Merge branch 'feature/spring-boot' of https://github.com/WebGoat/WebGoat into feature/spring-boot

README.MD

@@ -52,15 +52,27 @@ The "Easy Run" JAR file offers a no hassle approach to testing and running WebGo
 wish to simply try/test/run the current development version of WebGoat
 
 ### Prerequisites:
-* Java VM 1.8 installed
+* Java VM 1.8 or Docker installed
 
 ## Easy Run Instructions:
 
-#### 1. Download the easy run executable jar file which contains all the lessons and a embedded Tomcat server:
+#### 1. Docker image
+
+The latest version of WebGoat is available at DockerHub, see [https://hub.docker.com/r/webgoat/webgoat-container/](https://hub.docker.com/r/webgoat/webgoat-container/).
+First install Docker, then open a command shell/window and type:
+
+```Shell
+docker pull webgoat/webgoat-container
+docker run -p 8080:8080 webgoat/webgoat-container
+```
+
+Wait for the Docker container to start and go to step 3.
+
+#### 2. Download the easy run executable jar file which contains all the lessons and a embedded Tomcat server:
 
 https://s3.amazonaws.com/webgoat-war/webgoat-container-7.0.1-war-exec.jar
 
-#### 2. Run it using java:
+#### 3. Run it using java:
 
 Open a command shell/window, browse to where you downloaded the easy run jar and type:
 
@@ -177,13 +189,17 @@ To be able to see which labels are loaded through a property file, open up the d
 After the reload is complete, all labels which are loaded from a property file will be __marked green__.
 
 
-## Docker support
+## Building a new Docker image
 
 WebGoat now has Docker support you can build a container with the following commands:
 
 ```Shell
-cd WebGoat
-mvn -pl webgoat-container package docker:build
+cd WebGoat/
+mvn package
+cd webgoat-container
+mvn docker:build
+docker login
+docker push webgoat/webgoat-container
 ```
 
 With the following command you are able to run the Docker container on your local machine:
@@ -194,4 +210,3 @@ docker ps
 ```
 
 With the last command you are able to determine ip address to connect to.
-At the moment the Docker image is not distributed to a Docker registry.

pom.xml

@@ -129,7 +129,6 @@
         <commons-lang3.version>3.4</commons-lang3.version>
         <commons-logging.version>1.2</commons-logging.version>
         <coveralls-maven-plugin.version>4.0.0</coveralls-maven-plugin.version>
-        <ecs.version>1.4.2</ecs.version>
         <guava.version>18.0</guava.version>
         <h2.version>1.4.190</h2.version>
         <hsqldb.version>1.8.0.10</hsqldb.version>

webgoat-container/pom.xml

@@ -252,11 +252,6 @@
             <artifactId>wsdl4j</artifactId>
             <version>${wsdl4j.version}</version>
         </dependency>
-        <dependency>
-            <groupId>ecs</groupId>
-            <artifactId>ecs</artifactId>
-            <version>${ecs.version}</version>
-        </dependency>
         <dependency>
             <groupId>javax.transaction</groupId>
             <artifactId>javax.transaction-api</artifactId>

webgoat-container/src/main/docker/Dockerfile

@@ -1,5 +1,6 @@
 FROM frolvlad/alpine-oraclejdk8:slim
 VOLUME /tmp
+RUN cd /root; mkdir -p .webgoat
 ADD webgoat-container-8.0-SNAPSHOT.war webgoat.jar
 RUN sh -c 'touch /webgoat.jar'
 ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/webgoat.jar"]

webgoat-container/src/main/resources/templates/login.html

@@ -37,7 +37,7 @@
             <form th:action="@{/login}" method='POST' style="width: 400px;">
                 <div class="form-group">
                     <label for="exampleInputEmail1">Username</label>
-                    <input type="text" class="form-control" id="exampleInputEmail1" placeholder="Username" name='username'/>
+                    <input autofocus="dummy_for_thymeleaf_parser" type="text" class="form-control" id="exampleInputEmail1" placeholder="Username" name='username'/>
                 </div>
                 <div class="form-group">
                     <label for="exampleInputPassword1">Password</label>

webgoat-lessons/client-side-filtering/src/main/java/org/owasp/webgoat/plugin/Salaries.java

@@ -4,12 +4,11 @@ package org.owasp.webgoat.plugin;
  *
  */
 
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
 import org.owasp.webgoat.lessons.Endpoint;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.xml.sax.InputSource;
@@ -24,11 +23,14 @@ import javax.xml.xpath.XPathFactory;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
+import java.util.List;
+import java.util.Map;
 
 public class Salaries extends Endpoint {
 
-    @RequestMapping(method = RequestMethod.GET)
-    public void invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+    @RequestMapping(produces = {"application/json"})
+    @ResponseBody
+    public List<Map<String, Object>> invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         String userId = req.getParameter("userId");
         NodeList nodes = null;
         File d = new File(getPluginDirectory(), "ClientSideFiltering/html/employees.xml");
@@ -52,49 +54,18 @@ public class Salaries extends Endpoint {
         } catch (XPathExpressionException e) {
             e.printStackTrace();
         }
-        int nodesLength = nodes.getLength();
-
-
-        TR tr;
-
         int COLUMNS = 5;
-
-        Table t2 = null;
-        if (nodesLength > 0) {
-            t2 = new Table().setCellSpacing(0).setCellPadding(0)
-                    .setBorder(1).setWidth("90%").setAlign("center");
-            tr = new TR();
-            tr.addElement(new TD().addElement("UserID"));
-            tr.addElement(new TD().addElement("First Name"));
-            tr.addElement(new TD().addElement("Last Name"));
-            tr.addElement(new TD().addElement("SSN"));
-            tr.addElement(new TD().addElement("Salary"));
-            t2.addElement(tr);
-        }
-
-        tr = new TR();
-
-        for (int i = 0; i < nodesLength; i++) {
+        List json = Lists.newArrayList();
+        java.util.Map<String, Object> employeeJson = Maps.newHashMap();
+        for (int i = 0; i < nodes.getLength(); i++) {
+            if (i != 0 && i % COLUMNS == 0) {
+                employeeJson = Maps.newHashMap();
+                json.add(employeeJson);
+            }
             Node node = nodes.item(i);
-
-            if (i % COLUMNS == 0) {
-                tr = new TR();
-                tr.setID(node.getTextContent());
-                //tr.setStyle("display: none");
-            }
-
-            tr.addElement(new TD().addElement(node.getTextContent()));
-
-            if (i % COLUMNS == (COLUMNS - 1)) {
-                t2.addElement(tr);
-            }
-        }
-
-        if (t2 != null) {
-            resp.getWriter().println(t2.toString());
-        } else {
-            resp.getWriter().println("No Results");
+            employeeJson.put(node.getNodeName(), node.getTextContent());
         }
+        return json;
     }
 
     @Override

webgoat-lessons/client-side-filtering/src/main/resources/plugin/ClientSideFiltering/html/employees.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Employees>
-    <Employee >
+    <Employee>
         <UserID>101</UserID>
         <FirstName>Larry</FirstName>
         <LastName>Stooge</LastName>
@@ -37,8 +37,8 @@
         <DisciplinaryExplanation>Hit Curly over head</DisciplinaryExplanation>
         <DisciplinaryDate>101013</DisciplinaryDate>
         <Managers>
-			<Manager>112</Manager>
-		</Managers> 
+            <Manager>112</Manager>
+        </Managers>
     </Employee>
     <Employee>
         <UserID>103</UserID>
@@ -248,7 +248,7 @@
         <DisciplinaryExplanation></DisciplinaryExplanation>
         <DisciplinaryDate>112005</DisciplinaryDate>
         <Managers>
-		<Manager>112</Manager>
-	</Managers>
+            <Manager>112</Manager>
+        </Managers>
     </Employee>
 </Employees>

webgoat-lessons/client-side-filtering/src/main/resources/plugin/ClientSideFiltering/js/clientSideFiltering.js

@@ -15,8 +15,27 @@ function fetchUserData() {
 
 function ajaxFunction(userId) {
     $.get("clientSideFiltering/salaries?userId=" + userId, function (result, status) {
+        var html = "<table border = '1' width = '90%' align = 'center'";
+        html = html + '<tr>';
+        html = html + '<td>UserID</td>';
+        html = html + '<td>First Name</td>';
+        html = html + '<td>Last Name</td>';
+        html = html + '<td>SSN</td>';
+        html = html + '<td>Salary</td>';
+
+        for (var i = 0; i < result.length; i++) {
+            html = html + '<tr id = "' + result[i].UserID + '"</tr>';
+            html = html + '<td>' + result[i].UserID + '</td>';
+            html = html + '<td>' + result[i].FirstName + '</td>';
+            html = html + '<td>' + result[i].LastName + '</td>';
+            html = html + '<td>' + result[i].SSN + '</td>';
+            html = html + '<td>' + result[i].Salary + '</td>';
+            html = html + '</tr>';
+        }
+        html = html + '</tr></table>';
+
         var newdiv = document.createElement("div");
-        newdiv.innerHTML = result;
+        newdiv.innerHTML = html;
         var container = document.getElementById("hiddenEmployeeRecords");
         container.appendChild(newdiv);
     });