dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix javadoc errors in order to comply with Maven OSS requirements

Browse Source
This commit is contained in:
Doug Morato
2015-09-15 22:24:11 -04:00
parent 7b43c89e1c
commit e8b9b17107
90 changed files with 13590 additions and 11425 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
webgoat-container/src/main/java/org/owasp/webgoat/util/BeanProvider.java
View File

@ -1,63 +1,68 @@
package org.owasp.webgoat.util;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.stereotype.Component;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
* free software projects.
*
* For details, please see http://webgoat.github.io
*/
@Component
public class BeanProvider implements ApplicationContextAware
{
private static ApplicationContext ctx;
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
{
ctx = applicationContext;
}
/**
* Get access to managed beans from id.
*
* @param beanName
* the id of the searched bean
* @param beanClass
* the type of tye searched bean
* @return
*/
@SuppressWarnings("unchecked")
public static <T> T getBean(final String beanName, final Class<T> beanClass)
{
return (T) ctx.getBean(beanName);
}
}
package org.owasp.webgoat.util;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.stereotype.Component;
/**
*************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
* free software projects.
*
* For details, please see http://webgoat.github.io
*
* @version $Id: $Id
*/
@Component
public class BeanProvider implements ApplicationContextAware
{
private static ApplicationContext ctx;
/** {@inheritDoc} */
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
{
ctx = applicationContext;
}
/**
* Get access to managed beans from id.
*
* @param beanName
* the id of the searched bean
* @param beanClass
* the type of tye searched bean
* @param <T> a T object.
* @return a T object.
*/
@SuppressWarnings("unchecked")
public static <T> T getBean(final String beanName, final Class<T> beanClass)
{
return (T) ctx.getBean(beanName);
}
}

1056
webgoat-container/src/main/java/org/owasp/webgoat/util/Exec.java
View File

File diff suppressed because it is too large Load Diff

708
webgoat-container/src/main/java/org/owasp/webgoat/util/ExecResults.java
View File

