/**
* Description of the Method
*
* @param s Description of the Parameter
* @param user Description of the Parameter
* @param method Description of the Parameter
* @return Description of the Return Value
* @exception Exception Description of the Exception
*/
protected Element makeUser(WebSession s, String user, String method) throws Exception {
ElementContainer ec = new ElementContainer();
ec.addElement(new P().addElement("Welcome, " + user));
ec.addElement(new P().addElement("You have been authenticated with " + method));
ec.addElement(new P().addElement(ECSFactory.makeLink("Logout", LOGOUT, true)));
ec.addElement(new P().addElement(ECSFactory.makeLink("Refresh", "", "")));
return (ec);
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
*/
protected Element createContent(WebSession s) {
ElementContainer ec = new ElementContainer();
StringBuffer person = null;
try {
ec.addElement(new StringElement(WebGoatI18N.get("EnterYourName") + ": "));
person = new StringBuffer(s.getParser().getStringParameter(PERSON, ""));
person.reverse();
Input input = new Input(Input.TEXT, PERSON, person.toString());
ec.addElement(input);
Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
ec.addElement(b);
} catch (Exception e) {
s.setMessage("Error generating " + this.getClass().getName());
e.printStackTrace();
}
if (!person.toString().equals("") && getLessonTracker(s).getNumVisits() > 3) {
makeSuccess(s);
}
return (ec);
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
*/
protected Element makeInput(WebSession s) {
Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
TR row1 = new TR();
TR row2 = new TR();
row1.addElement(new TD(new StringElement(WebGoatI18N.get("Title") + ": ")));
Input inputTitle = new Input(Input.TEXT, TITLE, "");
row1.addElement(new TD(inputTitle));
TD item1 = new TD();
item1.setVAlign("TOP");
item1.addElement(new StringElement(WebGoatI18N.get("Message") + ": "));
row2.addElement(item1);
TD item2 = new TD();
TextArea ta = new TextArea(MESSAGE, 5, 60);
item2.addElement(ta);
row2.addElement(item2);
t.addElement(row1);
t.addElement(row2);
Element b = ECSFactory.makeButton(WebGoatI18N.get("Submit"));
ElementContainer ec = new ElementContainer();
ec.addElement(t);
ec.addElement(new P().addElement(b));
return (ec);
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
*/
protected Element createContent(WebSession s) {
ElementContainer ec = new ElementContainer();
Element b = ECSFactory.makeButton("Start the Course!");
ec.addElement(new Center(b));
return (ec);
}
protected Element makeInputLine(WebSession s) {
ElementContainer ec = new ElementContainer();
ec.addElement(new P().addElement("Please change your password: "******"Go!");
ec.addElement(b);
return ec;
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
*/
protected Element makeLogin(WebSession s) {
ElementContainer ec = new ElementContainer();
ec.addElement(new H1().addElement("Sign In "));
Table t =
new Table()
.setCellSpacing(0)
.setCellPadding(2)
.setBorder(0)
.setWidth("90%")
.setAlign("center");
if (s.isColor()) {
t.setBorder(1);
}
TR tr = new TR();
tr.addElement(
new TH()
.addElement(
"Please sign in to your account. See the OWASP admin if you do not have an account.")
.setColSpan(2)
.setAlign("left"));
t.addElement(tr);
tr = new TR();
tr.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
t.addElement(tr);
tr = new TR();
tr.addElement(new TD().addElement(" ").setColSpan(2));
t.addElement(tr);
TR row1 = new TR();
TR row2 = new TR();
row1.addElement(new TD(new B(new StringElement("*User Name: "))));
row2.addElement(new TD(new B(new StringElement("*Password: "******"");
Input input2 = new Input(Input.PASSWORD, PASSWORD, "");
row1.addElement(new TD(input1));
row2.addElement(new TD(input2));
t.addElement(row1);
t.addElement(row2);
Element b = ECSFactory.makeButton("Login");
t.addElement(new TR(new TD(b)));
ec.addElement(t);
return (ec);
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
*/
public Element makeList(WebSession s) {
Table t = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
try {
Connection connection = DatabaseUtilities.getConnection(s);
// edit by Chuck Willis - Added logic to associate similar usernames
// The idea is that users chuck-1, chuck-2, etc will see each other's messages
// but not anyone elses. This allows users to try out XSS to grab another user's
// cookies, but not get confused by other users scripts
String query = "SELECT * FROM messages WHERE user_name LIKE ? and lesson_type = ?";
PreparedStatement statement =
connection.prepareStatement(
query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
