From e81cbd34ca8c2fb42a9365ae582a5644019f8c13 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Thu, 27 Aug 2015 07:57:03 +0200 Subject: [PATCH 1/7] Http Basics lessons fails to load #53 --- .../webgoat/plugins/GlobalProperties.java | 26 ----- .../org/owasp/webgoat/plugins/Plugin.java | 13 +-- .../owasp/webgoat/plugins/PluginsLoader.java | 2 + .../plugins/ResourceBundleClassLoader.java | 33 ------- .../org/owasp/webgoat/session/Course.java | 3 - .../owasp/webgoat/util/LabelManagerImpl.java | 9 +- .../org/owasp/webgoat/util/LabelProvider.java | 97 +++++++++++-------- .../i18n/WebGoatLabels.properties | 0 .../i18n/WebGoatLabels_de.properties | 0 .../i18n/WebGoatLabels_fr.properties | 0 .../i18n/WebGoatLabels_ru.properties | 0 .../webgoat/plugins/GlobalPropertiesTest.java | 40 -------- .../owasp/webgoat/util/LabelProviderTest.java | 33 +++++++ 13 files changed, 102 insertions(+), 154 deletions(-) delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/plugins/GlobalProperties.java delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/plugins/ResourceBundleClassLoader.java rename webgoat-container/src/main/{webapp/container => resources}/i18n/WebGoatLabels.properties (100%) rename webgoat-container/src/main/{webapp/container => resources}/i18n/WebGoatLabels_de.properties (100%) rename webgoat-container/src/main/{webapp/container => resources}/i18n/WebGoatLabels_fr.properties (100%) rename webgoat-container/src/main/{webapp/container => resources}/i18n/WebGoatLabels_ru.properties (100%) delete mode 100644 webgoat-container/src/test/java/org/owasp/webgoat/plugins/GlobalPropertiesTest.java create mode 100644 webgoat-container/src/test/java/org/owasp/webgoat/util/LabelProviderTest.java diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/GlobalProperties.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/GlobalProperties.java deleted file mode 100644 index d1faa6ea8..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/GlobalProperties.java +++ /dev/null @@ -1,26 +0,0 @@ -package org.owasp.webgoat.plugins; - -import java.io.IOException; -import java.nio.file.Path; -import java.util.List; -import java.util.Objects; - -public final class GlobalProperties { - - private final Path pluginDirectory; - - public GlobalProperties(Path pluginDirectory) { - this.pluginDirectory = Objects.requireNonNull(pluginDirectory, "pluginDirectory cannot be null"); - } - - public void loadProperties(Path globalPropertiesPath) { - try { - PluginFileUtils.createDirsIfNotExists(pluginDirectory); - List filesInDirectory = PluginFileUtils.getFilesInDirectory(globalPropertiesPath); - new Plugin(pluginDirectory).loadFiles(filesInDirectory, true); - } catch (IOException e) { - throw new IllegalStateException("Unable to load global properties, check your installation for the directory i18n: " + globalPropertiesPath.toString(), e); - } - } - -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java index 0a22fd066..a9b2121c1 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java @@ -5,8 +5,8 @@ import com.google.common.base.Preconditions; import com.google.common.collect.Lists; import org.owasp.webgoat.classloader.PluginClassLoader; import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.util.LabelProvider; -import java.io.ByteArrayOutputStream; import java.io.File; import java.io.IOException; import java.nio.file.Files; @@ -90,16 +90,11 @@ public class Plugin { private void copyProperties(boolean reload, Path file) { try { - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - Files.copy(file, bos); + byte[] lines = Files.readAllBytes(file); Path propertiesPath = createPropertiesDirectory(); - ResourceBundleClassLoader.setPropertiesPath(propertiesPath); + LabelProvider.updatePluginResources(propertiesPath); PluginFileUtils.createDirsIfNotExists(file.getParent()); - if (reload) { - Files.write(propertiesPath.resolve(file.getFileName()), bos.toByteArray(), CREATE, APPEND); - } else { - Files.write(propertiesPath.resolve(file.getFileName()), bos.toByteArray(), CREATE, TRUNCATE_EXISTING); - } + Files.write(propertiesPath.resolve(file.getFileName()), lines, CREATE, (reload ? APPEND : TRUNCATE_EXISTING)); } catch (IOException io) { throw new PluginLoadingFailure("Property file detected, but unable to copy the properties", io); } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java index b2d727fb0..cdea39ee2 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java @@ -3,6 +3,7 @@ package org.owasp.webgoat.plugins; import com.google.common.base.Preconditions; import com.google.common.collect.Lists; import org.owasp.webgoat.classloader.PluginClassLoader; +import org.owasp.webgoat.util.LabelProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -78,6 +79,7 @@ public class PluginsLoader implements Runnable { plugins.add(plugin); } } + LabelProvider.refresh(); return plugins; } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/ResourceBundleClassLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/ResourceBundleClassLoader.java deleted file mode 100644 index dcd27266a..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/ResourceBundleClassLoader.java +++ /dev/null @@ -1,33 +0,0 @@ -package org.owasp.webgoat.plugins; - -import java.io.IOException; -import java.net.URL; -import java.net.URLClassLoader; -import java.nio.file.Path; -import java.util.ArrayList; -import java.util.List; - -public class ResourceBundleClassLoader { - - private final static ResourceBundleClassLoader classLoader = new ResourceBundleClassLoader(); - private Path propertiesPath; - - private ResourceBundleClassLoader() { - } - - public static void setPropertiesPath(Path path) { - classLoader.propertiesPath = path; - } - - public static ClassLoader createPropertyFilesClassLoader() { - final List urls = new ArrayList<>(); - - try { - urls.add(classLoader.propertiesPath.toUri().toURL()); - } catch (IOException e) { - throw new PluginLoadingFailure("Unable to load the properties for the classloader", e); - } - return new URLClassLoader(urls.toArray(new URL[urls.size()]), Thread.currentThread().getContextClassLoader()); - } - -} \ No newline at end of file diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java index a69774d93..b381ba71c 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java @@ -3,7 +3,6 @@ package org.owasp.webgoat.session; import org.owasp.webgoat.HammerHead; import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.plugins.GlobalProperties; import org.owasp.webgoat.plugins.Plugin; import org.owasp.webgoat.plugins.PluginsLoader; import org.slf4j.Logger; @@ -24,7 +23,6 @@ import javax.servlet.ServletContext; import org.owasp.webgoat.HammerHead; import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Category; -import org.owasp.webgoat.plugins.GlobalProperties; import org.owasp.webgoat.plugins.LegacyLoader; import org.owasp.webgoat.plugins.Plugin; import org.owasp.webgoat.plugins.PluginsLoader; @@ -299,7 +297,6 @@ public class Course { logger.error("Plugins directory {} not found", pluginPath); return; } - new GlobalProperties(Paths.get(targetPath)).loadProperties(Paths.get(context.getRealPath("container//i18n"))); List plugins = new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).loadPlugins(true); for (Plugin plugin : plugins) { diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/util/LabelManagerImpl.java b/webgoat-container/src/main/java/org/owasp/webgoat/util/LabelManagerImpl.java index 5427a11a9..2c6b59661 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/util/LabelManagerImpl.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/util/LabelManagerImpl.java @@ -1,11 +1,9 @@ package org.owasp.webgoat.util; -import org.springframework.context.annotation.Scope; -import org.springframework.context.annotation.ScopedProxyMode; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import javax.annotation.Resource; import java.io.Serializable; import java.util.Locale; @@ -38,10 +36,11 @@ import java.util.Locale; * For details, please see http://webgoat.github.io */ @Component("labelManager") -@Scope(value="session", proxyMode=ScopedProxyMode.INTERFACES) public class LabelManagerImpl implements LabelManager, Serializable { - @Resource + private static final long serialVersionUID = 1L; + + @Autowired private transient LabelProvider labelProvider; /** Locale mapped with current session. */ diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/util/LabelProvider.java b/webgoat-container/src/main/java/org/owasp/webgoat/util/LabelProvider.java index 370f6434c..5aa3a85c8 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/util/LabelProvider.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/util/LabelProvider.java @@ -1,70 +1,91 @@ package org.owasp.webgoat.util; -import org.owasp.webgoat.plugins.ResourceBundleClassLoader; +import org.springframework.context.support.ReloadableResourceBundleMessageSource; +import org.springframework.core.io.FileSystemResource; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; import org.springframework.stereotype.Component; -import java.util.HashMap; +import javax.inject.Singleton; +import java.nio.file.Path; +import java.util.Arrays; +import java.util.List; import java.util.Locale; -import java.util.ResourceBundle; -/*************************************************************************************************** - * - * +/** + * ************************************************************************************************ + *

+ *

* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * please see http://www.owasp.org/ - * + *

* Copyright (c) 2002 - 20014 Bruce Mayhew - * + *

* This program is free software; you can redistribute it and/or modify it under the terms of the * GNU General Public License as published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. - * + *

* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. - * + *

* You should have received a copy of the GNU General Public License along with this program; if * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * 02111-1307, USA. - * + *

* Getting Source ============== - * + *

* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for * free software projects. - * + *

* For details, please see http://webgoat.github.io */ @Component -public class LabelProvider -{ - public final static String DEFAULT_LANGUAGE = Locale.ENGLISH.getLanguage(); +@Singleton +public class LabelProvider { + public final static String DEFAULT_LANGUAGE = Locale.ENGLISH.getLanguage(); - private final HashMap labels = new HashMap(); - private final WebGoatResourceBundleController localeController = new WebGoatResourceBundleController(); + private static final List SUPPORTED = Arrays.asList(Locale.GERMAN, Locale.FRENCH, Locale.ENGLISH, + Locale.forLanguageTag("ru")); + private final ReloadableResourceBundleMessageSource labels = new ReloadableResourceBundleMessageSource(); + private static final ReloadableResourceBundleMessageSource pluginLabels = new ReloadableResourceBundleMessageSource(); - public String get(Locale locale, String strName) - { - if (!labels.containsKey(locale)) - { - ClassLoader classLoader = ResourceBundleClassLoader.createPropertyFilesClassLoader(); - ResourceBundle resBundle = ResourceBundle.getBundle("WebGoatLabels", locale, classLoader, localeController); - labels.put(locale, resBundle); - } - return labels.get(locale).getString(strName); - } + public LabelProvider() { + labels.setBasename("classpath:/i18n/WebGoatLabels"); + labels.setFallbackToSystemLocale(false); + labels.setUseCodeAsDefaultMessage(true); + pluginLabels.setParentMessageSource(labels); + } - private class WebGoatResourceBundleController extends ResourceBundle.Control - { - private final Locale fallbackLocale = new Locale(DEFAULT_LANGUAGE); + public static void updatePluginResources(final Path propertyFile) { + pluginLabels.setBasename("WebGoatLabels"); + pluginLabels.setFallbackToSystemLocale(false); + pluginLabels.setUseCodeAsDefaultMessage(true); + pluginLabels.setResourceLoader(new ResourceLoader() { + @Override + public Resource getResource(String location) { + return new FileSystemResource(propertyFile.toFile()); + } - @Override - public Locale getFallbackLocale(String baseName, Locale locale) - { - if (!fallbackLocale.equals(locale)) { return fallbackLocale; } - return Locale.ROOT; - } - } + @Override + public ClassLoader getClassLoader() { + return Thread.currentThread().getContextClassLoader(); + } + }); + } + + public static void refresh() { + pluginLabels.clearCache(); + } + + public String get(Locale locale, String strName) { + return pluginLabels.getMessage(strName, null, useLocaleOrFallbackToEnglish(locale)); + } + + private Locale useLocaleOrFallbackToEnglish(Locale locale) { + return SUPPORTED.contains(locale) ? Locale.ENGLISH : locale; + } } diff --git a/webgoat-container/src/main/webapp/container/i18n/WebGoatLabels.properties b/webgoat-container/src/main/resources/i18n/WebGoatLabels.properties similarity index 100% rename from webgoat-container/src/main/webapp/container/i18n/WebGoatLabels.properties rename to webgoat-container/src/main/resources/i18n/WebGoatLabels.properties diff --git a/webgoat-container/src/main/webapp/container/i18n/WebGoatLabels_de.properties b/webgoat-container/src/main/resources/i18n/WebGoatLabels_de.properties similarity index 100% rename from webgoat-container/src/main/webapp/container/i18n/WebGoatLabels_de.properties rename to webgoat-container/src/main/resources/i18n/WebGoatLabels_de.properties diff --git a/webgoat-container/src/main/webapp/container/i18n/WebGoatLabels_fr.properties b/webgoat-container/src/main/resources/i18n/WebGoatLabels_fr.properties similarity index 100% rename from webgoat-container/src/main/webapp/container/i18n/WebGoatLabels_fr.properties rename to webgoat-container/src/main/resources/i18n/WebGoatLabels_fr.properties diff --git a/webgoat-container/src/main/webapp/container/i18n/WebGoatLabels_ru.properties b/webgoat-container/src/main/resources/i18n/WebGoatLabels_ru.properties similarity index 100% rename from webgoat-container/src/main/webapp/container/i18n/WebGoatLabels_ru.properties rename to webgoat-container/src/main/resources/i18n/WebGoatLabels_ru.properties diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/plugins/GlobalPropertiesTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/plugins/GlobalPropertiesTest.java deleted file mode 100644 index 109d35d26..000000000 --- a/webgoat-container/src/test/java/org/owasp/webgoat/plugins/GlobalPropertiesTest.java +++ /dev/null @@ -1,40 +0,0 @@ -package org.owasp.webgoat.plugins; - -import org.junit.Test; - -import java.io.IOException; -import java.nio.charset.StandardCharsets; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.util.Arrays; - -import static org.junit.Assert.assertNotNull; - -public class GlobalPropertiesTest { - - @Test - public void propertyFilesShouldBeLoaded() throws IOException { - Path tempDirectory = PluginTestHelper.createTmpDir(); - Path pluginDirectory = Files.createDirectory(Paths.get(tempDirectory.toString(), "plugins")); - Path directory = Files.createDirectory(Paths.get(tempDirectory.toString(), "i18n")); - Path globalProperties = Files.createFile(Paths.get(directory.toString(), "global.properties")); - Files.write(globalProperties, Arrays.asList("test=label for test"), StandardCharsets.UTF_8); - new GlobalProperties(pluginDirectory).loadProperties(directory); - - ClassLoader propertyFilesClassLoader = - ResourceBundleClassLoader.createPropertyFilesClassLoader(); - assertNotNull(propertyFilesClassLoader.getResourceAsStream("global.properties")); - } - - @Test(expected = IllegalStateException.class) - public void propertyFilesDirectoryNotFoundShouldRaiseError() throws IOException { - Path tempDirectory = PluginTestHelper.createTmpDir(); - Path pluginDirectory = Files.createDirectory(Paths.get(tempDirectory.toString(), "plugins")); - Path