dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fully working WebGoat after migrating to Spring Boot.

Browse Source
This commit is contained in:
Nanne Baars
2016-04-08 18:06:13 +02:00
parent ecc8cb391b
commit 8ff02cab6d
26 changed files with 413 additions and 394 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
View File

@ -91,6 +91,13 @@ public class HammerHead extends HttpServlet {
*/
private WebgoatContext webgoatContext = null;
public HammerHead(WebgoatContext context) {
this.webgoatContext = context;
}
//TODO_NB
public HammerHead() {}
/**
* {@inheritDoc}
*
@ -186,7 +193,8 @@ public class HammerHead extends HttpServlet {
String viewPage = getViewPage(mySession);
logger.debug("Forwarding to view: " + viewPage);
logger.debug("Screen: " + screen);
request.getRequestDispatcher(viewPage).forward(request, response);
response.sendRedirect("startlesson.mvc");
// request.getRequestDispatcher(viewPage).forward(request, response);
} catch (Throwable t) {
logger.error("Error handling request", t); screen = new ErrorScreen(mySession, t);
} finally {
@ -242,8 +250,6 @@ public class HammerHead extends HttpServlet {
httpDateFormat = new SimpleDateFormat("EEE, dd MMM yyyyy HH:mm:ss z", Locale.US);
httpDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
propertiesPath = getServletContext().getRealPath("/WEB-INF/webgoat.properties");
webgoatContext = new WebgoatContext(this);
logger.info("Browse to http://localhost:8080/WebGoat and happy hacking!");
}
/**

19
webgoat-container/src/main/java/org/owasp/webgoat/Info.java Normal file
View File

@ -0,0 +1,19 @@
package org.owasp.webgoat;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class Info {
public static class Information {
}
@Bean(name = "information")
public Information information() {
return null;
}
}

191
webgoat-container/src/main/java/org/owasp/webgoat/LessonSource.java
View File

@ -1,191 +0,0 @@
package org.owasp.webgoat;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.WebSession;
/**
* *************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
* for free software projects.
*
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @since October 28, 2003
* @version $Id: $Id
*/
public class LessonSource extends HammerHead {
/**
*
*/
private static final long serialVersionUID = 2588430536196446145L;
/**
* Description of the Field
*/
public final static String START_SOURCE_SKIP = "START_OMIT_SOURCE";
/** Constant <code>END_SOURCE_SKIP="END_OMIT_SOURCE"</code> */
public final static String END_SOURCE_SKIP = "END_OMIT_SOURCE";
/**
* {@inheritDoc}
*
* Description of the Method
* @exception IOException Description of the Exception
* @exception ServletException Description of the Exception
*/
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
String source = null;
try {
// System.out.println( "Entering doPost: " );
// System.out.println( " - request " + request);
// System.out.println( " - principle: " + request.getUserPrincipal()
// );
// setCacheHeaders(response, 0);
WebSession session = (WebSession) request.getSession(true).getAttribute(WebSession.SESSION);
// FIXME: Too much in this call.
session.update(request, response, this.getServletName());
boolean showSolution = session.getParser().getBooleanParameter("solution", false);
boolean showSource = session.getParser().getBooleanParameter("source", false);
if (showSolution) {
// Get the Java solution of the lesson.
source = getSolution(session);
int scr = session.getCurrentScreen();
Course course = session.getCourse();
AbstractLesson lesson = course.getLesson(session, scr, AbstractLesson.USER_ROLE);
lesson.getLessonTracker(session).setViewedSolution(true);
} else if (showSource) {
// Get the Java source of the lesson. FIXME: Not needed
source = getSource(session);
int scr = session.getCurrentScreen();
Course course = session.getCourse();
AbstractLesson lesson = course.getLesson(session, scr, AbstractLesson.USER_ROLE);
lesson.getLessonTracker(session).setViewedSource(true);
}
} catch (Throwable t) {
t.printStackTrace();
log("ERROR: " + t);
} finally {
try {
this.writeSource(source, response);
} catch (Throwable thr) {
thr.printStackTrace();
log(request, "Could not write error screen: " + thr.getMessage());
}
// System.out.println( "Leaving doPost: " );
}
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
*/
protected String getSource(WebSession s) {
String source = null;
int scr = s.getCurrentScreen();
Course course = s.getCourse();
if (s.isUser() || s.isChallenge()) {
AbstractLesson lesson = course.getLesson(s, scr, AbstractLesson.USER_ROLE);
if (lesson != null) {
source = lesson.getSource(s);
}
}
if (source == null) {
return "Source code is not available. Contact "
+ s.getWebgoatContext().getFeedbackAddressHTML();
}
return (source.replaceAll("(?s)" + START_SOURCE_SKIP + ".*" + END_SOURCE_SKIP,
"Code Section Deliberately Omitted"));
}
/**
* <p>getSolution.</p>
*
* @param s a {@link org.owasp.webgoat.session.WebSession} object.
* @return a {@link java.lang.String} object.
*/
protected String getSolution(WebSession s) {
String source = null;
int scr = s.getCurrentScreen();
Course course = s.getCourse();
if (s.isUser() || s.isChallenge()) {
AbstractLesson lesson = course.getLesson(s, scr, AbstractLesson.USER_ROLE);
if (lesson != null) {
source = lesson.getSolution(s);
}
}
if (source == null) {
return "Solution is not available. Contact "
+ s.getWebgoatContext().getFeedbackAddressHTML();
}
return (source);
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @param response Description of the Parameter
* @exception IOException Description of the Exception
* @throws java.io.IOException if any.
*/
protected void writeSource(String s, HttpServletResponse response) throws IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
if (s == null) {
s = new String();
}
out.print(s);
out.close();
}
}

