feat: add Docker desktop version of WebGoat with all tools installed

The new Docker image uses linuxserver/webtop giving users the opportunity to run a Linux desktop in their browser without installing any tools on their local machine.
krukow · Feb 17, 2023 · f1012c8 · f1012c8
1 parent ecfc321
commit f1012c8
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 0 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,3 +1,4 @@
 **
 
 !/target
+!/config/desktop
diff --git a/Dockerfile_desktop b/Dockerfile_desktop
@@ -0,0 +1,29 @@
+FROM lscr.io/linuxserver/webtop:ubuntu-xfce
+LABEL NAME = "WebGoat: A deliberately insecure Web Application"
+MAINTAINER "WebGoat team"
+
+WORKDIR /config
+
+COPY target/webgoat-*.jar /config/webgoat.jar
+COPY config/desktop/start_webgoat.sh /config/start_webgoat.sh
+COPY config/desktop/start_zap.sh /config/start_zap.sh
+COPY config/desktop/WebGoat.txt /config/Desktop/
+
+RUN \
+ curl -LO https://github.com/zaproxy/zaproxy/releases/download/v2.12.0/ZAP_2.12.0_Linux.tar.gz && \
+ tar zfxv ZAP_2.12.0_Linux.tar.gz && \
+ rm -rf ZAP_2.12.0_Linux.tar.gz && \
+ curl -LO https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.6%2B10/OpenJDK17U-jre_aarch64_linux_hotspot_17.0.6_10.tar.gz && \
+ tar zfxv OpenJDK17U-jre_aarch64_linux_hotspot_17.0.6_10.tar.gz && \
+ rm -rf OpenJDK17U-jre_aarch64_linux_hotspot_17.0.6_10.tar.gz && \
+ chmod +x /config/start_webgoat.sh && \
+ chmod +x /config/start_zap.sh && \
+ apt-get update &&  \
+ apt-get --yes install vim nano && \
+ echo "JAVA_HOME=/config/jdk-17.0.6+10-jre/" >> .bash_aliases && \
+ echo "PATH=$PATH:$JAVA_HOME/bin" >> .bash_aliases
+
+
+ENV JAVA_HOME=/home/webgoat/jdk-17.0.6+10-jre
+
+WORKDIR /config/Desktop
diff --git a/config/desktop/WebGoat.txt b/config/desktop/WebGoat.txt
@@ -0,0 +1,10 @@
+** Welcome to WebGoat desktop image
+
+With this image you have WebGoat and ZAP and a browser available to you in a browser running on Ubuntu.
+You can start WebGoat and ZAP by opening a terminal and type:
+
+./start-webgoat.sh
+./start_zap.sh
+
+Happy hacking,
+Team WebGoat
diff --git a/config/desktop/start_webgoat.sh b/config/desktop/start_webgoat.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+/config/jdk-17.0.6+10-jre/bin/java \
+  -Duser.home=/config \
+  -Dfile.encoding=UTF-8 \
+  -DTZ=Europe/Amsterdam \
+  --add-opens java.base/java.lang=ALL-UNNAMED \
+  --add-opens java.base/java.util=ALL-UNNAMED \
+  --add-opens java.base/java.lang.reflect=ALL-UNNAMED \
+  --add-opens java.base/java.text=ALL-UNNAMED \
+  --add-opens java.desktop/java.beans=ALL-UNNAMED \
+  --add-opens java.desktop/java.awt.font=ALL-UNNAMED \
+  --add-opens java.base/sun.nio.ch=ALL-UNNAMED \
+  --add-opens java.base/java.io=ALL-UNNAMED \
+  --add-opens java.base/java.util=ALL-UNNAMED \
+  -Drunning.in.docker=false \
+  -jar /config/webgoat.jar
diff --git a/config/desktop/start_zap.sh b/config/desktop/start_zap.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+/config/jdk-17.0.6+10-jre/bin/java -jar /config/ZAP_2.12.0/zap-2.12.0.jar
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/sh

		/config/jdk-17.0.6+10-jre/bin/java -jar /config/ZAP_2.12.0/zap-2.12.0.jar