Skip to content

Commit deedf65

Browse files
davewichersdavewichers
committed
Initial release
Check in of April 15, 2015 version of WebGoat benchmark edition
1 parent 1d48bc3 commit deedf65

File tree

41,985 files changed

+1236291
-0
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

41,985 files changed

+1236291
-0
lines changed

pom.xml

Lines changed: 299 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,299 @@
1+
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
2+
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
3+
<modelVersion>4.0.0</modelVersion>
4+
<groupId>org.owasp</groupId>
5+
<artifactId>webgoat-benchmark</artifactId>
6+
<version>1.0-SNAPSHOT</version>
7+
<packaging>war</packaging>
8+
9+
<dependencies>
10+
11+
<dependency>
12+
<groupId>javax</groupId>
13+
<artifactId>javaee-api</artifactId>
14+
<version>7.0</version>
15+
<scope>provided</scope>
16+
</dependency>
17+
18+
<dependency>
19+
<groupId>junit</groupId>
20+
<artifactId>junit</artifactId>
21+
<version>4.11</version>
22+
<scope>test</scope>
23+
</dependency>
24+
25+
<dependency>
26+
<groupId>org.apache.geronimo.ext.tomcat</groupId>
27+
<artifactId>jasper</artifactId>
28+
<version>7.0.39.2</version>
29+
</dependency>
30+
31+
<dependency>
32+
<groupId>org.eclipse.jdt.core.compiler</groupId>
33+
<artifactId>ecj</artifactId>
34+
<version>4.4</version>
35+
</dependency>
36+
37+
<dependency>
38+
<groupId>org.glassfish.web</groupId>
39+
<artifactId>el-impl</artifactId>
40+
<version>2.2</version>
41+
<scope>provided</scope>
42+
</dependency>
43+
44+
<dependency>
45+
<groupId>org.apache.commons</groupId>
46+
<artifactId>commons-collections4</artifactId>
47+
<version>4.0</version>
48+
</dependency>
49+
50+
<dependency>
51+
<groupId>org.hibernate</groupId>
52+
<artifactId>hibernate-entitymanager</artifactId>
53+
<version>3.3.2.GA</version>
54+
</dependency>
55+
56+
<dependency>
57+
<groupId>org.bouncycastle</groupId>
58+
<artifactId>bcprov-jdk16</artifactId>
59+
<version>1.46</version>
60+
</dependency>
61+
62+
<dependency>
63+
<groupId>org.hibernate</groupId>
64+
<artifactId>hibernate-core</artifactId>
65+
<version>3.3.0.SP1</version>
66+
</dependency>
67+
68+
<dependency>
69+
<groupId>org.hsqldb</groupId>
70+
<artifactId>hsqldb</artifactId>
71+
<version>2.3.2</version>
72+
</dependency>
73+
74+
<dependency>
75+
<groupId>javax.transaction</groupId>
76+
<artifactId>jta</artifactId>
77+
<version>1.1</version>
78+
</dependency>
79+
80+
<dependency>
81+
<groupId>net.sourceforge.jwebunit</groupId>
82+
<artifactId>jwebunit-core</artifactId>
83+
<version>3.2</version>
84+
</dependency>
85+
86+
<dependency>
87+
<groupId>net.sourceforge.jwebunit</groupId>
88+
<artifactId>jwebunit-htmlunit-plugin</artifactId>
89+
<version>3.2</version>
90+
</dependency>
91+
92+
<dependency>
93+
<groupId>ch.qos.logback</groupId>
94+
<artifactId>logback-classic</artifactId>
95+
<version>1.1.2</version>
96+
</dependency>
97+
98+
99+
<dependency>
100+
<groupId>ch.qos.logback</groupId>
101+
<artifactId>logback-core</artifactId>
102+
<version>1.1.2</version>
103+
</dependency>
104+
105+
<dependency>
106+
<groupId>org.mockito</groupId>
107+
<artifactId>mockito-all</artifactId>
108+
<version>1.10.19</version>
109+
</dependency>
110+
111+
<dependency>
112+
<groupId>net.sourceforge.nekohtml</groupId>
113+
<artifactId>nekohtml</artifactId>
114+
<version>1.9.21</version>
115+
</dependency>
116+
117+
<dependency>
118+
<groupId>org.apache.ant</groupId>
119+
<artifactId>ant-apache-regexp</artifactId>
120+
<version>1.8.2</version>
121+
</dependency>
122+
123+
124+
<dependency>
125+
<groupId>org.w3c.css</groupId>
126+
<artifactId>sac</artifactId>
127+
<version>1.3</version>
128+
</dependency>
129+
130+
<dependency>
131+
<groupId>log4j</groupId>
132+
<artifactId>log4j</artifactId>
133+
<version>1.2.17</version>
134+
</dependency>
135+
136+
<dependency>
137+
<groupId>org.apache.sling</groupId>
138+
<artifactId>org.apache.sling.scripting.jsp</artifactId>
139+
<version>2.1.6</version>
140+
</dependency>
141+
142+
<dependency>
143+
