Merge branch 'release/v8.0.0.M22'

plumsoup · Jan 18, 2019 · 7b8e3cd · 7b8e3cd
2 parents 6699456 + 9be4361
commit 7b8e3cd
Show file tree

Hide file tree

Showing 65 changed files with 786 additions and 327 deletions.
diff --git a/.gitignore b/.gitignore
@@ -44,5 +44,10 @@ webgoat-server/mongo-data/*
 webgoat-lessons/vulnerable-components/dependency-reduced-pom.xml
 **/.sts4-cache/*
 **/.vscode/*
-
-/.sonatype
+**/.factorypath
+/.sonatype
+**/bin/*
+webgoat.lck
+webgoat.log
+webgoat.properties
+webgoat.script
diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
@@ -0,0 +1 @@
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.5.4/apache-maven-3.5.4-bin.zip
diff --git a/.travis.yml b/.travis.yml
@@ -2,7 +2,7 @@ services:
   - docker
 language: java
 jdk:
-- oraclejdk8
+- openjdk11
 install: "/bin/true"
 script:
 - export BRANCH=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then echo $TRAVIS_BRANCH; else echo $TRAVIS_PULL_REQUEST_BRANCH; fi)

diff --git a/CREATE_RELEASE.MD b/CREATE_RELEASE.MD
@@ -12,18 +12,14 @@ At the moment we use Gitflow, for a release you create a new release branch and
 ```
 git checkout develop
 git flow release start <version>
-mvn versions:set <<version> 
-git commit -am "New release, updaing pom.xml" 
+mvn versions:set <<version>  
+git commit -am "New release, updating pom.xml" 
 git flow release publish
+git push --tags
 ```
 
-Now we can make a new release, be sure you committed all your changes.
+Now Travis takes over and will create the release in Github and on Docker Hub.
 
-```
-git tag v8.0.0.M15
-git push origin v8.0.0.M15 
-```
-
-Now Travis takes over and will create the release in Github and on Docker Hub. 
+NOTE: the `mvn versions:set` command above is just there to make sure the master branch contains the latest version
 
 
diff --git a/README.MD b/README.MD
@@ -34,55 +34,42 @@ first thing that all hackers claim.*
 Download the latest WebGoat release from [https://github.com/WebGoat/WebGoat/releases](https://github.com/WebGoat/WebGoat/releases)
 
 ```Shell
-java -jar webgoat-server-<<version>>.jar [--server.port=8080] [--server.address=localhost]
+java -jar webgoat-server-8.0.0.VERSION.jar [--server.port=8080] [--server.address=localhost]
 ```
 
 By default WebGoat starts on port 8080 with `--server.port` you can specify a different port. With `server.address` you
 can bind it to a different address (default localhost)
 
-## 2. Run using Docker
-
-From time to time we publish a new development preview of WebGoat 8 on Docker HUB, you can download this version
-[https://hub.docker.com/r/webgoat/webgoat-8.0/](https://hub.docker.com/r/webgoat/webgoat-8.0/).
-First install Docker, then open a command shell/window and type:
-
-```Shell
-docker pull webgoat/webgoat-8.0
-docker run -p 8080:8080 -it webgoat/webgoat-8.0 /home/webgoat/start.sh 
-```
-
-If you want to keep the database between Docker sessions you need to map the WebGoat data directory to a 
-folder on the host system as follows:
+If you use Java 9 or higher you need to run WebGoat as follows:
 
 ```Shell
-docker run -p 8080:8080 -it -v /tmp/webgoat-data:/home/webgoat/.webgoat-${VERSION} webgoat/webgoat-8.0 /home/webgoat/start.sh
+java --add-modules java.xml.bind -jar webgoat-server-8.0.0.VERSION.jar
 ```
 
-where `${VERSION}` is for example `v8.0.0.M14`. The data will now be stored in `/tmp/webgoat-data` on your host system.
+## 2. Run using Docker
 
-Wait for the Docker container to start, and run `docker ps` to verify it's running.
+Every release is also published on [DockerHub]((https://hub.docker.com/r/webgoat/webgoat-8.0/)).
 
