Update instructions to use docker-compose only

.gitignore

@@ -46,4 +46,8 @@ webgoat-lessons/vulnerable-components/dependency-reduced-pom.xml
 **/.vscode/*
 **/.factorypath
 /.sonatype
-**/bin/*
+**/bin/*
+webgoat.lck
+webgoat.log
+webgoat.properties
+webgoat.script

README.MD

@@ -34,7 +34,7 @@ first thing that all hackers claim.*
 Download the latest WebGoat release from [https://github.com/WebGoat/WebGoat/releases](https://github.com/WebGoat/WebGoat/releases)
 
 ```Shell
-java -jar webgoat-server-<<version>>.jar [--server.port=8080] [--server.address=localhost]
+java -jar webgoat-server-8.0.0.VERSION.jar [--server.port=8080] [--server.address=localhost]
 ```
 
 By default WebGoat starts on port 8080 with `--server.port` you can specify a different port. With `server.address` you
@@ -48,40 +48,21 @@ java --add-modules java.xml.bind -jar webgoat-server-8.0.0.VERSION.jar
 
 ## 2. Run using Docker
 
-From time to time we publish a new development preview of WebGoat 8 on Docker HUB, you can download this version
-[https://hub.docker.com/r/webgoat/webgoat-8.0/](https://hub.docker.com/r/webgoat/webgoat-8.0/).
-First install Docker, then open a command shell/window and type:
+Every release is also published on [DockerHub]((https://hub.docker.com/r/webgoat/webgoat-8.0/)).
 
-```Shell
-docker pull webgoat/webgoat-8.0
-docker run -p 8080:8080 -it webgoat/webgoat-8.0 /home/webgoat/start.sh 
-```
-
-If you want to keep the database between Docker sessions you need to map the WebGoat data directory to a 
-folder on the host system as follows:
-
-```Shell
-docker run -p 8080:8080 -it -v /tmp/webgoat-data:/home/webgoat/.webgoat-${VERSION} webgoat/webgoat-8.0 /home/webgoat/start.sh
-```
+### Using docker-compose
 
-where `${VERSION}` is for example `v8.0.0.M14`. The data will now be stored in `/tmp/webgoat-data` on your host system.
+The easiest way to start WebGoat as a Docker container is to use the `docker-compose.yml` [file](https://raw.githubusercontent.com/WebGoat/WebGoat/develop/docker-compose.yml) 
+from our Github repository. This will start both containers and it also takes care of setting up the
+connection between WebGoat and WebWolf.
 
