diff --git a/buildspec.yml b/buildspec.yml deleted file mode 100644 index 477440e02..000000000 --- a/buildspec.yml +++ /dev/null @@ -1,12 +0,0 @@ -version: 0.1 - -phases: - build: - commands: - - mvn package - -artifacts: - files: - - webgoat-server/target/webgoat-server-8.0-SNAPSHOT.jar - discard-paths: yes - diff --git a/platformQuickStarts/AWS/README.md b/platformQuickStarts/AWS/README.md deleted file mode 100644 index 762bdda12..000000000 --- a/platformQuickStarts/AWS/README.md +++ /dev/null @@ -1,31 +0,0 @@ -# AWS - -- This contains the various platform Quick Starts for Getting WebGoat Deployed into AWS. -- This IaaS quickstart uses AWS CloudFormation to perform most of the provisioning -- This IaaS quickstart is composed of three independent bundles - - Code pipeline and Build - - Deploying to EC2 - - Deploying to ECS - - -It is Assumed: -- You have an AWS Account -- You know what an S3 bucket is -- You have seen the IAM console and have permissions to create IAM Roles - - - - -## Code Pipeline and Build - -This Quickstart is for those that just want to perform builds with AWS. It Triggers off of Github to perform builds of `webgoat-server` - - - -## EC2 - -(WIP) This uses AWS CodePipeline, CodeBuild, and CodeDeploy to land WebGoat to Running EC2 instances - -## ECS - -(WIP) This uses AWS CodePipeline, CodeBuild, ECR, to land a container onto an ECS cluster \ No newline at end of file diff --git a/platformQuickStarts/AWS/codepipelinebuild/01_IAM_codebuild.json b/platformQuickStarts/AWS/codepipelinebuild/01_IAM_codebuild.json deleted file mode 100644 index 2fbf17f5a..000000000 --- a/platformQuickStarts/AWS/codepipelinebuild/01_IAM_codebuild.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "IAM Roles for Code Build WebGoat IaaS Quickstart", - "Parameters": { - "qsS3BucketName": { - "Description": "Name of the S3 Bucket for artifacts", - "Type": "String", - "MinLength": "1" - }, - "qsRoleName": { - "Description": "Name of the IAM role that CodeBuild Will Use", - "Type": "String", - "Default": "SimpleCodeBuildRole", - "MinLength": "1" - } - }, - "Resources": { - "qsCodeBuildRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - "codebuild.amazonaws.com" - ] - }, - "Action": [ - "sts:AssumeRole" - ] - } - ] - }, - "Path": "/webgoat/", - "RoleName": { - "Ref": "qsRoleName" - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess", - "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess", - "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess" - ], - "Policies": [ - { - "PolicyName": "CloudWatchLogs", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Resource": [ - {"Fn::Join": [ "",["arn:aws:logs:*:", { "Ref": "AWS::AccountId" }, ":log-group:/aws/codebuild*" ] ]} - ], - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ] - } - ] - } - }, - { - "PolicyName": "S3buckets", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:aws:s3:::", - { - "Ref": "qsS3BucketName" - }, - "*" - ] - ] - }, - "arn:aws:s3:::codepipeline-*" - ], - "Action": [ - "s3:Put*", - "s3:Get*", - "s3:List*" - ] - } - ] - } - } - ] - } - } - } -} diff --git a/platformQuickStarts/AWS/codepipelinebuild/01_IAM_codepipeline.json b/platformQuickStarts/AWS/codepipelinebuild/01_IAM_codepipeline.json deleted file mode 100644 index 58fd9f1f4..000000000 --- a/platformQuickStarts/AWS/codepipelinebuild/01_IAM_codepipeline.json +++ /dev/null @@ -1,127 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "IAM Role for Code Pipeline WebGoat IaaS Quickstart", - "Parameters": { - "qsS3BucketName": { - "Description": "Name of the S3 Bucket for artifacts", - "Type": "String", - "MinLength": "1" - }, - "qsRoleName": { - "Description": "Name of the IAM role that CodePipeline Will Use", - "Type": "String", - "Default": "SimpleCodePipelineRole", - "MinLength": "1" - } - }, - "Resources": { - "qsCodePipelineRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "", - "Effect": "Allow", - "Principal": { - "Service": "codepipeline.