Manual Code Review
Assignment6.1_Files/File1.java
Assignment6.1_Files/File1.java
package
org
.
owasp
.
webgoat
.
plugin
.
introduction
;
import
org
.
owasp
.
webgoat
.
assignments
.
AssignmentEndpoint
;
import
org
.
owasp
.
webgoat
.
assignments
.
AssignmentHints
;
import
org
.
owasp
.
webgoat
.
assignments
.
AssignmentPath
;
import
org
.
owasp
.
webgoat
.
assignments
.
AttackResult
;
import
org
.
owasp
.
webgoat
.
session
.
DatabaseUtilities
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
RequestMapping
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
RequestMethod
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
RequestParam
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
ResponseBody
;
import
java
.
util
.
Calendar
;
import
java
.
text
.
SimpleDateFormat
;
import
java
.
sql
.
*
;
public
class
File1
extends
AssignmentEndpoint
{
@
RequestMapping
(
method
=
RequestMethod
.
POST
)
public
@
ResponseBody
AttackResult
completed
(
@
RequestParam
String
name
,
@
RequestParam
String
auth_tan
)
{
return
injectableQueryConfidentiality
(
name
,
auth_tan
);
}
protected
AttackResult
injectableQueryConfidentiality
(
String
name
,
String
auth_tan
)
{
StringBuffer
output
=
new
StringBuffer
();
String
query
=
"SELECT * FROM employees WHERE last_name = '"
+
name
+
"' AND auth_tan = '"
+
auth_tan
+
"'"
;
try
{
Connection
connection
=
DatabaseUtilities
.
getConnection
(
getWebSession
());
try
{
Statement
statement
=
connection
.
createStatement
(
ResultSet
.
TYPE_SCROLL_INSENSITIVE
,
ResultSet
.
CONCUR_READ_ONLY
);
log
(
connection
,
query
);
ResultSet
results
=
statement
.
executeQuery
(
query
);
if
(
results
.
getStatement
()
!=
null
)
{
if
(
results
.
first
())
{
output
.
append
(
generateTable
(
results
));
results
.
last
();
if
(
results
.
getRow
()
>
1
)
{
// more than one record, the user succeeded
return
trackProgress
(
success
().
feedback
(
"sql-injection.8.success"
).
output
(
output
.
toString
()).
build
());
}
else
{
// only one record
return
trackProgress
(
failed
().
feedback
(
"sql-injection.8.one"
).
output
(
output
.
toString
()).
build
());
}
}
else
{
// no results
return
trackProgress
(
failed
().
feedback
(
"sql-injection.8.no.results"
).
build
());
}
}
else
{
return
trackProgress
(
failed
().
feedback
(
"sql-injection.error"
).
build
());
}
}
catch
(
SQLException
e
)
{
return
trackProgress
(
failed
().
feedback
(
"sql-injection.error"
).
output
(
"<br><span class='feedback-negative'>"
+
e
.
getMessage
()
+
"</span>"
).
build
());
}
}
catch
(
Exception
e
)
{
return
trackProgress
(
failed
().
feedback
(
"sql-injection.error"
).
output
(
"<br><span class='feedback-negative'>"
+
e
.
getMessage
()
+
"</span>"
).
build
());
}
}
public
static
String
generateTable
(
ResultSet
results
)
throws
SQLException
{
ResultSetMetaData
resultsMetaData
=
results
.
getMetaData
();
int
numColumns
=
resultsMetaData
.
getColumnCount
();
results
.
beforeFirst
();
StringBuffer
table
=
new
StringBuffer
();
table
.
append
(
"<table>"
);
if
(
results
.
next
())
{
table
.
append
(
"<tr>"
);
for
(
int
i
=
1
;
i
<
(
numColumns
+
1
);
i
++
)
{
table
.
append
(
"<th>"
+
resultsMetaData
.
getColumnName
(
i
)
+
"</th>"
);
}
table
.
append
(
"</tr>"
);
results
.
beforeFirst
();
while
(
results
.
next
())
{
table
.
append
(
"<tr>"
);
for
(
int
i
=
1
;
i
<
(
numColumns
+
1
);
i
++
)
{
table
.
append
(
"<td>"
+
results
.
getString
(
i
)
+
"</td>"
);
}
table
.
append
(
"</tr>"
);
}
}
else
{
table
.
append
(
"Query Successful; however no data was returned from this query."