<groupId>org.slf4j</groupId>
144+
<artifactId>slf4j-api</artifactId>
145+
<version>1.7.12</version>
146+
</dependency>
147+
148+
<dependency>
149+
<groupId>xalan</groupId>
150+
<artifactId>xalan</artifactId>
151+
<version>2.7.2</version>
152+
</dependency>
153+
154+
<dependency>
155+
<groupId>xerces</groupId>
156+
<artifactId>xercesImpl</artifactId>
157+
<version>2.11.0</version>
158+
</dependency>
159+
160+
<dependency>
161+
<groupId>xml-apis</groupId>
162+
<artifactId>xml-apis</artifactId>
163+
<version>1.4.01</version>
164+
</dependency>
165+
166+
<dependency>
167+
<groupId>xom</groupId>
168+
<artifactId>xom</artifactId>
169+
<version>1.2.5</version>
170+
</dependency>
171+
172+
<dependency>
173+
<groupId>org.springframework</groupId>
174+
<artifactId>spring-core</artifactId>
175+
<version>4.1.5.RELEASE</version>
176+
</dependency>
177+
178+
<dependency>
179+
<groupId>org.springframework</groupId>
180+
<artifactId>spring-web</artifactId>
181+
<version>4.1.5.RELEASE</version>
182+
</dependency>
183+
184+
<dependency>
185+
<groupId>org.owasp.encoder</groupId>
186+
<artifactId>encoder</artifactId>
187+
<version>1.1.1</version>
188+
</dependency>
189+
190+
<dependency>
191+
<groupId>org.owasp.esapi</groupId>
192+
<artifactId>esapi</artifactId>
193+
<version>2.1.0</version>
194+
</dependency>
195+
196+
<dependency>
197+
<groupId>com.google.guava</groupId>
198+
<artifactId>guava</artifactId>
199+
<version>18.0</version>
200+
</dependency>
201+
202+
<dependency>
203+
<groupId>org.apache.struts</groupId>
204+
<artifactId>struts2-core</artifactId>
205+
<version>2.3.20</version>
206+
</dependency>
207+
208+
<dependency>
209+
<groupId>commons-collections</groupId>
210+
<artifactId>commons-collections</artifactId>
211+
<version>3.1</version>
212+
</dependency>
213+
214+
</dependencies>
215+
216+
<build>
217+
<finalName>webgoat-benchmark</finalName>
218+
<resources>
219+
<resource>
220+
<directory>${basedir}/src/main/resources</directory>
221+
</resource>
222+
</resources>
223+
<plugins>
224+
<plugin>
225+
<groupId>org.codehaus.mojo</groupId>
226+
<artifactId>findbugs-maven-plugin</artifactId>
227+
<version>3.0.1</version>
228+
<configuration>
229+
<argLine>-maxHeap 2048 -include findbugsfilter.xml</argLine>
230+
</configuration>
231+
</plugin>
232+
</plugins>
233+
234+
<pluginManagement>
235+
<plugins>
236+
<!--This plugin's configuration is used to store Eclipse m2e settings
237+
only. It has no influence on the Maven build itself. -->
238+
<plugin>
239+
<groupId>org.eclipse.m2e</groupId>
240+
<artifactId>lifecycle-mapping</artifactId>
241+
<version>1.0.0</version>
242+
<configuration>
243+
<lifecycleMappingMetadata>
244+
<pluginExecutions>
245+
<pluginExecution>
246+
<pluginExecutionFilter>
247+
<groupId>
248+
org.codehaus.mojo.jspc
249+
</groupId>
250+
<artifactId>
251+
jspc-maven-plugin
252+
</artifactId>
253+
<versionRange>
254+
[2.0-alpha-3,)
255+
</versionRange>
256+
<goals>
257+
<goal>compile</goal>
258+
</goals>
259+
</pluginExecutionFilter>
260+
<action>
261+
<ignore></ignore>
262+
</action>
263+
</pluginExecution>
264+
</pluginExecutions>
265+
</lifecycleMappingMetadata>
266+
</configuration>
267+
</plugin>
268+
<plugin>
269+
<groupId>org.codehaus.mojo</groupId>
270+
<artifactId>findbugs-maven-plugin</artifactId>
271+
<version>3.0.1</version>
272+
<configuration>
273+
<argLine>-maxHeap 2048 -include findbugsfilter.xml</argLine>
274+
</configuration>
275+
</plugin>
276+
</plugins>
277+
</pluginManagement>
278+
</build>
279+
280+
<reporting>
281+
<plugins>
282+
<plugin>
283+
<groupId>org.codehaus.mojo</groupId>
284+
<artifactId>findbugs-maven-plugin</artifactId>
285+
<version>3.0.1</version>
286+
<configuration>
287+
<argLine>-debug -maxHeap 2048 -include findbugsfilter.xml</argLine>
288+
</configuration>
289+
</plugin>
290+
</plugins>
291+
</reporting>
292+
293+
<properties>
294+
<maven.compiler.source>1.7</maven.compiler.source>
295+
<maven.compiler.target>1.7</maven.compiler.target>
296+
<failOnMissingWebXml>false</failOnMissingWebXml>
297+
</properties>
298+
299+
</project>

