diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/Employee.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/Employee.java
deleted file mode 100644
index 0581d3955..000000000
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/Employee.java
+++ /dev/null
@@ -1,405 +0,0 @@
-
-package org.owasp.webgoat.session;
-
-import java.io.Serializable;
-
-
-/**
- *************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @version $Id: $Id
- */
-public class Employee implements Serializable
-{
-
- /**
- *
- */
- private static final long serialVersionUID = -1901957360367218399L;
-
- /** Constant EMPLOYEE_ROLE="employee" */
- public final static String EMPLOYEE_ROLE = "employee";
-
- /** Constant MANAGER_ROLE="manager" */
- public final static String MANAGER_ROLE = "manager";
-
- /** Constant HR_ROLE="hr" */
- public final static String HR_ROLE = "hr";
-
- private int id;
-
- private String firstName;
-
- private String lastName;
-
- private String title;
-
- private String ssn;
-
- private String phone;
-
- private String address1;
-
- private String address2;
-
- private int manager;
-
- private String startDate;
-
- private int salary;
-
- private String ccn;
-
- private int ccnLimit;
-
- private String disciplinaryActionDate;
-
- private String disciplinaryActionNotes;
-
- private String personalDescription;
-
- // FIXME: To be deleted
- /**
- * Constructor for Employee.
- */
- public Employee()
- {
- }
-
- /**
- * Constructor for Employee.
- *
- * @param id a int.
- * @param firstName a {@link java.lang.String} object.
- * @param lastName a {@link java.lang.String} object.
- * @param ssn a {@link java.lang.String} object.
- * @param title a {@link java.lang.String} object.
- * @param phone a {@link java.lang.String} object.
- * @param address1 a {@link java.lang.String} object.
- * @param address2 a {@link java.lang.String} object.
- * @param manager a int.
- * @param startDate a {@link java.lang.String} object.
- * @param salary a int.
- * @param ccn a {@link java.lang.String} object.
- * @param ccnLimit a int.
- * @param disciplinaryActionDate a {@link java.lang.String} object.
- * @param disciplinaryActionNotes a {@link java.lang.String} object.
- * @param personalDescription a {@link java.lang.String} object.
- */
- public Employee(int id, String firstName, String lastName, String ssn, String title, String phone, String address1,
- String address2, int manager, String startDate, int salary, String ccn, int ccnLimit,
- String disciplinaryActionDate, String disciplinaryActionNotes, String personalDescription)
- {
- this.id = id;
- this.firstName = firstName;
- this.lastName = lastName;
- this.ssn = ssn;
- this.title = title;
- this.phone = phone;
- this.address1 = address1;
- this.address2 = address2;
- this.manager = manager;
- this.startDate = startDate;
- this.salary = salary;
- this.ccn = ccn;
- this.ccnLimit = ccnLimit;
- this.disciplinaryActionDate = disciplinaryActionDate;
- this.disciplinaryActionNotes = disciplinaryActionNotes;
- this.personalDescription = personalDescription;
- }
-
- /**
- * Getter for the field address1.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getAddress1()
- {
- return address1;
- }
-
- /**
- * Setter for the field address1.
- *
- * @param address1 a {@link java.lang.String} object.
- */
- public void setAddress1(String address1)
- {
- this.address1 = address1;
- }
-
- /**
- * Getter for the field address2.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getAddress2()
- {
- return address2;
- }
-
- /**
- * Setter for the field address2.
- *
- * @param address2 a {@link java.lang.String} object.
- */
- public void setAddress2(String address2)
- {
- this.address2 = address2;
- }
-
- /**
- * Getter for the field ccn.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getCcn()
- {
- return ccn;
- }
-
- /**
- * Setter for the field ccn.
- *
- * @param ccn a {@link java.lang.String} object.
- */
- public void setCcn(String ccn)
- {
- this.ccn = ccn;
- }
-
- /**
- * Getter for the field ccnLimit.
- *
- * @return a int.
- */
- public int getCcnLimit()
- {
- return ccnLimit;
- }
-
- /**
- * Setter for the field ccnLimit.
- *
- * @param ccnLimit a int.
- */
- public void setCcnLimit(int ccnLimit)
- {
- this.ccnLimit = ccnLimit;
- }
-
- /**
- * Getter for the field firstName.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getFirstName()
- {
- return firstName;
- }
-
- /**
- * Setter for the field firstName.
- *
- * @param firstName a {@link java.lang.String} object.
- */
- public void setFirstName(String firstName)
- {
- this.firstName = firstName;
- }
-
- /**
- * Getter for the field lastName.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getLastName()
- {
- return lastName;
- }
-
- /**
- * Setter for the field lastName.
- *
- * @param lastName a {@link java.lang.String} object.
- */
- public void setLastName(String lastName)
- {
- this.lastName = lastName;
- }
-
- /**
- * getPhoneNumber.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getPhoneNumber()
- {
- return phone;
- }
-
- /**
- * setPhoneNumber.
- *
- * @param phone a {@link java.lang.String} object.
- */
- public void setPhoneNumber(String phone)
- {
- this.phone = phone;
- }
-
- /**
- * Getter for the field salary.
- *
- * @return a int.
- */
- public int getSalary()
- {
- return salary;
- }
-
- /**
- * Setter for the field salary.
- *
- * @param salary a int.
- */
- public void setSalary(int salary)
- {
- this.salary = salary;
- }
-
- /**
- * Getter for the field ssn.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getSsn()
- {
- return ssn;
- }
-
- /**
- * Setter for the field ssn.
- *
- * @param ssn a {@link java.lang.String} object.
- */
- public void setSsn(String ssn)
- {
- this.ssn = ssn;
- }
-
- /**
- * Getter for the field startDate.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getStartDate()
- {
- return startDate;
- }
-
- /**
- * Setter for the field startDate.
- *
- * @param startDate a {@link java.lang.String} object.
- */
- public void setStartDate(String startDate)
- {
- this.startDate = startDate;
- }
-
- /**
- * Getter for the field id.
- *
- * @return a int.
- */
- public int getId()
- {
- return id;
- }
-
- /**
- * Setter for the field id.
- *
- * @param id a int.
- */
- public void setId(int id)
- {
- this.id = id;
- }
-
- /**
- * Getter for the field title.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getTitle()
- {
- return this.title;
- }
-
- /**
- * Getter for the field manager.
- *
- * @return a int.
- */
- public int getManager()
- {
- return this.manager;
- }
-
- /**
- * Getter for the field disciplinaryActionDate.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getDisciplinaryActionDate()
- {
- return this.disciplinaryActionDate;
- }
-
- /**
- * Getter for the field disciplinaryActionNotes.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getDisciplinaryActionNotes()
- {
- return this.disciplinaryActionNotes;
- }
-
- /**
- * Getter for the field personalDescription.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getPersonalDescription()
- {
- return this.personalDescription;
- }
-}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/EmployeeStub.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/EmployeeStub.java
deleted file mode 100644
index aa1dbae4a..000000000
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/EmployeeStub.java
+++ /dev/null
@@ -1,120 +0,0 @@
-
-package org.owasp.webgoat.session;
-
-import java.io.Serializable;
-
-
-/**
- *************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @version $Id: $Id
- */
-public class EmployeeStub implements Serializable
-{
-
- /**
- *
- */
- private static final long serialVersionUID = -7109162877797765632L;
-
- private int id;
-
- private String firstName;
-
- private String lastName;
-
- private String role;
-
- /**
- * Constructor for EmployeeStub.
- *
- * @param id a int.
- * @param firstName a {@link java.lang.String} object.
- * @param lastName a {@link java.lang.String} object.
- */
- public EmployeeStub(int id, String firstName, String lastName)
- {
- this(id, firstName, lastName, Employee.EMPLOYEE_ROLE);
- }
-
- /**
- * Constructor for EmployeeStub.
- *
- * @param id a int.
- * @param firstName a {@link java.lang.String} object.
- * @param lastName a {@link java.lang.String} object.
- * @param role a {@link java.lang.String} object.
- */
- public EmployeeStub(int id, String firstName, String lastName, String role)
- {
- this.id = id;
- this.firstName = firstName;
- this.lastName = lastName;
- this.role = role;
- }
-
- /**
- * Getter for the field firstName.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getFirstName()
- {
- return firstName;
- }
-
- /**
- * Getter for the field id.