statement.setString(1, getNameroot(s.getUserName()) + "%");
statement.setString(2, getClass().getName());
ResultSet results = statement.executeQuery();
if ((results != null) && (results.first() == true)) {
results.beforeFirst();
for (int i = 0; results.next(); i++) {
A a = ECSFactory.makeLink(results.getString(TITLE_COL), NUMBER, results.getInt(NUM_COL));
TD td = new TD().addElement(a);
TR tr = new TR().addElement(td);
t.addElement(tr);
}
}
} catch (Exception e) {
s.setMessage(WebGoatI18N.get("ErrorGeneratingMessageList"));
}
ElementContainer ec = new ElementContainer();
ec.addElement(new H1(WebGoatI18N.get("MessageList")));
ec.addElement(t);
return (ec);
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
*/
protected Element createContent(WebSession s) {
ElementContainer ec = new ElementContainer();
try {
Table t = new Table().setCellSpacing(0).setCellPadding(2).setWidth("90%").setAlign("center");
if (s.isColor()) {
t.setBorder(1);
}
List<File> htmlFiles = findHtmlFiles(LessonUtil.getLessonDirectory(s, this).getParentFile());
List<String> htmlFilenames =
Lists.newArrayList(
Iterables.transform(
htmlFiles,
new Function<File, String>() {
@Override
public String apply(File input) {
return input.getName();
}
}));
String[] list = htmlFilenames.toArray(new String[htmlFilenames.size()]);
String listing =
" <p><B>"
+ getLabelManager().get("CurrentDirectory")
+ "</B> "
+ Encoding.urlDecode(htmlFiles.get(0).getParent())
+ "<br><br>"
+ getLabelManager().get("ChooseFileToView")
+ "</p>";
TR tr = new TR();
tr.addElement(new TD().setColSpan(2).addElement(new StringElement(listing)));
t.addElement(tr);
tr = new TR();
tr.addElement(
new TD().setWidth("35%").addElement(ECSFactory.makePulldown(FILE, list, "", 15)));
tr.addElement(new TD().addElement(ECSFactory.makeButton(getLabelManager().get("ViewFile"))));
t.addElement(tr);
ec.addElement(t);
// FIXME: would be cool to allow encodings here -- hex, percent,
// url, etc...
final String file = s.getParser().getRawParameter(FILE, "");
if (!file.equals("")) // first time in or missing parameter - just kick out
{
// defuse file searching
boolean illegalCommand = true;
// allow them to look at any file in the webgoat hierachy.
// Don't allow them to look about the webgoat root,
// except to see the LICENSE file
if (upDirCount(file) == 3 && !file.endsWith("LICENSE")) {
s.setMessage(getLabelManager().get("AccessDenied"));
s.setMessage(getLabelManager().get("ItAppears1"));
} else {
if (upDirCount(file) > 5) {
s.setMessage(getLabelManager().get("AccessDenied"));
s.setMessage(getLabelManager().get("ItAppears2"));
} else {
illegalCommand = false;
}
}
// provide a little guidance to help them along. If the allowed file comes back as
// null we have the potential for a real attack vector
File allowedFile = guideTheAtack(s, file, htmlFiles);
if (!illegalCommand) {
File attemptedFile =
new File(LessonUtil.getLessonDirectory(s, this) + "/lessonPlans/en/" + file);
if (allowedFile == null) {
// We have a potential attack
if (file != null && attemptedFile.isFile() && attemptedFile.exists()) {
// They have accessed something meaningful
s.setMessage(
getLabelManager().get("CongratsAccessToFileAllowed")
+ " ==> "
+ Encoding.urlDecode(attemptedFile.getCanonicalPath()));
makeSuccess(s);
} else if (file != null && file.length() != 0) {
s.setMessage(
getLabelManager().get("AccessToFileDenied1")
+ Encoding.urlDecode(file)
+ getLabelManager().get("AccessToFileDenied2"));
} else {
// do nothing, probably entry screen
}
} else {
attemptedFile = allowedFile;
}
displayAttemptedFile(ec, attemptedFile);
}
}
} catch (Exception e) {
s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
e.printStackTrace();
}
return (ec);
}
/**
* Description of the Method
*
* @param s Description of the Parameter
* @return Description of the Return Value
*/
protected Element createContent(WebSession s) {
ElementContainer ec = new ElementContainer();
try {
boolean failed = false;
// select element
ec.addElement(
new Div().addElement(new StringElement("Select field with two possible values:")));
String[] allowedSelect = {"foo", "bar"};
ec.addElement(new org.apache.ecs.html.Select("select", allowedSelect));
// radio button element
ec.addElement(new P());
ec.addElement(
new Div().addElement(new StringElement("Radio button with two possible values:")));
Input radiofoo = new Input("radio", "radio", "foo");
radiofoo.setChecked(true);
ec.addElement(radiofoo);
ec.addElement(new StringElement("foo"));
ec.addElement(new BR());
ec.addElement(new Input("radio", "radio", "bar"));
ec.addElement(new StringElement("bar"));
