Esempio n. 1
0
  /**
   * Description of the Method
   *
   * @param s Description of the Parameter
   * @param user Description of the Parameter
   * @param method Description of the Parameter
   * @return Description of the Return Value
   * @exception Exception Description of the Exception
   */
  protected Element makeUser(WebSession s, String user, String method) throws Exception {
    ElementContainer ec = new ElementContainer();
    ec.addElement(new P().addElement("Welcome, " + user));
    ec.addElement(new P().addElement("You have been authenticated with " + method));
    ec.addElement(new P().addElement(ECSFactory.makeLink("Logout", LOGOUT, true)));
    ec.addElement(new P().addElement(ECSFactory.makeLink("Refresh", "", "")));

    return (ec);
  }
Esempio n. 2
0
  /**
   * Description of the Method
   *
   * @param s Description of the Parameter
   * @return Description of the Return Value
   */
  protected Element makeInput(WebSession s) {
    Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
    TR row1 = new TR();
    TR row2 = new TR();
    row1.addElement(new TD(new StringElement(WebGoatI18N.get("Title") + ": ")));

    Input inputTitle = new Input(Input.TEXT, TITLE, "");
    row1.addElement(new TD(inputTitle));

    TD item1 = new TD();
    item1.setVAlign("TOP");
    item1.addElement(new StringElement(WebGoatI18N.get("Message") + ": "));
    row2.addElement(item1);

    TD item2 = new TD();
    TextArea ta = new TextArea(MESSAGE, 5, 60);
    item2.addElement(ta);
    row2.addElement(item2);
    t.addElement(row1);
    t.addElement(row2);

    Element b = ECSFactory.makeButton(WebGoatI18N.get("Submit"));
    ElementContainer ec = new ElementContainer();
    ec.addElement(t);
    ec.addElement(new P().addElement(b));

    return (ec);
  }
Esempio n. 3
0
  /**
   * Description of the Method
   *
   * @param s Description of the Parameter
   * @return Description of the Return Value
   */
  protected Element createContent(WebSession s) {
    ElementContainer ec = new ElementContainer();
    Element b = ECSFactory.makeButton("Start the Course!");
    ec.addElement(new Center(b));

    return (ec);
  }
Esempio n. 4
0
  /**
   * Description of the Method
   *
   * @param s Description of the Parameter
   * @return Description of the Return Value
   */
  protected Element makeLogin(WebSession s) {
    ElementContainer ec = new ElementContainer();

    ec.addElement(new H1().addElement("Sign In "));
    Table t =
        new Table()
            .setCellSpacing(0)
            .setCellPadding(2)
            .setBorder(0)
            .setWidth("90%")
            .setAlign("center");

    if (s.isColor()) {
      t.setBorder(1);
    }

    TR tr = new TR();
    tr.addElement(
        new TH()
            .addElement(
                "Please sign in to your account.  See the OWASP admin if you do not have an account.")
            .setColSpan(2)
            .setAlign("left"));
    t.addElement(tr);

    tr = new TR();
    tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
    t.addElement(tr);

    tr = new TR();
    tr.addElement(new TD().addElement(" ").setColSpan(2));
    t.addElement(tr);

    TR row1 = new TR();
    TR row2 = new TR();
    row1.addElement(new TD(new B(new StringElement("*User Name: "))));
    row2.addElement(new TD(new B(new StringElement("*Password: "******"");
    Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
    row1.addElement(new TD(input1));
    row2.addElement(new TD(input2));
    t.addElement(row1);
    t.addElement(row2);

    Element b = ECSFactory.makeButton("Login");
    t.addElement(new TR(new TD(b)));
    ec.addElement(t);

    return (ec);
  }
Esempio n. 5
0
  /**
   * Description of the Method
   *
   * @param s Description of the Parameter
   * @return Description of the Return Value
   */
  public Element makeList(WebSession s) {
    Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);

    try {
      Connection connection = DatabaseUtilities.getConnection(s);

      // edit by Chuck Willis - Added logic to associate similar usernames
      // The idea is that users chuck-1, chuck-2, etc will see each other's messages
      // but not anyone elses. This allows users to try out XSS to grab another user's
      // cookies, but not get confused by other users scripts

      String query = "SELECT * FROM messages WHERE user_name LIKE ? and lesson_type = ?";
      PreparedStatement statement =
          connection.prepareStatement(
              query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
      statement.setString(1, getNameroot(s.getUserName()) + "%");
      statement.setString(2, getClass().getName());
      ResultSet results = statement.executeQuery();

      if ((results != null) && (results.first() == true)) {
        results.beforeFirst();

        for (int i = 0; results.next(); i++) {
          A a = ECSFactory.makeLink(results.getString(TITLE_COL), NUMBER, results.getInt(NUM_COL));
          TD td = new TD().addElement(a);
          TR tr = new TR().addElement(td);
          t.addElement(tr);
        }
      }
    } catch (Exception e) {
      s.setMessage(WebGoatI18N.get("ErrorGeneratingMessageList"));
    }

    ElementContainer ec = new ElementContainer();
    ec.addElement(new H1(WebGoatI18N.get("MessageList")));
    ec.addElement(t);

    return (ec);
  }