From 35c8c791382eff2c318caf9346175b0cde2f0357 Mon Sep 17 00:00:00 2001
From: nbaars <nbaars@xebia.com>
Date: Sat, 11 Apr 2015 07:18:57 +0200
Subject: [PATCH 1/5] Fixing pom warnings during maven build

---
 pom.xml | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/pom.xml b/pom.xml
index e4d5b7625..29c194310 100644
--- a/pom.xml
+++ b/pom.xml
@@ -37,6 +37,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.1</version>
                 <configuration>
                     <source>1.7</source>
                     <target>1.7</target>
@@ -46,15 +47,15 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-war-plugin</artifactId>
-
+                <version>2.4</version>
                 <configuration>
                     <!--  archiving the classes breaks the admin screen loads in course.java
                           the legacy lesson loader does not look in jar files for lessons  -->
                     <archiveClasses>false</archiveClasses>
-                    <manifest>
-                        <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
-                    </manifest>
                     <archive>
+                        <manifest>
+                            <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+                        </manifest>
                         <manifestEntries>
                             <Specification-Title>${project.name}</Specification-Title>
                             <Specification-Version>${project.version}</Specification-Version>
@@ -66,6 +67,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
+                <version>2.5</version>
                 <executions>
                     <execution>
                         <id>create-jar</id>
@@ -94,7 +96,7 @@
                         <phase>package</phase>
                     </execution>
                 </executions>
-            </plugin>            
+            </plugin>
         </plugins>
     </build>
 
@@ -354,8 +356,9 @@
             <version>1.7.7</version>
             <type>jar</type>
         </dependency>
+        </dependencies>
+
 
         <!-- ************* END spring MVC and related dependencies ************** -->
 
-    </dependencies>
-</project>
+</project>
\ No newline at end of file

From 8a55a73a0135c560596df432f2c8f103819e75df Mon Sep 17 00:00:00 2001
From: mayhew64 <bmayhew@sonatype.com>
Date: Sat, 2 May 2015 19:15:49 -0400
Subject: [PATCH 2/5] Update pom.xml

Change the artifact to be lower case; web goat-container vs WebGoat-Container
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e4d5b7625..31f7f36aa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <name>WebGoat</name>
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.webgoat</groupId>
-    <artifactId>WebGoat-Container</artifactId>
+    <artifactId>webgoat-container</artifactId>
     <packaging>war</packaging>
     <version>6.1.0</version>
 

From 6866208ca29f802cc4addbe89f9b6262a2e8fbd0 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Sun, 3 May 2015 07:50:29 +0200
Subject: [PATCH 3/5] Changed pom.xml to also build a jar file and upload it to
 the repository

---
 pom.xml                                       | 35 +++++++++++++------
 .../org/owasp/webgoat/plugins/Plugin.java     |  2 +-
 .../owasp/webgoat/plugins/PluginsLoader.java  |  2 +-
 3 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/pom.xml b/pom.xml
index 29c194310..cc3a19bdf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -65,16 +65,31 @@
                 </configuration>
             </plugin>
             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jar-plugin</artifactId>
-                <version>2.5</version>
+                <artifactId>maven-war-plugin</artifactId>
+                <version>2.6</version>
+                <configuration>
+                    <attachClasses>true</attachClasses>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <version>1.7</version>
                 <executions>
                     <execution>
-                        <id>create-jar</id>
-                        <phase>compile</phase>
+                        <id>attach-artifacts</id>
+                        <phase>package</phase>
                         <goals>
-                            <goal>jar</goal>
+                            <goal>attach-artifact</goal>
                         </goals>
+                        <configuration>
+                            <artifacts>
+                                <artifact>
+                                    <file>${project.build.directory}/WebGoat-Container-${project.version}-classes.jar</file>
+                                    <type>classes-jar</type>
+                                </artifact>
+                            </artifacts>
+                        </configuration>
                     </execution>
                 </executions>
             </plugin>
@@ -192,7 +207,7 @@
             <artifactId>log4j</artifactId>
             <version>1.2.17</version>
         </dependency>
-        
+
         <dependency>
             <groupId>wsdl4j</groupId>
             <artifactId>wsdl4j</artifactId>
@@ -241,7 +256,7 @@
             <artifactId>spring-core</artifactId>
             <version>${org.springframework.version}</version>
         </dependency>
-        
+
         <!-- Jackson -->
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
@@ -356,9 +371,9 @@
             <version>1.7.7</version>
             <type>jar</type>
         </dependency>
-        </dependencies>
+    </dependencies>
 
