dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reformat of Java source. Added JavaStyle format definitions.

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@287 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2008-02-27 00:29:19 +00:00
parent cbdff41aa8
commit a8db8989c8
126 changed files with 20713 additions and 22183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

235
main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ListStaff.java
View File

@ -1,3 +1,4 @@
package org.owasp.webgoat.lessons.SQLInjection;
import java.sql.ResultSet;
@ -5,7 +6,6 @@ import java.sql.SQLException;
import java.sql.Statement;
import java.util.List;
import java.util.Vector;
import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
import org.owasp.webgoat.session.EmployeeStub;
@ -14,162 +14,143 @@ import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.WebSession;
/*******************************************************************************
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository
* for free software projects.
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
public class ListStaff extends DefaultLessonAction
{
public ListStaff(GoatHillsFinancial lesson, String lessonName, String actionName)
{
super(lesson, lessonName, actionName);
}
public void handleRequest(WebSession s) throws ParameterNotFoundException,
UnauthenticatedException, UnauthorizedException
{
getLesson().setCurrentAction(s, getActionName());
if (isAuthenticated(s))
public ListStaff(GoatHillsFinancial lesson, String lessonName, String actionName)
{
int userId = getIntSessionAttribute(s, getLessonName() + "."
+ SQLInjection.USER_ID);
List employees = getAllEmployees(s, userId);
setSessionAttribute(s, getLessonName() + "."
+ SQLInjection.STAFF_ATTRIBUTE_KEY, employees);
super(lesson, lessonName, actionName);
}
else
throw new UnauthenticatedException();
}
public String getNextPage(WebSession s)
{
return SQLInjection.LISTSTAFF_ACTION;
}
public List getAllEmployees(WebSession s, int userId)
throws UnauthorizedException
{
// Query the database for all employees "owned" by the given employee
List<EmployeeStub> employees = new Vector<EmployeeStub>();
try
public void handleRequest(WebSession s) throws ParameterNotFoundException, UnauthenticatedException,
UnauthorizedException
{
String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles WHERE employee.userid=roles.userid and employee.userid in "
+ "(SELECT employee_id FROM ownership WHERE employer_id = "
+ userId + ")";
getLesson().setCurrentAction(s, getActionName());
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
answer_results.beforeFirst();
while (answer_results.next())
if (isAuthenticated(s))
{
int employeeId = answer_results.getInt("userid");
String firstName = answer_results.getString("first_name");
String lastName = answer_results.getString("last_name");
String role = answer_results.getString("role");
//System.out.println("Retrieving employee stub for role " + role);
EmployeeStub stub = new EmployeeStub(employeeId, firstName,
lastName, role);
employees.add(stub);
int userId = getIntSessionAttribute(s, getLessonName() + "." + SQLInjection.USER_ID);
List employees = getAllEmployees(s, userId);
setSessionAttribute(s, getLessonName() + "." + SQLInjection.STAFF_ATTRIBUTE_KEY, employees);
}
}
catch (SQLException sqle)
{
s.setMessage("Error getting employees");
sqle.printStackTrace();
}
}
catch (Exception e)
{
s.setMessage("Error getting employees");
e.printStackTrace();
else
throw new UnauthenticatedException();
}
return employees;
}
public List getAllEmployees_BACKUP(WebSession s, int userId)
throws UnauthorizedException
{
// Query the database for all employees "owned" by the given employee
List<EmployeeStub> employees = new Vector<EmployeeStub>();
try
public String getNextPage(WebSession s)
{
String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles WHERE employee.userid=roles.userid and employee.userid in "
+ "(SELECT employee_id FROM ownership WHERE employer_id = "
+ userId + ")";
return SQLInjection.LISTSTAFF_ACTION;
}
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
answer_results.beforeFirst();
while (answer_results.next())
public List getAllEmployees(WebSession s, int userId) throws UnauthorizedException
{
// Query the database for all employees "owned" by the given employee
List<EmployeeStub> employees = new Vector<EmployeeStub>();
try
{
int employeeId = answer_results.getInt("userid");
String firstName = answer_results.getString("first_name");
String lastName = answer_results.getString("last_name");
String role = answer_results.getString("role");
//System.out.println("Retrieving employee stub for role " + role);
EmployeeStub stub = new EmployeeStub(employeeId, firstName,
lastName, role);
employees.add(stub);
String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles WHERE employee.userid=roles.userid and employee.userid in "
+ "(SELECT employee_id FROM ownership WHERE employer_id = " + userId + ")";
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
answer_results.beforeFirst();
while (answer_results.next())
{
int employeeId = answer_results.getInt("userid");
String firstName = answer_results.getString("first_name");
String lastName = answer_results.getString("last_name");
String role = answer_results.getString("role");
// System.out.println("Retrieving employee stub for role " + role);
EmployeeStub stub = new EmployeeStub(employeeId, firstName, lastName, role);
employees.add(stub);
}
} catch (SQLException sqle)
{
s.setMessage("Error getting employees");
sqle.printStackTrace();
}
} catch (Exception e)
{
s.setMessage("Error getting employees");
e.printStackTrace();
}
}
catch (SQLException sqle)
{
s.setMessage("Error getting employees");
sqle.printStackTrace();
}
}
catch (Exception e)
{
s.setMessage("Error getting employees");
e.printStackTrace();
return employees;
}
return employees;
}
public List getAllEmployees_BACKUP(WebSession s, int userId) throws UnauthorizedException
{
// Query the database for all employees "owned" by the given employee
List<EmployeeStub> employees = new Vector<EmployeeStub>();
