package org.owasp.webgoat.plugin.dbsqlinjection;

import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.ElementContainer;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.plugin.GoatHillsFinancial.DeleteProfile;
import org.owasp.webgoat.plugin.GoatHillsFinancial.EditProfile;
import org.owasp.webgoat.plugin.GoatHillsFinancial.FindProfile;
import org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial;
import org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction;
import org.owasp.webgoat.plugin.GoatHillsFinancial.ListStaff;
import org.owasp.webgoat.plugin.GoatHillsFinancial.Logout;
import org.owasp.webgoat.plugin.GoatHillsFinancial.SearchStaff;
import org.owasp.webgoat.plugin.GoatHillsFinancial.UpdateProfile;
import org.owasp.webgoat.plugin.GoatHillsFinancial.ViewProfile;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.ValidationException;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/db-sql-injection-1.0.jar:org/owasp/webgoat/plugin/dbsqlinjection/DBSQLInjection.class */
public class DBSQLInjection extends GoatHillsFinancial {
    private static final Integer DEFAULT_RANKING = new Integer(75);
    public static final int PRIZE_EMPLOYEE_ID = 112;
    public static final String PRIZE_EMPLOYEE_NAME = "Neville Bartholomew";
    public static final String STAGE1 = "String SQL Injection";
    public static final String STAGE2 = "Block SQL Injection using Bind Variables";

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial
    public void registerActions(String str) {
        registerAction(new ListStaff(this, str, GoatHillsFinancial.LISTSTAFF_ACTION));
        registerAction(new SearchStaff(this, str, GoatHillsFinancial.SEARCHSTAFF_ACTION));
        registerAction(new ViewProfile(this, str, GoatHillsFinancial.VIEWPROFILE_ACTION));
        registerAction(new EditProfile(this, str, GoatHillsFinancial.EDITPROFILE_ACTION));
        registerAction(new EditProfile(this, str, GoatHillsFinancial.CREATEPROFILE_ACTION));
        registerAction(new LoginDBSQLInjection(this, str, GoatHillsFinancial.LOGIN_ACTION, getAction(GoatHillsFinancial.LISTSTAFF_ACTION)));
        registerAction(new Logout(this, str, "Logout", getAction(GoatHillsFinancial.LOGIN_ACTION)));
        registerAction(new FindProfile(this, str, GoatHillsFinancial.FINDPROFILE_ACTION, getAction(GoatHillsFinancial.VIEWPROFILE_ACTION)));
        registerAction(new UpdateProfile(this, str, GoatHillsFinancial.UPDATEPROFILE_ACTION, getAction(GoatHillsFinancial.VIEWPROFILE_ACTION)));
        registerAction(new DeleteProfile(this, str, GoatHillsFinancial.DELETEPROFILE_ACTION, getAction(GoatHillsFinancial.LISTSTAFF_ACTION)));
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public Category getDefaultCategory() {
        return Category.INJECTION;
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial, org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("The application is taking your input and inserting it at the end of a pre-formed SQL command.");
        arrayList.add("This is the code for the query being built and issued by WebGoat:<br><br> stmt  := 'SELECT USERID FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';<br>EXECUTE IMMEDIATE stmt INTO v_userid;");
        arrayList.add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR.  Remember: You need to end up with a SQL statement that only returns one row, since we are using an INTO clause");
        arrayList.add("You may need to use OWASP ZAP to remove a field length limit to fit your attack.");
        arrayList.add("Try entering a password of [ ' OR userid=112 OR password=' ].");
        arrayList.add("Change the Stored procedure to use bind variables.");
        return arrayList;
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial, org.owasp.webgoat.lessons.RandomLessonAdapter
    public String[] getStages() {
        return getWebgoatContext().isCodingExercises() ? new String[]{"String SQL Injection", STAGE2} : new String[]{"String SQL Injection"};
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial, org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        String str = "";
        if (!getLessonTracker(webSession).getCompleted()) {
            String stage = getStage(webSession);
            if ("String SQL Injection".equals(stage)) {
                str = "Stage 1: Use String SQL Injection to bypass authentication. The goal here is to login as the user Neville Bartholomew, who is in the Admin group.  You do not have the password, but the form is SQL injectable. View the EMPLOYEE_LOGIN stored procedure and see if you can determine why the exploit exists.";
            } else if (STAGE2.equals(stage)) {
                str = "Stage 2: Use bind variables.<br>Using the Squirrel SQL Client, update the EMPLOYEE_LOGIN stored procedure in the database to use bind variables, rather than string concatenation. Repeat the SQL Injection attack. Verify that the attack is no longer effective.";
            }
        }
        return str;
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial, org.owasp.webgoat.lessons.AbstractLesson
    public void handleRequest(WebSession webSession) {
        String str;
        if (webSession.getLessonSession(this) == null) {
            webSession.openLessonSession(this);
        }
        try {
            str = webSession.getParser().getStringParameter("action");
        } catch (ParameterNotFoundException e) {
            str = GoatHillsFinancial.LOGIN_ACTION;
        }
        if (str != null) {
            try {
                LessonAction action = getAction(str);
                if (action == null) {
                    setCurrentAction(webSession, "error");
                } else if (!action.requiresAuthentication() || action.isAuthenticated(webSession)) {
                    action.handleRequest(webSession);
                }
            } catch (ParameterNotFoundException e2) {
                e2.printStackTrace();
                setCurrentAction(webSession, "error");
            } catch (UnauthenticatedException e3) {
                webSession.setMessage("Login failed");
                e3.printStackTrace();
            } catch (UnauthorizedException e4) {
                webSession.setMessage("You are not authorized to perform this function");
                e4.printStackTrace();
            } catch (ValidationException e5) {
                e5.printStackTrace();
                setCurrentAction(webSession, "error");
            } catch (Exception e6) {
                e6.printStackTrace();
                setCurrentAction(webSession, "error");
            }
        }
        setContent(new ElementContainer());
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial, org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial, org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "LAB: DB SQL Injection";
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial, org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected boolean getDefaultHidden() {
        String databaseDriver = getWebgoatContext().getDatabaseDriver();
        return (databaseDriver.contains("oracle") || databaseDriver.contains("hsqldb")) ? false : true;
    }
}
