f27dae0773
git-svn-id: http://webgoat.googlecode.com/svn/trunk@250 4033779f-a91e-0410-96ef-6bf7bf53c507
227 lines
5.2 KiB
Transact-SQL
227 lines
5.2 KiB
Transact-SQL
EXEC sp_configure 'clr enabled', 1
|
|
GO
|
|
|
|
RECONFIGURE
|
|
GO
|
|
|
|
USE master;
|
|
|
|
go
|
|
|
|
DROP LOGIN webgoat_guest;
|
|
|
|
go
|
|
|
|
DROP database webgoat;
|
|
|
|
go
|
|
|
|
|
|
CREATE database webgoat;
|
|
|
|
go
|
|
|
|
USE webgoat;
|
|
|
|
go
|
|
|
|
CREATE SCHEMA webgoat_guest;
|
|
|
|
go
|
|
|
|
CREATE LOGIN webgoat_guest with password = '_webgoat';
|
|
|
|
go
|
|
|
|
CREATE USER webgoat_guest with default_schema = webgoat_guest;
|
|
|
|
go
|
|
|
|
GRANT CONTROL TO webgoat_guest;
|
|
|
|
go
|
|
|
|
|
|
CREATE TABLE WEBGOAT_guest.EMPLOYEE (
|
|
userid INT NOT NULL PRIMARY KEY,
|
|
first_name VARCHAR(20),
|
|
last_name VARCHAR(20),
|
|
ssn VARCHAR(12),
|
|
password VARCHAR(10),
|
|
title VARCHAR(20),
|
|
phone VARCHAR(13),
|
|
address1 VARCHAR(80),
|
|
address2 VARCHAR(80),
|
|
manager INT,
|
|
start_date CHAR(8),
|
|
salary INT,
|
|
ccn VARCHAR(30),
|
|
ccn_limit INT,
|
|
disciplined_date CHAR(8),
|
|
disciplined_notes VARCHAR(60),
|
|
personal_description VARCHAR(60)
|
|
);
|
|
|
|
go
|
|
|
|
IF EXISTS
|
|
(
|
|
SELECT 1
|
|
FROM INFORMATION_SCHEMA.ROUTINES
|
|
WHERE ROUTINE_NAME = 'UPDATE_EMPLOYEE'
|
|
AND ROUTINE_SCHEMA = 'webgoat_guest'
|
|
AND ROUTINE_TYPE = 'PROCEDURE'
|
|
)
|
|
BEGIN
|
|
DROP PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
|
|
DROP PROCEDURE webgoat_guest.UPDATE_EMPLOYEE_BACKUP
|
|
END
|
|
GO
|
|
|
|
CREATE PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
|
|
@v_userid INT,
|
|
@v_first_name VARCHAR(20),
|
|
@v_last_name VARCHAR(20),
|
|
@v_ssn VARCHAR(12),
|
|
@v_title VARCHAR(20),
|
|
@v_phone VARCHAR(13),
|
|
@v_address1 VARCHAR(80),
|
|
@v_address2 VARCHAR(80),
|
|
@v_manager INT,
|
|
@v_start_date CHAR(8),
|
|
@v_salary INT,
|
|
@v_ccn VARCHAR(30),
|
|
@v_ccn_limit INT,
|
|
@v_disciplined_date CHAR(8),
|
|
@v_disciplined_notes VARCHAR(60),
|
|
@v_personal_description VARCHAR(60)
|
|
AS
|
|
UPDATE EMPLOYEE
|
|
SET
|
|
first_name = @v_first_name,
|
|
last_name = @v_last_name,
|
|
ssn = @v_ssn,
|
|
title = @v_title,
|
|
phone = @v_phone,
|
|
address1 = @v_address1,
|
|
address2 = @v_address2,
|
|
manager = @v_manager,
|
|
start_date = @v_Start_date,
|
|
salary = @v_salary,
|
|
ccn = @v_ccn,
|
|
ccn_limit = @v_ccn_limit,
|
|
disciplined_date = @v_disciplined_date,
|
|
disciplined_notes = @v_disciplined_notes,
|
|
personal_description = @v_personal_description
|
|
WHERE
|
|
userid = @v_userid;
|
|
|
|
go
|
|
|
|
CREATE PROCEDURE webgoat_guest.UPDATE_EMPLOYEE_BACKUP
|
|
@v_userid INT,
|
|
@v_first_name VARCHAR(20),
|
|
@v_last_name VARCHAR(20),
|
|
@v_ssn VARCHAR(12),
|
|
@v_title VARCHAR(20),