);
}
table
.
append
(
"</table>"
);
return
(
table
.
toString
());
}
public
static
void
log
(
Connection
connection
,
String
action
)
{
action
=
action
.
replace
(
'\''
,
'"'
);
Calendar
cal
=
Calendar
.
getInstance
();
SimpleDateFormat
sdf
=
new
SimpleDateFormat
(
"yyyy-MM-dd HH:mm:ss"
);
String
time
=
sdf
.
format
(
cal
.
getTime
());
String
log_query
=
"INSERT INTO access_log (time, action) VALUES ('"
+
time
+
"', '"
+
action
+
"')"
;
try
{
Statement
statement
=
connection
.
createStatement
();
statement
.
executeUpdate
(
log_query
);
}
catch
(
SQLException
e
)
{
System
.
err
.
println
(
e
.
getMessage
());
}
}
}
Assignment6.1_Files/File2.java
Assignment6.1_Files/File2.java
package
org
.
owasp
.
webgoat
.
plugin
.
introduction
;
import
org
.
owasp
.
webgoat
.
assignments
.
AssignmentEndpoint
;
import
org
.
owasp
.
webgoat
.
assignments
.
AssignmentHints
;
import
org
.
owasp
.
webgoat
.
assignments
.
AssignmentPath
;
import
org
.
owasp
.
webgoat
.
assignments
.
AttackResult
;
import
org
.
owasp
.
webgoat
.
session
.
DatabaseUtilities
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
RequestMapping
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
RequestMethod
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
RequestParam
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
ResponseBody
;
import
java
.
sql
.
*
;
public
class
File2
extends
AssignmentEndpoint
{
@
RequestMapping
(
method
=
RequestMethod
.
POST
)
public
@
ResponseBody
AttackResult
completed
(
@
RequestParam
String
name
,
@
RequestParam
String
auth_tan
)
{
return
injectableQueryIntegrity
(
name
,
auth_tan
);
}
protected
AttackResult
injectableQueryIntegrity
(
String
name
,
String
auth_tan
)
{
StringBuffer
output
=
new
StringBuffer
();
String
query
=
"SELECT * FROM employees WHERE last_name = '"
+
name
+
"' AND auth_tan = '"
+
auth_tan
+
"'"
;
try
{
Connection
connection
=
DatabaseUtilities
.
getConnection
(
getWebSession
());
try
{
Statement
statement
=
connection
.
createStatement
(
ResultSet
.
TYPE_SCROLL_INSENSITIVE
,
ResultSet
.
CONCUR_READ_ONLY
);
SqlInjectionLesson8
.
log
(
connection
,
query
);
ResultSet
results
=
statement
.
executeQuery
(
query
);
if
(
results
.
getStatement
()
!=
null
)
{
if
(
results
.
first
())
{
output
.
append
(
SqlInjectionLesson8
.
generateTable
(
results
));
}
else
{
// no results
return
trackProgress
(
failed
().
feedback
(
"sql-injection.8.no.results"
).
build
());
}
}
}
catch
(
SQLException
e
)
{
System
.
err
.
println
(
e
.
getMessage
());
return
trackProgress
(
failed
().
feedback
(
"sql-injection.error"
).
output
(
"<br><span class='feedback-negative'>"
+
e
.
getMessage
()
+
"</span>"
).
build
());
}
return
checkSalaryRanking
(
connection
,
output
);
}
catch
(
Exception
e
)
{
System
.
err
.
println
(
e
.
getMessage
());
return
trackProgress
(
failed
().
feedback
(
"sql-injection.error"
).
output
(
"<br><span class='feedback-negative'>"
+
e
.
getMessage
()
+
"</span>"
).
build
());
}
}
private
AttackResult
checkSalaryRanking
(
Connection
connection
,
StringBuffer
output
)
{
try
{
String
query
=
"SELECT * FROM employees ORDER BY salary DESC"
;
Statement
statement
=
connection
.
createStatement
(
ResultSet
.
TYPE_SCROLL_INSENSITIVE
,
ResultSet
.
