dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clean up in pom files

Browse Source
This commit is contained in:
Nanne Baars
2019-07-19 14:30:58 +02:00
committed by Nanne Baars
parent ee0988effe
commit 216b29fca2
17 changed files with 77 additions and 351 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
webgoat-container/pom.xml
View File

@ -13,29 +13,6 @@
<version>v8.0.0-SNAPSHOT</version>
</parent>
<profiles>
<profile>
<id>performance</id>
<build>
<plugins>
<plugin>
<groupId>io.gatling</groupId>
<artifactId>gatling-maven-plugin</artifactId>
<version>${gatling-plugin.version}</version>
<executions>
<execution>
<goals>
<goal>execute</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
<build>
<resources>
<resource>
@ -69,7 +46,11 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>${maven-surefire-plugin.version}</version>
<configuration>
<forkMode>never</forkMode>
<forkCount>0</forkCount>
<reuseForks>true</reuseForks>
<argLine>
--illegal-access=permit
</argLine>
</configuration>
</plugin>
<plugin>
@ -89,12 +70,23 @@
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-undertow</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>javax.activation</groupId>
<artifactId>activation</artifactId>
<version>${activation.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
@ -119,14 +111,6 @@
<artifactId>guava</artifactId>
<version>${guava.version}</version>
</dependency>
<dependency>
<groupId>io.gatling.highcharts</groupId>
<artifactId>gatling-charts-highcharts</artifactId>
<version>${gatling.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
@ -140,28 +124,11 @@
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>2.1.2.RELEASE</version>
</dependency>
<dependency>
<groupId>javax.activation</groupId>
<artifactId>activation</artifactId>
<version>${activation.version}</version>
</dependency>
<dependency>
<groupId>org.hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>${hsqldb.version}</version>
</dependency>
<dependency>
<groupId>javax.transaction</groupId>
<artifactId>javax.transaction-api</artifactId>
<version>${javax.transaction-api.version}</version>
</dependency>
<dependency>
<groupId>org.scala-lang</groupId>
<artifactId>scala-compiler</artifactId>
<version>${scala.version}</version>
<scope>test</scope>
</dependency>
<!-- ************* END spring MVC and related dependencies ************** -->
<!-- ************* START: Dependencies for Unit and Integration Testing ************** -->

4
webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
View File

@ -44,9 +44,9 @@ import org.thymeleaf.resourceresolver.IResourceResolver;
import org.thymeleaf.templateresolver.TemplateResolver;
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import static org.apache.commons.lang3.CharEncoding.UTF_8;
import static org.asciidoctor.Asciidoctor.Factory.create;
/**
@ -92,7 +92,7 @@ public class AsciiDoctorTemplateResolver extends TemplateResolver {
extensionRegistry.inlineMacro("webGoatVersion", WebGoatVersionMacro.class);
asciidoctor.convert(new InputStreamReader(is), writer, createAttributes());
return new ByteArrayInputStream(writer.getBuffer().toString().getBytes(UTF_8));
return new ByteArrayInputStream(writer.getBuffer().toString().getBytes(StandardCharsets.UTF_8));
}
} catch (IOException e) {
//no html yet

21
webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
View File

@ -31,7 +31,6 @@
package org.owasp.webgoat;
import lombok.extern.slf4j.Slf4j;
import org.apache.catalina.Context;
import org.owasp.webgoat.plugins.PluginEndpointPublisher;
import org.owasp.webgoat.plugins.PluginsLoader;
import org.owasp.webgoat.session.Course;
@ -42,9 +41,6 @@ import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
import org.springframework.boot.context.embedded.tomcat.TomcatContextCustomizer;
import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
import org.springframework.boot.web.support.SpringBootServletInitializer;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
@ -53,7 +49,6 @@ import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.web.client.RestTemplate;
import java.io.File;
import java.util.Arrays;
@SpringBootApplication
@Slf4j
@ -99,20 +94,4 @@ public class WebGoat extends SpringBootServletInitializer {
public RestTemplate restTemplate() {
return new RestTemplate();
}
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory();
factory.setTomcatContextCustomizers(Arrays.asList(new CustomCustomizer()));
return factory;
}
static class CustomCustomizer implements TomcatContextCustomizer {
@Override
public void customize(Context context) {
context.setUseHttpOnly(false);
}
}
}

2
webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
View File

@ -58,8 +58,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security = http
.authorizeRequests()
.antMatchers("/css/**", "/images/**", "/js/**", "fonts/**", "/plugins/**", "/registration", "/register.mvc").permitAll()
.antMatchers("/servlet/AdminServlet/**").hasAnyRole("WEBGOAT_ADMIN", "SERVER_ADMIN") //
.antMatchers("/JavaSource/**").hasRole("SERVER_ADMIN") //
.anyRequest().authenticated();
security.and()
.formLogin()

1
webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java
View File

@ -25,6 +25,7 @@
package org.owasp.webgoat.assignments;
import com.google.common.base.Strings;
import lombok.Getter;
import org.apache.commons.lang3.StringEscapeUtils;
import org.owasp.webgoat.i18n.PluginMessages;

1
webgoat-container/src/main/resources/application.properties
View File

@ -17,7 +17,6 @@ spring.jpa.hibernate.ddl-auto=update
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.HSQLDialect
spring.datasource.driver-class-name=org.hsqldb.jdbc.JDBCDriver
logging.level.org.springframework=INFO
logging.level.org.springframework.boot.devtools=INFO
logging.level.org.owasp=DEBUG

27
webgoat-container/src/test/scala/Simulation.scala
View File

@ -1,27 +0,0 @@
import io.gatling.core.Predef._
import io.gatling.http.Predef._
import org.apache.commons.lang3.RandomStringUtils
import scala.concurrent.duration._
class BasicSimulation extends Simulation {
val httpConf = http
.baseURL("http://localhost:8080/WebGoat/") // Here is the root for all relative URLs
.userAgentHeader("Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:16.0) Gecko/20100101 Firefox/16.0")
val scn = scenario("Register and automatic login").
exec(session =>
session.setAll(("username", RandomStringUtils.randomAlphabetic(10)))
)
.exec(
http("Test")
.post("register.mvc")
.formParam("username", "${username}")
.formParam("password", "${username}")
.formParam("matchingPassword", "${username}")
.formParam("agree", "agree")
)
setUp(scn.inject(atOnceUsers(100)).protocols(httpConf))
}