dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Users shared now between WebGoat and WebWolf by starting HSQLDB

Browse Source 
as standalone database
This commit is contained in:
Nanne Baars 2018-05-01 22:00:07 +02:00
parent 0e160c19f5
commit 6b4a488c8c
8 changed files with 63 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pom.xml
View File

@ -135,7 +135,7 @@
<gatling-plugin.version>2.2.4</gatling-plugin.version> <gatling-plugin.version>2.2.4</gatling-plugin.version>
<guava.version>18.0</guava.version> <guava.version>18.0</guava.version>
<h2.version>1.4.190</h2.version> <h2.version>1.4.190</h2.version>
<hsqldb.version>2.3.2</hsqldb.version> <hsqldb.version>2.3.4</hsqldb.version>
<j2h.version>1.3.1</j2h.version> <j2h.version>1.3.1</j2h.version>
<jackson-core.version>2.6.3</jackson-core.version> <jackson-core.version>2.6.3</jackson-core.version>
<jackson-databind.version>2.6.3</jackson-databind.version> <jackson-databind.version>2.6.3</jackson-databind.version>

5
webgoat-container/src/main/resources/application.properties
View File

@ -5,8 +5,10 @@ server.contextPath=/WebGoat
server.port=8080 server.port=8080
server.address=127.0.0.1 server.address=127.0.0.1
spring.datasource.url=jdbc:hsqldb:file:${webgoat.server.directory}/data/webgoat spring.datasource.url=jdbc:hsqldb:hsql://localhost:9001/webgoat
spring.jpa.hibernate.ddl-auto=update spring.jpa.hibernate.ddl-auto=update
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.HSQLDialect
spring.datasource.driver-class-name=org.hsqldb.jdbc.JDBCDriver
logging.level.org.springframework=WARN logging.level.org.springframework=WARN
@ -20,6 +22,7 @@ security.enable-csrf=false
spring.resources.cache-period=0 spring.resources.cache-period=0
spring.thymeleaf.cache=false spring.thymeleaf.cache=false
webgoat.start.hsqldb=true
webgoat.clean=false webgoat.clean=false
webgoat.server.directory=${user.home}/.webgoat-${webgoat.build.version}/ webgoat.server.directory=${user.home}/.webgoat-${webgoat.build.version}/
webgoat.user.directory=${user.home}/.webgoat-${webgoat.build.version}/ webgoat.user.directory=${user.home}/.webgoat-${webgoat.build.version}/

5
webgoat-server/Dockerfile
View File

@ -4,12 +4,11 @@ ARG webgoat_version=8.0-SNAPSHOT
RUN \ RUN \
apt-get update && apt-get install && \ apt-get update && apt-get install && \
useradd --home-dir /home/webgoat --create-home -U webgoat && \ useradd --home-dir /home/webgoat --create-home -U webgoat
cd /home/webgoat/; mkdir -p .webgoat
USER webgoat USER webgoat
RUN cd /home/webgoat/; mkdir -p .webgoat-${webgoat_version}
COPY target/webgoat-server-${webgoat_version}.jar /home/webgoat/webgoat.jar COPY target/webgoat-server-${webgoat_version}.jar /home/webgoat/webgoat.jar
ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/home/webgoat/webgoat.jar", "--server.address=0.0.0.0"] ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/home/webgoat/webgoat.jar", "--server.address=0.0.0.0"]
EXPOSE 8080 EXPOSE 8080

51
webgoat-server/src/main/java/org/owasp/webgoat/HSQLDBDatabaseConfig.java Normal file
View File

@ -0,0 +1,51 @@
package org.owasp.webgoat;
import org.hsqldb.server.Server;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.jdbc.DataSourceBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.context.annotation.Primary;
import javax.sql.DataSource;
/**
* Rationale for this class: when the HSQLDB is started with jdbc:file:// it is only accessible from within the same
* JVM. This can only be done if you start a standalone HSQLDB. We need both WebWolf and WebGoat to use the same database
*/
@Configuration
@ConditionalOnProperty(prefix = "webgoat.start", name = "hsqldb", havingValue = "true")
public class HSQLDBDatabaseConfig {
@Value("${hsqldb.port:9001}")
private int hsqldbPort;
@Bean(initMethod = "start", destroyMethod = "stop")
public Server hsqlStandalone(@Value("${webgoat.server.directory}") String directory,
@Value("${hsqldb.silent:true}") boolean silent,
@Value("${hsqldb.trace:false}") boolean trace) {
Server server = new Server();
server.setDatabaseName(0, "webgoat");
server.setDatabasePath(0, directory + "/data/webgoat");
server.setDaemon(true);
server.setTrace(trace);
server.setSilent(silent);
server.setPort(hsqldbPort);
return server;
}
@Primary
@Bean
@DependsOn("hsqlStandalone")
public DataSource dataSource(@Value("${spring.datasource.driver-class-name}") String driverClass,
@Value("${spring.datasource.url}") String url) {
return DataSourceBuilder.create()
.driverClassName(driverClass)
.url(url)
.build();
}
}

3
webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java
View File

@ -37,7 +37,4 @@ public class StartWebGoat {
public static void main(String[] args) { public static void main(String[] args) {
SpringApplication.run(WebGoat.class, args); SpringApplication.run(WebGoat.class, args);
} }
} }

3
webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxController.java
View File

@ -8,6 +8,7 @@ import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestBody;
@ -30,7 +31,7 @@ public class MailboxController {
@GetMapping(value = "/WebWolf/mail") @GetMapping(value = "/WebWolf/mail")
public ModelAndView mail() { public ModelAndView mail() {
User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); UserDetails user = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
ModelAndView modelAndView = new ModelAndView(); ModelAndView modelAndView = new ModelAndView();
List<Email> emails = mailboxRepository.findByRecipientOrderByTimeDesc(user.getUsername()); List<Email> emails = mailboxRepository.findByRecipientOrderByTimeDesc(user.getUsername());
if (emails != null && !emails.isEmpty()) { if (emails != null && !emails.isEmpty()) {

3
webwolf/src/main/resources/application.properties
View File

@ -6,7 +6,8 @@ server.port=8081
server.address=127.0.0.1 server.address=127.0.0.1
server.session.cookie.name = WEBWOLFSESSION server.session.cookie.name = WEBWOLFSESSION
spring.datasource.url=jdbc:hsqldb:file:${webgoat.server.directory}/data/webwolf spring.datasource.url=jdbc:hsqldb:hsql://localhost:9001/webgoat
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.HSQLDialect
spring.jpa.hibernate.ddl-auto=update spring.jpa.hibernate.ddl-auto=update
spring.messages.basename=i18n/messages spring.messages.basename=i18n/messages

2
webwolf/src/main/resources/templates/login.html
View File

@ -45,7 +45,7 @@
<div class="col-xs-6 col-sm-6 col-md-6"> <div class="col-xs-6 col-sm-6 col-md-6">
</div> </div>
</div> </div>
<div><b><a th:href="@{/registration}" th:text="#{register.new}"></a></b></div> <!--<div><b><a th:href="@{/registration}" th:text="#{register.new}"></a></b></div>-->
</fieldset> </fieldset>
</form> </form>
</div> </div>