@ -1,353 +1,355 @@
package org.owasp.webgoat.util;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* For details, please see http://webgoat.github.io
*
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
*/
public class ExecResults
{
/**
* Description of the Field
*/
public final static int BADRETURNCODE = 2;
/**
* Description of the Field
*/
public final static int THROWABLE = 1;
private String myCommand;
private boolean myError = false;
private int myErrorType = 0;
private String myErrors = null;
private String myInput;
private boolean myInterrupted = false;
private String myOutput = null;
private int myReturnCode = 0;
private int mySuccessCode;
private Throwable myThrowable = null;
private int myTimeout;
/**
* Constructor for the ExecResults object
*
* @param command
* Description of the Parameter
* @param input
* Description of the Parameter
* @param successCode
* Description of the Parameter
* @param timeout
* Description of the Parameter
*/
public ExecResults(String command, String input, int successCode, int timeout)
{
myCommand = command.trim();
myInput = input.trim();
mySuccessCode = successCode;
myTimeout = timeout;
}
/**
* Description of the Method
*
* @param haystack
* Description of the Parameter
* @param needle
* Description of the Parameter
* @param fromIndex
* Description of the Parameter
* @return Description of the Return Value
*/
private boolean contains(String haystack, String needle, int fromIndex)
{
return (haystack.trim().toLowerCase().indexOf(needle.trim().toLowerCase(), fromIndex) != -1);
}
/**
* Description of the Method
*
* @param value
* Description of the Parameter
* @return Description of the Return Value
*/
public boolean errorsContains(String value)
{
return (errorsContains(value, 0));
}
/**
* Description of the Method
*
* @param value
* Description of the Parameter
* @param fromIndex
* Description of the Parameter
* @return Description of the Return Value
*/
public boolean errorsContains(String value, int fromIndex)
{
return (contains(myErrors, value, fromIndex));
}
/**
* Gets the error attribute of the ExecResults object
*
* @return The error value
*/
public boolean getError()
{
return (myError);
}
/**
* Gets the errorMessage attribute of the ExecResults object
*
* @return The errorMessage value
*/
public String getErrorMessage()
{
switch (getErrorType())
{
case THROWABLE:
return ("Exception: " + myThrowable.getMessage());
case BADRETURNCODE:
return ("Bad return code (expected " + mySuccessCode + ")");
default:
return ("Unknown error");
}
}
/**
* Gets the errorType attribute of the ExecResults object
*
* @return The errorType value
*/
public int getErrorType()
{
return (myErrorType);
}
/**
* Gets the errors attribute of the ExecResults object
*
* @return The errors value
*/
public String getErrors()
{
return (myErrors);
}
/**
* Gets the interrupted attribute of the ExecResults object
*
* @return The interrupted value
*/
public boolean getInterrupted()
{
return (myInterrupted);
}
/**
* Gets the output attribute of the ExecResults object
*
* @return The output value
*/
public String getOutput()
{
return (myOutput);
}
/**
* Gets the returnCode attribute of the ExecResults object
*
* @return The returnCode value
*/
public int getReturnCode()
{
return (myReturnCode);
}
/**
* Gets the throwable attribute of the ExecResults object
*
* @return The throwable value
*/
public Throwable getThrowable()
{
return (myThrowable);
}
/**
* Description of the Method
*
* @param value
* Description of the Parameter
* @return Description of the Return Value
*/
public boolean outputContains(String value)
{
return (outputContains(value, 0));
}
/**
* Description of the Method
*
* @param value
* Description of the Parameter
* @param fromIndex
* Description of the Parameter
* @return Description of the Return Value
*/
public boolean outputContains(String value, int fromIndex)
{
return (contains(myOutput, value, fromIndex));
}
/**
* Sets the error attribute of the ExecResults object
*
* @param value
* The new error value
*/
public void setError(int value)
{
myError = true;
myErrorType = value;
}
/**
* Sets the errors attribute of the ExecResults object
*
* @param errors
* The new errors value
*/
public void setErrors(String errors)
{
myErrors = errors.trim();
}
/**
* Sets the interrupted attribute of the ExecResults object
*/
public void setInterrupted()
{
myInterrupted = true;
}
/**
* Sets the output attribute of the ExecResults object
*
* @param value
* The new output value
*/
public void setOutput(String value)
{
myOutput = value.trim();
}
/**
* Sets the returnCode attribute of the ExecResults object
*
* @param value
* The new returnCode value
*/
public void setReturnCode(int value)
{
myReturnCode = value;
}
/**
* Sets the throwable attribute of the ExecResults object
*
* @param value
* The new throwable value
*/
public void setThrowable(Throwable value)
{
setError(THROWABLE);
myThrowable = value;
}
/**
* Description of the Method
*
* @return Description of the Return Value
*/
public String toString()
{
String sep = System.getProperty("line.separator");
StringBuffer value = new StringBuffer();
value.append("ExecResults for \'" + myCommand + "\'" + sep);
if ((myInput != null) && !myInput.equals(""))
{
value.append(sep + "Input..." + sep + myInput + sep);
}
if ((myOutput != null) && !myOutput.equals(""))
{
value.append(sep + "Output..." + sep + myOutput + sep);
}
if ((myErrors != null) && !myErrors.equals(""))
{
value.append(sep + "Errors..." + sep + myErrors + sep);
}
value.append(sep);
if (myInterrupted)
{
value.append("Command timed out after " + (myTimeout / 1000) + " seconds " + sep);
}
value.append("Returncode: " + myReturnCode + sep);
if (myError)
{
value.append(getErrorMessage() + sep);
}
return (value.toString());
}
}
package org.owasp.webgoat.util;
/**
*************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* For details, please see http://webgoat.github.io
*
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
* @version $Id: $Id
*/
public class ExecResults
{
/**
* Description of the Field
*/
public final static int BADRETURNCODE = 2;
/**
* Description of the Field
*/
public final static int THROWABLE = 1;
private String myCommand;
private boolean myError = false;
private int myErrorType = 0;
private String myErrors = null;
private String myInput;
private boolean myInterrupted = false;
private String myOutput = null;
private int myReturnCode = 0;
private int mySuccessCode;
private Throwable myThrowable = null;
private int myTimeout;
/**
* Constructor for the ExecResults object
*
* @param command
* Description of the Parameter
* @param input
* Description of the Parameter
* @param successCode
* Description of the Parameter
* @param timeout
* Description of the Parameter
*/
public ExecResults(String command, String input, int successCode, int timeout)
{
myCommand = command.trim();
myInput = input.trim();
mySuccessCode = successCode;
myTimeout = timeout;
}
/**
* Description of the Method
*
* @param haystack
* Description of the Parameter
* @param needle
* Description of the Parameter
* @param fromIndex
* Description of the Parameter
* @return Description of the Return Value
*/
private boolean contains(String haystack, String needle, int fromIndex)
{
return (haystack.trim().toLowerCase().indexOf(needle.trim().toLowerCase(), fromIndex) != -1);
}
/**
* Description of the Method
*
* @param value
* Description of the Parameter
* @return Description of the Return Value
*/
public boolean errorsContains(String value)
{
return (errorsContains(value, 0));
}
/**
* Description of the Method
*
* @param value
* Description of the Parameter
* @param fromIndex
* Description of the Parameter
* @return Description of the Return Value
*/
public boolean errorsContains(String value, int fromIndex)
{
return (contains(myErrors, value, fromIndex));
}
/**
* Gets the error attribute of the ExecResults object
*
* @return The error value
*/
public boolean getError()
{
return (myError);
}
/**
* Gets the errorMessage attribute of the ExecResults object
*
* @return The errorMessage value
*/
public String getErrorMessage()
{
switch (getErrorType())
{
case THROWABLE:
return ("Exception: " + myThrowable.getMessage());
case BADRETURNCODE:
return ("Bad return code (expected " + mySuccessCode + ")");
default:
return ("Unknown error");
}
}
/**
* Gets the errorType attribute of the ExecResults object
*
* @return The errorType value
*/
public int getErrorType()
{
return (myErrorType);
}
/**
* Gets the errors attribute of the ExecResults object
*
* @return The errors value
*/
public String getErrors()
{
return (myErrors);
}
/**
* Gets the interrupted attribute of the ExecResults object
*
* @return The interrupted value
*/
public boolean getInterrupted()
{
return (myInterrupted);
}
/**
* Gets the output attribute of the ExecResults object
*
* @return The output value
*/
public String getOutput()
{
return (myOutput);
}
/**
* Gets the returnCode attribute of the ExecResults object
*
* @return The returnCode value
*/
public int getReturnCode()
{
return (myReturnCode);
}
/**
* Gets the throwable attribute of the ExecResults object
*
* @return The throwable value
*/
public Throwable getThrowable()
{
return (myThrowable);
}
/**
* Description of the Method
*
* @param value
* Description of the Parameter
* @return Description of the Return Value
*/
public boolean outputContains(String value)
{
return (outputContains(value, 0));
}
/**
* Description of the Method
*
* @param value
* Description of the Parameter
* @param fromIndex
* Description of the Parameter
* @return Description of the Return Value
*/
public boolean outputContains(String value, int fromIndex)
{
return (contains(myOutput, value, fromIndex));
}
/**
* Sets the error attribute of the ExecResults object
*
* @param value
* The new error value
*/
public void setError(int value)
{
myError = true;
myErrorType = value;
}
/**
* Sets the errors attribute of the ExecResults object
*
* @param errors
* The new errors value
*/
public void setErrors(String errors)
{
myErrors = errors.trim();
}
/**
* Sets the interrupted attribute of the ExecResults object
*/
public void setInterrupted()
{
myInterrupted = true;
}
/**
* Sets the output attribute of the ExecResults object
*
* @param value
* The new output value
*/
public void setOutput(String value)
{
myOutput = value.trim();
}
/**
* Sets the returnCode attribute of the ExecResults object
*
* @param value
* The new returnCode value
*/
public void setReturnCode(int value)
{
myReturnCode = value;
}
/**
* Sets the throwable attribute of the ExecResults object
*
* @param value
* The new throwable value
*/
public void setThrowable(Throwable value)
{
setError(THROWABLE);
myThrowable = value;
}
/**
* Description of the Method
*
* @return Description of the Return Value
*/
public String toString()
{
String sep = System.getProperty("line.separator");
StringBuffer value = new StringBuffer();
value.append("ExecResults for \'" + myCommand + "\'" + sep);
if ((myInput != null) && !myInput.equals(""))
{
value.append(sep + "Input..." + sep + myInput + sep);
}
if ((myOutput != null) && !myOutput.equals(""))
{
value.append(sep + "Output..." + sep + myOutput + sep);
}
if ((myErrors != null) && !myErrors.equals(""))
{
value.append(sep + "Errors..." + sep + myErrors + sep);
}
value.append(sep);
if (myInterrupted)
{
value.append("Command timed out after " + (myTimeout / 1000) + " seconds " + sep);
}
value.append("Returncode: " + myReturnCode + sep);
if (myError)
{
value.append(getErrorMessage() + sep);
}
return (value.toString());
}
}

