org.owasp.webgoat.session.WebSession Maven / Gradle / Ivy
package org.owasp.webgoat.session;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.Principal;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Vector;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.RandomLessonAdapter;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.lessons.model.RequestParameter;
import org.owasp.webgoat.util.BeanProvider;
import org.owasp.webgoat.util.LabelManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* *************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
* for free software projects.
*
* @author Jeff Williams Aspect
* Security
* @author Bruce Mayhew WebGoat
* @since October 28, 2003
* @version $Id: $Id
*/
public class WebSession {
final Logger logger = LoggerFactory.getLogger(WebSession.class);
/**
* Description of the Field
*/
public final static String ADMIN = "admin";
/**
* Tomcat role for a webgoat user
*/
public final static String WEBGOAT_USER = "ROLE_WEBGOAT_USER";
/**
* Tomcat role for a webgoat admin
*/
public final static String WEBGOAT_ADMIN = "ROLE_WEBGOAT_ADMIN";
/**
* Description of the Field
*/
public final static String CHALLENGE = "Challenge";
/**
* Description of the Field
*/
public final static String COLOR = "color";
/** Constant COURSE="course" */
public final static String COURSE = "course";
/**
* Description of the Field
*/
public final static int ERROR = 0;
/** Constant STAGE="stage" */
public static final String STAGE = "stage";
/**
* Description of the Field
*/
public final static String JSESSION_ID = "jsessionid";
/**
* Description of the Field
*/
public final static String LOGOUT = "Logout";
/**
* Description of the Field
*/
public final static String RESTART = "Restart";
/**
* Description of the Field
*/
public final static String MENU = "menu";
/**
* Description of the Field
*/
public final static String SCREEN = "Screen";
/**
* Description of the Field
*/
public final static String SESSION = "websession";
/** Constant SHOWSOURCE="ShowSource" */
public final static String SHOWSOURCE = "ShowSource";
/** Constant SHOWSOLUTION="ShowSolution" */
public final static String SHOWSOLUTION = "ShowSolution";
/** Constant SHOWHINTS="ShowHints" */
public final static String SHOWHINTS = "ShowHints";
/** Constant SHOW="show" */
public final static String SHOW = "show";
/** Constant SHOW_NEXTHINT="NextHint" */
public final static String SHOW_NEXTHINT = "NextHint";
/** Constant SHOW_PREVIOUSHINT="PreviousHint" */
public final static String SHOW_PREVIOUSHINT = "PreviousHint";
/** Constant SHOW_PARAMS="Params" */
public final static String SHOW_PARAMS = "Params";
/** Constant SHOW_COOKIES="Cookies" */
public final static String SHOW_COOKIES = "Cookies";
/** Constant SHOW_SOURCE="Source" */
public final static String SHOW_SOURCE = "Source";
/** Constant SHOW_SOLUTION="Solution" */
public final static String SHOW_SOLUTION = "Solution";
/** Constant DEBUG="debug" */
public final static String DEBUG = "debug";
/** Constant LANGUAGE="language" */
public final static String LANGUAGE = "language";
/**
* Description of the Field
*/
public final static int WELCOME = -1;
private WebgoatContext webgoatContext;
private ServletContext context = null;
private Course course;
private int currentScreen = WELCOME;
private int previousScreen = ERROR;
private int hintNum = -1;
private boolean isAdmin = false;
private boolean isHackedAdmin = false;
private boolean isAuthenticated = false;
private boolean isColor = false;
private boolean isDebug = false;
private boolean hasHackedHackableAdmin = false;
private StringBuffer message = new StringBuffer("");
private ParameterParser myParser;
private HttpServletRequest request = null;
private HttpServletResponse response = null;
private String servletName;
private HashMap session = new HashMap();
private boolean showCookies = false;
private boolean showParams = false;
private boolean showRequest = false;
private boolean showSource = false;
private boolean showSolution = false;
private boolean completedHackableAdmin = false;
private int currentMenu;
private String currentLanguage = null;
private List cookiesOnLastRequest;
private List parmsOnLastRequest;
/**
* Constructor for the WebSession object
*
* @param webgoatContext a {@link org.owasp.webgoat.session.WebgoatContext} object.
