dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove platform dependent deployments

Browse Source 
They are part of the repository since 2017 they have never been updated and probably don't work anymore
This commit is contained in:
Nanne Baars 2021-04-03 13:49:55 +02:00 committed by Nanne Baars
parent d0f36f5227
commit 6ae9e44e84
12 changed files with 0 additions and 624 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
buildspec.yml
View File

@ -1,12 +0,0 @@
version: 0.1
phases:
build:
commands:
- mvn package
artifacts:
files:
- webgoat-server/target/webgoat-server-8.0-SNAPSHOT.jar
discard-paths: yes

31
platformQuickStarts/AWS/README.md
View File

@ -1,31 +0,0 @@
# AWS
- This contains the various platform Quick Starts for Getting WebGoat Deployed into AWS.
- This IaaS quickstart uses AWS CloudFormation to perform most of the provisioning
- This IaaS quickstart is composed of three independent bundles
- Code pipeline and Build
- Deploying to EC2
- Deploying to ECS
It is Assumed:
- You have an AWS Account
- You know what an S3 bucket is
- You have seen the IAM console and have permissions to create IAM Roles
## Code Pipeline and Build
This Quickstart is for those that just want to perform builds with AWS. It Triggers off of Github to perform builds of `webgoat-server`
## EC2
(WIP) This uses AWS CodePipeline, CodeBuild, and CodeDeploy to land WebGoat to Running EC2 instances
## ECS
(WIP) This uses AWS CodePipeline, CodeBuild, ECR, to land a container onto an ECS cluster

101
platformQuickStarts/AWS/codepipelinebuild/01_IAM_codebuild.json
View File

@ -1,101 +0,0 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "IAM Roles for Code Build WebGoat IaaS Quickstart",
"Parameters": {
"qsS3BucketName": {
"Description": "Name of the S3 Bucket for artifacts",
"Type": "String",
"MinLength": "1"
},
"qsRoleName": {
"Description": "Name of the IAM role that CodeBuild Will Use",
"Type": "String",
"Default": "SimpleCodeBuildRole",
"MinLength": "1"
}
},
"Resources": {
"qsCodeBuildRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"codebuild.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/webgoat/",
"RoleName": {
"Ref": "qsRoleName"
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AWSCodeCommitFullAccess",
"arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess",
"arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess"
],
"Policies": [
{
"PolicyName": "CloudWatchLogs",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
{"Fn::Join": [ "",["arn:aws:logs:*:", { "Ref": "AWS::AccountId" }, ":log-group:/aws/codebuild*" ] ]}
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
}
]
}
},
{
"PolicyName": "S3buckets",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "qsS3BucketName"
},
"*"
]
]
},
"arn:aws:s3:::codepipeline-*"
],
"Action": [
"s3:Put*",
"s3:Get*",
"s3:List*"
]
}
]
}
}
]
}
}
}
}

127
platformQuickStarts/AWS/codepipelinebuild/01_IAM_codepipeline.json
View File

@ -1,127 +0,0 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "IAM Role for Code Pipeline WebGoat IaaS Quickstart",
"Parameters": {
"qsS3BucketName": {
"Description": "Name of the S3 Bucket for artifacts",
"Type": "String",
"MinLength": "1"
},
"qsRoleName": {
"Description": "Name of the IAM role that CodePipeline Will Use",
"Type": "String",
"Default": "SimpleCodePipelineRole",
"MinLength": "1"
}
},
"Resources": {
"qsCodePipelineRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "codepipeline.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"Path": "/webgoat/",
"RoleName": {
"Ref": "qsRoleName"
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AWSCodeCommitFullAccess",
"arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess",
"arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess"
],
"Policies": [
{
"PolicyName": "CloudWatchLogsPipeline",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
{"Fn::Join": [ "",["arn:aws:logs:*:", { "Ref": "AWS::AccountId" }, ":log-group:/aws/*" ] ]}
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
}
]
}
},
{
"PolicyName": "MiscComputeOpen",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": "*",
"Action": [
"lambda:InvokeFunction",
"lambda:ListFunctions",
"elasticbeanstalk:*",
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*",
"cloudformation:*",
"rds:*",
"sqs:*",
"ecs:*",
"iam:PassRole"
]
}
]
}
},
{
"PolicyName": "S3buckets",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "qsS3BucketName"
},
"*"
]
]
},
"arn:aws:s3:::codepipeline-*",
"arn:aws:s3:::elasticbeanstalk*"
],
"Action": [
"s3:Put*",
"s3:Get*",
"s3:List*"
]
}
]
}
}
]
}
}
}
}

