Internationalization refactoring pass 2 : removing dependencies to
previous implentation
This commit is contained in:
David Touzet
File diff suppressed because it is too large
Load Diff
@ -13,7 +13,6 @@ import org.apache.ecs.html.TR;
|
||||
import org.apache.ecs.html.Table;
|
||||
import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -102,12 +101,12 @@ public class BasicAuthentication extends SequentialLessonAdapter
|
||||
{
|
||||
if (headerName.length() > 0 && !headerName.equalsIgnoreCase(AUTHORIZATION))
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("BasicAuthHeaderNameIncorrect"));
|
||||
s.setMessage(getLabelManager().get("BasicAuthHeaderNameIncorrect"));
|
||||
}
|
||||
if (headerValue.length() > 0
|
||||
&& !(headerValue.equals("guest:guest") || headerValue.equals("webgoat:webgoat")))
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("BasicAuthHeaderValueIncorrect"));
|
||||
s.setMessage(getLabelManager().get("BasicAuthHeaderValueIncorrect"));
|
||||
|
||||
}
|
||||
}
|
||||
@ -121,8 +120,8 @@ public class BasicAuthentication extends SequentialLessonAdapter
|
||||
|
||||
TR row1 = new TR();
|
||||
TR row2 = new TR();
|
||||
row1.addElement(new TD(new StringElement(WebGoatI18N.get("BasicAuthenticationWhatIsNameOfHeader"))));
|
||||
row2.addElement(new TD(new StringElement(WebGoatI18N.get("BasicAuthenticationWhatIsDecodedValueOfHeader"))));
|
||||
row1.addElement(new TD(new StringElement(getLabelManager().get("BasicAuthenticationWhatIsNameOfHeader"))));
|
||||
row2.addElement(new TD(new StringElement(getLabelManager().get("BasicAuthenticationWhatIsDecodedValueOfHeader"))));
|
||||
|
||||
row1.addElement(new TD(new Input(Input.TEXT, HEADER_NAME, headerName.toString())));
|
||||
row2.addElement(new TD(new Input(Input.TEXT, HEADER_VALUE, headerValue.toString())));
|
||||
@ -133,7 +132,7 @@ public class BasicAuthentication extends SequentialLessonAdapter
|
||||
ec.addElement(t);
|
||||
ec.addElement(new P());
|
||||
|
||||
Element b = ECSFactory.makeButton(WebGoatI18N.get("Submit"));
|
||||
Element b = ECSFactory.makeButton(getLabelManager().get("Submit"));
|
||||
ec.addElement(b);
|
||||
|
||||
} catch (Exception e)
|
||||
@ -159,7 +158,7 @@ public class BasicAuthentication extends SequentialLessonAdapter
|
||||
getLessonTracker(s, originalUser).setStage(1);
|
||||
getLessonTracker(s, originalUser).store(s, this);
|
||||
makeSuccess(s);
|
||||
s.setMessage(WebGoatI18N.get("BasicAuthenticiationGreenStars1")+ originalUser + WebGoatI18N.get("BasicAuthenticationGreenStars2"));
|
||||
s.setMessage(getLabelManager().get("BasicAuthenticiationGreenStars1")+ originalUser + getLabelManager().get("BasicAuthenticationGreenStars2"));
|
||||
return ec;
|
||||
}
|
||||
else
|
||||
@ -185,7 +184,7 @@ public class BasicAuthentication extends SequentialLessonAdapter
|
||||
getLessonTracker(s, BASIC).store(s, this, BASIC);
|
||||
}
|
||||
|
||||
s.setMessage(WebGoatI18N.get("BasicAuthenticationStage1Completed"));
|
||||
s.setMessage(getLabelManager().get("BasicAuthenticationStage1Completed"));
|
||||
|
||||
// If the auth header is different but still the original user - tell the user
|
||||
// that the original cookie was posted bak and basic auth uses the cookie before the
|
||||
@ -193,28 +192,28 @@ public class BasicAuthentication extends SequentialLessonAdapter
|
||||
if (!originalAuth.equals("") && !originalAuth.equals(s.getHeader(AUTHORIZATION)))
|
||||
{
|
||||
ec
|
||||
.addElement(WebGoatI18N.get("BasicAuthenticationAlmostThere1")
|
||||
.addElement(getLabelManager().get("BasicAuthenticationAlmostThere1")
|
||||
+ AUTHORIZATION
|
||||
+ WebGoatI18N.get("BasicAuthenticationAlmostThere2")
|
||||
+ getLabelManager().get("BasicAuthenticationAlmostThere2")
|
||||
+ s.getUserName()
|
||||
+ WebGoatI18N.get("BasicAuthenticationAlmostThere3"));
|
||||
+ getLabelManager().get("BasicAuthenticationAlmostThere3"));
|
||||
}
|
||||
else if (!originalSessionId.equals(s.getCookie(JSESSIONID)))
|
||||
{
|
||||
ec
|
||||
.addElement(WebGoatI18N.get("BasicAuthenticationReallyClose"));
|
||||
.addElement(getLabelManager().get("BasicAuthenticationReallyClose"));
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
ec.addElement(WebGoatI18N.get("BasicAuthenticationUseTheHints"));
|
||||
ec.addElement(getLabelManager().get("BasicAuthenticationUseTheHints"));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
} catch (Exception e)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
|
||||
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
@ -245,18 +244,18 @@ public class BasicAuthentication extends SequentialLessonAdapter
|
||||
// switch ( stage )
|
||||
// {
|
||||
// case 1:
|
||||
hints.add(WebGoatI18N.get("BasicAuthenticationHint1"));
|
||||
hints.add(WebGoatI18N.get("BasicAuthenticationHint2"));
|
||||
hints.add(WebGoatI18N.get("BasicAuthenticationHint3"));
|
||||
hints.add(WebGoatI18N.get("BasicAuthenticationHint4"));
|
||||
hints.add(getLabelManager().get("BasicAuthenticationHint1"));
|
||||
hints.add(getLabelManager().get("BasicAuthenticationHint2"));
|
||||
hints.add(getLabelManager().get("BasicAuthenticationHint3"));
|
||||
hints.add(getLabelManager().get("BasicAuthenticationHint4"));
|
||||
|
||||
// break;
|
||||
// case 2:
|
||||
hints.add(WebGoatI18N.get("BasicAuthenticationHint5"));
|
||||
hints.add(WebGoatI18N.get("BasicAuthenticationHint6"));
|
||||
hints.add(WebGoatI18N.get("BasicAuthenticationHint7"));
|
||||
hints.add(WebGoatI18N.get("BasicAuthenticationHint8"));
|
||||
hints.add(WebGoatI18N.get("BasicAuthenticationHint9"));
|
||||
hints.add(getLabelManager().get("BasicAuthenticationHint5"));
|
||||
hints.add(getLabelManager().get("BasicAuthenticationHint6"));
|
||||
hints.add(getLabelManager().get("BasicAuthenticationHint7"));
|
||||
hints.add(getLabelManager().get("BasicAuthenticationHint8"));
|
||||
hints.add(getLabelManager().get("BasicAuthenticationHint9"));
|
||||
|
||||
// break;
|
||||
// }
|
||||
|
||||
@ -1,11 +1,6 @@
|
||||
|
||||
package org.owasp.webgoat.lessons;
|
||||
|
||||
import java.sql.Connection;
|
||||
import java.sql.ResultSet;
|
||||
import java.sql.ResultSetMetaData;
|
||||
import java.sql.SQLException;
|
||||
import java.sql.Statement;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import org.apache.ecs.Element;
|
||||
@ -17,12 +12,9 @@ import org.apache.ecs.html.Div;
|
||||
import org.apache.ecs.html.IMG;
|
||||
import org.apache.ecs.html.Input;
|
||||
import org.apache.ecs.html.P;
|
||||
import org.apache.ecs.html.PRE;
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.ParameterNotFoundException;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -197,9 +189,9 @@ public class BypassHtmlFieldRestrictions extends SequentialLessonAdapter
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
|
||||
hints.add(WebGoatI18N.get("BypassHtmlFieldRestrictionsHint1"));
|
||||
hints.add(WebGoatI18N.get("BypassHtmlFieldRestrictionsHint2"));
|
||||
hints.add(WebGoatI18N.get("BypassHtmlFieldRestrictionsHint3"));
|
||||
hints.add(getLabelManager().get("BypassHtmlFieldRestrictionsHint1"));
|
||||
hints.add(getLabelManager().get("BypassHtmlFieldRestrictionsHint2"));
|
||||
hints.add(getLabelManager().get("BypassHtmlFieldRestrictionsHint3"));
|
||||
|
||||
return hints;
|
||||
}
|
||||
|
||||
@ -16,7 +16,6 @@ import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.Exec;
|
||||
import org.owasp.webgoat.util.ExecResults;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -79,7 +78,7 @@ public class CommandInjection extends LessonAdapter
|
||||
}
|
||||
index = index + 1;
|
||||
int helpFileLen = helpFile.length() - 1; // subtract 1 for the closing quote
|
||||
System.out.println(WebGoatI18N.get("Command")+" = [" + helpFile.substring(index, helpFileLen).trim().toLowerCase() + "]");
|
||||
System.out.println(getLabelManager().get("Command")+" = [" + helpFile.substring(index, helpFileLen).trim().toLowerCase() + "]");
|
||||
if ((osName.indexOf("Windows") != -1 && (helpFile.substring(index, helpFileLen).trim().toLowerCase()
|
||||
.equals("netstat -a")
|
||||
|| helpFile.substring(index, helpFileLen).trim().toLowerCase().equals("dir")
|
||||
@ -97,7 +96,7 @@ public class CommandInjection extends LessonAdapter
|
||||
}
|
||||
else
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("CommandInjectionRightTrack1"));
|
||||
s.setMessage(getLabelManager().get("CommandInjectionRightTrack1"));
|
||||
|
||||
}
|
||||
}
|
||||
@ -114,7 +113,7 @@ public class CommandInjection extends LessonAdapter
|
||||
}
|
||||
else
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("CommandInjectionRightTrack2"));
|
||||
s.setMessage(getLabelManager().get("CommandInjectionRightTrack2"));
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -125,8 +124,8 @@ public class CommandInjection extends LessonAdapter
|
||||
}
|
||||
File safeDir = new File(s.getContext().getRealPath("/lesson_plans/en"));
|
||||
|
||||
ec.addElement(new StringElement(WebGoatI18N.get("YouAreCurrentlyViewing")+"<b>"
|
||||
+ (helpFile.toString().length() == 0 ? "<"+WebGoatI18N.get("SelectFileFromListBelow")+">" : helpFile.toString())
|
||||
ec.addElement(new StringElement(getLabelManager().get("YouAreCurrentlyViewing")+"<b>"
|
||||
+ (helpFile.toString().length() == 0 ? "<"+getLabelManager().get("SelectFileFromListBelow")+">" : helpFile.toString())
|
||||
+ "</b>"));
|
||||
|
||||
if (!illegalCommand)
|
||||
@ -151,11 +150,11 @@ public class CommandInjection extends LessonAdapter
|
||||
fileData = exec(s, cmd2);
|
||||
}
|
||||
|
||||
ec.addElement(new P().addElement(WebGoatI18N.get("SelectLessonPlanToView")));
|
||||
ec.addElement(new P().addElement(getLabelManager().get("SelectLessonPlanToView")));
|
||||
ec.addElement(ECSFactory.makePulldown(HELP_FILE, parseResults(results.replaceAll("(?s)\\.html",
|
||||
"\\.help"))));
|
||||
// ec.addElement( results );
|
||||
Element b = ECSFactory.makeButton(WebGoatI18N.get("View"));
|
||||
Element b = ECSFactory.makeButton(getLabelManager().get("View"));
|
||||
ec.addElement(b);
|
||||
// Strip out some of the extra html from the "help" file
|
||||
ec.addElement(new BR());
|
||||
@ -271,10 +270,10 @@ public class CommandInjection extends LessonAdapter
|
||||
protected List<String> getHints(WebSession s)
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
hints.add(WebGoatI18N.get("CommandInjectionHint1"));
|
||||
hints.add(WebGoatI18N.get("CommandInjectionHint2"));
|
||||
hints.add(WebGoatI18N.get("CommandInjectionHint3"));
|
||||
hints.add(WebGoatI18N.get("CommandInjectionHint4"));
|
||||
hints.add(getLabelManager().get("CommandInjectionHint1"));
|
||||
hints.add(getLabelManager().get("CommandInjectionHint2"));
|
||||
hints.add(getLabelManager().get("CommandInjectionHint3"));
|
||||
hints.add(getLabelManager().get("CommandInjectionHint4"));
|
||||
|
||||
return hints;
|
||||
}
|
||||
|
||||
@ -22,7 +22,6 @@ import org.apache.ecs.html.TR;
|
||||
import org.apache.ecs.html.Table;
|
||||
import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -107,7 +106,7 @@ public class HiddenFieldTampering extends LessonAdapter
|
||||
total = quantity * Float.parseFloat(price);
|
||||
} catch (Exception e)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("Invaild data") + this.getClass().getName());
|
||||
s.setMessage(getLabelManager().get("Invaild data") + this.getClass().getName());
|
||||
price = PRICE_TV;
|
||||
quantity = 1.0f;
|
||||
total = quantity * Float.parseFloat(PRICE_TV);
|
||||
@ -116,7 +115,7 @@ public class HiddenFieldTampering extends LessonAdapter
|
||||
|
||||
if (price.equals(PRICE_TV))
|
||||
{
|
||||
ec.addElement(new Center().addElement(new H1().addElement(WebGoatI18N.get("ShoppingCart"))));
|
||||
ec.addElement(new Center().addElement(new H1().addElement(getLabelManager().get("ShoppingCart"))));
|
||||
ec.addElement(new BR());
|
||||
Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
|
||||
|
||||
@ -126,10 +125,10 @@ public class HiddenFieldTampering extends LessonAdapter
|
||||
}
|
||||
|
||||
TR tr = new TR();
|
||||
tr.addElement(new TH().addElement(WebGoatI18N.get("ShoppingCartItems")).setWidth("80%"));
|
||||
tr.addElement(new TH().addElement(WebGoatI18N.get("Price")).setWidth("10%"));
|
||||
tr.addElement(new TH().addElement(WebGoatI18N.get("Quantity")).setWidth("3%"));
|
||||
tr.addElement(new TH().addElement(WebGoatI18N.get("Total")).setWidth("7%"));
|
||||
tr.addElement(new TH().addElement(getLabelManager().get("ShoppingCartItems")).setWidth("80%"));
|
||||
tr.addElement(new TH().addElement(getLabelManager().get("Price")).setWidth("10%"));
|
||||
tr.addElement(new TH().addElement(getLabelManager().get("Quantity")).setWidth("3%"));
|
||||
tr.addElement(new TH().addElement(getLabelManager().get("Total")).setWidth("7%"));
|
||||
t.addElement(tr);
|
||||
|
||||
tr = new TR();
|
||||
@ -150,10 +149,10 @@ public class HiddenFieldTampering extends LessonAdapter
|
||||
|
||||
ec.addElement(new BR());
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement(WebGoatI18N.get("TotalChargedCreditCard")+":"));