try
{
String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles WHERE employee.userid=roles.userid and employee.userid in "
+ "(SELECT employee_id FROM ownership WHERE employer_id = " + userId + ")";
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
answer_results.beforeFirst();
while (answer_results.next())
{
int employeeId = answer_results.getInt("userid");
String firstName = answer_results.getString("first_name");
String lastName = answer_results.getString("last_name");
String role = answer_results.getString("role");
// System.out.println("Retrieving employee stub for role " + role);
EmployeeStub stub = new EmployeeStub(employeeId, firstName, lastName, role);
employees.add(stub);
}
} catch (SQLException sqle)
{
s.setMessage("Error getting employees");
sqle.printStackTrace();
}
} catch (Exception e)
{
s.setMessage("Error getting employees");
e.printStackTrace();
}
return employees;
}
}

435
main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/Login.java
View File

@ -1,3 +1,4 @@
package org.owasp.webgoat.lessons.SQLInjection;
import java.sql.ResultSet;
@ -5,7 +6,6 @@ import java.sql.SQLException;
import java.sql.Statement;
import java.util.List;
import java.util.Vector;
import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction;
@ -16,282 +16,243 @@ import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.ValidationException;
import org.owasp.webgoat.session.WebSession;
/*******************************************************************************
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository
* for free software projects.
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
public class Login extends DefaultLessonAction
{
private LessonAction chainedAction;
private LessonAction chainedAction;
public Login(GoatHillsFinancial lesson, String lessonName, String actionName,
LessonAction chainedAction)
{
super(lesson, lessonName, actionName);
this.chainedAction = chainedAction;
}
public void handleRequest(WebSession s) throws ParameterNotFoundException,
ValidationException
{
//System.out.println("Login.handleRequest()");
getLesson().setCurrentAction(s, getActionName());
List employees = getAllEmployees(s);
setSessionAttribute(s, getLessonName() + "."
+ SQLInjection.STAFF_ATTRIBUTE_KEY, employees);
String employeeId = null;
try
public Login(GoatHillsFinancial lesson, String lessonName, String actionName, LessonAction chainedAction)
{
employeeId = s.getParser().getStringParameter(
SQLInjection.EMPLOYEE_ID);
String password = s.getParser().getRawParameter(
SQLInjection.PASSWORD);
super(lesson, lessonName, actionName);
this.chainedAction = chainedAction;
}
// Attempt authentication
boolean authenticated = login(s, employeeId, password);
public void handleRequest(WebSession s) throws ParameterNotFoundException, ValidationException
{
// System.out.println("Login.handleRequest()");
getLesson().setCurrentAction(s, getActionName());
updateLessonStatus(s);
List employees = getAllEmployees(s);
setSessionAttribute(s, getLessonName() + "." + SQLInjection.STAFF_ATTRIBUTE_KEY, employees);
if (authenticated)
{
// Execute the chained Action if authentication succeeded.
String employeeId = null;
try
{
chainedAction.handleRequest(s);
}
catch (UnauthenticatedException ue1)
employeeId = s.getParser().getStringParameter(SQLInjection.EMPLOYEE_ID);
String password = s.getParser().getRawParameter(SQLInjection.PASSWORD);
// Attempt authentication
boolean authenticated = login(s, employeeId, password);
updateLessonStatus(s);
if (authenticated)
{
// Execute the chained Action if authentication succeeded.
try
{
chainedAction.handleRequest(s);
} catch (UnauthenticatedException ue1)
{
System.out.println("Internal server error");
ue1.printStackTrace();
} catch (UnauthorizedException ue2)
{
System.out.println("Internal server error");
ue2.printStackTrace();
}
}
else
s.setMessage("Login failed");
} catch (ParameterNotFoundException pnfe)
{
System.out.println("Internal server error");
ue1.printStackTrace();
// No credentials offered, so we log them out
setSessionAttribute(s, getLessonName() + ".isAuthenticated", Boolean.FALSE);
}
catch (UnauthorizedException ue2)
}
public String getNextPage(WebSession s)
{
String nextPage = SQLInjection.LOGIN_ACTION;
if (isAuthenticated(s)) nextPage = chainedAction.getNextPage(s);
return nextPage;
}
public boolean requiresAuthentication()
{
return false;
}
public boolean login(WebSession s, String userId, String password)
{
// System.out.println("Logging in to lesson");
boolean authenticated = false;
try
{
System.out.println("Internal server error");
ue2.printStackTrace();
}
}
else
s.setMessage("Login failed");
}
catch (ParameterNotFoundException pnfe)
{
// No credentials offered, so we log them out
setSessionAttribute(s, getLessonName() + ".isAuthenticated",
Boolean.FALSE);
}
}
public String getNextPage(WebSession s)
{
String nextPage = SQLInjection.LOGIN_ACTION;
if (isAuthenticated(s))
nextPage = chainedAction.getNextPage(s);
return nextPage;
}
public boolean requiresAuthentication()
{
return false;
}
public boolean login(WebSession s, String userId, String password)
{
//System.out.println("Logging in to lesson");
boolean authenticated = false;
try
{
String query = "SELECT * FROM employee WHERE userid = " + userId
+ " and password = '" + password + "'";
//System.out.println("Query:" + query);
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
if (answer_results.first())
String query = "SELECT * FROM employee WHERE userid = " + userId + " and password = '" + password + "'";
// System.out.println("Query:" + query);
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
if (answer_results.first())
{
setSessionAttribute(s, getLessonName() + ".isAuthenticated", Boolean.TRUE);
setSessionAttribute(s, getLessonName() + "." + SQLInjection.USER_ID, userId);
authenticated = true;
}
} catch (SQLException sqle)
{
s.setMessage("Error logging in");
sqle.printStackTrace();
}
} catch (Exception e)
{
setSessionAttribute(s,
getLessonName() + ".isAuthenticated", Boolean.TRUE);
setSessionAttribute(s, getLessonName() + "."
