Skip to content

Commit

Permalink
Merge branch 'develop' of github.com:misfir3/WebGoat into develop
Browse files Browse the repository at this point in the history
  • Loading branch information
misfir3 committed Jun 5, 2018
2 parents 5e8c610 + 1734170 commit dfd51f8
Show file tree
Hide file tree
Showing 191 changed files with 3,247 additions and 1,532 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -42,4 +42,7 @@ webgoat-lessons/**/target
**/.DS_Store
webgoat-server/mongo-data/*
webgoat-lessons/vulnerable-components/dependency-reduced-pom.xml
**/.sts4-cache/*
**/.vscode/*

/.sonatype
4 changes: 2 additions & 2 deletions CREATE_RELEASE.MD
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ git flow release publish
Now we can make a new release, be sure you committed all your changes.

```
git tag v8.0.0.M3
git push origin v8.0.0.M3
git tag v8.0.0.M15
git push origin v8.0.0.M15
```

Now Travis takes over and will create the release in Github and on Docker Hub.
Expand Down
34 changes: 12 additions & 22 deletions README.MD
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,18 @@ first thing that all hackers claim.*

# Run Instructions:

## 1. Run using Docker
## 1. Standalone

Download the latest WebGoat release from [https://github.com/WebGoat/WebGoat/releases](https://github.com/WebGoat/WebGoat/releases)

```Shell
java -jar webgoat-server-<<version>>.jar [--server.port=8080] [--server.address=localhost]
```
By default WebGoat starts on port 8080 with `--server.port` you can specify a different port. With `server.address` you
can bind it to a different address (default localhost)
## 2. Run using Docker
From time to time we publish a new development preview of WebGoat 8 on Docker HUB, you can download this version
[https://hub.docker.com/r/webgoat/webgoat-8.0/](https://hub.docker.com/r/webgoat/webgoat-8.0/).
Expand Down Expand Up @@ -65,27 +76,6 @@ Here you'll be able to register a new user and get started.
_Please note: this version may not be completely in sync with the develop branch._
## 2. Standalone

Download the latest WebWolf release from [https://github.com/WebGoat/WebGoat/releases](https://github.com/WebGoat/WebGoat/releases)

```Shell
java -jar webgoat-server-<<version>>.jar
```
By default WebGoat starts at port 8080 in order to change this use the following property:
```Shell
java -jar webgoat-server-<<version>>.jar --server.port=9090
```
You can specify one of the following arguments when starting WebGoat:
```Shell
java -jar webgoat-server-<<version>>.jar --server.port=9090 --server.address=x.x.x.x
```
This will start WebGoat on a different port and/or different address.
## 3. Run from the sources
Expand Down
3 changes: 2 additions & 1 deletion docker-compose-postgres.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ services:
user: webgoat
environment:
- WEBWOLF_HOST=webwolf
- WEBWOLF_PORT=9090
- spring.datasource.url=jdbc:postgresql://webgoat_db:5432/webgoat
- spring.datasource.username=webgoat
- spring.datasource.password=webgoat
Expand All @@ -22,7 +23,7 @@ services:
- spring.datasource.driver-class-name=org.postgresql.Driver
- spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL94Dialect
ports:
- "8081:8081"
- "9090:9090"
db:
container_name: webgoat_db
image: postgres:latest
Expand Down
3 changes: 2 additions & 1 deletion docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ services:
image: webgoat/webgoat-8.0
environment:
- WEBWOLF_HOST=webwolf
- WEBWOLF_PORT=9090
- spring.datasource.url=jdbc:hsqldb:hsql://webgoat_db:9001/webgoat
ports:
- "8080:8080"
Expand All @@ -15,7 +16,7 @@ services:
environment:
- spring.datasource.url=jdbc:hsqldb:hsql://webgoat_db:9001/webgoat
ports:
- "8081:8081"
- "9090:9090"
depends_on:
- db
db:
Expand Down
27 changes: 15 additions & 12 deletions pom.xml
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
<?xml version="1.0"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

<modelVersion>4.0.0</modelVersion>
<groupId>org.owasp.webgoat</groupId>
<artifactId>webgoat-parent</artifactId>
<packaging>pom</packaging>
<version>v8.0.0.M14</version>
<version>v8.0.0.SNAPSHOT</version>

<name>WebGoat Parent Pom</name>
<description>Parent Pom for the WebGoat Project. A deliberately insecure Web Application</description>
Expand Down Expand Up @@ -53,17 +54,17 @@
<developer>
<id>jwayman</id>
<name>Jeff Wayman</name>
<email />
<email/>
</developer>
<developer>
<id>dcowden</id>
<name>Dave Cowden</name>
<email />
<email/>
</developer>
<developer>
<id>lawson89</id>
<name>Richard Lawson</name>
<email />
<email/>
</developer>
<developer>
<id>dougmorato</id>
Expand Down Expand Up @@ -92,8 +93,8 @@
<url>https://github.com/WebGoat/WebGoat</url>
<connection>scm:git:[email protected]:WebGoat/WebGoat.git</connection>
<developerConnection>scm:git:[email protected]:WebGoat/WebGoat.git</developerConnection>
<tag>HEAD</tag>
</scm>
<tag>HEAD</tag>
</scm>