* @param context Description of the Parameter
*/
public WebSession(WebgoatContext webgoatContext, ServletContext context) {
this.webgoatContext = webgoatContext;
// initialize from web.xml
showParams = webgoatContext.isShowParams();
showCookies = webgoatContext.isShowCookies();
showSource = webgoatContext.isShowSource();
showSolution = webgoatContext.isShowSolution();
showRequest = webgoatContext.isShowRequest();
currentLanguage = webgoatContext.getDefaultLanguage();
this.context = context;
course = new Course();
course.loadCourses(webgoatContext, context, "/");
}
/**
* getConnection.
*
* @param s a {@link org.owasp.webgoat.session.WebSession} object.
* @return a {@link java.sql.Connection} object.
* @throws java.sql.SQLException if any.
*/
public static synchronized Connection getConnection(WebSession s) throws SQLException {
return DatabaseUtilities.getConnection(s);
}
/**
* returnConnection.
*
* @param s a {@link org.owasp.webgoat.session.WebSession} object.
*/
public static void returnConnection(WebSession s) {
DatabaseUtilities.returnConnection(s.getUserName());
}
/**
* Description of the Method
*
* @param key Description of the Parameter
* @param value Description of the Parameter
*/
public void add(String key, Object value) {
session.put(key, value);
}
/**
* Description of the Method
*/
public void clearMessage() {
message.setLength(0);
}
/**
* Description of the Method
*/
public void eatCookies() {
Cookie[] cookies = request.getCookies();
for (int loop = 0; loop < cookies.length; loop++) {
if (!cookies[loop].getName().startsWith("JS")) {// skip jsessionid cookie
cookies[loop].setMaxAge(0);// mark for deletion by browser
response.addCookie(cookies[loop]);
}
}
}
/**
* Description of the Method
*
* @param key Description of the Parameter
* @return Description of the Return Value
*/
public Object get(String key) {
return (session.get(key));
}
/**
* Gets the context attribute of the WebSession object
*
* @return The context value
*/
public ServletContext getContext() {
return context;
}
/**
* getRoles.
*
* @return a {@link java.util.List} object.
*/
public List getRoles() {
List roles = new ArrayList();
roles.add(AbstractLesson.USER_ROLE);
if (isAdmin()) {
roles.add(AbstractLesson.ADMIN_ROLE);
}
return roles;
}
/**
* Sets the admin flag - this routine is ONLY here to allow someone a
* backdoor to setting the user up as an admin.
*
* This is also used by the WebSession to set the admin, but the method
* should be private
*
* @param state a boolean.
*/
public void setAdmin(boolean state) {
isAdmin = state;
}
/**
* getRole.
*
* @return a {@link java.lang.String} object.
*/
public String getRole() {
String role = "";
if (isAdmin()) {
role = AbstractLesson.ADMIN_ROLE;
} else if (isHackedAdmin()) {
role = AbstractLesson.HACKED_ADMIN_ROLE;
} else if (isChallenge()) {
role = AbstractLesson.CHALLENGE_ROLE;
} else {
role = AbstractLesson.USER_ROLE;
}
return role;
}
/**
* Gets the course attribute of the WebSession object
*
* @return The course value
*/
public Course getCourse() {
return course;
}
/**
* Setter for the field course.
*
* @param course a {@link org.owasp.webgoat.session.Course} object.
*/
public void setCourse(Course course) {
this.course = course;
}
/**
* Gets the currentScreen attribute of the WebSession object
*
* @return The currentScreen value
*/
public int getCurrentScreen() {
return (currentScreen);
}
/**
* Setter for the field currentScreen.
*
* @param screen a int.
*/
public void setCurrentScreen(int screen) {
currentScreen = screen;
}
/**
* getRestartLink.
*
* @return a {@link java.lang.String} object.
*/
public String getRestartLink() {
return getCurrentLesson().getLink() + "&" + RESTART + "=" + getCurrentScreen();
}
/**
* getCurrentLink.
*
* @return a {@link java.lang.String} object.
