Lab Exercise assert

This is a lab exercise on developing secure software. For more information, see the introduction to the labs.

Task

Please fix the sample code so attackers cannot easily trigger an assertion.

Background

In this exercise, we'll modify a Java server-side web application that uses the Spring framework.

Task Information

The sample code below raises an assertion if the input fails to validate. This approach does validate the input and reject input that fails to validate. However, as implemented, failed assertions halt the entire program. Attackers can trivially provide input that fails validation, making it easy for attackers to shut down an entire program.

Please change the code below so that instead of asserting that there are no form validation errors, check if there are errors, and return the string "form" if it does (causing the framework to redisplay the input form). When incorrect input arrives it's usually better to redisplay an input form instead of crashing the entire program.

Use the “hint” and “give up” buttons if necessary.

Interactive Lab ()

@Controller
public class WebController implements WebMvcConfigurer {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/results").setViewName("results");
    }

    @GetMapping("/")
    public String showForm(PersonForm personForm) {
        return "form";
    }

    @PostMapping("/")
    public String checkPersonInfo(@Valid PersonForm personForm,
                                  BindingResult bindingResult) {
        assert !bindingResult.hasErrors();

        return "redirect:/results";
    }
}

// If you use a textarea: