Update to new version for develop

Move WebWolf to port 9090 easier since most of the time something is running on 8081 Add scripts for easy building Docker files etc
MarcRler · May 30, 2018 · ecb7688 · ecb7688
1 parent 0de784e
commit ecb7688
Show file tree

Hide file tree

Showing 46 changed files with 131 additions and 67 deletions.
diff --git a/docker-compose-postgres.yml b/docker-compose-postgres.yml
@@ -6,6 +6,7 @@ services:
     user: webgoat
     environment:
       - WEBWOLF_HOST=webwolf
+      - WEBWOLF_PORT=9090
       - spring.datasource.url=jdbc:postgresql://webgoat_db:5432/webgoat
       - spring.datasource.username=webgoat
       - spring.datasource.password=webgoat
@@ -22,7 +23,7 @@ services:
       - spring.datasource.driver-class-name=org.postgresql.Driver
       - spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL94Dialect
     ports:
-      - "8081:8081"
+      - "9090:9090"
   db:
     container_name: webgoat_db
     image: postgres:latest

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -5,6 +5,7 @@ services:
     image: webgoat/webgoat-8.0
     environment:
       - WEBWOLF_HOST=webwolf
+      - WEBWOLF_PORT=9090
       - spring.datasource.url=jdbc:hsqldb:hsql://webgoat_db:9001/webgoat
     ports:
       - "8080:8080"
@@ -15,7 +16,7 @@ services:
     environment:
           - spring.datasource.url=jdbc:hsqldb:hsql://webgoat_db:9001/webgoat
     ports:
-      - "8081:8081"
+      - "9090:9090"
     depends_on:
       - db
   db:

diff --git a/pom.xml b/pom.xml
@@ -1,11 +1,12 @@
 <?xml version="1.0"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.webgoat</groupId>
     <artifactId>webgoat-parent</artifactId>
     <packaging>pom</packaging>
-    <version>v8.0.0.M15</version>
+    <version>v8.0.0.SNAPSHOT</version>
 
     <name>WebGoat Parent Pom</name>
     <description>Parent Pom for the WebGoat Project. A deliberately insecure Web Application</description>
@@ -53,17 +54,17 @@
         <developer>
             <id>jwayman</id>
             <name>Jeff Wayman</name>
-            <email />
+            <email/>
         </developer>
         <developer>
             <id>dcowden</id>
             <name>Dave Cowden</name>
-            <email />
+            <email/>
         </developer>
         <developer>
             <id>lawson89</id>
             <name>Richard Lawson</name>
-            <email />
+            <email/>
         </developer>
         <developer>
             <id>dougmorato</id>
@@ -92,8 +93,8 @@
         <url>https://github.com/WebGoat/WebGoat</url>
         <connection>scm:git:[email protected]:WebGoat/WebGoat.git</connection>
         <developerConnection>scm:git:[email protected]:WebGoat/WebGoat.git</developerConnection>
-      <tag>HEAD</tag>
-  </scm>
+        <tag>HEAD</tag>
+    </scm>
 
     <issueManagement>
         <system>Github Issues</system>
@@ -202,7 +203,7 @@
     <profiles>
         <profile>
             <id>release</id>
-			<dependencies>
+            <dependencies>
                 <dependency>
                     <groupId>org.owasp.webgoat.lesson</groupId>
                     <artifactId>dist</artifactId>
@@ -214,7 +215,7 @@
             </dependencies>
             <build>
                 <plugins>
-				    <plugin>
+                    <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-dependency-plugin</artifactId>
                         <executions>
@@ -225,7 +226,9 @@
                                 </goals>
                                 <phase>generate-resources</phase>
                                 <configuration>
-                                    <outputDirectory>${project.basedir}/webgoat-container/src/main/webapp/plugin_lessons</outputDirectory>
+                                    <outputDirectory>
+                                        ${project.basedir}/webgoat-container/src/main/webapp/plugin_lessons
+                                    </outputDirectory>
                                     <includeArtifactIds>dist</includeArtifactIds>
                                     <includes>*.jar</includes>
                                 </configuration>
@@ -324,15 +327,15 @@
                 <artifactId>coveralls-maven-plugin</artifactId>
                 <version>${coveralls-maven-plugin.version}</version>
                 <configuration>
-                    <repoToken />
+                    <repoToken/>
                 </configuration>
             </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>
                 <version>${cobertura-maven-plugin.version}</version>
                 <configuration>
-                    <check />
+                    <check/>
                     <format>xml</format>
                     <maxmem>256m</maxmem>
                     <!-- aggregated reports for multi-module projects -->