*/
public String getCurrentLink() {
String thisLink = "attack";
Enumeration e = request.getParameterNames();
boolean isFirstParameter = true;
while (e.hasMoreElements()) {
String name = e.nextElement();
if (isFirstParameter) {
isFirstParameter = false;
thisLink += "?";
} else {
thisLink += "&";
}
thisLink = thisLink + name + "=" + request.getParameter(name);
}
return thisLink;
}
/**
* getCurrentLesson.
*
* @return a {@link org.owasp.webgoat.lessons.AbstractLesson} object.
*/
public AbstractLesson getCurrentLesson() {
return getCourse().getLesson(this, getCurrentScreen(), getRoles());
}
/**
* getLesson.
*
* @param id a int.
* @return a {@link org.owasp.webgoat.lessons.AbstractLesson} object.
*/
public AbstractLesson getLesson(int id) {
return getCourse().getLesson(this, id, getRoles());
}
/**
* getLessons.
*
* @param category a {@link org.owasp.webgoat.lessons.Category} object.
* @return a {@link java.util.List} object.
*/
public List getLessons(Category category) {
return getCourse().getLessons(this, category, getRoles());
}
/**
* Gets the hint1 attribute of the WebSession object
*
* @return The hint1 value
*/
private int getHintNum() {
return (hintNum);
}
/**
* getHint.
*
* @return a {@link java.lang.String} object.
*/
public String getHint() {
String hint = null;
int hints = getCurrentLesson().getHintCount(this);
if (getHintNum() > hints) {
hintNum = -1;
}
if (getHintNum() >= 0) // FIXME
{
hint = getCurrentLesson().getHint(this, getHintNum());
}
return hint;
}
/**
* getParams.
*
* @return a {@link java.util.List} object.
*/
public List getParams() {
Vector params = null;
if (showParams() && getParser() != null) {
params = new Vector();
Enumeration e = getParser().getParameterNames();
while ((e != null) && e.hasMoreElements()) {
String name = (String) e.nextElement();
String[] values = getParser().getParameterValues(name);
for (int loop = 0; (values != null) && (loop < values.length); loop++) {
params.add(new Parameter(name, values[loop]));
// params.add( name + " -> " + values[loop] );
}
}
Collections.sort(params);
}
return params;
}
/**
* getCookies.
*
* @return a {@link java.util.List} object.
*/
public List getCookies() {
List cookies = null;
if (showCookies()) {
cookies = Arrays.asList(request.getCookies());
}
/*
* List cookies = new Vector(); HttpServletRequest request = getRequest(); Cookie[] cookies
* = request.getCookies(); if ( cookies.length == 0 ) { list.addElement( new LI(
* "No Cookies" ) ); } for ( int i = 0; i < cookies.length; i++ ) { Cookie cookie =
* cookies[i]; cookies.add(cookie); //list.addElement( new LI( cookie.getName() + " -> " +
* cookie.getValue() ) ); }
*/
return cookies;
}
/**
* Gets the cookie attribute of the CookieScreen object
*
* @return The cookie value
* @param cookieName a {@link java.lang.String} object.
*/
public String getCookie(String cookieName) {
Cookie[] cookies = getRequest().getCookies();
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equalsIgnoreCase(cookieName)) {
return (cookies[i].getValue());
}
}
return (null);
}
/**
* getSource.
*
* @return a {@link java.lang.String} object.
*/
public String getSource() {
return "Sorry. No Java Source viewing available.";
// return getCurrentLesson().getSource(this);
}
/**
* getSolution.
*
* @return a {@link java.lang.String} object.
*/
public String getSolution() {
return "Sorry. No solution is available.";
// return getCurrentLesson().getSolution(this);
}
/**
* getInstructions.
*
* @return a {@link java.lang.String} object.
*/
public String getInstructions() {
return getCurrentLesson().getInstructions(this);
}
/**
* Gets the message attribute of the WebSession object
*
* @return The message value
*/
public String getMessage() {
return (message.toString());
}
/**
* Gets the parser attribute of the WebSession object
*
* @return The parser value
*/
public ParameterParser getParser() {
return (myParser);
}
/**
* Gets the previousScreen attribute of the WebSession object
*
* @return The previousScreen value
*/
public int getPreviousScreen() {
return (previousScreen);
}
/**
* Gets the request attribute of the WebSession object
*
* @return The request value
*/
public HttpServletRequest getRequest() {
return request;
}
/**
* Setter for the field request.