+ SQLInjection.USER_ID, userId);
authenticated = true;
s.setMessage("Error logging in");
e.printStackTrace();
}
}
catch (SQLException sqle)
{
s.setMessage("Error logging in");
sqle.printStackTrace();
}
}
catch (Exception e)
{
s.setMessage("Error logging in");
e.printStackTrace();
// System.out.println("Lesson login result: " + authenticated);
return authenticated;
}
//System.out.println("Lesson login result: " + authenticated);
return authenticated;
}
public boolean login_BACKUP(WebSession s, String userId, String password)
{
//System.out.println("Logging in to lesson");
boolean authenticated = false;
try
public boolean login_BACKUP(WebSession s, String userId, String password)
{
String query = "SELECT * FROM employee WHERE userid = " + userId
+ " and password = '" + password + "'";
//System.out.println("Query:" + query);
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
if (answer_results.first())
// System.out.println("Logging in to lesson");
boolean authenticated = false;
try
{
setSessionAttribute(s,
getLessonName() + ".isAuthenticated", Boolean.TRUE);
setSessionAttribute(s, getLessonName() + "."
+ SQLInjection.USER_ID, userId);
authenticated = true;
}
String query = "SELECT * FROM employee WHERE userid = " + userId + " and password = '" + password + "'";
// System.out.println("Query:" + query);
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
if (answer_results.first())
{
setSessionAttribute(s, getLessonName() + ".isAuthenticated", Boolean.TRUE);
setSessionAttribute(s, getLessonName() + "." + SQLInjection.USER_ID, userId);
authenticated = true;
}
}
catch (SQLException sqle)
{
s.setMessage("Error logging in");
sqle.printStackTrace();
}
}
catch (Exception e)
{
s.setMessage("Error logging in");
e.printStackTrace();
}
//System.out.println("Lesson login result: " + authenticated);
return authenticated;
}
public List getAllEmployees(WebSession s)
{
List<EmployeeStub> employees = new Vector<EmployeeStub>();
// Query the database for all roles the given employee belongs to
// Query the database for all employees "owned" by these roles
try
{
String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles "
+ "where employee.userid=roles.userid";
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
answer_results.beforeFirst();
while (answer_results.next())
} catch (SQLException sqle)
{
s.setMessage("Error logging in");
sqle.printStackTrace();
}
} catch (Exception e)
{
int employeeId = answer_results.getInt("userid");
String firstName = answer_results.getString("first_name");
String lastName = answer_results.getString("last_name");
String role = answer_results.getString("role");
EmployeeStub stub = new EmployeeStub(employeeId, firstName,
lastName, role);
employees.add(stub);
s.setMessage("Error logging in");
e.printStackTrace();
}
}
catch (SQLException sqle)
{
s.setMessage("Error getting employees");
sqle.printStackTrace();
}
// System.out.println("Lesson login result: " + authenticated);
return authenticated;
}
catch (Exception e)
public List getAllEmployees(WebSession s)
{
s.setMessage("Error getting employees");
e.printStackTrace();
List<EmployeeStub> employees = new Vector<EmployeeStub>();
// Query the database for all roles the given employee belongs to
// Query the database for all employees "owned" by these roles
try
{
String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles "
+ "where employee.userid=roles.userid";
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
answer_results.beforeFirst();
while (answer_results.next())
{
int employeeId = answer_results.getInt("userid");
String firstName = answer_results.getString("first_name");
String lastName = answer_results.getString("last_name");
String role = answer_results.getString("role");
EmployeeStub stub = new EmployeeStub(employeeId, firstName, lastName, role);
employees.add(stub);
}
} catch (SQLException sqle)
{
s.setMessage("Error getting employees");
sqle.printStackTrace();
}
} catch (Exception e)
{
s.setMessage("Error getting employees");
e.printStackTrace();
}
return employees;
}
return employees;
}
private void updateLessonStatus(WebSession s)
{
try
private void updateLessonStatus(WebSession s)
{
String employeeId = s.getParser().getStringParameter(
SQLInjection.EMPLOYEE_ID);
String password = s.getParser().getRawParameter(
SQLInjection.PASSWORD);
String stage = getStage(s);
if (SQLInjection.STAGE1.equals(stage))
{
if (Integer.parseInt(employeeId) == SQLInjection.PRIZE_EMPLOYEE_ID
&& isAuthenticated(s))
{
setStageComplete(s, SQLInjection.STAGE1);
}
}
else if (SQLInjection.STAGE2.equals(stage))
{
// This assumes the student hasn't modified login_BACKUP().
