From 89a717bbd279a9dfa032f317a4dbd58b78dea081 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Sun, 30 Oct 2016 15:13:32 +0100 Subject: [PATCH] Clean up and introduced Spring Dev tools to automatically reload classes. --- pom.xml | 9 ++ webgoat-container/pom.xml | 44 ++------ .../org/owasp/webgoat/MvcConfiguration.java | 2 +- .../main/java/org/owasp/webgoat/WebGoat.java | 28 +---- .../owasp/webgoat/plugins/LegacyLoader.java | 105 +++++++++--------- .../webgoat/plugins/LessonConfiguration.java | 36 ------ .../webgoat/plugins/LessonDescription.java | 55 --------- .../plugins/PluginEndpointPublisher.java | 62 +++++++++++ .../webgoat/plugins/PluginExtractor.java | 6 +- .../webgoat/plugins/PluginFileUtils.java | 2 + .../owasp/webgoat/plugins/PluginsLoader.java | 7 +- .../org/owasp/webgoat/session/WebSession.java | 12 +- .../src/main/resources/application.properties | 9 +- .../src/main/resources/log4j.properties | 48 -------- .../owasp/webgoat/util/LabelProviderTest.java | 13 --- .../src/test/resources/log4j.properties | 7 -- webgoat-lessons/pom.xml | 11 +- 17 files changed, 164 insertions(+), 292 deletions(-) delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonConfiguration.java delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonDescription.java create mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginEndpointPublisher.java delete mode 100644 webgoat-container/src/main/resources/log4j.properties delete mode 100644 webgoat-container/src/test/resources/log4j.properties diff --git a/pom.xml b/pom.xml index 7f62b53f9..6766418e5 100644 --- a/pom.xml +++ b/pom.xml @@ -289,6 +289,15 @@ + + + org.projectlombok + lombok + 1.16.10 + provided + + + diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml index 22b50c4e5..4ee368b5b 100644 --- a/webgoat-container/pom.xml +++ b/webgoat-container/pom.xml @@ -214,30 +214,27 @@ jruby-complete + true - - - org.springframework.boot - spring-boot-maven-plugin - - - org.springframework - springloaded - 1.2.0.RELEASE - - + + + + + + + - org.springframework.boot - spring-boot-starter-web + org.projectlombok + lombok org.springframework.boot - spring-boot-starter + spring-boot-starter-web org.springframework.boot @@ -246,26 +243,9 @@ org.springframework.boot spring-boot-devtools - - - org.apache.tomcat.embed - tomcat-embed-jasper - provided - - - org.springframework.boot - spring-boot-configuration-processor true - - - - - - - org.springframework.boot - spring-boot-loader - + com.fasterxml.jackson.dataformat jackson-dataformat-yaml diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java index 98e8d0b28..5f7fc0fd8 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java @@ -35,7 +35,7 @@ import org.owasp.webgoat.session.LabelDebugger; import org.owasp.webgoat.session.WebSession; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.boot.context.embedded.ServletRegistrationBean; +import org.springframework.boot.web.servlet.ServletRegistrationBean; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java index f14333f62..444ee08fb 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java @@ -32,27 +32,22 @@ package org.owasp.webgoat; import org.owasp.webgoat.plugins.Plugin; import org.owasp.webgoat.plugins.PluginClassLoader; +import org.owasp.webgoat.plugins.PluginEndpointPublisher; import org.owasp.webgoat.plugins.PluginsLoader; import org.owasp.webgoat.session.Course; import org.owasp.webgoat.session.UserTracker; import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebgoatContext; import org.owasp.webgoat.session.WebgoatProperties; -import org.springframework.beans.factory.annotation.Autowire; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.beans.factory.config.BeanDefinition; -import org.springframework.beans.factory.support.DefaultListableBeanFactory; -import org.springframework.beans.factory.support.RootBeanDefinition; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.builder.SpringApplicationBuilder; -import org.springframework.boot.context.web.SpringBootServletInitializer; -import org.springframework.context.ApplicationContext; +import org.springframework.boot.web.support.SpringBootServletInitializer; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.PropertySource; import org.springframework.context.annotation.Scope; import org.springframework.context.annotation.ScopedProxyMode; -import org.springframework.context.support.AbstractApplicationContext; import javax.servlet.ServletContext; import java.io.File; @@ -79,7 +74,7 @@ public class WebGoat extends SpringBootServletInitializer { } @Bean - public PluginClassLoader pluginClassLoader() { + public PluginClassLoader pluginClassLoader(@Qualifier("pluginTargetDirectory") File pluginTargetDirectory) { return new PluginClassLoader(PluginClassLoader.class.getClassLoader()); } @@ -96,25 +91,14 @@ public class WebGoat extends SpringBootServletInitializer { @Bean public Course course(PluginsLoader pluginsLoader, WebgoatContext webgoatContext, ServletContext context, WebgoatProperties webgoatProperties, - ApplicationContext applicationContext) { + PluginEndpointPublisher pluginEndpointPublisher) { Course course = new Course(webgoatProperties); course.loadCourses(webgoatContext, context, "/"); List plugins = pluginsLoader.loadPlugins(); course.loadLessonFromPlugin(plugins); - plugins.forEach(p -> publishEndpointsWithSpring(p, (AbstractApplicationContext)applicationContext)); - return course; - } + plugins.forEach(p -> pluginEndpointPublisher.publish(p)); - private void publishEndpointsWithSpring(Plugin plugin, AbstractApplicationContext applicationContext) { - plugin.getLessonEndpoints().forEach(e -> { - try { - BeanDefinition beanDefinition = new RootBeanDefinition(e, Autowire.BY_TYPE.value(), true); - DefaultListableBeanFactory beanFactory = (DefaultListableBeanFactory) applicationContext.getBeanFactory(); - beanFactory.registerBeanDefinition(beanDefinition.getBeanClassName(), beanDefinition); - } catch (Exception ex) { - logger.warn("Failed to register " + e.getSimpleName() + " as endpoint with Spring, skipping..."); - } - }); + return course; } @Bean diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LegacyLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LegacyLoader.java index bc5083b1e..c7fc3c166 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LegacyLoader.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LegacyLoader.java @@ -1,10 +1,9 @@ package org.owasp.webgoat.plugins; -import org.owasp.webgoat.session.WebgoatContext; +import lombok.extern.slf4j.Slf4j; import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.session.WebgoatContext; import org.owasp.webgoat.session.WebgoatProperties; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.support.BeanDefinitionRegistry; import org.springframework.beans.factory.support.SimpleBeanDefinitionRegistry; import org.springframework.context.annotation.ClassPathBeanDefinitionScanner; @@ -21,39 +20,38 @@ import java.util.List; import java.util.Set; /** - ************************************************************************************************* - * - * + * ************************************************************************************************ + *

