Miscellaneous bug fixes
divide by zero, inaccurate discount and totals, reflection of user input git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@273 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes
@ -0,0 +1,359 @@
|
||||
/*
|
||||
* Created on May 26, 2005
|
||||
*
|
||||
* TODO To change the template for this generated file go to
|
||||
* Window - Preferences - Java - Code Style - Code Templates
|
||||
*/
|
||||
package org.owasp.webgoat.lessons;
|
||||
|
||||
import java.rmi.RemoteException;
|
||||
import java.sql.Connection;
|
||||
import java.sql.PreparedStatement;
|
||||
import java.sql.ResultSet;
|
||||
import java.sql.SQLException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import javax.xml.namespace.QName;
|
||||
import javax.xml.rpc.ParameterMode;
|
||||
import javax.xml.rpc.ServiceException;
|
||||
|
||||
import org.apache.axis.client.Call;
|
||||
import org.apache.axis.client.Service;
|
||||
import org.apache.axis.encoding.XMLType;
|
||||
import org.apache.ecs.Element;
|
||||
import org.apache.ecs.ElementContainer;
|
||||
import org.apache.ecs.html.A;
|
||||
import org.apache.ecs.html.BR;
|
||||
import org.apache.ecs.html.IMG;
|
||||
import org.apache.ecs.html.Input;
|
||||
import org.apache.ecs.html.Option;
|
||||
import org.apache.ecs.html.P;
|
||||
import org.apache.ecs.html.Select;
|
||||
import org.apache.ecs.html.TD;
|
||||
import org.apache.ecs.html.TR;
|
||||
import org.apache.ecs.html.Table;
|
||||
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.owasp.webgoat.session.ECSFactory;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.owasp.webgoat.session.WebgoatContext;
|
||||
|
||||
/*******************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project
|
||||
* utility. For details, please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 2007 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under
|
||||
* the terms of the GNU General Public License as published by the Free Software
|
||||
* Foundation; either version 2 of the License, or (at your option) any later
|
||||
* version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
* details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with
|
||||
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
|
||||
* Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at code.google.com, a repository
|
||||
* for free software projects.
|
||||
*
|
||||
* For details, please see http://code.google.com/p/webgoat/
|
||||
*
|
||||
* @author asmolen
|
||||
*
|
||||
* TODO To change the template for this generated type comment go to
|
||||
* Window - Preferences - Java - Code Style - Code Templates
|
||||
*/
|
||||
public class WSDLScanning extends LessonAdapter
|
||||
{
|
||||
|
||||
static boolean completed = false;
|
||||
|
||||
static boolean beenRestartedYet = false;
|
||||
|
||||
public final static String firstName = "getFirstName";
|
||||
|
||||
public final static String lastName = "getLastName";
|
||||
|
||||
public final static String loginCount = "getLoginCount";
|
||||
|
||||
public final static String ccNumber = "getCreditCard";
|
||||
|
||||
final static IMG CREDITS_LOGO = new IMG("images/logos/parasoft.jpg")
|
||||
.setAlt("Parasoft").setBorder(0).setHspace(0).setVspace(0);
|
||||
|
||||
private static WebgoatContext webgoatContext;
|
||||
|
||||
/**
|
||||
* We maintain a static reference to WebgoatContext, since this class
|
||||
* is also automatically instantiated by the Axis web services module,
|
||||
* which does not call setWebgoatContext()
|
||||
* (non-Javadoc)
|
||||
* @see org.owasp.webgoat.lessons.AbstractLesson#setWebgoatContext(org.owasp.webgoat.session.WebgoatContext)
