diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java index c63e5a2be..5dfec7157 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java @@ -63,14 +63,14 @@ public class DatabaseUtilities public static Connection makeConnection(WebSession s) throws ClassNotFoundException, SQLException { - Class.forName(s.getDatabaseDriver()); + Class.forName(s.getWebgoatContext().getDatabaseDriver()); - String password = s.getDatabasePassword(); + String password = s.getWebgoatContext().getDatabasePassword(); + String conn = s.getWebgoatContext().getDatabaseConnectionString(); if (password == null || password.equals("")) { - return (DriverManager.getConnection(s.getDatabaseConnectionString())); + return (DriverManager.getConnection(conn)); } else { - String conn = s.getDatabaseConnectionString(); - String user = s.getDatabaseUser(); + String user = s.getWebgoatContext().getDatabaseUser(); return DriverManager.getConnection(conn, user, password); } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java index 4bbf5034e..6886aa117 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java @@ -86,26 +86,6 @@ public class WebSession */ public final static String COLOR = "color"; - /** - * Description of the Field - */ - public final static String DATABASE_CONNECTION_STRING = "DatabaseConnectionString"; - - /** - * Description of the Field - */ - public final static String DATABASE_DRIVER = "DatabaseDriver"; - - /** - * Description of the Field - */ - public final static String DATABASE_USER = "DatabaseUser"; - - /** - * Description of the Field - */ - public final static String DATABASE_PASSWORD = "DatabasePassword"; - /** * Description of the Field */ @@ -203,6 +183,8 @@ public class WebSession */ public final static int WELCOME = -1; + private WebgoatContext webgoatContext; + private ServletContext context = null; private Course course; @@ -213,14 +195,6 @@ public class WebSession private static boolean databaseBuilt = false; - private String databaseConnectionString; - - private String databaseDriver; - - private String databaseUser; - - private String databasePassword; - private static Connection connection = null; private int hintNum = -1; @@ -275,6 +249,7 @@ public class WebSession */ public WebSession( HttpServlet servlet, ServletContext context ) { + webgoatContext = new WebgoatContext(servlet); // initialize from web.xml showParams = "true".equals( servlet.getInitParameter( SHOWPARAMS ) ); showCookies = "true".equals( servlet.getInitParameter( SHOWCOOKIES ) ); @@ -285,10 +260,6 @@ public class WebSession .getInitParameter( FEEDBACK_ADDRESS ) : feedbackAddress; showRequest = "true".equals( servlet.getInitParameter( SHOWREQUEST ) ); isDebug = "true".equals( servlet.getInitParameter( DEBUG ) ); - databaseConnectionString = servlet.getInitParameter( DATABASE_CONNECTION_STRING ); - databaseDriver = servlet.getInitParameter( DATABASE_DRIVER ); - databaseUser = servlet.getInitParameter(DATABASE_USER); - databasePassword = servlet.getInitParameter(DATABASE_PASSWORD); servletName = servlet.getServletName(); this.context = context; course = new Course(); @@ -448,60 +419,6 @@ public class WebSession currentScreen = screen; } - /** - * returns the connection string with the real path to the database directory inserted at the - * word PATH - * - * @return The databaseConnectionString value - */ - public String getDatabaseConnectionString() - { - try - { - String path = context.getRealPath( "/database" ).replace( '\\', '/' ); - System.out.println( "PATH: " + path ); - String realConnectionString = databaseConnectionString.replaceAll( "PATH", path ); - System.out.println( "Database Connection String: " + realConnectionString ); - - return realConnectionString; - } - catch ( Exception e ) - { - System.out.println( "Couldn't open database: check web.xml database parameters" ); - e.printStackTrace(); - } - - return null; - } - - /** - * Gets the databaseDriver attribute of the WebSession object - * - * @return The databaseDriver value - */ - public String getDatabaseDriver() - { - return ( databaseDriver ); - } - - /** - * Gets the databaseUser attribute of the WebSession object - * - * @return The databaseUser value - */ - public String getDatabaseUser() { - return (databaseUser); - } - - /** - * Gets the databasePassword attribute of the WebSession object - * - * @return The databasePassword value - */ - public String getDatabasePassword() { - return (databasePassword); - } - public String getRestartLink() { List parameters = new ArrayList(); @@ -1248,4 +1165,8 @@ public class WebSession return ParameterParser.htmlEncode(s); } + + public WebgoatContext getWebgoatContext() { + return webgoatContext; + } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java new file mode 100755 index 000000000..cde9fd9ed --- /dev/null +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java @@ -0,0 +1,87 @@ +package org.owasp.webgoat.session; + +import javax.servlet.http.HttpServlet; + +public class WebgoatContext { + + public final static String DATABASE_CONNECTION_STRING = "DatabaseConnectionString"; + + public final static String DATABASE_DRIVER = "DatabaseDriver"; + + public final static String DATABASE_USER = "DatabaseUser"; + + public final static String DATABASE_PASSWORD = "DatabasePassword"; + + private String databaseConnectionString; + + private String realConnectionString = null; + + private String databaseDriver; + + private String databaseUser; + + private String databasePassword; + + private HttpServlet servlet; + + public WebgoatContext(HttpServlet servlet) { + this.servlet = servlet; + databaseConnectionString = servlet + .getInitParameter(DATABASE_CONNECTION_STRING); + databaseDriver = servlet.getInitParameter(DATABASE_DRIVER); + databaseUser = servlet.getInitParameter(DATABASE_USER); + databasePassword = servlet.getInitParameter(DATABASE_PASSWORD); + } + + /** + * returns the connection string with the real path to the database + * directory inserted at the word PATH + * + * @return The databaseConnectionString value + */ + public String getDatabaseConnectionString() { + if (realConnectionString == null) + try { + String path = servlet.getServletContext().getRealPath( + "/database").replace('\\', '/'); + System.out.println("PATH: " + path); + realConnectionString = databaseConnectionString.replaceAll( + "PATH", path); + System.out.println("Database Connection String: " + + realConnectionString); + } catch (Exception e) { + System.out + .println("Couldn't open database: check web.xml database parameters"); + e.printStackTrace(); + } + return realConnectionString; + } + + /** + * Gets the databaseDriver attribute of the WebSession object + * + * @return The databaseDriver value + */ + public String getDatabaseDriver() { + return (databaseDriver); + } + + /** + * Gets the databaseUser attribute of the WebSession object + * + * @return The databaseUser value + */ + public String getDatabaseUser() { + return (databaseUser); + } + + /** + * Gets the databasePassword attribute of the WebSession object + * + * @return The databasePassword value + */ + public String getDatabasePassword() { + return (databasePassword); + } + +}