diff --git a/scripts/build-all.sh b/scripts/build-all.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+cd ..
+
+nc -zv 127.0.0.1 8080 2>/dev/null
+SUCCESS=$?
+nc -zv 127.0.0.1 9090 2>/dev/null
+SUCCESS=${SUCCESS}$?
+
+if [[ "${SUCCESS}" -eq 00 ]] ; then
+  echo "WebGoat and or WebWolf are still running, please stop them first otherwise unit tests might fail!"
+  exit 127
+fi
+
+
+#mvn clean install
+#if [[ "$?" -ne 0 ]] ; then
+#  exit y$?
+#fi
+
+cd -
+sh build_docker.sh
+
+echo "Do you want to run docker-compose?"
+while true; do
+    read -p "Do you want to run docker-compose?" yn
+    case ${yn} in
+        [Yy]* ) sh clean-run-docker-compose.sh; break;;
+        [Nn]* ) exit;;
+        * ) echo "Please answer yes or no.";;
+    esac
+done
diff --git a/scripts/build_docker.sh b/scripts/build_docker.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+WEBGOAT_HOME=$(pwd)/../
+
+cd ${WEBGOAT_HOME}/webgoat-server
+docker build -t webgoat/webgoat-8.0 .
+
+cd ${WEBGOAT_HOME}/webwolf
+docker build -t webgoat/webwolf .
+
diff --git a/scripts/clean-run-docker-compose.sh b/scripts/clean-run-docker-compose.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+cd ..
+docker-compose rm -f
+docker-compose up
diff --git a/scripts/run-docker-compose.sh b/scripts/run-docker-compose.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+cd ..
+docker-compose up
diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml
@@ -10,7 +10,7 @@
     <parent>
         <groupId>org.owasp.webgoat</groupId>
         <artifactId>webgoat-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <profiles>

diff --git a/webgoat-container/src/main/resources/application.properties b/webgoat-container/src/main/resources/application.properties
@@ -37,7 +37,7 @@ webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
 webgoat.default.language=en
 
 webwolf.host=${WEBWOLF_HOST:localhost}
-webwolf.port=${WEBWOLF_PORT:8081}
+webwolf.port=${WEBWOLF_PORT:9090}
 webwolf.url=http://${webwolf.host}:${webwolf.port}/WebWolf
 webwolf.url.landingpage=http://${webwolf.host}:${webwolf.port}/landing
 webwolf.url.mail=http://${webwolf.host}:${webwolf.port}/mail

diff --git a/webgoat-images/vagrant-training/Vagrantfile b/webgoat-images/vagrant-training/Vagrantfile
@@ -3,7 +3,7 @@
 Vagrant.configure(2) do |config|
   config.vm.box = "ubuntu/trusty64"
   config.vm.network :forwarded_port, guest: 8080, host: 8080
-  config.vm.network :forwarded_port, guest: 8081, host: 8081
+  config.vm.network :forwarded_port, guest: 9090, host: 9090
   config.vm.provider "virtualbox" do |vb|
   	vb.gui = false
   	vb.memory = "4096"

diff --git a/webgoat-lessons/auth-bypass/pom.xml b/webgoat-lessons/auth-bypass/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
 </project>
diff --git a/webgoat-lessons/bypass-restrictions/pom.xml b/webgoat-lessons/bypass-restrictions/pom.xml
@@ -6,6 +6,6 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 </project>
diff --git a/webgoat-lessons/challenge/pom.xml b/webgoat-lessons/challenge/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
 

