renamed main->src regarding to Maven conventions

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@394 4033779f-a91e-0410-96ef-6bf7bf53c507

src/main/java/org/owasp/webgoat/lessons/XMLInjection.java

@@ -0,0 +1,329 @@
+
+package org.owasp.webgoat.lessons;
+
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Div;
+import org.apache.ecs.html.Form;
+import org.apache.ecs.html.H1;
+import org.apache.ecs.html.H3;
+import org.apache.ecs.html.IMG;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.WebSession;
+
+
+/***************************************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository for free software
+ * projects.
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies.</a>
+ */
+public class XMLInjection extends LessonAdapter
+{
+
+	private final static Integer DEFAULT_RANKING = new Integer(20);
+
+	private final static String ACCOUNTID = "accountID";
+
+	public static HashMap<Integer, Reward> rewardsMap = new HashMap<Integer, Reward>();
+
+	private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt("Macadamian Technologies")
+			.setBorder(0).setHspace(0).setVspace(0);
+
+	protected static HashMap<Integer, Reward> init()
+	{
+		Reward r = new Reward();
+
+		r.setName("WebGoat t-shirt");
+		r.setPoints(50);
+		rewardsMap.put(1001, r);
+
+		r = new Reward();
+		r.setName("WebGoat Secure Kettle");
+		r.setPoints(30);
+		rewardsMap.put(1002, r);
+
+		r = new Reward();
+		r.setName("WebGoat Mug");
+		r.setPoints(20);
+		rewardsMap.put(1003, r);
+
+		r = new Reward();
+		r.setName("WebGoat Core Duo Laptop");
+		r.setPoints(2000);
+		rewardsMap.put(1004, r);
+
+		r = new Reward();
+		r.setName("WebGoat Hawaii Cruise");
+		r.setPoints(3000);
+		rewardsMap.put(1005, r);
+
+		return rewardsMap;
+	}
+
+	public void handleRequest(WebSession s)
+	{
+
+		try
+		{
+			if (s.getParser().getRawParameter("from", "").equals("ajax"))
+			{
+				if (s.getParser().getRawParameter(ACCOUNTID, "").equals("836239"))
+				{
+					String lineSep = System.getProperty("line.separator");
+					String xmlStr = "<root>" + lineSep + "<reward>WebGoat Mug 20 Pts</reward>" + lineSep
+							+ "<reward>WebGoat t-shirt 50 Pts</reward>" + lineSep
+							+ "<reward>WebGoat Secure Kettle 30 Pts</reward>" + lineSep + "</root>";
+					s.getResponse().setContentType("text/xml");
+					s.getResponse().setHeader("Cache-Control", "no-cache");
+					PrintWriter out = new PrintWriter(s.getResponse().getOutputStream());
+					out.print(xmlStr);
+					out.flush();
+					out.close();
+					return;
+				}
+			}
+		} catch (Exception ex)
+		{
+			ex.printStackTrace();
+		}
+
+		Form form = new Form(getFormAction(), Form.POST).setName("form").setEncType("");
+
+		form.addElement(createContent(s));
+
+		setContent(form);
+
+	}
+
+	protected Element createContent(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
+		boolean isDone = false;
+		init();
+
+		if (s.getParser().getRawParameter("done", "").equals("yes"))
+		{
+			isDone = true;
+		}
+		String lineSep = System.getProperty("line.separator");
+		String script = "<script>" + lineSep + "function getRewards() {" + lineSep
+				+ "var accountIDField = document.getElementById('" + ACCOUNTID + "');" + lineSep
+				+ "if (accountIDField.value.length < 6 ) { return; }" + lineSep + "var url = '" + getLink()
+				+ "&from=ajax&" + ACCOUNTID + "=' + encodeURIComponent(accountIDField.value);" + lineSep
+				+ "if (typeof XMLHttpRequest != 'undefined') {" + lineSep + "req = new XMLHttpRequest();" + lineSep
+				+ "} else if (window.ActiveXObject) {" + lineSep + "req = new ActiveXObject('Microsoft.XMLHTTP');"
+				+ lineSep + "   }" + lineSep + "   req.open('GET', url, true);" + lineSep
+				+ "   req.onreadystatechange = callback;" + lineSep + "   req.send(null);" + lineSep + "}"
+				+ lineSep
+				+ "function callback() {"
+				+ lineSep
+				+ "    if (req.readyState == 4) { "
+				+ lineSep
+				+ "        if (req.status == 200) { "
+				+ lineSep
+				+ "            var rewards = req.responseXML.getElementsByTagName('reward');"
+				+ lineSep
+				+ "			 var rewardsDiv = document.getElementById('rewardsDiv');"
+				+ lineSep
+				+ "				rewardsDiv.innerHTML = '';"
+				+ lineSep
+				+ "				var strHTML='';"
+				+ lineSep