*
* @param request a {@link javax.servlet.http.HttpServletRequest} object.
*/
public void setRequest(HttpServletRequest request) {
this.request = request;
}
/**
* Gets the response attribute of the WebSession object
*
* @return The response value
*/
public HttpServletResponse getResponse() {
return response;
}
/**
* Gets the servletName attribute of the WebSession object
*
* @return The servletName value
*/
public String getServletName() {
return (servletName);
}
/**
* Gets the sourceFile attribute of the WebSession object
*
* @return The sourceFile value
* @param fileName a {@link java.lang.String} object.
*/
public String getWebResource(String fileName) {
// Note: doesn't work for admin path! Maybe with a ../ attack
return (context.getRealPath(fileName));
}
/**
* Gets the admin attribute of the WebSession object
*
* @return The admin value
*/
public boolean isAdmin() {
return (isAdmin);
}
/**
* Gets the hackedAdmin attribute of the WebSession object
*
* @return The hackedAdmin value
*/
public boolean isHackedAdmin() {
return (isHackedAdmin);
}
/**
* Has the user ever hacked the hackable admin
*
* @return The hackedAdmin value
*/
public boolean completedHackableAdmin() {
return (completedHackableAdmin);
}
/**
* Gets the authenticated attribute of the WebSession object
*
* @return The authenticated value
*/
public boolean isAuthenticated() {
return (isAuthenticated);
}
private Map lessonSessions = new Hashtable();
/**
* isAuthenticatedInLesson.
*
* @param lesson a {@link org.owasp.webgoat.lessons.AbstractLesson} object.
* @return a boolean.
*/
public boolean isAuthenticatedInLesson(AbstractLesson lesson) {
boolean authenticated = false;
LessonSession lessonSession = getLessonSession(lesson);
if (lessonSession != null) {
authenticated = lessonSession.isAuthenticated();
}
// System.out.println("Authenticated for lesson " + lesson + "? " + authenticated);
return authenticated;
}
/**
* isAuthorizedInLesson.
*
* @param employeeId a int.
* @param functionId a {@link java.lang.String} object.
* @return a boolean.
*/
public boolean isAuthorizedInLesson(int employeeId, String functionId) {
return getCurrentLesson().isAuthorized(this, employeeId, functionId);
}
/**
* isAuthorizedInLesson.
*
* @param role a {@link java.lang.String} object.
* @param functionId a {@link java.lang.String} object.
* @return a boolean.
*/
public boolean isAuthorizedInLesson(String role, String functionId) {
return getCurrentLesson().isAuthorized(this, role, functionId);
}
/**
* getUserIdInLesson.
*
* @return a int.
* @throws org.owasp.webgoat.session.ParameterNotFoundException if any.
*/
public int getUserIdInLesson() throws ParameterNotFoundException {
return getCurrentLesson().getUserId(this);
}
/**
* getUserNameInLesson.
*
* @return a {@link java.lang.String} object.
* @throws org.owasp.webgoat.session.ParameterNotFoundException if any.
*/
public String getUserNameInLesson() throws ParameterNotFoundException {
return getCurrentLesson().getUserName(this);
}
/**
* openLessonSession.
*
* @param lesson a {@link org.owasp.webgoat.lessons.AbstractLesson} object.
*/
public void openLessonSession(AbstractLesson lesson) {
System.out.println("Opening new lesson session for lesson " + lesson);
LessonSession lessonSession = new LessonSession();
lessonSessions.put(lesson, lessonSession);
}
/**
* closeLessonSession.
*
* @param lesson a {@link org.owasp.webgoat.lessons.AbstractLesson} object.
*/
public void closeLessonSession(AbstractLesson lesson) {
lessonSessions.remove(lesson);
}
/**
* getLessonSession.
*
* @param lesson a {@link org.owasp.webgoat.lessons.AbstractLesson} object.