if (Integer.parseInt(employeeId) == SQLInjection.PRIZE_EMPLOYEE_ID
&& !isAuthenticated(s)
&& login_BACKUP(s, employeeId, password))
{
setStageComplete(s, SQLInjection.STAGE2);
}
}
try
{
String employeeId = s.getParser().getStringParameter(SQLInjection.EMPLOYEE_ID);
String password = s.getParser().getRawParameter(SQLInjection.PASSWORD);
String stage = getStage(s);
if (SQLInjection.STAGE1.equals(stage))
{
if (Integer.parseInt(employeeId) == SQLInjection.PRIZE_EMPLOYEE_ID && isAuthenticated(s))
{
setStageComplete(s, SQLInjection.STAGE1);
}
}
else if (SQLInjection.STAGE2.equals(stage))
{
// This assumes the student hasn't modified login_BACKUP().
if (Integer.parseInt(employeeId) == SQLInjection.PRIZE_EMPLOYEE_ID && !isAuthenticated(s)
&& login_BACKUP(s, employeeId, password))
{
setStageComplete(s, SQLInjection.STAGE2);
}
}
} catch (ParameterNotFoundException pnfe)
{
}
}
catch (ParameterNotFoundException pnfe)
{}
}
}

402
main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
View File

@ -1,3 +1,4 @@
package org.owasp.webgoat.lessons.SQLInjection;
import java.util.ArrayList;
@ -18,249 +19,230 @@ import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.ValidationException;
import org.owasp.webgoat.session.WebSession;
/*******************************************************************************
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository
* for free software projects.
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
public class SQLInjection extends GoatHillsFinancial
{
private final static Integer DEFAULT_RANKING = new Integer(75);
private final static Integer DEFAULT_RANKING = new Integer(75);
public final static int PRIZE_EMPLOYEE_ID = 112;
public final static int PRIZE_EMPLOYEE_ID = 112;
public final static String PRIZE_EMPLOYEE_NAME = "Neville Bartholomew";
public final static String PRIZE_EMPLOYEE_NAME = "Neville Bartholomew";
public final static String STAGE1 = "String SQL Injection";
public final static String STAGE2 = "Parameterized Query #1";
public final static String STAGE3 = "Numeric SQL Injection";
public final static String STAGE4 = "Parameterized Query #2";
public void registerActions(String className)
{
registerAction(new ListStaff(this, className, LISTSTAFF_ACTION));
registerAction(new SearchStaff(this, className, SEARCHSTAFF_ACTION));
registerAction(new ViewProfile(this, className, VIEWPROFILE_ACTION));
registerAction(new EditProfile(this, className, EDITPROFILE_ACTION));
registerAction(new EditProfile(this, className, CREATEPROFILE_ACTION));
public final static String STAGE1 = "String SQL Injection";
// These actions are special in that they chain to other actions.
registerAction(new Login(this, className, LOGIN_ACTION,
getAction(LISTSTAFF_ACTION)));
registerAction(new Logout(this, className, LOGOUT_ACTION,
getAction(LOGIN_ACTION)));
registerAction(new FindProfile(this, className, FINDPROFILE_ACTION,
getAction(VIEWPROFILE_ACTION)));
registerAction(new UpdateProfile(this, className,
UPDATEPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
registerAction(new DeleteProfile(this, className,
DELETEPROFILE_ACTION, getAction(LISTSTAFF_ACTION)));
}
public final static String STAGE2 = "Parameterized Query #1";
/**
* Gets the category attribute of the CrossSiteScripting object
*
* @return The category value
*/
public Category getDefaultCategory()
{
return Category.INJECTION;
}
public final static String STAGE3 = "Numeric SQL Injection";
/**
* Gets the hints attribute of the DirectoryScreen object
*
* @return The hints value
*/
protected List<String> getHints(WebSession s)
{
List<String> hints = new ArrayList<String>();
hints
.add("The application is taking your input and inserting it at the end of a pre-formed SQL command.");
hints
.add("This is the code for the query being built and issued by WebGoat:<br><br> "
+ "\"SELECT * FROM employee WHERE userid = \" + userId + \" and password = \" + password");
hints
.add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. "
+ "Try appending a SQL statement that always resolves to true");
public final static String STAGE4 = "Parameterized Query #2";
// Stage 1
hints
.add("You may need to use WebScarab to remove a field length limit to fit your attack.");
hints.add("Try entering a password of [ smith' OR '1' = '1 ].");
public void registerActions(String className)
{
registerAction(new ListStaff(this, className, LISTSTAFF_ACTION));
registerAction(new SearchStaff(this, className, SEARCHSTAFF_ACTION));
registerAction(new ViewProfile(this, className, VIEWPROFILE_ACTION));
registerAction(new EditProfile(this, className, EDITPROFILE_ACTION));
registerAction(new EditProfile(this, className, CREATEPROFILE_ACTION));
// Stage 2
hints
.add("Many of WebGoat's database queries are already parameterized. Search the project for PreparedStatement.");
// Stage 3
hints
.add("Try entering an employee_id of [ 101 OR 1=1 ORDER BY 'salary' ].");
// Stage 4
return hints;
}
@Override
public String[] getStages() {
if (getWebgoatContext().isCodingExercises())
return new String[] {STAGE1, STAGE2, STAGE3, STAGE4};
return new String[] {STAGE1, STAGE3};
// These actions are special in that they chain to other actions.
