dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #11 from nbaars/master

Browse Source 
Merge pull request #48 from michaeldever/master
This commit is contained in:
mayhew64 2015-07-25 17:13:41 -04:00
commit c31f60f5d9
7 changed files with 301 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pom.xml
View File

@ -140,6 +140,11 @@
<artifactId>activation</artifactId> <artifactId>activation</artifactId>
<version>1.1</version> <version>1.1</version>
</dependency> </dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>1.4.187</version>
</dependency>
<dependency> <dependency>
<groupId>axis</groupId> <groupId>axis</groupId>
<artifactId>axis</artifactId> <artifactId>axis</artifactId>

13
src/main/java/org/owasp/webgoat/session/Role.java Normal file
View File

@ -0,0 +1,13 @@
package org.owasp.webgoat.session;
public class Role {
private String rolename;
public Role(String rolename) {
this.rolename = rolename;
}
public String getRolename() {
return this.rolename;
}
}

26
src/main/java/org/owasp/webgoat/session/User.java Normal file
View File

@ -0,0 +1,26 @@
package org.owasp.webgoat.session;
import java.util.ArrayList;
import java.util.Iterator;
public class User {
private String username;
private ArrayList<Role> roles;
public User(String username) {
this.username = username;
this.roles = new ArrayList<Role>();
}
public String getUsername() {
return username;
}
public Iterator<Role> getRoles() {
return roles.iterator();
}
public void addRole(String rolename) {
roles.add(new Role(rolename));
}
}

214
src/main/java/org/owasp/webgoat/session/UserDatabase.java Normal file
View File

