Travis now builds Docker and create a Github release.

Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
ldebug · Oct 18, 2017 · 3ee1a1c · 3ee1a1c
1 parent 50543a9
commit 3ee1a1c
Show file tree

Hide file tree

Showing 43 changed files with 291 additions and 453 deletions.
diff --git a/.gitignore b/.gitignore
@@ -38,3 +38,4 @@ webgoat-container/src/main/webapp/plugin_lessons/dist-*.pom
 webgoat-lessons/**/target
 **/*.jar
 **/.DS_Store
+webgoat-server/mongo-data/*
diff --git a/.travis.yml b/.travis.yml
@@ -3,40 +3,36 @@ jdk:
 - oraclejdk8
 install: "/bin/true"
 script:
-- mvn clean install
+- export BRANCH=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then echo $TRAVIS_BRANCH; else echo $TRAVIS_PULL_REQUEST_BRANCH; fi)
+- echo "TRAVIS_BRANCH=$TRAVIS_BRANCH, PR=$PR, BRANCH=$BRANCH"
+- mvn clean install -q
 cache:
   directories:
   - "$HOME/.m2"
-before_deploy:
-- export WEBGOAT_SERVER_TARGET_DIR=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-server/target
-- export WEBGOAT_ARTIFACTS_FOLDER=$HOME/build/$TRAVIS_REPO_SLUG/Deployable_Artifacts/
-- mkdir $WEBGOAT_ARTIFACTS_FOLDER
-- cp -fa $WEBGOAT_SERVER_TARGET_DIR/*.jar $WEBGOAT_ARTIFACTS_FOLDER/
-- echo "Contents of artifacts folder:"
-- ls $WEBGOAT_ARTIFACTS_FOLDER
 deploy:
-  provider: heroku
-  api_key:
-    secure: eqSm5syJhyvIwxQ/ZCMtfFVayiZjsr+1m0eIR36FKMU6iSz5V351G+VNjCy/G+7EIsm+KuoLHqbl+NxmmOsDf2YoQk8KAdnbecMLWVwB+VncLM0ZU4mEEBt3lJWUzStoy9UNgzKs6Nc/HQ0zllV61NfgFS17pNHvce5WfjKHzTA=
-  app: WebGoat
-  on:
-    repo: WebGoat/WebGoat
-    branch: develop
-after_success:
-- mvn versioneye:update
-- mvn cobertura:cobertura coveralls:report
-notifications:
-  slack:
-    secure: S9VFew5NSE8WDzYD1VDBUULKKT0fzgblQACznwQ85699b2yeX9TX58N3RZvRS1JVagVP1wu2xOrwN2g+AWx4Ro3UBZD5XG86uTJWpCLD4cRWHBoGMH2TfvI7/IzsWmgxH4MBxFRvZr/eEhlVAux+N9H4EoEdS4CKsJXEqV37PlA=
+  - provider: script
+    skip_cleanup: true
+    script: bash scripts/deploy-webgoat.sh
+    on:
+      repo: WebGoat/WebGoat
+      tags: true
+  - provider: script
+    skip_cleanup: true
+    script: bash scripts/deploy-webgoat.sh
+    on:
+      repo: WebGoat/WebGoat
+      branch: develop
+  - provider: releases
+    api_key:
+      #api-key from webgoat-github user
+      secure: pJOLBnl6427PcVg/tVy/qB18JC7b8cKpffau+IP0pjdSt7KUfBdBY3QuJ7mrM65zRoVILzggLckaew2PlRmYQRdumyWlyRn44XiJ9KO4n6Bsufbz+ictB4ggtozpp9+I9IIUh1TmqypL9lhkX2ONM9dSHmyblYpAAgMuYSK8FYc=
+    file: "webgoat-server/target/webgoat-server*.jar"
+    on:
+      repo: WebGoat/WebGoat
+      tags: true
 env:
   global:
-  - secure: ZLZKz6lGt8YZ+NhkZPBAlI235+lEmu37Tcf+yTwh5yXuHAlnvvF6hPui7rANA/stbYGOIqIdhGOXbdrwyTU4Pvg78VwJOwsa9RtHJfou3pg4Ud9i0/dEeVl8aakmg2HDaWYGcFox8X1ViVc5UWjuBLztfJKQUEx0buJoWdMSf2E=
-addons:
-  coverity_scan:
-    project:
-      name: WebGoat/WebGoat
-      description: Coverity Scan from Travis CI Build Automation
-    notification_email: [email protected]
-    build_command_prepend: mvn clean
-    build_command: mvn -DskipTests=true package
-    branch_pattern: coverity_scan
+  #Docker login
+  - secure: XgPc0UKRTUI70I4YWNQpThPPWeQIxkmzh1GNoR/SSDC2GPIBq3EfkkbSQewqil8stTy+S1/xSzc0JXG8NTn7UOxHVHA/2nhI6jX9E+DKtXQ89YwmaDNQjkbMjziAtDCIex+5TRykxNfkxj6VPYbDssrzI7iJXOIZVj/HoyO3O5E=
+  #Docker password
+  - secure: aly5TKBUK9sIiqtMbytNNPZHQhC0a7Yond5tEtuJ8fO+j/KZB4Uro3I6BhzYjGWFb5Kndd0j2TXHPFvtOl402J1CmFsY3v0BhilQd0g6zOssp5T0A73m8Jgq4ItV8wQJJy2bQsXqL1B+uFYieYPiMchj7JxWW0vBn7TV5b68l6U=
diff --git a/README.MD b/README.MD
@@ -41,7 +41,7 @@ First install Docker, then open a command shell/window and type:
 
 ```Shell
 docker pull webgoat/webgoat-8.0
-docker run -p 8080:8080 webgoat/webgoat-8.0
+docker run -p 8080:8080 -it webgoat/webgoat-8.0 /home/webgoat/start.sh 
 ```
 