120
webgoat-container/src/main/java/org/owasp/webgoat/util/ExecutionException.java
View File

@ -1,59 +1,61 @@
package org.owasp.webgoat.util;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* For details, please see http://webgoat.github.io
*
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
*/
public class ExecutionException extends Exception
{
/**
*
*/
private static final long serialVersionUID = 7282947463831152092L;
/**
* Constructor for the ExecutionException object
*/
public ExecutionException()
{
super();
}
/**
* Constructor for the ExecutionException object
*
* @param msg
* Description of the Parameter
*/
public ExecutionException(String msg)
{
super(msg);
}
}
package org.owasp.webgoat.util;
/**
*************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* For details, please see http://webgoat.github.io
*
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
* @version $Id: $Id
*/
public class ExecutionException extends Exception
{
/**
*
*/
private static final long serialVersionUID = 7282947463831152092L;
/**
* Constructor for the ExecutionException object
*/
public ExecutionException()
{
super();
}
/**
* Constructor for the ExecutionException object
*
* @param msg
* Description of the Parameter
*/
public ExecutionException(String msg)
{
super(msg);
}
}

455
webgoat-container/src/main/java/org/owasp/webgoat/util/HtmlEncoder.java
View File

@ -1,225 +1,230 @@
package org.owasp.webgoat.util;
import java.util.HashMap;
import java.util.Map;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* For details, please see http://webgoat.github.io
*/
public class HtmlEncoder
{
static Map<String, Integer> e2i = new HashMap<String, Integer>();
static Map<Integer, String> i2e = new HashMap<Integer, String>();
// html entity list
private static Object[][] entities = { { "quot", new Integer(34) }, // " - double-quote
{ "amp", new Integer(38) }, // & - ampersand
{ "lt", new Integer(60) }, // < - less-than
{ "gt", new Integer(62) }, // > - greater-than
{ "nbsp", new Integer(160) }, // non-breaking space
{ "copy", new Integer(169) }, // <EFBFBD> - copyright
{ "reg", new Integer(174) }, // <EFBFBD> - registered trademark
{ "Agrave", new Integer(192) }, // <EFBFBD> - uppercase A, grave accent
{ "Aacute", new Integer(193) }, // <EFBFBD> - uppercase A, acute accent
{ "Acirc", new Integer(194) }, // <EFBFBD> - uppercase A, circumflex accent
{ "Atilde", new Integer(195) }, // <EFBFBD> - uppercase A, tilde
{ "Auml", new Integer(196) }, // <EFBFBD> - uppercase A, umlaut
{ "Aring", new Integer(197) }, // <EFBFBD> - uppercase A, ring
{ "AElig", new Integer(198) }, // <EFBFBD> - uppercase AE
{ "Ccedil", new Integer(199) }, // <EFBFBD> - uppercase C, cedilla
{ "Egrave", new Integer(200) }, // <EFBFBD> - uppercase E, grave accent
{ "Eacute", new Integer(201) }, // <EFBFBD> - uppercase E, acute accent
{ "Ecirc", new Integer(202) }, // <EFBFBD> - uppercase E, circumflex accent
{ "Euml", new Integer(203) }, // <EFBFBD> - uppercase E, umlaut
{ "Igrave", new Integer(204) }, // <EFBFBD> - uppercase I, grave accent
{ "Iacute", new Integer(205) }, // <EFBFBD> - uppercase I, acute accent
{ "Icirc", new Integer(206) }, // <EFBFBD> - uppercase I, circumflex accent
{ "Iuml", new Integer(207) }, // <EFBFBD> - uppercase I, umlaut
{ "ETH", new Integer(208) }, // <EFBFBD> - uppercase Eth, Icelandic
{ "Ntilde", new Integer(209) }, // <EFBFBD> - uppercase N, tilde
{ "Ograve", new Integer(210) }, // <EFBFBD> - uppercase O, grave accent
{ "Oacute", new Integer(211) }, // <EFBFBD> - uppercase O, acute accent
{ "Ocirc", new Integer(212) }, // <EFBFBD> - uppercase O, circumflex accent
{ "Otilde", new Integer(213) }, // <EFBFBD> - uppercase O, tilde
{ "Ouml", new Integer(214) }, // <EFBFBD> - uppercase O, umlaut
{ "Oslash", new Integer(216) }, // <EFBFBD> - uppercase O, slash
{ "Ugrave", new Integer(217) }, // <EFBFBD> - uppercase U, grave accent
{ "Uacute", new Integer(218) }, // <EFBFBD> - uppercase U, acute accent
{ "Ucirc", new Integer(219) }, // <EFBFBD> - uppercase U, circumflex accent
{ "Uuml", new Integer(220) }, // <EFBFBD> - uppercase U, umlaut
{ "Yacute", new Integer(221) }, // <EFBFBD> - uppercase Y, acute accent
{ "THORN", new Integer(222) }, // <EFBFBD> - uppercase THORN, Icelandic
{ "szlig", new Integer(223) }, // <EFBFBD> - lowercase sharps, German
{ "agrave", new Integer(224) }, // <EFBFBD> - lowercase a, grave accent
{ "aacute", new Integer(225) }, // <EFBFBD> - lowercase a, acute accent
{ "acirc", new Integer(226) }, // <EFBFBD> - lowercase a, circumflex accent
{ "atilde", new Integer(227) }, // <EFBFBD> - lowercase a, tilde
{ "auml", new Integer(228) }, // <EFBFBD> - lowercase a, umlaut
{ "aring", new Integer(229) }, // <EFBFBD> - lowercase a, ring
{ "aelig", new Integer(230) }, // <EFBFBD> - lowercase ae
{ "ccedil", new Integer(231) }, // <EFBFBD> - lowercase c, cedilla
{ "egrave", new Integer(232) }, // <EFBFBD> - lowercase e, grave accent
{ "eacute", new Integer(233) }, // <EFBFBD> - lowercase e, acute accent
{ "ecirc", new Integer(234) }, // <EFBFBD> - lowercase e, circumflex accent
{ "euml", new Integer(235) }, // <EFBFBD> - lowercase e, umlaut
{ "igrave", new Integer(236) }, // <EFBFBD> - lowercase i, grave accent