123
platformQuickStarts/AWS/codepipelinebuild/01_codepiplinebuild.yml
View File

@ -1,123 +0,0 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: >
AWS Cloud Formation for creating an AWS CodePipeline that checks a git repo for changes and then performs a build using code build
Parameters:
qsPipelineName:
Description: The name of the AWS Code Pipeline
Type: String
Default: WG-pipeline
MinLength: 1
qsPipelineRoleARN:
Description: The complete ARN to the IAM role that code pipeline should use
Type: String
MinLength: 1
qsCodeRepo:
Description: The Repository
Type: String
MinLength: 1
qsRepoBranch:
Description: The Branch in the Repository
Type: String
MinLength: 1
qsGitHubUser:
Description: The GitHub User Id
Type: String
MinLength: 1
qsGitHubAPIToken:
Description: The GitHub Personal Access token do not use password
NoEcho: true
Type: String
MinLength: 1
qsS3PipelineArtifacts:
Description: Where Code Pipeline will state artifacts in S3
Type: String
MinLength: 1
qsS3CodeBuildArtifacts:
Description: Where Code Build will upload Artifacts can be same as codepipeline
Type: String
MinLength: 1
qsCodeBuildName:
Description: Name of the AWS Code Build
Type: String
Default: WG-mvnBuilder
MinLength: 1
qsKMSKeyARN:
Description: The KMS ARN that the IAM Role is allowed to use
Type: String
MinLength: 1
qsCodeRoleArn:
Description: The IAM Role ARN for CodePipeline and CodeDeploy
Type: String
MinLength: 1
Resources:
stkcbrCodeBuild:
Type: AWS::CodeBuild::Project
Properties:
Artifacts:
Type: CODEPIPELINE
Description: Builds WebGoat Jar using build file in repo
EncryptionKey: !Ref 'qsKMSKeyARN'
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/java:openjdk-8
Type: LINUX_CONTAINER
Name: !Ref 'qsCodeBuildName'
ServiceRole: !Ref 'qsCodeRoleArn'
TimeoutInMinutes: 10
Source:
Type: CODEPIPELINE
stkcplPipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Name: !Ref 'qsPipelineName'
RoleArn: !Ref 'qsPipelineRoleARN'
ArtifactStore:
Location: !Ref 'qsS3PipelineArtifacts'
Type: S3
Stages:
- Name: CodeRepo
Actions:
- Name: CodeSource
ActionTypeId:
Category: Source
Owner: ThirdParty
Provider: GitHub
Version: 1
Configuration:
Branch: !Ref 'qsRepoBranch'
Repo: !Ref 'qsCodeRepo'
Owner: !Ref 'qsGitHubUser'
OAuthToken: !Ref 'qsGitHubAPIToken'
OutputArtifacts:
- Name: MySource
RunOrder: '1'
- Name: Build
Actions:
- Name: CodeBuild
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: 1
InputArtifacts:
- Name: MySource
Configuration:
ProjectName: !Ref stkcbrCodeBuild
OutputArtifacts:
- Name: MyBuild
RunOrder: '2'

