dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow WebGoat to create per-user databases

Browse Source 
This creates the infrastructure to allow WebGoat to create per-user
databases, so that any modifications made by one user do not affect
other users. Some lessons may have made provision for this internally
(e.g. CrossSiteScripting lesson), but this simplifies things generally.

This also switches the default database from Access on windows, and
Enhydra on Unix/other platforms to using HSQLDB, in an "in-memory"
configuration. We may get performance problems from having too many
instances of the database in memory at once at sites that have 10's
of users banging on a central WebGoat. Only time will tell.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@190 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes
2007-07-18 13:34:14 +00:00
parent 9d19fa2433
commit d04371884b
25 changed files with 95 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java
View File

@ -251,7 +251,7 @@ public class BackDoors extends SequentialLessonAdapter
{
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
return connection;

4
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java
View File

@ -72,7 +72,7 @@ public class BlindSqlInjection extends LessonAdapter
{
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
ec.addElement(new P().addElement("Enter your Account Number: "));
@ -335,7 +335,7 @@ public class BlindSqlInjection extends LessonAdapter
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
}
catch (Exception e)

6
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
View File

@ -85,7 +85,7 @@ public class CSRF extends LessonAdapter {
if ( connection == null )
{
connection = DatabaseUtilities.makeConnection( s );
connection = DatabaseUtilities.getConnection( s );
}
String query = "INSERT INTO messages VALUES (?, ?, ?, ? )";
@ -173,7 +173,7 @@ public class CSRF extends LessonAdapter {
{
if ( connection == null )
{
connection = DatabaseUtilities.makeConnection( s );
connection = DatabaseUtilities.getConnection( s );
}
Statement statement = connection.createStatement( ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY );
@ -228,7 +228,7 @@ public class CSRF extends LessonAdapter {
if ( connection == null )
{
connection = DatabaseUtilities.makeConnection( s );
connection = DatabaseUtilities.getConnection( s );
}

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java
View File

@ -208,7 +208,7 @@ public class Challenge2Screen extends SequentialLessonAdapter
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
Statement statement3 = connection.createStatement(

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java
View File

@ -99,7 +99,7 @@ public class DOS_Login extends LessonAdapter
// Check if the login is valid
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
String query = "SELECT * FROM user_system_data WHERE user_name = '"

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java
View File

@ -428,7 +428,7 @@ public class SoapRequest extends SequentialLessonAdapter
{
try
{
Connection connection = DatabaseUtilities.makeConnection(getWebgoatContext());
Connection connection = DatabaseUtilities.getConnection("guest", getWebgoatContext());
if (connection == null)
{
return null;

8
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
View File

@ -122,7 +122,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
try
@ -188,7 +188,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
{
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
ec.addElement(makeStationList(s));
@ -288,7 +288,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
Map<String, String> stations = new TreeMap<String, String>();
@ -395,7 +395,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
}
catch (Exception e)

6
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
View File

@ -98,7 +98,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
{
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
ec.addElement(makeAccountLine(s));
@ -180,7 +180,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
{
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
ec.addElement(makeAccountLine(s));
@ -311,7 +311,7 @@ public class SqlStringInjection extends SequentialLessonAdapter
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
}
catch (Exception e)

6
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/StoredXss.java
View File

@ -95,7 +95,7 @@ public class StoredXss extends LessonAdapter
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
String query = "INSERT INTO messages VALUES (?, ?, ?, ? )";
@ -209,7 +209,7 @@ public class StoredXss extends LessonAdapter
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
// edit by Chuck Willis - Added logic to associate similar usernames
@ -331,7 +331,7 @@ public class StoredXss extends LessonAdapter
{
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
Statement statement = connection.createStatement(

4
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ThreadSafetyProblem.java
View File

@ -75,7 +75,7 @@ public class ThreadSafetyProblem extends LessonAdapter
{
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
ec.addElement(new StringElement("Enter user name: "));
@ -208,7 +208,7 @@ public class ThreadSafetyProblem extends LessonAdapter
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
}
catch (Exception e)

4
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WSDLScanning.java
View File

@ -221,7 +221,7 @@ public class WSDLScanning extends LessonAdapter
int id = s.getParser().getIntParameter("id");
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
Table t = new Table().setCellSpacing(0).setCellPadding(2)
@ -290,7 +290,7 @@ public class WSDLScanning extends LessonAdapter
{
try
{
Connection connection = DatabaseUtilities.makeConnection(getWebgoatContext());
Connection connection = DatabaseUtilities.getConnection("guest", getWebgoatContext());
if (connection == null)
{
return null;

4
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/WsSqlInjection.java
View File

@ -186,7 +186,7 @@ public class WsSqlInjection extends LessonAdapter
{
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
ec.addElement(makeAccountLine(s));
@ -246,7 +246,7 @@ public class WsSqlInjection extends LessonAdapter
{
try
{
Connection connection = DatabaseUtilities.makeConnection(getWebgoatContext());
Connection connection = DatabaseUtilities.getConnection("guest", getWebgoatContext());
if (connection == null)
{
return null;

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ProductsAdminScreen.java
View File

@ -66,7 +66,7 @@ public class ProductsAdminScreen extends LessonAdapter
{
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
Statement statement = connection.createStatement(

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/RefreshDBScreen.java
View File

@ -155,7 +155,7 @@ public class RefreshDBScreen extends LessonAdapter
{
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
CreateDB db = new CreateDB();

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/UserAdminScreen.java
View File

@ -66,7 +66,7 @@ public class UserAdminScreen extends LessonAdapter
{
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
Statement statement = connection.createStatement(

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/ViewDatabase.java
View File

@ -77,7 +77,7 @@ public class ViewDatabase extends LessonAdapter
if (connection == null)
{
connection = DatabaseUtilities.makeConnection(s);
connection = DatabaseUtilities.getConnection(s);
}
if (sqlStatement.length() > 0)