{ "iacute", new Integer(237) }, // <EFBFBD> - lowercase i, acute accent
{ "icirc", new Integer(238) }, // <EFBFBD> - lowercase i, circumflex accent
{ "iuml", new Integer(239) }, // <EFBFBD> - lowercase i, umlaut
{ "igrave", new Integer(236) }, // <EFBFBD> - lowercase i, grave accent
{ "iacute", new Integer(237) }, // <EFBFBD> - lowercase i, acute accent
{ "icirc", new Integer(238) }, // <EFBFBD> - lowercase i, circumflex accent
{ "iuml", new Integer(239) }, // <EFBFBD> - lowercase i, umlaut
{ "eth", new Integer(240) }, // <EFBFBD> - lowercase eth, Icelandic
{ "ntilde", new Integer(241) }, // <EFBFBD> - lowercase n, tilde
{ "ograve", new Integer(242) }, // <EFBFBD> - lowercase o, grave accent
{ "oacute", new Integer(243) }, // <EFBFBD> - lowercase o, acute accent
{ "ocirc", new Integer(244) }, // <EFBFBD> - lowercase o, circumflex accent
{ "otilde", new Integer(245) }, // <EFBFBD> - lowercase o, tilde
{ "ouml", new Integer(246) }, // <EFBFBD> - lowercase o, umlaut
{ "oslash", new Integer(248) }, // <EFBFBD> - lowercase o, slash
{ "ugrave", new Integer(249) }, // <EFBFBD> - lowercase u, grave accent
{ "uacute", new Integer(250) }, // <EFBFBD> - lowercase u, acute accent
{ "ucirc", new Integer(251) }, // <EFBFBD> - lowercase u, circumflex accent
{ "uuml", new Integer(252) }, // <EFBFBD> - lowercase u, umlaut
{ "yacute", new Integer(253) }, // <EFBFBD> - lowercase y, acute accent
{ "thorn", new Integer(254) }, // <EFBFBD> - lowercase thorn, Icelandic
{ "yuml", new Integer(255) }, // <EFBFBD> - lowercase y, umlaut
{ "euro", new Integer(8364) },// Euro symbol
};
public HtmlEncoder()
{
for (int i = 0; i < entities.length; i++)
e2i.put((String) entities[i][0], (Integer) entities[i][1]);
for (int i = 0; i < entities.length; i++)
i2e.put((Integer) entities[i][1], (String) entities[i][0]);
}
/**
* Turns funky characters into HTML entity equivalents
* <p>
*
* e.g. <tt>"bread" & "butter"</tt> => <tt>&amp;quot;bread&amp;quot; &amp;amp;
* &amp;quot;butter&amp;quot;</tt> . Update: supports nearly all HTML entities, including funky
* accents. See the source code for more detail. Adapted from
* http://www.purpletech.com/code/src/com/purpletech/util/Utils.java.
*
* @param s1
* Description of the Parameter
* @return Description of the Return Value
*/
public static String encode(String s1)
{
StringBuffer buf = new StringBuffer();
int i;
for (i = 0; i < s1.length(); ++i)
{
char ch = s1.charAt(i);
String entity = i2e.get(new Integer((int) ch));
if (entity == null)
{
if (((int) ch) > 128)
{
buf.append("&#" + ((int) ch) + ";");
}
else
{
buf.append(ch);
}
}
else
{
buf.append("&" + entity + ";");
}
}
return buf.toString();
}
/**
* Given a string containing entity escapes, returns a string containing the actual Unicode
* characters corresponding to the escapes. Adapted from
* http://www.purpletech.com/code/src/com/purpletech/util/Utils.java.
*
* @param s1
* Description of the Parameter
* @return Description of the Return Value
*/
public static String decode(String s1)
{
StringBuffer buf = new StringBuffer();
int i;
for (i = 0; i < s1.length(); ++i)
{
char ch = s1.charAt(i);
if (ch == '&')
{
int semi = s1.indexOf(';', i + 1);
if (semi == -1)
{
buf.append(ch);
continue;
}
String entity = s1.substring(i + 1, semi);
Integer iso;
if (entity.charAt(0) == '#')
{
iso = new Integer(entity.substring(1));
}
else
{
iso = e2i.get(entity);
}
if (iso == null)
{
buf.append("&" + entity + ";");
}
else
{
buf.append((char) (iso.intValue()));
}
i = semi;
}
else
{
buf.append(ch);
}
}
return buf.toString();
}
}
package org.owasp.webgoat.util;
import java.util.HashMap;
import java.util.Map;
/**
*************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* For details, please see http://webgoat.github.io
*
* @version $Id: $Id
*/
public class HtmlEncoder
{
static Map<String, Integer> e2i = new HashMap<String, Integer>();
static Map<Integer, String> i2e = new HashMap<Integer, String>();
// html entity list
private static Object[][] entities = { { "quot", new Integer(34) }, // " - double-quote
{ "amp", new Integer(38) }, // - ampersand
{ "lt", new Integer(60) }, // - less-than
{ "gt", new Integer(62) }, // - greater-than
{ "nbsp", new Integer(160) }, // non-breaking space
{ "copy", new Integer(169) }, // - copyright
{ "reg", new Integer(174) }, // - registered trademark
{ "Agrave", new Integer(192) }, // - uppercase A, grave accent
{ "Aacute", new Integer(193) }, // - uppercase A, acute accent
{ "Acirc", new Integer(194) }, // - uppercase A, circumflex accent
{ "Atilde", new Integer(195) }, // - uppercase A, tilde
{ "Auml", new Integer(196) }, // - uppercase A, umlaut
{ "Aring", new Integer(197) }, // - uppercase A, ring
{ "AElig", new Integer(198) }, // - uppercase AE
{ "Ccedil", new Integer(199) }, // - uppercase C, cedilla
{ "Egrave", new Integer(200) }, // - uppercase E, grave accent
{ "Eacute", new Integer(201) }, // - uppercase E, acute accent
{ "Ecirc", new Integer(202) }, // - uppercase E, circumflex accent
{ "Euml", new Integer(203) }, // - uppercase E, umlaut
{ "Igrave", new Integer(204) }, // - uppercase I, grave accent
{ "Iacute", new Integer(205) }, // - uppercase I, acute accent