 Wait for the Docker container to start, and run `docker ps` to verify it's running.
@@ -60,7 +60,16 @@ Here you'll be able to register a new user and get started.
 
 _Please note: this version may not be completely in sync with the develop branch._
 
-## 2. Run from the sources
+## 2. Standalone 
+
+Download the latest WebWolf release from [https://github.com/WebGoat/WebGoat/releases](https://github.com/WebGoat/WebGoat/releases)
+
+```Shell
+java -jar webwolf-<<version>>.jar
+```
+
+
+## 3. Run from the sources
 
 ### Prerequisites:
 
@@ -86,7 +95,7 @@ mvn clean install
 Now we are ready to run the project. WebGoat 8.x is using Spring-Boot.
 
 ```Shell
-mvn -pl webgoat-server spring-boot:run
+mvn -pl webwolf spring-boot:run
 ```
 ... you should be running webgoat on localhost:8080/WebGoat momentarily
 
@@ -118,7 +127,7 @@ On x86 you can build a container with the following commands:
 cd WebGoat/
 mvn install
 cd webgoat-server
-mvn docker:build
+docker build -t webgoat/webgoat-8.0 .
 docker tag webgoat/webgoat-8.0 webgoat/webgoat-8.0:8.0
 docker login
 docker push webgoat/webgoat-8.0

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,40 @@
+version: '2.0'
+
+services:
+  activemq:
+    image: webcenter/activemq:latest
+    ports:
+      - 8161:8161
+      - 61616:61616
+      - 61613:61613
+  mongo:
+    image: mongo:latest
+    expose:
+      - "27017"
+    volumes:
+      - './mongo-data:/data/db'
+  webgoat:
+    build: webgoat-server/
+    command: "sh /home/webgoat/start.sh"
+    ports:
+      - "8080:8080"
+    depends_on:
+      [mongo, activemq]
+    environment:
+      WG_MONGO_PORT: 27017
+      WG_MONGO_HOST: mongo
+      WG_MQ_HOST: activemq
+      WG_MQ_PORT: 61616
+      WG_INTERNAL_MONGO: "false"
+  webwolf:
+    build: webwolf/
+    command: "sh /home/webwolf/start.sh"
+    depends_on:
+      - webgoat
+    ports:
+      - "8081:8081"
+    environment:
+      WG_MONGO_PORT: 27017
+      WG_MONGO_HOST: mongo
+      WG_MQ_HOST: activemq
+      WG_MQ_PORT: 61616
diff --git a/pom.xml b/pom.xml
@@ -168,7 +168,6 @@
     </properties>
 