@ -0,0 +1,214 @@
package org.owasp.webgoat.session;
import java.sql.*;
import java.util.ArrayList;
import java.util.Iterator;
import java.io.File;
class UserDatabase {
private Connection userDB;
private final String USER_DB_URI = "jdbc:h2:" + System.getProperty("user.dir") + File.separator + "UserDatabase";
private final String CREATE_USERS_TABLE = "CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY AUTO_INCREMENT, username VARCHAR(255) NOT NULL UNIQUE);";
private final String CREATE_ROLES_TABLE = "CREATE TABLE IF NOT EXISTS roles (id INTEGER PRIMARY KEY AUTO_INCREMENT, rolename VARCHAR(255) NOT NULL UNIQUE);";
private final String CREATE_USER_ROLES_TABLE = "CREATE TABLE IF NOT EXISTS user_roles (id INTEGER PRIMARY KEY AUTO_INCREMENT, user_id INTEGER NOT NULL, role_id INTEGER NOT NULL, FOREIGN KEY (user_id) REFERENCES users(id), FOREIGN KEY (role_id) REFERENCES roles(id));";
private final String ADD_DEFAULT_USERS = "INSERT INTO users (username) VALUES ('webgoat'),('basic'),('guest');";
private final String ADD_DEFAULT_ROLES = "INSERT INTO roles (rolename) VALUES ('webgoat_basic'),('webgoat_admin'),('webgoat_user');";
private final String ADD_ROLE_TO_USER = "INSERT INTO user_roles (user_id, role_id) SELECT users.id, roles.id FROM users, roles WHERE users.username = ? AND roles.rolename = ?;";
private final String QUERY_ALL_USERS = "SELECT username FROM users;";
private final String QUERY_ALL_ROLES_FOR_USERNAME = "SELECT rolename FROM roles, user_roles, users WHERE roles.id = user_roles.role_id AND user_roles.user_id = users.id AND users.username = ?;";
private final String QUERY_TABLE_COUNT = "SELECT count(id) AS count FROM table;";
private final String DELETE_ALL_ROLES_FOR_USER = "DELETE FROM user_roles WHERE user_id IN (SELECT id FROM users WHERE username = ?);";
private final String DELETE_USER = "DELETE FROM users WHERE username = ?;";
public UserDatabase() {
createDefaultTables();
if (getTableCount("users") <= 0) {
createDefaultUsers();
}
if (getTableCount("roles") <= 0) {
createDefaultRoles();
}
if (getTableCount("user_roles") <= 0) {
addDefaultRolesToDefaultUsers();
}
}
public boolean open() {
try {
if (userDB == null || userDB.isClosed()) {
Class.forName("org.h2.Driver");
userDB = DriverManager.getConnection(USER_DB_URI, "webgoat_admin", "");
}
} catch (SQLException e) {
e.printStackTrace();
return false;
} catch (ClassNotFoundException e) {
e.printStackTrace();
return false;
}
return true;
}
public boolean close() {
try {
if (userDB != null && !userDB.isClosed())
userDB.close();
} catch (SQLException e) {
e.printStackTrace();
return false;
}
return true;
}
public int getTableCount(String tableName) {
int count = 0;
try {
open();
Statement statement = userDB.createStatement();
ResultSet countResult = statement.executeQuery(QUERY_TABLE_COUNT.replace("table", tableName));
if (countResult.next()) {
count = countResult.getInt("count");
}
countResult.close();
statement.close();
close();
} catch (SQLException e) {
e.printStackTrace();
count = -1;
}
return count;
}
public Iterator<User> getUsers() {
ArrayList<User> users = new ArrayList<User>();
User currentUser;
ResultSet userResults, roleResults;
try {
open();
Statement statement = userDB.createStatement();
PreparedStatement rolesForUsers = userDB.prepareStatement(QUERY_ALL_ROLES_FOR_USERNAME);
userResults = statement.executeQuery(QUERY_ALL_USERS);
while (userResults.next()) {
currentUser = new User(userResults.getString("username"));
rolesForUsers.setString(1, currentUser.getUsername());
roleResults = rolesForUsers.executeQuery();
while (roleResults.next()) {
currentUser.addRole(roleResults.getString("rolename"));
}
roleResults.close();
}
rolesForUsers.close();
userResults.close();
close();
} catch (SQLException e) {
e.printStackTrace();
users = new ArrayList<User>();
}
return users.iterator();
}
public boolean addRoleToUser(String username, String rolename) {
try {
open();
PreparedStatement statement = userDB.prepareStatement(ADD_ROLE_TO_USER);
statement.setString(1, username);
statement.setString(2, rolename);
statement.execute();
statement.close();
close();
} catch (SQLException e) {
e.printStackTrace();
return false;
}
return true;
}
public boolean removeUser(User user) {
return removeUser(user.getUsername());
}
public boolean removeUser(String username) {
try {
open();
PreparedStatement deleteUserRoles = userDB.prepareStatement(DELETE_ALL_ROLES_FOR_USER);
PreparedStatement deleteUser = userDB.prepareStatement(DELETE_USER);
deleteUserRoles.setString(1, username);
deleteUser.setString(1, username);
deleteUserRoles.execute();
deleteUser.execute();
deleteUserRoles.close();
deleteUser.close();
close();
} catch (SQLException e) {
e.printStackTrace();
return false;
}
return true;
}
/*
* Methods to initialise the default state of the database.
*/
private boolean createDefaultTables() {
try {
open();
Statement statement = userDB.createStatement();
statement.execute(CREATE_USERS_TABLE);
statement.execute(CREATE_ROLES_TABLE);
statement.execute(CREATE_USER_ROLES_TABLE);
statement.close();
close();
} catch (SQLException e) {
e.printStackTrace();
return false;
}
return true;
}
private boolean createDefaultUsers() {
try {
open();
Statement statement = userDB.createStatement();
statement.execute(ADD_DEFAULT_USERS);
statement.close();
close();
} catch (SQLException e) {
e.printStackTrace();
return false;
}
return true;
}
private boolean createDefaultRoles() {
try {
open();
Statement statement = userDB.createStatement();
statement.execute(ADD_DEFAULT_ROLES);
statement.close();
close();
} catch (SQLException e) {
e.printStackTrace();
return false;
}
return true;
}
private void addDefaultRolesToDefaultUsers() {
addRoleToUser("webgoat", "webgoat_admin");
addRoleToUser("basic", "webgoat_user");
addRoleToUser("basic", "webgoat_basic");
addRoleToUser("guest", "webgoat_user");
}
}