 
-        <!-- ************* END spring MVC and related dependencies ************** -->
+    <!-- ************* END spring MVC and related dependencies ************** -->
 
 </project>
\ No newline at end of file
diff --git a/src/main/java/org/owasp/webgoat/plugins/Plugin.java b/src/main/java/org/owasp/webgoat/plugins/Plugin.java
index 18aa5ff75..b0f58df7e 100644
--- a/src/main/java/org/owasp/webgoat/plugins/Plugin.java
+++ b/src/main/java/org/owasp/webgoat/plugins/Plugin.java
@@ -70,7 +70,7 @@ public class Plugin {
                 this.lesson = clazz;
             }
         } catch (ClassNotFoundException e) {
-            logger.error("Unable to load class {}", name);
+            logger.error("Unable to load class {}", name, e);
         }
     }
 
diff --git a/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
index 6201f6542..5786462d7 100644
--- a/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
+++ b/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
@@ -43,7 +43,7 @@ public class PluginsLoader implements Runnable {
                             plugins.add(plugin);                 		
                     	}
                     } catch (Plugin.PluginLoadingFailure e) {
-                       logger.error("Unable to load plugin, continue loading others...");
+                       logger.error("Unable to load plugin, continue loading others...", e);
                     }
                     return FileVisitResult.CONTINUE;
                 }

From 6e8d8562d6d158523f49967fedf5c7f6eb4ba9aa Mon Sep 17 00:00:00 2001
From: mayhew64 <mayhew64@yahoo.com>
Date: Sun, 3 May 2015 16:31:52 -0400
Subject: [PATCH 4/5] WEB-203 deprecated getCredits - credits moved to the
 about page

---
 src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java | 1 +
 src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java  | 2 ++
 src/main/java/org/owasp/webgoat/lessons/WelcomeScreen.java  | 5 -----
 src/main/java/org/owasp/webgoat/session/ErrorScreen.java    | 5 -----
 src/main/java/org/owasp/webgoat/session/Screen.java         | 6 ------
 src/main/webapp/main.jsp                                    | 3 ---
 6 files changed, 3 insertions(+), 19 deletions(-)

diff --git a/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java b/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
index 524f3123b..36aab1e60 100644
--- a/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
+++ b/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
@@ -161,6 +161,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
     /**
      * Gets the credits attribute of the AbstractLesson object
      *
+     * @deprecated - Credits have moved to the about page
      * @return The credits value
      */
     public abstract Element getCredits();
diff --git a/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java b/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
index c905cc0ee..f85a11b93 100644
--- a/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
+++ b/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
@@ -140,6 +140,8 @@ public abstract class LessonAdapter extends AbstractLesson {
     /**
      * Gets the credits attribute of the AbstractLesson object
      *
+     * @deprecated Credits are in the about page.  This method s no
+     *             longer called from WebGoat
      * @return The credits value
      */
     public Element getCredits() {
diff --git a/src/main/java/org/owasp/webgoat/lessons/WelcomeScreen.java b/src/main/java/org/owasp/webgoat/lessons/WelcomeScreen.java
index db8e37114..0342dd462 100644
--- a/src/main/java/org/owasp/webgoat/lessons/WelcomeScreen.java
+++ b/src/main/java/org/owasp/webgoat/lessons/WelcomeScreen.java
@@ -112,11 +112,6 @@ public class WelcomeScreen extends Screen
         return (ec);
     }
 
-    public Element getCredits()
-    {
-        return new ElementContainer();
-    }
-
     /**
      * Gets the instructions attribute of the WelcomeScreen object
      * 
diff --git a/src/main/java/org/owasp/webgoat/session/ErrorScreen.java b/src/main/java/org/owasp/webgoat/session/ErrorScreen.java
index 07fe1e4fd..687e72b6b 100644
--- a/src/main/java/org/owasp/webgoat/session/ErrorScreen.java
+++ b/src/main/java/org/owasp/webgoat/session/ErrorScreen.java
@@ -209,11 +209,6 @@ public class ErrorScreen extends Screen
 		return (new Small().addElement(list));
 	}
 
