Improve overall.

k-tamura · Dec 26, 2016 · 11bd32c · 11bd32c
1 parent 815c21b
commit 11bd32c
Show file tree

Hide file tree

Showing 10 changed files with 117 additions and 48 deletions.
diff --git a/pom.xml b/pom.xml
@@ -59,6 +59,11 @@
       <artifactId>jol-core</artifactId>
       <version>0.6</version>
     </dependency>
+    <!-- <dependency>
+      <groupId>mysql</groupId>
+      <artifactId>mysql-connector-java</artifactId>
+      <version>5.1.17</version>
+    </dependency> -->
   </dependencies>
   <build>
       <plugins>

diff --git a/src/main/java/org/t246osslab/easybuggy/others/IntegerOverflowServlet.java b/src/main/java/org/t246osslab/easybuggy/others/IntegerOverflowServlet.java
@@ -30,7 +30,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
             writer.write("<TITLE>" + MessageUtils.getMsg("title.integer.overflow.page", locale) + "</TITLE>");
             writer.write("</HEAD>");
             writer.write("<BODY>");
-            writer.write("<form action=\"/iof\" method=\"post\">");
+            writer.write("<form action=\"iof\" method=\"post\">");
             writer.write("<input type=\"text\" name=\"days\" size=\"8\" maxlength=\"8\">");
             writer.write(MessageUtils.getMsg("label.days", locale));
             writer.write("<br>");

diff --git a/src/main/java/org/t246osslab/easybuggy/others/LossOfTrailingDigitsServlet.java b/src/main/java/org/t246osslab/easybuggy/others/LossOfTrailingDigitsServlet.java
@@ -32,7 +32,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
             writer.write("<TITLE>" + MessageUtils.getMsg("title.loss.of.trailing.digits.page", locale) + "</TITLE>");
             writer.write("</HEAD>");
             writer.write("<BODY>");
-            writer.write("<form action=\"/lotd\" method=\"post\">");
+            writer.write("<form action=\"lotd\" method=\"post\">");
             writer.write("<input type=\"text\" name=\"number\" size=\"18\" maxlength=\"18\">");
             writer.write(" + 1 = ");
             String strNumber = req.getParameter("number");

diff --git a/src/main/java/org/t246osslab/easybuggy/others/RoundOffErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/others/RoundOffErrorServlet.java
@@ -32,7 +32,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
             writer.write("<TITLE>" + MessageUtils.getMsg("title.round.off.error.page", locale) + "</TITLE>");
             writer.write("</HEAD>");
             writer.write("<BODY>");
-            writer.write("<form action=\"/roe\" method=\"post\">");
+            writer.write("<form action=\"roe\" method=\"post\">");
             writer.write("<input type=\"text\" name=\"number\" size=\"1\" maxlength=\"1\">");
             writer.write(" - 0.9 = ");
             String strNumber = req.getParameter("number");

diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet2.java b/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet2.java
@@ -18,6 +18,7 @@
 import javax.servlet.http.HttpServletResponse;
 
 import org.pmw.tinylog.Logger;
+import org.t246osslab.easybuggy.utils.ApplicationUtils;
 import org.t246osslab.easybuggy.utils.Closer;
 import org.t246osslab.easybuggy.utils.MessageUtils;
 
@@ -40,7 +41,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
             writer.write("<TITLE>" + MessageUtils.getMsg("title.sql.deadlock.page", locale) + "</TITLE>");
             writer.write("</HEAD>");
             writer.write("<BODY>");
-            writer.write("<form action=\"/deadlock2\" method=\"post\">");
+            writer.write("<form action=\"deadlock2\" method=\"post\">");
             writer.write(MessageUtils.getMsg("msg.reset.all.users.passwd", locale));
             writer.write("<br><br>");
             writer.write(MessageUtils.getMsg("msg.note.sql.deadlock", locale));
@@ -78,23 +79,34 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
 
 class EmbeddedJavaDb2 {
 
-    // static final String dbUrl = "jdbc:derby:demo;create=true";
-    // In-memory database URL
-    static final String dbUrl = "jdbc:derby:memory:demo;create=true";
+    static final String dbUrl = ApplicationUtils.getDatabaseURL();
+    static final String dbDriver = ApplicationUtils.getDatabaseDriver();
 
     static {
         Connection conn = null;
         Statement stmt = null;
         try {
+            if (dbDriver != null && !dbDriver.equals("")) {
+                try {
+                    Class.forName("com.mysql.jdbc.Driver");
+                } catch (ClassNotFoundException e) {
+                    Logger.error(e);
+                }
+            }
             conn = DriverManager.getConnection(dbUrl);
             stmt = conn.createStatement();
 
+            try {
+                stmt.executeUpdate("drop table users2");
+            } catch (SQLException e) {
+                // ignore exception if exist the table
+            }
             // create users table
-            stmt.executeUpdate("Create table users (id int primary key, name varchar(30), password varchar(100))");
+            stmt.executeUpdate("create table users2 (id int primary key, name varchar(30), password varchar(100))");
 
             // insert rows
-            stmt.executeUpdate("insert into users values (0,'Mark','password')");
-            stmt.executeUpdate("insert into users values (1,'James','pathwood')");
+            stmt.executeUpdate("insert into users2 values (0,'Mark','password')");
+            stmt.executeUpdate("insert into users2 values (1,'James','pathwood')");
 
