Update DataBaseServer.java

Author: nesterXneo

src/main/java/org/owasp/benchmark/helpers/DataBaseServer.java

@@ -12,77 +12,74 @@
  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
  * PURPOSE. See the GNU General Public License for more details
  *
- * @author Juan Gama
+ * @author Juan Gama and modified by nesterXneo
  * @created 2015
  */
 package org.owasp.benchmark.helpers;
 
 import java.io.IOException;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.List;
 import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import org.owasp.benchmark.service.pojo.Person;
 import org.owasp.benchmark.service.pojo.XMLMessage;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 @RestController
 public class DataBaseServer {
 
+    private static final Logger logger = LoggerFactory.getLogger(DataBaseServer.class);
+    private static final String NOT_IMPLEMENTED = "Not Implemented.";
+
+    @Autowired
+    private DatabaseService databaseService;
+
     @GetMapping(value = "/resetdb")
-    public ResponseEntity<List<XMLMessage>> getOtherOrder(
-            @RequestBody Person model, HttpServletRequest request, HttpServletResponse response)
-            throws ServletException, IOException {
-        ArrayList<XMLMessage> resp = new ArrayList<XMLMessage>();
-        resp.add(new XMLMessage("Not Implemented."));
-        return new ResponseEntity<List<XMLMessage>>(resp, HttpStatus.OK);
+    public ResponseEntity<List<XMLMessage>> resetDatabase(@RequestBody Person model) {
+        List<XMLMessage> resp = new ArrayList<>();
+        resp.add(new XMLMessage(NOT_IMPLEMENTED));
+        return new ResponseEntity<>(resp, HttpStatus.OK);
     }
 
     @PostMapping(value = "/testdb")
-    public ResponseEntity<List<XMLMessage>> createOrder2(
-            @RequestBody Person model, HttpServletRequest request, HttpServletResponse response)
-            throws ServletException, IOException {
-        List<XMLMessage> resp = new ArrayList<XMLMessage>();
-        resp.add(new XMLMessage("Not Implemented."));
-        return new ResponseEntity<List<XMLMessage>>(resp, HttpStatus.OK);
+    public ResponseEntity<List<XMLMessage>> testDatabase(@RequestBody Person model) {
+        List<XMLMessage> resp = new ArrayList<>();
+        resp.add(new XMLMessage(NOT_IMPLEMENTED));
+        return new ResponseEntity<>(resp, HttpStatus.OK);
     }
 
     @GetMapping(value = "/getall")
-    public ResponseEntity<List<XMLMessage>> getAll(
-            HttpServletRequest request, HttpServletResponse response)
-            throws ServletException, IOException {
-        List<XMLMessage> resp = new ArrayList<XMLMessage>();
+    public ResponseEntity<List<XMLMessage>> getAll() {
+        List<XMLMessage> resp = new ArrayList<>();
         String sql = "SELECT * from USERS";
-        try {
-            java.sql.Connection connection =
-                    org.owasp.benchmark.helpers.DatabaseHelper.getSqlConnection();
-            java.sql.PreparedStatement statement = connection.prepareStatement(sql);
-            statement.execute();
-            org.owasp.benchmark.helpers.DatabaseHelper.printResults(statement, sql, resp);
-        } catch (java.sql.SQLException e) {
-            if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
-                e.printStackTrace();
-                resp.add(new XMLMessage("Error processing request: " + e.getMessage()));
-                return new ResponseEntity<List<XMLMessage>>(resp, HttpStatus.OK);
-            } else throw new ServletException(e);
+        
+        try (Connection connection = databaseService.getConnection();
+             PreparedStatement statement = connection.prepareStatement(sql);
+             ResultSet resultSet = statement.executeQuery()) {
+            
+            while (resultSet.next()) {
+                // Process each row and add to resp
+                // This is a placeholder - adjust according to your actual data structure
+                resp.add(new XMLMessage(resultSet.getString("username")));
+            }
+            
+            return new ResponseEntity<>(resp, HttpStatus.OK);
+        } catch (SQLException e) {
+            logger.error("Database error occurred", e);
+            resp.add(new XMLMessage("An error occurred while processing your request."));
+            return new ResponseEntity<>(resp, HttpStatus.INTERNAL_SERVER_ERROR);
         }
-        return new ResponseEntity<List<XMLMessage>>(resp, HttpStatus.OK);
-    }
-
-    public static void main(String[] args) {
-        // This empty main() method is required to be able to start the Database. Otherwise you get
-        // the error:
-
-        /*
-        [java] Error: Main method not found in class org.owasp.benchmark.helpers.DataBaseServer, please define the main method as:
-        [java]    public static void main(String[] args)
-        [java] or a JavaFX application class must extend javafx.application.Application
-        */
     }
 }