|
||||
tr.addElement(new TD().addElement(getLabelManager().get("TotalChargedCreditCard")+":"));
|
||||
tr.addElement(new TD().addElement(money.format(total)));
|
||||
tr.addElement(new TD().addElement(ECSFactory.makeButton(WebGoatI18N.get("UpdateCart"))));
|
||||
tr.addElement(new TD().addElement(ECSFactory.makeButton(WebGoatI18N.get("Purchase"), "validate()")));
|
||||
tr.addElement(new TD().addElement(ECSFactory.makeButton(getLabelManager().get("UpdateCart"))));
|
||||
tr.addElement(new TD().addElement(ECSFactory.makeButton(getLabelManager().get("Purchase"), "validate()")));
|
||||
t.addElement(tr);
|
||||
|
||||
ec.addElement(t);
|
||||
@ -170,10 +169,10 @@ public class HiddenFieldTampering extends LessonAdapter
|
||||
makeSuccess(s);
|
||||
}
|
||||
|
||||
ec.addElement(new P().addElement(WebGoatI18N.get("TotalPriceIs")+":"));
|
||||
ec.addElement(new P().addElement(getLabelManager().get("TotalPriceIs")+":"));
|
||||
ec.addElement(new B("$" + total));
|
||||
ec.addElement(new BR());
|
||||
ec.addElement(new P().addElement(WebGoatI18N.get("ThisAmountCharged")));
|
||||
ec.addElement(new P().addElement(getLabelManager().get("ThisAmountCharged")));
|
||||
}
|
||||
|
||||
return (ec);
|
||||
@ -198,9 +197,9 @@ public class HiddenFieldTampering extends LessonAdapter
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
|
||||
hints.add(WebGoatI18N.get("HiddenFieldTamperingHint1"));
|
||||
hints.add(WebGoatI18N.get("HiddenFieldTamperingHint2"));
|
||||
hints.add(WebGoatI18N.get("HiddenFieldTamperingHint3")+ PRICE_TV +WebGoatI18N.get("HiddenFieldTamperingHint32") + PRICE_TV_HACKED );
|
||||
hints.add(getLabelManager().get("HiddenFieldTamperingHint1"));
|
||||
hints.add(getLabelManager().get("HiddenFieldTamperingHint2"));
|
||||
hints.add(getLabelManager().get("HiddenFieldTamperingHint3")+ PRICE_TV +getLabelManager().get("HiddenFieldTamperingHint32") + PRICE_TV_HACKED );
|
||||
|
||||
return hints;
|
||||
}
|
||||
|
||||
@ -19,7 +19,6 @@ import org.apache.ecs.html.TR;
|
||||
import org.apache.ecs.html.Table;
|
||||
import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -108,7 +107,7 @@ public class HtmlClues extends LessonAdapter
|
||||
{
|
||||
makeSuccess(s);
|
||||
|
||||
s.setMessage(WebGoatI18N.get("HtmlCluesBINGO"));
|
||||
s.setMessage(getLabelManager().get("HtmlCluesBINGO"));
|
||||
ec.addElement(makeUser(s, "admin", "CREDENTIALS"));
|
||||
}
|
||||
else
|
||||
@ -139,8 +138,8 @@ public class HtmlClues extends LessonAdapter
|
||||
protected Element makeUser(WebSession s, String user, String method) throws Exception
|
||||
{
|
||||
ElementContainer ec = new ElementContainer();
|
||||
ec.addElement(new P().addElement(WebGoatI18N.get("WelcomeUser")+ user));
|
||||
ec.addElement(new P().addElement(WebGoatI18N.get("YouHaveBeenAuthenticatedWith") + method));
|
||||
ec.addElement(new P().addElement(getLabelManager().get("WelcomeUser")+ user));
|
||||
ec.addElement(new P().addElement(getLabelManager().get("YouHaveBeenAuthenticatedWith") + method));
|
||||
|
||||
return (ec);
|
||||
}
|
||||
@ -159,12 +158,12 @@ public class HtmlClues extends LessonAdapter
|
||||
|
||||
TR tr = new TR();
|
||||
tr.addElement(new TH()
|
||||
.addElement(WebGoatI18N.get("WeakAuthenticationCookiePleaseSignIn"))
|
||||
.addElement(getLabelManager().get("WeakAuthenticationCookiePleaseSignIn"))
|
||||
.setColSpan(2).setAlign("left"));
|
||||
t.addElement(tr);
|
||||
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement("*"+WebGoatI18N.get("RequiredFields")).setWidth("30%"));
|
||||
tr.addElement(new TD().addElement("*"+getLabelManager().get("RequiredFields")).setWidth("30%"));
|
||||
t.addElement(tr);
|
||||
|
||||
tr = new TR();
|
||||
@ -173,8 +172,8 @@ public class HtmlClues extends LessonAdapter
|
||||
|
||||
TR row1 = new TR();
|
||||
TR row2 = new TR();
|
||||
row1.addElement(new TD(new B(new StringElement("*"+WebGoatI18N.get("UserName")+": "))));
|
||||
row2.addElement(new TD(new B(new StringElement("*"+WebGoatI18N.get("Password")+": "))));
|
||||
row1.addElement(new TD(new B(new StringElement("*"+getLabelManager().get("UserName")+": "))));
|
||||
row2.addElement(new TD(new B(new StringElement("*"+getLabelManager().get("Password")+": "))));
|
||||
|
||||
Input input1 = new Input(Input.TEXT, USERNAME, "");
|
||||
Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
|
||||
@ -183,7 +182,7 @@ public class HtmlClues extends LessonAdapter
|
||||
t.addElement(row1);
|
||||
t.addElement(row2);
|
||||
|
||||
Element b = ECSFactory.makeButton(WebGoatI18N.get("Login"));
|
||||
Element b = ECSFactory.makeButton(getLabelManager().get("Login"));
|
||||
t.addElement(new TR(new TD(b)));
|
||||
ec.addElement(t);
|
||||
|
||||
@ -198,9 +197,9 @@ public class HtmlClues extends LessonAdapter
|
||||
protected List<String> getHints(WebSession s)
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
hints.add(WebGoatI18N.get("HtmlCluesHint1"));
|
||||
hints.add(WebGoatI18N.get("HtmlCluesHint2"));
|
||||
hints.add(WebGoatI18N.get("HtmlCluesHint3"));
|
||||
hints.add(getLabelManager().get("HtmlCluesHint1"));
|
||||
hints.add(getLabelManager().get("HtmlCluesHint2"));
|
||||
hints.add(getLabelManager().get("HtmlCluesHint3"));
|
||||
|
||||
return hints;
|
||||
}
|
||||
|
||||
@ -2,7 +2,6 @@ package org.owasp.webgoat.lessons;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.ecs.Element;
|
||||
import org.apache.ecs.ElementContainer;
|
||||
import org.apache.ecs.StringElement;
|
||||
@ -10,7 +9,6 @@ import org.apache.ecs.html.BR;
|
||||
import org.apache.ecs.html.Input;
|
||||
import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
/**
|
||||
* *************************************************************************************************
|
||||
@ -61,7 +59,7 @@ public class HttpBasics extends LessonAdapter {
|
||||
StringBuffer person = null;
|
||||
try {
|
||||
ec.addElement(new BR());
|
||||
ec.addElement(new StringElement(WebGoatI18N.get("EnterYourName") + ": "));
|
||||
ec.addElement(new StringElement(getLabelManager().get("EnterYourName") + ": "));
|
||||
|
||||
person = new StringBuffer(s.getParser().getStringParameter(PERSON, ""));
|
||||
person.reverse();
|
||||
@ -69,7 +67,7 @@ public class HttpBasics extends LessonAdapter {
|
||||
Input input = new Input(Input.TEXT, PERSON, person.toString());
|
||||
ec.addElement(input);
|
||||
|
||||
Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
|
||||
Element b = ECSFactory.makeButton(getLabelManager().get("Go!"));
|
||||
ec.addElement(b);
|
||||
} catch (Exception e) {
|
||||
s.setMessage("Error generating " + this.getClass().getName());
|
||||
|
||||
@ -14,7 +14,6 @@ import org.apache.ecs.html.Input;
|
||||
import org.apache.ecs.html.P;
|
||||
import org.apache.ecs.html.TextArea;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -125,28 +124,28 @@ public class JavaScriptValidation extends LessonAdapter
|
||||
b.setType(Input.BUTTON);
|
||||
b.setValue("Submit");
|
||||
b.addAttribute("onclick", "validate();");
|
||||
ec.addElement(new Div().addElement(new StringElement(WebGoatI18N.get("3LowerCase")+"("
|
||||
ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("3LowerCase")+"("
|
||||
+ regex1 + ")")));
|
||||
ec.addElement(new Div().addElement(input1));
|
||||
ec.addElement(new P());
|
||||
ec.addElement(new Div().addElement(new StringElement(WebGoatI18N.get("Exactly3Digits")+"(" + regex2 + ")")));
|
||||
ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("Exactly3Digits")+"(" + regex2 + ")")));
|
||||
ec.addElement(new Div().addElement(input2));
|
||||
ec.addElement(new P());
|
||||
ec.addElement(new Div().addElement(new StringElement(WebGoatI18N.get("LettersNumbersSpaceOnly")+"(" + regex3
|
||||
ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("LettersNumbersSpaceOnly")+"(" + regex3
|
||||
+ ")")));
|
||||
ec.addElement(new Div().addElement(input3));
|
||||
ec.addElement(new P());
|
||||
ec.addElement(new Div().addElement(new StringElement(WebGoatI18N.get("EnumerationOfNumbers")+" (" + regex4 + ")")));
|
||||
ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("EnumerationOfNumbers")+" (" + regex4 + ")")));
|
||||
ec.addElement(new Div().addElement(input4));
|
||||
ec.addElement(new P());
|
||||
ec.addElement(new Div().addElement(new StringElement(WebGoatI18N.get("SimpleZipCode")+ " (" + regex5 + ")")));
|
||||
ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("SimpleZipCode")+ " (" + regex5 + ")")));
|
||||
ec.addElement(new Div().addElement(input5));
|
||||
ec.addElement(new P());
|
||||
ec.addElement(new Div()
|
||||
.addElement(new StringElement(WebGoatI18N.get("ZIPDashFour")+" (" + regex6 + ")")));
|
||||
.addElement(new StringElement(getLabelManager().get("ZIPDashFour")+" (" + regex6 + ")")));
|
||||
ec.addElement(new Div().addElement(input6));
|
||||
ec.addElement(new P());
|
||||
ec.addElement(new Div().addElement(new StringElement(WebGoatI18N.get("USPhoneNumber")+ " ("
|
||||
ec.addElement(new Div().addElement(new StringElement(getLabelManager().get("USPhoneNumber")+ " ("
|
||||
+ regex7 + ")")));
|
||||
ec.addElement(new Div().addElement(input7));
|
||||
ec.addElement(new P());
|
||||
@ -161,43 +160,43 @@ public class JavaScriptValidation extends LessonAdapter
|
||||
if (!pattern1.matcher(param1).matches())
|
||||
{
|
||||
err++;
|
||||
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+" Field1.";
|
||||
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+" Field1.";
|
||||
}
|
||||
|
||||
if (!pattern2.matcher(param2).matches())
|
||||
{
|
||||
err++;
|
||||
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+" Field2.";
|
||||
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+" Field2.";
|
||||
}
|
||||
|
||||
if (!pattern3.matcher(param3).matches())
|
||||
{
|
||||
err++;
|
||||
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+"Field3.";
|
||||
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+"Field3.";
|
||||
}
|
||||
|
||||
if (!pattern4.matcher(param4).matches())
|
||||
{
|
||||
err++;
|
||||
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+"Field4.";
|
||||
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+"Field4.";
|
||||
}
|
||||
|
||||
if (!pattern5.matcher(param5).matches())
|
||||
{
|
||||
err++;
|
||||
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+"Field5.";
|
||||
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+"Field5.";
|
||||
}
|
||||
|
||||
if (!pattern6.matcher(param6).matches())
|
||||
{
|
||||
err++;
|
||||
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+"Field6.";
|
||||
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+"Field6.";
|
||||
}
|
||||
|
||||
if (!pattern7.matcher(param7).matches())
|
||||
{
|
||||
err++;
|
||||
msg += "<BR>"+WebGoatI18N.get("ServerSideValidationViolation")+"Field7.";
|
||||
msg += "<BR>"+getLabelManager().get("ServerSideValidationViolation")+"Field7.";
|
||||
}
|
||||
|
||||
if (err > 0)
|
||||
@ -213,7 +212,7 @@ public class JavaScriptValidation extends LessonAdapter
|
||||
|
||||
catch (Exception e)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
|
||||
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
@ -238,9 +237,9 @@ public class JavaScriptValidation extends LessonAdapter
|
||||
protected List<String> getHints(WebSession s)
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
hints.add(WebGoatI18N.get("JavaScriptValidationHint1"));
|
||||
hints.add(WebGoatI18N.get("JavaScriptValidationHint2"));
|
||||
hints.add(WebGoatI18N.get("JavaScriptValidationHint3"));
|
||||
hints.add(getLabelManager().get("JavaScriptValidationHint1"));
|
||||
hints.add(getLabelManager().get("JavaScriptValidationHint2"));
|
||||
hints.add(getLabelManager().get("JavaScriptValidationHint3"));
|
||||
|
||||
|
||||
return hints;
|
||||
|
||||
@ -15,7 +15,6 @@ import org.apache.ecs.html.TD;
|
||||
import org.apache.ecs.html.TR;
|
||||
import org.apache.ecs.html.Table;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
/**
|
||||
* *************************************************************************************************
|
||||
@ -220,7 +219,7 @@ public abstract class LessonAdapter extends AbstractLesson {
|
||||
protected Element makeSuccess(WebSession s) {
|
||||
getLessonTracker(s).setCompleted(true);
|
||||
|
||||
s.setMessage(WebGoatI18N.get("LessonCompleted"));
|
||||
s.setMessage(getLabelManager().get("LessonCompleted"));
|
||||
|
||||
return (null);
|
||||
}
|
||||
|
||||
@ -18,7 +18,6 @@ import org.apache.ecs.html.TR;
|
||||
import org.apache.ecs.html.Table;
|
||||
import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -75,15 +74,15 @@ public class LogSpoofing extends LessonAdapter
|
||||
TR row2 = new TR();
|
||||
TR row3 = new TR();
|
||||
|
||||
row1.addElement(new TD(new StringElement(WebGoatI18N.get("UserName")+":")));
|
||||
row1.addElement(new TD(new StringElement(getLabelManager().get("UserName")+":")));
|
||||
Input username = new Input(Input.TEXT, USERNAME, "");
|
||||
row1.addElement(new TD(username));
|
||||
|
||||