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "Path": "/webgoat/", - "RoleName": { - "Ref": "qsRoleName" - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess", - "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess", - "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess" - ], - "Policies": [ - { - "PolicyName": "CloudWatchLogsPipeline", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Resource": [ - {"Fn::Join": [ "",["arn:aws:logs:*:", { "Ref": "AWS::AccountId" }, ":log-group:/aws/*" ] ]} - ], - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ] - } - ] - } - }, - { - "PolicyName": "MiscComputeOpen", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Resource": "*", - "Action": [ - "lambda:InvokeFunction", - "lambda:ListFunctions", - "elasticbeanstalk:*", - "ec2:*", - "elasticloadbalancing:*", - "autoscaling:*", - "cloudwatch:*", - "s3:*", - "sns:*", - "cloudformation:*", - "rds:*", - "sqs:*", - "ecs:*", - "iam:PassRole" - ] - } - ] - } - }, - { - "PolicyName": "S3buckets", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:aws:s3:::", - { - "Ref": "qsS3BucketName" - }, - "*" - ] - ] - }, - "arn:aws:s3:::codepipeline-*", - "arn:aws:s3:::elasticbeanstalk*" - ], - "Action": [ - "s3:Put*", - "s3:Get*", - "s3:List*" - ] - } - ] - } - } - ] - } - } - } -} diff --git a/platformQuickStarts/AWS/codepipelinebuild/01_codepiplinebuild.yml b/platformQuickStarts/AWS/codepipelinebuild/01_codepiplinebuild.yml deleted file mode 100644 index 8aac7af2a..000000000 --- a/platformQuickStarts/AWS/codepipelinebuild/01_codepiplinebuild.yml +++ /dev/null @@ -1,123 +0,0 @@ -AWSTemplateFormatVersion: "2010-09-09" - -Description: > - AWS Cloud Formation for creating an AWS CodePipeline that checks a git repo for changes and then performs a build using code build - - -Parameters: - qsPipelineName: - Description: The name of the AWS Code Pipeline - Type: String - Default: WG-pipeline - MinLength: 1 - qsPipelineRoleARN: - Description: The complete ARN to the IAM role that code pipeline should use - Type: String - MinLength: 1 - qsCodeRepo: - Description: The Repository - Type: String - MinLength: 1 - qsRepoBranch: - Description: The Branch in the Repository - Type: String - MinLength: 1 - qsGitHubUser: - Description: The GitHub User Id - Type: String - MinLength: 1 - qsGitHubAPIToken: - Description: The GitHub Personal Access token do not use password - NoEcho: true - Type: String - MinLength: 1 - qsS3PipelineArtifacts: - Description: Where Code Pipeline will state artifacts in S3 - Type: String - MinLength: 1 - qsS3CodeBuildArtifacts: - Description: Where Code Build will upload Artifacts can be same as codepipeline - Type: String - MinLength: 1 - qsCodeBuildName: - Description: Name of the AWS Code Build - Type: String - Default: WG-mvnBuilder - MinLength: 1 - qsKMSKeyARN: - Description: The KMS ARN that the IAM Role is allowed to use - Type: String - MinLength: 1 - qsCodeRoleArn: - Description: The IAM Role ARN for CodePipeline and CodeDeploy - Type: String - MinLength: 1 - - - -Resources: - - - - - stkcbrCodeBuild: - Type: AWS::CodeBuild::Project - Properties: - Artifacts: - Type: CODEPIPELINE - Description: Builds WebGoat Jar using build file in repo - EncryptionKey: !Ref 'qsKMSKeyARN' - Environment: - ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/java:openjdk-8 - Type: LINUX_CONTAINER - Name: !Ref 'qsCodeBuildName' - ServiceRole: !Ref 'qsCodeRoleArn' - TimeoutInMinutes: 10 - Source: - Type: CODEPIPELINE - - - - stkcplPipeline: - Type: AWS::CodePipeline::Pipeline - Properties: - Name: !Ref 'qsPipelineName' - RoleArn: !Ref 'qsPipelineRoleARN' - ArtifactStore: - Location: !Ref 'qsS3PipelineArtifacts' - Type: S3 - Stages: - - Name: CodeRepo - Actions: - - Name: CodeSource - ActionTypeId: - Category: Source - Owner: ThirdParty - Provider: GitHub - Version: 1 - Configuration: - Branch: !Ref 'qsRepoBranch' - Repo: !Ref 'qsCodeRepo' - Owner: !Ref 'qsGitHubUser' - OAuthToken: !Ref 'qsGitHubAPIToken' - OutputArtifacts: - - Name: MySource - RunOrder: '1' - - Name: Build - Actions: - - Name: CodeBuild - ActionTypeId: - Category: Build - Owner: AWS - Provider: CodeBuild - Version: 1 - InputArtifacts: - - Name: MySource - Configuration: - ProjectName: !Ref stkcbrCodeBuild - OutputArtifacts: - - Name: MyBuild - RunOrder: '2' - - diff --git a/platformQuickStarts/AWS/codepipelinebuild/README.md b/platformQuickStarts/AWS/codepipelinebuild/README.md deleted file mode 100644 index e8aea2d06..000000000 --- a/platformQuickStarts/AWS/codepipelinebuild/README.md +++ /dev/null @@ -1,64 +0,0 @@ -# Serverless MVN builds Featuring AWS - -This Quick Start forms the basis for the other AWS quickstarts. This only BUILDS the `webgoat-server` spring boot jar. If you want to also run it on AWS skip to the other AWS quickstarts - -Before you Begin -1. Do you have an AWS Account? -2. Can you create an S3 Bucket? -3. Can you create a KMS Key? -4. Do you know what Cloud Formation