- *
- * @return a int.
- */
- public int getId()
- {
- return id;
- }
-
- /**
- * Getter for the field lastName.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getLastName()
- {
- return lastName;
- }
-
- /**
- * Getter for the field role.
- *
- * @return a {@link java.lang.String} object.
- */
- public String getRole()
- {
- return role;
- }
-}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/util/Exec.java b/webgoat-container/src/main/java/org/owasp/webgoat/util/Exec.java
deleted file mode 100644
index b0f902578..000000000
--- a/webgoat-container/src/main/java/org/owasp/webgoat/util/Exec.java
+++ /dev/null
@@ -1,529 +0,0 @@
-
-package org.owasp.webgoat.util;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.util.Arrays;
-import java.util.BitSet;
-
-
-/**
- *************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Jeff Williams Aspect Security
- * @since October 28, 2003
- * @version $Id: $Id
- */
-public class Exec
-{
-
- /**
- * Description of the Method
- *
- * @param command
- * Description of the Parameter
- * @param input
- * Description of the Parameter
- * @return Description of the Return Value
- */
- public static ExecResults execInput(String command, String input)
- {
- return (execOptions(command, input, 0, 0, false));
- }
-
- /**
- * Description of the Method
- *
- * @param command
- * Description of the Parameter
- * @return Description of the Return Value
- */
- public static ExecResults execLazy(String command)
- {
- return (execOptions(command, "", 0, 0, true));
- }
-
- /*
- * Execute an OS command and capture the output in an ExecResults. All exceptions are caught and
- * stored in the ExecResults. @param String command is the OS command to execute @param String
- * input is piped into the OS command @param int successCode is the expected return code if the
- * command completes successfully @param int timeout is the number of milliseconds to wait
- * before interrupting the command @param boolean quit tells the method to exit when there is no
- * more output waiting
- */
- /**
- * Description of the Method
- *
- * @param command
- * Description of the Parameter
- * @param input
- * Description of the Parameter
- * @param successCode
- * Description of the Parameter
- * @param timeout
- * Description of the Parameter
- * @param lazy
- * Description of the Parameter
- * @return Description of the Return Value
- */
- public static ExecResults execOptions(String[] command, String input, int successCode, int timeout, boolean lazy)
- {
- Process child = null;
- ByteArrayOutputStream output = new ByteArrayOutputStream();
- ByteArrayOutputStream errors = new ByteArrayOutputStream();
- ExecResults results = new ExecResults(Arrays.asList(command).toString(), input, successCode, timeout);
- BitSet interrupted = new BitSet(1);
- boolean lazyQuit = false;
- ThreadWatcher watcher;
-
- try
- {
- // start the command
- child = Runtime.getRuntime().exec(command);
-
- // get the streams in and out of the command
- InputStream processIn = child.getInputStream();
- InputStream processError = child.getErrorStream();
- OutputStream processOut = child.getOutputStream();
-
- // start the clock running
- if (timeout > 0)
- {
- watcher = new ThreadWatcher(child, interrupted, timeout);
- new Thread(watcher).start();
- }
-
- // Write to the child process' input stream
- if ((input != null) && !input.equals(""))
- {
- try
- {
- processOut.write(input.getBytes());
- processOut.flush();
- processOut.close();
- } catch (IOException e1)
- {
- results.setThrowable(e1);
- }
- }
-
- // Read from the child process' output stream
- // The process may get killed by the watcher at any time
- int c = 0;
-
- try
- {
- while (true)
- {
- if (interrupted.get(0) || lazyQuit)
- {
- break;
- }
-
- // interrupted
- c = processIn.read();
-
- if (c == -1)
- {
- break;
- }
-
- // end of stream
- output.write(c);
-
- if (lazy && (processIn.available() < 1))
- {
- lazyQuit = true;
- }
-
- // if lazy and nothing then quit (after at least one read)
- }
-
- processIn.close();
- } catch (IOException e2)
- {
- results.setThrowable(e2);
- } finally
- {
- if (interrupted.get(0))
- {
- results.setInterrupted();
- }
-
- results.setOutput(output.toString());
- }
-
- // Read from the child process' error stream
- // The process may get killed by the watcher at any time
- try
- {
- while (true)
- {
- if (interrupted.get(0) || lazyQuit)
- {
- break;
- }
-
- // interrupted
- c = processError.read();
-
- if (c == -1)
- {
- break;
- }
-
- // end of stream
- output.write(c);
-
- if (lazy && (processError.available() < 1))
- {
- lazyQuit = true;
- }
-
- // if lazy and nothing then quit (after at least one read)
- }
-
- processError.close();
- } catch (IOException e3)
- {
- results.setThrowable(e3);
- } finally
- {
- if (interrupted.get(0))
- {
- results.setInterrupted();
- }
-
- results.setErrors(errors.toString());
- }
-
- // wait for the return value of the child process.