registerAction(new Login(this, className, LOGIN_ACTION, getAction(LISTSTAFF_ACTION)));
registerAction(new Logout(this, className, LOGOUT_ACTION, getAction(LOGIN_ACTION)));
registerAction(new FindProfile(this, className, FINDPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
registerAction(new UpdateProfile(this, className, UPDATEPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
registerAction(new DeleteProfile(this, className, DELETEPROFILE_ACTION, getAction(LISTSTAFF_ACTION)));
}
/**
* Gets the instructions attribute of the ParameterInjection object
*
* @return The instructions value
*/
public String getInstructions(WebSession s)
{
String instructions = "";
if (!getLessonTracker(s).getCompleted())
/**
* Gets the category attribute of the CrossSiteScripting object
*
* @return The category value
*/
public Category getDefaultCategory()
{
String stage = getStage(s);
if (STAGE1.equals(stage))
{
instructions = "Stage 1: Use String SQL Injection to bypass authentication. "
+ "Use SQL injection to log in as the boss ('Neville') without using the correct password. "
+ "Verify that Neville's profile can be viewed and that all functions are available (including Search, Create, and Delete).";
}
else if (STAGE2.equals(stage))
return Category.INJECTION;
}
/**
* Gets the hints attribute of the DirectoryScreen object
*
* @return The hints value
*/
protected List<String> getHints(WebSession s)
{
List<String> hints = new ArrayList<String>();
hints.add("The application is taking your input and inserting it at the end of a pre-formed SQL command.");
hints.add("This is the code for the query being built and issued by WebGoat:<br><br> "
+ "\"SELECT * FROM employee WHERE userid = \" + userId + \" and password = \" + password");
hints.add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. "
+ "Try appending a SQL statement that always resolves to true");
// Stage 1
hints.add("You may need to use WebScarab to remove a field length limit to fit your attack.");
hints.add("Try entering a password of [ smith' OR '1' = '1 ].");
// Stage 2
hints
.add("Many of WebGoat's database queries are already parameterized. Search the project for PreparedStatement.");
// Stage 3
hints.add("Try entering an employee_id of [ 101 OR 1=1 ORDER BY 'salary' ].");
// Stage 4
return hints;
}
@Override
public String[] getStages()
{
if (getWebgoatContext().isCodingExercises()) return new String[] { STAGE1, STAGE2, STAGE3, STAGE4 };
return new String[] { STAGE1, STAGE3 };
}
/**
* Gets the instructions attribute of the ParameterInjection object
*
* @return The instructions value
*/
public String getInstructions(WebSession s)
{
String instructions = "";
if (!getLessonTracker(s).getCompleted())
{
instructions = "Stage 2: Block SQL Injection using a Parameterized Query.<br>"
+ "Implement a fix to block SQL injection into the fields in question on the Login page. "
+ "Repeat stage 1. Verify that the attack is no longer effective.";
String stage = getStage(s);
if (STAGE1.equals(stage))
{
instructions = "Stage 1: Use String SQL Injection to bypass authentication. "
+ "Use SQL injection to log in as the boss ('Neville') without using the correct password. "
+ "Verify that Neville's profile can be viewed and that all functions are available (including Search, Create, and Delete).";
}
else if (STAGE2.equals(stage))
{
instructions = "Stage 2: Block SQL Injection using a Parameterized Query.<br>"
+ "Implement a fix to block SQL injection into the fields in question on the Login page. "
+ "Repeat stage 1. Verify that the attack is no longer effective.";
}
else if (STAGE3.equals(stage))
{
instructions = "Stage 3: Execute SQL Injection to bypass authorization.<br>"
+ "As regular employee 'Larry', use SQL injection into a parameter of the View function "
+ "(from the List Staff page) to view the profile of the boss ('Neville').";
}
else if (STAGE4.equals(stage))
{
instructions = "Stage 4: Block SQL Injection using a Parameterized Query.<br>"
+ "Implement a fix to block SQL injection into the relevant parameter. "
+ "Repeat stage 3. Verify that access to Neville's profile is properly blocked.";
}
}
else if (STAGE3.equals(stage))
return instructions;
}
public void handleRequest(WebSession s)
{
if (s.getLessonSession(this) == null) s.openLessonSession(this);
String requestedActionName = null;
try
{
instructions = "Stage 3: Execute SQL Injection to bypass authorization.<br>"
+ "As regular employee 'Larry', use SQL injection into a parameter of the View function "
+ "(from the List Staff page) to view the profile of the boss ('Neville').";
requestedActionName = s.getParser().getStringParameter("action");
} catch (ParameterNotFoundException pnfe)
{
// Let them eat login page.