CONCUR_READ_ONLY
);
ResultSet
results
=
statement
.
executeQuery
(
query
);
results
.
first
();
// user completes lesson if John Smith is the first in the list
if
((
results
.
getString
(
2
).
equals
(
"John"
))
&&
(
results
.
getString
(
3
).
equals
(
"Smith"
)))
{
output
.
append
(
SqlInjectionLesson8
.
generateTable
(
results
));
return
trackProgress
(
success
().
feedback
(
"sql-injection.9.success"
).
output
(
output
.
toString
()).
build
());
}
else
{
return
trackProgress
(
failed
().
feedback
(
"sql-injection.9.one"
).
output
(
output
.
toString
()).
build
());
}
}
catch
(
SQLException
e
)
{
System
.
err
.
println
(
e
.
getMessage
());
return
trackProgress
(
failed
().
feedback
(
"sql-injection.error"
).
output
(
"<br><span class='feedback-negative'>"
+
e
.
getMessage
()
+
"</span>"
).
build
());
}
}
}
Assignment6.1_Files/File3.java
Assignment6.1_Files/File3.java
package
org
.
owasp
.
webgoat
.
plugin
;
import
com
.
google
.
common
.
collect
.
Lists
;
import
com
.
google
.
common
.
collect
.
Maps
;
import
io
.
jsonwebtoken
.
*
;
import
org
.
apache
.
commons
.
lang3
.
RandomStringUtils
;
import
org
.
owasp
.
webgoat
.
assignments
.
AssignmentEndpoint
;
import
org
.
owasp
.
webgoat
.
assignments
.
AssignmentHints
;
import
org
.
owasp
.
webgoat
.
assignments
.
AssignmentPath
;
import
org
.
owasp
.
webgoat
.
assignments
.
AttackResult
;
import
org
.
owasp
.
webgoat
.
session
.
WebSession
;
import
org
.
springframework
.
beans
.
factory
.
annotation
.
Autowired
;
import
org
.
springframework
.
http
.
HttpStatus
;
import
org
.
springframework
.
http
.
MediaType
;
import
org
.
springframework
.
http
.
ResponseEntity
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
PostMapping
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
RequestBody
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
RequestHeader
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
ResponseBody
;
import
java
.
util
.
Date
;
import
java
.
util
.
List
;
import
java
.
util
.
Map
;
import
java
.
util
.
concurrent
.
TimeUnit
;
/**
*
@author
nbaars
*
@since
4/23/17.
*/
public
class
File3
extends
AssignmentEndpoint
{
public
static
final
String
PASSWORD
=
"bm5nhSkxCXZkKRy4"
;
private
static
final
String
JWT_PASSWORD
=
"bm5n3SkxCX4kKRy4"
;
private
static
final
List
<
String
>
validRefreshTokens
=
Lists
.
newArrayList
();
@
PostMapping
(
value
=
"login"
,
consumes
=
MediaType
.
APPLICATION_JSON_VALUE
,
produces
=
MediaType
.
APPLICATION_JSON_VALUE
)
public
@
ResponseBody
ResponseEntity
follow
(
@
RequestBody
Map
<
String
,
Object
>
json
)
{
String
user
=
(
String
)
json
.
get
(
"user"
);
String
password
=
(
String
)
json
.
get
(
"password"
);
if
(
"Jerry"
.
equals
(
user
)
&&
PASSWORD
.
equals
(
password
))
{
return
ResponseEntity
.
ok
(
createNewTokens
(
user
));
}
return
ResponseEntity
.
status
(
HttpStatus
.
UNAUTHORIZED
).
build
();
}
private
Map
<
String
,
Object
>
createNewTokens
(
String
user
)
{
Map
<
String
,
Object
>
claims
=
Maps
.
newHashMap
();
claims
.
put
(
"admin"
,
"false"
);
claims
.
put
(
"user"
,
user
);
String
token
=
Jwts
.
builder
()
.
setIssuedAt
(
new
Date
(
System
.
currentTimeMillis
()
+
TimeUnit
.
DAYS
.
toDays
(
10
)))
.
setClaims
(
claims
)
.
signWith
(
io
.
jsonwebtoken
.
SignatureAlgorithm
.
HS512
,
JWT_PASSWORD
)
.
compact
();
Map
<
String
,
Object
>
tokenJson
=
Maps
.
newHashMap
();
String
refreshToken
=
RandomStringUtils
.
randomAlphabetic
(
20
);
validRefreshTokens
.
add
(
refreshToken
);
tokenJson
.
put
(
"access_token"
,
token
);
tokenJson
.
put
(
"refresh_token"
,
refreshToken
);
return
tokenJson
;
}
@
PostMapping
(
"checkout"
)
public
@
ResponseBody
AttackResult
checkout
(
@
RequestHeader
(
"Authorization"
)
String
token
)
{
try
{
Jwt
jwt
=
Jwts
.
parser
().
setSigningKey
(
JWT_PASSWORD
).