row2.addElement(new TD(new StringElement(WebGoatI18N.get("Password")+": ")));
|
||||
row2.addElement(new TD(new StringElement(getLabelManager().get("Password")+": ")));
|
||||
Input password = new Input(Input.PASSWORD, PASSWORD, "");
|
||||
row2.addElement(new TD(password));
|
||||
|
||||
Element b = ECSFactory.makeButton(WebGoatI18N.get("Login"));
|
||||
Element b = ECSFactory.makeButton(getLabelManager().get("Login"));
|
||||
row3.addElement(new TD(new StringElement(" ")));
|
||||
row3.addElement(new TD(b)).setAlign("right");
|
||||
|
||||
@ -105,7 +104,7 @@ public class LogSpoofing extends LessonAdapter
|
||||
|
||||
Table t2 = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
|
||||
TR row4 = new TR();
|
||||
row4.addElement(new TD(new PRE(WebGoatI18N.get("LoginFailedForUserName")+": " + inputUsername))).setBgColor(HtmlColor.GRAY);
|
||||
row4.addElement(new TD(new PRE(getLabelManager().get("LoginFailedForUserName")+": " + inputUsername))).setBgColor(HtmlColor.GRAY);
|
||||
|
||||
t2.addElement(row4);
|
||||
|
||||
@ -134,10 +133,10 @@ public class LogSpoofing extends LessonAdapter
|
||||
protected List<String> getHints(WebSession s)
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
hints.add(WebGoatI18N.get("LogSpoofingHint1"));
|
||||
hints.add(WebGoatI18N.get("LogSpoofingHint2"));
|
||||
hints.add(WebGoatI18N.get("LogSpoofingHint3"));
|
||||
hints.add(WebGoatI18N.get("LogSpoofingHint4"));
|
||||
hints.add(getLabelManager().get("LogSpoofingHint1"));
|
||||
hints.add(getLabelManager().get("LogSpoofingHint2"));
|
||||
hints.add(getLabelManager().get("LogSpoofingHint3"));
|
||||
hints.add(getLabelManager().get("LogSpoofingHint4"));
|
||||
return hints;
|
||||
}
|
||||
|
||||
|
||||
@ -16,7 +16,6 @@ import org.apache.ecs.html.TR;
|
||||
import org.apache.ecs.html.Table;
|
||||
import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -78,8 +77,8 @@ public class PathBasedAccessControl extends LessonAdapter
|
||||
}
|
||||
|
||||
String[] list = d.list();
|
||||
String listing = " <p><B>"+WebGoatI18N.get("CurrentDirectory")+"</B> " + Encoding.urlDecode(dir)
|
||||
+ "<br><br>"+WebGoatI18N.get("ChooseFileToView")+"</p>";
|
||||
String listing = " <p><B>"+getLabelManager().get("CurrentDirectory")+"</B> " + Encoding.urlDecode(dir)
|
||||
+ "<br><br>"+getLabelManager().get("ChooseFileToView")+"</p>";
|
||||
|
||||
TR tr = new TR();
|
||||
tr.addElement(new TD().setColSpan(2).addElement(new StringElement(listing)));
|
||||
@ -87,7 +86,7 @@ public class PathBasedAccessControl extends LessonAdapter
|
||||
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().setWidth("35%").addElement(ECSFactory.makePulldown(FILE, list, "", 15)));
|
||||
tr.addElement(new TD().addElement(ECSFactory.makeButton(WebGoatI18N.get("ViewFile"))));
|
||||
tr.addElement(new TD().addElement(ECSFactory.makeButton(getLabelManager().get("ViewFile"))));
|
||||
t.addElement(tr);
|
||||
|
||||
ec.addElement(t);
|
||||
@ -106,13 +105,13 @@ public class PathBasedAccessControl extends LessonAdapter
|
||||
// file
|
||||
if (upDirCount(file) == 3 && !file.endsWith("LICENSE"))
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("AccessDenied"));
|
||||
s.setMessage(WebGoatI18N.get("ItAppears1"));
|
||||
s.setMessage(getLabelManager().get("AccessDenied"));
|
||||
s.setMessage(getLabelManager().get("ItAppears1"));
|
||||
}
|
||||
else if (upDirCount(file) > 3)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("AccessDenied"));
|
||||
s.setMessage(WebGoatI18N.get("ItAppears2"));
|
||||
s.setMessage(getLabelManager().get("AccessDenied"));
|
||||
s.setMessage(getLabelManager().get("ItAppears2"));
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -131,13 +130,13 @@ public class PathBasedAccessControl extends LessonAdapter
|
||||
if (s.isDebug())
|
||||
{
|
||||
|
||||
s.setMessage(WebGoatI18N.get("File") + file);
|
||||
s.setMessage(WebGoatI18N.get("Dir")+ dir);
|
||||
s.setMessage(getLabelManager().get("File") + file);
|
||||
s.setMessage(getLabelManager().get("Dir")+ dir);
|
||||
// s.setMessage("File URI: " + "file:///" +
|
||||
// (Encoding.urlEncode(dir) + "\\" +
|
||||
// Encoding.urlEncode(file)).replaceAll("\\\\","/"));
|
||||
s.setMessage(WebGoatI18N.get("IsFile")+ f.isFile());
|
||||
s.setMessage(WebGoatI18N.get("Exists") + f.exists());
|
||||
s.setMessage(getLabelManager().get("IsFile")+ f.isFile());
|
||||
s.setMessage(getLabelManager().get("Exists") + f.exists());
|
||||
}
|
||||
if (!illegalCommand)
|
||||
{
|
||||
@ -147,21 +146,21 @@ public class PathBasedAccessControl extends LessonAdapter
|
||||
// directory listing we gave them.
|
||||
if (upDirCount(file) >= 1)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("CongratsAccessToFileAllowed"));
|
||||
s.setMessage(getLabelManager().get("CongratsAccessToFileAllowed"));
|
||||
s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath()));
|
||||
makeSuccess(s);
|
||||
}
|
||||
else
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("FileInAllowedDirectory"));
|
||||
s.setMessage(getLabelManager().get("FileInAllowedDirectory"));
|
||||
s.setMessage(" ==> " + Encoding.urlDecode(f.getCanonicalPath()));
|
||||
}
|
||||
}
|
||||
else if (file != null && file.length() != 0)
|
||||
{
|
||||
s
|
||||
.setMessage(WebGoatI18N.get("AccessToFileDenied1") + Encoding.urlDecode(f.getCanonicalPath())
|
||||
+ WebGoatI18N.get("AccessToFileDenied2"));
|
||||
.setMessage(getLabelManager().get("AccessToFileDenied1") + Encoding.urlDecode(f.getCanonicalPath())
|
||||
+ getLabelManager().get("AccessToFileDenied2"));
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -175,11 +174,11 @@ public class PathBasedAccessControl extends LessonAdapter
|
||||
ec.addElement(new BR());
|
||||
ec.addElement(new BR());
|
||||
ec.addElement(new HR().setWidth("100%"));
|
||||
ec.addElement(WebGoatI18N.get("ViewingFile")+ f.getCanonicalPath());
|
||||
ec.addElement(getLabelManager().get("ViewingFile")+ f.getCanonicalPath());
|
||||
ec.addElement(new HR().setWidth("100%"));
|
||||
if (f.length() > 80000) { throw new Exception(WebGoatI18N.get("FileTooLarge")); }
|
||||
if (f.length() > 80000) { throw new Exception(getLabelManager().get("FileTooLarge")); }
|
||||
String fileData = getFileText(new BufferedReader(new FileReader(f)), false);
|
||||
if (fileData.indexOf(0x00) != -1) { throw new Exception(WebGoatI18N.get("FileBinary")); }
|
||||
if (fileData.indexOf(0x00) != -1) { throw new Exception(getLabelManager().get("FileBinary")); }
|
||||
ec.addElement(new StringElement(fileData.replaceAll(System.getProperty("line.separator"), "<br>")
|
||||
.replaceAll("(?s)<!DOCTYPE.*/head>", "").replaceAll("<br><br>", "<br>")
|
||||
.replaceAll("<br>\\s<br>", "<br>").replaceAll("<\\?", "<").replaceAll("<(r|u|t)",
|
||||
@ -187,13 +186,13 @@ public class PathBasedAccessControl extends LessonAdapter
|
||||
} catch (Exception e)
|
||||
{
|
||||
ec.addElement(new BR());
|
||||
ec.addElement(WebGoatI18N.get("TheFollowingError"));
|
||||
ec.addElement(getLabelManager().get("TheFollowingError"));
|
||||
ec.addElement(e.getMessage());
|
||||
}
|
||||
}
|
||||
} catch (Exception e)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("ErrorGenerating")+ this.getClass().getName());
|
||||
s.setMessage(getLabelManager().get("ErrorGenerating")+ this.getClass().getName());
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
@ -230,10 +229,10 @@ public class PathBasedAccessControl extends LessonAdapter
|
||||
protected List<String> getHints(WebSession s)
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
hints.add(WebGoatI18N.get("PathBasedAccessControlHint1"));
|
||||
hints.add(WebGoatI18N.get("PathBasedAccessControlHint2"));
|
||||
hints.add(WebGoatI18N.get("PathBasedAccessControlHint3"));
|
||||
hints.add(WebGoatI18N.get("PathBasedAccessControlHint4"));
|
||||
hints.add(getLabelManager().get("PathBasedAccessControlHint1"));
|
||||
hints.add(getLabelManager().get("PathBasedAccessControlHint2"));
|
||||
hints.add(getLabelManager().get("PathBasedAccessControlHint3"));
|
||||
hints.add(getLabelManager().get("PathBasedAccessControlHint4"));
|
||||
|
||||
return hints;
|
||||
}
|
||||
@ -245,7 +244,7 @@ public class PathBasedAccessControl extends LessonAdapter
|
||||
*/
|
||||
public String getInstructions(WebSession s)
|
||||
{
|
||||
String instructions = WebGoatI18N.get("PathBasedAccessControlInstr1")+ s.getUserName() + WebGoatI18N.get("PathBasedAccessControlInstr2");
|
||||
String instructions = getLabelManager().get("PathBasedAccessControlInstr1")+ s.getUserName() + getLabelManager().get("PathBasedAccessControlInstr2");
|
||||
|
||||
return (instructions);
|
||||
}
|
||||
|
||||
@ -19,7 +19,6 @@ import org.apache.ecs.html.Table;
|
||||
import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.HtmlEncoder;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -88,13 +87,13 @@ public class ReflectedXSS extends LessonAdapter
|
||||
makeSuccess(s);
|
||||
}
|
||||
|
||||
s.setMessage(WebGoatI18N.get("ReflectedXSSWhoops1")+ param1 + WebGoatI18N.get("ReflectedXSSWhoops2"));
|
||||
s.setMessage(getLabelManager().get("ReflectedXSSWhoops1")+ param1 + getLabelManager().get("ReflectedXSSWhoops2"));
|
||||
}
|
||||
|
||||
// FIXME: encode output of field2, then s.setMessage( field2 );
|
||||
|
||||
ec.addElement(new HR().setWidth("90%"));
|
||||
ec.addElement(new Center().addElement(new H1().addElement(WebGoatI18N.get("ShoppingCart"))));
|
||||
ec.addElement(new Center().addElement(new H1().addElement(getLabelManager().get("ShoppingCart"))));
|
||||
Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
|
||||
|
||||
if (s.isColor())
|
||||
@ -103,10 +102,10 @@ public class ReflectedXSS extends LessonAdapter
|
||||
}
|
||||
|
||||
TR tr = new TR();
|
||||
tr.addElement(new TH().addElement(WebGoatI18N.get("ShoppingCartItems")).setWidth("80%"));
|
||||
tr.addElement(new TH().addElement(WebGoatI18N.get("Price")).setWidth("10%"));
|
||||
tr.addElement(new TH().addElement(WebGoatI18N.get("Quantity")).setWidth("3%"));
|
||||
tr.addElement(new TH().addElement(WebGoatI18N.get("Total")).setWidth("7%"));
|
||||
tr.addElement(new TH().addElement(getLabelManager().get("ShoppingCartItems")).setWidth("80%"));
|
||||
tr.addElement(new TH().addElement(getLabelManager().get("Price")).setWidth("10%"));
|
||||
tr.addElement(new TH().addElement(getLabelManager().get("Quantity")).setWidth("3%"));
|
||||
tr.addElement(new TH().addElement(getLabelManager().get("Total")).setWidth("7%"));
|
||||
t.addElement(tr);
|
||||
|
||||
tr = new TR();
|
||||
@ -171,24 +170,24 @@ public class ReflectedXSS extends LessonAdapter
|
||||
ec.addElement(new BR());
|
||||
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement(WebGoatI18N.get("TotalChargedCreditCard")+":"));
|
||||
tr.addElement(new TD().addElement(getLabelManager().get("TotalChargedCreditCard")+":"));
|
||||
tr.addElement(new TD().addElement(money.format(runningTotal)));
|
||||
tr.addElement(new TD().addElement(ECSFactory.makeButton(WebGoatI18N.get("UpdateCart"))));
|
||||
tr.addElement(new TD().addElement(ECSFactory.makeButton(getLabelManager().get("UpdateCart"))));
|
||||
t.addElement(tr);
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement(" ").setColSpan(2));
|
||||
t.addElement(tr);
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement(WebGoatI18N.get("EnterCreditCard")+":"));
|
||||
tr.addElement(new TD().addElement(getLabelManager().get("EnterCreditCard")+":"));
|
||||
tr.addElement(new TD().addElement(new Input(Input.TEXT, "field2", param2)));
|
||||
t.addElement(tr);
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement(WebGoatI18N.get("Enter3DigitCode")+":"));
|
||||
tr.addElement(new TD().addElement(getLabelManager().get("Enter3DigitCode")+":"));
|
||||
tr.addElement(new TD().addElement("<input name='field1' type='TEXT' value='" + param1 + "'>"));
|
||||
// tr.addElement(new TD().addElement(new Input(Input.TEXT, "field1",param1)));
|
||||
t.addElement(tr);
|
||||
|
||||
Element b = ECSFactory.makeButton(WebGoatI18N.get("Purchase"));
|
||||
Element b = ECSFactory.makeButton(getLabelManager().get("Purchase"));
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement(b).setColSpan(2).setAlign("center"));
|
||||
t.addElement(tr);
|
||||
@ -198,7 +197,7 @@ public class ReflectedXSS extends LessonAdapter
|
||||
ec.addElement(new HR().setWidth("90%"));
|
||||
} catch (Exception e)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
|
||||
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
|
||||
e.printStackTrace();
|
||||
}
|
||||
return (ec);
|
||||
@ -222,11 +221,11 @@ public class ReflectedXSS extends LessonAdapter
|
||||
protected List<String> getHints(WebSession s)
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
hints.add(WebGoatI18N.get("ReflectedXSSHint1"));
|
||||
hints.add(WebGoatI18N.get("ReflectedXSSHint2"));
|
||||
hints.add(WebGoatI18N.get("ReflectedXSSHint3"));
|
||||
hints.add(WebGoatI18N.get("ReflectedXSSHint4"));
|
||||
hints.add(WebGoatI18N.get("ReflectedXSSHint5"));
|
||||
hints.add(getLabelManager().get("ReflectedXSSHint1"));
