dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Single platform build.xml

Browse Source 
Modified Lesson banners
Solutions guide and framework

git-svn-id: http://webgoat.googlecode.com/svn/trunk@213 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2007-10-08 20:37:43 +00:00
parent a9fe7e6099
commit ee0bc82bec
548 changed files with 30991 additions and 1890 deletions
Download Patch File Download Diff File Expand all files Collapse all files

198
webgoat/main/project/JavaSource/org/owasp/webgoat/LessonSource.java
View File

@ -39,87 +39,109 @@ import org.owasp.webgoat.session.WebSession;
* for free software projects.
*
* For details, please see http://code.google.com/p/webgoat/
*
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
public class LessonSource extends HammerHead
{
/**
*
*/
private static final long serialVersionUID = 2588430536196446145L;
*
*/
private static final long serialVersionUID = 2588430536196446145L;
/**
* Description of the Field
/**
* Description of the Field
*/
public final static String START_SOURCE_SKIP = "START_OMIT_SOURCE";
public final static String END_SOURCE_SKIP = "END_OMIT_SOURCE";
/**
* Description of the Method
*
* @param request Description of the Parameter
* @param response Description of the Parameter
* @exception IOException Description of the Exception
* @exception ServletException Description of the Exception
* Description of the Method
*
* @param request
* Description of the Parameter
* @param response
* Description of the Parameter
* @exception IOException
* Description of the Exception
* @exception ServletException
* Description of the Exception
*/
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
String source = null;
try
{
//System.out.println( "Entering doPost: " );
//System.out.println( " - request " + request);
//System.out.println( " - principle: " + request.getUserPrincipal() );
//setCacheHeaders(response, 0);
WebSession session = (WebSession) request.getSession(true)
.getAttribute(WebSession.SESSION);
session.update(request, response, this.getServletName()); // FIXME: Too much in this call.
// Get the Java source of the lesson. FIXME: Not needed
source = getSource(session);
int scr = session.getCurrentScreen();
Course course = session.getCourse();
AbstractLesson lesson = course.getLesson(session, scr,
AbstractLesson.USER_ROLE);
lesson.getLessonTracker(session).setViewedSource(true);
}
catch (Throwable t)
{
t.printStackTrace();
log("ERROR: " + t);
}
finally
{
try
{
this.writeSource(source, response);
}
catch (Throwable thr)
{
thr.printStackTrace();
log(request, "Could not write error screen: "
+ thr.getMessage());
}
//System.out.println( "Leaving doPost: " );
}
String source = null;
try
{
// System.out.println( "Entering doPost: " );
// System.out.println( " - request " + request);
// System.out.println( " - principle: " + request.getUserPrincipal()
// );
// setCacheHeaders(response, 0);
WebSession session = (WebSession) request.getSession(true).getAttribute(
WebSession.SESSION);
// FIXME: Too much in this call.
session.update(request, response, this.getServletName());
String showSolution = session.getParser().getRawParameter("solution");
if (showSolution != null)
{
// FIXME: we could probably just forward off to the file if the file
// existed. However, we do provide some feedback from the
// getSolution() method if something goes wrong.
// Get the Java solution of the lesson.
source = getSolution(session);
int scr = session.getCurrentScreen();
Course course = session.getCourse();
AbstractLesson lesson = course.getLesson(session, scr, AbstractLesson.USER_ROLE);
lesson.getLessonTracker(session).setViewedSolution(true);
} else
{
// Get the Java source of the lesson. FIXME: Not needed
source = getSource(session);
int scr = session.getCurrentScreen();
Course course = session.getCourse();
AbstractLesson lesson = course.getLesson(session, scr, AbstractLesson.USER_ROLE);
lesson.getLessonTracker(session).setViewedSource(true);
}
}
catch (Throwable t)
{
t.printStackTrace();
log("ERROR: " + t);
}
finally
{
try
{
this.writeSource(source, response);
}
catch (Throwable thr)
{
thr.printStackTrace();
log(request, "Could not write error screen: " + thr.getMessage());
}
// System.out.println( "Leaving doPost: " );
}
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
* Description of the Method
*
* @param s
* Description of the Parameter
* @return Description of the Return Value
*/
protected String getSource(WebSession s)
{
@ -131,8 +153,7 @@ public class LessonSource extends HammerHead
if (s.isUser() || s.isChallenge())
{
AbstractLesson lesson = course.getLesson(s, scr,
AbstractLesson.USER_ROLE);
AbstractLesson lesson = course.getLesson(s, scr, AbstractLesson.USER_ROLE);
if (lesson != null)
{
@ -141,22 +162,51 @@ public class LessonSource extends HammerHead
}
if (source == null)
{
return "Source code is not available. Contact " + s.getWebgoatContext().getFeedbackAddress();
return "Source code is not available. Contact "
+ s.getWebgoatContext().getFeedbackAddress();
}
return (source.replaceAll("(?s)" + START_SOURCE_SKIP + ".*"
+ END_SOURCE_SKIP, "Code Section Deliberately Omitted"));
return (source.replaceAll("(?s)" + START_SOURCE_SKIP + ".*" + END_SOURCE_SKIP,
"Code Section Deliberately Omitted"));
}
protected String getSolution(WebSession s)
{
String source = null;
int scr = s.getCurrentScreen();
Course course = s.getCourse();
if (s.isUser() || s.isChallenge())
{
AbstractLesson lesson = course.getLesson(s, scr, AbstractLesson.USER_ROLE);
if (lesson != null)
{
source = lesson.getSolution(s);
}
}
if (source == null)
{
return "Solution is not available. Contact "
+ s.getWebgoatContext().getFeedbackAddress();
}
return (source);
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @param response Description of the Parameter
* @exception IOException Description of the Exception
* Description of the Method
*
* @param s
* Description of the Parameter
* @param response
* Description of the Parameter
* @exception IOException
* Description of the Exception
*/
protected void writeSource(String s, HttpServletResponse response)
throws IOException
protected void writeSource(String s, HttpServletResponse response) throws IOException
{
response.setContentType("text/html");

