b0b94c4688
divide by zero, inaccurate discount and totals, reflection of user input git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@273 4033779f-a91e-0410-96ef-6bf7bf53c507
199 lines
5.2 KiB
Java
Executable File
199 lines
5.2 KiB
Java
Executable File
package org.owasp.webgoat.session;
|
|
|
|
import java.util.Iterator;
|
|
|
|
import javax.servlet.http.HttpServlet;
|
|
|
|
public class WebgoatContext {
|
|
|
|
public final static String DATABASE_CONNECTION_STRING = "DatabaseConnectionString";
|
|
|
|
public final static String DATABASE_DRIVER = "DatabaseDriver";
|
|
|
|
public final static String DATABASE_USER = "DatabaseUser";
|
|
|
|
public final static String DATABASE_PASSWORD = "DatabasePassword";
|
|
|
|
public final static String ENTERPRISE = "Enterprise";
|
|
|
|
public final static String CODING_EXERCISES = "CodingExercises";
|
|
|
|
public final static String SHOWCOOKIES = "ShowCookies";
|
|
|
|
public final static String SHOWPARAMS = "ShowParams";
|
|
|
|
public final static String SHOWREQUEST = "ShowRequest";
|
|
|
|
public final static String SHOWSOURCE = "ShowSource";
|
|
|
|
public final static String SHOWSOLUTION = "ShowSolution";
|
|
|
|
public final static String SHOWHINTS = "ShowHints";
|
|
|
|
public final static String DEFUSEOSCOMMANDS = "DefuseOSCommands";
|
|
|
|
public final static String FEEDBACK_ADDRESS = "FeedbackAddress";
|
|
|
|
public final static String DEBUG = "debug";
|
|
|
|
private String databaseConnectionString;
|
|
|
|
private String realConnectionString = null;
|
|
|
|
private String databaseDriver;
|
|
|
|
private String databaseUser;
|
|
|
|
private String databasePassword;
|
|
|
|
private boolean showCookies = false;
|
|
|
|
private boolean showParams = false;
|
|
|
|
private boolean showRequest = false;
|
|
|
|
private boolean showSource = false;
|
|
|
|
private boolean showSolution = false;
|
|
|
|
private boolean defuseOSCommands = false;
|
|
|
|
private boolean enterprise = false;
|
|
|
|
private boolean codingExercises = false;
|
|
|
|
private String feedbackAddress = "<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>";
|
|
|
|
private boolean isDebug = false;
|
|
|
|
private String servletName;
|
|
|
|
private HttpServlet servlet;
|
|
|
|
public WebgoatContext(HttpServlet servlet) {
|
|
this.servlet = servlet;
|
|
databaseConnectionString = getParameter(servlet, DATABASE_CONNECTION_STRING);
|
|
databaseDriver = getParameter(servlet, DATABASE_DRIVER);
|
|
databaseUser = getParameter(servlet, DATABASE_USER);
|
|
databasePassword = getParameter(servlet, DATABASE_PASSWORD);
|
|
|
|
// initialize from web.xml
|
|
showParams = "true".equals( getParameter(servlet, SHOWPARAMS ) );
|
|
showCookies = "true".equals( getParameter(servlet, SHOWCOOKIES ) );
|
|
showSource = "true".equals( getParameter(servlet, SHOWSOURCE ) );
|
|
showSolution = "true".equals( getParameter( servlet, SHOWSOLUTION ) );
|
|
defuseOSCommands = "true".equals( getParameter(servlet, DEFUSEOSCOMMANDS ) );
|
|
enterprise = "true".equals( getParameter(servlet, ENTERPRISE ) );
|
|
codingExercises = "true".equals( getParameter(servlet, CODING_EXERCISES ) );
|
|
feedbackAddress = getParameter(servlet, FEEDBACK_ADDRESS ) != null ?
|
|
getParameter(servlet, FEEDBACK_ADDRESS ) : feedbackAddress;
|
|
showRequest = "true".equals( getParameter(servlet, SHOWREQUEST ) );
|
|
isDebug = "true".equals( getParameter(servlet, DEBUG ) );
|
|
servletName = servlet.getServletName();
|
|
|
|
}
|
|
|
|
private String getParameter(HttpServlet servlet, String key) {
|
|
String value = System.getenv().get(key);
|
|
if (value == null)
|
|
value = servlet.getInitParameter(key);
|
|
return value;
|
|
}
|
|
|
|
/**
|
|
* returns the connection string with the real path to the database
|
|
* directory inserted at the word PATH
|
|
*
|
|
* @return The databaseConnectionString value
|
|
*/
|
|
public String getDatabaseConnectionString() {
|
|
if (realConnectionString == null)
|
|
try {
|
|
String path = servlet.getServletContext().getRealPath(
|
|
"/database").replace('\\', '/');
|
|
System.out.println("PATH: " + path);
|
|
realConnectionString = databaseConnectionString.replaceAll(
|
|
"PATH", path);
|
|
System.out.println("Database Connection String: "
|
|
+ realConnectionString);
|
|
} catch (Exception e) {
|
|
System.out
|
|
.println("Couldn't open database: check web.xml database parameters");
|
|
e.printStackTrace();
|
|
}
|
|
return realConnectionString;
|
|
}
|
|
|
|
/**
|
|
* Gets the databaseDriver attribute of the WebSession object
|
|
*
|
|
* @return The databaseDriver value
|
|
*/
|
|
public String getDatabaseDriver() {
|
|
return (databaseDriver);
|
|
}
|
|
|
|
/**
|
|
* Gets the databaseUser attribute of the WebSession object
|
|
*
|
|
* @return The databaseUser value
|
|
*/
|
|
public String getDatabaseUser() {
|
|
return (databaseUser);
|
|
}
|
|
|
|
/**
|
|
* Gets the databasePassword attribute of the WebSession object
|
|
*
|
|
* @return The databasePassword value
|
|
*/
|
|
public String getDatabasePassword() {
|
|
return (databasePassword);
|
|
}
|
|
|
|
public boolean isDefuseOSCommands() {
|
|
return defuseOSCommands;
|
|
}
|
|
|
|
public boolean isEnterprise() {
|
|
return enterprise;
|
|
}
|
|
|
|
public boolean isCodingExercises() {
|
|
return codingExercises;
|
|
}
|
|
|
|
public String getFeedbackAddress() {
|
|
return feedbackAddress;
|
|
}
|
|
|
|
public boolean isDebug() {
|
|
return isDebug;
|
|
}
|
|
|
|
public String getServletName() {
|
|
return servletName;
|
|
}
|
|
|
|
public boolean isShowCookies() {
|
|
return showCookies;
|
|
}
|
|
|
|
public boolean isShowParams() {
|
|
return showParams;
|
|
}
|
|
|
|
public boolean isShowRequest() {
|
|
return showRequest;
|
|
}
|
|
|
|
public boolean isShowSource() {
|
|
return showSource;
|
|
}
|
|
|
|
public boolean isShowSolution() {
|
|
return showSolution;
|
|
}
|
|
|
|
}
|