|
||||
hints.add(getLabelManager().get("ReflectedXSSHint2"));
|
||||
hints.add(getLabelManager().get("ReflectedXSSHint3"));
|
||||
hints.add(getLabelManager().get("ReflectedXSSHint4"));
|
||||
hints.add(getLabelManager().get("ReflectedXSSHint5"));
|
||||
|
||||
return hints;
|
||||
}
|
||||
|
||||
@ -6,7 +6,6 @@ import java.util.List;
|
||||
import org.apache.ecs.Element;
|
||||
import org.apache.ecs.ElementContainer;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -79,11 +78,11 @@ public class RemoteAdminFlaw extends LessonAdapter
|
||||
public List<String> getHints(WebSession s)
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
hints.add(WebGoatI18N.get("RemoteAdminFlawHint1"));
|
||||
hints.add(WebGoatI18N.get("RemoteAdminFlawHint2"));
|
||||
hints.add(WebGoatI18N.get("RemoteAdminFlawHint3"));
|
||||
hints.add(WebGoatI18N.get("RemoteAdminFlawHint4"));
|
||||
hints.add(WebGoatI18N.get("RemoteAdminFlawHint5"));
|
||||
hints.add(getLabelManager().get("RemoteAdminFlawHint1"));
|
||||
hints.add(getLabelManager().get("RemoteAdminFlawHint2"));
|
||||
hints.add(getLabelManager().get("RemoteAdminFlawHint3"));
|
||||
hints.add(getLabelManager().get("RemoteAdminFlawHint4"));
|
||||
hints.add(getLabelManager().get("RemoteAdminFlawHint5"));
|
||||
|
||||
return hints;
|
||||
}
|
||||
|
||||
@ -19,7 +19,6 @@ import org.apache.ecs.html.PRE;
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -109,7 +108,7 @@ public class SqlAddData extends SequentialLessonAdapter
|
||||
}
|
||||
else
|
||||
{
|
||||
ec.addElement(WebGoatI18N.get("NoResultsMatched"));
|
||||
ec.addElement(getLabelManager().get("NoResultsMatched"));
|
||||
}
|
||||
|
||||
// see if the number of rows in the table has changed
|
||||
@ -131,7 +130,7 @@ public class SqlAddData extends SequentialLessonAdapter
|
||||
}
|
||||
} catch (Exception e)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
|
||||
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
@ -143,13 +142,13 @@ public class SqlAddData extends SequentialLessonAdapter
|
||||
protected Element makeAccountLine(WebSession s)
|
||||
{
|
||||
ElementContainer ec = new ElementContainer();
|
||||
ec.addElement(new P().addElement(WebGoatI18N.get("EnterUserid")));
|
||||
ec.addElement(new P().addElement(getLabelManager().get("EnterUserid")));
|
||||
|
||||
userid = s.getParser().getRawParameter(USERID, "jsmith");
|
||||
Input input = new Input(Input.TEXT, USERID, userid.toString());
|
||||
ec.addElement(input);
|
||||
|
||||
Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
|
||||
Element b = ECSFactory.makeButton(getLabelManager().get("Go!"));
|
||||
ec.addElement(b);
|
||||
|
||||
return ec;
|
||||
@ -185,11 +184,11 @@ public class SqlAddData extends SequentialLessonAdapter
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
|
||||
hints.add(WebGoatI18N.get("SqlAddDataHint1"));
|
||||
hints.add(WebGoatI18N.get("SqlAddDataHint2"));
|
||||
hints.add(WebGoatI18N.get("SqlAddDataHint3"));
|
||||
hints.add(WebGoatI18N.get("SqlAddDataHint4"));
|
||||
hints.add(WebGoatI18N.get("SqlAddDataHint5"));
|
||||
hints.add(getLabelManager().get("SqlAddDataHint1"));
|
||||
hints.add(getLabelManager().get("SqlAddDataHint2"));
|
||||
hints.add(getLabelManager().get("SqlAddDataHint3"));
|
||||
hints.add(getLabelManager().get("SqlAddDataHint4"));
|
||||
hints.add(getLabelManager().get("SqlAddDataHint5"));
|
||||
|
||||
return hints;
|
||||
}
|
||||
|
||||
@ -19,7 +19,6 @@ import org.apache.ecs.html.PRE;
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -117,7 +116,7 @@ public class SqlModifyData extends SequentialLessonAdapter
|
||||
}
|
||||
else
|
||||
{
|
||||
ec.addElement(WebGoatI18N.get("NoResultsMatched"));
|
||||
ec.addElement(getLabelManager().get("NoResultsMatched"));
|
||||
}
|
||||
|
||||
// see if target data was modified
|
||||
@ -149,7 +148,7 @@ public class SqlModifyData extends SequentialLessonAdapter
|
||||
}
|
||||
} catch (Exception e)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
|
||||
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
@ -161,13 +160,13 @@ public class SqlModifyData extends SequentialLessonAdapter
|
||||
protected Element makeAccountLine(WebSession s)
|
||||
{
|
||||
ElementContainer ec = new ElementContainer();
|
||||
ec.addElement(new P().addElement(WebGoatI18N.get("EnterUserid")));
|
||||
ec.addElement(new P().addElement(getLabelManager().get("EnterUserid")));
|
||||
|
||||
userid = s.getParser().getRawParameter(USERID, "jsmith");
|
||||
Input input = new Input(Input.TEXT, USERID, userid.toString());
|
||||
ec.addElement(input);
|
||||
|
||||
Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
|
||||
Element b = ECSFactory.makeButton(getLabelManager().get("Go!"));
|
||||
ec.addElement(b);
|
||||
|
||||
return ec;
|
||||
@ -203,11 +202,11 @@ public class SqlModifyData extends SequentialLessonAdapter
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
|
||||
hints.add(WebGoatI18N.get("SqlModifyDataHint1"));
|
||||
hints.add(WebGoatI18N.get("SqlModifyDataHint2"));
|
||||
hints.add(WebGoatI18N.get("SqlModifyDataHint3"));
|
||||
hints.add(WebGoatI18N.get("SqlModifyDataHint4"));
|
||||
hints.add(WebGoatI18N.get("SqlModifyDataHint5"));
|
||||
hints.add(getLabelManager().get("SqlModifyDataHint1"));
|
||||
hints.add(getLabelManager().get("SqlModifyDataHint2"));
|
||||
hints.add(getLabelManager().get("SqlModifyDataHint3"));
|
||||
hints.add(getLabelManager().get("SqlModifyDataHint4"));
|
||||
hints.add(getLabelManager().get("SqlModifyDataHint5"));
|
||||
|
||||
return hints;
|
||||
}
|
||||
|
||||
@ -22,7 +22,6 @@ import org.apache.ecs.html.Select;
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -131,14 +130,14 @@ public class SqlNumericInjection extends SequentialLessonAdapter
|
||||
getLessonTracker(s).setStage(2);
|
||||
StringBuffer msg = new StringBuffer();
|
||||
|
||||
msg.append(WebGoatI18N.get("NumericSqlInjectionSecondStage"));
|
||||
msg.append(getLabelManager().get("NumericSqlInjectionSecondStage"));
|
||||
|
||||
s.setMessage(msg.toString());
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
ec.addElement(WebGoatI18N.get("NoResultsMatched"));
|
||||
ec.addElement(getLabelManager().get("NoResultsMatched"));
|
||||
}
|
||||
|
||||
} catch (SQLException sqle)
|
||||
@ -147,7 +146,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
|
||||
}
|
||||
} catch (Exception e)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
|
||||
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
@ -158,7 +157,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
|
||||
{
|
||||
ElementContainer ec = new ElementContainer();
|
||||
|
||||
ec.addElement(WebGoatI18N.get("NumericSqlInjectionSecondStage2"));
|
||||
ec.addElement(getLabelManager().get("NumericSqlInjectionSecondStage2"));
|
||||
// if ( s.getParser().getRawParameter( ACCT_NUM, "101" ).equals("restart"))
|
||||
// {
|
||||
// getLessonTracker(s).setStage(1);
|
||||
@ -202,14 +201,14 @@ public class SqlNumericInjection extends SequentialLessonAdapter
|
||||
}
|
||||
else
|
||||
{
|
||||
ec.addElement(WebGoatI18N.get("NoResultsMatched"));
|
||||
ec.addElement(getLabelManager().get("NoResultsMatched"));
|
||||
}
|
||||
} catch (SQLException sqle)
|
||||
{
|
||||
ec.addElement(new P().addElement(sqle.getMessage()));
|
||||
} catch (NumberFormatException npe)
|
||||
{
|
||||
ec.addElement(new P().addElement(WebGoatI18N.get("ErrorParsingAsNumber") + npe.getMessage()));
|
||||
ec.addElement(new P().addElement(getLabelManager().get("ErrorParsingAsNumber") + npe.getMessage()));
|
||||
}
|
||||
} catch (Exception e)
|
||||
{
|
||||
@ -224,7 +223,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
|
||||
{
|
||||
ElementContainer ec = new ElementContainer();
|
||||
|
||||
ec.addElement(new P().addElement(WebGoatI18N.get("SelectYourStation")));
|
||||
ec.addElement(new P().addElement(getLabelManager().get("SelectYourStation")));
|
||||
|
||||
Map<String, String> stations = getStations(s);
|
||||
Select select = new Select(STATION_ID);
|
||||
@ -237,7 +236,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
|
||||
ec.addElement(select);
|
||||
ec.addElement(new P());
|
||||
|
||||
Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
|
||||
Element b = ECSFactory.makeButton(getLabelManager().get("Go!"));
|
||||
ec.addElement(b);
|
||||
|
||||
return ec;
|
||||
@ -307,10 +306,10 @@ public class SqlNumericInjection extends SequentialLessonAdapter
|
||||
protected List<String> getHints(WebSession s)
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
hints.add(WebGoatI18N.get("SqlNumericInjectionHint1"));
|
||||
hints.add(WebGoatI18N.get("SqlNumericInjectionHint2"));
|
||||
hints.add(WebGoatI18N.get("SqlNumericInjectionHint3"));
|
||||
hints.add(WebGoatI18N.get("SqlNumericInjectionHint4"));
|
||||
hints.add(getLabelManager().get("SqlNumericInjectionHint1"));
|
||||
hints.add(getLabelManager().get("SqlNumericInjectionHint2"));
|
||||
hints.add(getLabelManager().get("SqlNumericInjectionHint3"));
|
||||
hints.add(getLabelManager().get("SqlNumericInjectionHint4"));
|
||||
|
||||
|
||||
|
||||
|
||||
@ -18,7 +18,6 @@ import org.apache.ecs.html.PRE;
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -114,14 +113,14 @@ public class SqlStringInjection extends SequentialLessonAdapter
|
||||
|
||||
StringBuffer msg = new StringBuffer();
|
||||
|
||||
msg.append(WebGoatI18N.get("StringSqlInjectionSecondStage"));
|
||||
msg.append(getLabelManager().get("StringSqlInjectionSecondStage"));
|
||||
|
||||
s.setMessage(msg.toString());
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
ec.addElement(WebGoatI18N.get("NoResultsMatched"));
|
||||
ec.addElement(getLabelManager().get("NoResultsMatched"));
|
||||
}
|
||||
} catch (SQLException sqle)
|
||||
{
|
||||
@ -130,7 +129,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
|
||||
}
|
||||
} catch (Exception e)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
|
||||
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
@ -141,7 +140,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
|
||||
{
|
||||
ElementContainer ec = new ElementContainer();
|
||||
|
||||
ec.addElement(WebGoatI18N.get("StringSqlInjectionSecondStage"));
|
||||
ec.addElement(getLabelManager().get("StringSqlInjectionSecondStage"));
|
||||
if (s.getParser().getRawParameter(ACCT_NAME, "YOUR_NAME").equals("restart"))
|
||||
{
|
||||
getLessonTracker(s).getLessonProperties().setProperty(STAGE, "1");
|
||||
@ -180,7 +179,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
|
||||
}
|
||||
else
|
||||
{
|
||||
ec.addElement(WebGoatI18N.get("NoResultsMatched"));
|
||||
ec.addElement(getLabelManager().get("NoResultsMatched"));
|
||||
}
|
||||
} catch (SQLException sqle)
|
||||
{
|
||||
@ -188,7 +187,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
|
||||
}
|
||||
} catch (Exception e)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
|
||||
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
@ -198,13 +197,13 @@ public class SqlStringInjection extends SequentialLessonAdapter
|
||||
protected Element makeAccountLine(WebSession s)
|
||||
{
|
||||
ElementContainer ec = new ElementContainer();
|
||||
ec.addElement(new P().addElement(WebGoatI18N.get("EnterLastName")));
|
||||
ec.addElement(new P().addElement(getLabelManager().get("EnterLastName")));
|
||||
|
||||
accountName = s.getParser().getRawParameter(ACCT_NAME, "Your Name");
|
||||
Input input = new Input(Input.TEXT, ACCT_NAME, accountName.toString());
|
||||
ec.addElement(input);
|
||||
|
||||
Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
|
||||
Element b = ECSFactory.makeButton(getLabelManager().get("Go!"));
|
||||
ec.addElement(b);
|
||||
|
||||
return ec;
|
||||
@ -230,10 +229,10 @@ public class SqlStringInjection extends SequentialLessonAdapter
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
|
||||
hints.add(WebGoatI18N.get("SqlStringInjectionHint1"));
|
||||
hints.add(WebGoatI18N.get("SqlStringInjectionHint2"));
|
||||
hints.add(WebGoatI18N.get("SqlStringInjectionHint3"));
|
||||
hints.add(WebGoatI18N.get("SqlStringInjectionHint4"));
|
||||
hints.add(getLabelManager().get("SqlStringInjectionHint1"));
|
||||
hints.add(getLabelManager().get("SqlStringInjectionHint2"));
|
||||
hints.add(getLabelManager().get("SqlStringInjectionHint3"));
|
||||
hints.add(getLabelManager().get("SqlStringInjectionHint4"));
|
||||
|
||||
return hints;
|
||||
}
|
||||
|
||||
@ -21,7 +21,6 @@ import org.apache.ecs.html.Table;
|
||||
import org.apache.ecs.html.TextArea;
|
||||
import org.owasp.webgoat.session.*;
|
||||
import org.owasp.webgoat.util.HtmlEncoder;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
/**
|
||||
* *************************************************************************************************
|
||||
@ -110,7 +109,7 @@ public class StoredXss extends LessonAdapter {
|
||||
// that could be trapped here but we will let them try. One error would be something
|
||||
// like "Characters found after end of SQL statement."