46
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/AbstractLesson.java
View File

@ -99,6 +99,8 @@ public abstract class AbstractLesson extends Screen implements Comparable
private String lessonPlanFileName;
private String lessonSolutionFileName;
private WebgoatContext webgoatContext;
/**
@ -557,6 +559,40 @@ public abstract class AbstractLesson extends Screen implements Comparable
}
public String getSolution(WebSession s)
{
String source = null;
String src = null;
try
{
src = readFromFile(new BufferedReader(
new FileReader(s.getWebResource(getLessonSolutionFileName()))),
false);
}
catch (IOException e)
{
s.setMessage("Could not find the solution file");
src = ("Could not find the solution file");
}
Html html = new Html();
Head head = new Head();
head.addElement(new Title(getLessonSolutionFileName()));
Body body = new Body();
body.addElement(new StringElement(src));
html.addElement(head);
html.addElement(body);
source = html.toString();
return src;
}
/**
* Get the link that can be used to request this screen.
*
@ -821,6 +857,16 @@ public abstract class AbstractLesson extends Screen implements Comparable
this.lessonPlanFileName = lessonPlanFileName;
}
public String getLessonSolutionFileName()
{
return lessonSolutionFileName;
}
public void setLessonSolutionFileName(String lessonSolutionFileName)
{
this.lessonSolutionFileName = lessonSolutionFileName;
}
public String getSourceFileName()
{

417
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BackDoors.java
View File