64
platformQuickStarts/AWS/codepipelinebuild/README.md
View File

@ -1,64 +0,0 @@
# Serverless MVN builds Featuring AWS
This Quick Start forms the basis for the other AWS quickstarts. This only BUILDS the `webgoat-server` spring boot jar. If you want to also run it on AWS skip to the other AWS quickstarts
Before you Begin
1. Do you have an AWS Account?
2. Can you create an S3 Bucket?
3. Can you create a KMS Key?
4. Do you know what Cloud Formation is?
5. Do you have enough permissions to do any real work in said AWS Account?
If you said no to any of those...hop over to [docs](https://aws.amazon.com/documentation/) and learn (but don't do) how to create those.
You will also need:
1. A GitHub Account
2. Fork of WebGoat
3. Personal access Token with `Admin:repo_hook` and `repo`
## Create Pre-requisites
First pick an AWS region and stick with it for ALL the quickstarts. This one was mostly executed on US-east-1/2 but any region with KMS, CodePipeline, and CodeBuild will work. eu-Central-1, ap-southeast-1 and sa-east-1 have reported success also.
1. Create an S3 bucket and call it something meaningfull like `webgoat-stash-username` or something or use an existing bucket you have access to.
2. Create a KMS Key. Make sure you are a key administrator so you can add key users later.
## Deploy IAM role Cloud Formation Stacks
In this folder there are two json cloudformation templates:
-`01_IAM_codebuild.json`
-`01_IAM_codepipeline.json`
You will use the CloudFormation templates to create two roles. One for CodePipeline and the Other for CodeBuild. You will use the name of the bucket you just created as a parameter.
## Update KMS Key
Access the KMS key you created earlier...add the two IAM roles you just created and Key Users
## Finally the Pipeline
You will use the yaml cloudformation template `01_codepiplinebuild.yml` to create the code building pipeline.
Some of the parameters you will need to pass:
1. The S3 bucket (twice)
2. The Github Branch name (master? develop? yourbranchname?)
3. The Github user (if you forked it would be your username)
4. You personal access token for GitHub
5. The name or the repo (WebGoat! ...unless you renamed and did a whole bunch of fancy git magic)
6. The ARN of the KMS key
7. The ARN of the role for the codebuild for parameter qsCodeRoleArn
8. The ARN for codepipeline
If this Stack successfully deploys a build will begin based on the latest commit automatically. You will have a funky named zip file (without the .zip ending) in a folder in the S3 bucket in a few minutes.
Congratulations. You just Deployed a two step AWS Codepipeline that looks for codechanges and then performs a build.
... ON to the next AWS Quickstart

80
platformQuickStarts/GCP/GKE-Docker/README.md
View File

@ -1,80 +0,0 @@
# GKE - DockerHub
This Quickstart shows how to create a Kubernettes Cluster using Google Cloud Platform's [GKE](https://cloud.google.com/container-engine/) and WebGoat's Docker [Image](https://hub.docker.com/r/webgoat/webgoat-8.0/).
To be Successfull with this Quickstart
1. You have a Google Cloud Platform account and have enough access rights to create Compute Engine and Container Engine Resources
2. You know how to `git clone`
3. You have the gcloud SDK install and initialized somewhere ( do not use the google cloud shell)
Remeber to perform a 'gcloud auth login' before using the gcloud commands below.
## Create Kubernettes Cluster
You can create a cluster using the Google Cloud Console. The Default settings will suffice. For this QuickStart the cluster name used is `owaspbasiccluster`. The `PROJECTNAME` is whatever your project is. The `REGION` is a region/zone near you.
If you want to use the gcloud sdk from a properly initialized gcloud commandline environment use the following command
```
gcloud container --project "PROJECTNAME" clusters create "owaspbasiccluster" --zone "REGION" --machine-type "n1-standard-1" --image-type "COS" --disk-size "100" --scopes "https://www.googleapis.com/auth/compute","https://www.googleapis.com/auth/devstorage.read_only","https://www.googleapis.com/auth/logging.write","https://www.googleapis.com/auth/cloud-platform","https://www.googleapis.com/auth/servicecontrol","https://www.googleapis.com/auth/service.management.readonly","https://www.googleapis.com/auth/trace.append","https://www.googleapis.com/auth/source.read_only" --num-nodes "3" --network "default" --enable-cloud-logging --no-enable-cloud-monitoring
```
The command creates a similar cluster with more of the options set explicitly.
## Set up Kubectl
Using the commandline gcloud SDK environment you need to set-up 'kubectl'
If you have not already installed 'Kubectl' you can do so with the following command using `gcloud`
- `gcloud components install kubectl`
Then you just run:
- `gcloud container clusters get-credentials owaspbasiccluster --zone REGION --project PROJECTNAME`
## Deploy WebGoat Deployment
Time to deploy the latest DockerImage for WebGoat!
Let's First Make a namespace for this:
- `kubectl create namespace webgoat`
Now it is time to make the magic happen!
- `kubectl create -f /where_you_git_cloned_webgoat/platformQuickStart/GCP/GKE-Docker/webgoat_noDNSnoTLS.yml`
This should complete with no errors.
Use the following command to see information/status about the deployment
- `kubectl describe deployment webgoat-dpl --namespace=webgoat`
After a few minutes the service endpoint should be ready. You can check the status with
- `kubectl describe service webgoatsvc --namespace=webgoat`
In the output you should see a message like "Created load..." after a "Creating load..." which means that the public facing loadbalancer (even thou there is just one container running!) is ready.
If you want to see the Kubernetes dashboard you can run `kubectl proxy` (in a new terminal window) and then navigate to http://localhost:8001/ui .
## Test Deployment
From the previous `describe service` command the `LoadBalancer Ingress:` line should have the external IP. The line below should give the port.
So.....
[IP]:[PORT]/WebGoat in your browser!
DONE

4
platformQuickStarts/GCP/GKE-Docker/deploy.cfg
View File

@ -1,4 +0,0 @@
CURTAG=webgoat/webgoat-8.0
DEST_TAG=gcr.io/astech-training/raging-wire-webgoat
CLUSTER_NAME=raging-wire-webgoat
PORT_NUM=8080

4
platformQuickStarts/GCP/GKE-Docker/gke-deploy-config.sh
View File

@ -1,4 +0,0 @@
CURTAG=webgoat/webgoat-8.0
DEST_TAG=gcr.io/your-gke-project/your-webgoat-tag
CLUSTER_NAME=your-cluster-name
PORT_NUM=8080

39
platformQuickStarts/GCP/GKE-Docker/webgoat_deployment_noDNSnoTLS.yml
View File

@ -1,39 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
app: webgoatapp
name: webgoatsvc
namespace: webgoat
spec:
ports:
-
port: 8080
protocol: TCP
selector:
app: webgoatapp
type: LoadBalancer
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: webgoat-dpl
namespace: webgoat
spec:
replicas: 1
template:
metadata:
name: webgoatapp
labels:
app: webgoatapp
spec:
containers:
-
image: webgoat/webgoat-8.0
name: webgoat
ports:
-
containerPort: 8080

17
platformQuickStarts/GCP/README.md
View File

@ -1,17 +0,0 @@
# WebGoat on GCP!
This folder contains sub folders for the various ways you could deploy WebGoat on Google Cloud Platform
It is assumed:
1. You have a Google Cloud Platform Account
2. You can use Git
3. You can use a Linux/Mac/Google Cloud Shell
## GKE Docker
Uses GKE to run the latest DockerHub version of WebGoat8
## AppEngine
WIP

22
platformQuickStarts/README.md
View File

@ -1,22 +0,0 @@
# OWASP WebGoat Platform Quick Starts
Want to Run WebGoat? Want to run WebGoat in the Cloud? Don't want to be cloud Expert?
Do we have a solution for you!
Additionally, Each IaaS/PaaS will have their deployment steps broken down giving the *app-guy-new-to-cloud* an opportunity to learn how said platform works.
## AWS
Multi-Part Quickstart. Starts with simple pipeline that just builds code to a deploying onto EC2 instances and then containers using ECS/ECR
## GCP
Get WebGoat Running on GKE and AppEngine