- if (!interrupted.get(0) && !lazyQuit)
- {
- int returnCode = child.waitFor();
- results.setReturnCode(returnCode);
-
- if (returnCode != successCode)
- {
- results.setError(ExecResults.BADRETURNCODE);
- }
- }
- } catch (InterruptedException i)
- {
- results.setInterrupted();
- } catch (Throwable t)
- {
- results.setThrowable(t);
- } finally
- {
- if (child != null)
- {
- child.destroy();
- }
- }
-
- return (results);
- }
-
- /*
- * Execute an OS command and capture the output in an ExecResults. All exceptions are caught and
- * stored in the ExecResults. @param String command is the OS command to execute @param String
- * input is piped into the OS command @param int successCode is the expected return code if the
- * command completes successfully @param int timeout is the number of milliseconds to wait
- * before interrupting the command @param boolean quit tells the method to exit when there is no
- * more output waiting
- */
- /**
- * Description of the Method
- *
- * @param command
- * Description of the Parameter
- * @param input
- * Description of the Parameter
- * @param successCode
- * Description of the Parameter
- * @param timeout
- * Description of the Parameter
- * @param lazy
- * Description of the Parameter
- * @return Description of the Return Value
- */
- public static ExecResults execOptions(String command, String input, int successCode, int timeout, boolean lazy)
- {
- Process child = null;
- ByteArrayOutputStream output = new ByteArrayOutputStream();
- ByteArrayOutputStream errors = new ByteArrayOutputStream();
- ExecResults results = new ExecResults(command, input, successCode, timeout);
- BitSet interrupted = new BitSet(1);
- boolean lazyQuit = false;
- ThreadWatcher watcher;
-
- try
- {
- // start the command
- child = Runtime.getRuntime().exec(command);
-
- // get the streams in and out of the command
- InputStream processIn = child.getInputStream();
- InputStream processError = child.getErrorStream();
- OutputStream processOut = child.getOutputStream();
-
- // start the clock running
- if (timeout > 0)
- {
- watcher = new ThreadWatcher(child, interrupted, timeout);
- new Thread(watcher).start();
- }
-
- // Write to the child process' input stream
- if ((input != null) && !input.equals(""))
- {
- try
- {
- processOut.write(input.getBytes());
- processOut.flush();
- processOut.close();
- } catch (IOException e1)
- {
- results.setThrowable(e1);
- }
- }
-
- // Read from the child process' output stream
- // The process may get killed by the watcher at any time
- int c = 0;
-
- try
- {
- while (true)
- {
- if (interrupted.get(0) || lazyQuit)
- {
- break;
- }
-
- // interrupted
- c = processIn.read();
-
- if (c == -1)
- {
- break;
- }
-
- // end of stream
- output.write(c);
-
- if (lazy && (processIn.available() < 1))
- {
- lazyQuit = true;
- }
-
- // if lazy and nothing then quit (after at least one read)
- }
-
- processIn.close();
- } catch (IOException e2)
- {
- results.setThrowable(e2);
- } finally
- {
- if (interrupted.get(0))
- {
- results.setInterrupted();
- }
-
- results.setOutput(output.toString());
- }
-
- // Read from the child process' error stream
- // The process may get killed by the watcher at any time
- try
- {
- while (true)
- {
- if (interrupted.get(0) || lazyQuit)
- {
- break;
- }
-
- // interrupted
- c = processError.read();
-
- if (c == -1)
- {
- break;
- }
-
- // end of stream
- output.write(c);
-
- if (lazy && (processError.available() < 1))
- {
- lazyQuit = true;
- }
-
- // if lazy and nothing then quit (after at least one read)
- }
-
- processError.close();
- } catch (IOException e3)
- {
- results.setThrowable(e3);
- } finally
- {
- if (interrupted.get(0))
- {
- results.setInterrupted();
- }
-
- results.setErrors(errors.toString());
- }
-
- // wait for the return value of the child process.