{ "Icirc", new Integer(206) }, // - uppercase I, circumflex accent
{ "Iuml", new Integer(207) }, // - uppercase I, umlaut
{ "ETH", new Integer(208) }, // - uppercase Eth, Icelandic
{ "Ntilde", new Integer(209) }, // - uppercase N, tilde
{ "Ograve", new Integer(210) }, // - uppercase O, grave accent
{ "Oacute", new Integer(211) }, // - uppercase O, acute accent
{ "Ocirc", new Integer(212) }, // - uppercase O, circumflex accent
{ "Otilde", new Integer(213) }, // - uppercase O, tilde
{ "Ouml", new Integer(214) }, // - uppercase O, umlaut
{ "Oslash", new Integer(216) }, // - uppercase O, slash
{ "Ugrave", new Integer(217) }, // - uppercase U, grave accent
{ "Uacute", new Integer(218) }, // - uppercase U, acute accent
{ "Ucirc", new Integer(219) }, // - uppercase U, circumflex accent
{ "Uuml", new Integer(220) }, // - uppercase U, umlaut
{ "Yacute", new Integer(221) }, // - uppercase Y, acute accent
{ "THORN", new Integer(222) }, // - uppercase THORN, Icelandic
{ "szlig", new Integer(223) }, // - lowercase sharps, German
{ "agrave", new Integer(224) }, // - lowercase a, grave accent
{ "aacute", new Integer(225) }, // - lowercase a, acute accent
{ "acirc", new Integer(226) }, // - lowercase a, circumflex accent
{ "atilde", new Integer(227) }, // - lowercase a, tilde
{ "auml", new Integer(228) }, // - lowercase a, umlaut
{ "aring", new Integer(229) }, // - lowercase a, ring
{ "aelig", new Integer(230) }, // - lowercase ae
{ "ccedil", new Integer(231) }, // - lowercase c, cedilla
{ "egrave", new Integer(232) }, // - lowercase e, grave accent
{ "eacute", new Integer(233) }, // - lowercase e, acute accent
{ "ecirc", new Integer(234) }, // - lowercase e, circumflex accent
{ "euml", new Integer(235) }, // - lowercase e, umlaut
{ "igrave", new Integer(236) }, // - lowercase i, grave accent
{ "iacute", new Integer(237) }, // - lowercase i, acute accent
{ "icirc", new Integer(238) }, // - lowercase i, circumflex accent
{ "iuml", new Integer(239) }, // - lowercase i, umlaut
{ "igrave", new Integer(236) }, // - lowercase i, grave accent
{ "iacute", new Integer(237) }, // - lowercase i, acute accent
{ "icirc", new Integer(238) }, // - lowercase i, circumflex accent
{ "iuml", new Integer(239) }, // - lowercase i, umlaut
{ "eth", new Integer(240) }, // - lowercase eth, Icelandic
{ "ntilde", new Integer(241) }, // - lowercase n, tilde
{ "ograve", new Integer(242) }, // - lowercase o, grave accent
{ "oacute", new Integer(243) }, // - lowercase o, acute accent
{ "ocirc", new Integer(244) }, // - lowercase o, circumflex accent
{ "otilde", new Integer(245) }, // - lowercase o, tilde
{ "ouml", new Integer(246) }, // - lowercase o, umlaut
{ "oslash", new Integer(248) }, // - lowercase o, slash
{ "ugrave", new Integer(249) }, // - lowercase u, grave accent
{ "uacute", new Integer(250) }, // - lowercase u, acute accent
{ "ucirc", new Integer(251) }, // - lowercase u, circumflex accent
{ "uuml", new Integer(252) }, // - lowercase u, umlaut
{ "yacute", new Integer(253) }, // - lowercase y, acute accent
{ "thorn", new Integer(254) }, // - lowercase thorn, Icelandic
{ "yuml", new Integer(255) }, // - lowercase y, umlaut
{ "euro", new Integer(8364) },// Euro symbol
};
/**
* <p>Constructor for HtmlEncoder.</p>
*/
public HtmlEncoder()
{
for (int i = 0; i < entities.length; i++)
e2i.put((String) entities[i][0], (Integer) entities[i][1]);
for (int i = 0; i < entities.length; i++)
i2e.put((Integer) entities[i][1], (String) entities[i][0]);
}
/**
* Turns funky characters into HTML entity equivalents
*
* e.g. {@code "bread" & "butter"} = {@code &amp;quot;bread&amp;quot; &amp;amp;
* &amp;quot;butter&amp;quot;}. Update: supports nearly all HTML entities, including funky
* accents. See the source code for more detail. Adapted from
* http://www.purpletech.com/code/src/com/purpletech/util/Utils.java.
*
* @param s1
* Description of the Parameter
* @return Description of the Return Value
*/
public static String encode(String s1)
{
StringBuffer buf = new StringBuffer();
int i;
for (i = 0; i < s1.length(); ++i)
{
char ch = s1.charAt(i);
String entity = i2e.get(new Integer((int) ch));
if (entity == null)
{
if (((int) ch) > 128)
{
buf.append("&#" + ((int) ch) + ";");
}
else
{
buf.append(ch);
}
}
else
{
buf.append("&" + entity + ";");
}
}
return buf.toString();
}
/**
* Given a string containing entity escapes, returns a string containing the actual Unicode
* characters corresponding to the escapes. Adapted from
* http://www.purpletech.com/code/src/com/purpletech/util/Utils.java.
*
* @param s1
* Description of the Parameter
* @return Description of the Return Value
*/
public static String decode(String s1)
{
StringBuffer buf = new StringBuffer();
int i;
for (i = 0; i < s1.length(); ++i)
{
char ch = s1.charAt(i);
if (ch == '&')
{
int semi = s1.indexOf(';', i + 1);
if (semi == -1)
{
buf.append(ch);
continue;
}
String entity = s1.substring(i + 1, semi);
Integer iso;
if (entity.charAt(0) == '#')
{
iso = new Integer(entity.substring(1));
}
else
{
iso = e2i.get(entity);
}
if (iso == null)
{
buf.append("&" + entity + ";");
}
else
{
buf.append((char) (iso.intValue()));
}
i = semi;
}
else
{
buf.append(ch);
}
}
return buf.toString();
}
}