11
webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
View File

@ -1,6 +1,7 @@
package org.owasp.webgoat;
import org.owasp.webgoat.session.LabelDebugger;
import org.owasp.webgoat.session.WebgoatContext;
import org.springframework.boot.context.embedded.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@ -13,7 +14,6 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter
@Configuration
public class MvcConfiguration extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
@ -21,8 +21,13 @@ public class MvcConfiguration extends WebMvcConfigurerAdapter {
}
@Bean
public ServletRegistrationBean servletRegistrationBean() {
return new ServletRegistrationBean(new HammerHead(), "/attack/*");
public ServletRegistrationBean servletRegistrationBean(HammerHead hammerHead) {
return new ServletRegistrationBean(hammerHead, "/attack/*");
}
@Bean
public HammerHead hammerHead(WebgoatContext context) {
return new HammerHead(context);
}
@Bean

9
webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
View File

@ -5,9 +5,6 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.context.web.SpringBootServletInitializer;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
@SpringBootApplication
public class WebGoat extends SpringBootServletInitializer {
@ -16,12 +13,6 @@ public class WebGoat extends SpringBootServletInitializer {
return application.sources(WebGoat.class);
}
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
super.onStartup(servletContext);
}
public static void main(String[] args) throws Exception {
SpringApplication.run(WebGoat.class, args);
}

1
webgoat-container/src/main/java/org/owasp/webgoat/application/Application.java
View File

@ -14,6 +14,7 @@ import org.apache.commons.lang3.builder.ToStringBuilder;
* @author rlawson
* @version $Id: $Id
*/
//TODO_NB still necessary?
public class Application {
private static final Application INSTANCE = new Application();

28
webgoat-container/src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java
View File

@ -5,6 +5,18 @@
*/
package org.owasp.webgoat.application;
import org.owasp.webgoat.lessons.LessonServletMapping;
import org.owasp.webgoat.plugins.PluginsLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider;
import org.springframework.core.type.filter.AnnotationTypeFilter;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.ServletRegistration;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Paths;
@ -16,20 +28,6 @@ import java.util.Set;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.ServletRegistration;
import org.owasp.webgoat.HammerHead;
import org.owasp.webgoat.lessons.LessonServletMapping;
import org.owasp.webgoat.plugins.PluginsLoader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider;
import org.springframework.core.type.filter.AnnotationTypeFilter;
/**
* Web application lifecycle listener.
*
@ -38,7 +36,7 @@ import org.springframework.core.type.filter.AnnotationTypeFilter;
*/
public class WebGoatServletListener implements ServletContextListener {
private static final Logger logger = LoggerFactory.getLogger(HammerHead.class);
private static final Logger logger = LoggerFactory.getLogger(WebGoatServletListener.class);
/** {@inheritDoc} */
@Override