- if (!interrupted.get(0) && !lazyQuit)
- {
- int returnCode = child.waitFor();
- results.setReturnCode(returnCode);
-
- if (returnCode != successCode)
- {
- results.setError(ExecResults.BADRETURNCODE);
- }
- }
- } catch (InterruptedException i)
- {
- results.setInterrupted();
- } catch (Throwable t)
- {
- results.setThrowable(t);
- } finally
- {
- if (child != null)
- {
- child.destroy();
- }
- }
-
- return (results);
- }
-
- /**
- * Description of the Method
- *
- * @param command
- * Description of the Parameter
- * @return Description of the Return Value
- */
- public static ExecResults execSimple(String[] command)
- {
- return (execOptions(command, "", 0, 0, false));
- }
-
- /**
- * Description of the Method
- *
- * @param command
- * Description of the Parameter
- * @return Description of the Return Value
- */
- public static ExecResults execSimple(String command)
- {
- return (execOptions(command, "", 0, 0, false));
- }
-
- /**
- * Description of the Method
- *
- * @param command
- * Description of the Parameter
- * @param args
- * Description of the Parameter
- * @return Description of the Return Value
- */
- public static ExecResults execSimple(String command, String args)
- {
- return (execOptions(command, args, 0, 0, false));
- }
-
- /**
- * Description of the Method
- *
- * @param command
- * Description of the Parameter
- * @param timeout
- * Description of the Parameter
- * @return Description of the Return Value
- */
- public static ExecResults execTimeout(String command, int timeout)
- {
- return (execOptions(command, "", 0, timeout, false));
- }
-
- /**
- * The main program for the Exec class
- *
- * @param args
- * The command line arguments
- */
- public static void main(String[] args)
- {
- ExecResults results;
- String sep = System.getProperty("line.separator");
- System.out.println("-------------------------------------------" + sep + "TEST 1: execSimple");
- results = Exec.execSimple("c:/swarm-2.1.1/bin/whoami.exe");
- System.out.println(results);
- System.out.println("-------------------------------------------" + sep + "TEST 2: execSimple (with search)");
- results = Exec.execSimple("netstat -r");
- System.out.println(results);
-
- if (results.outputContains("localhost:1031"))
- {
- System.out.println("ERROR: listening on 1031");
- }
-
- System.out.println("-------------------------------------------" + sep + "TEST 3: execInput");
- results = Exec.execInput("find \"cde\"", "abcdefg1\nhijklmnop\nqrstuv\nabcdefg2");
- System.out.println(results);
- System.out.println("-------------------------------------------" + sep + "TEST 4:execTimeout");
- results = Exec.execTimeout("ping -t 127.0.0.1", 5 * 1000);
- System.out.println(results);
- System.out.println("-------------------------------------------" + sep + "TEST 5:execLazy");
- results = Exec.execLazy("ping -t 127.0.0.1");
- System.out.println(results);
- System.out.println("-------------------------------------------" + sep
- + "TEST 6:ExecTimeout process never outputs");
- results = Exec.execTimeout("c:/swarm-2.1.1/bin/sleep.exe 20", 5 * 1000);
- System.out.println(results);
- System.out.println("-------------------------------------------" + sep
- + "TEST 7:ExecTimeout process waits for input");
- results = Exec.execTimeout("c:/swarm-2.1.1/bin/cat", 5 * 1000);
- System.out.println(results);
- }
-}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/util/ExecResults.java b/webgoat-container/src/main/java/org/owasp/webgoat/util/ExecResults.java
deleted file mode 100644
index 815ad5654..000000000
--- a/webgoat-container/src/main/java/org/owasp/webgoat/util/ExecResults.java
+++ /dev/null
@@ -1,355 +0,0 @@
-
-package org.owasp.webgoat.util;
-
-/**
- *************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Jeff Williams Aspect Security
- * @version $Id: $Id
- */
-public class ExecResults
-{
-
- /**
- * Description of the Field
- */
- public final static int BADRETURNCODE = 2;
-
- /**
- * Description of the Field
- */
- public final static int THROWABLE = 1;
