dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added some files required to build OWASP release.

Browse Source 
Modified License text and format to reflect GPL license.
Reformatted most of the code.

git-svn-id: http://webgoat.googlecode.com/svn/trunk@60 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2007-01-16 14:56:40 +00:00
parent 036964495b
commit fd9b60f98e
110 changed files with 23099 additions and 17996 deletions
Download Patch File Download Diff File Expand all files Collapse all files

295
webgoat/main/project/JavaSource/org/owasp/webgoat/LessonSource.java
View File

@ -13,11 +13,34 @@ import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.WebSession;
/**
* Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
* Application Security Project (http://www.owasp.org) This software package is published by OWASP
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
* this software.
/*******************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository
* for free software projects.
*
* For details, please see http://code.google.com/p/webgoat/
*
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
@ -25,147 +48,153 @@ import org.owasp.webgoat.session.WebSession;
public class LessonSource extends HammerHead
{
/**
* Description of the Field
*/
//protected WebSession tempSession;
public final static String START_SOURCE_SKIP = "START_OMIT_SOURCE";
public final static String END_SOURCE_SKIP = "END_OMIT_SOURCE";
/**
* Description of the Field
*/
public final static String START_SOURCE_SKIP = "START_OMIT_SOURCE";
/**
* Description of the Method
*
* @param request Description of the Parameter
* @param response Description of the Parameter
* @exception IOException Description of the Exception
* @exception ServletException Description of the Exception
*/
public void doPost( HttpServletRequest request, HttpServletResponse response ) throws IOException, ServletException
public final static String END_SOURCE_SKIP = "END_OMIT_SOURCE";
/**
* Description of the Method
*
* @param request Description of the Parameter
* @param response Description of the Parameter
* @exception IOException Description of the Exception
* @exception ServletException Description of the Exception
*/
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
String source = null;
try
{
String source = null;
//System.out.println( "Entering doPost: " );
//System.out.println( " - request " + request);
//System.out.println( " - principle: " + request.getUserPrincipal() );
//setCacheHeaders(response, 0);
WebSession session = (WebSession) request.getSession(true)
.getAttribute(WebSession.SESSION);
session.update(request, response, this.getServletName()); // FIXME: Too much in this call.
try
{
//System.out.println( "Entering doPost: " );
//System.out.println( " - request " + request);
//System.out.println( " - principle: " + request.getUserPrincipal() );
//setCacheHeaders(response, 0);
WebSession session = (WebSession) request.getSession( true ).getAttribute( WebSession.SESSION );
session.update(request, response, this.getServletName()); // FIXME: Too much in this call.
// Get the Java source of the lesson. FIXME: Not needed
source = getSource( session );
int scr = session.getCurrentScreen();
Course course = session.getCourse();
AbstractLesson lesson = course.getLesson( session, scr, AbstractLesson.USER_ROLE );
lesson.getLessonTracker( session ).setViewedSource(true);
}
catch ( Throwable t )
{
t.printStackTrace();
log( "ERROR: " + t );
}
finally
{
try
{
this.writeSource(source, response );
}
catch ( Throwable thr )
{
thr.printStackTrace();
log( request, "Could not write error screen: " + thr.getMessage() );
}
//System.out.println( "Leaving doPost: " );
// Get the Java source of the lesson. FIXME: Not needed
source = getSource(session);
}
int scr = session.getCurrentScreen();
Course course = session.getCourse();
AbstractLesson lesson = course.getLesson(session, scr,
AbstractLesson.USER_ROLE);
lesson.getLessonTracker(session).setViewedSource(true);
}
protected WebSession updateSession_DELETEME( HttpServletRequest request, HttpServletResponse response, ServletContext context )
catch (Throwable t)
{
HttpSession hs;
hs = request.getSession( true );
//System.out.println( "Entering Session_id: " + hs.getId() );
// dumpSession( hs );
// Make a temporary session to avoid the concurreny issue
// in WebSession
WebSession session = new WebSession( this, context );
WebSession realSession = null;
Object o = hs.getAttribute( WebSession.SESSION );
if ( ( o != null ) && o instanceof WebSession )
{
realSession = (WebSession) o;
}
session.setCurrentScreen( realSession.getCurrentScreen());
session.setCourse( realSession.getCourse() );
session.setRequest( request );
// to authenticate
//System.out.println( "Leaving Session_id: " + hs.getId() );
//dumpSession( hs );
return ( session );
t.printStackTrace();
log("ERROR: " + t);
}
finally
{
try
{
this.writeSource(source, response);
}
catch (Throwable thr)
{
thr.printStackTrace();
log(request, "Could not write error screen: "
+ thr.getMessage());
}
//System.out.println( "Leaving doPost: " );
}
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
*/
protected String getSource( WebSession s )
protected WebSession updateSession_DELETEME(HttpServletRequest request,
HttpServletResponse response, ServletContext context)
{
HttpSession hs;
hs = request.getSession(true);
//System.out.println( "Entering Session_id: " + hs.getId() );
// dumpSession( hs );
// Make a temporary session to avoid the concurreny issue
// in WebSession
WebSession session = new WebSession(this, context);
WebSession realSession = null;
Object o = hs.getAttribute(WebSession.SESSION);
if ((o != null) && o instanceof WebSession)
{
realSession = (WebSession) o;
}
session.setCurrentScreen(realSession.getCurrentScreen());
session.setCourse(realSession.getCourse());
session.setRequest(request);
// to authenticate
//System.out.println( "Leaving Session_id: " + hs.getId() );
//dumpSession( hs );
return (session);
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
*/
protected String getSource(WebSession s)
{
String source = null;
int scr = s.getCurrentScreen();
Course course = s.getCourse();
if (s.isUser() || s.isChallenge())
{
String source = null;
int scr = s.getCurrentScreen();
Course course = s.getCourse();
AbstractLesson lesson = course.getLesson(s, scr,
AbstractLesson.USER_ROLE);
if ( s.isUser() || s.isChallenge() )
{
AbstractLesson lesson = course.getLesson( s, scr, AbstractLesson.USER_ROLE );
if ( lesson != null )
{
source = lesson.getSource(s);
}
}
if ( source == null )
{
return "Source code is not available. Contact webgoat@aspectsecurity.com";
}
return ( source.replaceAll("(?s)" + START_SOURCE_SKIP + ".*" + END_SOURCE_SKIP, "Code Section Deliberately Omitted") );
if (lesson != null)
{
source = lesson.getSource(s);
}
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @param response Description of the Parameter
* @exception IOException Description of the Exception
*/
protected void writeSource( String s, HttpServletResponse response ) throws IOException
if (source == null)
{
response.setContentType( "text/html" );
PrintWriter out = response.getWriter();
if ( s == null )
{
s = new String();
}
out.print(s);
out.close();
return "Source code is not available. Contact webgoat@aspectsecurity.com";
}
return (source.replaceAll("(?s)" + START_SOURCE_SKIP + ".*"
+ END_SOURCE_SKIP, "Code Section Deliberately Omitted"));
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @param response Description of the Parameter
* @exception IOException Description of the Exception
*/
protected void writeSource(String s, HttpServletResponse response)
throws IOException
{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
if (s == null)
{
s = new String();
}
out.print(s);
out.close();
}
}