parse
(
token
.
replace
(
"Bearer "
,
""
));
Claims
claims
=
(
Claims
)
jwt
.
getBody
();
String
user
=
(
String
)
claims
.
get
(
"user"
);
if
(
"Tom"
.
equals
(
user
))
{
return
trackProgress
(
success
().
build
());
}
return
trackProgress
(
failed
().
feedback
(
"jwt-refresh-not-tom"
).
feedbackArgs
(
user
).
build
());
}
catch
(
ExpiredJwtException
e
)
{
return
trackProgress
(
failed
().
output
(
e
.
getMessage
()).
build
());
}
catch
(
JwtException
e
)
{
return
trackProgress
(
failed
().
feedback
(
"jwt-invalid-token"
).
build
());
}
}
@
PostMapping
(
"newToken"
)
public
@
ResponseBody
ResponseEntity
newToken
(
@
RequestHeader
(
"Authorization"
)
String
token
,
@
RequestBody
Map
<
String
,
Object
>
json
)
{
String
user
;
String
refreshToken
;
try
{
Jwt
<
Header
,
Claims
>
jwt
=
Jwts
.
parser
().
setSigningKey
(
JWT_PASSWORD
).
parse
(
token
.
replace
(
"Bearer "
,
""
));
user
=
(
String
)
jwt
.
getBody
().
get
(
"user"
);
refreshToken
=
(
String
)
json
.
get
(
"refresh_token"
);
}
catch
(
ExpiredJwtException
e
)
{
user
=
(
String
)
e
.
getClaims
().
get
(
"user"
);
refreshToken
=
(
String
)
json
.
get
(
"refresh_token"
);
}
if
(
user
==
null
||
refreshToken
==
null
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
UNAUTHORIZED
).
build
();
}
else
if
(
validRefreshTokens
.
contains
(
refreshToken
))
{
validRefreshTokens
.
remove
(
refreshToken
);
return
ResponseEntity
.
ok
(
createNewTokens
(
user
));
}
else
{
return
ResponseEntity
.
status
(
HttpStatus
.
UNAUTHORIZED
).
build
();
}
}
}
Assignment6.1_Files/File4.java
Assignment6.1_Files/File4.java
package
org
.
owasp
.
webgoat
.
plugin
;
import
org
.
owasp
.
webgoat
.
assignments
.
Endpoint
;
import
org
.
owasp
.
webgoat
.
i18n
.
PluginMessages
;
import
org
.
owasp
.
webgoat
.
session
.
UserSessionData
;
import
org
.
springframework
.
beans
.
factory
.
annotation
.
Autowired
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
RequestMapping
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
RequestMethod
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
ResponseBody
;
import
javax
.
servlet
.
ServletException
;
import
javax
.
servlet
.
http
.
HttpServletRequest
;
import
javax
.
servlet
.
http
.
HttpServletResponse
;
import
java
.
io
.
IOException
;
import
java
.
util
.
HashMap
;
import
java
.
util
.
Map
;
import
java
.
util
.
Random
;
/**
* Created by jason on 9/30/17.
*/
public
class
File4
extends
Endpoint
{
@
Autowired
UserSessionData
userSessionData
;
@
Autowired
private
PluginMessages
pluginMessages
;
@
RequestMapping
(
produces
=
{
"application/json"
},
method
=
RequestMethod
.
GET
)
@
ResponseBody
public
Map
<
String
,
Object
>
invoke
(
HttpServletRequest
req
,
HttpServletResponse
resp
)
throws
ServletException
,
IOException
{
Map
<
String
,
Object
>
response
=
new
HashMap
<>
();
String
host
=
(
req
.
getHeader
(
"host"
)
==
null
)
?
"NULL"
:
req
.
getHeader
(
"host"
);
// String origin = (req.getHeader("origin") == null) ? "NULL" : req.getHeader("origin");
// Integer serverPort = (req.getServerPort() < 1) ? 0 : req.getServerPort();
// String serverName = (req.getServerName() == null) ? "NULL" : req.getServerName();
String
referer
=
(
req
.
getHeader
(
"referer"
)
==
null
)
?
