From 7dee412ee1d7948614e47cb6ca11160bf69ac9ae Mon Sep 17 00:00:00 2001 From: "rogan.dawes" Date: Wed, 11 Jul 2007 12:53:36 +0000 Subject: [PATCH] Fix WebServices lessons to maintain a reference to WebgoatContext Since the webservices lessons are also created automatically by Axis, which obviously does not have a reference to WebgoatContext, and wouldn't call setWebgoatContext even if it did, we need to ensure that each lesson created can still get to WebgoatContext. Do this by maintaining a static reference to WebgoatContext that all instances of the class can use. git-svn-id: http://webgoat.googlecode.com/svn/trunk@165 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../owasp/webgoat/lessons/SoapRequest.java | 19 ++++++++++++++++++ .../owasp/webgoat/lessons/WSDLScanning.java | 19 ++++++++++++++++++ .../owasp/webgoat/lessons/WsSqlInjection.java | 20 +++++++++++++++++++ 3 files changed, 58 insertions(+) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java index 692a32608..dbda60d45 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java @@ -26,6 +26,7 @@ import org.owasp.webgoat.session.DatabaseUtilities; import org.owasp.webgoat.session.ECSFactory; import org.owasp.webgoat.session.ParameterNotFoundException; import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.session.WebgoatContext; /******************************************************************************* * @@ -90,6 +91,24 @@ public class SoapRequest extends SequentialLessonAdapter static int accessLoginCount; + private static WebgoatContext webgoatContext; + + /** + * We maintain a static reference to WebgoatContext, since this class + * is also automatically instantiated by the Axis web services module, + * which does not call setWebgoatContext() + * (non-Javadoc) + * @see org.owasp.webgoat.lessons.AbstractLesson#setWebgoatContext(org.owasp.webgoat.session.WebgoatContext) + */ + @Override + public void setWebgoatContext(WebgoatContext webgoatContext) { + SoapRequest.webgoatContext = webgoatContext; + } + + @Override + public WebgoatContext getWebgoatContext() { + return SoapRequest.webgoatContext; + } protected Category getDefaultCategory() { diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java index 90d2245c1..3e52249ac 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java @@ -37,6 +37,7 @@ import org.apache.ecs.html.Table; import org.owasp.webgoat.session.DatabaseUtilities; import org.owasp.webgoat.session.ECSFactory; import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.session.WebgoatContext; /******************************************************************************* * @@ -92,6 +93,24 @@ public class WSDLScanning extends LessonAdapter final static IMG CREDITS_LOGO = new IMG("images/logos/parasoft.jpg") .setAlt("Parasoft").setBorder(0).setHspace(0).setVspace(0); + private static WebgoatContext webgoatContext; + + /** + * We maintain a static reference to WebgoatContext, since this class + * is also automatically instantiated by the Axis web services module, + * which does not call setWebgoatContext() + * (non-Javadoc) + * @see org.owasp.webgoat.lessons.AbstractLesson#setWebgoatContext(org.owasp.webgoat.session.WebgoatContext) + */ + @Override + public void setWebgoatContext(WebgoatContext webgoatContext) { + WSDLScanning.webgoatContext = webgoatContext; + } + + @Override + public WebgoatContext getWebgoatContext() { + return WSDLScanning.webgoatContext; + } protected Category getDefaultCategory() { diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java index 864a153d0..71a40f265 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java @@ -26,6 +26,7 @@ import org.apache.ecs.html.PRE; import org.owasp.webgoat.session.DatabaseUtilities; import org.owasp.webgoat.session.ECSFactory; import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.session.WebgoatContext; /******************************************************************************* * @@ -80,6 +81,25 @@ public class WsSqlInjection extends LessonAdapter */ static boolean completed; + private static WebgoatContext webgoatContext; + + /** + * We maintain a static reference to WebgoatContext, since this class + * is also automatically instantiated by the Axis web services module, + * which does not call setWebgoatContext() + * (non-Javadoc) + * @see org.owasp.webgoat.lessons.AbstractLesson#setWebgoatContext(org.owasp.webgoat.session.WebgoatContext) + */ + @Override + public void setWebgoatContext(WebgoatContext webgoatContext) { + WsSqlInjection.webgoatContext = webgoatContext; + } + + @Override + public WebgoatContext getWebgoatContext() { + return WsSqlInjection.webgoatContext; + } + protected Category getDefaultCategory() {