Insecure Communication added

git-svn-id: http://webgoat.googlecode.com/svn/trunk@324 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-04-13 17:05:51 +00:00 · 2008-04-13 17:05:51 +00:00 · 053112e7e0
commit 053112e7e0
parent 1fca79e494
2 changed files with 392 additions and 0 deletions
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Category.java
@ -75,6 +75,8 @@ public class Category implements Comparable

 	public final static Category CONCURRENCY = new Category("Concurrency", new Integer(80));

+	public final static Category INSECURE_COMMUNICATION = new Category("Insecure Communication", new Integer(809));
+	
 	public final static Category CHALLENGE = new Category("Challenge", new Integer(2000));

 	private static final List<Category> categories = new ArrayList<Category>();
@ -103,6 +105,7 @@ public class Category implements Comparable
 		categories.add(GENERAL);
 		categories.add(CODE_QUALITY);
 		categories.add(CONCURRENCY);
+		categories.add(INSECURE_COMMUNICATION);
 		categories.add(CHALLENGE);
 	}

--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/InsecureLogin.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/InsecureLogin.java
@ -0,0 +1,389 @@
+
+package org.owasp.webgoat.lessons;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.A;
+import org.apache.ecs.html.Div;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.apache.ecs.xhtml.style;
+import org.owasp.webgoat.session.DatabaseUtilities;
+import org.owasp.webgoat.session.WebSession;
+
+
+
+public class InsecureLogin extends SequentialLessonAdapter
+{
+	
+	private final static String USER = "clear_user";
+	private final static String PASSWORD = "clear_pass";
+	private final static String ANSWER = "clear_answer";
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	protected Element createContent(WebSession s)
+	{
+		return super.createStagedContent(s);
+	}
+	
+	@Override
+	protected Element doStage1(WebSession s) throws Exception {
+		String answer = s.getParser().getStringParameter(ANSWER,"");
+		if (answer.equals("sniffable"))
+		{
+			s.setMessage("You completed Stage 1!");
+			getLessonTracker(s).setStage(2);
+		}
+			return createMainContent(s);
+	}
+	
+	/**
+	 * Creation of the main content
+	 * @param s
+	 * @return Element
+	 */
+	protected Element createMainContent(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
+
+		try
+		{
+			style sty = new style();
+
+			sty.addElement("#lesson_wrapper {height: 435px;width: 500px;}#lesson_header {background-image: url(lessons/DBSQLInjection/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}.lesson_workspace {background-image: url(lessons/DBSQLInjection/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}		.lesson_text {height: 240px;width: 460px;padding-top: 5px;}			#lesson_buttons_bottom {height: 20px;width: 460px;}			#lesson_b_b_left {width: 300px;float: left;}			#lesson_b_b_right input {width: 100px;float: right;}			.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}			.lesson_workspace { }			.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}			.lesson_text_db {color: #0066FF}			#lesson_login {background-image: url(lessons/DBSQLInjection/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}			#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}			#lesson_search {background-image: url(lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}");
+			ec.addElement(sty);
+
+			Div wrapperDiv = new Div();
+			wrapperDiv.setID("lesson_wrapper");
+
+			Div headerDiv = new Div();
+			headerDiv.setID("lesson_header");
+
+			Div workspaceDiv = new Div();
+			workspaceDiv.setClass("lesson_workspace");
+
+			wrapperDiv.addElement(headerDiv);
+			wrapperDiv.addElement(workspaceDiv);
+
+			ec.addElement(wrapperDiv);
+			
+			String user = s.getParser().getStringParameter(USER, "");
+			String password = s.getParser().getStringParameter(PASSWORD, "");
+			if(!(user+password).equals("") && correctLogin(user, password, s))
+			{
+				workspaceDiv.addElement(createSuccessfulLoginContent(s, user));
+			}
+			else
+			{
+				workspaceDiv.addElement(createLogInContent());
+			}
+		} catch (Exception e)
+		{
+			s.setMessage("Error generating " + this.getClass().getName());
+			e.printStackTrace();
+		}
+
+		return (ec);
+	}
+	
+	/**
+	 * Create content for logging in
+	 * @param ec
+	 */
+	private Element createLogInContent() {
+		ElementContainer ec = new ElementContainer();
+		Div loginDiv = new Div();
+		loginDiv.setID("lesson_login");
+		
+		Table table = new Table();
+		table.addAttribute("align='center'", 0);
+		TR tr1 = new TR();
+		TD td1 = new TD();
+		TD td2 = new TD();
+		td1.addElement(new StringElement("Enter your name: "));
+		td2.addElement(new Input(Input.TEXT, USER).setValue("Jack").setReadOnly(true));
+		tr1.addElement(td1);
+		tr1.addElement(td2);
+
+		TR tr2 = new TR();
+		TD td3 = new TD();
+		TD td4 = new TD();
+		td3.addElement(new StringElement("Enter your password: "));
+		td4.addElement(new Input(Input.PASSWORD, PASSWORD).setValue("sniffable").setReadOnly(true));
+		tr2.addElement(td3);
+		tr2.addElement(td4);
+
+
+		TR tr3 = new TR();
+		TD td5 = new TD();
+		td5.setColSpan(2);
+		td5.setAlign("center");
+
+		td5.addElement(new Input(Input.SUBMIT, "Submit", "Submit"));