// checkbox
ec.addElement(new P());
ec.addElement(new Div().addElement(new StringElement("Checkbox:")));
Input checkbox = new Input("checkbox", "checkbox");
checkbox.setChecked(true);
ec.addElement(checkbox);
ec.addElement(new StringElement("checkbox"));
// create shortinput
ec.addElement(new P());
ec.addElement(
new Div().addElement(new StringElement("Input field restricted to 5 characters:")));
Input shortinput = new Input(Input.TEXT, "shortinput", "12345");
shortinput.setMaxlength(5);
ec.addElement(shortinput);
ec.addElement(new P());
ec.addElement(new Div().addElement(new StringElement("Disabled input field:")));
String defaultdisabledinputtext = "disabled";
Input disabledinput = new Input(Input.TEXT, "disabledinput", defaultdisabledinputtext);
disabledinput.setDisabled(true);
ec.addElement(disabledinput);
ec.addElement(new BR());
// Submit Button
ec.addElement(new P());
ec.addElement(new Div().addElement(new StringElement("Submit button:")));
String submittext = "Submit";
Element b = ECSFactory.makeButton(submittext);
ec.addElement(b);
// Now check inputs that were submitted (if any)
// check select field
String submittedselect = s.getParser().getRawParameter("select");
if (submittedselect.equals("foo")) failed = true;
if (submittedselect.equals("bar")) failed = true;
// check radio buttons
String submittedradio = s.getParser().getRawParameter("radio");
if (submittedselect.equals("foo")) failed = true;
if (submittedselect.equals("bar")) failed = true;
// check checkbox (note - if the box is not checked, this will throw an exception, but that
// is okay)
if (s.getParser().getRawParameter("checkbox").equals("on")) failed = true;
// check shortinput
if (s.getParser().getRawParameter("shortinput").length() < 6) failed = true;
// check disabledinput (note - if the field was not re-enabled, this will throw an exception,
// but that
// is okay)
if (s.getParser().getRawParameter("disabledinput").equals(defaultdisabledinputtext))
failed = true;
// check submitbutton
if (s.getParser().getRawParameter("SUBMIT").equals(submittext)) failed = true;
// if we didn't fail, we succeeded!
if (failed != true) {
makeSuccess(s);
}
} catch (ParameterNotFoundException e) {
// s.setMessage("Error, required parameter not found");
// e.printStackTrace();
}
return (ec);
}
protected Element createContent(WebSession s) {
ElementContainer ec = new ElementContainer();
Table t1 = new Table().setCellSpacing(0).setCellPadding(2);
if (s.isColor()) {
t1.setBorder(1);
}
TR tr = new TR();
tr.addElement(new TD("Enter your account number: "));
tr.addElement(new TD(new Input(Input.TEXT, "id", "101")));
t1.addElement(tr);
tr = new TR();
tr.addElement(new TD("Select the fields to return: "));
tr.addElement(
new TD(
new Select("field")
.setMultiple(true)
.addElement(new Option(firstName).addElement("First Name"))
.addElement(new Option(lastName).addElement("Last Name"))
.addElement(new Option(loginCount).addElement("Login Count"))));
t1.addElement(tr);
tr = new TR();
Element b = ECSFactory.makeButton("Submit");
tr.addElement(new TD(b).setAlign("CENTER").setColSpan(2));
t1.addElement(tr);
ec.addElement(t1);
try {
String[] fields = s.getParser().getParameterValues("field");
int id = s.getParser().getIntParameter("id");
Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1);
if (s.isColor()) {
t.setBorder(1);
}
TR header = new TR();
TR results = new TR();
int port = s.getRequest().getServerPort();
for (int i = 0; i < fields.length; i++) {
header.addElement(new TD().addElement(fields[i]));
results.addElement(
new TD()
.addElement(
(String)
accessWGService(
s, "WSDLScanning", port, fields[i], "acct_num", new Integer(id))));
}
if (fields.length == 0) {
s.setMessage("Please select a value to return.");
}
t.addElement(header);
t.addElement(results);
ec.addElement(new P().addElement(t));
} catch (Exception e) {
}
try {
A a = new A("services/WSDLScanning?WSDL", "WebGoat WSDL File");
ec.addElement(
new P()
.addElement(
"View the web services definition language (WSDL) to see the complete API:"));
ec.addElement(new BR());
ec.addElement(a);
// getLessonTracker( s ).setCompleted( completed );
if (completed && !getLessonTracker(s).getCompleted() && !beenRestartedYet) {
makeSuccess(s);
beenRestartedYet = true;
} else if (completed && !getLessonTracker(s).getCompleted() && beenRestartedYet) {
completed = false;
beenRestartedYet = false;
}
// accessWGService("WSDLScanning", "getCreditCard", "acct_num", new Integer(101));
} catch (Exception e) {
s.setMessage("Error generating " + this.getClass().getName());
e.printStackTrace();
}
return (ec);
}