-	public Element getCredits()
-	{
-		return new ElementContainer();
-	}
-
 	/**
 	 * Description of the Method
 	 * 
diff --git a/src/main/java/org/owasp/webgoat/session/Screen.java b/src/main/java/org/owasp/webgoat/session/Screen.java
index 0a85cd496..d19c46d01 100644
--- a/src/main/java/org/owasp/webgoat/session/Screen.java
+++ b/src/main/java/org/owasp/webgoat/session/Screen.java
@@ -79,12 +79,6 @@ public abstract class Screen {
      */
     protected abstract Element createContent(WebSession s);
 
-    /**
-     * Gets the credits attribute of the Screen object
-     *
-     * @return The credits value
-     */
-    public abstract Element getCredits();
 
     /**
      * Creates a new lessonTracker object.
diff --git a/src/main/webapp/main.jsp b/src/main/webapp/main.jsp
index 7e704027d..eeb9c9e06 100644
--- a/src/main/webapp/main.jsp
+++ b/src/main/webapp/main.jsp
@@ -278,9 +278,6 @@
                     <%
                         }
                     %>
-                    <div id="credits">
-                        <% out.println(currentLesson.getCredits());%>
-                    </div>
                 </div>
             </div>
 

From 264824eb1407d562570866fb44e93cd63e95039f Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Mon, 4 May 2015 15:25:28 +0200
Subject: [PATCH 5/5] Fixed classloading issues when a lesson contains an inner
 class. The plugin classloader only expected the lesson to be loaded, now we
 keep track of all the classes loaded for each plugin. For each class found in
 the plugin a plugin classloader was created we need one classloader per
 plugin

Also needed to rewrite the findClass method to lookup the class in the list instead of loading the class from the byte array.
---
 .../org/owasp/webgoat/plugins/Plugin.java     | 37 ++++++++++---------
 .../webgoat/plugins/PluginClassLoader.java    | 34 +++++++++++++----
 2 files changed, 47 insertions(+), 24 deletions(-)

diff --git a/src/main/java/org/owasp/webgoat/plugins/Plugin.java b/src/main/java/org/owasp/webgoat/plugins/Plugin.java
index b0f58df7e..4752b2ce1 100644
--- a/src/main/java/org/owasp/webgoat/plugins/Plugin.java
+++ b/src/main/java/org/owasp/webgoat/plugins/Plugin.java
@@ -50,27 +50,24 @@ public class Plugin {
     }
 
     public void loadClasses(Map<String, byte[]> classes) {
+        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
+        PluginClassLoader pluginClassLoader = new PluginClassLoader(contextClassLoader);
         for (Map.Entry<String, byte[]> clazz : classes.entrySet()) {
-            loadClass(clazz.getKey(), clazz.getValue());
+            loadClass(pluginClassLoader, clazz.getKey(), clazz.getValue());
         }
         if (lesson == null) {
             throw new PluginLoadingFailure(String
-                .format("Lesson class not found, following classes were detected in the plugin: %s",
-                    StringUtils.collectionToCommaDelimitedString(classes.keySet())));
+                    .format("Lesson class not found, following classes were detected in the plugin: %s",
+                            StringUtils.collectionToCommaDelimitedString(classes.keySet())));
         }
     }
 
-    private void loadClass(String name, byte[] classFile) {
-        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
-        PluginClassLoader pluginClassLoader = new PluginClassLoader(contextClassLoader, name, classFile);
-        try {
-            String realClassName = name.replaceFirst("/", "").replaceAll("/", ".").replaceAll(".class", "");
-            Class clazz = pluginClassLoader.loadClass(realClassName);
-            if (AbstractLesson.class.isAssignableFrom(clazz)) {
-                this.lesson = clazz;
-            }
-        } catch (ClassNotFoundException e) {
-            logger.error("Unable to load class {}", name, e);
+    private void loadClass(PluginClassLoader pluginClassLoader, String name, byte[] classFile) {
+        String realClassName = name.replaceFirst("/", "").replaceAll("/", ".").replaceAll(".class", "");
+
+        Class clazz = pluginClassLoader.loadClass(realClassName, classFile);
+        if (AbstractLesson.class.isAssignableFrom(clazz)) {
+            this.lesson = clazz;
         }
     }
 