diff --git a/webgoat-lessons/client-side-filtering/pom.xml b/webgoat-lessons/client-side-filtering/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
 </project>
diff --git a/webgoat-lessons/cross-site-scripting/pom.xml b/webgoat-lessons/cross-site-scripting/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
     <build>
        <plugins>

diff --git a/webgoat-lessons/csrf/pom.xml b/webgoat-lessons/csrf/pom.xml
@@ -6,6 +6,6 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 </project>
diff --git a/webgoat-lessons/html-tampering/pom.xml b/webgoat-lessons/html-tampering/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <dependencies>

diff --git a/webgoat-lessons/http-basics/pom.xml b/webgoat-lessons/http-basics/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
 </project>
diff --git a/webgoat-lessons/http-proxies/pom.xml b/webgoat-lessons/http-proxies/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <dependencies>

diff --git a/webgoat-lessons/idor/pom.xml b/webgoat-lessons/idor/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
 </project>
diff --git a/webgoat-lessons/insecure-deserialization/pom.xml b/webgoat-lessons/insecure-deserialization/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <dependencies>

diff --git a/webgoat-lessons/insecure-login/pom.xml b/webgoat-lessons/insecure-login/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <dependencies>

diff --git a/webgoat-lessons/jwt/pom.xml b/webgoat-lessons/jwt/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <dependencies>

diff --git a/webgoat-lessons/missing-function-ac/pom.xml b/webgoat-lessons/missing-function-ac/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
 </project>
diff --git a/webgoat-lessons/password-reset/pom.xml b/webgoat-lessons/password-reset/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <dependencies>

diff --git a/...at-lessons/password-reset/src/main/java/org/owasp/webgoat/plugin/ResetLinkAssignment.java b/...at-lessons/password-reset/src/main/java/org/owasp/webgoat/plugin/ResetLinkAssignment.java
@@ -62,7 +62,7 @@ public AttackResult sendPasswordResetLink(@RequestParam String email, HttpServle
         resetLinks.add(resetLink);
         String host = request.getHeader("host");
         if (org.springframework.util.StringUtils.hasText(email)) {
-            if (email.equals(TOM_EMAIL) && host.contains("8081")) { //User indeed changed the host header.
+            if (email.equals(TOM_EMAIL) && host.contains("9090")) { //User indeed changed the host header.
                 userToTomResetLink.put(getWebSession().getUserName(), resetLink);
                 fakeClickingLinkEmail(host, resetLink);
             } else {

diff --git a/webgoat-lessons/password-reset/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/password-reset/src/main/resources/i18n/WebGoatLabels.properties
@@ -15,7 +15,7 @@ password-reset-not-solved=Sorry but you did not redirect the reset link to WebWo
 password-reset-hint1=Try to send a password reset link to your own account at {user}@webgoat.org, you can read this e-mail in WebWolf.
 password-reset-hint2=Look at the link, can you think how the server creates this link?
 password-reset-hint3=Tom clicks all the links he receives in his mailbox, you can use the landing page in WebWolf to get the reset link...
-password-reset-hint4=The link points to localhost:8080/PasswordReset/.... can you change the host to localhost:8081
+password-reset-hint4=The link points to localhost:8080/PasswordReset/.... can you change the host to localhost:9090
 password-reset-hint5=Intercept the request and change the host header
 login_failed=Login failed
 login_failed.tom=Sorry only Tom can login at the moment
diff --git a/webgoat-lessons/pom.xml b/webgoat-lessons/pom.xml
@@ -5,12 +5,12 @@
     <groupId>org.owasp.webgoat.lesson</groupId>
     <artifactId>webgoat-lessons-parent</artifactId>
     <packaging>pom</packaging>
-    <version>v8.0.0.M15</version>
+    <version>v8.0.0.SNAPSHOT</version>
 
     <parent>
         <groupId>org.owasp.webgoat</groupId>
         <artifactId>webgoat-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <modules>

diff --git a/webgoat-lessons/sql-injection/pom.xml b/webgoat-lessons/sql-injection/pom.xml
@@ -6,6 +6,6 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 </project>
diff --git a/webgoat-lessons/vulnerable-components/pom.xml b/webgoat-lessons/vulnerable-components/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M15</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
     <dependencies>
         <dependency>