* @return a {@link org.owasp.webgoat.session.LessonSession} object.
*/
public LessonSession getLessonSession(AbstractLesson lesson) {
return lessonSessions.get(lesson);
}
/**
* Gets the challenge attribute of the WebSession object
*
* @return The challenge value
*/
public boolean isChallenge() {
if (getCurrentLesson() != null) {
return (Category.CHALLENGE.equals(getCurrentLesson().getCategory()));
}
return false;
}
/**
* Gets the color attribute of the WebSession object
*
* @return The color value
*/
public boolean isColor() {
return (isColor);
}
/**
* Gets the screen attribute of the WebSession object
*
* @param value Description of the Parameter
* @return The screen value
*/
public boolean isScreen(int value) {
return (getCurrentScreen() == value);
}
/**
* Gets the user attribute of the WebSession object
*
* @return The user value
*/
public boolean isUser() {
return (!isAdmin && !isChallenge());
}
/**
* Sets the message attribute of the WebSession object
*
* @param text The new message value
*/
public void setMessage(String text) {
message.append("
" + " * " + text);
}
/**
* setLineBreak.
*
* @param text a {@link java.lang.String} object.
*/
public void setLineBreak(String text) {
message.append("
" + text);
}
/**
* Description of the Method
*
* @return Description of the Return Value
*/
public boolean showCookies() {
return (showCookies);
}
/**
* Description of the Method
*
* @return Description of the Return Value
*/
public boolean showParams() {
return (showParams);
}
/**
* Description of the Method
*
* @return Description of the Return Value
*/
public boolean showRequest() {
return (showRequest);
}
/**
* Description of the Method
*
* @return Description of the Return Value
*/
public boolean showSource() {
return (showSource);
}
/**
* showSolution.
*
* @return a boolean.
*/
public boolean showSolution() {
return (showSolution);
}
/**
* Gets the userName attribute of the WebSession object
*
* @return The userName value
*/
public String getUserName() {
HttpServletRequest request = getRequest();
if (request == null) {
throw new RuntimeException("Could not find the ServletRequest in the web session");
}
Principal principal = request.getUserPrincipal();
if (principal == null) {
throw new RuntimeException("Could not find the Principal in the Servlet Request");
}
return principal.getName();
}
/**
* Parse parameters from the given request, handle any servlet commands, and
* update this session based on the parameters.
*
* @param request Description of the Parameter
* @param response Description of the Parameter
* @param name Description of the Parameter
* @throws java.io.IOException if any.
*/
public void update(HttpServletRequest request, HttpServletResponse response, String name) throws IOException {
String content = null;
clearMessage();
this.request = request;
this.response = response;
this.servletName = name;
if (myParser == null) {
myParser = new ParameterParser(request);
} else {
myParser.update(request);
}
Locale locale = request.getLocale();
if(locale != null) {
LabelManager labelManager = BeanProvider.getBean("labelManager", LabelManager.class);
labelManager.setLocale(locale);
}
// System.out.println("Current Screen 1: " + currentScreen );
// System.out.println("Previous Screen 1: " + previousScreen );
// FIXME: requires ?Logout=true
// FIXME: doesn't work right -- no reauthentication
// REMOVED - we have explicit logout now via spriing security
/*
if (myParser.getRawParameter(LOGOUT, null) != null) {
System.out.println("Logout " + request.getUserPrincipal());
eatCookies();
request.getSession().invalidate();
currentScreen = WELCOME;
previousScreen = ERROR;
}
*/
// There are several scenarios where we want the first lesson to be loaded
// 1) Previous screen is Welcome - Start of the course
// 2) After a logout and after the session has been reinitialized
if ((this.getPreviousScreen() == WebSession.WELCOME) || (getRequest().getSession(false) != null
&& // getRequest().getSession(false).isNew() &&
this.getCurrentScreen() == WebSession.WELCOME && this.getPreviousScreen() == WebSession.ERROR)) {
currentScreen = course.getFirstLesson().getScreenId();
hintNum = -1;
}
// System.out.println("Current Screen 2: " + currentScreen );
// System.out.println("Previous Screen 2: " + previousScreen );
// update the screen variables
previousScreen = currentScreen;
try {
// If the request is new there should be no parameters.