-
- private String myCommand;
-
- private boolean myError = false;
-
- private int myErrorType = 0;
-
- private String myErrors = null;
-
- private String myInput;
-
- private boolean myInterrupted = false;
-
- private String myOutput = null;
-
- private int myReturnCode = 0;
-
- private int mySuccessCode;
-
- private Throwable myThrowable = null;
-
- private int myTimeout;
-
- /**
- * Constructor for the ExecResults object
- *
- * @param command
- * Description of the Parameter
- * @param input
- * Description of the Parameter
- * @param successCode
- * Description of the Parameter
- * @param timeout
- * Description of the Parameter
- */
- public ExecResults(String command, String input, int successCode, int timeout)
- {
- myCommand = command.trim();
- myInput = input.trim();
- mySuccessCode = successCode;
- myTimeout = timeout;
- }
-
- /**
- * Description of the Method
- *
- * @param haystack
- * Description of the Parameter
- * @param needle
- * Description of the Parameter
- * @param fromIndex
- * Description of the Parameter
- * @return Description of the Return Value
- */
- private boolean contains(String haystack, String needle, int fromIndex)
- {
- return (haystack.trim().toLowerCase().indexOf(needle.trim().toLowerCase(), fromIndex) != -1);
- }
-
- /**
- * Description of the Method
- *
- * @param value
- * Description of the Parameter
- * @return Description of the Return Value
- */
- public boolean errorsContains(String value)
- {
- return (errorsContains(value, 0));
- }
-
- /**
- * Description of the Method
- *
- * @param value
- * Description of the Parameter
- * @param fromIndex
- * Description of the Parameter
- * @return Description of the Return Value
- */
- public boolean errorsContains(String value, int fromIndex)
- {
- return (contains(myErrors, value, fromIndex));
- }
-
- /**
- * Gets the error attribute of the ExecResults object
- *
- * @return The error value
- */
- public boolean getError()
- {
- return (myError);
- }
-
- /**
- * Gets the errorMessage attribute of the ExecResults object
- *
- * @return The errorMessage value
- */
- public String getErrorMessage()
- {
- switch (getErrorType())
- {
- case THROWABLE:
- return ("Exception: " + myThrowable.getMessage());
-
- case BADRETURNCODE:
- return ("Bad return code (expected " + mySuccessCode + ")");
-
- default:
- return ("Unknown error");
- }
- }
-
- /**
- * Gets the errorType attribute of the ExecResults object
- *
- * @return The errorType value
- */
- public int getErrorType()
- {
- return (myErrorType);
- }
-
- /**
- * Gets the errors attribute of the ExecResults object
- *
- * @return The errors value
- */
- public String getErrors()
- {
- return (myErrors);
- }
-
- /**
- * Gets the interrupted attribute of the ExecResults object
- *
- * @return The interrupted value
- */
- public boolean getInterrupted()
- {
- return (myInterrupted);
- }
-
- /**
- * Gets the output attribute of the ExecResults object
- *
- * @return The output value
- */
- public String getOutput()
- {
- return (myOutput);
- }
-
- /**
- * Gets the returnCode attribute of the ExecResults object
- *
- * @return The returnCode value
- */
- public int getReturnCode()
- {
- return (myReturnCode);
- }
-
- /**
- * Gets the throwable attribute of the ExecResults object
- *
- * @return The throwable value
- */
- public Throwable getThrowable()
- {
- return (myThrowable);
- }
-
- /**
- * Description of the Method
- *
- * @param value
- * Description of the Parameter
- * @return Description of the Return Value
- */
- public boolean outputContains(String value)
- {
- return (outputContains(value, 0));
- }
-
- /**
- * Description of the Method
- *
- * @param value
- * Description of the Parameter
- * @param fromIndex
- * Description of the Parameter
- * @return Description of the Return Value
- */
- public boolean outputContains(String value, int fromIndex)
- {
- return (contains(myOutput, value, fromIndex));
- }
-
- /**
- * Sets the error attribute of the ExecResults object
- *
- * @param value
- * The new error value
- */
- public void setError(int value)
- {
- myError = true;
- myErrorType = value;
- }
-
- /**
- * Sets the errors attribute of the ExecResults object
- *
- * @param errors
- * The new errors value
- */
- public void setErrors(String errors)
- {
- myErrors = errors.trim();
- }
-
- /**
- * Sets the interrupted attribute of the ExecResults object
- */
- public void setInterrupted()
- {
- myInterrupted = true;
- }
-
- /**
- * Sets the output attribute of the ExecResults object
- *
- * @param value
- * The new output value
- */
- public void setOutput(String value)
- {
- myOutput = value.trim();
- }
-
- /**
- * Sets the returnCode attribute of the ExecResults object
- *
- * @param value
- * The new returnCode value
- */
- public void setReturnCode(int value)
- {
- myReturnCode = value;
- }
-
- /**
- * Sets the throwable attribute of the ExecResults object
- *
- * @param value
- * The new throwable value
- */
- public void setThrowable(Throwable value)
- {
- setError(THROWABLE);
- myThrowable = value;
- }
-
- /**
- * Description of the Method
- *
- * @return Description of the Return Value
- */
- public String toString()
- {
- String sep = System.getProperty("line.separator");
- StringBuffer value = new StringBuffer();
- value.append("ExecResults for \'" + myCommand + "\'" + sep);
-
- if ((myInput != null) && !myInput.equals(""))
- {
- value.append(sep + "Input..." + sep + myInput + sep);
- }
-
- if ((myOutput != null) && !myOutput.equals(""))
- {
- value.append(sep + "Output..." + sep + myOutput + sep);
- }
-
- if ((myErrors != null) && !myErrors.equals(""))
- {
- value.append(sep + "Errors..." + sep + myErrors + sep);
- }
-
- value.append(sep);
-
- if (myInterrupted)
- {
- value.append("Command timed out after " + (myTimeout / 1000) + " seconds " + sep);
- }
-
- value.append("Returncode: " + myReturnCode + sep);
-
- if (myError)
- {
- value.append(getErrorMessage() + sep);
- }
-
- return (value.toString());
- }
-}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/util/ExecutionException.java b/webgoat-container/src/main/java/org/owasp/webgoat/util/ExecutionException.java
deleted file mode 100644
index 6906370f8..000000000
--- a/webgoat-container/src/main/java/org/owasp/webgoat/util/ExecutionException.java
+++ /dev/null
@@ -1,61 +0,0 @@
-
-package org.owasp.webgoat.util;
-
-/**
- *************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author Jeff Williams Aspect Security
- * @version $Id: $Id
- */
-public class ExecutionException extends Exception
-{
-
- /**
- *
- */
- private static final long serialVersionUID = 7282947463831152092L;
-
- /**
- * Constructor for the ExecutionException object
- */
- public ExecutionException()
- {
- super();
- }
-
- /**
- * Constructor for the ExecutionException object
- *
- * @param msg
- * Description of the Parameter
- */
- public ExecutionException(String msg)
- {
- super(msg);
- }
-}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/util/Interceptor.java b/webgoat-container/src/main/java/org/owasp/webgoat/util/Interceptor.java
deleted file mode 100644
index bb9af6e6c..000000000
--- a/webgoat-container/src/main/java/org/owasp/webgoat/util/Interceptor.java
+++ /dev/null
@@ -1,149 +0,0 @@
-/**
- *
- */
-
-package org.owasp.webgoat.util;
-
-import java.io.IOException;
-import java.io.BufferedReader;
-import java.io.PrintWriter;
-import java.io.InputStreamReader;
-import java.net.UnknownHostException;
-import java.net.Socket;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.http.HttpServletRequest;
-
-
-/**
- *************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author sherif koussa - Macadamian Technologies
- * @version $Id: $Id
- */
-public class Interceptor implements Filter
-{
-
- private static final String OSG_SERVER_NAME = "OSGServerName";
-
- private static final String OSG_SERVER_PORT = "OSGServerPort";
-
- /*
- * (non-Javadoc)
- * @see javax.servlet.Filter#destroy()
- */
- /**
- * destroy.