+		tr3.addElement(td5);
+
+		table.addElement(tr1);
+		table.addElement(tr2);
+		table.addElement(tr3);
+		loginDiv.addElement(table);
+		ec.addElement(loginDiv);
+		return ec;
+
+	}
+	
+
+
+
+	/**
+	 * Gets the category attribute of the ForgotPassword object
+	 * 
+	 * @return The category value
+	 */
+	protected Category getDefaultCategory()
+	{
+
+		return Category.INSECURE_COMMUNICATION;
+	}
+
+	/**
+	 * Gets the hints attribute of the HelloScreen object
+	 * 
+	 * @return The hints value
+	 */
+	public List<String> getHints(WebSession s)
+	{
+		List<String> hints = new ArrayList<String>();
+
+		hints.add("Stub");
+
+		return hints;
+	}
+
+	private final static Integer DEFAULT_RANKING = new Integer(100);
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+
+	/**
+	 * Gets the title attribute of the HelloScreen object
+	 * 
+	 * @return The title value
+	 */
+	public String getTitle()
+	{
+		return ("Insecure Login");
+	}
+	
+	@Override
+	public String getInstructions(WebSession s) {
+		String instructions = "Stub";
+		return instructions;
+	}
+	
+	/**
+	 * See if the password and corresponding user is valid
+	 * 
+	 * @param userName
+	 * @param password
+	 * @param s
+	 * @return true if the password was correct
+	 */
+	private boolean correctLogin(String userName, String password, WebSession s)
+	{
+		Connection connection = null;
+		try
+		{
+			connection = DatabaseUtilities.getConnection(s);
+			String query = "SELECT * FROM user_data_tan WHERE first_name = ? AND password = ?";
+			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
+																			ResultSet.CONCUR_READ_ONLY);
+			prepStatement.setString(1, userName);
+			prepStatement.setString(2, password);
+
+			ResultSet results = prepStatement.executeQuery();
+
+			if ((results != null) && (results.first() == true)) {
+
+			return true;
+
+			}
+
+		} catch (Exception e)
+		{
+			e.printStackTrace();
+		}
+		finally
+		{
+			try
+			{
+				if (connection != null)
+				{
+					connection.close();
+				}
+			}
+			catch (Exception e)
+			{
+				e.printStackTrace();
+			}
+		}
+
+		return false;
+
+	}
+	
+	/**
+	 * Create content after a successful login
+	 * 
+	 * @param s
+	 * @param ec
+	 */
+	private Element createSuccessfulLoginContent(WebSession s, String user)
+	{
+		ElementContainer ec = new ElementContainer();
+		
+		String userDataStyle = "margin-top:50px;";
+
+		Div userDataDiv = new Div();
+		userDataDiv.setStyle(userDataStyle);
+		userDataDiv.addAttribute("align", "center");
+		Table table = new Table();
+		table.addAttribute("cellspacing", 10);
+		table.addAttribute("cellpadding", 5);
+
+		table.addAttribute("align", "center");
+		TR tr1 = new TR();
+		TR tr2 = new TR();
+		TR tr3 = new TR();
+		TR tr4 = new TR();
+		tr1.addElement(new TD("<b>Firstname:</b>"));
+		tr1.addElement(new TD(user));
+
+		try
+		{
+			ResultSet results = getUser(user, s);
+			results.first();
+
+			tr2.addElement(new TD("<b>Lastname:</b>"));
+			tr2.addElement(new TD(results.getString("last_name")));
+
+			tr3.addElement(new TD("<b>Credit Card Type:</b>"));
+			tr3.addElement(new TD(results.getString("cc_type")));
+
+			tr4.addElement(new TD("<b>Credit Card Number:</b>"));
+			tr4.addElement(new TD(results.getString("cc_number")));
+
+		}
+
+		catch (Exception e)
+		{
+			e.printStackTrace();
+		}
+		table.addElement(tr1);
+		table.addElement(tr2);
+		table.addElement(tr3);
+		table.addElement(tr4);
+
+		userDataDiv.addElement(table);
+		ec.addElement(userDataDiv);
+		ec.addElement(createLogoutLink());
+		ec.addElement(createQuestionContent());
+		
+		
+		return ec;
+	}
+	
+	private Element createQuestionContent()
+	{
+		ElementContainer ec = new ElementContainer();
+		Div div = new Div();
+		div.addAttribute("align", "center");
+		
+		div.addElement("What was the password?");
+		div.addElement(new Input(Input.TEXT, ANSWER));
+				
+		ec.addElement(div);
+		return ec;
+	}
+	
+	/**
+	 * Get a user by its name
+	 * 
+	 * @param user
+	 * @param s
+	 * @return ResultSet containing the user
+	 */
+	private ResultSet getUser(String user, WebSession s)
+	{
+		Connection connection = null;
+		try
+		{
+			connection = DatabaseUtilities.getConnection(s);
+			String query = "SELECT * FROM user_data_tan WHERE first_name = ? ";
+			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
+																			ResultSet.CONCUR_READ_ONLY);
+			prepStatement.setString(1, user);
+
+			ResultSet results = prepStatement.executeQuery();
+
+			return results;
+
+		} catch (Exception e)
+		{
+			e.printStackTrace();
+		}
+		finally
+		{
+			try
+			{
+				if (connection != null)
+				{
+					connection.close();
+				}
+			}
+			catch (Exception e)
+			{
+				e.printStackTrace();
+			}
+		}
+		return null;
+
+	}
+	
+	/**
+	 * Create a link for logging out
+	 * 
+	 * @return Element
+	 */
+	private Element createLogoutLink()
+	{
+		A logoutLink = new A();
+		logoutLink.addAttribute("href", getLink() + "&logout=true");
+		logoutLink.addElement("Logout");
+
+		String logoutStyle = "margin-right:50px; mrgin-top:30px";
+		Div logoutDiv = new Div();
+		logoutDiv.addAttribute("align", "right");
+		logoutDiv.addElement(logoutLink);
+		logoutDiv.setStyle(logoutStyle);
+
+		return logoutDiv;
+	}
+
+}