|
||||
*/
|
||||
@Override
|
||||
public void setWebgoatContext(WebgoatContext webgoatContext) {
|
||||
WSDLScanning.webgoatContext = webgoatContext;
|
||||
}
|
||||
|
||||
@Override
|
||||
public WebgoatContext getWebgoatContext() {
|
||||
return WSDLScanning.webgoatContext;
|
||||
}
|
||||
|
||||
protected Category getDefaultCategory()
|
||||
{
|
||||
return Category.WEB_SERVICES;
|
||||
}
|
||||
|
||||
|
||||
protected List<String> getHints(WebSession s)
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
hints
|
||||
.add("Try connecting to the WSDL with a browser or Web Service tool.");
|
||||
hints
|
||||
.add("Sometimes the WSDL will define methods that are not available through a web API. "
|
||||
+ "Try to find operations that are in the WSDL, but not part of this API");
|
||||
hints
|
||||
.add("The URL for the web service is: http://localost/WebGoat/services/WSDLScanning <br>"
|
||||
+ "The WSDL can usually be viewed by adding a ?WSDL on the end of the request.");
|
||||
hints
|
||||
.add("Look in the WSDL for the getCreditCard operation and insert the field in an intercepted request.");
|
||||
return hints;
|
||||
}
|
||||
|
||||
private final static Integer DEFAULT_RANKING = new Integer(120);
|
||||
|
||||
|
||||
protected Integer getDefaultRanking()
|
||||
{
|
||||
return DEFAULT_RANKING;
|
||||
}
|
||||
|
||||
|
||||
public String getTitle()
|
||||
{
|
||||
return "WSDL Scanning";
|
||||
}
|
||||
|
||||
|
||||
public Object accessWGService(String serv, int port, String proc,
|
||||
String parameterName, Object parameterValue)
|
||||
{
|
||||
String targetNamespace = "WebGoat";
|
||||
try
|
||||
{
|
||||
QName serviceName = new QName(targetNamespace, serv);
|
||||
QName operationName = new QName(targetNamespace, proc);
|
||||
Service service = new Service();
|
||||
Call call = (Call) service.createCall();
|
||||
call.setOperationName(operationName);
|
||||
call.addParameter(parameterName, serviceName, ParameterMode.INOUT);
|
||||
call.setReturnType(XMLType.XSD_STRING);
|
||||
call.setUsername("guest");
|
||||
call.setPassword("guest");
|
||||
call.setTargetEndpointAddress("http://localhost:" + port + "/WebGoat/services/"
|
||||
+ serv);
|
||||
Object result = call.invoke(new Object[] { parameterValue });
|
||||
return result;
|
||||
}
|
||||
catch (RemoteException e)
|
||||
{
|
||||
e.printStackTrace();
|
||||
}
|
||||
catch (ServiceException e)
|
||||
{
|
||||
e.printStackTrace();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
e.printStackTrace();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
protected Element createContent(WebSession s)
|
||||
{
|
||||
ElementContainer ec = new ElementContainer();
|
||||
|
||||
Table t1 = new Table().setCellSpacing(0).setCellPadding(2);
|
||||
|
||||
if (s.isColor())
|
||||
{
|
||||
t1.setBorder(1);
|
||||
}
|
||||
TR tr = new TR();
|
||||
tr.addElement(new TD("Enter your account number: "));
|
||||
tr.addElement(new TD(new Input(Input.TEXT, "id", "101")));
|
||||
t1.addElement(tr);
|
||||
|
||||
tr = new TR();
|
||||
tr.addElement(new TD("Select the fields to return: "));
|
||||
tr.addElement(new TD(new Select("field").setMultiple(true).addElement(
|
||||
new Option(firstName).addElement("First Name")).addElement(
|
||||
new Option(lastName).addElement("Last Name")).addElement(
|
||||
new Option(loginCount).addElement("Login Count"))));
|
||||
t1.addElement(tr);
|
||||
|
||||
tr = new TR();
|
||||
Element b = ECSFactory.makeButton("Submit");
|
||||
tr.addElement(new TD(b).setAlign("CENTER").setColSpan(2));
|
||||
t1.addElement(tr);
|
||||
|
||||