         } catch (SQLException e) {
             Logger.error(e);
@@ -123,10 +135,17 @@ public String update(String[] names, Locale locale) {
         int executeUpdate = 0;
         String message = "";
         try {
+            if (dbDriver != null && !dbDriver.equals("")) {
+                try {
+                    Class.forName("com.mysql.jdbc.Driver");
+                } catch (ClassNotFoundException e) {
+                    Logger.error(e);
+                }
+            }
             conn = DriverManager.getConnection(dbUrl);
             conn.setAutoCommit(false);
 
-            stmt = conn.prepareStatement("Update users set password = ?  where name = ?");
+            stmt = conn.prepareStatement("Update users2 set password = ?  where name = ?");
             stmt.setString(1, UUID.randomUUID().toString());
             stmt.setString(2, names[0]);
             executeUpdate = stmt.executeUpdate();

diff --git a/src/main/java/org/t246osslab/easybuggy/utils/ApplicationUtils.java b/src/main/java/org/t246osslab/easybuggy/utils/ApplicationUtils.java
@@ -9,6 +9,12 @@ public class ApplicationUtils {
     // default port: 8989
     private static int openBuggyPort = 8989;
 
+    // default database url: derby in-memory
+    private static String databaseURL = "jdbc:derby:memory:demo;create=true";
+
+    // default database url: null
+    private static String databaseDriver = null;
+
     static {
         ResourceBundle bundle = null;
         try {
@@ -21,9 +27,29 @@ public class ApplicationUtils {
         } catch (Exception e) {
             Logger.error(e);
         }
+        try {
+            databaseURL = bundle.getString("database.url");
+        } catch (Exception e) {
+            Logger.error(e);
+        }
+        try {
+            if (!databaseURL.startsWith("jdbc:derby:memory")) {
+                databaseDriver = bundle.getString("database.driver");
+            }
+        } catch (Exception e) {
+            Logger.error(e);
+        }
     }
 
     public static int getEasyBuggyPort() {
         return openBuggyPort;
     }
+
+    public static String getDatabaseURL() {
+        return databaseURL;
+    }
+
+    public static String getDatabaseDriver() {
+        return databaseDriver;
+    }
 }
diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java
@@ -16,6 +16,7 @@
 import javax.servlet.http.HttpServletResponse;
 
 import org.pmw.tinylog.Logger;
+import org.t246osslab.easybuggy.utils.ApplicationUtils;
 import org.t246osslab.easybuggy.utils.Closer;
 import org.t246osslab.easybuggy.utils.MessageUtils;
 
@@ -39,7 +40,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
             writer.write("<TITLE>" + MessageUtils.getMsg("title.sql.injection.page", locale) + "</TITLE>");
             writer.write("</HEAD>");
             writer.write("<BODY>");
-            writer.write("<form action=\"/sqlijc\" method=\"post\">");
+            writer.write("<form action=\"sqlijc\" method=\"post\">");
             writer.write(MessageUtils.getMsg("msg.enter.name.and.passwd", locale));
             writer.write("<br><br>");
             writer.write(MessageUtils.getMsg("msg.example.name.and.passwd", locale));
@@ -79,15 +80,25 @@ class EmbeddedJavaDb {
 
     static {
         Statement stmt = null;
-        // In-memory database URL
-        String dbUrl = "jdbc:derby:memory:demo;create=true";
         try {
+            String dbDriver = ApplicationUtils.getDatabaseDriver();
+            if (dbDriver != null && !dbDriver.equals("")) {
+                try {
+                    Class.forName("com.mysql.jdbc.Driver");
+                } catch (ClassNotFoundException e) {
+                    Logger.error(e);
+                }
+            }
+            String dbUrl = ApplicationUtils.getDatabaseURL();
             conn = DriverManager.getConnection(dbUrl);
             stmt = conn.createStatement();
-
+            try {
+                stmt.executeUpdate("drop table users");
+            } catch (SQLException e) {
+                // ignore exception if exist the table
+            }
             // create users table
-            stmt.executeUpdate(
-                    "Create table users (id int primary key, name varchar(30), password varchar(30), secret varchar(30))");
+            stmt.executeUpdate("create table users (id int primary key, name varchar(30), password varchar(30), secret varchar(30))");
 
             // insert rows
             stmt.executeUpdate("insert into users values (0,'Mark','password','57249037993')");

diff --git a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XSSServlet.java b/src/main/java/org/t246osslab/easybuggy/vulnerabilities/XSSServlet.java
@@ -33,7 +33,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
             writer.write("<TITLE>" + MessageUtils.getMsg("title.xss.page", locale) + "</TITLE>");
             writer.write("</HEAD>");
             writer.write("<BODY>");
-            writer.write("<form action=\"/xss\" method=\"post\">");
+            writer.write("<form action=\"xss\" method=\"post\">");
             writer.write(MessageUtils.getMsg("msg.enter.name", locale));
             writer.write("<br><br>");
             writer.write(MessageUtils.getMsg("msg.example.name", locale));

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -1 +1,9 @@
-easybuggy.port=8989
+# EasyBuggy port
+easybuggy.port=8989
+
+# In-memory database URL (derby)
+database.url=jdbc:derby:memory:demo;create=true
+
+# Local MySQL server
+#database.url=jdbc:mysql://localhost:3306/easybuggy?user=easybuggy&password=password
+#database.driver=com.mysql.jdbc.Driver