+				+ "				strHTML = '<tr><td>&nbsp;</td><td><b>Rewards</b></td></tr>';"
+				+ lineSep
+				+ "			 for(var i=0; i< rewards.length; i++){"
+				// + lineSep
+				// + " var node = rewards.childNodes[i+1];"
+				+ lineSep
+				+ "				strHTML = strHTML + '<tr><td><input name=\"check' + (i+1001) +'\" type=\"checkbox\"></td><td>';"
+				+ lineSep + "			    strHTML = strHTML + rewards[i].firstChild.nodeValue + '</td></tr>';" + lineSep
+				+ "			 }" + lineSep + "				strHTML = '<table>' + strHTML + '</table>';" + lineSep
+				+ "				strHTML = 'Your account balance is now 100 points<br><br>' + strHTML;" + lineSep
+				+ "               rewardsDiv.innerHTML = strHTML;" + lineSep + "        }}}" + lineSep + "</script>"
+				+ lineSep;
+
+		if (!isDone)
+		{
+			ec.addElement(new StringElement(script));
+		}
+		ec.addElement(new BR().addElement(new H1().addElement("Welcome to WebGoat-Miles Reward Miles Program.")));
+		ec.addElement(new BR());
+
+		ec.addElement(new BR().addElement(new H3().addElement("Rewards available through the program:")));
+		ec.addElement(new BR());
+		Table t2 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0).setWidth("90%").setAlign("center");
+		TR trRewards = null;
+
+		for (int i = 1001; i < 1001 + rewardsMap.size(); i++)
+		{
+			trRewards = new TR();
+			Reward r = (Reward) rewardsMap.get(i);
+			trRewards.addElement(new TD("-" + r.getName()));
+			trRewards.addElement(new TD(r.getPoints() + " Pts"));
+			t2.addElement(trRewards);
+		}
+
+		ec.addElement(t2);
+
+		ec.addElement(new BR());
+
+		ec.addElement(new H3().addElement("Redeem your points:"));
+		ec.addElement(new BR());
+
+		Table t1 = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0).setWidth("90%").setAlign("center");
+
+		TR tr = new TR();
+
+		tr.addElement(new TD("Please enter your account ID:"));
+
+		Input input1 = new Input(Input.TEXT, ACCOUNTID, "");
+		input1.addAttribute("onkeyup", "getRewards();");
+		input1.addAttribute("id", ACCOUNTID);
+		tr.addElement(new TD(input1));
+		t1.addElement(tr);
+
+		ec.addElement(t1);
+		ec.addElement(new BR());
+		ec.addElement(new BR());
+		ec.addElement(new BR());
+
+		Div div = new Div();
+		div.addAttribute("name", "rewardsDiv");
+		div.addAttribute("id", "rewardsDiv");
+		ec.addElement(div);
+
+		Input b = new Input();
+		b.setType(Input.SUBMIT);
+		b.setValue("Submit");
+		b.setName("SUBMIT");
+		ec.addElement(b);
+
+		if (s.getParser().getRawParameter("SUBMIT", "") != "")
+		{
+			if (s.getParser().getRawParameter("check1004", "") != "")
+			{
+				makeSuccess(s);
+			}
+			else
+			{
+				StringBuffer shipment = new StringBuffer();
+				for (int i = 1001; i < 1001 + rewardsMap.size(); i++)
+				{
+
+					if (s.getParser().getRawParameter("check" + i, "") != "")
+					{
+						shipment.append(((Reward) rewardsMap.get(i)).getName() + "<br>");
+					}
+				}
+				shipment.insert(0, "<br><br><b>The following items will be shipped to your address:</b><br>");
+				ec.addElement(new StringElement(shipment.toString()));
+			}
+
+		}
+
+		return ec;
+	}
+
+	protected Element makeSuccess(WebSession s)
+	{
+		getLessonTracker(s).setCompleted(true);
+
+		s.setMessage("Congratulations. You have successfully completed this lesson.");
+
+		return (null);
+	}
+
+	public Element getCredits()
+	{
+		return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
+	}
+
+	protected Category getDefaultCategory()
+	{
+
+		return Category.AJAX_SECURITY;
+	}
+
+	protected Integer getDefaultRanking()
+	{
+
+		return DEFAULT_RANKING;
+	}
+
+	protected List<String> getHints(WebSession s)
+	{
+
+		List<String> hints = new ArrayList<String>();
+		hints.add("This page is using XMLHTTP to comunicate with the server.");
+		hints.add("Try to intercept the reply and check the reply.");
+		hints.add("Intercept the reply and try to inject some XML to add more rewards to yourself.");
+		return hints;
+	}
+
+	public String getTitle()
+	{
+		return "XML Injection";
+	}
+
+	static class Reward
+	{
+
+		private String name;
+
+		private int points;
+
+		public String getName()
+		{
+			return name;
+		}
+
+		public void setName(String name)
+		{
+			this.name = name;
+		}
+
+		public int getPoints()
+		{
+			return points;
+		}
+
+		public void setPoints(int points)
+		{
+			this.points = points;
+		}
+
+	}
+}