     <modules>
-        <module>webgoat-commons</module>
         <module>webgoat-container</module>
         <module>webgoat-lessons</module>
         <module>webgoat-server</module>

diff --git a/scripts/deploy-webgoat.sh b/scripts/deploy-webgoat.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+#docker login -u $DOCKER_USER -p $DOCKER_PASS
+export REPO=webgoat/webgoat-8.0
+
+cd webgoat-server
+
+if [ "${BRANCH}" == "master" ] && [ ! -z "${TRAVIS_TAG}" ]; then
+  # If we push a tag to master this will update the LATEST Docker image and tag with the version number
+  docker build -f Dockerfile -t $REPO:latest .
+  docker tag $REPO:${TRAVIS_TAG}
+  docker push $REPO
+elif [ ! -z "${TRAVIS_TAG}" ]; then
+  # Creating a tag build we push it to Docker with that tag
+  docker build -f Dockerfile -t $REPO:${TRAVIS_TAG} .
+  docker tag $REPO:${TRAVIS_TAG}
+  docker push $REPO
+elif [ "${BRANCH}" == "develop" ]; then
+  docker build -f Dockerfile -t $REPO:snapshot .
+  docker push $REPO
+else
+  echo "Skipping releasing to DockerHub because it is a build of branch ${BRANCH}"
+fi
diff --git a/webgoat-commons/pom.xml b/webgoat-commons/pom.xml
diff --git a/webgoat-commons/src/main/java/org/owasp/webgoat/login/LoginEvent.java b/webgoat-commons/src/main/java/org/owasp/webgoat/login/LoginEvent.java
diff --git a/webgoat-commons/src/main/java/org/owasp/webgoat/login/LogoutEvent.java b/webgoat-commons/src/main/java/org/owasp/webgoat/login/LogoutEvent.java
diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml
@@ -13,7 +13,6 @@
         <version>8.0-SNAPSHOT</version>
     </parent>
 
-
     <profiles>
         <profile>
             <id>performance</id>
@@ -34,23 +33,6 @@
                 </plugins>
             </build>
         </profile>
-        <profile>
-            <id>local</id>
-            <activation>
-                <activeByDefault>true</activeByDefault>
-            </activation>
-            <dependencies>
-                <dependency>
-                    <groupId>de.flapdoodle.embed</groupId>
-                    <artifactId>de.flapdoodle.embed.mongo</artifactId>
-                </dependency>
-            </dependencies>
-
-        </profile>
-        <profile>
-            <id>ctf</id>
-            <!-- Connect to real mongodb -->
-        </profile>
 
     </profiles>
 
@@ -149,11 +131,6 @@
     </build>
 
     <dependencies>
-        <dependency>
-            <groupId>org.owasp.webgoat</groupId>
-            <artifactId>webgoat-commons</artifactId>
-            <version>${project.version}</version>
-        </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.datatype</groupId>
             <artifactId>jackson-datatype-jsr310</artifactId>
@@ -178,16 +155,7 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-cache</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-activemq</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-jms</artifactId>
-        </dependency>
-
-        <dependency>
+               <dependency>
             <groupId>org.asciidoctor</groupId>
             <artifactId>asciidoctorj</artifactId>
             <version>1.5.4</version>

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java b/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
@@ -1,23 +1,15 @@
 package org.owasp.webgoat;
 
 import lombok.AllArgsConstructor;
-import org.owasp.webgoat.login.LoginEvent;
 import org.owasp.webgoat.session.Course;
-import org.owasp.webgoat.users.WebGoatUser;
-import org.springframework.jms.core.JmsTemplate;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.servlet.ModelAndView;
 
-import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.util.Optional;
-
-import static java.util.Optional.empty;
-import static java.util.Optional.of;
 
 /**
  * *************************************************************************************************
@@ -58,34 +50,12 @@
 public class HammerHead {
 
     private final Course course;
-    private JmsTemplate jmsTemplate;
 
     /**
      * Entry point for WebGoat, redirects to the first lesson found within the course.
      */
     @RequestMapping(path = "/attack", method = {RequestMethod.GET, RequestMethod.POST})
     public ModelAndView attack(Authentication authentication, HttpServletRequest request, HttpServletResponse response) {
-        sendUserLoggedInMessage(request, response, authentication);
         return new ModelAndView("redirect:" + "start.mvc" + course.getFirstLesson().getLink());
     }
-
-    private void sendUserLoggedInMessage(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
-        WebGoatUser user = (WebGoatUser) authentication.getPrincipal();
-        getWebGoatCookie(request).ifPresent(c -> {
-            jmsTemplate.convertAndSend("webgoat", new LoginEvent(user.getUsername(), c.getValue()), m -> {
-                        m.setStringProperty("type", LoginEvent.class.getSimpleName());
-                        return m;
-                    }
-            );
-        });
-    }
-
-    private Optional<Cookie> getWebGoatCookie(HttpServletRequest request) {
-        for (Cookie c : request.getCookies()) {
-            if (c.getName().equals("JSESSIONID")) {
-                return of(c);
-            }
-        }
-        return empty();
-    }
 }