-Wait for the Docker container to start, and run `docker ps` to verify it's running.
-
-- If you are using `docker-machine`, verify the machine IP using `docker-machine env`
-- If you are using `boot2docker` on OSX, verify the IP by running `docker network inspect bridge`
-- Otherwise, the host will be bound to localhost
-
-Once you have the IP and port, you'll want to navigate to the `/WebGoat` path in the URL. For example:
-
-```
-http://192.168.99.100:8080/WebGoat
+```shell
+curl https://raw.githubusercontent.com/WebGoat/WebGoat/develop/docker-compose.yml | docker-compose -f - up
 ```
 
-Here you'll be able to register a new user and get started.
-
-_Please note: this version may not be completely in sync with the develop branch._
+**Important**: the current directory on your host will be mapped into the container for keeping state.
 
+Using the `docker-compose` file will simplify getting WebGoat and WebWolf up and running.
 
 
 ## 3. Run from the sources

docker-compose-local.yml

@@ -0,0 +1,18 @@
+version: '2.1'
+
+services:
+  webgoat:
+    image: webgoat/webgoat-v8.0.0.snapshot
+    environment:
+      - WEBWOLF_HOST=webwolf
+      - WEBWOLF_PORT=9090
+    ports:
+      - "8080:8080"
+    volumes:
+      - .:/home/webgoat/.webgoat
+  command: "java -Djava.security.egd=file:/dev/./urandom -jar /home/webgoat/webgoat.jar --server.address=0.0.0.0 --server.port=8080"
+  webwolf:
+    image: webgoat/webwolf-v8.0.0.snapshot
+    ports:
+      - "9090:9090"
+    command: bash -c "sleep 8 && java -Djava.security.egd=file:/dev/./urandom -jar /home/webwolf/webwolf.jar --server.port=9090 --server.address=0.0.0.0 --spring.datasource.url=jdbc:hsqldb:hsql://webgoat:9001/webgoat"

docker-compose-postgres.yml

@@ -12,6 +12,8 @@ services:
       - spring.datasource.password=webgoat
       - spring.datasource.driver-class-name=org.postgresql.Driver
       - spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL94Dialect
+       - webgoat.server.directory=/home/webgoat/.webgoat/
+        - webgoat.user.directory=/home/webgoat/.webgoat/
     ports:
       - "8080:8080"
   webwolf:
@@ -27,6 +29,9 @@ services:
   db:
     container_name: webgoat_db
     image: postgres:latest
+# Uncomment to store the state of the database on the host.
+#    volumes:
+#      - ./database:/var/lib/postgresql
     environment:
       - POSTGRES_PASSWORD=webgoat
       - POSTGRES_USER=webgoat

docker-compose.yml

@@ -6,24 +6,13 @@ services:
     environment:
       - WEBWOLF_HOST=webwolf
       - WEBWOLF_PORT=9090
-      - spring.datasource.url=jdbc:hsqldb:hsql://webgoat_db:9001/webgoat
     ports:
       - "8080:8080"
-    depends_on:
-      - db
+    volumes:
+      - .:/home/webgoat/.webgoat
+    command: "java -Djava.security.egd=file:/dev/./urandom -jar /home/webgoat/webgoat.jar --server.address=0.0.0.0"
   webwolf:
     image: webgoat/webwolf
-    environment:
-          - spring.datasource.url=jdbc:hsqldb:hsql://webgoat_db:9001/webgoat
     ports:
       - "9090:9090"
-    depends_on:
-      - db
-  db:
-    image: blacklabelops/hsqldb
-    container_name: webgoat_db
-    environment:
-      - HSQLDB_TRACE=false
-      - HSQLDB_SILENT=true
-      - HSQLDB_DATABASE_NAME=webgoat
-      - HSQLDB_DATABASE_ALIAS=webgoat
+    command: bash -c "sleep 8 && java -Djava.security.egd=file:/dev/./urandom -jar /home/webwolf/webwolf.jar --server.port=9090 --server.address=0.0.0.0 --spring.datasource.url=jdbc:hsqldb:hsql://webgoat_db:9001/webgoat"

pom.xml

@@ -6,7 +6,7 @@
     <groupId>org.owasp.webgoat</groupId>
     <artifactId>webgoat-parent</artifactId>
     <packaging>pom</packaging>
-    <version>v8.0.0.M20</version>
+    <version>v8.0.0.SNAPSHOT</version>
 
     <name>WebGoat Parent Pom</name>
     <description>Parent Pom for the WebGoat Project. A deliberately insecure Web Application</description>

scripts/start.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+DATABASE_PORT=9001
+
+checkDatabaseAvailable(){
+
+  #for i in $(seq 1 5); do command && s=0 && break || s=$? && sleep 15; done; (exit $s)
+  local started = $(netstat -lnt | grep ${DATABASE_PORT})
+  echo $?
+}
+
+#java -Djava.security.egd=file:/dev/./urandom -jar home/webgoat/webgoat.jar --server.address=0.0.0.0
+$(checkDatabaseAvailable)
+
+
+#java -Djava.security.egd=file:/dev/./urandom -jar /home/webwolf/webwolf.jar --server.port=9090 --server.address=0.0.0.0
+
+

webgoat-container/pom.xml

@@ -10,7 +10,7 @@
     <parent>
         <groupId>org.owasp.webgoat</groupId>
         <artifactId>webgoat-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <profiles>

webgoat-lessons/auth-bypass/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
 </project>

webgoat-lessons/bypass-restrictions/pom.xml

@@ -6,6 +6,6 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 </project>

webgoat-lessons/challenge/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
 

webgoat-lessons/client-side-filtering/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
 </project>

webgoat-lessons/cross-site-scripting/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
     <build>
        <plugins>

webgoat-lessons/csrf/pom.xml

@@ -6,6 +6,6 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 </project>

webgoat-lessons/html-tampering/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <dependencies>

webgoat-lessons/http-basics/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
 </project>

webgoat-lessons/http-proxies/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <dependencies>

webgoat-lessons/idor/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
 </project>

webgoat-lessons/insecure-deserialization/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <dependencies>

webgoat-lessons/insecure-login/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <dependencies>

webgoat-lessons/jwt/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <dependencies>

webgoat-lessons/missing-function-ac/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
 </project>

webgoat-lessons/password-reset/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <dependencies>

webgoat-lessons/pom.xml

@@ -5,12 +5,12 @@
     <groupId>org.owasp.webgoat.lesson</groupId>
     <artifactId>webgoat-lessons-parent</artifactId>
     <packaging>pom</packaging>
-    <version>v8.0.0.M20</version>
+    <version>v8.0.0.SNAPSHOT</version>
 
     <parent>
         <groupId>org.owasp.webgoat</groupId>
         <artifactId>webgoat-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <modules>

webgoat-lessons/sql-injection/pom.xml

@@ -6,6 +6,6 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 </project>

webgoat-lessons/vulnerable-components/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
     <dependencies>
         <dependency>

webgoat-lessons/webgoat-introduction/pom.xml

@@ -6,6 +6,6 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 </project>

webgoat-lessons/webwolf-introduction/pom.xml

@@ -6,6 +6,6 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 </project>

webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc

@@ -23,8 +23,8 @@ website. The following items are supported in WebWolf:
 * Receiving email
 * Landing page for incoming requests
 
-WebWolf runs as a separate web application and is started automatically when using the Docker image. If you
-are not using the Docker image you will need to download the jar file and start it:
+WebWolf runs as a separate web application. If you are using the Docker-compose file you can just point your browser webWolfLink:here[] to open WebWolf.
+If you want to use the standalone version, you will need to download the jar file and start it:
 
