Trying to wire up the DB connection and fill out first sql stub

2016-11-15 22:40:24 -05:00
parent ec2fc5a77c
commit 24b2e79dc5
4 changed files with 104 additions and 96 deletions
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java
@ -7,6 +7,8 @@ import java.sql.SQLException;
 import java.util.HashMap;
 import java.util.Map;
 import org.springframework.beans.factory.annotation.Autowired;
 /**
 *************************************************************************************************
@ -42,6 +44,8 @@ public class DatabaseUtilities
 	private static Map<String, Connection> connections = new HashMap<String, Connection>();
 	private static Map<String, Boolean> dbBuilt = new HashMap<String, Boolean>();
    @Autowired
    private static WebSession webSession;
 	/**
 	 * <p>getConnection.</p>
@ -50,9 +54,9 @@ public class DatabaseUtilities
 	 * @return a {@link java.sql.Connection} object.
 	 * @throws java.sql.SQLException if any.
 	 */
-	public static Connection getConnection(WebSession s) throws SQLException
+	public static Connection getConnection() throws SQLException
 	{
-		return getConnection(s.getUserName(), s.getWebgoatContext());
+		return getConnection(webSession.getUserName(), webSession.getWebgoatContext());
 	}
 	/**
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java
@ -62,8 +62,8 @@ public class WebSession {
     * @return a {@link java.sql.Connection} object.
     * @throws java.sql.SQLException if any.
     */
-    public static synchronized Connection getConnection(WebSession s) throws SQLException {
+    public static synchronized Connection getConnection() throws SQLException {
-        return DatabaseUtilities.getConnection(s);
+        return DatabaseUtilities.getConnection();
    }
    /**
--- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson5a.java
+++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson5a.java
@ -2,11 +2,17 @@
 package org.owasp.webgoat.plugin;
 import java.io.IOException;
 import java.sql.Connection;
 import java.sql.ResultSet;
 import java.sql.ResultSetMetaData;
 import java.sql.SQLException;
 import java.sql.Statement;
 import javax.servlet.http.HttpServletRequest;
 import org.owasp.webgoat.lessons.Assignment;
 import org.owasp.webgoat.lessons.model.AttackResult;
 import org.owasp.webgoat.session.DatabaseUtilities;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
@ -44,106 +50,104 @@ import org.springframework.web.bind.annotation.ResponseBody;
 * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created October 28, 2003
 */
-public class SqlInjectionLesson extends Assignment {
+public class SqlInjectionLesson5a extends Assignment {
 	@RequestMapping(method = RequestMethod.POST)
-	public @ResponseBody AttackResult completed(@RequestParam String person, HttpServletRequest request) throws IOException {
+	public @ResponseBody AttackResult completed(@RequestParam String answer, HttpServletRequest request) throws IOException {
-	    if (!person.toString().equals("")) {
+System.out.println("answer:" + answer);
-	        return trackProgress(AttackResult.success("The server has reversed your name: " + new StringBuffer(person).reverse().toString()));
+		return injectableQuery(answer);
 	    } else {
 	        return trackProgress(AttackResult.failed("You are close, try again"));
 	    }
 	}
    @Override
    public String getPath() {
-        return "/SqlInjection/attack1";
+        return "/SqlInjection/attack5a";
    }
-//    private final static String ACCT_NAME = "account_name";
+
-//
+    protected AttackResult injectableQuery(String accountName)
-//    private static String STAGE = "stage";
+    {
-//
+        try
-//    private String accountName;
+        {
-//
+            Connection connection = DatabaseUtilities.getConnection();
-//    /**
+            String query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'";
-//     * Description of the Method
+
-//     * 
+            try
-//     * @param s
+            {
-//     *            Description of the Parameter
+                Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
-//     * @return Description of the Return Value
+                                                                    ResultSet.CONCUR_READ_ONLY);
-//     */
+                ResultSet results = statement.executeQuery(query);
-//    protected Element createContent(WebSession s)
+
-//    {
+                if ((results != null) && (results.first() == true))
-//        return super.createStagedContent(s);
+                {
-//    }
+                    ResultSetMetaData resultsMetaData = results.getMetaData();
-//
+                	StringBuffer output = new StringBuffer();
-//    protected Element doStage1(WebSession s) throws Exception