"NULL"
:
req
.
getHeader
(
"referer"
);
String
[]
refererArr
=
referer
.
split
(
"/"
);
if
(
referer
.
equals
(
"NULL"
))
{
if
(
req
.
getParameter
(
"csrf"
).
equals
(
"true"
))
{
Random
random
=
new
Random
();
userSessionData
.
setValue
(
"csrf-get-success"
,
random
.
nextInt
(
65536
));
response
.
put
(
"success"
,
true
);
response
.
put
(
"message"
,
pluginMessages
.
getMessage
(
"csrf-get-null-referer.success"
));
response
.
put
(
"flag"
,
userSessionData
.
getValue
(
"csrf-get-success"
));
}
else
{
Random
random
=
new
Random
();
userSessionData
.
setValue
(
"csrf-get-success"
,
random
.
nextInt
(
65536
));
response
.
put
(
"success"
,
true
);
response
.
put
(
"message"
,
pluginMessages
.
getMessage
(
"csrf-get-other-referer.success"
));
response
.
put
(
"flag"
,
userSessionData
.
getValue
(
"csrf-get-success"
));
}
}
else
if
(
refererArr
[
2
].
equals
(
host
))
{
response
.
put
(
"success"
,
false
);
response
.
put
(
"message"
,
"Appears the request came from the original host"
);
response
.
put
(
"flag"
,
null
);
}
else
{
Random
random
=
new
Random
();
userSessionData
.
setValue
(
"csrf-get-success"
,
random
.
nextInt
(
65536
));
response
.
put
(
"success"
,
true
);
response
.
put
(
"message"
,
pluginMessages
.
getMessage
(
"csrf-get-other-referer.success"
));
response
.
put
(
"flag"
,
userSessionData
.
getValue
(
"csrf-get-success"
));
}
return
response
;
}
@
Override
public
String
getPath
()
{
return
"/csrf/basic-get-flag"
;
}
}
Assignment6.1_Files/File5.java
Assignment6.1_Files/File5.java
package
org
.
owasp
.
webgoat
.
plugin
.
challenge6
;
import
lombok
.
extern
.
slf4j
.
Slf4j
;
import
org
.
apache
.
commons
.
lang3
.
RandomStringUtils
;
import
org
.
owasp
.
webgoat
.
assignments
.
AssignmentEndpoint
;
import
org
.
owasp
.
webgoat
.
assignments
.
AssignmentPath
;
import
org
.
owasp
.
webgoat
.
assignments
.
AttackResult
;
import
org
.
owasp
.
webgoat
.
plugin
.
Flag
;
import
org
.
owasp
.
webgoat
.
session
.
DatabaseUtilities
;
import
org
.
owasp
.
webgoat
.
session
.
WebSession
;
import
org
.
springframework
.
beans
.
factory
.
annotation
.
Autowired
;
import
org
.
springframework
.
util
.
StringUtils
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
PutMapping
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
RequestMapping
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
RequestParam
;
import
org
.
springframework
.
web
.
bind
.
annotation
.
ResponseBody
;
import
java
.
sql
.
*
;
import
static
org
.
owasp
.
webgoat
.
plugin
.
SolutionConstants
.
PASSWORD_TOM
;
import
static
org
.
springframework
.
web
.
bind
.
annotation
.
RequestMethod
.
POST
;
/**
*
@author
nbaars
*
@since
4/8/17.
*/
public
class
File5
extends
AssignmentEndpoint
{
//Make it more random at runtime (good luck guessing)
private
static
final
String
USERS_TABLE_NAME
=
"challenge_users_6"
+
RandomStringUtils
.
randomAlphabetic
(
16
);
@
Autowired
private
WebSession
webSession
;
public
File5
()
{
log
.
info
(
"Challenge 6 tablename is: {}"
,
USERS_TABLE_NAME
);
}
@
PutMapping
//assignment path is bounded to class so we use different http method :-)
@
ResponseBody
public
AttackResult
registerNewUser
(
@
RequestParam
String
username_reg
,
@
RequestParam
String
email_reg
,
@
RequestParam
String
password_reg
)
throws
Exception
{
AttackResult
attackResult
=
checkArguments
(
username_reg
,
email_reg
,
password_reg
);
if
(
attackResult
==
null
)
{
Connection
connection
=
DatabaseUtilities
.
getConnection
(
webSession
);
checkDatabase
(
connection
);
String
checkUserQuery
=
"select userid from "
+
USERS_TABLE_NAME
+
" where userid = '"
+
username_reg
+
"'"
;
Statement
statement
=
connection
.
createStatement
();
ResultSet
resultSet
=
statement
.
executeQuery
(
checkUserQuery
);
if
(
resultSet
.
next
())
{
attackResult
=
failed
().
feedback
(
"user.exists"
).
feedbackArgs
(
username_reg
).
build
();
}
else
{
PreparedStatement
preparedStatement
=
connection
.
prepareStatement
(
"INSERT INTO "
+
USERS_TABLE_NAME
+
" VALUES (?, ?, ?)"