|
||||
if (e.getMessage().indexOf("No ResultSet was produced") == -1) {
|
||||
s.setMessage(WebGoatI18N.get("CouldNotAddMessage"));
|
||||
s.setMessage(getLabelManager().get("CouldNotAddMessage"));
|
||||
}
|
||||
e.printStackTrace();
|
||||
}
|
||||
@ -151,10 +150,10 @@ public class StoredXss extends LessonAdapter {
|
||||
*/
|
||||
protected List<String> getHints(WebSession s) {
|
||||
List<String> hints = new ArrayList<String>();
|
||||
hints.add(WebGoatI18N.get("StoredXssHint1"));
|
||||
hints.add(WebGoatI18N.get("StoredXssHint2"));
|
||||
hints.add(WebGoatI18N.get("StoredXssHint3"));
|
||||
hints.add(WebGoatI18N.get("StoredXssHint4"));
|
||||
hints.add(getLabelManager().get("StoredXssHint1"));
|
||||
hints.add(getLabelManager().get("StoredXssHint2"));
|
||||
hints.add(getLabelManager().get("StoredXssHint3"));
|
||||
hints.add(getLabelManager().get("StoredXssHint4"));
|
||||
|
||||
return hints;
|
||||
}
|
||||
@ -201,14 +200,14 @@ public class StoredXss extends LessonAdapter {
|
||||
ResultSet results = statement.executeQuery();
|
||||
|
||||
if ((results != null) && results.first()) {
|
||||
ec.addElement(new H1(WebGoatI18N.get("MessageContentsFor") + ": " + results.getString(TITLE_COL)));
|
||||
ec.addElement(new H1(getLabelManager().get("MessageContentsFor") + ": " + results.getString(TITLE_COL)));
|
||||
Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
|
||||
TR row1 = new TR(new TD(new B(new StringElement(WebGoatI18N.get("Title") + ":"))));
|
||||
TR row1 = new TR(new TD(new B(new StringElement(getLabelManager().get("Title") + ":"))));
|
||||
row1.addElement(new TD(new StringElement(results.getString(TITLE_COL))));
|
||||
t.addElement(row1);
|
||||
|
||||
String messageData = results.getString(MESSAGE_COL);
|
||||
TR row2 = new TR(new TD(new B(new StringElement(WebGoatI18N.get("Message") + ":"))));
|
||||
TR row2 = new TR(new TD(new B(new StringElement(getLabelManager().get("Message") + ":"))));
|
||||
row2.addElement(new TD(new StringElement(messageData)));
|
||||
t.addElement(row2);
|
||||
|
||||
@ -217,7 +216,7 @@ public class StoredXss extends LessonAdapter {
|
||||
// if users use a cross site request forgery or XSS to make another user post a
|
||||
// message,
|
||||
// they can see that the message is attributed to that user
|
||||
TR row3 = new TR(new TD(new StringElement(WebGoatI18N.get("PostedBy") + ":")));
|
||||
TR row3 = new TR(new TD(new StringElement(getLabelManager().get("PostedBy") + ":")));
|
||||
row3.addElement(new TD(new StringElement(results.getString(USER_COL))));
|
||||
t.addElement(row3);
|
||||
|
||||
@ -232,11 +231,11 @@ public class StoredXss extends LessonAdapter {
|
||||
|
||||
} else {
|
||||
if (messageNum != 0) {
|
||||
ec.addElement(new P().addElement(WebGoatI18N.get("CouldNotFindMessage") + messageNum));
|
||||
ec.addElement(new P().addElement(getLabelManager().get("CouldNotFindMessage") + messageNum));
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
|
||||
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
@ -253,14 +252,14 @@ public class StoredXss extends LessonAdapter {
|
||||
Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
|
||||
TR row1 = new TR();
|
||||
TR row2 = new TR();
|
||||
row1.addElement(new TD(new StringElement(WebGoatI18N.get("Title") + ": ")));
|
||||
row1.addElement(new TD(new StringElement(getLabelManager().get("Title") + ": ")));
|
||||
|
||||
Input inputTitle = new Input(Input.TEXT, TITLE, "");
|
||||
row1.addElement(new TD(inputTitle));
|
||||
|
||||
TD item1 = new TD();
|
||||
item1.setVAlign("TOP");
|
||||
item1.addElement(new StringElement(WebGoatI18N.get("Message") + ": "));
|
||||
item1.addElement(new StringElement(getLabelManager().get("Message") + ": "));
|
||||
row2.addElement(item1);
|
||||
|
||||
TD item2 = new TD();
|
||||
@ -270,7 +269,7 @@ public class StoredXss extends LessonAdapter {
|
||||
t.addElement(row1);
|
||||
t.addElement(row2);
|
||||
|
||||
Element b = ECSFactory.makeButton(WebGoatI18N.get("Submit"));
|
||||
Element b = ECSFactory.makeButton(getLabelManager().get("Submit"));
|
||||
ElementContainer ec = new ElementContainer();
|
||||
ec.addElement(t);
|
||||
ec.addElement(new P().addElement(b));
|
||||
@ -312,11 +311,11 @@ public class StoredXss extends LessonAdapter {
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
s.setMessage(WebGoatI18N.get("ErrorGeneratingMessageList"));
|
||||
s.setMessage(getLabelManager().get("ErrorGeneratingMessageList"));
|
||||
}
|
||||
|
||||
ElementContainer ec = new ElementContainer();
|
||||
ec.addElement(new H1(WebGoatI18N.get("MessageList")));
|
||||
ec.addElement(new H1(getLabelManager().get("MessageList")));
|
||||
ec.addElement(t);
|
||||
|
||||
return (ec);
|
||||
|
||||
@ -18,7 +18,6 @@ import org.apache.ecs.html.TH;
|
||||
import org.apache.ecs.html.TR;
|
||||
import org.apache.ecs.html.Table;
|
||||
import org.owasp.webgoat.session.*;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
@ -104,7 +103,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
|
||||
}
|
||||
else
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("InvalidCookie"));
|
||||
s.setMessage(getLabelManager().get("InvalidCookie"));
|
||||
s.eatCookies();
|
||||
}
|
||||
}
|
||||
@ -142,14 +141,14 @@ public class WeakAuthenticationCookie extends LessonAdapter
|
||||
if (loginID != "")
|
||||
{
|
||||
Cookie newCookie = new Cookie(AUTHCOOKIE, loginID);
|
||||
s.setMessage(WebGoatI18N.get("IdentityRemembered"));
|
||||
s.setMessage(getLabelManager().get("IdentityRemembered"));
|
||||
s.getResponse().addCookie(newCookie);
|
||||
|
||||
return (username);
|
||||
}
|
||||
else
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("InvalidUsernameAndPassword"));
|
||||
s.setMessage(getLabelManager().get("InvalidUsernameAndPassword"));
|
||||
}
|
||||
}
|
||||
|
||||
@ -169,7 +168,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
|
||||
|
||||
if (logout)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("PasswordForgotten"));
|
||||
s.setMessage(getLabelManager().get("PasswordForgotten"));
|
||||
s.eatCookies();
|
||||
|
||||
return (makeLogin(s));
|
||||
@ -186,7 +185,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
|
||||
if ((user != null) && (user.length() > 0)) { return (makeUser(s, user, "PARAMETERS")); }
|
||||
} catch (Exception e)
|
||||
{
|
||||
s.setMessage(WebGoatI18N.get("ErrorGenerating") + this.getClass().getName());
|
||||
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
@ -251,10 +250,10 @@ public class WeakAuthenticationCookie extends LessonAdapter
|
||||
protected List<String> getHints(WebSession s)
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
hints.add(WebGoatI18N.get("WeakAuthenticationCookieHints1"));
|
||||
hints.add(WebGoatI18N.get("WeakAuthenticationCookieHints2"));
|
||||
hints.add(WebGoatI18N.get("WeakAuthenticationCookieHints3"));
|
||||
hints.add(WebGoatI18N.get("WeakAuthenticationCookieHints4"));
|
||||
hints.add(getLabelManager().get("WeakAuthenticationCookieHints1"));
|
||||
hints.add(getLabelManager().get("WeakAuthenticationCookieHints2"));
|
||||
hints.add(getLabelManager().get("WeakAuthenticationCookieHints3"));
|
||||
hints.add(getLabelManager().get("WeakAuthenticationCookieHints4"));
|
||||
|
||||
|
||||
return hints;
|
||||
@ -290,7 +289,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
|
||||
{
|
||||
ElementContainer ec = new ElementContainer();
|
||||
|
||||
ec.addElement(new H1().addElement(WebGoatI18N.get("SignIn")));
|
||||
ec.addElement(new H1().addElement(getLabelManager().get("SignIn")));
|
||||
Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
|
||||
|
||||
if (s.isColor())
|
||||
@ -300,12 +299,12 @@ public class WeakAuthenticationCookie extends LessonAdapter
|
||||
|
||||
TR tr = new TR();
|
||||
tr.addElement(new TH()
|
||||
.addElement(WebGoatI18N.get("WeakAuthenticationCookiePleaseSignIn"))
|
||||
.addElement(getLabelManager().get("WeakAuthenticationCookiePleaseSignIn"))
|
||||
.setColSpan(2).setAlign("left"));
|
||||
t.addElement(tr);
|
||||
|
||||
tr = new TR();
|
||||
tr.addElement(new TD().addElement("*"+WebGoatI18N.get("RequiredFields")).setWidth("30%"));
|
||||
tr.addElement(new TD().addElement("*"+getLabelManager().get("RequiredFields")).setWidth("30%"));
|
||||
t.addElement(tr);
|
||||
|
||||
tr = new TR();
|
||||
@ -314,8 +313,8 @@ public class WeakAuthenticationCookie extends LessonAdapter
|
||||
|
||||
TR row1 = new TR();
|
||||
TR row2 = new TR();
|
||||
row1.addElement(new TD(new B(new StringElement("*"+WebGoatI18N.get("UserName")))));
|
||||
row2.addElement(new TD(new B(new StringElement("*"+WebGoatI18N.get("Password")))));
|
||||
row1.addElement(new TD(new B(new StringElement("*"+getLabelManager().get("UserName")))));
|
||||
row2.addElement(new TD(new B(new StringElement("*"+getLabelManager().get("Password")))));
|
||||
|
||||
Input input1 = new Input(Input.TEXT, USERNAME, "");
|
||||
Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
|
||||
@ -324,7 +323,7 @@ public class WeakAuthenticationCookie extends LessonAdapter
|
||||
t.addElement(row1);
|
||||
t.addElement(row2);
|
||||
|
||||
Element b = ECSFactory.makeButton(WebGoatI18N.get("Login"));
|
||||
Element b = ECSFactory.makeButton(getLabelManager().get("Login"));
|
||||
t.addElement(new TR(new TD(b)));
|
||||
ec.addElement(t);
|
||||
|
||||
@ -347,10 +346,10 @@ public class WeakAuthenticationCookie extends LessonAdapter
|
||||
protected Element makeUser(WebSession s, String user, String method) throws Exception
|
||||
{
|
||||
ElementContainer ec = new ElementContainer();
|
||||
ec.addElement(new P().addElement(WebGoatI18N.get("WelcomeUser") + user));
|
||||
ec.addElement(new P().addElement(WebGoatI18N.get("YouHaveBeenAuthenticatedWith") + method));
|
||||
ec.addElement(new P().addElement(ECSFactory.makeLink(WebGoatI18N.get("Logout"), LOGOUT, true)));
|
||||
ec.addElement(new P().addElement(ECSFactory.makeLink(WebGoatI18N.get("Refresh"), "", "")));
|
||||
ec.addElement(new P().addElement(getLabelManager().get("WelcomeUser") + user));
|
||||
ec.addElement(new P().addElement(getLabelManager().get("YouHaveBeenAuthenticatedWith") + method));
|
||||
ec.addElement(new P().addElement(ECSFactory.makeLink(getLabelManager().get("Logout"), LOGOUT, true)));
|
||||
ec.addElement(new P().addElement(ECSFactory.makeLink(getLabelManager().get("Refresh"), "", "")));
|
||||
|
||||
return (ec);
|
||||
}
|
||||
|
||||
@ -1,398 +1,397 @@
|
||||
package org.owasp.webgoat.session;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.LinkedList;
|
||||
import javax.servlet.ServletContext;
|
||||
import org.owasp.webgoat.HammerHead;
|
||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||
import org.owasp.webgoat.lessons.Category;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
/**
|
||||
* *************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project
|
||||
* utility. For details, please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 20014 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under
|
||||
* the terms of the GNU General Public License as published by the Free Software
|
||||
* Foundation; either version 2 of the License, or (at your option) any later
|
||||
* version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
* details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with
|
||||
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
|
||||
* Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
|
||||
* for free software projects.
|
||||
*
|
||||
* For details, please see http://webgoat.github.io
|
||||
*
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
public class Course {
|
||||
|
||||
final Logger logger = LoggerFactory.getLogger(Course.class);
|
||||
|
||||
private final List<AbstractLesson> lessons = new LinkedList<AbstractLesson>();
|
||||
|
||||
private final static String PROPERTIES_FILENAME = HammerHead.propertiesPath;
|
||||
|
||||
private WebgoatProperties properties = null;
|
||||
|
||||
private final List<String> files = new LinkedList<String>();
|
||||
|
||||
private WebgoatContext webgoatContext;
|
||||
|
||||
public Course() {
|
||||
try {
|
||||
properties = new WebgoatProperties(PROPERTIES_FILENAME);
|
||||
} catch (IOException e) {
|
||||
logger.error("Error loading webgoat properties", e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Take an absolute file and return the filename.