// This can occur from a session timeout or a the starting of a new course.
if (!request.getSession().isNew()) {
currentScreen = myParser.getIntParameter(SCREEN, currentScreen);
} else {
if (!myParser.getRawParameter(SCREEN, "NULL").equals("NULL")) {
this.setMessage("Session Timeout - Starting new Session.");
}
}
} catch (Exception e) {
}
// clear variables when switching screens
if (this.getCurrentScreen() != this.getPreviousScreen()) {
if (webgoatContext.isDebug()) {
setMessage("Changed to a new screen, clearing cookies and hints");
}
eatCookies();
hintNum = -1;
} else if (myParser.getRawParameter(STAGE, null) != null) {
AbstractLesson al = getCurrentLesson();
if (al instanceof SequentialLessonAdapter) {
SequentialLessonAdapter sla = (SequentialLessonAdapter) al;
int stage = myParser.getIntParameter(STAGE, sla.getStage(this));
if (stage > 0 && stage <= sla.getStageCount()) {
sla.setStage(this, stage);
}
} else if (al instanceof RandomLessonAdapter) {
try {
RandomLessonAdapter rla = (RandomLessonAdapter) al;
if (!myParser.getRawParameter(STAGE).equals("null")) {
int stage = myParser.getIntParameter(STAGE) - 1;
String[] stages = rla.getStages();
if (stages == null) {
stages = new String[0];
}
if (stage >= 0 && stage < stages.length) {
rla.setStage(this, stages[stage]);
}
} else {
rla.setStage(this, null);
}
} catch (ParameterNotFoundException pnfe) {
}
}
} // else update global variables for the current screen
else {
// Handle "restart" commands
int lessonId = myParser.getIntParameter(RESTART, -1);
if (lessonId != -1) {
restartLesson(lessonId);
}
// if ( myParser.getBooleanParameter( RESTART, false ) )
// {
// getCurrentLesson().getLessonTracker( this ).getLessonProperties().setProperty(
// CHALLENGE_STAGE, "1" );
// }
// Handle "show" commands
String showCommand = myParser.getStringParameter(SHOW, null);
if (showCommand != null) {
if (showCommand.equalsIgnoreCase(SHOW_PARAMS)) {
showParams = !showParams;
} else if (showCommand.equalsIgnoreCase(SHOW_COOKIES)) {
showCookies = !showCookies;
} else if (showCommand.equalsIgnoreCase(SHOW_SOURCE)) {
content = getSource();
// showSource = true;
} else if (showCommand.equalsIgnoreCase(SHOW_SOLUTION)) {
content = getSolution();
// showSource = true;
} else if (showCommand.equalsIgnoreCase(SHOW_NEXTHINT)) {
getNextHint();
} else if (showCommand.equalsIgnoreCase(SHOW_PREVIOUSHINT)) {
getPreviousHint();
}
}
}
isAdmin = request.isUserInRole(WEBGOAT_ADMIN);
isHackedAdmin = myParser.getBooleanParameter(ADMIN, isAdmin);
if (isHackedAdmin) {
System.out.println("Hacked admin");
hasHackedHackableAdmin = true;
}
isColor = myParser.getBooleanParameter(COLOR, isColor);
isDebug = myParser.getBooleanParameter(DEBUG, isDebug);
// System.out.println( "showParams:" + showParams );
// System.out.println( "showSource:" + showSource );
// System.out.println( "showSolution:" + showSolution );
// System.out.println( "showCookies:" + showCookies );
// System.out.println( "showRequest:" + showRequest );
if (content != null) {
response.setContentType("text/html");
PrintWriter out = new PrintWriter(response.getOutputStream());
out.print(content);
out.flush();
out.close();
}
}
/**
* updateLastAttackRequestInfo.
*
* @param request a {@link javax.servlet.http.HttpServletRequest} object.