requestedActionName = LOGIN_ACTION;
}
else if (STAGE4.equals(stage))
if (requestedActionName != null)
{
instructions = "Stage 4: Block SQL Injection using a Parameterized Query.<br>"
+ "Implement a fix to block SQL injection into the relevant parameter. "
+ "Repeat stage 3. Verify that access to Neville's profile is properly blocked.";
}
}
return instructions;
}
public void handleRequest(WebSession s)
{
if (s.getLessonSession(this) == null)
s.openLessonSession(this);
String requestedActionName = null;
try
{
requestedActionName = s.getParser().getStringParameter("action");
}
catch (ParameterNotFoundException pnfe)
{
// Let them eat login page.
requestedActionName = LOGIN_ACTION;
}
if (requestedActionName != null)
{
try
{
LessonAction action = getAction(requestedActionName);
if (action != null)
{
//System.out.println("CrossSiteScripting.handleRequest() dispatching to: " + action.getActionName());
if (!action.requiresAuthentication()
|| action.isAuthenticated(s))
{
action.handleRequest(s);
//setCurrentAction(s, action.getNextPage(s));
}
try
{
LessonAction action = getAction(requestedActionName);
if (action != null)
{
// System.out.println("CrossSiteScripting.handleRequest() dispatching to: " +
// action.getActionName());
if (!action.requiresAuthentication() || action.isAuthenticated(s))
{
action.handleRequest(s);
// setCurrentAction(s, action.getNextPage(s));
}
}
else
setCurrentAction(s, ERROR_ACTION);
} catch (ParameterNotFoundException pnfe)
{
System.out.println("Missing parameter");
pnfe.printStackTrace();
setCurrentAction(s, ERROR_ACTION);
} catch (ValidationException ve)
{
System.out.println("Validation failed");
ve.printStackTrace();
setCurrentAction(s, ERROR_ACTION);
} catch (UnauthenticatedException ue)
{
s.setMessage("Login failed");
System.out.println("Authentication failure");
ue.printStackTrace();
} catch (UnauthorizedException ue2)
{
s.setMessage("You are not authorized to perform this function");
System.out.println("Authorization failure");
ue2.printStackTrace();
} catch (Exception e)
{
// All other errors send the user to the generic error page
System.out.println("handleRequest() error");
e.printStackTrace();
setCurrentAction(s, ERROR_ACTION);
}
}
else
setCurrentAction(s, ERROR_ACTION);
}
catch (ParameterNotFoundException pnfe)
{
System.out.println("Missing parameter");
pnfe.printStackTrace();
setCurrentAction(s, ERROR_ACTION);
}
catch (ValidationException ve)
{
System.out.println("Validation failed");
ve.printStackTrace();
setCurrentAction(s, ERROR_ACTION);
}
catch (UnauthenticatedException ue)
{
s.setMessage("Login failed");
System.out.println("Authentication failure");
ue.printStackTrace();
}
catch (UnauthorizedException ue2)
{
s.setMessage("You are not authorized to perform this function");
System.out.println("Authorization failure");
ue2.printStackTrace();
}
catch (Exception e)
{
// All other errors send the user to the generic error page
System.out.println("handleRequest() error");
e.printStackTrace();
setCurrentAction(s, ERROR_ACTION);
}
// All this does for this lesson is ensure that a non-null content exists.
setContent(new ElementContainer());
}
// All this does for this lesson is ensure that a non-null content exists.
setContent(new ElementContainer());
}
protected Integer getDefaultRanking()
{
return DEFAULT_RANKING;
}
protected Integer getDefaultRanking()
{
return DEFAULT_RANKING;
}
/**
* Gets the title attribute of the CrossSiteScripting object
*
* @return The title value
*/
public String getTitle()
{
return "LAB: SQL Injection";
}
/**
* Gets the title attribute of the CrossSiteScripting object
*
* @return The title value
*/
public String getTitle()
{
return "LAB: SQL Injection";
}
}

412
main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/ViewProfile.java
View File

@ -1,9 +1,9 @@
package org.owasp.webgoat.lessons.SQLInjection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
import org.owasp.webgoat.session.Employee;
@ -12,257 +12,217 @@ import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.WebSession;
/*******************************************************************************
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository
* for free software projects.
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
public class ViewProfile extends DefaultLessonAction
{
public ViewProfile(GoatHillsFinancial lesson, String lessonName,
String actionName)
{
super(lesson, lessonName, actionName);
}
public void handleRequest(WebSession s) throws ParameterNotFoundException,
UnauthenticatedException, UnauthorizedException
{
getLesson().setCurrentAction(s, getActionName());
Employee employee = null;
if (isAuthenticated(s))
public ViewProfile(GoatHillsFinancial lesson, String lessonName, String actionName)
{
String userId = getSessionAttribute(s, getLessonName() + "."
+ SQLInjection.USER_ID);
String employeeId = null;
try
{
// User selected employee
employeeId = s.getParser().getRawParameter(
SQLInjection.EMPLOYEE_ID);
}
catch (ParameterNotFoundException e)
{
// May be an internally selected employee
employeeId = getRequestAttribute(s, getLessonName() + "."
+ SQLInjection.EMPLOYEE_ID);
}
// FIXME: If this fails and returns null, ViewProfile.jsp will blow up as it expects an Employee.