292
webgoat-container/src/main/java/org/owasp/webgoat/util/Interceptor.java
View File

@ -1,143 +1,149 @@
/**
*
*/
package org.owasp.webgoat.util;
import java.io.IOException;
import java.io.BufferedReader;
import java.io.PrintWriter;
import java.io.InputStreamReader;
import java.net.UnknownHostException;
import java.net.Socket;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* For details, please see http://webgoat.github.io
*
* @author sherif koussa - Macadamian Technologies
*
*/
public class Interceptor implements Filter
{
private static final String OSG_SERVER_NAME = "OSGServerName";
private static final String OSG_SERVER_PORT = "OSGServerPort";
/*
* (non-Javadoc)
* @see javax.servlet.Filter#destroy()
*/
public void destroy()
{
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException
{
HttpServletRequest req = (HttpServletRequest) request;
Socket osgSocket = null;
PrintWriter out = null;
BufferedReader in = null;
String osgServerName = req.getSession().getServletContext().getInitParameter(OSG_SERVER_NAME);
String osgServerPort = req.getSession().getServletContext().getInitParameter(OSG_SERVER_PORT);
try
{
// If these parameters are not defined then no communication will happen with OSG
if (osgServerName != null && osgServerName.length() != 0 && osgServerPort != null
&& osgServerPort.length() != 0)
{
osgSocket = new Socket(osgServerName, Integer.parseInt(osgServerPort));
if (osgSocket != null)
{
out = new PrintWriter(osgSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(osgSocket.getInputStream()));
// String message =
// "HTTPRECEIVEHTTPREQUEST,-,DataValidation_SqlInjection_Basic.aspx";
// out.println(message);
// System.out.println(in.readLine());
}
}
} catch (UnknownHostException e)
{
e.printStackTrace();
} catch (IOException e)
{
e.printStackTrace();
} finally
{
if (out != null)
{
out.close();
}
if (in != null)
{
in.close();
}
if (osgSocket != null)
{
osgSocket.close();
}
}
String url = req.getRequestURL().toString();
RequestDispatcher disp = req.getRequestDispatcher(url.substring(url.lastIndexOf(req.getContextPath() + "/")
+ req.getContextPath().length()));
disp.forward(request, response);
}
/*
* (non-Javadoc)
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
public void init(FilterConfig arg0) throws ServletException
{
// TODO Auto-generated method stub
}
}
/**
*
*/
package org.owasp.webgoat.util;
import java.io.IOException;
import java.io.BufferedReader;
import java.io.PrintWriter;
import java.io.InputStreamReader;
import java.net.UnknownHostException;
import java.net.Socket;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
/**
*************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* For details, please see http://webgoat.github.io
*
* @author sherif koussa - Macadamian Technologies
* @version $Id: $Id
*/
public class Interceptor implements Filter
{
private static final String OSG_SERVER_NAME = "OSGServerName";
private static final String OSG_SERVER_PORT = "OSGServerPort";
/*
* (non-Javadoc)
* @see javax.servlet.Filter#destroy()
*/
/**
* <p>destroy.</p>
*/
public void destroy()
{
// TODO Auto-generated method stub
}
/** {@inheritDoc} */
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException
{
HttpServletRequest req = (HttpServletRequest) request;
Socket osgSocket = null;
PrintWriter out = null;
BufferedReader in = null;
String osgServerName = req.getSession().getServletContext().getInitParameter(OSG_SERVER_NAME);
String osgServerPort = req.getSession().getServletContext().getInitParameter(OSG_SERVER_PORT);
try
{
// If these parameters are not defined then no communication will happen with OSG
if (osgServerName != null && osgServerName.length() != 0 && osgServerPort != null
&& osgServerPort.length() != 0)
{
osgSocket = new Socket(osgServerName, Integer.parseInt(osgServerPort));
if (osgSocket != null)
{
out = new PrintWriter(osgSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(osgSocket.getInputStream()));
// String message =
// "HTTPRECEIVEHTTPREQUEST,-,DataValidation_SqlInjection_Basic.aspx";
// out.println(message);
// System.out.println(in.readLine());
}
}
} catch (UnknownHostException e)
{
e.printStackTrace();
} catch (IOException e)
{
e.printStackTrace();
} finally
{
if (out != null)
{
out.close();
}
if (in != null)
{
in.close();
}
if (osgSocket != null)
{
osgSocket.close();
}
}
String url = req.getRequestURL().toString();
RequestDispatcher disp = req.getRequestDispatcher(url.substring(url.lastIndexOf(req.getContextPath() + "/")
+ req.getContextPath().length()));
disp.forward(request, response);
}
/*
* (non-Javadoc)
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
/** {@inheritDoc} */
public void init(FilterConfig arg0) throws ServletException
{
// TODO Auto-generated method stub
}
}

96
webgoat-container/src/main/java/org/owasp/webgoat/util/LabelManager.java
View File

@ -1,41 +1,55 @@
package org.owasp.webgoat.util;
import java.util.Locale;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
* free software projects.
*
* For details, please see http://webgoat.github.io
*/
public interface LabelManager
{
public void setLocale(Locale locale);
public String get(String labelKey);
}
package org.owasp.webgoat.util;
import java.util.Locale;
/**
*************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
* free software projects.
*
* For details, please see http://webgoat.github.io
*
* @version $Id: $Id
*/
public interface LabelManager
{
/**
* <p>setLocale.</p>
*
* @param locale a {@link java.util.Locale} object.
*/
public void setLocale(Locale locale);
/**
* <p>get.</p>
*
* @param labelKey a {@link java.lang.String} object.
* @return a {@link java.lang.String} object.
*/
public String get(String labelKey);
}

149
webgoat-container/src/main/java/org/owasp/webgoat/util/LabelManagerImpl.java
View File

@ -1,68 +1,81 @@
package org.owasp.webgoat.util;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.io.Serializable;
import java.util.Locale;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
* free software projects.
*
* For details, please see http://webgoat.github.io
*/
@Component("labelManager")
public class LabelManagerImpl implements LabelManager, Serializable
{
private static final long serialVersionUID = 1L;
@Autowired
private transient LabelProvider labelProvider;
/** Locale mapped with current session. */
private Locale locale = new Locale(LabelProvider.DEFAULT_LANGUAGE);
protected LabelManagerImpl() {}
protected LabelManagerImpl(LabelProvider labelProvider) {
this.labelProvider = labelProvider;
}
public void setLocale(Locale locale)
{
if (locale != null)
{
this.locale = locale;
}
}
public String get(String labelKey)
{
return labelProvider.get(locale, labelKey);
}
}
package org.owasp.webgoat.util;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.io.Serializable;
import java.util.Locale;
/**
*************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
* free software projects.
*
* For details, please see http://webgoat.github.io
*
* @version $Id: $Id
*/
@Component("labelManager")
public class LabelManagerImpl implements LabelManager, Serializable
{
private static final long serialVersionUID = 1L;
@Autowired
private transient LabelProvider labelProvider;
/** Locale mapped with current session. */
private Locale locale = new Locale(LabelProvider.DEFAULT_LANGUAGE);
/**
* <p>Constructor for LabelManagerImpl.</p>
*/
protected LabelManagerImpl() {}
/**
* <p>Constructor for LabelManagerImpl.</p>
*
* @param labelProvider a {@link org.owasp.webgoat.util.LabelProvider} object.
*/
protected LabelManagerImpl(LabelProvider labelProvider) {
this.labelProvider = labelProvider;
}
/** {@inheritDoc} */
public void setLocale(Locale locale)
{
if (locale != null)
{
this.locale = locale;
}
}
/** {@inheritDoc} */
public String get(String labelKey)
{
return labelProvider.get(locale, labelKey);
}
}

