From 6aaa7433027944ac88f5700c0fc8881fa47634ba Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Sun, 29 Aug 2021 13:56:42 +0200 Subject: [PATCH] Fix vulnerable components lesson for Java 16. --- docker/start.sh | 12 +++++++++++- .../en/VulnerableComponents_content5a.adoc | 2 ++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/docker/start.sh b/docker/start.sh index c55d92646..b1194e169 100644 --- a/docker/start.sh +++ b/docker/start.sh @@ -4,7 +4,17 @@ cd /home/webgoat service nginx start sleep 1 echo "Starting WebGoat..." -java -Duser.home=/home/webgoat -Dfile.encoding=UTF-8 -jar webgoat.jar --webgoat.build.version=$1 --server.address=0.0.0.0 > webgoat.log & + +java \ + -Duser.home=/home/webgoat \ + -Dfile.encoding=UTF-8 \ + --add-opens java.base/java.util=ALL-UNNAMED \ + --add-opens java.base/java.lang.reflect=ALL-UNNAMED \ + --add-opens java.base/java.text=ALL-UNNAMED \ + --add-opens java.desktop/java.awt.font=ALL-UNNAMED \ + --add-opens java.base/sun.nio.ch=ALL-UNNAMED \ + --add-opens java.base/java.io=ALL-UNNAMED \ + -jar webgoat.jar --webgoat.build.version="$1" --server.address=0.0.0.0 > webgoat.log & sleep 10 diff --git a/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5a.adoc b/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5a.adoc index ef89632e1..48b4b334f 100644 --- a/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5a.adoc +++ b/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5a.adoc @@ -1,5 +1,7 @@ == Exploiting http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7285[CVE-2013-7285] (XStream) +NOTE: This lesson only works when you are using the Docker image of WebGoat. + WebGoat uses an XML document to add contacts to a contacts database. [source,xml] ----