src/main/java/org/owasp/webgoat/benchmark/helpers/DatabaseHelper.java

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,92 @@
1+
package org.owasp.webgoat.benchmark.helpers;
2+
3+
import java.sql.Connection;
4+
import java.sql.DriverManager;
5+
import java.sql.SQLException;
6+
import java.sql.Statement;
7+
8+
public class DatabaseHelper {
9+
private static Statement stmt;
10+
private static Connection conn;
11+
12+
static {
13+
initData();
14+
}
15+
16+
public static java.sql.Statement getSqlStatement() {
17+
if (conn == null) {
18+
getSqlConnection();
19+
}
20+
21+
if (stmt == null) {
22+
try {
23+
stmt = conn.createStatement();
24+
} catch (SQLException e) {
25+
System.out.println("Problem with database init.");
26+
}
27+
}
28+
29+
return stmt;
30+
}
31+
32+
public static java.sql.Connection getSqlConnection() {
33+
if (conn == null) {
34+
try {
35+
Class.forName("org.hsqldb.jdbcDriver");
36+
String url = "jdbc:hsqldb:benchmarkDataBase;sql.enforce_size=false";
37+
conn = DriverManager.getConnection(url, "sa", "");
38+
} catch (SQLException | ClassNotFoundException e) {
39+
System.out.println("Problem with database init.");
40+
}
41+
}
42+
return conn;
43+
// return org.mockito.Mockito.mock(java.sql.Connection.class);
44+
}
45+
46+
private static void initData() {
47+
try {
48+
executeSQLCommand("DROP PROCEDURE IF EXISTS verifyUserPassword");
49+
executeSQLCommand("DROP TABLE IF EXISTS USERS");
50+
executeSQLCommand("DROP TABLE IF EXISTS EMPLOYEE");
51+
executeSQLCommand("DROP TABLE IF EXISTS CERTIFICATE");
52+
53+
executeSQLCommand("CREATE TABLE USERS (userid int NOT NULL GENERATED BY DEFAULT AS IDENTITY, username varchar(50), password varchar(50),PRIMARY KEY (userid));");
54+
executeSQLCommand("CREATE PROCEDURE verifyUserPassword(IN username_ varchar(50), IN password_ varchar(50))"
55+
+ " READS SQL DATA"
56+
+ " DYNAMIC RESULT SETS 1"
57+
+ " BEGIN ATOMIC"
58+
+ " DECLARE resultSet SCROLL CURSOR WITH HOLD WITH RETURN FOR SELECT * FROM USERS;" //WHERE USERNAME = user AND PASSWORD = pass;"
59+
+ " OPEN resultSet;"
60+
+"END;");
61+
62+
executeSQLCommand("create table EMPLOYEE ("
63+
+ " id INT NOT NULL GENERATED BY DEFAULT AS IDENTITY,"
64+
+ " first_name VARCHAR(20) default NULL,"
65+
+ " last_name VARCHAR(20) default NULL,"
66+
+ " salary INT default NULL," + " PRIMARY KEY (id)"
67+
+ " );");
68+
69+
executeSQLCommand("create table CERTIFICATE ("
70+
+ " id INT NOT NULL GENERATED BY DEFAULT AS IDENTITY,"
71+
+ " certificate_name VARCHAR(30) default NULL,"
72+
+ " employee_id INT default NULL," + " PRIMARY KEY (id)"
73+
+ ");");
74+
75+
executeSQLCommand("INSERT INTO USERS (username, password) VALUES('User01', 'P455w0rd')");
76+
executeSQLCommand("INSERT INTO USERS (username, password) VALUES('User02', 'B3nchM3rk')");
77+
executeSQLCommand("INSERT INTO USERS (username, password) VALUES('User03', 'a$c11')");
78+
executeSQLCommand("INSERT INTO USERS (username, password) VALUES('foo', 'bar')");
79+
80+
} catch (Exception e1) {
81+
System.out.println("Problem with database init.");
82+
}
83+
}
84+
85+
public static void executeSQLCommand(String sql) throws Exception {
86+
if (stmt == null) {
87+
getSqlStatement();
88+
}
89+
stmt.executeUpdate(sql);
90+
}
91+
92+
}

0 commit comments

Comments
 (0)