223
webgoat-container/src/main/java/org/owasp/webgoat/util/LabelProvider.java
View File

@ -1,100 +1,123 @@
package org.owasp.webgoat.util;
import org.springframework.context.support.ReloadableResourceBundleMessageSource;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.core.io.UrlResource;
import org.springframework.stereotype.Component;
import org.springframework.util.DefaultPropertiesPersister;
import javax.inject.Singleton;
import java.net.MalformedURLException;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
/**
* ************************************************************************************************
* <p>
* <p>
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
* <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* <p>
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
* <p>
* Getting Source ==============
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for
* free software projects.
* <p>
* For details, please see http://webgoat.github.io
*/
@Component
@Singleton
public class LabelProvider {
public final static String DEFAULT_LANGUAGE = Locale.ENGLISH.getLanguage();
private static final List<Locale> SUPPORTED = Arrays.asList(Locale.GERMAN, Locale.FRENCH, Locale.ENGLISH,
Locale.forLanguageTag("ru"));
private final ReloadableResourceBundleMessageSource labels = new ReloadableResourceBundleMessageSource();
private static final ReloadableResourceBundleMessageSource pluginLabels = new ReloadableResourceBundleMessageSource();
public LabelProvider() {
labels.setBasename("classpath:/i18n/WebGoatLabels");
labels.setFallbackToSystemLocale(false);
labels.setUseCodeAsDefaultMessage(true);
pluginLabels.setParentMessageSource(labels);
pluginLabels.setPropertiesPersister(new DefaultPropertiesPersister() {
});
}
public static void updatePluginResources(final Path propertyFile) {
pluginLabels.setBasename("WebGoatLabels");
pluginLabels.setFallbackToSystemLocale(false);
pluginLabels.setUseCodeAsDefaultMessage(true);
pluginLabels.setResourceLoader(new ResourceLoader() {
@Override
public Resource getResource(String location) {
try {
return new UrlResource(propertyFile.toUri());
} catch (MalformedURLException e) {
throw new RuntimeException(e);
}
}
@Override
public ClassLoader getClassLoader() {
return Thread.currentThread().getContextClassLoader();
}
});
}
public static void refresh() {
pluginLabels.clearCache();
}
public String get(Locale locale, String strName) {
return pluginLabels.getMessage(strName, null, useLocaleOrFallbackToEnglish(locale));
}
private Locale useLocaleOrFallbackToEnglish(Locale locale) {
return SUPPORTED.contains(locale) ? Locale.ENGLISH : locale;
}
}
package org.owasp.webgoat.util;
import org.springframework.context.support.ReloadableResourceBundleMessageSource;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.core.io.UrlResource;
import org.springframework.stereotype.Component;
import org.springframework.util.DefaultPropertiesPersister;
import javax.inject.Singleton;
import java.net.MalformedURLException;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
/**
* *************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
* for free software projects.
*
* For details, please see http://webgoat.github.io
*
* @version $Id: $Id
*/
@Component
@Singleton
public class LabelProvider {
/** Constant <code>DEFAULT_LANGUAGE="Locale.ENGLISH.getLanguage()"</code> */
public final static String DEFAULT_LANGUAGE = Locale.ENGLISH.getLanguage();
private static final List<Locale> SUPPORTED = Arrays.asList(Locale.GERMAN, Locale.FRENCH, Locale.ENGLISH,
Locale.forLanguageTag("ru"));
private final ReloadableResourceBundleMessageSource labels = new ReloadableResourceBundleMessageSource();
private static final ReloadableResourceBundleMessageSource pluginLabels = new ReloadableResourceBundleMessageSource();
/**
* <p>Constructor for LabelProvider.</p>
*/
public LabelProvider() {
labels.setBasename("classpath:/i18n/WebGoatLabels");
labels.setFallbackToSystemLocale(false);
labels.setUseCodeAsDefaultMessage(true);
pluginLabels.setParentMessageSource(labels);
pluginLabels.setPropertiesPersister(new DefaultPropertiesPersister() {
});
}
/**
* <p>updatePluginResources.</p>
*
* @param propertyFile a {@link java.nio.file.Path} object.
*/
public static void updatePluginResources(final Path propertyFile) {
pluginLabels.setBasename("WebGoatLabels");
pluginLabels.setFallbackToSystemLocale(false);
pluginLabels.setUseCodeAsDefaultMessage(true);
pluginLabels.setResourceLoader(new ResourceLoader() {
@Override
public Resource getResource(String location) {
try {
return new UrlResource(propertyFile.toUri());
} catch (MalformedURLException e) {
throw new RuntimeException(e);
}
}
@Override
public ClassLoader getClassLoader() {
return Thread.currentThread().getContextClassLoader();
}
});
}
/**
* <p>refresh.</p>
*/
public static void refresh() {
pluginLabels.clearCache();
}
/**
* <p>get.</p>
*
* @param locale a {@link java.util.Locale} object.
* @param strName a {@link java.lang.String} object.
* @return a {@link java.lang.String} object.
*/
public String get(Locale locale, String strName) {
return pluginLabels.getMessage(strName, null, useLocaleOrFallbackToEnglish(locale));
}
private Locale useLocaleOrFallbackToEnglish(Locale locale) {
return SUPPORTED.contains(locale) ? Locale.ENGLISH : locale;
}
}

208
webgoat-container/src/main/java/org/owasp/webgoat/util/ThreadWatcher.java
View File

