx b/WebGoat/Content/Random.aspx
@@ -13,8 +13,21 @@
     such as password salts, SSL handshakes etc.</p>
 
     <p>In the following example, try to predict the next number in the sequence:</p>
+
+    <p><asp:Label ID="lblSequence" runat="server" /></p>
+
+    <table>
+        <tr>
+            <td><asp:Button ID="btnOneMore" runat="server" onclick="btnOneMore_Click" Text="Generate number!" /></td>
+            <td><asp:Button ID="btnReset" Text="Reset" onclick="btnReset_Click" runat="server" /></td>
+        </tr>
+    </table>
+
+    <p>The next number is: <asp:TextBox ID="txtNextNumber" runat="server" /> 
+    <asp:Button ID="btnGo" Text="Go!" runat="server" onclick="btnGo_Click" /></p>
+
+    <p><asp:Label ID="lblResult" runat="server" /></p>
 
-    <p>-- Sequence is created here...</p>
 </asp:Content>
 
 <asp:Content ID="Content3" ContentPlaceHolderID="HelpContentPlaceholder" runat="server">

diff --git a/WebGoat/Content/Random.aspx.cs b/WebGoat/Content/Random.aspx.cs
@@ -1,12 +1,78 @@
-
 using System;
-using System.Web;
-using System.Web.UI;
+using OWASP.WebGoat.NET.App_Code;
+using System.Collections.Generic;
+using System.Text;
 
 namespace OWASP.WebGoat.NET.Content
 {
     public partial class Random : System.Web.UI.Page
     {
-    }
-}
+        private const uint MIN = 1;
+        private const uint MAX = 1000;
+        private const int INIT_NUMBERS = 5;
+
+        public void Page_Load(object sender, EventArgs args)
+        {
+            if (Session["Random"] == null)
+                Reset();
+
+            IList<uint> numbers = (IList<uint>) Session["Numbers"];
+            lblSequence.Text = "Sequence: " + Print(numbers);
+        }
+
+        public void btnOneMore_Click(object sender, EventArgs args)
+        {
+            WeakRandom rnd = (WeakRandom) Session["Random"];
+            IList<uint> numbers = (IList<uint>) Session["Numbers"];
+
+            numbers.Add(rnd.Next(MIN, MAX));
+
+            lblSequence.Text = "Sequence: " + Print(numbers);
+        }
+
+        public void btnGo_Click(object sender, EventArgs args)
+        {
+            WeakRandom rnd = (WeakRandom) Session["Random"];
+            IList<uint> numbers = (IList<uint>) Session["Numbers"];
+
+            uint next = rnd.Peek(MIN, MAX);
+
+            if (txtNextNumber.Text == next.ToString())
+                lblResult.Text = "You found it!";
+            else
+                lblResult.Text = "Sorry please try again.";
+        }
 
+        public void btnReset_Click(object sender, EventArgs args)
+        {
+            Reset();
+
+            IList<uint> numbers = (IList<uint>) Session["Numbers"];
+            lblSequence.Text = "Sequence: " + Print(numbers);
+        }
+
+        private string Print(IList<uint> numbers)
+        {
+            StringBuilder strBuilder = new StringBuilder();
+
+            foreach(uint n in numbers)
+                strBuilder.AppendFormat("{0}, ", n);
+
+            return strBuilder.ToString();
+        }
+
+        public void Reset()
+        {
+            Session["Random"] = new WeakRandom();
+
+            var rnd = (WeakRandom) Session["Random"];
+
+            IList<uint> numbers = new List<uint>();
+
+            for(int i=0; i<INIT_NUMBERS; i++)
+                numbers.Add(rnd.Next(MIN, MAX));
+
+            Session["Numbers"] = numbers;
+        }
+    }
+}
diff --git a/WebGoat/Content/Random.aspx.designer.cs b/WebGoat/Content/Random.aspx.designer.cs