@ -16,6 +16,7 @@ import org.apache.ecs.html.IMG;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.PRE;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TH;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.DatabaseUtilities;
@ -50,247 +51,233 @@ import org.owasp.webgoat.session.WebSession;
*
* For details, please see http://code.google.com/p/webgoat/
*
* @author Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies.</a>
* @author Sherif Koussa <a href="http://www.macadamian.com">Macadamian
* Technologies.</a>
*/
public class BackDoors extends SequentialLessonAdapter
{
private static Connection connection = null;
private static Connection connection = null;
private final static Integer DEFAULT_RANKING = new Integer(80);
private final static Integer DEFAULT_RANKING = new Integer(80);
private final static String USERNAME = "username";
private final static String USERNAME = "username";
private final static String SELECT_ST = "select userid, password, ssn, salary from employee where userid=";
private final static String SELECT_ST = "select userid, password, ssn, salary, email from employee where userid=";
private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
"Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
private final static IMG MAC_LOGO = new IMG("images/logos/macadamian.gif").setAlt(
"Macadamian Technologies").setBorder(0).setHspace(0).setVspace(0);
protected Element createContent(WebSession s)
{
return super.createStagedContent(s);
}
protected Element doStage1(WebSession s) throws Exception
{
return concept1(s);
}
protected Element doStage2(WebSession s) throws Exception
{
return concept2(s);
}
protected Element concept1(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement(makeUsername(s));
try
protected Element createContent(WebSession s)
{
String userInput = s.getParser().getRawParameter(USERNAME, "");
if (!userInput.equals(""))
{
userInput = SELECT_ST + userInput;
String[] arrSQL = userInput.split(";");
Connection conn = getConnection(s);
Statement statement = conn.createStatement(
ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
if (arrSQL.length == 2)
{
statement.executeUpdate(arrSQL[1]);
return super.createStagedContent(s);
}
getLessonTracker(s).setStage(2);
s
.setMessage("You have succeeded in exploiting the vulnerable query and created another SQL statement. Now move to stage 2 to learn how to create a backdoor or a DB worm");
protected Element doStage1(WebSession s) throws Exception
{
return concept1(s);
}
protected Element doStage2(WebSession s) throws Exception
{
return concept2(s);
}
protected Element concept1(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement(makeUsername(s));
try
{
String userInput = s.getParser().getRawParameter(USERNAME, "");
if (!userInput.equals(""))
{
userInput = SELECT_ST + userInput;
String[] arrSQL = userInput.split(";");
Connection conn = getConnection(s);
Statement statement = conn.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
if (arrSQL.length == 2)
{
statement.executeUpdate(arrSQL[1]);
getLessonTracker(s).setStage(2);
s.setMessage("You have succeeded in exploiting the vulnerable query and created another SQL statement. Now move to stage 2 to learn how to create a backdoor or a DB worm");
}
ResultSet rs = statement.executeQuery(arrSQL[0]);
if (rs.next())
{
Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(1);
TR tr = new TR();
tr.addElement(new TH("User ID"));
tr.addElement(new TH("Password"));
tr.addElement(new TH("SSN"));
tr.addElement(new TH("Salary"));
tr.addElement(new TH("E-Mail"));
t.addElement(tr);
while (rs.next())
{
tr = new TR();
tr.addElement(new TD(rs.getString("userid")));
tr.addElement(new TD(rs.getString("password")));
tr.addElement(new TD(rs.getString("ssn")));
tr.addElement(new TD(rs.getString("salary")));
tr.addElement(new TD(rs.getString("email")));
t.addElement(tr);
}
ec.addElement(t);
}
}
}
catch (Exception ex)
{
ec.addElement(new PRE(ex.getMessage()));
}
return ec;
}
protected Element concept2(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement(makeUsername(s));
String userInput = s.getParser().getRawParameter(USERNAME, "");
if (!userInput.equals(""))
{
String[] arrSQL = userInput.split(";");
if (arrSQL.length == 2)
{
if (userInput.toUpperCase().indexOf("CREATE TRIGGER") != 0)
{
makeSuccess(s);
}
}
}
return ec;
}
public String getInstructions(WebSession s)
{
String instructions = "";
if (!getLessonTracker(s).getCompleted())
{
switch (getStage(s))
{
case 1:
instructions = "Stage " + getStage(s)
+ ": Use String SQL Injection to execute more than one SQL Statement. ";
instructions = instructions
+ " The first stage of this lesson is to teach you how to use a vulnerable field to create two SQL ";
instructions = instructions
+ " statements. The first is the system's while the second is totally yours.";
instructions = instructions
+ " Your account ID is 101. This page allows you to see your password, ssn and salary.";
instructions = instructions
+ " Try to inject another update to update salary to something higher";
break;
case 2:
instructions = "Stage " + getStage(s)
+ ": Use String SQL Injection to inject a backdoor. ";
instructions = instructions
+ " The second stage of this lesson is to teach you how to use a vulneable fields to inject the DB work or the backdoor.";
instructions = instructions
+ " Now try to use the same technique to inject a trigger that would act as ";
instructions = instructions + " SQL backdoor, the syntax of a trigger is: <br>";
instructions = instructions
+ " CREATE TRIGGER myBackDoor BEFORE INSERT ON employee FOR EACH ROW BEGIN UPDATE employee SET email='john@hackme.com'WHERE userid = NEW.userid<br>";
instructions = instructions
+ " Note that nothing will actually be executed because the current underlying DB doesn't support triggers.";
break;
}
}
ResultSet rs = statement.executeQuery(arrSQL[0]);
if (rs.next())
return instructions;
}
protected Element makeUsername(WebSession s)
{
ElementContainer ec = new ElementContainer();
StringBuffer script = new StringBuffer();
script.append("<STYLE TYPE=\"text/css\"> ");
script.append(".blocklabel { margin-top: 8pt; }");
script.append(".myClass { color:red;");
script.append(" font-weight: bold;");
script.append("padding-left: 1px;");
script.append("padding-right: 1px;");