is? -5. Do you have enough permissions to do any real work in said AWS Account? - -If you said no to any of those...hop over to [docs](https://aws.amazon.com/documentation/) and learn (but don't do) how to create those. - - -You will also need: -1. A GitHub Account -2. Fork of WebGoat -3. Personal access Token with `Admin:repo_hook` and `repo` - - - -## Create Pre-requisites - -First pick an AWS region and stick with it for ALL the quickstarts. This one was mostly executed on US-east-1/2 but any region with KMS, CodePipeline, and CodeBuild will work. eu-Central-1, ap-southeast-1 and sa-east-1 have reported success also. - - -1. Create an S3 bucket and call it something meaningfull like `webgoat-stash-username` or something or use an existing bucket you have access to. -2. Create a KMS Key. Make sure you are a key administrator so you can add key users later. - -## Deploy IAM role Cloud Formation Stacks - -In this folder there are two json cloudformation templates: --`01_IAM_codebuild.json` --`01_IAM_codepipeline.json` - -You will use the CloudFormation templates to create two roles. One for CodePipeline and the Other for CodeBuild. You will use the name of the bucket you just created as a parameter. - -## Update KMS Key - -Access the KMS key you created earlier...add the two IAM roles you just created and Key Users - -## Finally the Pipeline - -You will use the yaml cloudformation template `01_codepiplinebuild.yml` to create the code building pipeline. - -Some of the parameters you will need to pass: -1. The S3 bucket (twice) -2. The Github Branch name (master? develop? yourbranchname?) -3. The Github user (if you forked it would be your username) -4. You personal access token for GitHub -5. The name or the repo (WebGoat! ...unless you renamed and did a whole bunch of fancy git magic) -6. The ARN of the KMS key -7. The ARN of the role for the codebuild for parameter qsCodeRoleArn -8. The ARN for codepipeline - -If this Stack successfully deploys a build will begin based on the latest commit automatically. You will have a funky named zip file (without the .zip ending) in a folder in the S3 bucket in a few minutes. - - - -Congratulations. You just Deployed a two step AWS Codepipeline that looks for codechanges and then performs a build. - -... ON to the next AWS Quickstart - - diff --git a/platformQuickStarts/GCP/GKE-Docker/README.md b/platformQuickStarts/GCP/GKE-Docker/README.md deleted file mode 100644 index 7b18993c1..000000000 --- a/platformQuickStarts/GCP/GKE-Docker/README.md +++ /dev/null @@ -1,80 +0,0 @@ -# GKE - DockerHub - -This Quickstart shows how to create a Kubernettes Cluster using Google Cloud Platform's [GKE](https://cloud.google.com/container-engine/) and WebGoat's Docker [Image](https://hub.docker.com/r/webgoat/webgoat-8.0/). - -To be Successfull with this Quickstart - -1. You have a Google Cloud Platform account and have enough access rights to create Compute Engine and Container Engine Resources -2. You know how to `git clone` -3. You have the gcloud SDK install and initialized somewhere ( do not use the google cloud shell) - - -Remeber to perform a 'gcloud auth login' before using the gcloud commands below. - - - -## Create Kubernettes Cluster - -You can create a cluster using the Google Cloud Console. The Default settings will suffice. For this QuickStart the cluster name used is `owaspbasiccluster`. The `PROJECTNAME` is whatever your project is. The `REGION` is a region/zone near you. - -If you want to use the gcloud sdk from a properly initialized gcloud commandline environment use the following command - - -``` -gcloud container --project "PROJECTNAME" clusters create "owaspbasiccluster" --zone "REGION" --machine-type "n1-standard-1" --image-type "COS" --disk-size "100" --scopes "https://www.googleapis.com/auth/compute","https://www.googleapis.com/auth/devstorage.read_only","https://www.googleapis.com/auth/logging.write","https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/servicecontrol","https://www.googleapis.com/auth/service.management.readonly","https://www.googleapis.com/auth/trace.append","https://www.googleapis.com/auth/source.read_only" --num-nodes "3" --network "default" --enable-cloud-logging --no-enable-cloud-monitoring - - -``` - -The command creates a similar cluster with more of the options set explicitly. - -## Set up Kubectl - -Using the commandline gcloud SDK environment you need to set-up 'kubectl' - -If you have not already