|
||||
*
|
||||
* Ex. /etc/password becomes password
|
||||
*
|
||||
* @param s
|
||||
* @return the file name
|
||||
*/
|
||||
private static String getFileName(String s) {
|
||||
String fileName = new File(s).getName();
|
||||
|
||||
if (fileName.contains("/")) {
|
||||
fileName = fileName.substring(fileName.lastIndexOf("/"), fileName.length());
|
||||
}
|
||||
|
||||
if (fileName.contains(".")) {
|
||||
fileName = fileName.substring(0, fileName.indexOf("."));
|
||||
}
|
||||
|
||||
return fileName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Take a class name and return the equivalent file name
|
||||
*
|
||||
* Ex. org.owasp.webgoat becomes org/owasp/webgoat.java
|
||||
*
|
||||
* @param className
|
||||
* @return
|
||||
*/
|
||||
private static String getSourceFile(String className) {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
|
||||
sb.append(className.replace(".", "/"));
|
||||
sb.append(".java");
|
||||
|
||||
return sb.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Takes a file name and builds the class file name
|
||||
*
|
||||
* @param fileName Description of the Parameter
|
||||
* @param path Description of the Parameter
|
||||
* @return Description of the Return Value
|
||||
*/
|
||||
private static String getClassFile(String fileName, String path) {
|
||||
String ext = ".class";
|
||||
fileName = fileName.trim();
|
||||
|
||||
/**
|
||||
* We do not handle directories. We do not handle files with different
|
||||
* extensions
|
||||
*/
|
||||
if (fileName.endsWith("/") || !fileName.endsWith(ext)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// if the file is in /WEB-INF/classes strip the dir info off
|
||||
int index = fileName.indexOf("/WEB-INF/classes/");
|
||||
if (index != -1) {
|
||||
fileName = fileName.substring(index + "/WEB-INF/classes/".length(), fileName.length() - ext.length());
|
||||
fileName = fileName.replace('/', '.');
|
||||
fileName = fileName.replace('\\', '.');
|
||||
} else {
|
||||
// Strip off the leading path info
|
||||
fileName = fileName.substring(path.length(), fileName.length() - ext.length());
|
||||
}
|
||||
|
||||
return fileName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the categories attribute of the Course object
|
||||
*
|
||||
* @return The categories value
|
||||
*/
|
||||
public List getCategories() {
|
||||
List<Category> categories = new ArrayList<Category>();
|
||||
for (AbstractLesson lesson : lessons) {
|
||||
if (!categories.contains(lesson.getCategory())) {
|
||||
categories.add(lesson.getCategory());
|
||||
}
|
||||
}
|
||||
|
||||
Collections.sort(categories);
|
||||
|
||||
return categories;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the firstLesson attribute of the Course object
|
||||
*
|
||||
* @return The firstLesson value
|
||||
*/
|
||||
public AbstractLesson getFirstLesson() {
|
||||
List<String> roles = new ArrayList<String>();
|
||||
roles.add(AbstractLesson.USER_ROLE);
|
||||
// Category 0 is the admin function. We want the first real category
|
||||
// to be returned. This is noramally the General category and the Http Basics lesson
|
||||
return ((AbstractLesson) getLessons((Category) getCategories().get(0), roles).get(0));
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the lesson attribute of the Course object
|
||||
*
|
||||
* @param s
|
||||
* @param lessonId Description of the Parameter
|
||||
* @param roles
|
||||
* @return The lesson value
|
||||
*/
|
||||
public AbstractLesson getLesson(WebSession s, int lessonId, List<String> roles) {
|
||||
if (s.isHackedAdmin()) {
|
||||
roles.add(AbstractLesson.HACKED_ADMIN_ROLE);
|
||||
}
|
||||
// System.out.println("getLesson() with roles: " + roles);
|
||||
Iterator<AbstractLesson> iter = lessons.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
AbstractLesson lesson = iter.next();
|
||||
|
||||
// System.out.println("getLesson() at role: " + lesson.getRole());
|
||||
if (lesson.getScreenId() == lessonId && roles.contains(lesson.getRole())) {
|
||||
return lesson;
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public AbstractLesson getLesson(WebSession s, int lessonId, String role) {
|
||||
List<String> roles = new ArrayList<String>();
|
||||
roles.add(role);
|
||||
return getLesson(s, lessonId, roles);
|
||||
}
|
||||
|
||||
public List getLessons(WebSession s, String role) {
|
||||
List<String> roles = new ArrayList<String>();
|
||||
roles.add(role);
|
||||
return getLessons(s, roles);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the lessons attribute of the Course object
|
||||
*
|
||||
* @param s
|
||||
* @param roles
|
||||
* @return The lessons value
|
||||
*/
|
||||
public List<AbstractLesson> getLessons(WebSession s, List<String> roles) {
|
||||
if (s.isHackedAdmin()) {
|
||||
roles.add(AbstractLesson.HACKED_ADMIN_ROLE);
|
||||
}
|
||||
List<AbstractLesson> lessonList = new ArrayList<AbstractLesson>();
|
||||
Iterator categoryIter = getCategories().iterator();
|
||||
|
||||
while (categoryIter.hasNext()) {
|
||||
lessonList.addAll(getLessons(s, (Category) categoryIter.next(), roles));
|
||||
}
|
||||
return lessonList;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the lessons attribute of the Course object
|
||||
*
|
||||
* @param category Description of the Parameter
|
||||
* @param role Description of the Parameter
|
||||
* @return The lessons value
|
||||
*/
|
||||
private List<AbstractLesson> getLessons(Category category, List roles) {
|
||||
List<AbstractLesson> lessonList = new ArrayList<AbstractLesson>();
|
||||
|
||||
for (AbstractLesson lesson : lessons) {
|
||||
if (lesson.getCategory().equals(category) && roles.contains(lesson.getRole())) {
|
||||
lessonList.add(lesson);
|
||||
}
|
||||
}
|
||||
|
||||
Collections.sort(lessonList);
|
||||
// System.out.println(java.util.Arrays.asList(lessonList));
|
||||
return lessonList;
|
||||
}
|
||||
|
||||
public List getLessons(WebSession s, Category category, String role) {
|
||||
List<String> roles = new ArrayList<String>();
|
||||
roles.add(role);
|
||||
return getLessons(s, category, roles);
|
||||
}
|
||||
|
||||
public List<AbstractLesson> getLessons(WebSession s, Category category, List<String> roles) {
|
||||
if (s.isHackedAdmin()) {
|
||||
roles.add(AbstractLesson.HACKED_ADMIN_ROLE);
|
||||
}
|
||||
return getLessons(category, roles);
|
||||
}
|
||||
|
||||
public AbstractLesson getLesson(int lessonId) {
|
||||
for (AbstractLesson l : lessons) {
|
||||
if (l.getScreenId() == lessonId) {
|
||||
return l;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Load all of the filenames into a temporary cache
|
||||
*
|
||||
* @param context
|
||||
* @param path
|
||||
*/
|
||||
private void loadFiles(ServletContext context, String path) {
|
||||
logger.debug("Loading files into cache, path: " + path);
|
||||
Set resourcePaths = context.getResourcePaths(path);
|
||||
if (resourcePaths == null) {
|
||||
logger.error("Unable to load file cache for courses, this is probably a bug or configuration issue");
|
||||
return;
|
||||
}
|
||||
Iterator itr = resourcePaths.iterator();
|
||||
|
||||
while (itr.hasNext()) {
|
||||
String file = (String) itr.next();
|
||||
|
||||
if (file.length() != 1 && file.endsWith("/")) {
|
||||
loadFiles(context, file);
|
||||
} else {
|
||||
files.add(file);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Instantiate all the lesson objects into a cache
|
||||
*
|
||||
* @param path
|
||||
*/
|
||||
private void loadLessons(String path) {
|
||||
for (String file : files) {
|
||||
String className = getClassFile(file, path);
|
||||
|
||||
if (className != null && !className.endsWith("_i")) {
|
||||
try {
|
||||
Class c = Class.forName(className);
|
||||
Object o = c.newInstance();
|
||||
|
||||
if (o instanceof AbstractLesson) {
|
||||
AbstractLesson lesson = (AbstractLesson) o;
|
||||
lesson.setWebgoatContext(webgoatContext);
|
||||
|
||||
lesson.update(properties);
|
||||
|
||||
if (lesson.getHidden() == false) {
|
||||
lessons.add(lesson);
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
logger.error("Error in loadLessons: ", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private String getLanguageFromFileName(String first, String absoluteFile) {
|
||||
int p1 = absoluteFile.indexOf("/", absoluteFile.indexOf(first) + 1);
|
||||
int p2 = absoluteFile.indexOf("/", p1 + 1);
|
||||
String langStr = absoluteFile.substring(p1 + 1, p2);
|
||||
|
||||
return langStr;
|
||||
}
|
||||
|
||||
/**
|
||||
* For each lesson, set the source file and lesson file
|
||||
*/
|
||||
private void loadResources() {
|
||||
for (AbstractLesson lesson : lessons) {
|
||||
logger.info("Loading resources for lesson -> " + lesson.getName());
|
||||
String className = lesson.getClass().getName();
|
||||
String classFile = getSourceFile(className);
|
||||
logger.info("Lesson classname: " + className);
|
||||
logger.info("Lesson java file: " + classFile);
|
||||
|
||||
for (String absoluteFile : files) {
|
||||
String fileName = getFileName(absoluteFile);
|
||||
//logger.debug("Course: looking at file: " + absoluteFile);
|
||||
|
||||
if (absoluteFile.endsWith(classFile)) {
|
||||
logger.info("Set source file for " + classFile);
|
||||
lesson.setSourceFileName(absoluteFile);
|
||||
}
|
||||
|
||||
if (absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html")
|
||||
&& className.endsWith(fileName)) {
|
||||
logger.info("setting lesson plan file " + absoluteFile + " for lesson "
|
||||
+ lesson.getClass().getName());
|
||||
logger.info("fileName: " + fileName + " == className: " + className);
|
||||
String language = getLanguageFromFileName("/lesson_plans", absoluteFile);
|
||||
lesson.setLessonPlanFileName(language, absoluteFile);
|
||||
WebGoatI18N.loadLanguage(language);
|
||||
}
|
||||
if (absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html")
|
||||
&& className.endsWith(fileName)) {
|
||||
logger.info("setting lesson solution file " + absoluteFile + " for lesson "
|
||||
+ lesson.getClass().getName());
|
||||
logger.info("fileName: " + fileName + " == className: " + className);
|
||||
lesson.setLessonSolutionFileName(absoluteFile);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Description of the Method
|
||||
*
|
||||
* @param webgoatContext
|
||||
* @param path Description of the Parameter
|
||||
* @param context Description of the Parameter
|
||||
*/
|
||||
public void loadCourses(WebgoatContext webgoatContext, ServletContext context, String path) {
|
||||
logger.info("Loading courses: " + path);
|
||||
this.webgoatContext = webgoatContext;
|
||||
loadFiles(context, path);
|
||||
loadLessons(path);
|
||||
loadResources();
|
||||
}
|
||||
}
|
||||
package org.owasp.webgoat.session;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.LinkedList;
|
||||
import javax.servlet.ServletContext;
|
||||
import org.owasp.webgoat.HammerHead;
|
||||
import org.owasp.webgoat.lessons.AbstractLesson;
|
||||
import org.owasp.webgoat.lessons.Category;
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
/**
|
||||
* *************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project
|
||||
* utility. For details, please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 20014 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under
|
||||
* the terms of the GNU General Public License as published by the Free Software
|
||||
* Foundation; either version 2 of the License, or (at your option) any later
|
||||
* version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
* details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with
|
||||
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
|
||||
* Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
|
||||
* for free software projects.
|
||||
*
|
||||
* For details, please see http://webgoat.github.io
|
||||
*
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
public class Course {
|
||||
|
||||
final Logger logger = LoggerFactory.getLogger(Course.class);
|
||||
|
||||
private final List<AbstractLesson> lessons = new LinkedList<AbstractLesson>();
|
||||
|
||||
private final static String PROPERTIES_FILENAME = HammerHead.propertiesPath;
|
||||
|
||||
private WebgoatProperties properties = null;
|
||||
|
||||
private final List<String> files = new LinkedList<String>();
|
||||
|
||||
private WebgoatContext webgoatContext;
|
||||
|
||||
public Course() {
|
||||
try {
|
||||
properties = new WebgoatProperties(PROPERTIES_FILENAME);
|
||||
} catch (IOException e) {
|
||||
logger.error("Error loading webgoat properties", e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Take an absolute file and return the filename.
|
||||
*
|
||||
* Ex. /etc/password becomes password
|
||||
*
|
||||
* @param s
|
||||
* @return the file name
|
||||
*/
|
||||
private static String getFileName(String s) {
|
||||
String fileName = new File(s).getName();
|
||||
|
||||
if (fileName.contains("/")) {
|
||||
fileName = fileName.substring(fileName.lastIndexOf("/"), fileName.length());
|
||||
}
|
||||
|
||||
if (fileName.contains(".")) {
|
||||
fileName = fileName.substring(0, fileName.indexOf("."));
|
||||
}
|
||||
|
||||
return fileName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Take a class name and return the equivalent file name
|
||||
*
|
||||
* Ex. org.owasp.webgoat becomes org/owasp/webgoat.java
|
||||
*
|
||||
* @param className
|
||||
* @return
|
||||
*/
|
||||
private static String getSourceFile(String className) {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
|
||||
sb.append(className.replace(".", "/"));
|
||||
sb.append(".java");
|
||||
|
||||
return sb.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Takes a file name and builds the class file name
|
||||
*
|
||||
* @param fileName Description of the Parameter
|
||||
* @param path Description of the Parameter
|
||||
* @return Description of the Return Value
|
||||
*/
|
||||
private static String getClassFile(String fileName, String path) {
|
||||
String ext = ".class";
|
||||
fileName = fileName.trim();
|
||||
|
||||
/**
|
||||
* We do not handle directories. We do not handle files with different
|
||||
* extensions
|
||||
*/
|
||||
if (fileName.endsWith("/") || !fileName.endsWith(ext)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// if the file is in /WEB-INF/classes strip the dir info off
|
||||
int index = fileName.indexOf("/WEB-INF/classes/");
|
||||
if (index != -1) {
|
||||
fileName = fileName.substring(index + "/WEB-INF/classes/".length(), fileName.length() - ext.length());
|
||||
fileName = fileName.replace('/', '.');
|
||||
fileName = fileName.replace('\\', '.');
|
||||
} else {
|
||||
// Strip off the leading path info
|
||||
fileName = fileName.substring(path.length(), fileName.length() - ext.length());
|
||||
}
|
||||
|
||||
return fileName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the categories attribute of the Course object
|
||||
*
|
||||
* @return The categories value
|
||||
*/
|
||||
public List getCategories() {
|
||||
List<Category> categories = new ArrayList<Category>();
|
||||
for (AbstractLesson lesson : lessons) {
|
||||
if (!categories.contains(lesson.getCategory())) {
|
||||
categories.add(lesson.getCategory());
|
||||
}
|
||||
}
|
||||
|
||||
Collections.sort(categories);
|
||||
|
||||
return categories;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the firstLesson attribute of the Course object
|
||||
*
|
||||
* @return The firstLesson value
|
||||
*/
|
||||
public AbstractLesson getFirstLesson() {
|
||||
List<String> roles = new ArrayList<String>();
|
||||