script.append("background: #DDDDDD;");
script.append("border: thin black solid; }");
script.append("LI { margin-top: 10pt; }");
script.append("</STYLE>");
ec.addElement(new StringElement(script.toString()));
ec.addElement(new StringElement("User ID: "));
Input username = new Input(Input.TEXT, "username", "");
ec.addElement(username);
String userInput = s.getParser().getRawParameter("username", "");
ec.addElement(new BR());
ec.addElement(new BR());
String formattedInput = "<span class='myClass'>" + userInput + "</span>";
ec.addElement(new Div(SELECT_ST + formattedInput));
Input b = new Input();
b.setName("Submit");
b.setType(Input.SUBMIT);
b.setValue("Submit");
ec.addElement(new PRE(b));
return ec;
}
public static synchronized Connection getConnection(WebSession s) throws SQLException,
ClassNotFoundException
{
if (connection == null)
{
Table t = new Table(0).setCellSpacing(0).setCellPadding(0)
.setBorder(1);
TR tr = new TR();
tr.addElement(new TD("User ID"));
tr.addElement(new TD("Password"));
tr.addElement(new TD("SSN"));
tr.addElement(new TD("Salary"));
t.addElement(tr);
tr = new TR();
tr.addElement(new TD(rs.getString("userid")));
tr.addElement(new TD(rs.getString("password")));
tr.addElement(new TD(rs.getString("ssn")));
tr.addElement(new TD(rs.getString("salary")));
t.addElement(tr);
ec.addElement(t);
connection = DatabaseUtilities.getConnection(s);
}
}
return connection;
}
catch (Exception ex)
public Element getCredits()
{
ec.addElement(new PRE(ex.getMessage()));
return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
}
return ec;
}
protected Element concept2(WebSession s) throws Exception
{
ElementContainer ec = new ElementContainer();
ec.addElement(makeUsername(s));
String userInput = s.getParser().getRawParameter(USERNAME, "");
if (!userInput.equals(""))
protected List<String> getHints(WebSession s)
{
String[] arrSQL = userInput.split(";");
if (arrSQL.length == 2)
{
if (userInput.toUpperCase().indexOf("CREATE TRIGGER") != 0)
{
makeSuccess(s);
}
}
List<String> hints = new ArrayList<String>();
hints.add("Your user id is 101. Use it to see your information");
hints.add("A semi-colon usually ends a SQL statement and starts a new one.");
hints.add("Try this 101 or 1=1; update employee set salary=100000");
hints.add("For stage 2, Try 101; CREATE TRIGGER myBackDoor BEFORE INSERT ON " +
"employee FOR EACH ROW BEGIN UPDATE employee SET email='john@hackme.com' WHERE userid = NEW.userid");
return hints;
}
return ec;
}
public String getInstructions(WebSession s)
{
String instructions = "";
if (!getLessonTracker(s).getCompleted())
protected Category getDefaultCategory()
{
switch (getStage(s))
{
case 1:
instructions = "Stage "
+ getStage(s)
+ ": Use String SQL Injection to execute more than one SQL Statement. ";
instructions = instructions
+ " The first stage of this lesson is to teach you how to use a vulnerable field to create two SQL ";
instructions = instructions
+ " statements. The first is the system's while the second is totally yours.";
instructions = instructions
+ " Your account ID is 101. This page allows you to see your password, ssn and salary.";
instructions = instructions
+ " Try to inject another update to update salary to something higher";
break;
case 2:
instructions = "Stage "
+ getStage(s)
+ ": Use String SQL Injection to inject a backdoor. ";
instructions = instructions
+ " The second stage of this lesson is to teach you how to use a vulneable fields to inject the DB work or the backdoor.";
instructions = instructions
+ " Now try to use the same technique to inject a trigger that would act as ";
instructions = instructions
+ " SQL backdoor, the syntax of a trigger is: <br>";
instructions = instructions
+ " CREATE TRIGGER myBackDoor BEFORE INSERT ON employee FOR EACH ROW BEGIN UPDATE employee SET email='john@hackme.com'WHERE userid = NEW.userid<br>";
instructions = instructions
+ " Note that nothing will actually be executed because the current underlying DB doesn't support triggers.";
break;
}
return Category.A6;
}
return instructions;
}
protected Element makeUsername(WebSession s)
{
ElementContainer ec = new ElementContainer();
StringBuffer script = new StringBuffer();
script.append("<STYLE TYPE=\"text/css\"> ");
script.append(".blocklabel { margin-top: 8pt; }");
script.append(".myClass { color:red;");
script.append(" font-weight: bold;");
script.append("padding-left: 1px;");
script.append("padding-right: 1px;");
script.append("background: #DDDDDD;");
script.append("border: thin black solid; }");
script.append("LI { margin-top: 10pt; }");
script.append("</STYLE>");
ec.addElement(new StringElement(script.toString()));
ec.addElement(new StringElement("User ID: "));
Input username = new Input(Input.TEXT, "username", "");
ec.addElement(username);
String userInput = s.getParser().getRawParameter("username", "");
ec.addElement(new BR());
ec.addElement(new BR());
String formattedInput = "<span class='myClass'>" + userInput
+ "</span>";
ec.addElement(new Div(SELECT_ST + formattedInput));
Input b = new Input();
b.setName("Submit");
b.setType(Input.SUBMIT);
b.setValue("Submit");
ec.addElement(new PRE(b));
return ec;
}
public static synchronized Connection getConnection(WebSession s)
throws SQLException, ClassNotFoundException
{
if (connection == null)
protected Integer getDefaultRanking()
{
connection = DatabaseUtilities.getConnection(s);
return DEFAULT_RANKING;
}
return connection;
}
public Element getCredits()
{
return super.getCustomCredits("Created by Sherif Koussa ", MAC_LOGO);
}
protected List<String> getHints(WebSession s)
{
List<String> hints = new ArrayList<String>();
hints.add("Your user id is 101. Use it to see your information");
hints
.add("A semi-colon usually ends a SQL statement and starts a new one.");
hints.add("Try this 101; update employee set salary=100000");
hints
.add("For stage 2, Try 101; CREATE TRIGGER myBackDoor BEFORE INSERT ON customers FOR EACH ROW BEGIN UPDATE customers SET email='john@hackme.com'WHERE userid = NEW.userid");
return hints;
}
protected Category getDefaultCategory()
{
return Category.A6;
}
protected Integer getDefaultRanking()
{
return DEFAULT_RANKING;
}
public String getTitle()
{
return ("How to Use Database Backdoors ");
}
public String getTitle()
{
return ("How to Use Database Backdoors ");
}
}