installed 'Kubectl' you can do so with the following command using `gcloud` -- `gcloud components install kubectl` - -Then you just run: -- `gcloud container clusters get-credentials owaspbasiccluster --zone REGION --project PROJECTNAME` - - -## Deploy WebGoat Deployment - -Time to deploy the latest DockerImage for WebGoat! - - -Let's First Make a namespace for this: -- `kubectl create namespace webgoat` - -Now it is time to make the magic happen! - -- `kubectl create -f /where_you_git_cloned_webgoat/platformQuickStart/GCP/GKE-Docker/webgoat_noDNSnoTLS.yml` - -This should complete with no errors. - -Use the following command to see information/status about the deployment -- `kubectl describe deployment webgoat-dpl --namespace=webgoat` - -After a few minutes the service endpoint should be ready. You can check the status with -- `kubectl describe service webgoatsvc --namespace=webgoat` - -In the output you should see a message like "Created load..." after a "Creating load..." which means that the public facing loadbalancer (even thou there is just one container running!) is ready. - - -If you want to see the Kubernetes dashboard you can run `kubectl proxy` (in a new terminal window) and then navigate to http://localhost:8001/ui . - - - -## Test Deployment - -From the previous `describe service` command the `LoadBalancer Ingress:` line should have the external IP. The line below should give the port. - -So..... - -[IP]:[PORT]/WebGoat in your browser! - -DONE - - - diff --git a/platformQuickStarts/GCP/GKE-Docker/deploy.cfg b/platformQuickStarts/GCP/GKE-Docker/deploy.cfg deleted file mode 100644 index 460110cc2..000000000 --- a/platformQuickStarts/GCP/GKE-Docker/deploy.cfg +++ /dev/null @@ -1,4 +0,0 @@ -CURTAG=webgoat/webgoat-8.0 -DEST_TAG=gcr.io/astech-training/raging-wire-webgoat -CLUSTER_NAME=raging-wire-webgoat -PORT_NUM=8080 \ No newline at end of file diff --git a/platformQuickStarts/GCP/GKE-Docker/gke-deploy-config.sh b/platformQuickStarts/GCP/GKE-Docker/gke-deploy-config.sh deleted file mode 100644 index 87a076730..000000000 --- a/platformQuickStarts/GCP/GKE-Docker/gke-deploy-config.sh +++ /dev/null @@ -1,4 +0,0 @@ -CURTAG=webgoat/webgoat-8.0 -DEST_TAG=gcr.io/your-gke-project/your-webgoat-tag -CLUSTER_NAME=your-cluster-name -PORT_NUM=8080 \ No newline at end of file diff --git a/platformQuickStarts/GCP/GKE-Docker/webgoat_deployment_noDNSnoTLS.yml b/platformQuickStarts/GCP/GKE-Docker/webgoat_deployment_noDNSnoTLS.yml deleted file mode 100644 index 228cf29ef..000000000 --- a/platformQuickStarts/GCP/GKE-Docker/webgoat_deployment_noDNSnoTLS.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: webgoatapp - name: webgoatsvc - namespace: webgoat -spec: - ports: - - - port: 8080 - protocol: TCP - selector: - app: webgoatapp - type: LoadBalancer ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: webgoat-dpl - namespace: webgoat -spec: - replicas: 1 - template: - metadata: - name: webgoatapp - labels: - app: webgoatapp - spec: - containers: - - - image: webgoat/webgoat-8.0 - name: webgoat - ports: - - - containerPort: 8080 - - \ No newline at end of file diff --git a/platformQuickStarts/GCP/README.md b/platformQuickStarts/GCP/README.md deleted file mode 100644 index 1c4eb30cb..000000000 --- a/platformQuickStarts/GCP/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# WebGoat on GCP! - -This folder contains sub folders for the various ways you could deploy WebGoat on Google Cloud Platform - -It is assumed: -1. You have a Google Cloud Platform Account -2. You can use Git -3. You can use a Linux/Mac/Google Cloud Shell - - -## GKE Docker - -Uses GKE to run the latest DockerHub version of WebGoat8 - -## AppEngine - -WIP \ No newline at end of file diff --git a/platformQuickStarts/README.md b/platformQuickStarts/README.md deleted file mode 100644 index f647f3273..000000000 --- a/platformQuickStarts/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# OWASP WebGoat Platform Quick Starts - -Want to Run WebGoat? Want to run WebGoat in the Cloud? Don't want to be cloud Expert? - -Do we have a solution for you! - - -Additionally, Each IaaS/PaaS will have their deployment steps broken down giving the *app-guy-new-to-cloud* an opportunity to learn how said platform works. - - - -## AWS - -Multi-Part Quickstart. Starts with simple pipeline that just builds code to a deploying onto EC2 instances and then containers using ECS/ECR - -## GCP - -Get WebGoat Running on GKE and AppEngine - - - -