@ -1,103 +1,105 @@
package org.owasp.webgoat.util;
import java.util.BitSet;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* For details, please see http://webgoat.github.io
*
* @author jwilliams@aspectsecurity.com
* @created November 6, 2002
*/
public class ThreadWatcher implements Runnable
{
// time to live in milliseconds
private BitSet myInterrupted;
private Process myProcess;
private int myTimeout;
/**
* Constructor for the ThreadWatcher object
*
* @param p
* Description of the Parameter
* @param interrupted
* Description of the Parameter
* @param timeout
* Description of the Parameter
*/
public ThreadWatcher(Process p, BitSet interrupted, int timeout)
{
myProcess = p;
// thread used by whoever constructed this watcher
myTimeout = timeout;
myInterrupted = interrupted;
}
/*
* Interrupt the thread by marking the interrupted bit and killing the process
*/
/**
* Description of the Method
*/
public void interrupt()
{
myInterrupted.set(0);
// set interrupted bit (bit 0 of the bitset) to 1
myProcess.destroy();
/*
* try { myProcess.getInputStream().close(); } catch( IOException e1 ) { / do nothing --
* input streams are probably already closed } try { myProcess.getErrorStream().close(); }
* catch( IOException e2 ) { / do nothing -- input streams are probably already closed }
* myThread.interrupt();
*/
}
/**
* Main processing method for the ThreadWatcher object
*/
public void run()
{
try
{
Thread.sleep(myTimeout);
} catch (InterruptedException e)
{
// do nothing -- if watcher is interrupted, so is thread
}
interrupt();
}
}
package org.owasp.webgoat.util;
import java.util.BitSet;
/**
*************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* For details, please see http://webgoat.github.io
*
* @author jwilliams@aspectsecurity.com
* @since November 6, 2002
* @version $Id: $Id
*/
public class ThreadWatcher implements Runnable
{
// time to live in milliseconds
private BitSet myInterrupted;
private Process myProcess;
private int myTimeout;
/**
* Constructor for the ThreadWatcher object
*
* @param p
* Description of the Parameter
* @param interrupted
* Description of the Parameter
* @param timeout
* Description of the Parameter
*/
public ThreadWatcher(Process p, BitSet interrupted, int timeout)
{
myProcess = p;
// thread used by whoever constructed this watcher
myTimeout = timeout;
myInterrupted = interrupted;
}
/*
* Interrupt the thread by marking the interrupted bit and killing the process
*/
/**
* Description of the Method
*/
public void interrupt()
{
myInterrupted.set(0);
// set interrupted bit (bit 0 of the bitset) to 1
myProcess.destroy();
/*
* try { myProcess.getInputStream().close(); } catch( IOException e1 ) { / do nothing --
* input streams are probably already closed } try { myProcess.getErrorStream().close(); }
* catch( IOException e2 ) { / do nothing -- input streams are probably already closed }
* myThread.interrupt();
*/
}
/**
* Main processing method for the ThreadWatcher object
*/
public void run()
{
try
{
Thread.sleep(myTimeout);
} catch (InterruptedException e)
{
// do nothing -- if watcher is interrupted, so is thread
}
interrupt();
}
}

158
webgoat-container/src/main/java/org/owasp/webgoat/util/WebGoatI18N.java
View File

@ -1,66 +1,92 @@
package org.owasp.webgoat.util;
import java.util.HashMap;
import java.util.Locale;
import java.util.ResourceBundle;
import org.owasp.webgoat.session.WebgoatContext;
@Deprecated
public class WebGoatI18N
{
private static HashMap<Locale, ResourceBundle> labels = new HashMap<Locale, ResourceBundle>();
private static Locale currentLocale;
private static WebGoatResourceBundleController localeController;
public WebGoatI18N(WebgoatContext context)
{
currentLocale = new Locale(context.getDefaultLanguage());
localeController = new WebGoatResourceBundleController(currentLocale);
}
@Deprecated
public static void loadLanguage(String language)
{
// Do nothing
}
public static void setCurrentLocale(Locale locale)
{
if (!currentLocale.equals(locale))
{
if (!labels.containsKey(locale))
{
ResourceBundle resBundle = ResourceBundle.getBundle("WebGoatLabels", locale, localeController);
labels.put(locale, resBundle);
}
WebGoatI18N.currentLocale = locale;
}
}
public static String get(String strName)
{
return labels.get(WebGoatI18N.currentLocale).getString(strName);
}
private static class WebGoatResourceBundleController extends ResourceBundle.Control
{
private Locale fallbackLocale;
public WebGoatResourceBundleController(Locale l)
{
fallbackLocale = l;
}
@Override
public Locale getFallbackLocale(String baseName, Locale locale)
{
if(! fallbackLocale.equals(locale)) {
return fallbackLocale;
}
return Locale.ROOT;
}
}
}
package org.owasp.webgoat.util;
import java.util.HashMap;
import java.util.Locale;
import java.util.ResourceBundle;
import org.owasp.webgoat.session.WebgoatContext;
@Deprecated
/**
* <p>WebGoatI18N class.</p>
*
* @version $Id: $Id
*/
public class WebGoatI18N
{
private static HashMap<Locale, ResourceBundle> labels = new HashMap<Locale, ResourceBundle>();
private static Locale currentLocale;
private static WebGoatResourceBundleController localeController;
/**
* <p>Constructor for WebGoatI18N.</p>
*
* @param context a {@link org.owasp.webgoat.session.WebgoatContext} object.
*/
public WebGoatI18N(WebgoatContext context)
{
currentLocale = new Locale(context.getDefaultLanguage());
localeController = new WebGoatResourceBundleController(currentLocale);
}
/**
* <p>loadLanguage.</p>
*
* @param language a {@link java.lang.String} object.
*/
@Deprecated
public static void loadLanguage(String language)
{
// Do nothing
}
/**
* <p>Setter for the field <code>currentLocale</code>.</p>
*
* @param locale a {@link java.util.Locale} object.
*/
public static void setCurrentLocale(Locale locale)
{
if (!currentLocale.equals(locale))
{
if (!labels.containsKey(locale))
{
ResourceBundle resBundle = ResourceBundle.getBundle("WebGoatLabels", locale, localeController);
labels.put(locale, resBundle);
}
WebGoatI18N.currentLocale = locale;
}
}
/**
* <p>get.</p>
*
* @param strName a {@link java.lang.String} object.
* @return a {@link java.lang.String} object.
*/
public static String get(String strName)
{
return labels.get(WebGoatI18N.currentLocale).getString(strName);
}
private static class WebGoatResourceBundleController extends ResourceBundle.Control
{
private Locale fallbackLocale;
public WebGoatResourceBundleController(Locale l)
{
fallbackLocale = l;
}
@Override
public Locale getFallbackLocale(String baseName, Locale locale)
{
if(! fallbackLocale.equals(locale)) {
return fallbackLocale;
}
return Locale.ROOT;
}
}
}