9
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BasicAuthentication.java
View File

@ -6,14 +6,11 @@ import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.A;
import org.apache.ecs.html.IMG;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
@ -51,8 +48,6 @@ import org.owasp.webgoat.session.WebSession;
*/
public class BasicAuthentication extends SequentialLessonAdapter
{
public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
private static final String EMPTY_STRING = "";
private static final String WEBGOAT_BASIC = "webgoat_basic";
@ -334,8 +329,4 @@ public class BasicAuthentication extends SequentialLessonAdapter
return ("Basic Authentication");
}
public Element getCredits()
{
return super.getCustomCredits("", ASPECT_LOGO);
}
}

134
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java
View File

@ -44,9 +44,11 @@ import org.owasp.webgoat.session.WebSession;
* for free software projects.
*
* For details, please see http://code.google.com/p/webgoat/
*
* @author Chuck Willis <a href="http://www.securityfoundry.com">Chuck's web site</a> (this lesson is heavily based on Jeff Williams' SQL Injection lesson
* @created January 14, 2005
*
* @author Chuck Willis <a href="http://www.securityfoundry.com">Chuck's web
* site</a> (this lesson is heavily based on Jeff Williams' SQL
* Injection lesson
* @created January 14, 2005
*/
public class BlindSqlInjection extends LessonAdapter
{
@ -57,12 +59,12 @@ public class BlindSqlInjection extends LessonAdapter
private static Connection connection = null;
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
* Description of the Method
*
* @param s
* Description of the Parameter
* @return Description of the Return Value
*/
protected Element createContent(WebSession s)
{
@ -77,66 +79,54 @@ public class BlindSqlInjection extends LessonAdapter
ec.addElement(new P().addElement("Enter your Account Number: "));
String accountNumber = s.getParser().getRawParameter(ACCT_NUM,
"101");
Input input = new Input(Input.TEXT, ACCT_NUM, accountNumber
.toString());
String accountNumber = s.getParser().getRawParameter(ACCT_NUM, "101");
Input input = new Input(Input.TEXT, ACCT_NUM, accountNumber.toString());
ec.addElement(input);
Element b = ECSFactory.makeButton("Go!");
ec.addElement(b);
String query = "SELECT * FROM user_data WHERE userid = "
+ accountNumber;
String query = "SELECT * FROM user_data WHERE userid = " + accountNumber;
String answer_query;
if (runningOnWindows())
{
answer_query = "SELECT TOP 1 first_name FROM user_data WHERE userid = "
+ TARGET_ACCT_NUM;
}
else
} else
{
answer_query = "SELECT first_name FROM user_data WHERE userid = "
+ TARGET_ACCT_NUM;
answer_query = "SELECT first_name FROM user_data WHERE userid = " + TARGET_ACCT_NUM;
}
try
{
Statement answer_statement = connection.createStatement(
ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement
.executeQuery(answer_query);
ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(answer_query);
answer_results.first();
if (accountNumber.toString()
.equals(answer_results.getString(1)))
System.out.println("Account: " + accountNumber );
System.out.println("Answer : " + answer_results.getString(1));
if (accountNumber.toString().equals(answer_results.getString(1)))
{
makeSuccess(s);
}
else
} else
{
Statement statement = connection.createStatement(
ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
ResultSet results = statement.executeQuery(query);
if ((results != null) && (results.first() == true))
{
ec.addElement(new P()
.addElement("Account number is valid"));
}
else
ec.addElement(new P().addElement("Account number is valid"));
} else
{
ec.addElement(new P()
.addElement("Invalid account number"));
ec.addElement(new P().addElement("Invalid account number"));
}
}
}
catch (SQLException sqle)
{
ec.addElement(new P()
.addElement("An error occurred, please try again."));
ec.addElement(new P().addElement("An error occurred, please try again."));
}
}
catch (Exception e)
@ -148,34 +138,31 @@ public class BlindSqlInjection extends LessonAdapter
return (ec);
}
/**
* Gets the category attribute of the SqlInjection object
*
* @return The category value
* Gets the category attribute of the SqlInjection object
*
* @return The category value
*/
protected Category getDefaultCategory()
{
return Category.A6;
}
/**
* Gets the credits attribute of the AbstractLesson object
*
* @return The credits value
* Gets the credits attribute of the AbstractLesson object
*
* @return The credits value
*/
public Element getCredits()
{
return new StringElement(
"By Chuck Willis");
return new StringElement("By Chuck Willis");
}
/**
*
* Determines the OS that WebGoat is running on. Needed because different DB backends
* are used on the different OSes (Access on Windows, InstantDB on others)
* Determines the OS that WebGoat is running on. Needed because different DB
* backends are used on the different OSes (Access on Windows, InstantDB on
* others)
*
* @return true if running on Windows, false otherwise
*/
@ -185,18 +172,16 @@ public class BlindSqlInjection extends LessonAdapter
if (os.toLowerCase().indexOf("window") != -1)
{
return true;
}
else
} else
{
return false;
}
}
/**
* Gets the hints attribute of the DatabaseFieldScreen object
*
* @return The hints value
* Gets the hints attribute of the DatabaseFieldScreen object
*
* @return The hints value
*/
protected List<String> getHints(WebSession s)
{
@ -210,9 +195,8 @@ public class BlindSqlInjection extends LessonAdapter
+ "down the character using > and <"
+ "<br><br>The backend database is Microsoft Access. Keep that in mind if you research SQL functions "
+ "on the Internet since different databases use some different functions and syntax.");
hints
.add("This is the code for the query being built and issued by WebGoat:<br><br> "
+ "\"SELECT * FROM user_data WHERE userid = \" + accountNumber ");
hints.add("This is the code for the query being built and issued by WebGoat:<br><br> "
+ "\"SELECT * FROM user_data WHERE userid = \" + accountNumber ");
hints
.add("The application is taking your input and inserting it at the end of a pre-formed SQL command. "
+ "You will need to make use of the following SQL functions: "
@ -239,8 +223,7 @@ public class BlindSqlInjection extends LessonAdapter
+ ") , 2 , 1) ) > 109 ); "
+ "<br><br>If you get back that account number is valid, then yes. If get back that the number is "
+ "invalid then answer is no.");
}
else
} else
{
hints
.add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. "
@ -250,9 +233,8 @@ public class BlindSqlInjection extends LessonAdapter
hints
.add("The database backend is InstantDB. Here is a reference guide : <a href=\"http://www.instantdb.com/doc/syntax.html\" target=\"_blank\">http://www.instantdb.com/doc/syntax.html</a>");
hints
.add("This is the code for the query being built and issued by WebGoat:<br><br> "
+ "\"SELECT * FROM user_data WHERE userid = \" + accountNumber ");
hints.add("This is the code for the query being built and issued by WebGoat:<br><br> "
+ "\"SELECT * FROM user_data WHERE userid = \" + accountNumber ");
hints
.add("THIS HINT IS FOR THE MS ACCESS DB. IT NEEDS TO BE ALTERED FOR THE INSTANTDB BACKEND. <br><br>The application is taking your input and inserting it at the end of a pre-formed SQL command. "
+ "You will need to make use of the following SQL functions: "
@ -283,11 +265,10 @@ public class BlindSqlInjection extends LessonAdapter
return hints;
}
/**
* Gets the instructions attribute of the SqlInjection object
*
* @return The instructions value
* Gets the instructions attribute of the SqlInjection object
*
* @return The instructions value
*/
public String getInstructions(WebSession s)
{
@ -297,35 +278,34 @@ public class BlindSqlInjection extends LessonAdapter
+ "<br><br>The goal is to find the value of "
+ "the first_name in table user_data for userid "
+ TARGET_ACCT_NUM
+ ". Put that name in the form to pass the lesson.";
+ ". Put the discovered name in the form to pass the lesson. Only the discovered name "
+ "should be put into the form field, paying close attention to the spelling and capitalization.";
return (instructions);
}
private final static Integer DEFAULT_RANKING = new Integer(70);
protected Integer getDefaultRanking()
{
return DEFAULT_RANKING;
}
/**
* Gets the title attribute of the DatabaseFieldScreen object
*
* @return The title value
* Gets the title attribute of the DatabaseFieldScreen object
*
* @return The title value
*/
public String getTitle()
{
return ("How to Perform Blind SQL Injection");
}
/**
* Constructor for the DatabaseFieldScreen object
*
* @param s Description of the Parameter
* Constructor for the DatabaseFieldScreen object
*
* @param s
* Description of the Parameter
*/
public void handleRequest(WebSession s)
{

1381
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java
View File

File diff suppressed because it is too large Load Diff

12
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CommandInjection.java
View File

@ -9,12 +9,9 @@ import java.util.StringTokenizer;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.A;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.HR;
import org.apache.ecs.html.IMG;
import org.apache.ecs.html.P;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.Exec;
@ -49,13 +46,11 @@ import org.owasp.webgoat.util.ExecResults;
*
* For details, please see http://code.google.com/p/webgoat/
*
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
public class CommandInjection extends LessonAdapter
{
public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
private final static String HELP_FILE = "HelpFile";
private String osName = System.getProperty("os.name");
@ -355,9 +350,4 @@ public class CommandInjection extends LessonAdapter
{
return "How to Perform Command Injection";
}
public Element getCredits()
{
return super.getCustomCredits("", ASPECT_LOGO);
}
}