 ```
 java -jar webwolf-<<version>>.jar [--server.port=9090] [--server.address=localhost]
@@ -33,17 +33,7 @@ java -jar webwolf-<<version>>.jar [--server.port=9090] [--server.address=localho
 By default WebWolf starts on port 9090 with `--server.port` you can specify a different port. With `server.address` you
 can bind it to a different address (default localhost)
 
-WebWolf is also available as a Docker container, because it shares the database with WebGoat we first need
-to find out the ip address of the Docker container.
-
-```
-WEBGOAT_SERVER_ADDRESS=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" `docker ps | grep webgoat | awk '{print $1}'`)
-docker pull webgoat/webwolf
-docker run -e webgoat.server.address=${WEBGOAT_SERVER_ADDRESS} -it -p 9090:9090 webgoat/webwolf /home/webwolf/run.sh
-```
-
-Note: if you start WebGoat as standalone application you need to start WebWolf as standalone application as well. If
-you start WebGoat as Docker container you need to start WebWolf as Docker container as well.
+Note: if you start WebGoat as standalone application you need to start WebWolf as standalone application as well.
 
 
 This will start the application on port 9090, click webWolfLink:here[] to open WebWolf.

webgoat-lessons/xxe/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.owasp.webgoat.lesson</groupId>
         <artifactId>webgoat-lessons-parent</artifactId>
-        <version>v8.0.0.M20</version>
+        <version>v8.0.0.SNAPSHOT</version>
     </parent>
 
     <dependencies>