*/
public void updateLastAttackRequestInfo(HttpServletRequest request) {
// store cookies
Cookie[] cookies = request.getCookies();
if (cookies == null) {
this.cookiesOnLastRequest = new ArrayList();
} else {
this.cookiesOnLastRequest = Arrays.asList(cookies);
}
// store parameters
Map parmMap = request.getParameterMap();
logger.info("PARM MAP: " + parmMap);
if (parmMap == null) {
this.parmsOnLastRequest = new ArrayList();
} else {
this.parmsOnLastRequest = new ArrayList();
for (String name : parmMap.keySet()) {
String[] values = parmMap.get(name);
String delim = "";
StringBuffer sb = new StringBuffer();
if (values != null && values.length > 0) {
for (String parm : values) {
sb.append(delim).append(parm);
delim = ",";
}
}
RequestParameter parm = new RequestParameter(name, sb.toString());
this.parmsOnLastRequest.add(parm);
}
}
}
/**
* restartLesson.
*
* @param lessonId a int.
*/
public void restartLesson(int lessonId) {
AbstractLesson al = getLesson(lessonId);
System.out.println("Restarting lesson: " + al);
al.restartLesson();
al.getLessonTracker(this).setCompleted(false);
if (al instanceof SequentialLessonAdapter) {
SequentialLessonAdapter sla = (SequentialLessonAdapter) al;
sla.getLessonTracker(this).setStage(1);
} else if (al instanceof RandomLessonAdapter) {
RandomLessonAdapter rla = (RandomLessonAdapter) al;
rla.setStage(this, rla.getStages()[0]);
}
}
/**
* setHasHackableAdmin.
*
* @param role a {@link java.lang.String} object.
*/
public void setHasHackableAdmin(String role) {
hasHackedHackableAdmin = (AbstractLesson.HACKED_ADMIN_ROLE.equals(role) & hasHackedHackableAdmin);
// if the user got the Admin=true parameter correct AND they accessed an admin screen
if (hasHackedHackableAdmin) {
completedHackableAdmin = true;
}
}
/**
* isDebug.
*
* @return Returns the isDebug.
*/
public boolean isDebug() {
return isDebug;
}
/**
* getHeader.
*
* @param header - request header value to return
* @return a {@link java.lang.String} object.
*/
public String getHeader(String header) {
return getRequest().getHeader(header);
}
/**
* getNextHint.
*
* @return a {@link java.lang.String} object.
*/
public String getNextHint() {
String hint = null;
// FIXME
int maxHints = getCurrentLesson().getHintCount(this);
if (hintNum < maxHints - 1) {
hintNum++;
// Hints are indexed from 0
getCurrentLesson().getLessonTracker(this).setMaxHintLevel(getHintNum() + 1);
hint = (String) getCurrentLesson().getHint(this, getHintNum());
}
return hint;
}
/**
* getPreviousHint.
*
* @return a {@link java.lang.String} object.
*/
public String getPreviousHint() {
String hint = null;
if (hintNum > 0) {
hintNum--;
// Hints are indexed from 0
getCurrentLesson().getLessonTracker(this).setMaxHintLevel(getHintNum() + 1);
hint = (String) getCurrentLesson().getHint(this, getHintNum());
}
return hint;
}
/**
* Setter for the field currentMenu.
*
* @param ranking a {@link java.lang.Integer} object.
*/
public void setCurrentMenu(Integer ranking) {
currentMenu = ranking.intValue();
}
/**
* Getter for the field currentMenu.
*
* @return a int.
*/
public int getCurrentMenu() {
return currentMenu;
}
/**
* Getter for the field webgoatContext.
*
* @return a {@link org.owasp.webgoat.session.WebgoatContext} object.
*/
public WebgoatContext getWebgoatContext() {
return webgoatContext;
}
/**
* getCurrrentLanguage.
*
* @return a {@link java.lang.String} object.
*/
public String getCurrrentLanguage() {
return currentLanguage;
}
/**
* Getter for the field cookiesOnLastRequest.
*
* @return the cookiesOnLastRequest
*/
public List getCookiesOnLastRequest() {
return cookiesOnLastRequest;
}
/**
* Getter for the field parmsOnLastRequest.
*
* @return the parmsOnLastRequest
*/
public List getParmsOnLastRequest() {
return parmsOnLastRequest;
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy