Consistent environment values and url references (#1677)

* organizing environment variables * Update application-webgoat.properties * Update pom.xml * test without ssl * fix docker base image and default env entries * seperate server.address from webgoat.host and webwolf.host * change base image and enable endpoint logging for docker as well * change README * change README * make integration test able to verify against alternative host names * use dynamic ports and remove system println
2023-11-27 14:35:49 +01:00
parent 62db86246e
commit 826887cc83
11 changed files with 90 additions and 85 deletions
--- a/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java
+++ b/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfMacro.java
@ -1,12 +1,9 @@
 package org.owasp.webgoat.container.asciidoc;

-import jakarta.servlet.http.HttpServletRequest;
 import java.util.HashMap;
 import java.util.Map;
 import org.asciidoctor.ast.ContentNode;
 import org.asciidoctor.extension.InlineMacroProcessor;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;

 /**
 * Usage in asciidoc:
@ -26,7 +23,7 @@ public class WebWolfMacro extends InlineMacroProcessor {
  @Override
  public Object process(ContentNode contentNode, String linkText, Map<String, Object> attributes) {
    var env = EnvironmentExposure.getEnv();
-    var hostname = determineHost(env.getProperty("webwolf.port"));
+    var hostname = env.getProperty("webwolf.url");
    var target = (String) attributes.getOrDefault("target", "home");
    var href = hostname + "/" + target;

@ -45,29 +42,4 @@ public class WebWolfMacro extends InlineMacroProcessor {
  private boolean displayCompleteLinkNoFormatting(Map<String, Object> attributes) {
    return attributes.values().stream().anyMatch(a -> a.equals("noLink"));
  }
-
-  /**
-   * Determine the host from the hostname and ports that were used. The purpose is to make it
-   * possible to use the application behind a reverse proxy. For instance in the docker
-   * compose/stack version with webgoat webwolf and nginx proxy. You do not have to use the
-   * indicated hostname, but if you do, you should define two hosts aliases 127.0.0.1
-   * www.webgoat.local www.webwolf.local
-   */
-  private String determineHost(String port) {
-    HttpServletRequest request =
-        ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
-    String host = request.getHeader("Host");
-    int semicolonIndex = host.indexOf(":");
-    if (semicolonIndex == -1 || host.endsWith(":80")) {
-      host = host.replace(":80", "").replace("www.webgoat.local", "www.webwolf.local");
-    } else {
-      host = host.substring(0, semicolonIndex);
-      host = host.concat(":").concat(port);
-    }
-    return "http://" + host + (includeWebWolfContext() ? "/WebWolf" : "");
-  }
-
-  protected boolean includeWebWolfContext() {
-    return true;
-  }
 }
--- a/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java
+++ b/src/main/java/org/owasp/webgoat/container/asciidoc/WebWolfRootMacro.java
@ -17,9 +17,4 @@ public class WebWolfRootMacro extends WebWolfMacro {
  public WebWolfRootMacro(String macroName, Map<String, Object> config) {
    super(macroName, config);
  }
-
-  @Override
-  protected boolean includeWebWolfContext() {
-    return false;
-  }
 }
--- a/src/main/java/org/owasp/webgoat/server/StartupMessage.java
+++ b/src/main/java/org/owasp/webgoat/server/StartupMessage.java
@ -17,6 +17,11 @@ public class StartupMessage {
  private String address;
  private String contextPath;

+  private String applicationName;
+
+  private static boolean useSSL =
+      Boolean.valueOf(System.getenv().getOrDefault("WEBGOAT_SSLENABLED", "true"));
+
  @EventListener
  void onStartup(ApplicationReadyEvent event) {

@ -24,9 +29,24 @@ public class StartupMessage {
    address = event.getApplicationContext().getEnvironment().getProperty("server.address");
    contextPath =
        event.getApplicationContext().getEnvironment().getProperty("server.servlet.context-path");
-    if (StringUtils.hasText(port)
-        && !StringUtils.hasText(System.getProperty("running.in.docker"))) {
-      log.warn("Please browse to http://{}:{}{} to get started...", address, port, contextPath);
+    applicationName =
+        event.getApplicationContext().getEnvironment().getProperty("spring.application.name");
+    if (StringUtils.hasText(applicationName)) {
+      if (applicationName.equals("WebGoat")) {
+        log.warn(
+            "Please browse to "
+                + (useSSL ? "https://" : "http://")
+                + "{}:{}{} to start using WebGoat...",
+            event.getApplicationContext().getEnvironment().getProperty("webgoat.host"),
+            port,
+            contextPath);
+      } else {
+        log.warn(
+            "Please browse to http://{}:{}{} to start using WebWolf...",
+            event.getApplicationContext().getEnvironment().getProperty("webwolf.host"),
+            port,
+            contextPath);
+      }
    }
  }