12
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java
View File

@ -6,10 +6,9 @@ import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.A;
import org.apache.ecs.html.IMG;
import org.apache.ecs.html.Input;
import org.owasp.webgoat.session.*;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
/*******************************************************************************
*
@ -45,8 +44,6 @@ import org.owasp.webgoat.session.*;
*/
public class HttpBasics extends LessonAdapter
{
public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
private final static String PERSON = "person";
@ -135,9 +132,4 @@ public class HttpBasics extends LessonAdapter
{
return ("Http Basics");
}
public Element getCredits()
{
return super.getCustomCredits("", ASPECT_LOGO);
}
}

12
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LessonAdapter.java
View File

@ -53,9 +53,6 @@ import org.owasp.webgoat.session.WebSession;
public abstract class LessonAdapter extends AbstractLesson
{
final static IMG WEBGOAT_LOGO = new IMG("images/logos/WebGoat.jpg").setAlt(
"WebGoat Logo").setBorder(0).setHspace(0).setVspace(0);
/**
* Description of the Method
@ -174,14 +171,7 @@ public abstract class LessonAdapter extends AbstractLesson
*/
public Element getCredits()
{
if (getClass().getResource("images/logos/WebGoat.jpg") != null)
{
return getCustomCredits("Presented by&nbsp;", WEBGOAT_LOGO);
}
else
{
return new StringElement();
}
return new StringElement();
}

8
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java
View File

@ -6,12 +6,10 @@ import java.util.regex.Pattern;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.A;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Center;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.HR;
import org.apache.ecs.html.IMG;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TH;
@ -56,8 +54,6 @@ import org.owasp.webgoat.util.HtmlEncoder;
public class ReflectedXSS extends LessonAdapter
{
public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
/**
* Description of the Method
*
@ -295,8 +291,4 @@ public class ReflectedXSS extends LessonAdapter
return "How to Perform Reflected Cross Site Scripting (XSS) Attacks";
}
public Element getCredits()
{
return super.getCustomCredits("", ASPECT_LOGO);
}
}

4
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
View File

@ -52,11 +52,11 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
{
private final static Integer DEFAULT_RANKING = new Integer(125);
public final static String STAGE1 = "Break Functional Access Control";
public final static String STAGE1 = "Bypass Business Layer Access Control";
public final static String STAGE2 = "Add Business Layer Access Control";
public final static String STAGE3 = "Break Data Layer Access Control";
public final static String STAGE3 = "Bypass Data Layer Access Control";
public final static String STAGE4 = "Add Data Layer Access Control";

8
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
View File

@ -14,9 +14,7 @@ import java.util.TreeMap;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.A;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.IMG;
import org.apache.ecs.html.Option;
import org.apache.ecs.html.P;
import org.apache.ecs.html.PRE;
@ -59,8 +57,6 @@ import org.owasp.webgoat.session.WebSession;
*/
public class SqlNumericInjection extends SequentialLessonAdapter
{
public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
private final static String STATION_ID = "station";
private static Connection connection = null;
@ -405,8 +401,4 @@ public class SqlNumericInjection extends SequentialLessonAdapter
}
}
public Element getCredits()
{
return super.getCustomCredits("", ASPECT_LOGO);
}
}

10
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/SqlStringInjection.java
View File

@ -11,9 +11,7 @@ import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.A;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.IMG;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.PRE;
@ -55,8 +53,6 @@ import org.owasp.webgoat.session.WebSession;
*/
public class SqlStringInjection extends SequentialLessonAdapter
{
public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
private final static String ACCT_NAME = "account_name";
private static Connection connection = null;
@ -320,9 +316,5 @@ public class SqlStringInjection extends SequentialLessonAdapter
e.printStackTrace(System.out);
}
}
public Element getCredits()
{
return super.getCustomCredits("", ASPECT_LOGO);
}
}

11
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
View File

@ -9,21 +9,18 @@ import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.A;
import org.apache.ecs.html.B;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Center;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.H3;
import org.apache.ecs.html.HR;
import org.apache.ecs.html.IMG;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TH;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.apache.ecs.html.TextArea;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
@ -62,8 +59,6 @@ import org.owasp.webgoat.session.WebSession;
public class UncheckedEmail extends LessonAdapter
{
public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
private final static String MESSAGE = "msg";
private final static String TO = "to";
@ -264,9 +259,5 @@ public class UncheckedEmail extends LessonAdapter
{
return ("How to Exploit Unchecked Email");
}
public Element getCredits()
{
return super.getCustomCredits("", ASPECT_LOGO);
}
}

10
webgoat/main/project/JavaSource/org/owasp/webgoat/session/Course.java
View File

@ -403,6 +403,7 @@ public class Course
{
String absoluteFile = (String)fileItr.next();
String fileName = getFileName(absoluteFile);
//System.out.println("Course: looking at file: " + absoluteFile);
if(absoluteFile.endsWith(classFile))
{
@ -410,11 +411,18 @@ public class Course
lesson.setSourceFileName(absoluteFile);
}
if(absoluteFile.endsWith(".html") && className.endsWith(fileName))
if(absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html") && className.endsWith(fileName))
{
//System.out.println("DEBUG: setting lesson plan file " + absoluteFile + " for lesson " + lesson.getClass().getName());
//System.out.println("fileName: " + fileName + " == className: " + className );
lesson.setLessonPlanFileName(absoluteFile);
}
if(absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html") && className.endsWith(fileName))
{
System.out.println("DEBUG: setting lesson solution file " + absoluteFile + " for lesson " + lesson.getClass().getName());
System.out.println("fileName: " + fileName + " == className: " + className );
lesson.setLessonSolutionFileName(absoluteFile);
}
}
}
}

31
webgoat/main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java
View File