@@ -97,7 +94,7 @@ public class Plugin {
             Files.copy(file, bos);
             Path propertiesPath = createPropertiesDirectory();
             ResourceBundleClassLoader.setPropertiesPath(propertiesPath);
-            if ( reload ) {
+            if (reload) {
                 Files.write(propertiesPath.resolve(file.getFileName()), bos.toByteArray(), CREATE, APPEND);
             } else {
                 Files.write(propertiesPath.resolve(file.getFileName()), bos.toByteArray(), CREATE, TRUNCATE_EXISTING);
@@ -117,8 +114,14 @@ public class Plugin {
 
     public void rewritePaths(Path pluginTarget) {
         try {
-            PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files", pluginTarget.getFileName().toString() + "/plugin/" + this.lesson.getSimpleName() + "/lessonSolutions/en/" + this.lesson.getSimpleName() + "_files", solutionLanguageFiles.values());
-            PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files", pluginTarget.getFileName().toString() + "/plugin/" + this.lesson.getSimpleName() + "/lessonPlans/en/" + this.lesson.getSimpleName() + "_files", lessonPlansLanguageFiles.values());
+            PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files",
+                    pluginTarget.getFileName().toString() + "/plugin/" + this.lesson
+                            .getSimpleName() + "/lessonSolutions/en/" + this.lesson.getSimpleName() + "_files",
+                    solutionLanguageFiles.values());
+            PluginFileUtils.replaceInFiles(this.lesson.getSimpleName() + "_files",
+                    pluginTarget.getFileName().toString() + "/plugin/" + this.lesson
+                            .getSimpleName() + "/lessonPlans/en/" + this.lesson.getSimpleName() + "_files",
+                    lessonPlansLanguageFiles.values());
         } catch (IOException e) {
             throw new PluginLoadingFailure("Unable to rewrite the paths in the solutions", e);
         }
diff --git a/src/main/java/org/owasp/webgoat/plugins/PluginClassLoader.java b/src/main/java/org/owasp/webgoat/plugins/PluginClassLoader.java
index 6af81a6d3..b5796c0f0 100644
--- a/src/main/java/org/owasp/webgoat/plugins/PluginClassLoader.java
+++ b/src/main/java/org/owasp/webgoat/plugins/PluginClassLoader.java
@@ -1,22 +1,42 @@
 package org.owasp.webgoat.plugins;
 
+import com.google.common.base.Optional;
+import com.google.common.base.Predicate;
+import com.google.common.collect.FluentIterable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.util.ArrayList;
+import java.util.List;
+
 public class PluginClassLoader extends ClassLoader {
 
+    private final List<Class<?>> classes = new ArrayList<>();
     private final Logger logger = LoggerFactory.getLogger(Plugin.class);
-    private final byte[] classFile;
 
-    public PluginClassLoader(ClassLoader parent, String nameOfClass, byte[] classFile) {
-        super(parent);
-        logger.debug("Creating class loader for {}", nameOfClass);
-        this.classFile = classFile;
+    public Class<?> loadClass(String nameOfClass, byte[] classFile) {
+        Class<?> clazz = defineClass(nameOfClass, classFile, 0, classFile.length);
+        classes.add(clazz);
+        return clazz;
     }
 
-    public Class findClass(String name) {
+    public PluginClassLoader(ClassLoader contextClassLoader) {
+        super(contextClassLoader);
+    }
+
+    public Class findClass(final String name) throws ClassNotFoundException {
         logger.debug("Finding class " + name);
-        return defineClass(name, classFile, 0, classFile.length);
+        Optional<Class<?>> foundClass = FluentIterable.from(classes)
+                .firstMatch(new Predicate<Class<?>>() {
+                    @Override
+                    public boolean apply(Class<?> clazz) {
+                        return clazz.getName().equals(name);
+                    }
+                });
+        if (foundClass.isPresent()) {
+            return foundClass.get();
+        }
+        throw new ClassNotFoundException("Class " + name + " not found");
     }
 
 }