diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java b/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java index 70522a37fe..3ddaade5ca 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java @@ -75,7 +75,7 @@ public class HammerHead extends HttpServlet { /** * Description of the Field */ - protected static SimpleDateFormat httpDateFormat; + protected static final SimpleDateFormat httpDateFormat; /** * Set the session timeout to be 2 days @@ -86,7 +86,7 @@ public class HammerHead extends HttpServlet { /** * Properties file path */ - public static String propertiesPath = null; + public static final String propertiesPath = null; /** * provides convenience methods for getting setup information from the diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java index 79b56858c0..91dcd5cabc 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java @@ -131,7 +131,7 @@ private static Connection getHsqldbConnection(String user, WebgoatContext contex SQLException { String url = context.getDatabaseConnectionString().replaceAll("\\$\\{USER\\}", user); - return DriverManager.getConnection(url, "sa", ""); + return DriverManager.getConnection(url, "sa", "sa-password"); } /** diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/Screen.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/Screen.java index 40bc3a6d18..7e508e6e41 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/Screen.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/Screen.java @@ -50,7 +50,7 @@ public abstract class Screen { /** * Description of the Field */ - public static int MAIN_SIZE = 375; + public static final int MAIN_SIZE = 375; // private Head head; private Element content; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/UserDatabase.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/UserDatabase.java index 25867223ca..7d4e33d1ee 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/UserDatabase.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/UserDatabase.java @@ -18,7 +18,7 @@ class UserDatabase { private final String QUERY_ALL_USERS = "SELECT username FROM users;"; private final String QUERY_ALL_ROLES_FOR_USERNAME = "SELECT rolename FROM roles, user_roles, users WHERE roles.id = user_roles.role_id AND user_roles.user_id = users.id AND users.username = ?;"; - private final String QUERY_TABLE_COUNT = "SELECT count(id) AS count FROM table;"; + private final String QUERY_TABLE_COUNT = "SELECT count(id) AS count FROM ?;"; private final String DELETE_ALL_ROLES_FOR_USER = "DELETE FROM user_roles WHERE user_id IN (SELECT id FROM users WHERE username = ?);"; private final String DELETE_USER = "DELETE FROM users WHERE username = ?;"; @@ -48,7 +48,7 @@ public boolean open() { try { if (userDB == null || userDB.isClosed()) { Class.forName("org.h2.Driver"); - userDB = DriverManager.getConnection(USER_DB_URI, "webgoat_admin", ""); + userDB = DriverManager.getConnection(USER_DB_URI, "webgoat_admin", "webgoat_admin-password"); } } catch (SQLException e) { e.printStackTrace(); @@ -86,13 +86,14 @@ public int getTableCount(String tableName) { int count = 0; try { open(); - Statement statement = userDB.createStatement(); - ResultSet countResult = statement.executeQuery(QUERY_TABLE_COUNT.replace("table", tableName)); + PreparedStatement prepared_tableName = userDB.prepareStatement(QUERY_TABLE_COUNT); + prepared_tableName.setString(1, tableName); + ResultSet countResult = prepared_tableName.executeQuery(); if (countResult.next()) { count = countResult.getInt("count"); } countResult.close(); - statement.close(); + prepared_tableName.close(); close(); } catch (SQLException e) { e.printStackTrace();