-- If you are using `docker-machine`, verify the machine IP using `docker-machine env`
-- If you are using `boot2docker` on OSX, verify the IP by running `docker network inspect bridge`
-- Otherwise, the host will be bound to localhost
+### Using docker-compose
 
-Once you have the IP and port, you'll want to navigate to the `/WebGoat` path in the URL. For example:
+The easiest way to start WebGoat as a Docker container is to use the `docker-compose.yml` [file](https://raw.githubusercontent.com/WebGoat/WebGoat/develop/docker-compose.yml) 
+from our Github repository. This will start both containers and it also takes care of setting up the
+connection between WebGoat and WebWolf.
 
+```shell
+curl https://raw.githubusercontent.com/WebGoat/WebGoat/develop/docker-compose.yml | docker-compose -f - up
 ```
-http://192.168.99.100:8080/WebGoat
-```
-
-Here you'll be able to register a new user and get started.
 
-_Please note: this version may not be completely in sync with the develop branch._
+**Important**: the current directory on your host will be mapped into the container for keeping state.
 
+Using the `docker-compose` file will simplify getting WebGoat and WebWolf up and running.
 
 
 ## 3. Run from the sources
 
 ### Prerequisites:
 
-* Java 8
+* Java 11
 * Maven > 3.2.1
 * Your favorite IDE
 * Git, or Git support in your IDE
@@ -117,15 +104,15 @@ server.address=x.x.x.x
 
 # Vagrant
 
-We supply a complete development environment using Vagrant, to run WebGoat with Vagrant you must first have Vagrant and Virtualbox installed.
+We supply a complete environment using Vagrant, to run WebGoat with Vagrant you must first have Vagrant and Virtualbox installed.
 
 ```shell
    $ cd WebGoat/webgoat-images/vagrant-training
    $ vagrant up
 ```
 
 Once the provisioning is complete login to the Virtualbox with username vagrant and password vagrant.
-The source code will be available in the home directory.
+WebGoat and WebWolf will automatically start when you login to this image.
 
 
 # Building a new Docker image

diff --git a/docker-compose-local.yml b/docker-compose-local.yml
@@ -0,0 +1,13 @@
+version: '2.1'
+
+services:
+  webgoat:
+    image: webgoat/webgoat-v8.0.0.snapshot
+    extends:
+      file: docker-compose.yml
+      service: webgoat
+  webwolf:
+    extends:
+      file: docker-compose.yml
+      service: webwolf
+    image: webgoat/webwolf-v8.0.0.snapshot
diff --git a/docker-compose-postgres.yml b/docker-compose-postgres.yml
@@ -12,6 +12,8 @@ services:
       - spring.datasource.password=webgoat
       - spring.datasource.driver-class-name=org.postgresql.Driver
       - spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL94Dialect
+      - webgoat.server.directory=/home/webgoat/.webgoat/
+      - webgoat.user.directory=/home/webgoat/.webgoat/
     ports:
       - "8080:8080"
   webwolf:
@@ -24,9 +26,11 @@ services:
       - spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL94Dialect
     ports:
       - "9090:9090"
-  db:
-    container_name: webgoat_db
-    image: postgres:latest
+  webgoat_db:
+    image: postgres:9.4
+# Uncomment to store the state of the database on the host.
+#    volumes:
+#      - ./database:/var/lib/postgresql
     environment:
       - POSTGRES_PASSWORD=webgoat
       - POSTGRES_USER=webgoat

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -6,24 +6,13 @@ services:
     environment:
       - WEBWOLF_HOST=webwolf
       - WEBWOLF_PORT=9090
-      - spring.datasource.url=jdbc:hsqldb:hsql://webgoat_db:9001/webgoat
     ports:
       - "8080:8080"
-    depends_on:
-      - db
+      - "9001:9001"
+    volumes:
+      - .:/home/webgoat/.webgoat
   webwolf:
     image: webgoat/webwolf
-    environment:
-          - spring.datasource.url=jdbc:hsqldb:hsql://webgoat_db:9001/webgoat
     ports:
       - "9090:9090"
-    depends_on:
-      - db
-  db:
-    image: blacklabelops/hsqldb
-    container_name: webgoat_db
-    environment:
-      - HSQLDB_TRACE=false
-      - HSQLDB_SILENT=true
-      - HSQLDB_DATABASE_NAME=webgoat
-      - HSQLDB_DATABASE_ALIAS=webgoat
+    command: --spring.datasource.url=jdbc:hsqldb:hsql://webgoat:9001/webgoat --server.address=0.0.0.0
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.5.4/apache-maven-3.5.4-bin.zip