Travis now builds Docker and create a Github release.
Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications
This commit is contained in:
		| @ -13,7 +13,6 @@ | ||||
|         <version>8.0-SNAPSHOT</version> | ||||
|     </parent> | ||||
|  | ||||
|  | ||||
|     <profiles> | ||||
|         <profile> | ||||
|             <id>performance</id> | ||||
| @ -34,23 +33,6 @@ | ||||
|                 </plugins> | ||||
|             </build> | ||||
|         </profile> | ||||
|         <profile> | ||||
|             <id>local</id> | ||||
|             <activation> | ||||
|                 <activeByDefault>true</activeByDefault> | ||||
|             </activation> | ||||
|             <dependencies> | ||||
|                 <dependency> | ||||
|                     <groupId>de.flapdoodle.embed</groupId> | ||||
|                     <artifactId>de.flapdoodle.embed.mongo</artifactId> | ||||
|                 </dependency> | ||||
|             </dependencies> | ||||
|  | ||||
|         </profile> | ||||
|         <profile> | ||||
|             <id>ctf</id> | ||||
|             <!-- Connect to real mongodb --> | ||||
|         </profile> | ||||
|  | ||||
|     </profiles> | ||||
|  | ||||
| @ -149,11 +131,6 @@ | ||||
|     </build> | ||||
|  | ||||
|     <dependencies> | ||||
|         <dependency> | ||||
|             <groupId>org.owasp.webgoat</groupId> | ||||
|             <artifactId>webgoat-commons</artifactId> | ||||
|             <version>${project.version}</version> | ||||
|         </dependency> | ||||
|         <dependency> | ||||
|             <groupId>com.fasterxml.jackson.datatype</groupId> | ||||
|             <artifactId>jackson-datatype-jsr310</artifactId> | ||||
| @ -178,16 +155,7 @@ | ||||
|             <groupId>org.springframework.boot</groupId> | ||||
|             <artifactId>spring-boot-starter-cache</artifactId> | ||||
|         </dependency> | ||||
|         <dependency> | ||||
|             <groupId>org.springframework.boot</groupId> | ||||
|             <artifactId>spring-boot-starter-activemq</artifactId> | ||||
|         </dependency> | ||||
|         <dependency> | ||||
|             <groupId>org.springframework</groupId> | ||||
|             <artifactId>spring-jms</artifactId> | ||||
|         </dependency> | ||||
|  | ||||
|         <dependency> | ||||
|                <dependency> | ||||
|             <groupId>org.asciidoctor</groupId> | ||||
|             <artifactId>asciidoctorj</artifactId> | ||||
|             <version>1.5.4</version> | ||||
|  | ||||
| @ -1,23 +1,15 @@ | ||||
| package org.owasp.webgoat; | ||||
|  | ||||
| import lombok.AllArgsConstructor; | ||||
| import org.owasp.webgoat.login.LoginEvent; | ||||
| import org.owasp.webgoat.session.Course; | ||||
| import org.owasp.webgoat.users.WebGoatUser; | ||||
| import org.springframework.jms.core.JmsTemplate; | ||||
| import org.springframework.security.core.Authentication; | ||||
| import org.springframework.stereotype.Controller; | ||||
| import org.springframework.web.bind.annotation.RequestMapping; | ||||
| import org.springframework.web.bind.annotation.RequestMethod; | ||||
| import org.springframework.web.servlet.ModelAndView; | ||||
|  | ||||
| import javax.servlet.http.Cookie; | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import javax.servlet.http.HttpServletResponse; | ||||
| import java.util.Optional; | ||||
|  | ||||
| import static java.util.Optional.empty; | ||||
| import static java.util.Optional.of; | ||||
|  | ||||
| /** | ||||
|  * ************************************************************************************************* | ||||
| @ -58,34 +50,12 @@ import static java.util.Optional.of; | ||||
| public class HammerHead { | ||||
|  | ||||
|     private final Course course; | ||||
|     private JmsTemplate jmsTemplate; | ||||
|  | ||||
|     /** | ||||
|      * Entry point for WebGoat, redirects to the first lesson found within the course. | ||||
|      */ | ||||
|     @RequestMapping(path = "/attack", method = {RequestMethod.GET, RequestMethod.POST}) | ||||
|     public ModelAndView attack(Authentication authentication, HttpServletRequest request, HttpServletResponse response) { | ||||
|         sendUserLoggedInMessage(request, response, authentication); | ||||
|         return new ModelAndView("redirect:" + "start.mvc" + course.getFirstLesson().getLink()); | ||||
|     } | ||||
|  | ||||
|     private void sendUserLoggedInMessage(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { | ||||
|         WebGoatUser user = (WebGoatUser) authentication.getPrincipal(); | ||||
|         getWebGoatCookie(request).ifPresent(c -> { | ||||
|             jmsTemplate.convertAndSend("webgoat", new LoginEvent(user.getUsername(), c.getValue()), m -> { | ||||
|                         m.setStringProperty("type", LoginEvent.class.getSimpleName()); | ||||
|                         return m; | ||||
|                     } | ||||
|             ); | ||||
|         }); | ||||
|     } | ||||
|  | ||||
|     private Optional<Cookie> getWebGoatCookie(HttpServletRequest request) { | ||||
|         for (Cookie c : request.getCookies()) { | ||||
|             if (c.getName().equals("JSESSIONID")) { | ||||
|                 return of(c); | ||||
|             } | ||||
|         } | ||||
|         return empty(); | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -1,35 +0,0 @@ | ||||
| package org.owasp.webgoat; | ||||
|  | ||||
| import com.fasterxml.jackson.databind.ObjectMapper; | ||||
| import org.apache.activemq.broker.BrokerService; | ||||
| import org.springframework.context.annotation.Bean; | ||||
| import org.springframework.context.annotation.Configuration; | ||||
| import org.springframework.jms.support.converter.MappingJackson2MessageConverter; | ||||
| import org.springframework.jms.support.converter.MessageConverter; | ||||
| import org.springframework.jms.support.converter.MessageType; | ||||
|  | ||||
| /** | ||||
|  * @author nbaars | ||||
|  * @since 8/20/17. | ||||
|  */ | ||||
| @Configuration | ||||
| public class JmsConfig { | ||||
|  | ||||
|     @Bean(initMethod = "start", destroyMethod = "stop") | ||||
|     public BrokerService broker() throws Exception { | ||||
|         final BrokerService broker = new BrokerService(); | ||||
|         broker.addConnector("tcp://localhost:61616"); | ||||
|         broker.addConnector("vm://localhost"); | ||||
|         broker.setPersistent(false); | ||||
|         return broker; | ||||
|     } | ||||
|  | ||||
|     @Bean | ||||
|     public MessageConverter jacksonJmsMessageConverter(ObjectMapper objectMapper) { | ||||
|         MappingJackson2MessageConverter converter = new MappingJackson2MessageConverter(); | ||||
|         converter.setTargetType(MessageType.TEXT); | ||||
|         converter.setObjectMapper(objectMapper); | ||||
|         converter.setTypeIdPropertyName("_type"); | ||||
|         return converter; | ||||
|     } | ||||
| } | ||||
| @ -50,6 +50,7 @@ import org.springframework.context.ApplicationContext; | ||||
| import org.springframework.context.annotation.Bean; | ||||
| import org.springframework.context.annotation.Scope; | ||||
| import org.springframework.context.annotation.ScopedProxyMode; | ||||
| import org.springframework.web.client.RestTemplate; | ||||
|  | ||||
| import java.io.File; | ||||
| import java.util.Arrays; | ||||
| @ -94,6 +95,11 @@ public class WebGoat extends SpringBootServletInitializer { | ||||
|         return new PluginsLoader(pluginEndpointPublisher).loadPlugins(); | ||||
|     } | ||||
|  | ||||
|     @Bean | ||||
|     public RestTemplate restTemplate() { | ||||
|         return new RestTemplate(); | ||||
|     } | ||||
|  | ||||
|     @Bean | ||||
|     public EmbeddedServletContainerFactory servletContainer() { | ||||
|         TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory(); | ||||
|  | ||||
| @ -31,7 +31,6 @@ | ||||
| package org.owasp.webgoat; | ||||
|  | ||||
| import lombok.AllArgsConstructor; | ||||
| import org.owasp.webgoat.login.LogoutHandler; | ||||
| import org.owasp.webgoat.users.UserService; | ||||
| import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.context.annotation.Bean; | ||||
| @ -53,7 +52,6 @@ import org.springframework.security.core.userdetails.UserDetailsService; | ||||
| public class WebSecurityConfig extends WebSecurityConfigurerAdapter { | ||||
|  | ||||
|     private final UserService userDetailsService; | ||||
|     private final LogoutHandler logoutHandler; | ||||
|  | ||||
|     @Override | ||||
|     protected void configure(HttpSecurity http) throws Exception { | ||||
| @ -71,8 +69,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { | ||||
|                 .passwordParameter("password") | ||||
|                 .permitAll(); | ||||
|         security.and() | ||||
|                 .logout().deleteCookies("JSESSIONID").invalidateHttpSession(true) | ||||
|                 .permitAll().logoutSuccessHandler(logoutHandler); | ||||
|                 .logout().deleteCookies("JSESSIONID").invalidateHttpSession(true); | ||||
|         security.and().csrf().disable(); | ||||
|  | ||||
|         http.headers().cacheControl().disable(); | ||||
|  | ||||
| @ -1,47 +0,0 @@ | ||||
| package org.owasp.webgoat.login; | ||||
|  | ||||
| import lombok.AllArgsConstructor; | ||||