|
|
@v_phone VARCHAR(13),
|
|
@v_address1 VARCHAR(80),
|
|
@v_address2 VARCHAR(80),
|
|
@v_manager INT,
|
|
@v_start_date CHAR(8),
|
|
@v_salary INT,
|
|
@v_ccn VARCHAR(30),
|
|
@v_ccn_limit INT,
|
|
@v_disciplined_date CHAR(8),
|
|
@v_disciplined_notes VARCHAR(60),
|
|
@v_personal_description VARCHAR(60)
|
|
AS
|
|
UPDATE EMPLOYEE
|
|
SET
|
|
first_name = @v_first_name,
|
|
last_name = @v_last_name,
|
|
ssn = @v_ssn,
|
|
title = @v_title,
|
|
phone = @v_phone,
|
|
address1 = @v_address1,
|
|
address2 = @v_address2,
|
|
manager = @v_manager,
|
|
start_date = @v_Start_date,
|
|
salary = @v_salary,
|
|
ccn = @v_ccn,
|
|
ccn_limit = @v_ccn_limit,
|
|
disciplined_date = @v_disciplined_date,
|
|
disciplined_notes = @v_disciplined_notes,
|
|
personal_description = @v_personal_description
|
|
WHERE
|
|
userid = @v_userid;
|
|
|
|
go
|
|
|
|
IF EXISTS
|
|
(
|
|
SELECT 1
|
|
FROM INFORMATION_SCHEMA.ROUTINES
|
|
WHERE ROUTINE_NAME = 'EMPLOYEE_LOGIN'
|
|
AND ROUTINE_SCHEMA = 'webgoat_guest'
|
|
AND ROUTINE_TYPE = 'FUNCTION'
|
|
)
|
|
BEGIN
|
|
DROP FUNCTION webgoat_guest.EMPLOYEE_LOGIN
|
|
DROP FUNCTION webgoat_guest.EMPLOYEE_LOGIN_BACKUP
|
|
END
|
|
GO
|
|
|
|
CREATE FUNCTION webgoat_guest.EMPLOYEE_LOGIN (
|
|
@v_id INT,
|
|
@v_password VARCHAR(100)
|
|
) RETURNS INTEGER
|
|
AS
|
|
BEGIN
|
|
DECLARE @sql nvarchar(4000), @count int
|
|
SELECT @sql = N'SELECT @cnt = COUNT(*) FROM EMPLOYEE WHERE USERID = ' + convert(varchar(10),@v_id) + N' AND PASSWORD = ''' + @v_password + N'''';
|
|
EXEC sp_executesql @sql, N'@cnt int OUTPUT', @cnt = @count OUTPUT
|
|
return @count
|
|
END
|
|
GO
|
|
|
|
CREATE FUNCTION webgoat_guest.EMPLOYEE_LOGIN_BACKUP (
|
|
@v_id INT,
|
|
@v_password VARCHAR(100)
|
|
) RETURNS INTEGER
|
|
AS
|
|
BEGIN
|
|
DECLARE @sql nvarchar(4000), @count int
|
|
SELECT @sql = N'SELECT @cnt = COUNT(*) FROM EMPLOYEE WHERE USERID = ' + convert(varchar(10),@v_id) + N' AND PASSWORD = ''' + @v_password + N'''';
|
|
EXEC sp_executesql @sql, N'@cnt int OUTPUT', @cnt = @count OUTPUT
|
|
return @count
|
|
END
|
|
GO
|
|
|
|
IF EXISTS
|
|
(
|
|
SELECT 1
|
|
FROM INFORMATION_SCHEMA.ROUTINES
|
|
WHERE ROUTINE_NAME = 'RegexMatch'
|
|
AND ROUTINE_SCHEMA = 'webgoat_guest'
|
|
AND ROUTINE_TYPE = 'FUNCTION'
|
|
)
|
|
BEGIN
|
|
DROP FUNCTION webgoat_guest.RegexMatch
|
|
END
|
|
GO
|
|
|
|
IF EXISTS (SELECT name FROM sys.assemblies WHERE name = N'RegexMatch')
|
|
DROP ASSEMBLY RegexMatch;
|
|
GO
|
|
|
|
CREATE ASSEMBLY RegexMatch FROM 'C:\AspectClass\Database\Labs\project\WebContent\WEB-INF\RegexMatch.dll' WITH PERMISSION_SET = SAFE;
|
|
GO
|
|
|
|
CREATE FUNCTION webgoat_guest.RegexMatch (
|
|
@input NVARCHAR(MAX),
|
|
@pattern NVARCHAR(MAX)
|
|
) RETURNS BIT
|
|
AS EXTERNAL NAME RegexMatch.[UserDefinedFunctions].RegexMatch;
|
|
GO
|