From e579578c53b3d1c20b320d9e08b15d04a4b548a3 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Fri, 21 Aug 2015 16:33:57 -0400 Subject: [PATCH 1/3] Improved README, fixed lesson copy instructions, added steps for a developer bootstrap --- README.MD | 55 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 21 deletions(-) diff --git a/README.MD b/README.MD index d606408b4..7964ea035 100644 --- a/README.MD +++ b/README.MD @@ -51,7 +51,7 @@ Follow these instructions if you simply wish to run WebGoat 2. Run it using java: ```Shell -$ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar +java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar ``` 3. Then navigate in your browser to: (http://localhost:8080/WebGoat) @@ -59,7 +59,7 @@ $ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar 4.(Optional) If you would like to change the port or other options, use: ```Shell -$ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar --help +java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar --help ``` # For Developers @@ -73,31 +73,44 @@ Follow these instructions if you wish to run Webgoat and modify the source code * Your favorite IDE, with Maven awareness: Netbeans/IntelliJ/Eclipse with m2e installed. * Git, or Git support in your IDE +## The Easy Way: Developer Edition run using Linux or Mac +The __webgoat_developer_bootstrap.sh__ script will clone the necessary repositories, call the maven goals in order +launch Tomcat listening on localhost:8080 + +```Shell +mkdir WebGoat-Workspace +cd WebGoat-Workspace +curl -o webgoat_developer_bootstrap.sh https://raw.githubusercontent.com/WebGoat/WebGoat/master/webgoat_developer_bootstrap.sh +sh webgoat_developer_bootstrap.sh +``` + +## The Manual Way: Developer Edition! + #### Cloning the Lesson Server and the Lessons project: Open a command shell/window, navigate to where you wish to download the source and type: ```Shell -$ git clone git@github.com:WebGoat/WebGoat.git -$ git clone git@github.com:WebGoat/WebGoat-Lessons.git +git clone https://github.com/WebGoat/WebGoat.git +git clone https://github.com/WebGoat/WebGoat-Lessons.git ``` #### Now let's start by compiling the WebGoat Lessons server. ```Shell -$ cd WebGoat -$ mvn clean compile -$ cd .. +cd WebGoat +mvn clean compile install +cd .. ``` #### Before you can run the project, we need to compile the lessons and copy them over: ** If you don't run this step, you will not have any Lessons to work with!** ```Shell -$ cd WebGoat-Lessons -$ mvn package -$ cp target/plugins/*.jar ../WebGoat/webgoat-container/target/webgoat-container-7.0-SNAPSHOT/plugin_lessons/ -$ cd .. +cd WebGoat-Lessons +mvn package +cp target/plugins/*.jar ../WebGoat/webgoat-container/src/main/webapp/plugin_lessons/ +cd .. ``` #### Now we are ready to run the project. There are 3 options you can choose from to run the project: @@ -108,8 +121,8 @@ Then you can run the project with one of the steps below (From the WebGoat folde The __maven tomcat7:run-war__ goal runs the project in an embedded tomcat: ```Shell -$ cd WebGoat -$ mvn -pl webgoat-container tomcat7:run-war +cd WebGoat +mvn -pl webgoat-container tomcat7:run-war ``` Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking ! @@ -118,21 +131,21 @@ Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacki The __maven package__ goal generates an executable .jar file: ```Shell -$ cd WebGoat -$ mvn package -$ cd webgoat-container/target -$ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar http://localhost:8080/WebGoat +cd WebGoat +mvn package +cd webgoat-container/target +java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar http://localhost:8080/WebGoat ``` Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking ! #### Option #3: Deploy the WebGoat WAR file in yout local Tomcat or other Application Serve: -The _maven package_ goal generates a .war file that can deployed into an Application Server, such as Tomcat +The __maven package__ goal generates a .war file that can deployed into an Application Server, such as Tomcat ```Shell -$ cd WebGoat -$ mvn package -$ cp webgoat-container/target/webgoat-container-7.0-SNAPSHOT-war-exec.jar /webapps/ +cd WebGoat +mvn package +cp webgoat-container/target/webgoat-container-7.0-SNAPSHOT-war-exec.jar /webapps/ ``` Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking ! From 9d03fe5b1046cb80196dcd316c5bfa2c3b15a9b9 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Fri, 21 Aug 2015 16:42:03 -0400 Subject: [PATCH 2/3] Adding developer_bootstrap script --- webgoat_developer_bootstrap.sh | 44 ++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100755 webgoat_developer_bootstrap.sh diff --git a/webgoat_developer_bootstrap.sh b/webgoat_developer_bootstrap.sh new file mode 100755 index 000000000..5ca401b55 --- /dev/null +++ b/webgoat_developer_bootstrap.sh @@ -0,0 +1,44 @@ +#!/bin/bash +# Bootstrap the setup of WebGoat for developer use in Linux/Mac machines +# This script will clone the necessary git repositories, call the maven goals +# in the order the are needed and launch tomcat listening on localhost:8080 +# Happy hacking ! + +# Clone WebGoat and WebGoat-lessons from GitHub if they don't exist +if [ ! -d "Webgoat" ]; then + git clone https://github.com/WebGoat/WebGoat.git +fi +if [ ! -d "Webgoat-Lessons" ]; then + git clone https://github.com/WebGoat/WebGoat-Lessons.git +fi + +# Compile and Install the WebGoat lesson server +mvn -file WebGoat/pom.xml clean compile install + +# Compile and package the WebGoat Lessons +mvn -file WebGoat-Lessons/pom.xml package + +# Copy the Lessons into the WebGoat-Container +cp -fa ./WebGoat-Lessons/target/plugins/*.jar ./WebGoat/webgoat-container/src/main/webapp/plugin_lessons/ + +# Start WebGoat using the maven tomcat7:run-war goal +printf "\n" +printf "\n" +printf "\n" +printf "\n" +printf "\n" +echo "-----------------------------------------------------------------------------------" +echo "____________________ Starting WebGoat using the embbebed Tomcat ___________________" +echo "###################################################################################" +echo "### Open a web broser an navigate to http://localhost:8080/WebGoat/" +echo "### STDOUT and STDERR logs are captured in ./webgoat_developer_bootstrap.log" +echo "### To stop the Tomcat execution, press CTRL + C" +echo "### If you close this terminal window, Tomcat and WebGoat will stop running" +echo "##################################### HAPPY HACKING! ##############################" +echo "-----------------------------------------------------------------------------------" +printf "\n" +printf "\n" +printf "\n" +printf "\n" +printf "\n" +mvn -file WebGoat/pom.xml -pl webgoat-container tomcat7:run-war &> webgoat_developer_bootstrap.log From d171c3d01d84e850380a7c4af290f1a3f766bfb1 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Fri, 21 Aug 2015 17:11:02 -0400 Subject: [PATCH 3/3] Fix developer_bootstrap script to check for correct directory names --- webgoat_developer_bootstrap.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/webgoat_developer_bootstrap.sh b/webgoat_developer_bootstrap.sh index 5ca401b55..aacb0283b 100755 --- a/webgoat_developer_bootstrap.sh +++ b/webgoat_developer_bootstrap.sh @@ -5,10 +5,10 @@ # Happy hacking ! # Clone WebGoat and WebGoat-lessons from GitHub if they don't exist -if [ ! -d "Webgoat" ]; then +if [ ! -d "WebGoat" ]; then git clone https://github.com/WebGoat/WebGoat.git fi -if [ ! -d "Webgoat-Lessons" ]; then +if [ ! -d "WebGoat-Lessons" ]; then git clone https://github.com/WebGoat/WebGoat-Lessons.git fi