);
preparedStatement
.
setString
(
1
,
username_reg
);
preparedStatement
.
setString
(
2
,
email_reg
);
preparedStatement
.
setString
(
3
,
password_reg
);
preparedStatement
.
execute
();
attackResult
=
success
().
feedback
(
"user.created"
).
feedbackArgs
(
username_reg
).
build
();
}
}
return
attackResult
;
}
private
AttackResult
checkArguments
(
String
username_reg
,
String
email_reg
,
String
password_reg
)
{
if
(
StringUtils
.
isEmpty
(
username_reg
)
||
StringUtils
.
isEmpty
(
email_reg
)
||
StringUtils
.
isEmpty
(
password_reg
))
{
return
failed
().
feedback
(
"input.invalid"
).
build
();
}
if
(
username_reg
.
length
()
>
250
||
email_reg
.
length
()
>
30
||
password_reg
.
length
()
>
30
)
{
return
failed
().
feedback
(
"input.invalid"
).
build
();
}
return
null
;
}
@
RequestMapping
(
method
=
POST
)
@
ResponseBody
public
AttackResult
login
(
@
RequestParam
String
username_login
,
@
RequestParam
String
password_login
)
throws
Exception
{
Connection
connection
=
DatabaseUtilities
.
getConnection
(
webSession
);
checkDatabase
(
connection
);
PreparedStatement
statement
=
connection
.
prepareStatement
(
"select password from "
+
USERS_TABLE_NAME
+
" where userid = ? and password = ?"
);
statement
.
setString
(
1
,
username_login
);
statement
.
setString
(
2
,
password_login
);
ResultSet
resultSet
=
statement
.
executeQuery
();
if
(
resultSet
.
next
()
&&
"tom"
.
equals
(
username_login
))
{
return
success
().
feedback
(
"challenge.solved"
).
feedbackArgs
(
Flag
.
FLAGS
.
get
(
6
)).
build
();
}
else
{
return
failed
().
feedback
(
"challenge.close"
).
build
();
}
}
private
void
checkDatabase
(
Connection
connection
)
throws
SQLException
{
try
{
Statement
statement
=
connection
.
createStatement
();
statement
.
execute
(
"select 1 from "
+
USERS_TABLE_NAME
);
}
catch
(
SQLException
e
)
{
createChallengeTable
(
connection
);
}
}
private
void
createChallengeTable
(
Connection
connection
)
{
Statement
statement
=
null
;
try
{
statement
=
connection
.
createStatement
();
String
dropTable
=
"DROP TABLE "
+
USERS_TABLE_NAME
;
statement
.
executeUpdate
(
dropTable
);
}
catch
(
SQLException
e
)
{
log
.
info
(
"Delete failed, this does not point to an error table might not have been present..."
);
}
log
.
debug
(
"Challenge 6 - Creating tables for users {}"
,
USERS_TABLE_NAME
);
try
{
String
createTableStatement
=
"CREATE TABLE "
+
USERS_TABLE_NAME
+
" ("
+
"userid varchar(250),"
+
"email varchar(30),"
+
"password varchar(30)"
+
")"
;
statement
.
executeUpdate
(
createTableStatement
);
String
insertData1
=
"INSERT INTO "
+
USERS_TABLE_NAME
+
" VALUES ('larry', 'larry@webgoat.org', 'larryknows')"
;
String
insertData2
=
"INSERT INTO "
+
USERS_TABLE_NAME
+
" VALUES ('tom', 'tom@webgoat.org', '"
+
PASSWORD_TOM
+
"')"
;
String
insertData3
=
"INSERT INTO "
+
USERS_TABLE_NAME
+
" VALUES ('alice', 'alice@webgoat.org', 'rt*(KJ()LP())$#**')"
;
String
insertData4
=
"INSERT INTO "
+
USERS_TABLE_NAME
+
" VALUES ('eve', 'eve@webgoat.org', '**********')"
;
statement
.
executeUpdate
(
insertData1
);
statement
.
executeUpdate
(
insertData2
);
statement
.
executeUpdate
(
insertData3
);
statement
.
executeUpdate
(
insertData4
);
}
catch
(
SQLException
e
)
{
log
.
error
(
"Unable create table"
,
e
);
}
}
}