54
webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java Normal file
View File

@ -0,0 +1,54 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.owasp.webgoat.controller;
import org.owasp.webgoat.lessons.RandomLessonAdapter;
import org.owasp.webgoat.session.WebSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
/**
* <p>Start class.</p>
*
* @author rlawson
* @version $Id: $Id
*/
@Controller
public class StartLesson {
final Logger logger = LoggerFactory.getLogger(StartLesson.class);
@Autowired
private ServletContext servletContext;
/**
* <p>start.</p>
*
* @param request a {@link HttpServletRequest} object.
* @return a {@link ModelAndView} object.
*/
@RequestMapping(path = "startlesson.mvc", method = {RequestMethod.GET, RequestMethod.POST})
public ModelAndView start(HttpServletRequest request) {
ModelAndView model = new ModelAndView();
WebSession ws = (WebSession) request.getSession().getAttribute(WebSession.SESSION);
model.addObject("has_stages", ws.getCurrentLesson() instanceof RandomLessonAdapter);
model.addObject("course", ws.getCourse());
model.addObject("lesson", ws.getCurrentLesson());
model.addObject("message", ws.getMessage());
model.addObject("instructions", ws.getInstructions());
model.setViewName("lesson_content");
return model;
}
}

2
webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
View File

@ -10,10 +10,10 @@ import org.apache.ecs.html.Html;
import org.apache.ecs.html.IMG;
import org.apache.ecs.html.PRE;
import org.apache.ecs.html.Title;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.Screen;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.session.WebgoatProperties;
import org.owasp.webgoat.util.BeanProvider;
import org.owasp.webgoat.util.LabelManager;

29
webgoat-container/src/main/java/org/owasp/webgoat/plugins/LegacyLoader.java
View File

@ -1,10 +1,17 @@
package org.owasp.webgoat.plugins;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.session.WebgoatProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.support.SimpleBeanDefinitionRegistry;
import org.springframework.context.annotation.ClassPathBeanDefinitionScanner;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.core.type.filter.AssignableTypeFilter;
import org.springframework.core.type.filter.TypeFilter;
import javax.servlet.ServletContext;
import java.io.File;
@ -142,7 +149,9 @@ public class LegacyLoader {
*/
public void loadFiles(ServletContext context, String path) {
logger.debug("Loading files into cache, path: " + path);
Set resourcePaths = context.getResourcePaths(path);
Resource resource = new ClassPathResource("/");
Set resourcePaths = null;
if (resourcePaths == null) {
logger.error("Unable to load file cache for courses, this is probably a bug or configuration issue");
return;
@ -170,15 +179,20 @@ public class LegacyLoader {
* @return a {@link java.util.List} object.
*/
public List<AbstractLesson> loadLessons(WebgoatContext webgoatContext, ServletContext context, String path, WebgoatProperties properties ) {
BeanDefinitionRegistry bdr = new SimpleBeanDefinitionRegistry();
ClassPathBeanDefinitionScanner s = new ClassPathBeanDefinitionScanner(bdr);
loadFiles(context, path);
TypeFilter tf = new AssignableTypeFilter(AbstractLesson.class);
s.addIncludeFilter(tf);
s.setIncludeAnnotationConfig(false);
s.scan("org.owasp.webgoat.lessons.admin");
String[] beanDefinitionNames = bdr.getBeanDefinitionNames();
List<AbstractLesson> lessons = new LinkedList<AbstractLesson>();
for (String file : files) {
String className = getClassFile(file, path);
for (String file : beanDefinitionNames) {
String className = bdr.getBeanDefinition(file).getBeanClassName();
if (className != null && !className.endsWith("_i") && className.startsWith("org.owasp.webgoat.lessons.admin")) {
try {
Class c = Class.forName(className);
Object o = c.newInstance();
@ -201,9 +215,8 @@ public class LegacyLoader {
// can't tell that because it threw the exception. Catch 22
// logger.error("Error in loadLessons: ", e);
}
}
}
loadResources(lessons);
// loadResources(lessons);
return lessons;
}

11
webgoat-container/src/main/java/org/owasp/webgoat/service/SourceService.java
View File