<issueManagement>
<system>Github Issues</system>
Expand Down Expand Up @@ -202,7 +203,7 @@
<profiles>
<profile>
<id>release</id>
<dependencies>
<dependencies>
<dependency>
<groupId>org.owasp.webgoat.lesson</groupId>
<artifactId>dist</artifactId>
Expand All @@ -214,7 +215,7 @@
</dependencies>
<build>
<plugins>
<plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
Expand All @@ -225,7 +226,9 @@
</goals>
<phase>generate-resources</phase>
<configuration>
<outputDirectory>${project.basedir}/webgoat-container/src/main/webapp/plugin_lessons</outputDirectory>
<outputDirectory>
${project.basedir}/webgoat-container/src/main/webapp/plugin_lessons
</outputDirectory>
<includeArtifactIds>dist</includeArtifactIds>
<includes>*.jar</includes>
</configuration>
Expand Down Expand Up @@ -324,15 +327,15 @@
<artifactId>coveralls-maven-plugin</artifactId>
<version>${coveralls-maven-plugin.version}</version>
<configuration>
<repoToken />
<repoToken/>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
<version>${cobertura-maven-plugin.version}</version>
<configuration>
<check />
<check/>
<format>xml</format>
<maxmem>256m</maxmem>
<!-- aggregated reports for multi-module projects -->
Expand Down
32 changes: 32 additions & 0 deletions scripts/build-all.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
#!/usr/bin/env bash

cd ..

nc -zv 127.0.0.1 8080 2>/dev/null
SUCCESS=$?
nc -zv 127.0.0.1 9090 2>/dev/null
SUCCESS=${SUCCESS}$?

if [[ "${SUCCESS}" -eq 00 ]] ; then
echo "WebGoat and or WebWolf are still running, please stop them first otherwise unit tests might fail!"
exit 127
fi


#mvn clean install
#if [[ "$?" -ne 0 ]] ; then
# exit y$?
#fi

cd -
sh build_docker.sh

echo "Do you want to run docker-compose?"
while true; do
read -p "Do you want to run docker-compose?" yn
case ${yn} in
[Yy]* ) sh clean-run-docker-compose.sh; break;;
[Nn]* ) exit;;
* ) echo "Please answer yes or no.";;
esac
done
10 changes: 10 additions & 0 deletions scripts/build_docker.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/bash

WEBGOAT_HOME=$(pwd)/../

cd ${WEBGOAT_HOME}/webgoat-server
docker build -t webgoat/webgoat-8.0 .

cd ${WEBGOAT_HOME}/webwolf
docker build -t webgoat/webwolf .

5 changes: 5 additions & 0 deletions scripts/clean-run-docker-compose.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#!/usr/bin/env bash

cd ..
docker-compose rm -f
docker-compose up
8 changes: 4 additions & 4 deletions scripts/deploy-webgoat.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ if [ "${BRANCH}" == "master" ] && [ ! -z "${TRAVIS_TAG}" ]; then
# If we push a tag to master this will update the LATEST Docker image and tag with the version number
docker build --build-arg webgoat_version=${TRAVIS_TAG:1} -f Dockerfile -t $REPO:latest -t $REPO:${TRAVIS_TAG} .
docker push $REPO
elif [ ! -z "${TRAVIS_TAG}" ]; then
# Creating a tag build we push it to Docker with that tag
docker build --build-arg webgoat_version=${TRAVIS_TAG:1} -f Dockerfile -t $REPO:${TRAVIS_TAG} -t $REPO:latest .
docker push $REPO
#elif [ ! -z "${TRAVIS_TAG}" ]; then
# # Creating a tag build we push it to Docker with that tag
# docker build --build-arg webgoat_version=${TRAVIS_TAG:1} -f Dockerfile -t $REPO:${TRAVIS_TAG} -t $REPO:latest .
# docker push $REPO
#elif [ "${BRANCH}" == "develop" ]; then
# docker build -f Dockerfile -t $REPO:snapshot .
# docker push $REPO
Expand Down
4 changes: 4 additions & 0 deletions scripts/run-docker-compose.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/usr/bin/env bash

cd ..
docker-compose up
2 changes: 1 addition & 1 deletion webgoat-container/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
<parent>
<groupId>org.owasp.webgoat</groupId>
<artifactId>webgoat-parent</artifactId>
<version>v8.0.0.M14</version>
<version>v8.0.0.SNAPSHOT</version>
</parent>