// Most other JSP's can handle null session attributes.
employee = getEmployeeProfile(s, userId, employeeId);
// If employee==null redirect to the error page.
if (employee == null)
getLesson().setCurrentAction(s, SQLInjection.ERROR_ACTION);
else
setSessionAttribute(s, getLessonName() + "."
+ SQLInjection.EMPLOYEE_ATTRIBUTE_KEY, employee);
super(lesson, lessonName, actionName);
}
else
throw new UnauthenticatedException();
updateLessonStatus(s, employee);
}
public String getNextPage(WebSession s)
{
return SQLInjection.VIEWPROFILE_ACTION;
}
public Employee getEmployeeProfile(WebSession s, String userId,
String subjectUserId) throws UnauthorizedException
{
Employee profile = null;
// Query the database for the profile data of the given employee
try
public void handleRequest(WebSession s) throws ParameterNotFoundException, UnauthenticatedException,
UnauthorizedException
{
String query = "SELECT employee.* " +
"FROM employee,ownership WHERE employee.userid = ownership.employee_id and " +
"ownership.employer_id = " + userId + " and ownership.employee_id = " + subjectUserId;
getLesson().setCurrentAction(s, getActionName());
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
if (answer_results.next())
Employee employee = null;
if (isAuthenticated(s))
{
// Note: Do NOT get the password field.
profile = new Employee(answer_results.getInt("userid"),
answer_results.getString("first_name"),
answer_results.getString("last_name"),
answer_results.getString("ssn"), answer_results
.getString("title"), answer_results
.getString("phone"), answer_results
.getString("address1"), answer_results
.getString("address2"), answer_results
.getInt("manager"), answer_results
.getString("start_date"), answer_results
.getInt("salary"), answer_results
.getString("ccn"), answer_results
.getInt("ccn_limit"), answer_results
.getString("disciplined_date"),
answer_results.getString("disciplined_notes"),
answer_results.getString("personal_description"));
/* System.out.println("Retrieved employee from db: " +
profile.getFirstName() + " " + profile.getLastName() +
" (" + profile.getId() + ")");
*/}
}
catch (SQLException sqle)
{
s.setMessage("Error getting employee profile");
sqle.printStackTrace();
}
}
catch (Exception e)
{
s.setMessage("Error getting employee profile");
e.printStackTrace();
}
return profile;
}
public Employee getEmployeeProfile_BACKUP(WebSession s, String userId,
String subjectUserId) throws UnauthorizedException
{
// Query the database to determine if this employee has access to this function
// Query the database for the profile data of the given employee if "owned" by the given user
Employee profile = null;
// Query the database for the profile data of the given employee
try
{
String query = "SELECT * FROM employee WHERE userid = "
+ subjectUserId;
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
if (answer_results.next())
{
// Note: Do NOT get the password field.
profile = new Employee(answer_results.getInt("userid"),
answer_results.getString("first_name"),
answer_results.getString("last_name"),
answer_results.getString("ssn"), answer_results
.getString("title"), answer_results
.getString("phone"), answer_results
.getString("address1"), answer_results
.getString("address2"), answer_results
.getInt("manager"), answer_results
.getString("start_date"), answer_results
.getInt("salary"), answer_results
.getString("ccn"), answer_results
.getInt("ccn_limit"), answer_results
.getString("disciplined_date"),
answer_results.getString("disciplined_notes"),
answer_results.getString("personal_description"));
/* System.out.println("Retrieved employee from db: " +
profile.getFirstName() + " " + profile.getLastName() +
" (" + profile.getId() + ")");
*/}
}
catch (SQLException sqle)
{
s.setMessage("Error getting employee profile");
sqle.printStackTrace();
}
}
catch (Exception e)
{
s.setMessage("Error getting employee profile");
e.printStackTrace();
}
return profile;
}
private void updateLessonStatus(WebSession s, Employee employee)
{
try
{
String userId = getSessionAttribute(s, getLessonName() + "."
+ SQLInjection.USER_ID);
String employeeId = s.getParser().getRawParameter(
SQLInjection.EMPLOYEE_ID);
String stage = getStage(s);
if (SQLInjection.STAGE3.equals(stage))
{
// If the employee we are viewing is the prize and we are not authorized to have it,
// the stage is completed
if (employee != null
&& employee.getId() == SQLInjection.PRIZE_EMPLOYEE_ID
&& !isAuthorizedForEmployee(s, Integer
.parseInt(userId), employee.getId()))
{
setStageComplete(s, SQLInjection.STAGE3);
}
}
else if (SQLInjection.STAGE4.equals(stage))
{
// If we were denied the employee to view, and we would have been able to view it
// in the broken state, the stage is completed.
// This assumes the student hasn't modified getEmployeeProfile_BACKUP().
if (employee == null)
{
Employee targetEmployee = null;
String userId = getSessionAttribute(s, getLessonName() + "." + SQLInjection.USER_ID);
String employeeId = null;
try
{
targetEmployee = getEmployeeProfile_BACKUP(s,
userId, employeeId);
}
catch (UnauthorizedException e)
{}
if (targetEmployee != null
&& targetEmployee.getId() == SQLInjection.PRIZE_EMPLOYEE_ID)
// User selected employee
employeeId = s.getParser().getRawParameter(SQLInjection.EMPLOYEE_ID);
} catch (ParameterNotFoundException e)
{
setStageComplete(s, SQLInjection.STAGE4);
// May be an internally selected employee
employeeId = getRequestAttribute(s, getLessonName() + "." + SQLInjection.EMPLOYEE_ID);
}
}
}
// FIXME: If this fails and returns null, ViewProfile.jsp will blow up as it expects an
// Employee.