roles.add(AbstractLesson.USER_ROLE);
|
||||
// Category 0 is the admin function. We want the first real category
|
||||
// to be returned. This is noramally the General category and the Http Basics lesson
|
||||
return ((AbstractLesson) getLessons((Category) getCategories().get(0), roles).get(0));
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the lesson attribute of the Course object
|
||||
*
|
||||
* @param s
|
||||
* @param lessonId Description of the Parameter
|
||||
* @param roles
|
||||
* @return The lesson value
|
||||
*/
|
||||
public AbstractLesson getLesson(WebSession s, int lessonId, List<String> roles) {
|
||||
if (s.isHackedAdmin()) {
|
||||
roles.add(AbstractLesson.HACKED_ADMIN_ROLE);
|
||||
}
|
||||
// System.out.println("getLesson() with roles: " + roles);
|
||||
Iterator<AbstractLesson> iter = lessons.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
AbstractLesson lesson = iter.next();
|
||||
|
||||
// System.out.println("getLesson() at role: " + lesson.getRole());
|
||||
if (lesson.getScreenId() == lessonId && roles.contains(lesson.getRole())) {
|
||||
return lesson;
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public AbstractLesson getLesson(WebSession s, int lessonId, String role) {
|
||||
List<String> roles = new ArrayList<String>();
|
||||
roles.add(role);
|
||||
return getLesson(s, lessonId, roles);
|
||||
}
|
||||
|
||||
public List getLessons(WebSession s, String role) {
|
||||
List<String> roles = new ArrayList<String>();
|
||||
roles.add(role);
|
||||
return getLessons(s, roles);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the lessons attribute of the Course object
|
||||
*
|
||||
* @param s
|
||||
* @param roles
|
||||
* @return The lessons value
|
||||
*/
|
||||
public List<AbstractLesson> getLessons(WebSession s, List<String> roles) {
|
||||
if (s.isHackedAdmin()) {
|
||||
roles.add(AbstractLesson.HACKED_ADMIN_ROLE);
|
||||
}
|
||||
List<AbstractLesson> lessonList = new ArrayList<AbstractLesson>();
|
||||
Iterator categoryIter = getCategories().iterator();
|
||||
|
||||
while (categoryIter.hasNext()) {
|
||||
lessonList.addAll(getLessons(s, (Category) categoryIter.next(), roles));
|
||||
}
|
||||
return lessonList;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the lessons attribute of the Course object
|
||||
*
|
||||
* @param category Description of the Parameter
|
||||
* @param role Description of the Parameter
|
||||
* @return The lessons value
|
||||
*/
|
||||
private List<AbstractLesson> getLessons(Category category, List roles) {
|
||||
List<AbstractLesson> lessonList = new ArrayList<AbstractLesson>();
|
||||
|
||||
for (AbstractLesson lesson : lessons) {
|
||||
if (lesson.getCategory().equals(category) && roles.contains(lesson.getRole())) {
|
||||
lessonList.add(lesson);
|
||||
}
|
||||
}
|
||||
|
||||
Collections.sort(lessonList);
|
||||
// System.out.println(java.util.Arrays.asList(lessonList));
|
||||
return lessonList;
|
||||
}
|
||||
|
||||
public List getLessons(WebSession s, Category category, String role) {
|
||||
List<String> roles = new ArrayList<String>();
|
||||
roles.add(role);
|
||||
return getLessons(s, category, roles);
|
||||
}
|
||||
|
||||
public List<AbstractLesson> getLessons(WebSession s, Category category, List<String> roles) {
|
||||
if (s.isHackedAdmin()) {
|
||||
roles.add(AbstractLesson.HACKED_ADMIN_ROLE);
|
||||
}
|
||||
return getLessons(category, roles);
|
||||
}
|
||||
|
||||
public AbstractLesson getLesson(int lessonId) {
|
||||
for (AbstractLesson l : lessons) {
|
||||
if (l.getScreenId() == lessonId) {
|
||||
return l;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Load all of the filenames into a temporary cache
|
||||
*
|
||||
* @param context
|
||||
* @param path
|
||||
*/
|
||||
private void loadFiles(ServletContext context, String path) {
|
||||
logger.debug("Loading files into cache, path: " + path);
|
||||
Set resourcePaths = context.getResourcePaths(path);
|
||||
if (resourcePaths == null) {
|
||||
logger.error("Unable to load file cache for courses, this is probably a bug or configuration issue");
|
||||
return;
|
||||
}
|
||||
Iterator itr = resourcePaths.iterator();
|
||||
|
||||
while (itr.hasNext()) {
|
||||
String file = (String) itr.next();
|
||||
|
||||
if (file.length() != 1 && file.endsWith("/")) {
|
||||
loadFiles(context, file);
|
||||
} else {
|
||||
files.add(file);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Instantiate all the lesson objects into a cache
|
||||
*
|
||||
* @param path
|
||||
*/
|
||||
private void loadLessons(String path) {
|
||||
for (String file : files) {
|
||||
String className = getClassFile(file, path);
|
||||
|
||||
if (className != null && !className.endsWith("_i")) {
|
||||
try {
|
||||
Class c = Class.forName(className);
|
||||
Object o = c.newInstance();
|
||||
|
||||
if (o instanceof AbstractLesson) {
|
||||
AbstractLesson lesson = (AbstractLesson) o;
|
||||
lesson.setWebgoatContext(webgoatContext);
|
||||
|
||||
lesson.update(properties);
|
||||
|
||||
if (lesson.getHidden() == false) {
|
||||
lessons.add(lesson);
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
logger.error("Error in loadLessons: ", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private String getLanguageFromFileName(String first, String absoluteFile) {
|
||||
int p1 = absoluteFile.indexOf("/", absoluteFile.indexOf(first) + 1);
|
||||
int p2 = absoluteFile.indexOf("/", p1 + 1);
|
||||
String langStr = absoluteFile.substring(p1 + 1, p2);
|
||||
|
||||
return langStr;
|
||||
}
|
||||
|
||||
/**
|
||||
* For each lesson, set the source file and lesson file
|
||||
*/
|
||||
private void loadResources() {
|
||||
for (AbstractLesson lesson : lessons) {
|
||||
logger.info("Loading resources for lesson -> " + lesson.getName());
|
||||
String className = lesson.getClass().getName();
|
||||
String classFile = getSourceFile(className);
|
||||
logger.info("Lesson classname: " + className);
|
||||
logger.info("Lesson java file: " + classFile);
|
||||
|
||||
for (String absoluteFile : files) {
|
||||
String fileName = getFileName(absoluteFile);
|
||||
//logger.debug("Course: looking at file: " + absoluteFile);
|
||||
|
||||
if (absoluteFile.endsWith(classFile)) {
|
||||
logger.info("Set source file for " + classFile);
|
||||
lesson.setSourceFileName(absoluteFile);
|
||||
}
|
||||
|
||||
if (absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html")
|
||||
&& className.endsWith(fileName)) {
|
||||
logger.info("setting lesson plan file " + absoluteFile + " for lesson "
|
||||
+ lesson.getClass().getName());
|
||||
logger.info("fileName: " + fileName + " == className: " + className);
|
||||
String language = getLanguageFromFileName("/lesson_plans", absoluteFile);
|
||||
lesson.setLessonPlanFileName(language, absoluteFile);
|
||||
}
|
||||
if (absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html")
|
||||
&& className.endsWith(fileName)) {
|
||||
logger.info("setting lesson solution file " + absoluteFile + " for lesson "
|
||||
+ lesson.getClass().getName());
|
||||
logger.info("fileName: " + fileName + " == className: " + className);
|
||||
lesson.setLessonSolutionFileName(absoluteFile);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Description of the Method
|
||||
*
|
||||
* @param webgoatContext
|
||||
* @param path Description of the Parameter
|
||||
* @param context Description of the Parameter
|
||||
*/
|
||||
public void loadCourses(WebgoatContext webgoatContext, ServletContext context, String path) {
|
||||
logger.info("Loading courses: " + path);
|
||||
this.webgoatContext = webgoatContext;
|
||||
loadFiles(context, path);
|
||||
loadLessons(path);
|
||||
loadResources();
|
||||
}
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,231 +1,216 @@
|
||||
package org.owasp.webgoat.session;
|
||||
|
||||
import javax.servlet.http.HttpServlet;
|
||||
|
||||
import org.owasp.webgoat.util.WebGoatI18N;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class WebgoatContext {
|
||||
|
||||
final Logger logger = LoggerFactory.getLogger(WebgoatContext.class);
|
||||
|
||||
public final static String DATABASE_CONNECTION_STRING = "DatabaseConnectionString";
|
||||
|
||||
public final static String DATABASE_DRIVER = "DatabaseDriver";
|
||||
|
||||
public final static String DATABASE_USER = "DatabaseUser";
|
||||
|
||||
public final static String DATABASE_PASSWORD = "DatabasePassword";
|
||||
|
||||
public final static String ENTERPRISE = "Enterprise";
|
||||
|
||||
public final static String CODING_EXERCISES = "CodingExercises";
|
||||
|
||||
public final static String SHOWCOOKIES = "ShowCookies";
|
||||
|
||||
public final static String SHOWPARAMS = "ShowParams";
|
||||
|
||||
public final static String SHOWREQUEST = "ShowRequest";
|
||||
|
||||
public final static String SHOWSOURCE = "ShowSource";
|
||||
|
||||
public final static String SHOWSOLUTION = "ShowSolution";
|
||||
|
||||
public final static String SHOWHINTS = "ShowHints";
|
||||
|
||||
public final static String DEFUSEOSCOMMANDS = "DefuseOSCommands";
|
||||
|
||||
public final static String FEEDBACK_ADDRESS_HTML = "FeedbackAddressHTML";
|
||||
|
||||
public final static String FEEDBACK_ADDRESS = "email";
|
||||
|
||||
public final static String DEBUG = "debug";
|
||||
|
||||
public final static String DEFAULTLANGUAGE = "DefaultLanguage";
|
||||
|
||||
private String databaseConnectionString;
|
||||
|
||||
private String realConnectionString = null;
|
||||
|
||||
private String databaseDriver;
|
||||
|
||||
private String databaseUser;
|
||||
|
||||
private String databasePassword;
|
||||
|
||||
private boolean showCookies = false;
|
||||
|
||||
private boolean showParams = false;
|
||||
|
||||
private boolean showRequest = false;
|
||||
|
||||
private boolean showSource = false;
|
||||
|
||||
private boolean showSolution = false;
|
||||
|
||||
private boolean defuseOSCommands = false;
|
||||
|
||||
private boolean enterprise = false;
|
||||
|
||||
private boolean codingExercises = false;
|
||||
|
||||
private String feedbackAddress = "webgoat@owasp.org";
|
||||
|
||||
private String feedbackAddressHTML = "<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>";
|
||||
|
||||
private boolean isDebug = false;
|
||||
|
||||
private String servletName;
|
||||
|
||||
private HttpServlet servlet;
|
||||
|
||||
private String defaultLanguage;
|
||||
|
||||
private WebGoatI18N webgoati18n = null;
|
||||
|
||||
public WebgoatContext(HttpServlet servlet) {
|
||||
this.servlet = servlet;
|
||||
databaseConnectionString = getParameter(servlet, DATABASE_CONNECTION_STRING);
|
||||
databaseDriver = getParameter(servlet, DATABASE_DRIVER);
|
||||
databaseUser = getParameter(servlet, DATABASE_USER);
|
||||
databasePassword = getParameter(servlet, DATABASE_PASSWORD);
|
||||
|
||||
// initialize from web.xml
|
||||
showParams = "true".equals(getParameter(servlet, SHOWPARAMS));
|
||||
showCookies = "true".equals(getParameter(servlet, SHOWCOOKIES));
|
||||
showSource = "true".equals(getParameter(servlet, SHOWSOURCE));
|
||||
showSolution = "true".equals(getParameter(servlet, SHOWSOLUTION));
|
||||
defuseOSCommands = "true".equals(getParameter(servlet, DEFUSEOSCOMMANDS));
|
||||
enterprise = "true".equals(getParameter(servlet, ENTERPRISE));
|
||||
codingExercises = "true".equals(getParameter(servlet, CODING_EXERCISES));
|
||||
feedbackAddressHTML = getParameter(servlet, FEEDBACK_ADDRESS_HTML) != null ? getParameter(servlet,
|
||||
FEEDBACK_ADDRESS_HTML)
|
||||
: feedbackAddressHTML;
|
||||
feedbackAddress = getParameter(servlet, FEEDBACK_ADDRESS) != null ? getParameter(servlet, FEEDBACK_ADDRESS)
|
||||
: feedbackAddress;
|
||||
showRequest = "true".equals(getParameter(servlet, SHOWREQUEST));
|
||||
isDebug = "true".equals(getParameter(servlet, DEBUG));
|
||||
servletName = servlet.getServletName();
|
||||
defaultLanguage = getParameter(servlet, DEFAULTLANGUAGE) != null ? new String(getParameter(servlet, DEFAULTLANGUAGE)) : new String("en");
|
||||
|
||||
webgoati18n = new WebGoatI18N(this);
|
||||
|
||||
}
|
||||
|
||||
private String getParameter(HttpServlet servlet, String key) {
|
||||
String value = System.getenv().get(key);
|
||||
if (value == null) {
|
||||
value = servlet.getInitParameter(key);
|
||||
}
|
||||
return value;
|
||||
}
|
||||
|
||||
/**
|
||||
* returns the connection string with the real path to the database
|
||||
* directory inserted at the word PATH
|
||||
*
|
||||
* @return The databaseConnectionString value
|
||||
*/
|
||||
public String getDatabaseConnectionString() {
|
||||
if (realConnectionString == null) {
|
||||
try {
|
||||
String path = servlet.getServletContext().getRealPath("/database").replace('\\', '/');
|
||||
System.out.println("PATH: " + path);
|
||||
realConnectionString = databaseConnectionString.replaceAll("PATH", path);
|
||||
System.out.println("Database Connection String: " + realConnectionString);
|
||||
} catch (Exception e) {
|
||||
logger.error("Couldn't open database: check web.xml database parameters", e);
|
||||
}
|
||||
}
|
||||
return realConnectionString;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the databaseDriver attribute of the WebSession object
|
||||
*
|
||||
* @return The databaseDriver value
|
||||
*/
|
||||
public String getDatabaseDriver() {
|
||||
return (databaseDriver);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the databaseUser attribute of the WebSession object
|
||||
*
|
||||
* @return The databaseUser value
|
||||
*/
|
||||
public String getDatabaseUser() {
|
||||
return (databaseUser);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the databasePassword attribute of the WebSession object
|
||||
*
|
||||
* @return The databasePassword value
|
||||
*/
|
||||
public String getDatabasePassword() {
|
||||
return (databasePassword);
|
||||
}
|
||||
|
||||
public boolean isDefuseOSCommands() {
|
||||
return defuseOSCommands;
|
||||
}
|
||||
|
||||
public boolean isEnterprise() {
|
||||
return enterprise;
|
||||
}
|
||||
|
||||
public boolean isCodingExercises() {
|
||||
return codingExercises;
|
||||
}
|
||||
|
||||
public String getFeedbackAddress() {
|
||||
return feedbackAddress;
|
||||
}
|
||||
|
||||
public String getFeedbackAddressHTML() {
|
||||
return feedbackAddressHTML;
|
||||
}
|
||||
|
||||
public boolean isDebug() {
|
||||
return isDebug;
|
||||
}
|
||||
|
||||
public String getServletName() {
|
||||
return servletName;
|
||||
}
|
||||
|
||||
public boolean isShowCookies() {
|
||||
return showCookies;
|
||||
}
|
||||
|
||||
public boolean isShowParams() {
|
||||
return showParams;
|
||||
}
|
||||
|
||||
public boolean isShowRequest() {
|
||||
return showRequest;
|
||||
}
|
||||
|
||||
public boolean isShowSource() {
|
||||
return showSource;
|
||||
}
|
||||
|
||||
public boolean isShowSolution() {
|
||||
return showSolution;
|
||||
}
|
||||
|
||||
public String getDefaultLanguage() {
|
||||
return defaultLanguage;
|
||||
}
|
||||
|
||||
public void setWebgoatiI18N(WebGoatI18N webgoati18n) {
|
||||
this.webgoati18n = webgoati18n;
|
||||
}
|
||||
|
||||
public WebGoatI18N getWebgoatI18N() {
|
||||
return webgoati18n;
|
||||
}
|
||||
|
||||
}
|
||||
package org.owasp.webgoat.session;
|
||||
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class WebgoatContext {
|
||||
|
||||
final Logger logger = LoggerFactory.getLogger(WebgoatContext.class);
|
||||
|
||||
public final static String DATABASE_CONNECTION_STRING = "DatabaseConnectionString";
|
||||
|
||||
public final static String DATABASE_DRIVER = "DatabaseDriver";
|
||||
|
||||
