Fix vulnerable components lesson for Java 16.

2021-08-29 13:56:42 +02:00 · 2021-08-29 13:56:42 +02:00 · 6aaa743302
commit 6aaa743302
parent 0e08c4bde0
2 changed files with 13 additions and 1 deletions
--- a/docker/start.sh
+++ b/docker/start.sh
@ -4,7 +4,17 @@ cd /home/webgoat
 service nginx start
 sleep 1
 echo "Starting WebGoat..."
-java -Duser.home=/home/webgoat -Dfile.encoding=UTF-8 -jar webgoat.jar --webgoat.build.version=$1 --server.address=0.0.0.0  > webgoat.log &
+
+java \
+ -Duser.home=/home/webgoat \
+ -Dfile.encoding=UTF-8 \
+ --add-opens java.base/java.util=ALL-UNNAMED \
+ --add-opens java.base/java.lang.reflect=ALL-UNNAMED \
+ --add-opens java.base/java.text=ALL-UNNAMED \
+ --add-opens java.desktop/java.awt.font=ALL-UNNAMED \
+ --add-opens java.base/sun.nio.ch=ALL-UNNAMED \
+ --add-opens java.base/java.io=ALL-UNNAMED \
+ -jar webgoat.jar --webgoat.build.version="$1" --server.address=0.0.0.0 > webgoat.log &

 sleep 10

--- a/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5a.adoc
+++ b/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5a.adoc
@ -1,5 +1,7 @@
 == Exploiting http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7285[CVE-2013-7285] (XStream)

+NOTE: This lesson only works when you are using the Docker image of WebGoat.
+
 WebGoat uses an XML document to add contacts to a contacts database.  
 [source,xml]
 ----