From 8729d9bfcf87959cdab7b728af21e10fac9e6c6e Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Thu, 2 Nov 2017 12:42:19 +0100
Subject: [PATCH] Fixed minor issues for properties and starting WebGoat

---
 .travis.yml                                           |  1 +
 README.MD                                             |  2 +-
 .../src/main/resources/application.properties         | 11 +++++------
 webgoat-lessons/sol.txt                               |  1 +
 webwolf/Dockerfile                                    | 11 ++++++++---
 webwolf/src/main/resources/application.properties     |  5 +----
 webwolf/src/main/resources/templates/requests.html    |  2 +-
 7 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 73f1cc778..3667101a9 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -35,6 +35,7 @@ deploy:
       branch: develop
   - provider: releases
     skip_cleanup: true
+    overwrite: true
     api_key:
       #api-key from webgoat-github user
       secure: pJOLBnl6427PcVg/tVy/qB18JC7b8cKpffau+IP0pjdSt7KUfBdBY3QuJ7mrM65zRoVILzggLckaew2PlRmYQRdumyWlyRn44XiJ9KO4n6Bsufbz+ictB4ggtozpp9+I9IIUh1TmqypL9lhkX2ONM9dSHmyblYpAAgMuYSK8FYc=
diff --git a/README.MD b/README.MD
index a685b0dbb..e0080a860 100644
--- a/README.MD
+++ b/README.MD
@@ -65,7 +65,7 @@ _Please note: this version may not be completely in sync with the develop branch
 Download the latest WebWolf release from [https://github.com/WebGoat/WebGoat/releases](https://github.com/WebGoat/WebGoat/releases)
 
 ```Shell
-java -jar webwolf-<<version>>.jar
+java -jar webgoat-server-<<version>>.jar
 ```
 
 
diff --git a/webgoat-container/src/main/resources/application.properties b/webgoat-container/src/main/resources/application.properties
index 8362f4290..f2173effd 100644
--- a/webgoat-container/src/main/resources/application.properties
+++ b/webgoat-container/src/main/resources/application.properties
@@ -30,16 +30,15 @@ webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
 webgoat.default.language=en
 webgoat.embedded.mongo=${WG_INTERNAL_MONGO:true}
 
-webwolf.port=8081
-webwolf.url=http://localhost:${webwolf.port}/WebWolf
-webworf.url.landingpage=http://localhost:${webwolf.port}/landing
-webworf.url.mail=http://localhost:${webwolf.port}/mail
+webwolf.host=${WEBWOLF_HOST:localhost}
+webwolf.port=${WEBWOLF_PORT:8081}
+webwolf.url=http://${webwolf.host}:${webwolf.port}/WebWolf
+webworf.url.landingpage=http://${webwolf.host}:${webwolf.port}/landing
+webworf.url.mail=http://${webwolf.host}:${webwolf.port}/mail
 
 spring.jackson.serialization.indent_output=true
 spring.jackson.serialization.write-dates-as-timestamps=false
 
-spring.activemq.brokerUrl=tcp://${WG_MQ_HOST:localhost}:${WG_MQ_PORT:61616}
-
 spring.data.mongodb.host=${WG_MONGO_HOST:localhost}
 spring.data.mongodb.port=${WG_MONGO_PORT:27017}
 spring.data.mongodb.database=webgoat
diff --git a/webgoat-lessons/sol.txt b/webgoat-lessons/sol.txt
index 0d549b92b..9abd8bbb8 100644
--- a/webgoat-lessons/sol.txt
+++ b/webgoat-lessons/sol.txt
@@ -11,6 +11,7 @@ bender@juice-sh.op' --
 101 or 1=1
 
 Smith' union select userid,user_name, password,cookie,cookie, cookie,userid from user_system_data --
+Smith' union select all 1, '2' ,user_name,password, 'MC', cookie, 2 from user_system_data --
 
 ## XXE ##
 
diff --git a/webwolf/Dockerfile b/webwolf/Dockerfile
index 179221723..162fe5a2c 100644
--- a/webwolf/Dockerfile
+++ b/webwolf/Dockerfile
@@ -1,8 +1,13 @@
 FROM openjdk:8-jre-slim
 
+ARG webwolf_version=8.0-SNAPSHOT
+
 RUN useradd --home-dir /home/webwolf --create-home -U webwolf
 
+RUN apt-get update; apt-get install curl -y
+
+COPY start.sh /home/webwolf/start.sh
+RUN chmod +x /home/webwolf/start.sh
+
 USER webwolf
-RUN cd /home/webwolf/
-COPY target/webwolf-8.0-SNAPSHOT.jar /home/webwolf/webwolf.jar
-COPY start.sh /home/webwolf/start.sh
\ No newline at end of file
+COPY target/webwolf-${webwolf_version}.jar /home/webwolf/webwolf.jar
diff --git a/webwolf/src/main/resources/application.properties b/webwolf/src/main/resources/application.properties
index 038452b38..73c6d74c0 100644
--- a/webwolf/src/main/resources/application.properties
+++ b/webwolf/src/main/resources/application.properties
@@ -28,15 +28,12 @@ multipart.max-request-size=1Mb
 webwolf.fileserver.location=${java.io.tmpdir}/webwolf-fileserver
 
 
-spring.data.mongodb.host=${WG_MONGO_HOST:localhost}
+spring.data.mongodb.host=${WG_MONGO_HOST:}
 spring.data.mongodb.port=${WG_MONGO_PORT:27017}
 spring.data.mongodb.database=webgoat
 
 spring.jackson.serialization.indent_output=true
 spring.jackson.serialization.write-dates-as-timestamps=false
 
-spring.activemq.broker-url=tcp://${WG_MQ_HOST:localhost}:${WG_MQ_PORT:61616}
-spring.activemq.in-memory=true
-
 #For static file refresh ... and faster dev :D
 spring.devtools.restart.additional-paths=webwolf/src/main/resources/static/
diff --git a/webwolf/src/main/resources/templates/requests.html b/webwolf/src/main/resources/templates/requests.html
index 15c035d40..2b982f88b 100644
--- a/webwolf/src/main/resources/templates/requests.html
+++ b/webwolf/src/main/resources/templates/requests.html
@@ -18,7 +18,7 @@
         <p>
             Challenges in which you need to call your hacker machine WebWolf offers a simple httpd
             server functionality which only logs the incoming request. You can use the following URL:
-            http://localhost:8081/ and the incoming request will be available below.
+            http://webwolf/landing/* and the incoming request will be available below.
         </p>
         <p>
             This is by no means a substitution of httpd but it offers enough functionality to callback to a safe