ec.addElement(t1);
|
||||
|
||||
try
|
||||
{
|
||||
String[] fields = s.getParser().getParameterValues("field");
|
||||
int id = s.getParser().getIntParameter("id");
|
||||
|
||||
Table t = new Table().setCellSpacing(0).setCellPadding(2)
|
||||
.setBorder(1);
|
||||
|
||||
if (s.isColor())
|
||||
{
|
||||
t.setBorder(1);
|
||||
}
|
||||
TR header = new TR();
|
||||
TR results = new TR();
|
||||
int port = s.getRequest().getServerPort();
|
||||
for (int i = 0; i < fields.length; i++)
|
||||
{
|
||||
header.addElement(new TD().addElement(fields[i]));
|
||||
results.addElement(new TD()
|
||||
.addElement((String) accessWGService("WSDLScanning", port,
|
||||
fields[i], "acct_num", new Integer(id))));
|
||||
}
|
||||
if (fields.length == 0)
|
||||
{
|
||||
s.setMessage("Please select a value to return.");
|
||||
}
|
||||
t.addElement(header);
|
||||
t.addElement(results);
|
||||
ec.addElement(new P().addElement(t));
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
|
||||
}
|
||||
try
|
||||
{
|
||||
A a = new A("services/WSDLScanning?WSDL", "WebGoat WSDL File");
|
||||
ec
|
||||
.addElement(new P()
|
||||
.addElement("View the web services definition language (WSDL) to see the complete API:"));
|
||||
ec.addElement(new BR());
|
||||
ec.addElement(a);
|
||||
//getLessonTracker( s ).setCompleted( completed );
|
||||
|
||||
if (completed && !getLessonTracker(s).getCompleted()
|
||||
&& !beenRestartedYet)
|
||||
{
|
||||
makeSuccess(s);
|
||||
beenRestartedYet = true;
|
||||
}
|
||||
else if (completed && !getLessonTracker(s).getCompleted()
|
||||
&& beenRestartedYet)
|
||||
{
|
||||
completed = false;
|
||||
beenRestartedYet = false;
|
||||
}
|
||||
|
||||
// accessWGService("WSDLScanning", "getCreditCard", "acct_num", new Integer(101));
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
s.setMessage("Error generating " + this.getClass().getName());
|
||||
e.printStackTrace();
|
||||
}
|
||||
return (ec);
|
||||
}
|
||||
|
||||
|
||||
public String getResults(int id, String field)
|
||||
{
|
||||
try
|
||||
{
|
||||
Connection connection = DatabaseUtilities.getConnection("guest", getWebgoatContext());
|
||||
PreparedStatement ps = connection
|
||||
.prepareStatement("SELECT * FROM user_data WHERE userid = ?");
|
||||
ps.setInt(1, id);
|
||||
try
|
||||
{
|
||||
ResultSet results = ps.executeQuery();
|
||||
if ((results != null) && (results.next() == true))
|
||||
{
|
||||
return results.getString(field);
|
||||
}
|
||||
}
|
||||
catch (SQLException sqle)
|
||||
{}
|
||||
}
|
||||
catch (Exception e)
|
||||
{}
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
public String getCreditCard(int id)
|
||||
{
|
||||
String result = getResults(id, "cc_number");
|
||||
if (result != null)
|
||||
{
|
||||
completed = true;
|
||||
return result;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
public String getFirstName(int id)
|
||||
{
|
||||
String result = getResults(id, "first_name");
|
||||
if (result != null)
|
||||
{
|
||||
return result;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
public String getLastName(int id)
|
||||
{
|
||||
String result = getResults(id, "last_name");
|
||||
if (result != null)
|
||||
{
|
||||
return result;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
public String getLoginCount(int id)
|
||||
{
|
||||
String result = getResults(id, "login_count");
|
||||
if (result != null)
|
||||
{
|
||||
return result;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
public Element getCredits()
|
||||
{
|
||||
return super.getCustomCredits("By Alex Smolen", CREDITS_LOGO);
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user