// Most other JSP's can handle null session attributes.
employee = getEmployeeProfile(s, userId, employeeId);
// If employee==null redirect to the error page.
if (employee == null)
getLesson().setCurrentAction(s, SQLInjection.ERROR_ACTION);
else
setSessionAttribute(s, getLessonName() + "." + SQLInjection.EMPLOYEE_ATTRIBUTE_KEY, employee);
}
else
throw new UnauthenticatedException();
updateLessonStatus(s, employee);
}
public String getNextPage(WebSession s)
{
return SQLInjection.VIEWPROFILE_ACTION;
}
public Employee getEmployeeProfile(WebSession s, String userId, String subjectUserId) throws UnauthorizedException
{
Employee profile = null;
// Query the database for the profile data of the given employee
try
{
String query = "SELECT employee.* "
+ "FROM employee,ownership WHERE employee.userid = ownership.employee_id and "
+ "ownership.employer_id = " + userId + " and ownership.employee_id = " + subjectUserId;
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
if (answer_results.next())
{
// Note: Do NOT get the password field.
profile = new Employee(answer_results.getInt("userid"), answer_results.getString("first_name"),
answer_results.getString("last_name"), answer_results.getString("ssn"), answer_results
.getString("title"), answer_results.getString("phone"), answer_results
.getString("address1"), answer_results.getString("address2"), answer_results
.getInt("manager"), answer_results.getString("start_date"), answer_results
.getInt("salary"), answer_results.getString("ccn"), answer_results
.getInt("ccn_limit"), answer_results.getString("disciplined_date"), answer_results
.getString("disciplined_notes"), answer_results.getString("personal_description"));
/*
* System.out.println("Retrieved employee from db: " + profile.getFirstName() + " " +
* profile.getLastName() + " (" + profile.getId() + ")");
*/}
} catch (SQLException sqle)
{
s.setMessage("Error getting employee profile");
sqle.printStackTrace();
}
} catch (Exception e)
{
s.setMessage("Error getting employee profile");
e.printStackTrace();
}
return profile;
}
public Employee getEmployeeProfile_BACKUP(WebSession s, String userId, String subjectUserId)
throws UnauthorizedException
{
// Query the database to determine if this employee has access to this function
// Query the database for the profile data of the given employee if "owned" by the given
// user
Employee profile = null;
// Query the database for the profile data of the given employee
try
{
String query = "SELECT * FROM employee WHERE userid = " + subjectUserId;
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
if (answer_results.next())
{
// Note: Do NOT get the password field.
profile = new Employee(answer_results.getInt("userid"), answer_results.getString("first_name"),
answer_results.getString("last_name"), answer_results.getString("ssn"), answer_results
.getString("title"), answer_results.getString("phone"), answer_results
.getString("address1"), answer_results.getString("address2"), answer_results
.getInt("manager"), answer_results.getString("start_date"), answer_results
.getInt("salary"), answer_results.getString("ccn"), answer_results
.getInt("ccn_limit"), answer_results.getString("disciplined_date"), answer_results
.getString("disciplined_notes"), answer_results.getString("personal_description"));
/*
* System.out.println("Retrieved employee from db: " + profile.getFirstName() + " " +
* profile.getLastName() + " (" + profile.getId() + ")");
*/}
} catch (SQLException sqle)
{
s.setMessage("Error getting employee profile");
sqle.printStackTrace();
}
} catch (Exception e)
{
s.setMessage("Error getting employee profile");
e.printStackTrace();
}
return profile;
}
private void updateLessonStatus(WebSession s, Employee employee)
{
try
{
String userId = getSessionAttribute(s, getLessonName() + "." + SQLInjection.USER_ID);
String employeeId = s.getParser().getRawParameter(SQLInjection.EMPLOYEE_ID);
String stage = getStage(s);
if (SQLInjection.STAGE3.equals(stage))
{
// If the employee we are viewing is the prize and we are not authorized to have it,
// the stage is completed
if (employee != null && employee.getId() == SQLInjection.PRIZE_EMPLOYEE_ID
&& !isAuthorizedForEmployee(s, Integer.parseInt(userId), employee.getId()))
{
setStageComplete(s, SQLInjection.STAGE3);
}
}
else if (SQLInjection.STAGE4.equals(stage))
{
// If we were denied the employee to view, and we would have been able to view it
// in the broken state, the stage is completed.
// This assumes the student hasn't modified getEmployeeProfile_BACKUP().
if (employee == null)
{
Employee targetEmployee = null;
try
{
targetEmployee = getEmployeeProfile_BACKUP(s, userId, employeeId);
} catch (UnauthorizedException e)
{
}
if (targetEmployee != null && targetEmployee.getId() == SQLInjection.PRIZE_EMPLOYEE_ID)
{
setStageComplete(s, SQLInjection.STAGE4);
}
}
}
} catch (ParameterNotFoundException pnfe)
{
}
}
catch (ParameterNotFoundException pnfe)
{}
}
}