@ -459,6 +459,7 @@ public class CreateDB
+ "address1 VARCHAR(80)," + "address2 VARCHAR(80),"
+ "manager INT," + "start_date CHAR(8)," + "salary INT,"
+ "ccn VARCHAR(30)," + "ccn_limit INT,"
+ "email VARCHAR(30)," // reason for the recent write-up
+ "disciplined_date CHAR(8)," // date of write up, NA otherwise
+ "disciplined_notes VARCHAR(60)," // reason for the recent write-up
+ "personal_description VARCHAR(60)" // We can be rude here
@ -474,49 +475,49 @@ public class CreateDB
String insertData1 = "INSERT INTO employee VALUES (101, 'Larry', 'Stooge', '386-09-5451', 'larry',"
+ "'Technician','443-689-0192','9175 Guilford Rd','New York, NY', 102, 01012000,55000,'2578546969853547',"
+ "5000,010106,'Constantly harassing coworkers','Does not work well with others')";
+ "5000,'larry@stooges.com',010106,'Constantly harassing coworkers','Does not work well with others')";
String insertData2 = "INSERT INTO employee VALUES (102, 'Moe', 'Stooge', '936-18-4524','moe',"
+ "'CSO','443-938-5301', '3013 AMD Ave', 'New York, NY', 112, 03082003, 140000, 'NA', 0, 0101013, "
+ "'CSO','443-938-5301', '3013 AMD Ave', 'New York, NY', 112, 03082003, 140000, 'NA', 0, 'moe@stooges.com', 0101013, "
+ "'Hit Curly over head', 'Very dominating over Larry and Curly')";
String insertData3 = "INSERT INTO employee VALUES (103, 'Curly', 'Stooge', '961-08-0047','curly',"
+ "'Technician','410-667-6654', '1112 Crusoe Lane', 'New York, NY', 102, 02122001, 50000, 'NA', 0, 0101014, "
+ "'Technician','410-667-6654', '1112 Crusoe Lane', 'New York, NY', 102, 02122001, 50000, 'NA', 0, 'curly@stooges.com', 0101014, "
+ "'Hit Moe back', 'Owes three-thousand to company for fradulent purchases')";
String insertData4 = "INSERT INTO employee VALUES (104, 'Eric', 'Walker', '445-66-5565','eric',"
+ "'Engineer','410-887-1193', '1160 Prescott Rd', 'New York, NY', 107, 12152005, 13000, 'NA', 0, 0101013, "
+ "'Engineer','410-887-1193', '1160 Prescott Rd', 'New York, NY', 107, 12152005, 13000, 'NA', 0, 'eric@modelsrus.com',0101013, "
+ "'Bothering Larry about webgoat problems', 'Late. Always needs help. Too intern-ish.')";
String insertData5 = "INSERT INTO employee VALUES (105, 'Tom', 'Cat', '792-14-6364','tom',"
+ "'Engineer','443-599-0762', '2211 HyperThread Rd.', 'New York, NY', 106, 01011999, 80000, '5481360857968521', 30000, 0, "
+ "'Engineer','443-599-0762', '2211 HyperThread Rd.', 'New York, NY', 106, 01011999, 80000, '5481360857968521', 30000, 'tom@wb.com', 0, "
+ "'NA', 'Co-Owner.')";
String insertData6 = "INSERT INTO employee VALUES (106, 'Jerry', 'Mouse', '858-55-4452','jerry',"
+ "'Human Resources','443-699-3366', '3011 Unix Drive', 'New York, NY', 102, 01011999, 70000, '6981754825013564', 20000, 0, "
+ "'Human Resources','443-699-3366', '3011 Unix Drive', 'New York, NY', 102, 01011999, 70000, '6981754825013564', 20000, 'jerry@wb.com', 0, "
+ "'NA', 'Co-Owner.')";
String insertData7 = "INSERT INTO employee VALUES (107, 'David', 'Giambi', '439-20-9405','david',"
+ "'Human Resources','610-521-8413', '5132 DIMM Avenue', 'New York, NY', 102, 05011999, 100000, '6981754825018101', 10000, 061402, "
+ "'Human Resources','610-521-8413', '5132 DIMM Avenue', 'New York, NY', 102, 05011999, 100000, '6981754825018101', 10000, 'david@modelsrus.com', 061402, "
+ "'Hacked into accounting server. Modified personal pay.', 'Strong work habbit. Questionable ethics.')";
String insertData8 = "INSERT INTO employee VALUES (108, 'Bruce', 'McGuirre', '707-95-9482','bruce',"
+ "'Engineer','610-282-1103', '8899 FreeBSD Drive<script>alert(document.cookie)</script> ', 'New York, NY', 107, 03012000, 110000, '6981754825854136', 30000, 061502, "
+ "'Engineer','610-282-1103', '8899 FreeBSD Drive<script>alert(document.cookie)</script> ', 'New York, NY', 107, 03012000, 110000, '6981754825854136', 30000, 'bruce@modelsrus.com', 061502, "
+ "'Tortuous Boot Camp workout at 5am. Employees felt sick.', 'Enjoys watching others struggle in exercises.')";
String insertData9 = "INSERT INTO employee VALUES (109, 'Sean', 'Livingston', '136-55-1046','sean',"
+ "'Engineer','610-878-9549', '6422 dFlyBSD Road', 'New York, NY', 107, 06012003, 130000, '6981754825014510', 5000, 072804, "
+ "'Engineer','610-878-9549', '6422 dFlyBSD Road', 'New York, NY', 107, 06012003, 130000, '6981754825014510', 5000, 'sean@modelsrus.com', 072804, "
+ "'Late to work 30 days in row due to excessive Halo 2', 'Has some fascination with Steelers. Go Ravens.')";
String insertData10 = "INSERT INTO employee VALUES (110, 'Joanne', 'McDougal', '789-54-2413','joanne',"
+ "'Human Resources','610-213-6341', '5567 Broadband Lane', 'New York, NY', 106, 01012001, 90000, '6981754825081054', 300, 112005, "
+ "'Human Resources','610-213-6341', '5567 Broadband Lane', 'New York, NY', 106, 01012001, 90000, '6981754825081054', 300, 'joanne@modelsrus.com', 112005, "
+ "'Used company cc to purchase new car. Limit adjusted.', 'Finds it necessary to leave early every day.')";
String insertData11 = "INSERT INTO employee VALUES (111, 'John', 'Wayne', '129-69-4572', 'john',"
+ "'CTO','610-213-1134', '129 Third St', 'New York, NY', 112, 01012001, 200000, '4437334565679921', 300, 112005, "
+ "'CTO','610-213-1134', '129 Third St', 'New York, NY', 112, 01012001, 200000, '4437334565679921', 300, 'john@guns.com', 112005, "
+ "'', '')";
String insertData12 = "INSERT INTO employee VALUES (112, 'Neville', 'Bartholomew', '111-111-1111', 'socks',"
+ "'CEO','408-587-0024', '1 Corporate Headquarters', 'San Jose, CA', 112, 03012000, 450000, '4803389267684109', 300, 112005, "
+ "'CEO','408-587-0024', '1 Corporate Headquarters', 'San Jose, CA', 112, 03012000, 450000, '4803389267684109', 300000, 'neville@modelsrus.com', 112005, "
+ "'', '')";
statement.executeUpdate(insertData1);
@ -660,6 +661,11 @@ public class CreateDB
String insertData27 = "INSERT INTO auth VALUES('"
+ AbstractLesson.USER_ROLE + "','" + WebSession.SHOWHINTS
+ "')";
// Add a permission for the webgoat role to see the solution.
// The challenge(s) will change the default role to "challenge"
String insertData28 = "INSERT INTO auth VALUES('"
+ AbstractLesson.USER_ROLE + "','" + WebSession.SHOWSOLUTION
+ "')";
statement.executeUpdate(insertData1);
statement.executeUpdate(insertData2);
@ -696,6 +702,7 @@ public class CreateDB
statement.executeUpdate(insertData25_2);
statement.executeUpdate(insertData26);
statement.executeUpdate(insertData27);
statement.executeUpdate(insertData28);
}

