Restructured the baseline to remove extra src/main directory structure. Added eclipes project file

git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
2012-11-19 23:57:51 +00:00
parent fb938e0933
commit 6a96547ef0
1204 changed files with 85 additions and 2 deletions
--- a/java/org/owasp/webgoat/lessons/PasswordStrength.java
+++ b/java/org/owasp/webgoat/lessons/PasswordStrength.java
@ -0,0 +1,221 @@
+
+package org.owasp.webgoat.lessons;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Div;
+import org.apache.ecs.html.Input;
+import org.apache.ecs.html.LI;
+import org.apache.ecs.html.OL;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.ECSFactory;
+import org.owasp.webgoat.session.WebSession;
+
+
+/***************************************************************************************************
+ * 
+ * 
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ * 
+ * Copyright (c) 2002 - 2007 Bruce Mayhew
+ * 
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ * 
+ * Getting Source ==============
+ * 
+ * Source for this application is maintained at code.google.com, a repository for free software
+ * projects.
+ * 
+ * 
+ * For details, please see http://code.google.com/p/webgoat/
+ * 
+ * @author Reto Lippuner, Marcel Wirth
+ * @created April 7, 2008
+ */
+
+public class PasswordStrength extends LessonAdapter
+{
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	protected Element createContent(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
+
+		try
+		{
+			if (s.getParser().getStringParameter("pass1", "").equals("0")
+					&& s.getParser().getStringParameter("pass2", "").equals("1394")
+					&& s.getParser().getStringParameter("pass3", "").equals("5")
+					&& s.getParser().getStringParameter("pass4", "").equals("2")
+					&& s.getParser().getStringParameter("pass5", "").equals("41"))
+			{
+				makeSuccess(s);
+				ec.addElement(new StringElement("As a guideline not bound to a single solution."));
+				ec.addElement(new BR());
+				ec.addElement(new StringElement("Assuming the brute-force power of 1,000,000 hash/second: "));
+				ec.addElement(new BR());
+				OL ol = new OL();
+				ol.addElement(new LI("123456 - 0 seconds        (dictionary based, one of top 100)"));
+				ol.addElement(new LI("abzfez - up to 5 minutes  ( 26 chars on 6 positions = 26^6 seconds)"));
+				ol.addElement(new LI("a9z1ez - up to 40 minutes ( 26+10 chars on 6 positions = 36^6 seconds)"));
+				ol.addElement(new LI("aB8fEz - up to 16 hours   ( 26+26+10 chars on 6 positions = 62^6 seconds)"));
+				ol.addElement(new LI("z8!E?7 - up to 50 days    ( 127 chars on 6 positions = 127^6 seconds)"));
+				ec.addElement(ol);
+			} else
+			{
+
+				ec.addElement(new StringElement("How much time you need for these passwords? "));
+				ec.addElement(new BR());
+				ec.addElement(new BR());
+				ec.addElement(new BR());
+				Table table = new Table();
+				table.addAttribute("align='center'", 0);
+				TR tr1 = new TR();
+				TD td1 = new TD();
+				TD td2 = new TD();
+				Input input1 = new Input(Input.TEXT, "pass1", "");
+				td1.addElement(new StringElement("Password = 123456"));
+				td2.addElement(input1);
+				td2.addElement(new StringElement("seconds"));
+				tr1.addElement(td1);
+				tr1.addElement(td2);
+	
+				TR tr2 = new TR();
+				TD td3 = new TD();
+				TD td4 = new TD();
+				Input input2 = new Input(Input.TEXT, "pass2", "");
+				td3.addElement(new StringElement("Password = abzfez"));
+				td4.addElement(input2);
+				td4.addElement(new StringElement("seconds"));
+				tr2.addElement(td3);
+				tr2.addElement(td4);
+	
+				TR tr3 = new TR();
+				TD td5 = new TD();
+				TD td6 = new TD();
+				Input input3 = new Input(Input.TEXT, "pass3", "");
+				td5.addElement(new StringElement("Password = a9z1ez"));
+				td6.addElement(input3);
+				td6.addElement(new StringElement("hours"));
+				tr3.addElement(td5);
+				tr3.addElement(td6);
+	
+				TR tr4 = new TR();
+				TD td7 = new TD();
+				TD td8 = new TD();
+				Input input4 = new Input(Input.TEXT, "pass4", "");
+				td7.addElement(new StringElement("Password = aB8fEz"));
+				td8.addElement(input4);
+				td8.addElement(new StringElement("days"));
+				tr4.addElement(td7);
+				tr4.addElement(td8);
+	
+				TR tr5 = new TR();
+				TD td9 = new TD();
+				TD td10 = new TD();
+				Input input5 = new Input(Input.TEXT, "pass5", "");
+				td9.addElement(new StringElement("Password = z8!E?7"));
+				td10.addElement(input5);
+				td10.addElement(new StringElement("days"));
+				tr5.addElement(td9);
+				tr5.addElement(td10);
+				table.addElement(tr1);
+				table.addElement(tr2);
+				table.addElement(tr3);
+				table.addElement(tr4);
+				table.addElement(tr5);
+				ec.addElement(table);
+				ec.addElement(new BR());
+				ec.addElement(new BR());
+				Div div = new Div();
+				div.addAttribute("align", "center");
+				Element b = ECSFactory.makeButton("Go!");
+				div.addElement(b);
+				ec.addElement(div);
+			}
+		} catch (Exception e)
+		{
+			s.setMessage("Error generating " + this.getClass().getName());
+			e.printStackTrace();
+		}
+
+
+		return (ec);
+	}
+
+	/**
+	 * Gets the hints attribute of the HelloScreen object
+	 * 
+	 * @return The hints value
+	 */
+	public List<String> getHints(WebSession s)
+	{
+		List<String> hints = new ArrayList<String>();
+		hints.add("Copy the passwords into the code checker.");
+		return hints;
+	}
+
+	/**
+	 * Gets the ranking attribute of the HelloScreen object
+	 * 
+	 * @return The ranking value
+	 */
+	private final static Integer DEFAULT_RANKING = new Integer(6);
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+
+	protected Category getDefaultCategory()
+	{
+		return Category.AUTHENTICATION;
+	}
+
+	public String getInstructions(WebSession s)
+	{
+		String instructions = "The Accounts of your Webapplication are only as save as the passwords. "
+				+ "For this exercise, your job is to test several passwords on <a href=\"https://www.cnlab.ch/codecheck\" target=\"_blank\">https://www.cnlab.ch/codecheck</a>. "
+				+ " You must test all 5 passwords at the same time...<br>"
+				+ "<b> On your applications you should set good password requirements! </b>";
+		return (instructions);
+	}
+
+	/**
+	 * Gets the title attribute of the HelloScreen object
+	 * 
+	 * @return The title value
+	 */
+	public String getTitle()
+	{
+		return ("Password Strength");
+	}
+
+	public Element getCredits()
+	{
+		return super.getCustomCredits("Created by: Reto Lippuner, Marcel Wirth", new StringElement(""));
+	}
+}