Netstat does not take webgoat's arguments on MacOS X

[GoogleCodeExporter]

Repro
1. In the challenge or anywhere else that uses the netstat command injection, 
the list of available options is not applicable for 
modern MacOS X. 

What is the expected output? What do you see instead?

The expected output is a command that actually runs. Nothing - it does not run 
as the protocols in the drop down are not 
supported by netstat on the Mac, and most likely any Unix. 

What version of the product are you using? On what operating system?

Latest from Rogan's archive. The problem is in the mainline code, too. MacOS X 
10.5 with Java 1.5.0

Please provide any additional information below.

In the Google SVN code, it's in Challenge2Screen.java, line 333

String[] list = { "TCP", "TCPv6", "IP", "IPv6", "UDP", "UDPv6" };

The following will work for MacOS X, but may be different for other Unixes:

String[] list = { "tcp", "ip", "udp" };

Is it possible to choose another command? 

thanks,
Andrew 

Original issue reported on code.google.com by vande...@gmail.com on 4 Apr 2008 at 3:28

[GoogleCodeExporter]

Netstat was chosen for compatibility  across the most common OS's.  Windows is 
by far
the most common WebGoat platform.  I will change the commands to be lower case 
since
windows is not case sensitive for "shell" commands.

Original comment by mayhe...@gmail.com on 4 Apr 2008 at 12:33

• Changed state: Fixed