16
webgoat/main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java
View File

@ -56,6 +56,8 @@ public class LessonTracker
private boolean viewedSource = false;
private boolean viewedSolution = false;
Properties lessonProperties = new Properties();
@ -147,6 +149,11 @@ public class LessonTracker
}
public boolean getViewedSolution()
{
return viewedSource;
}
/**
* Description of the Method
*/
@ -327,6 +334,15 @@ public class LessonTracker
this.viewedSource = viewedSource;
}
/**
* Sets the viewedSource attribute of the LessonTracker object
*
* @param viewedSource The new viewedSource value
*/
public void setViewedSolution(boolean viewedSolution)
{
this.viewedSolution = viewedSolution;
}
/**
* Allows the storing of properties for the logged in and a screen.

24
webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java
View File

@ -125,6 +125,8 @@ public class WebSession
public final static String SHOWSOURCE = "ShowSource";
public final static String SHOWSOLUTION = "ShowSolution";
public final static String SHOWHINTS = "ShowHints";
public final static String SHOW = "show";
@ -139,6 +141,8 @@ public class WebSession
public final static String SHOW_SOURCE = "Source";
public final static String SHOW_SOLUTION = "Solution";
public final static String DEBUG = "debug";
/**
@ -189,6 +193,8 @@ public class WebSession
private boolean showSource = false;
private boolean showSolution = false;
private boolean completedHackableAdmin = false;
private int currentMenu;
@ -206,6 +212,7 @@ public class WebSession
showParams = webgoatContext.isShowParams();
showCookies = webgoatContext.isShowCookies();
showSource = webgoatContext.isShowSource();
showSolution = webgoatContext.isShowSolution();
showRequest = webgoatContext.isShowRequest();
this.context = context;
course = new Course();
@ -489,6 +496,12 @@ public class WebSession
//return getCurrentLesson().getSource(this);
}
public String getSolution()
{
return "Sorry. No solution is available.";
//return getCurrentLesson().getSolution(this);
}
public String getInstructions()
{
return getCurrentLesson().getInstructions(this);
@ -761,6 +774,11 @@ public class WebSession
return ( showSource );
}
public boolean showSolution()
{
return ( showSolution );
}
/**
* Gets the userName attribute of the WebSession object
*
@ -913,6 +931,11 @@ public class WebSession
content = getSource();
//showSource = true;
}
else if ( showCommand.equalsIgnoreCase( SHOW_SOLUTION ) )
{
content = getSolution();
//showSource = true;
}
else if ( showCommand.equalsIgnoreCase( SHOW_NEXTHINT ) )
{
getNextHint();
@ -937,6 +960,7 @@ public class WebSession
// System.out.println( "showParams:" + showParams );
// System.out.println( "showSource:" + showSource );
// System.out.println( "showSolution:" + showSolution );
// System.out.println( "showCookies:" + showCookies );
// System.out.println( "showRequest:" + showRequest );

9
webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java
View File

@ -24,6 +24,8 @@ public class WebgoatContext {
public final static String SHOWSOURCE = "ShowSource";
public final static String SHOWSOLUTION = "ShowSolution";
public final static String SHOWHINTS = "ShowHints";
public final static String DEFUSEOSCOMMANDS = "DefuseOSCommands";
@ -50,6 +52,8 @@ public class WebgoatContext {
private boolean showSource = false;
private boolean showSolution = false;
private boolean defuseOSCommands = false;
private boolean enterprise = false;
@ -76,6 +80,7 @@ public class WebgoatContext {
showParams = "true".equals( servlet.getInitParameter( SHOWPARAMS ) );
showCookies = "true".equals( servlet.getInitParameter( SHOWCOOKIES ) );
showSource = "true".equals( servlet.getInitParameter( SHOWSOURCE ) );
showSolution = "true".equals( servlet.getInitParameter( SHOWSOLUTION ) );
defuseOSCommands = "true".equals( servlet.getInitParameter( DEFUSEOSCOMMANDS ) );
enterprise = "true".equals( servlet.getInitParameter( ENTERPRISE ) );
codingExercises = "true".equals( servlet.getInitParameter( CODING_EXERCISES ) );
@ -178,4 +183,8 @@ public class WebgoatContext {
return showSource;
}
public boolean isShowSolution() {
return showSolution;
}
}