<profiles>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ public enum Category {
INSECURE_CONFIGURATION("Insecure Configuration", new Integer(600)),
INSECURE_COMMUNICATION("Insecure Communication", new Integer(700)),
INSECURE_STORAGE("Insecure Storage", new Integer(800)),
INSECURE_DESERIALIZATION("Insecure Deserialization", new Integer(850)),
REQUEST_FORGERIES("Request Forgeries", new Integer(900)),
VULNERABLE_COMPONENTS("Vulnerable Components - A9", new Integer(950)),
AJAX_SECURITY("AJAX Security", new Integer(1000)),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

import lombok.AllArgsConstructor;
import lombok.Getter;
import org.owasp.webgoat.session.WebSession;

/**
* <p>LessonInfoModel class.</p>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,39 @@ private void createServersTable(Connection connection) throws SQLException {
}
}

/**
* Description of the Method
*
* @param connection Description of the Parameter
* @throws SQLException Description of the Exception
*/
private void createJWTKeys(Connection connection) throws SQLException {
Statement statement = connection.createStatement();

// Drop servers table
try {
String dropTable = "DROP TABLE jwt_keys";
statement.executeUpdate(dropTable);
} catch (SQLException e) {
System.out.println("Info - Could not drop jwtkeys table");
}

// Create the new table
try {
String createTableStatement = "CREATE TABLE jwt_keys"
+ " (" + "id varchar(20),"
+ "key varchar(20))";
statement.executeUpdate(createTableStatement);

String insertData1 = "INSERT INTO jwt_keys VALUES ('webgoat_key', 'qwertyqwerty1234')";
String insertData2 = "INSERT INTO jwt_keys VALUES ('webwolf_key', 'doesnotreallymatter')";
statement.executeUpdate(insertData1);
statement.executeUpdate(insertData2);
} catch (SQLException e) {
System.out.println("Error creating product table " + e.getLocalizedMessage());
}
}


/**
* Description of the Method
Expand Down Expand Up @@ -975,6 +1008,7 @@ public void makeDB(Connection connection) throws SQLException {
createTanTable(connection);
createMFEImagesTable(connection);
createModifyWithSQLLessonTable(connection);
createJWTKeys(connection);
System.out.println("Success: creating tables.");
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import lombok.Setter;

import javax.validation.constraints.NotNull;
import javax.validation.constraints.Pattern;
import javax.validation.constraints.Size;

/**
Expand All @@ -16,6 +17,7 @@ public class UserForm {

@NotNull
@Size(min=6, max=20)
@Pattern(regexp = "[a-zA-Z0-9]*", message = "can only contain letters and digits")
private String username;
@NotNull
@Size(min=6, max=10)
Expand Down
8 changes: 4 additions & 4 deletions webgoat-container/src/main/resources/application.properties
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.HSQLDialect
spring.datasource.driver-class-name=org.hsqldb.jdbc.JDBCDriver


logging.level.org.springframework=WARN
logging.level.org.springframework.boot.devtools=WARN
logging.level.org.springframework=INFO
logging.level.org.springframework.boot.devtools=INFO
logging.level.org.owasp=DEBUG
logging.level.org.owasp.webgoat=TRACE

Expand All @@ -37,9 +37,9 @@ webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
webgoat.default.language=en

webwolf.host=${WEBWOLF_HOST:localhost}
webwolf.port=${WEBWOLF_PORT:8081}
webwolf.port=${WEBWOLF_PORT:9090}
webwolf.url=http://${webwolf.host}:${webwolf.port}/WebWolf
webworf.url.landingpage=http://${webwolf.host}:${webwolf.port}/landing
webwolf.url.landingpage=http://${webwolf.host}:${webwolf.port}/landing
webwolf.url.mail=http://${webwolf.host}:${webwolf.port}/mail

spring.jackson.serialization.indent_output=true
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,8 @@ define(['jquery',
var prepareDataFunctionName = $(curForm).attr('prepareData');
var callbackFunctionName = $(curForm).attr('callback');
var submitData = (typeof webgoat.customjs[prepareDataFunctionName] === 'function') ? webgoat.customjs[prepareDataFunctionName]() : $(curForm).serialize();
var additionalHeadersFunctionName = $(curForm).attr('additionalHeaders');
var additionalHeaders = (typeof webgoat.customjs[additionalHeadersFunctionName] === 'function') ? webgoat.customjs[additionalHeadersFunctionName]() : function() {};
var successCallBackFunctionName = $(curForm).attr('successCallback');
var failureCallbackFunctionName = $(curForm).attr('failureCallback');
var callbackFunction = (typeof webgoat.customjs[callbackFunctionName] === 'function') ? webgoat.customjs[callbackFunctionName] : function() {};
Expand All @@ -104,6 +106,7 @@ define(['jquery',
$.ajax({
//data:submitData,
url:formUrl,
headers: additionalHeaders,
method:formMethod,
contentType:contentType,
data: submitData,
Expand Down
Loading

0 comments on commit dfd51f8

Please sign in to comment.