5
src/main/java/org/owasp/webgoat/session/UserTracker.java
View File

@ -6,9 +6,6 @@ import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
import java.util.Iterator; import java.util.Iterator;
import java.util.Map; import java.util.Map;
import org.apache.catalina.Role;
import org.apache.catalina.User;
import org.apache.catalina.users.MemoryUserDatabase;
/*************************************************************************************************** /***************************************************************************************************
@ -51,7 +48,7 @@ public class UserTracker
private static HashMap<String, HashMap<String, LessonTracker>> storage = new HashMap<String, HashMap<String, LessonTracker>>(); private static HashMap<String, HashMap<String, LessonTracker>> storage = new HashMap<String, HashMap<String, LessonTracker>>();
private static MemoryUserDatabase usersDB = new MemoryUserDatabase(); private static UserDatabase usersDB = new UserDatabase();
/** /**
* Constructor for the UserTracker object * Constructor for the UserTracker object

84
src/main/webapp/js/goatApp/view/GoatRouter.js
View File

@ -1,50 +1,50 @@
define(['jquery', define(['jquery',
'underscore', 'underscore',
'backbone', 'backbone',
'goatApp/controller/LessonController', 'goatApp/controller/LessonController',
'goatApp/controller/MenuController', 'goatApp/controller/MenuController',
'goatApp/view/LessonContentView', 'goatApp/view/LessonContentView',
'goatApp/view/MenuView', 'goatApp/view/MenuView',
'goatApp/view/TitleView' 'goatApp/view/TitleView'
], function ($,_,Backbone,LessonController,MenuController,LessonContentView,MenuView,TitleView) { ], function ($,_,Backbone,LessonController,MenuController,LessonContentView,MenuView,TitleView) {
var lessonView = new LessonContentView(); var lessonView = new LessonContentView();
var menuView = new MenuView(); var menuView = new MenuView();
var titleView = new TitleView(); var titleView = new TitleView();
var GoatAppRouter = Backbone.Router.extend({ var GoatAppRouter = Backbone.Router.extend({
routes: { routes: {
//#.... //#....
'welcome':'welcomeRoute', 'welcome':'welcomeRoute',
'attack/:scr/:menu':'attackRoute' // 'attack/:scr/:menu':'attackRoute' //
}, },
lessonController: new LessonController({ lessonController: new LessonController({
lessonView:lessonView lessonView:lessonView
}), }),
menuController: new MenuController({ menuController: new MenuController({
menuView:menuView, menuView:menuView,
titleView:titleView titleView:titleView
}), }),
init:function() { init:function() {
goatRouter = new GoatAppRouter(); goatRouter = new GoatAppRouter();
this.lessonController.start(); this.lessonController.start();
this.menuController.initMenu(); this.menuController.initMenu();
goatRouter.on('route:attackRoute', function(scr,menu) { goatRouter.on('route:attackRoute', function(scr,menu) {
console.log('attack route'); console.log('attack route');
this.lessonController.loadLesson(scr,menu); this.lessonController.loadLesson(scr,menu);
this.menuController.updateMenu(scr,menu); this.menuController.updateMenu(scr,menu);
//update menu //update menu
}); });
goatRouter.on('route:welcomeRoute', function() { goatRouter.on('route:welcomeRoute', function() {
alert('welcome route'); alert('welcome route');
}); });
Backbone.history.start();
}
});
return GoatAppRouter; Backbone.history.start();
}
});
return GoatAppRouter;
}); });

44
src/main/webapp/js/goatApp/view/goatRouter.js
View File

@ -1,44 +0,0 @@
define(['jquery',
'underscore',
'backbone',
'goatApp/controller/LessonController',
'goatApp/controller/MenuController',
'goatApp/view/LessonContentView',
'goatApp/view/MenuView'
], function ($,_,Backbone,LessonController,MenuController,LessonContentView,MenuView) {
var lessonView = new LessonContentView();
var menuView = new MenuView();
var GoatAppRouter = Backbone.Router.extend({
routes: {
//#....
'welcome':'welcomeRoute',
'attack/:scr/:menu':'attackRoute' //
},
lessoonController: lessoonController({
lessonView:lessonView
}),
menuView: new MenuController({
menuView:menuView
})
});
var init = function() {
goatRouter = new GoatAppRouter();
goatRouter.on('route:attackRoute', function(scr,menu) {
this.lessonController.loadLesson(scr,menu);
//update menu
});
goatRouter.on('route:welcomeRoute', function() {
alert('welcome route');
});
// init the history/router
Backbone.history.start();
}
return {
init:init
};
});