public final static String DATABASE_USER = "DatabaseUser";
|
||||
|
||||
public final static String DATABASE_PASSWORD = "DatabasePassword";
|
||||
|
||||
public final static String ENTERPRISE = "Enterprise";
|
||||
|
||||
public final static String CODING_EXERCISES = "CodingExercises";
|
||||
|
||||
public final static String SHOWCOOKIES = "ShowCookies";
|
||||
|
||||
public final static String SHOWPARAMS = "ShowParams";
|
||||
|
||||
public final static String SHOWREQUEST = "ShowRequest";
|
||||
|
||||
public final static String SHOWSOURCE = "ShowSource";
|
||||
|
||||
public final static String SHOWSOLUTION = "ShowSolution";
|
||||
|
||||
public final static String SHOWHINTS = "ShowHints";
|
||||
|
||||
public final static String DEFUSEOSCOMMANDS = "DefuseOSCommands";
|
||||
|
||||
public final static String FEEDBACK_ADDRESS_HTML = "FeedbackAddressHTML";
|
||||
|
||||
public final static String FEEDBACK_ADDRESS = "email";
|
||||
|
||||
public final static String DEBUG = "debug";
|
||||
|
||||
public final static String DEFAULTLANGUAGE = "DefaultLanguage";
|
||||
|
||||
private String databaseConnectionString;
|
||||
|
||||
private String realConnectionString = null;
|
||||
|
||||
private String databaseDriver;
|
||||
|
||||
private String databaseUser;
|
||||
|
||||
private String databasePassword;
|
||||
|
||||
private boolean showCookies = false;
|
||||
|
||||
private boolean showParams = false;
|
||||
|
||||
private boolean showRequest = false;
|
||||
|
||||
private boolean showSource = false;
|
||||
|
||||
private boolean showSolution = false;
|
||||
|
||||
private boolean defuseOSCommands = false;
|
||||
|
||||
private boolean enterprise = false;
|
||||
|
||||
private boolean codingExercises = false;
|
||||
|
||||
private String feedbackAddress = "webgoat@owasp.org";
|
||||
|
||||
private String feedbackAddressHTML = "<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>";
|
||||
|
||||
private boolean isDebug = false;
|
||||
|
||||
private String servletName;
|
||||
|
||||
private HttpServlet servlet;
|
||||
|
||||
private String defaultLanguage;
|
||||
|
||||
public WebgoatContext(HttpServlet servlet) {
|
||||
this.servlet = servlet;
|
||||
databaseConnectionString = getParameter(servlet, DATABASE_CONNECTION_STRING);
|
||||
databaseDriver = getParameter(servlet, DATABASE_DRIVER);
|
||||
databaseUser = getParameter(servlet, DATABASE_USER);
|
||||
databasePassword = getParameter(servlet, DATABASE_PASSWORD);
|
||||
|
||||
// initialize from web.xml
|
||||
showParams = "true".equals(getParameter(servlet, SHOWPARAMS));
|
||||
showCookies = "true".equals(getParameter(servlet, SHOWCOOKIES));
|
||||
showSource = "true".equals(getParameter(servlet, SHOWSOURCE));
|
||||
showSolution = "true".equals(getParameter(servlet, SHOWSOLUTION));
|
||||
defuseOSCommands = "true".equals(getParameter(servlet, DEFUSEOSCOMMANDS));
|
||||
enterprise = "true".equals(getParameter(servlet, ENTERPRISE));
|
||||
codingExercises = "true".equals(getParameter(servlet, CODING_EXERCISES));
|
||||
feedbackAddressHTML = getParameter(servlet, FEEDBACK_ADDRESS_HTML) != null ? getParameter(servlet,
|
||||
FEEDBACK_ADDRESS_HTML)
|
||||
: feedbackAddressHTML;
|
||||
feedbackAddress = getParameter(servlet, FEEDBACK_ADDRESS) != null ? getParameter(servlet, FEEDBACK_ADDRESS)
|
||||
: feedbackAddress;
|
||||
showRequest = "true".equals(getParameter(servlet, SHOWREQUEST));
|
||||
isDebug = "true".equals(getParameter(servlet, DEBUG));
|
||||
servletName = servlet.getServletName();
|
||||
defaultLanguage = getParameter(servlet, DEFAULTLANGUAGE) != null ? new String(getParameter(servlet, DEFAULTLANGUAGE)) : new String("en");
|
||||
}
|
||||
|
||||
private String getParameter(HttpServlet servlet, String key) {
|
||||
String value = System.getenv().get(key);
|
||||
if (value == null) {
|
||||
value = servlet.getInitParameter(key);
|
||||
}
|
||||
return value;
|
||||
}
|
||||
|
||||
/**
|
||||
* returns the connection string with the real path to the database
|
||||
* directory inserted at the word PATH
|
||||
*
|
||||
* @return The databaseConnectionString value
|
||||
*/
|
||||
public String getDatabaseConnectionString() {
|
||||
if (realConnectionString == null) {
|
||||
try {
|
||||
String path = servlet.getServletContext().getRealPath("/database").replace('\\', '/');
|
||||
System.out.println("PATH: " + path);
|
||||
realConnectionString = databaseConnectionString.replaceAll("PATH", path);
|
||||
System.out.println("Database Connection String: " + realConnectionString);
|
||||
} catch (Exception e) {
|
||||
logger.error("Couldn't open database: check web.xml database parameters", e);
|
||||
}
|
||||
}
|
||||
return realConnectionString;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the databaseDriver attribute of the WebSession object
|
||||
*
|
||||
* @return The databaseDriver value
|
||||
*/
|
||||
public String getDatabaseDriver() {
|
||||
return (databaseDriver);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the databaseUser attribute of the WebSession object
|
||||
*
|
||||
* @return The databaseUser value
|
||||
*/
|
||||
public String getDatabaseUser() {
|
||||
return (databaseUser);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the databasePassword attribute of the WebSession object
|
||||
*
|
||||
* @return The databasePassword value
|
||||
*/
|
||||
public String getDatabasePassword() {
|
||||
return (databasePassword);
|
||||
}
|
||||
|
||||
public boolean isDefuseOSCommands() {
|
||||
return defuseOSCommands;
|
||||
}
|
||||
|
||||
public boolean isEnterprise() {
|
||||
return enterprise;
|
||||
}
|
||||
|
||||
public boolean isCodingExercises() {
|
||||
return codingExercises;
|
||||
}
|
||||
|
||||
public String getFeedbackAddress() {
|
||||
return feedbackAddress;
|
||||
}
|
||||
|
||||
public String getFeedbackAddressHTML() {
|
||||
return feedbackAddressHTML;
|
||||
}
|
||||
|
||||
public boolean isDebug() {
|
||||
return isDebug;
|
||||
}
|
||||
|
||||
public String getServletName() {
|
||||
return servletName;
|
||||
}
|
||||
|
||||
public boolean isShowCookies() {
|
||||
return showCookies;
|
||||
}
|
||||
|
||||
public boolean isShowParams() {
|
||||
return showParams;
|
||||
}
|
||||
|
||||
public boolean isShowRequest() {
|
||||
return showRequest;
|
||||
}
|
||||
|
||||
public boolean isShowSource() {
|
||||
return showSource;
|
||||
}
|
||||
|
||||
public boolean isShowSolution() {
|
||||
return showSolution;
|
||||
}
|
||||
|
||||
public String getDefaultLanguage() {
|
||||
return defaultLanguage;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
63
src/main/java/org/owasp/webgoat/util/BeanProvider.java
Normal file
63
src/main/java/org/owasp/webgoat/util/BeanProvider.java
Normal file
@ -0,0 +1,63 @@
|
||||
|
||||
package org.owasp.webgoat.util;
|
||||
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.ApplicationContextAware;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
||||
* please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 20014 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
||||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
||||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with this program; if
|
||||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||
* 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
|
||||
* free software projects.
|
||||
*
|
||||
* For details, please see http://webgoat.github.io
|
||||
*/
|
||||
@Component
|
||||
public class BeanProvider implements ApplicationContextAware
|
||||
{
|
||||
private static ApplicationContext ctx;
|
||||
|
||||
@Override
|
||||
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
|
||||
{
|
||||
ctx = applicationContext;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Get access to managed beans from id.
|
||||
*
|
||||
* @param beanName
|
||||
* the id of the searched bean
|
||||
* @param beanClass
|
||||
* the type of tye searched bean
|
||||
* @return
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public static <T> T getBean(final String beanName, final Class<T> beanClass)
|
||||
{
|
||||
return (T) ctx.getBean(beanName);
|
||||
}
|
||||
}
|
||||
41
src/main/java/org/owasp/webgoat/util/LabelManager.java
Normal file
41
src/main/java/org/owasp/webgoat/util/LabelManager.java
Normal file
@ -0,0 +1,41 @@
|
||||
|
||||
package org.owasp.webgoat.util;
|
||||
|
||||
import java.util.Locale;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
||||
* please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 20014 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
||||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
||||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with this program; if
|
||||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||
* 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
|
||||
* free software projects.
|
||||
*
|
||||
* For details, please see http://webgoat.github.io
|
||||
*/
|
||||
public interface LabelManager
|
||||
{
|
||||
|
||||
public void setLocale(Locale locale);
|
||||
|
||||
public String get(String labelKey);
|
||||
|
||||
}
|
||||
61
src/main/java/org/owasp/webgoat/util/LabelManagerImpl.java
Normal file
61
src/main/java/org/owasp/webgoat/util/LabelManagerImpl.java
Normal file
@ -0,0 +1,61 @@
|
||||
|
||||
package org.owasp.webgoat.util;
|
||||
|
||||
import java.util.Locale;
|
||||
import javax.annotation.Resource;
|
||||
import org.springframework.context.annotation.Scope;
|
||||
import org.springframework.context.annotation.ScopedProxyMode;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
||||
* please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 20014 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
||||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
||||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with this program; if
|
||||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||
* 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
|
||||
* free software projects.
|
||||
*
|
||||
* For details, please see http://webgoat.github.io
|
||||
*/
|
||||
@Component("labelManager")
|
||||
@Scope(value="session", proxyMode=ScopedProxyMode.INTERFACES)
|
||||
public class LabelManagerImpl implements LabelManager
|
||||
{
|
||||
@Resource
|
||||
private LabelProvider labelProvider;
|
||||
|
||||
/** Locale mapped with current session. */
|
||||
private Locale locale = new Locale(LabelProvider.DEFAULT_LANGUAGE);
|
||||
|
||||
public void setLocale(Locale locale)
|
||||
{
|
||||
if (locale != null)
|
||||
{
|
||||
this.locale = locale;
|
||||
}
|
||||
}
|
||||
|
||||
public String get(String labelKey)
|
||||
{
|
||||
return labelProvider.get(locale, labelKey);
|
||||
}
|
||||
|
||||
}
|
||||
67
src/main/java/org/owasp/webgoat/util/LabelProvider.java
Normal file
67
src/main/java/org/owasp/webgoat/util/LabelProvider.java
Normal file
@ -0,0 +1,67 @@
|
||||
|
||||
package org.owasp.webgoat.util;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Locale;
|
||||
import java.util.ResourceBundle;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
||||
* please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 20014 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
||||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
||||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with this program; if
|
||||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||
* 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
|
||||
* free software projects.
|
||||
*
|
||||
* For details, please see http://webgoat.github.io
|
||||
*/
|
||||
@Component
|
||||
public class LabelProvider
|
||||
{
|
||||
public final static String DEFAULT_LANGUAGE = "en";
|
||||
|
||||
private final HashMap<Locale, ResourceBundle> labels = new HashMap<Locale, ResourceBundle>();
|
||||
private final WebGoatResourceBundleController localeController = new WebGoatResourceBundleController();
|
||||
|
||||
public String get(Locale locale, String strName)
|
||||
{
|
||||
if (!labels.containsKey(locale))
|
||||
{
|
||||
ResourceBundle resBundle = ResourceBundle.getBundle("WebGoatLabels", locale, localeController);
|
||||
labels.put(locale, resBundle);
|
||||
}
|
||||
return labels.get(locale).getString(strName);
|
||||
}
|
||||
|
||||
private class WebGoatResourceBundleController extends ResourceBundle.Control
|
||||
{
|
||||
private final Locale fallbackLocale = new Locale(DEFAULT_LANGUAGE);
|
||||
|
||||
@Override
|
||||
public Locale getFallbackLocale(String baseName, Locale locale)
|
||||
{
|
||||
if (!fallbackLocale.equals(locale)) { return fallbackLocale; }
|
||||
return Locale.ROOT;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@ -6,36 +6,61 @@ import java.util.ResourceBundle;
|
||||
|
||||
import org.owasp.webgoat.session.WebgoatContext;
|
||||
|
||||
public class WebGoatI18N {
|
||||
@Deprecated
|
||||
public class WebGoatI18N
|
||||
{
|
||||
|
||||
private static HashMap<String,ResourceBundle> labels= new HashMap<String,ResourceBundle>();
|
||||
private static String defaultLanguage ;
|
||||
private static String currentLanguage;
|
||||
private static HashMap<Locale, ResourceBundle> labels = new HashMap<Locale, ResourceBundle>();
|
||||
private static Locale currentLocale;
|
||||
private static WebGoatResourceBundleController localeController;
|
||||
|
||||
public WebGoatI18N(WebgoatContext context){
|
||||
Locale l = new Locale(context.getDefaultLanguage());
|
||||
WebGoatI18N.defaultLanguage=context.getDefaultLanguage();
|
||||
labels.put(context.getDefaultLanguage(),ResourceBundle.getBundle("WebGoatLabels_english",l));
|
||||
public WebGoatI18N(WebgoatContext context)
|
||||
{
|
||||
currentLocale = new Locale(context.getDefaultLanguage());
|
||||
localeController = new WebGoatResourceBundleController(currentLocale);
|
||||
}
|
||||
|
||||
public static void loadLanguage(String language){
|
||||
Locale l = new Locale(language);
|
||||
labels.put(language, ResourceBundle.getBundle("WebGoatLabels_english",l));
|
||||
@Deprecated
|
||||
public static void loadLanguage(String language)
|
||||
{
|
||||
// Do nothing
|
||||
}
|
||||
|
||||
public static void setCurrentLanguage(String language){
|
||||
WebGoatI18N.currentLanguage=language;
|
||||
}
|
||||
|
||||
public static String get(String strName) {
|
||||
if(labels.containsKey(WebGoatI18N.currentLanguage)){
|
||||
return labels.get(WebGoatI18N.currentLanguage).getString(strName);
|
||||
}
|
||||
else {
|
||||
return labels.get(WebGoatI18N.defaultLanguage).getString(strName);
|
||||
public static void setCurrentLocale(Locale locale)
|
||||
{
|
||||
if (!currentLocale.equals(locale))
|
||||
{
|
||||
if (!labels.containsKey(locale))
|
||||
{
|
||||
ResourceBundle resBundle = ResourceBundle.getBundle("WebGoatLabels", locale, localeController);
|
||||
labels.put(locale, resBundle);
|
||||
}
|
||||
WebGoatI18N.currentLocale = locale;
|
||||
}
|
||||
}
|
||||
|
||||
public static String get(String strName)
|
||||
{
|
||||
return labels.get(WebGoatI18N.currentLocale).getString(strName);
|
||||
}
|
||||
|
||||
private static class WebGoatResourceBundleController extends ResourceBundle.Control
|
||||
{
|
||||
private Locale fallbackLocale;
|
||||
|
||||
public WebGoatResourceBundleController(Locale l)
|
||||
{
|
||||
fallbackLocale = l;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Locale getFallbackLocale(String baseName, Locale locale)
|
||||
{
|
||||
if(! fallbackLocale.equals(locale)) {
|
||||
return fallbackLocale;
|
||||
}
|
||||
return Locale.ROOT;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user