+
-//    {
+                    output.append(writeTable(results, resultsMetaData));
-//        return injectableQuery(s);
+                    results.last();
-//    }
+
-//
+                    // If they get back more than one user they succeeded
-//    protected Element doStage2(WebSession s) throws Exception
+                    if (results.getRow() >= 6)
-//    {
+                    {
-//        return parameterizedQuery(s);
+                    	return trackProgress(AttackResult.success("You have succeed: " + output.toString()));
-//    }
+                   } else {
-//
+                	   return trackProgress(AttackResult.failed("You are close, try again. "));
-//    protected Element injectableQuery(WebSession s)
+                   }
-//    {
+                    
-//        ElementContainer ec = new ElementContainer();
+                }
-//
+                else
-//        try
+                {
-//        {
+                	return trackProgress(AttackResult.failed("No Results Matched. Try Again. "));
-//            Connection connection = DatabaseUtilities.getConnection(s);
+
-//
+//                    output.append(getLabelManager().get("NoResultsMatched"));
-//            ec.addElement(makeAccountLine(s));
+                }
-//
+            } catch (SQLException sqle)
-//            String query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'";
+            {
-//            ec.addElement(new PRE(query));
+            	return trackProgress(AttackResult.failed(sqle.getMessage()));
-//
+            }
-//            try
+        } catch (Exception e)
-//            {
+        {
-//                Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
+        	return trackProgress(AttackResult.failed( "ErrorGenerating" + this.getClass().getName()));
-//                                                                    ResultSet.CONCUR_READ_ONLY);
+        }
-//                ResultSet results = statement.executeQuery(query);
+    }
-//
+    
-//                if ((results != null) && (results.first() == true))
+    public String writeTable(ResultSet results, ResultSetMetaData resultsMetaData) throws IOException,
-//                {
+	SQLException 
-//                    ResultSetMetaData resultsMetaData = results.getMetaData();
+    {
-//                    ec.addElement(DatabaseUtilities.writeTable(results, resultsMetaData));
+		int numColumns = resultsMetaData.getColumnCount();
-//                    results.last();
+		results.beforeFirst();
-//
+		StringBuffer t = new StringBuffer();
-//                    // If they get back more than one user they succeeded
+	
-//                    if (results.getRow() >= 6)
+		if (results.next())
-//                    {
+		{
-//                        makeSuccess(s);
+			for (int i = 1; i < (numColumns + 1); i++)
-//                        getLessonTracker(s).setStage(2);
+			{
-//
+				t.append(resultsMetaData.getColumnName(i));
-//                        StringBuffer msg = new StringBuffer();
+				t.append(", ");
-//
+			}
-//                        msg.append(getLabelManager().get("StringSqlInjectionSecondStage"));
+		
-//
+			t.append(System.getProperty("line.separator"));
-//                        s.setMessage(msg.toString());
+			results.beforeFirst();
-//                    }
+		
-//                }
+			while (results.next())
-//                else
+			{
-//                {
+		
-//                    ec.addElement(getLabelManager().get("NoResultsMatched"));
+				for (int i = 1; i < (numColumns + 1); i++)
-//                }
+				{
-//            } catch (SQLException sqle)
+					t.append(results.getString(i));
-//            {
+					t.append(", ");
-//                ec.addElement(new P().addElement(sqle.getMessage()));
+				}
-//                sqle.printStackTrace();
+		
-//            }
+				t.append(System.getProperty("line.separator"));
-//        } catch (Exception e)
+			}
-//        {
+		
-//            s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
+			return (t.toString());
-//            e.printStackTrace();
+		}
-//        }
+		else
-//
+		{
-//        return (ec);
+			return ("Query Successful; however no data was returned from this query.");
-//    }
+		}
    }
 //
 //    protected Element parameterizedQuery(WebSession s)
 //    {
--- a/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/html/SqlInjection.html
+++ b/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/html/SqlInjection.html
@ -56,7 +56,7 @@
 					enctype="application/json;charset=UTF-8">
 					<table>
 						<tr>
-							<td>Name:</td>
+							<td>Account Name:</td>
 							<td><input name="answer" value="" type="TEXT" /></td>
 							<td></td>
 						</tr>