@ -39,9 +39,6 @@ import org.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpSession;
import static org.owasp.webgoat.LessonSource.END_SOURCE_SKIP;
import static org.owasp.webgoat.LessonSource.START_SOURCE_SKIP;
/**
* <p>SourceService class.</p>
*
@ -51,6 +48,14 @@ import static org.owasp.webgoat.LessonSource.START_SOURCE_SKIP;
@Controller
public class SourceService extends BaseService {
/**
* Description of the Field
*/
public final static String START_SOURCE_SKIP = "START_OMIT_SOURCE";
/** Constant <code>END_SOURCE_SKIP="END_OMIT_SOURCE"</code> */
public final static String END_SOURCE_SKIP = "END_OMIT_SOURCE";
/**
* Returns source for current attack
*

11
webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java
View File

@ -1,6 +1,12 @@
package org.owasp.webgoat.session;
import org.apache.ecs.MultiPartElement;
import org.apache.ecs.html.B;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
@ -9,11 +15,6 @@ import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.util.HashMap;
import java.util.Map;
import org.apache.ecs.MultiPartElement;
import org.apache.ecs.html.B;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
/**

52
webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java
View File

@ -1,5 +1,19 @@
package org.owasp.webgoat.session;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.RandomLessonAdapter;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.lessons.model.RequestParameter;
import org.owasp.webgoat.util.BeanProvider;
import org.owasp.webgoat.util.LabelManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.Principal;
@ -15,19 +29,6 @@ import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Vector;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.RandomLessonAdapter;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.lessons.model.RequestParameter;
import org.owasp.webgoat.util.BeanProvider;
import org.owasp.webgoat.util.LabelManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* *************************************************************************************************
@ -60,6 +61,10 @@ import org.slf4j.LoggerFactory;
*/
public class WebSession {
/**
* @TODO_NB Spring can take inject this bean bound to a specific scope no longer necessary to bound it to a HTTP session
*/
final Logger logger = LoggerFactory.getLogger(WebSession.class);
/**
@ -521,27 +526,6 @@ public class WebSession {
return params;
}
/**
* <p> getCookies. </p>
*
* @return a {@link java.util.List} object.
*/
public List<Cookie> getCookies() {
List<Cookie> cookies = null;
if (showCookies()) {
cookies = Arrays.asList(request.getCookies());
}
/*
* List cookies = new Vector(); HttpServletRequest request = getRequest(); Cookie[] cookies =
* request.getCookies(); if ( cookies.length == 0 ) { list.addElement( new LI( "No Cookies" ) ); } for ( int i =
* 0; i < cookies.length; i++ ) { Cookie cookie = cookies[i]; cookies.add(cookie); //list.addElement( new LI(
* cookie.getName() + " -> " + cookie.getValue() ) ); }
*/
return cookies;
}
/**
* Gets the cookie attribute of the CookieScreen object
*