| import org.owasp.webgoat.users.WebGoatUser; | ||||
| import org.springframework.jms.core.JmsTemplate; | ||||
| import org.springframework.security.core.Authentication; | ||||
| import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler; | ||||
| import org.springframework.stereotype.Component; | ||||
|  | ||||
| import javax.servlet.ServletException; | ||||
| import javax.servlet.http.Cookie; | ||||
| import javax.servlet.http.HttpServletRequest; | ||||
| import javax.servlet.http.HttpServletResponse; | ||||
| import java.io.IOException; | ||||
| import java.util.Optional; | ||||
|  | ||||
| /** | ||||
|  * @author nbaars | ||||
|  * @since 8/20/17. | ||||
|  */ | ||||
| @AllArgsConstructor | ||||
| @Component | ||||
| public class LogoutHandler extends SimpleUrlLogoutSuccessHandler { | ||||
|  | ||||
|     private JmsTemplate jmsTemplate; | ||||
|  | ||||
|     @Override | ||||
|     public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { | ||||
|         if (authentication != null) { | ||||
|             WebGoatUser user = (WebGoatUser) authentication.getPrincipal(); | ||||
|             jmsTemplate.convertAndSend("webgoat", new LogoutEvent(user.getUsername()), m -> { | ||||
|                 m.setStringProperty("type", LogoutEvent.class.getSimpleName()); | ||||
|                 return m; | ||||
|             }); | ||||
|         } | ||||
|         super.onLogoutSuccess(httpServletRequest, httpServletResponse, authentication); | ||||
|     } | ||||
|  | ||||
|     private Optional<Cookie> findSessionCookie(Cookie[] cookies) { | ||||
|         for (Cookie cookie : cookies) { | ||||
|             if ("JSESSIONID".equals(cookie.getName())) { | ||||
|                 return Optional.of(cookie); | ||||
|             } | ||||
|         } | ||||
|         return Optional.empty(); | ||||
|     } | ||||
| } | ||||
| @ -28,17 +28,20 @@ webgoat.feedback.address.html=<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org | ||||
| webgoat.database.driver=org.hsqldb.jdbcDriver | ||||
| webgoat.database.connection.string=jdbc:hsqldb:mem:{USER} | ||||
| webgoat.default.language=en | ||||
| webgoat.embedded.mongo=${WG_INTERNAL_MONGO:true} | ||||
|  | ||||
| webwolf.port=8081 | ||||
| webwolf.url=http://localhost:${webwolf.port}/WebWolf | ||||
| webworf.url.landingpage=http://localhost:${webwolf.port}/landing | ||||
| webworf.url.mail=http://localhost:${webwolf.port}/mail | ||||
|  | ||||
| spring.jackson.serialization.indent_output=true | ||||
| spring.jackson.serialization.write-dates-as-timestamps=false | ||||
|  | ||||
| spring.activemq.brokerUrl=tcp://localhost:61616 | ||||
| spring.activemq.brokerUrl=tcp://${WG_MQ_HOST:localhost}:${WG_MQ_PORT:61616} | ||||
|  | ||||
| spring.data.mongodb.port=27017 | ||||
| spring.data.mongodb.host=${WG_MONGO_HOST:localhost} | ||||
| spring.data.mongodb.port=${WG_MONGO_PORT:27017} | ||||
| spring.data.mongodb.database=webgoat | ||||
| spring.mongodb.embedded.storage.databaseDir=${webgoat.user.directory}/mongodb/ | ||||
|  | ||||
|  | ||||
| @ -1,19 +0,0 @@ | ||||
| package org.owasp.webgoat.plugins; | ||||
|  | ||||
| import org.apache.activemq.broker.BrokerService; | ||||
| import org.mockito.Mockito; | ||||
| import org.springframework.context.annotation.Bean; | ||||
| import org.springframework.context.annotation.Configuration; | ||||
|  | ||||
| /** | ||||
|  * @author nbaars | ||||
|  * @since 8/30/17. | ||||
|  */ | ||||
| @Configuration | ||||
| public class JmsTestConfig { | ||||
|  | ||||
|     @Bean | ||||
|     public BrokerService broker() throws Exception { | ||||
|         return Mockito.mock(BrokerService.class); | ||||
|     } | ||||
| } | ||||
| @ -9,7 +9,6 @@ import org.springframework.beans.factory.annotation.Autowired; | ||||
| import org.springframework.boot.context.embedded.LocalServerPort; | ||||
| import org.springframework.boot.test.context.SpringBootTest; | ||||
| import org.springframework.boot.test.mock.mockito.MockBean; | ||||
| import org.springframework.context.annotation.Import; | ||||
| import org.springframework.test.context.TestPropertySource; | ||||
| import org.springframework.test.web.servlet.MockMvc; | ||||
| import org.springframework.web.context.WebApplicationContext; | ||||
| @ -24,7 +23,6 @@ import static org.mockito.Mockito.when; | ||||
|  */ | ||||
| @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) | ||||
| @TestPropertySource(locations = "classpath:/application-test.properties") | ||||
| @Import(JmsTestConfig.class) | ||||
| public abstract class LessonTest { | ||||
|  | ||||
|     @LocalServerPort | ||||
|  | ||||
		Reference in New Issue
	
	Block a user