- */
- public void destroy()
- {
- // TODO Auto-generated method stub
-
- }
-
- /** {@inheritDoc} */
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
- ServletException
- {
-
- HttpServletRequest req = (HttpServletRequest) request;
-
- Socket osgSocket = null;
- PrintWriter out = null;
- BufferedReader in = null;
- String osgServerName = req.getSession().getServletContext().getInitParameter(OSG_SERVER_NAME);
- String osgServerPort = req.getSession().getServletContext().getInitParameter(OSG_SERVER_PORT);
-
- try
- {
- // If these parameters are not defined then no communication will happen with OSG
- if (osgServerName != null && osgServerName.length() != 0 && osgServerPort != null
- && osgServerPort.length() != 0)
- {
- osgSocket = new Socket(osgServerName, Integer.parseInt(osgServerPort));
- if (osgSocket != null)
- {
- out = new PrintWriter(osgSocket.getOutputStream(), true);
- in = new BufferedReader(new InputStreamReader(osgSocket.getInputStream()));
- // String message =
- // "HTTPRECEIVEHTTPREQUEST,-,DataValidation_SqlInjection_Basic.aspx";
- // out.println(message);
-
- // System.out.println(in.readLine());
- }
- }
-
- } catch (UnknownHostException e)
- {
- e.printStackTrace();
-
- } catch (IOException e)
- {
- e.printStackTrace();
- } finally
- {
- if (out != null)
- {
- out.close();
- }
- if (in != null)
- {
- in.close();
- }
- if (osgSocket != null)
- {
- osgSocket.close();
- }
- }
-
- String url = req.getRequestURL().toString();
-
- RequestDispatcher disp = req.getRequestDispatcher(url.substring(url.lastIndexOf(req.getContextPath() + "/")
- + req.getContextPath().length()));
-
- disp.forward(request, response);
-
- }
-
- /*
- * (non-Javadoc)
- * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
- */
- /** {@inheritDoc} */
- public void init(FilterConfig arg0) throws ServletException
- {
- // TODO Auto-generated method stub
-
- }
-
-}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/util/ThreadWatcher.java b/webgoat-container/src/main/java/org/owasp/webgoat/util/ThreadWatcher.java
deleted file mode 100644
index 4b411ca1f..000000000
--- a/webgoat-container/src/main/java/org/owasp/webgoat/util/ThreadWatcher.java
+++ /dev/null
@@ -1,105 +0,0 @@
-
-package org.owasp.webgoat.util;
-
-import java.util.BitSet;
-
-
-/**
- *************************************************************************************************
- *
- *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- *
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- *
- * Getting Source ==============
- *
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- *
- * For details, please see http://webgoat.github.io
- *
- * @author jwilliams@aspectsecurity.com
- * @since November 6, 2002
- * @version $Id: $Id
- */
-public class ThreadWatcher implements Runnable
-{
-
- // time to live in milliseconds
- private BitSet myInterrupted;
-
- private Process myProcess;
-
- private int myTimeout;
-
- /**
- * Constructor for the ThreadWatcher object
- *
- * @param p
- * Description of the Parameter
- * @param interrupted
- * Description of the Parameter
- * @param timeout
- * Description of the Parameter
- */
- public ThreadWatcher(Process p, BitSet interrupted, int timeout)
- {
- myProcess = p;
-
- // thread used by whoever constructed this watcher
- myTimeout = timeout;
- myInterrupted = interrupted;
- }
-
- /*
- * Interrupt the thread by marking the interrupted bit and killing the process
- */
-
- /**
- * Description of the Method
- */
- public void interrupt()
- {
- myInterrupted.set(0);
-
- // set interrupted bit (bit 0 of the bitset) to 1
- myProcess.destroy();
-
- /*
- * try { myProcess.getInputStream().close(); } catch( IOException e1 ) { / do nothing --
- * input streams are probably already closed } try { myProcess.getErrorStream().close(); }
- * catch( IOException e2 ) { / do nothing -- input streams are probably already closed }
- * myThread.interrupt();
- */
- }
-
- /**
- * Main processing method for the ThreadWatcher object
- */
- public void run()
- {
- try
- {
- Thread.sleep(myTimeout);
- } catch (InterruptedException e)
- {
- // do nothing -- if watcher is interrupted, so is thread
- }
-
- interrupt();
- }
-}