94
webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
View File

@ -2,6 +2,8 @@ package org.owasp.webgoat.session;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import javax.servlet.http.HttpServlet;
@ -11,62 +13,20 @@ import javax.servlet.http.HttpServlet;
* @version $Id: $Id
* @author dm
*/
@Configuration
public class WebgoatContext {
final Logger logger = LoggerFactory.getLogger(WebgoatContext.class);
/** Constant <code>DATABASE_CONNECTION_STRING="DatabaseConnectionString"</code> */
public final static String DATABASE_CONNECTION_STRING = "DatabaseConnectionString";
/** Constant <code>DATABASE_DRIVER="DatabaseDriver"</code> */
public final static String DATABASE_DRIVER = "DatabaseDriver";
/** Constant <code>DATABASE_USER="DatabaseUser"</code> */
public final static String DATABASE_USER = "DatabaseUser";
/** Constant <code>DATABASE_PASSWORD="DatabasePassword"</code> */
public final static String DATABASE_PASSWORD = "DatabasePassword";
/** Constant <code>ENTERPRISE="Enterprise"</code> */
public final static String ENTERPRISE = "Enterprise";
/** Constant <code>CODING_EXERCISES="CodingExercises"</code> */
public final static String CODING_EXERCISES = "CodingExercises";
/** Constant <code>SHOWCOOKIES="ShowCookies"</code> */
public final static String SHOWCOOKIES = "ShowCookies";
/** Constant <code>SHOWPARAMS="ShowParams"</code> */
public final static String SHOWPARAMS = "ShowParams";
/** Constant <code>SHOWREQUEST="ShowRequest"</code> */
public final static String SHOWREQUEST = "ShowRequest";
/** Constant <code>SHOWSOURCE="ShowSource"</code> */
public final static String SHOWSOURCE = "ShowSource";
/** Constant <code>SHOWSOLUTION="ShowSolution"</code> */
public final static String SHOWSOLUTION = "ShowSolution";
/** Constant <code>SHOWHINTS="ShowHints"</code> */
public final static String SHOWHINTS = "ShowHints";
/** Constant <code>FEEDBACK_ADDRESS_HTML="FeedbackAddressHTML"</code> */
public final static String FEEDBACK_ADDRESS_HTML = "FeedbackAddressHTML";
/** Constant <code>FEEDBACK_ADDRESS="email"</code> */
public final static String FEEDBACK_ADDRESS = "email";
/** Constant <code>DEBUG="debug"</code> */
public final static String DEBUG = "debug";
/** Constant <code>DEFAULTLANGUAGE="DefaultLanguage"</code> */
public final static String DEFAULTLANGUAGE = "DefaultLanguage";
@Value("${webgoat.database.connection.string}")
private String databaseConnectionString;
private String realConnectionString = null;
@Value("${webgoat.database.driver}")
private String databaseDriver;
private String databaseUser;
@ -87,9 +47,11 @@ public class WebgoatContext {
private boolean codingExercises = false;
private String feedbackAddress = "webgoat@owasp.org";
@Value("${webgoat.feedback.address}")
private String feedbackAddress;
private String feedbackAddressHTML = "<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>";
@Value("${webgoat.feedback.address.html}")
private String feedbackAddressHTML = "";
private boolean isDebug = false;
@ -101,44 +63,6 @@ public class WebgoatContext {
private java.nio.file.Path pluginDirectory;
/**
* <p>Constructor for WebgoatContext.</p>
*
* @param servlet a {@link javax.servlet.http.HttpServlet} object.
*/
public WebgoatContext(HttpServlet servlet) {
this.servlet = servlet;
databaseConnectionString = getParameter(servlet, DATABASE_CONNECTION_STRING);
databaseDriver = getParameter(servlet, DATABASE_DRIVER);
databaseUser = getParameter(servlet, DATABASE_USER);
databasePassword = getParameter(servlet, DATABASE_PASSWORD);
// initialize from web.xml
showParams = "true".equals(getParameter(servlet, SHOWPARAMS));
showCookies = "true".equals(getParameter(servlet, SHOWCOOKIES));
showSource = "true".equals(getParameter(servlet, SHOWSOURCE));
showSolution = "true".equals(getParameter(servlet, SHOWSOLUTION));
enterprise = "true".equals(getParameter(servlet, ENTERPRISE));
codingExercises = "true".equals(getParameter(servlet, CODING_EXERCISES));
feedbackAddressHTML = getParameter(servlet, FEEDBACK_ADDRESS_HTML) != null ? getParameter(servlet,
FEEDBACK_ADDRESS_HTML)
: feedbackAddressHTML;
feedbackAddress = getParameter(servlet, FEEDBACK_ADDRESS) != null ? getParameter(servlet, FEEDBACK_ADDRESS)
: feedbackAddress;
showRequest = "true".equals(getParameter(servlet, SHOWREQUEST));
isDebug = "true".equals(getParameter(servlet, DEBUG));
servletName = servlet.getServletName();
defaultLanguage = getParameter(servlet, DEFAULTLANGUAGE) != null ? new String(getParameter(servlet, DEFAULTLANGUAGE)) : new String("en");
}
private String getParameter(HttpServlet servlet, String key) {
String value = System.getenv().get(key);
if (value == null) {
value = servlet.getInitParameter(key);
}
return value;
}
/**
* returns the connection string with the real path to the database
* directory inserted at the word PATH

4
webgoat-container/src/main/java/org/owasp/webgoat/util/WebGoatI18N.java
View File

@ -1,10 +1,12 @@
package org.owasp.webgoat.util;
import org.owasp.webgoat.session.WebgoatContext;
import java.util.HashMap;
import java.util.Locale;
import java.util.ResourceBundle;
import org.owasp.webgoat.session.WebgoatContext;
@Deprecated
/**