directory = Files.createDirectory(Paths.get(tempDirectory.toString(), "i18n")); - Files.delete(directory); - - new GlobalProperties(pluginDirectory).loadProperties(directory); - } - -} \ No newline at end of file diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/util/LabelProviderTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/util/LabelProviderTest.java new file mode 100644 index 000000000..5d27873db --- /dev/null +++ b/webgoat-container/src/test/java/org/owasp/webgoat/util/LabelProviderTest.java @@ -0,0 +1,33 @@ +package org.owasp.webgoat.util; + +import org.hamcrest.CoreMatchers; +import org.junit.Test; +import org.springframework.core.io.ClassPathResource; + +import java.io.IOException; +import java.util.Locale; + +import static org.junit.Assert.assertThat; + +public class LabelProviderTest { + + @Test + public void defaultLabelsShouldBePresent() { + LabelProvider labelProvider = new LabelProvider(); + assertThat(labelProvider.get(Locale.ENGLISH, "LessonCompleted"), CoreMatchers.equalTo( + "Congratulations. You have successfully completed this lesson.")); + } + + @Test + public void loadingPluginLabels() throws IOException { + LabelProvider labelProvider = new LabelProvider(); + labelProvider.updatePluginResources(new ClassPathResource("log4j.properties").getFile().toPath()); + LabelProvider.refresh(); + assertThat(labelProvider.get(Locale.ENGLISH, "LessonCompleted"), CoreMatchers.equalTo( + "Congratulations. You have successfully completed this lesson.")); + assertThat(labelProvider.get(Locale.ENGLISH, "log4j.appender.CONSOLE.Target"), CoreMatchers.equalTo( + "System.out")); + } + + +} \ No newline at end of file From 010404d2e14a487e367768f1b65b8029b6986b09 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Fri, 28 Aug 2015 06:40:27 +0200 Subject: [PATCH 2/7] Increase performance while extracting the plugins --- .gitignore | 4 +- .../owasp/webgoat/plugins/PluginsLoader.java | 41 +++++++++++++++---- 2 files changed, 36 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index ca73a7e10..c785967b3 100644 --- a/.gitignore +++ b/.gitignore @@ -32,4 +32,6 @@ classes/* /*.iml .extract/* -UserDatabase.mv.db \ No newline at end of file +UserDatabase.mv.db +webgoat-container/src/main/webapp/users/guest.org.owasp.webgoat.plugin.*.props +webgoat-container/src/main/webapp/plugin_lessons/dist-*.pom \ No newline at end of file diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java index cdea39ee2..1a02be5fd 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java @@ -8,7 +8,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; -import java.net.URISyntaxException; import java.net.URL; import java.nio.file.FileVisitResult; import java.nio.file.Files; @@ -17,6 +16,11 @@ import java.nio.file.Paths; import java.nio.file.SimpleFileVisitor; import java.nio.file.attribute.BasicFileAttributes; import java.util.List; +import java.util.concurrent.Callable; +import java.util.concurrent.CompletionService; +import java.util.concurrent.ExecutorCompletionService; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; public class PluginsLoader implements Runnable { @@ -35,7 +39,7 @@ public class PluginsLoader implements Runnable { } public List loadPlugins(final boolean reload) { - final PluginClassLoader cl = (PluginClassLoader)Thread.currentThread().getContextClassLoader(); + final PluginClassLoader cl = (PluginClassLoader) Thread.currentThread().getContextClassLoader(); List plugins = Lists.newArrayList(); try { @@ -43,7 +47,7 @@ public class PluginsLoader implements Runnable { List jars = listJars(); cl.addURL(jars); plugins = processPlugins(jars, reload); - } catch (IOException | URISyntaxException e) { + } catch (Exception e) { logger.error("Loading plugins failed", e); } return plugins; @@ -64,13 +68,18 @@ public class PluginsLoader implements Runnable { return jars; } - private List processPlugins(List jars, boolean reload) throws URISyntaxException, IOException { + private List processPlugins(List jars, boolean reload) throws Exception { final List plugins = Lists.newArrayList(); - for (URL jar : jars) { - - PluginExtractor extractor = new PluginExtractor(Paths.get(jar.toURI())); - extractor.extract(pluginTarget); + final ExecutorService executorService = Executors.newFixedThreadPool(20); + final CompletionService completionService = new ExecutorCompletionService<>(executorService); + final List> callables = extractJars(jars); + for (Callable s : callables) { + completionService.submit(s); + } + int n = callables.size(); + for (int i = 0; i < n; i++) { + PluginExtractor extractor = completionService.take().get(); Plugin plugin = new Plugin(pluginTarget, extractor.getClasses()); if (plugin.getLesson().isPresent()) { PluginFileUtils.createDirsIfNotExists(pluginTarget); @@ -83,6 +92,22 @@ public class PluginsLoader implements Runnable { return plugins; } + private List> extractJars(List jars) { + List> extractorCallables = Lists.newArrayList(); + for (final URL jar : jars) { + extractorCallables.add(new Callable() { + + @Override + public PluginExtractor call() throws Exception { + PluginExtractor extractor = new PluginExtractor(Paths.get(jar.toURI())); + extractor.extract(pluginTarget); + return extractor; + } + }); + } + return extractorCallables; + } + @Override public void run() { loadPlugins(true); From a44e08cbfd3ceaf9cfce9b64f09d0d8590cc80e8 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Fri, 28 Aug 2015 07:44:24 +0200 Subject: [PATCH 3/7] Adjusted LabelProvider to use other loader --- .../main/java/org/owasp/webgoat/util/LabelProvider.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/util/LabelProvider.java b/webgoat-container/src/main/java/org/owasp/webgoat/util/LabelProvider.java index 5aa3a85c8..4c1192c52 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/util/LabelProvider.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/util/LabelProvider.java @@ -2,12 +2,13 @@ package org.owasp.webgoat.util; import org.springframework.context.support.ReloadableResourceBundleMessageSource; -import org.springframework.core.io.FileSystemResource; import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; +import org.springframework.core.io.UrlResource; import org.springframework.stereotype.Component; import javax.inject.Singleton; +import java.net.MalformedURLException; import java.nio.file.Path; import java.util.Arrays; import java.util.List; @@ -66,7 +67,11 @@ public class LabelProvider { pluginLabels.setResourceLoader(new ResourceLoader() { @Override public Resource getResource(String location) { - return new FileSystemResource(propertyFile.toFile()); + try { + return new UrlResource(propertyFile.toUri()); + } catch (MalformedURLException e) { + throw new RuntimeException(e); + } } @Override From de6f1cf28990d8874132fc851a0611d72639a184 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Fri, 28 Aug 2015 09:07:32 -0400 Subject: [PATCH 4/7] Change travis buils to not run Integration Tests on pull requests --- .travis.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2eca17b98..c808ff014 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,7 +8,7 @@ script: - git clone https://github.com/WebGoat/WebGoat-Lessons.git - mvn -file ./WebGoat-Lessons/pom.xml package - cp -fa ./WebGoat-Lessons/target/plugins/*.jar ./webgoat-container/src/main/webapp/plugin_lessons/ - - mvn -Prun-integration-tests package verify install + - if [[ $TRAVIS_PULL_REQUEST == "false" ]]; then mvn -Prun-integration-tests package verify install; else mvn package install; fi before_deploy: - export WEBGOAT_ARTIFACT_VERSION=$(grep "" $HOME/build/$TRAVIS_REPO_SLUG/pom.xml | cut -d ">" -f 2 | cut -d "<" -f 1) - export WEBGOAT_JAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.jar @@ -36,7 +36,6 @@ deploy: jdk: oraclejdk8 notifications: slack: - rooms: - secure: "RS/QCVjDAt8y7c816d8UIJUl2OLaRRU6gjh//7Kb4f9TyKRACtP0Qa9NVNhSXuvb2kzUTOFb76Lz8utnt2a3iZ+elZMvnQu8+HioKr9wWJPKml8TLC+tCclQnSAz7orsQ0ubgUlsVycs7bsaQ79aKw1C9YdH+QNDgMKDxvfrEKk=" + secure: S9VFew5NSE8WDzYD1VDBUULKKT0fzgblQACznwQ85699b2yeX9TX58N3RZvRS1JVagVP1wu2xOrwN2g+AWx4Ro3UBZD5XG86uTJWpCLD4cRWHBoGMH2TfvI7/IzsWmgxH4MBxFRvZr/eEhlVAux+N9H4EoEdS4CKsJXEqV37PlA= addons: sauce_connect: true From 13b63651daecfe73821d7864d60c2f9b0c019a43 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Fri, 28 Aug 2015 09:35:34 -0400 Subject: [PATCH 5/7] Replacing Maven package/verify goals by maven install, which runs all of them --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index c808ff014..f5d7eab28 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,11 +4,11 @@ jdk: - oraclejdk8 install: "/bin/true" script: - - mvn clean compile install + - mvn clean install - git clone https://github.com/WebGoat/WebGoat-Lessons.git - mvn -file ./WebGoat-Lessons/pom.xml package - cp -fa ./WebGoat-Lessons/target/plugins/*.jar ./webgoat-container/src/main/webapp/plugin_lessons/ - - if [[ $TRAVIS_PULL_REQUEST == "false" ]]; then mvn -Prun-integration-tests package verify install; else mvn package install; fi + - if [[ $TRAVIS_PULL_REQUEST == "false" ]]; then mvn -Prun-integration-tests clean install; else mvn clean install; fi before_deploy: - export WEBGOAT_ARTIFACT_VERSION=$(grep "" $HOME/build/$TRAVIS_REPO_SLUG/pom.xml | cut -d ">" -f 2 | cut -d "<" -f 1) - export WEBGOAT_JAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.jar From 2f43c16cc12473df830761ebecc229b7e277f732 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Fri, 28 Aug 2015 16:24:04 +0200 Subject: [PATCH 6/7] Clicking on 'LAB: Role Based Access Control' produces 'Invalid Session' in UI #44 --- .../org/owasp/webgoat/session/WebSession.java | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java index b479a3d7e..879c3af03 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java @@ -842,13 +842,17 @@ public class WebSession { } else if (al instanceof RandomLessonAdapter) { try { RandomLessonAdapter rla = (RandomLessonAdapter) al; - int stage = myParser.getIntParameter(STAGE) - 1; - String[] stages = rla.getStages(); - if (stages == null) { - stages = new String[0]; - } - if (stage >= 0 && stage < stages.length) { - rla.setStage(this, stages[stage]); + if (!myParser.getRawParameter(STAGE).equals("null")) { + int stage = myParser.getIntParameter(STAGE) - 1; + String[] stages = rla.getStages(); + if (stages == null) { + stages = new String[0]; + } + if (stage >= 0 && stage < stages.length) { + rla.setStage(this, stages[stage]); + } + } else { + rla.setStage(this, null); } } catch (ParameterNotFoundException pnfe) { } From 16f5ca4d0baf2a67a256d91d60f88f9b77052c01 Mon Sep 17 00:00:00 2001 From: mayhew64 Date: Fri, 28 Aug 2015 11:33:08 -0400 Subject: [PATCH 7/7] Update README.MD --- README.MD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.MD b/README.MD index 7964ea035..e30413d36 100644 --- a/README.MD +++ b/README.MD @@ -125,7 +125,7 @@ cd WebGoat mvn -pl webgoat-container tomcat7:run-war ``` -Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking ! +Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and happy hacking ! #### Option #2: Java executable JAR The __maven package__ goal generates an executable .jar file: @@ -137,7 +137,7 @@ cd webgoat-container/target java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar http://localhost:8080/WebGoat ``` -Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking ! +Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and happy hacking ! #### Option #3: Deploy the WebGoat WAR file in yout local Tomcat or other Application Serve: The __maven package__ goal generates a .war file that can deployed into an Application Server, such as Tomcat @@ -148,4 +148,4 @@ mvn package cp webgoat-container/target/webgoat-container-7.0-SNAPSHOT-war-exec.jar /webapps/ ``` -Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking ! +Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and happy hacking !