+ *

* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * please see http://www.owasp.org/ - * + *

* Copyright (c) 2002 - 20014 Bruce Mayhew - * + *

* This program is free software; you can redistribute it and/or modify it under the terms of the * GNU General Public License as published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. - * + *

* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. - * + *

* You should have received a copy of the GNU General Public License along with this program; if * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * 02111-1307, USA. - * + *

* Getting Source ============== - * + *

* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software * projects. * * @author Bruce Mayhew WebGoat - * @since October 28, 2003 * @version $Id: $Id + * @since October 28, 2003 */ +@Slf4j public class LegacyLoader { - final Logger logger = LoggerFactory.getLogger(LegacyLoader.class); - private final List files = new LinkedList(); /** @@ -64,7 +62,7 @@ public class LegacyLoader { /** * Take an absolute file and return the filename. - * + *

* Ex. /etc/password becomes password * * @param s @@ -86,7 +84,7 @@ public class LegacyLoader { /** * Take a class name and return the equivalent file name - * + *

* Ex. org.owasp.webgoat becomes org/owasp/webgoat.java * * @param className @@ -121,8 +119,8 @@ public class LegacyLoader { } // skip over plugins and/or extracted plugins - if ( fileName.indexOf("lessons/plugin") >= 0 || fileName.indexOf("plugin_extracted") >= 0) { - return null; + if (fileName.indexOf("lessons/plugin") >= 0 || fileName.indexOf("plugin_extracted") >= 0) { + return null; } // if the file is in /WEB-INF/classes strip the dir info off @@ -140,20 +138,19 @@ public class LegacyLoader { } - /** * Load all of the filenames into a temporary cache * * @param context a {@link javax.servlet.ServletContext} object. - * @param path a {@link java.lang.String} object. + * @param path a {@link java.lang.String} object. */ public void loadFiles(ServletContext context, String path) { - logger.debug("Loading files into cache, path: " + path); + log.debug("Loading files into cache, path: " + path); Resource resource = new ClassPathResource("/"); //resource.get Set resourcePaths = null; if (resourcePaths == null) { - logger.error("Unable to load file cache for courses, this is probably a bug or configuration issue"); + log.error("Unable to load file cache for courses, this is probably a bug or configuration issue"); return; } Iterator itr = resourcePaths.iterator(); @@ -165,20 +162,20 @@ public class LegacyLoader { loadFiles(context, file); } else { files.add(file); - } + } } } /** * Instantiate all the lesson objects into a cache * - * @param path a {@link java.lang.String} object. - * @param context a {@link javax.servlet.ServletContext} object. + * @param path a {@link java.lang.String} object. + * @param context a {@link javax.servlet.ServletContext} object. * @param webgoatContext a {@link org.owasp.webgoat.session.WebgoatContext} object. - * @param properties a {@link org.owasp.webgoat.session.WebgoatProperties} object. + * @param properties a {@link org.owasp.webgoat.session.WebgoatProperties} object. * @return a {@link java.util.List} object. */ - public List loadLessons(WebgoatContext webgoatContext, ServletContext context, String path, WebgoatProperties properties ) { + public List loadLessons(WebgoatContext webgoatContext, ServletContext context, String path, WebgoatProperties properties) { BeanDefinitionRegistry bdr = new SimpleBeanDefinitionRegistry(); ClassPathBeanDefinitionScanner s = new ClassPathBeanDefinitionScanner(bdr); @@ -193,28 +190,28 @@ public class LegacyLoader { for (String file : beanDefinitionNames) { String className = bdr.getBeanDefinition(file).getBeanClassName(); - try { - Class c = Class.forName(className); - Object o = c.newInstance(); + try { + Class c = Class.forName(className); + Object o = c.newInstance(); - if (o instanceof AbstractLesson) { - AbstractLesson lesson = (AbstractLesson) o; - lesson.setWebgoatContext(webgoatContext); + if (o instanceof AbstractLesson) { + AbstractLesson lesson = (AbstractLesson) o; + lesson.setWebgoatContext(webgoatContext); - lesson.update(properties); + lesson.update(properties); - if (lesson.getHidden() == false) { - lessons.add(lesson); - } + if (lesson.getHidden() == false) { + lessons.add(lesson); } - } catch (Exception e) { - // Bruce says: - // I don't think we want to log the exception here. We could - // be potentially showing a lot of exceptions that don't matter. - // We would only care if the lesson extended AbstractLesson and we - // can't tell that because it threw the exception. Catch 22 - // logger.error("Error in loadLessons: ", e); } + } catch (Exception e) { + // Bruce says: + // I don't think we want to log the exception here. We could + // be potentially showing a lot of exceptions that don't matter. + // We would only care if the lesson extended AbstractLesson and we + // can't tell that because it threw the exception. Catch 22 + // logger.error("Error in loadLessons: ", e); + } } loadResources(lessons); return lessons; @@ -233,36 +230,36 @@ public class LegacyLoader { * * @param lessons a {@link java.util.List} object. */ - public void loadResources(List lessons ) { + public void loadResources(List lessons) { for (AbstractLesson lesson : lessons) { - logger.info("Loading resources for lesson -> " + lesson.getName()); + log.info("Loading resources for lesson -> " + lesson.getName()); String className = lesson.getClass().getName(); String classFile = getSourceFile(className); - logger.info("Lesson classname: " + className); - logger.info("Lesson java file: " + classFile); + log.info("Lesson classname: " + className); + log.info("Lesson java file: " + classFile); for (String absoluteFile : files) { String fileName = getFileName(absoluteFile); //logger.debug("Course: looking at file: " + absoluteFile); if (absoluteFile.endsWith(classFile)) { - logger.info("Set source file for " + classFile); + log.info("Set source file for " + classFile); lesson.setSourceFileName(absoluteFile); } if (absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html") && className.endsWith(fileName)) { - logger.info("setting lesson plan file " + absoluteFile + " for lesson " + log.info("setting lesson plan file " + absoluteFile + " for lesson " + lesson.getClass().getName()); - logger.info("fileName: " + fileName + " == className: " + className); + log.info("fileName: " + fileName + " == className: " + className); String language = getLanguageFromFileName("/lesson_plans", absoluteFile); lesson.setLessonPlanFileName(language, absoluteFile); } if (absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html") && className.endsWith(fileName)) { - logger.info("setting lesson solution file " + absoluteFile + " for lesson " + log.info("setting lesson solution file " + absoluteFile + " for lesson " + lesson.getClass().getName()); - logger.info("fileName: " + fileName + " == className: " + className); + log.info("fileName: " + fileName + " == className: " + className); lesson.setLessonSolutionFileName(absoluteFile); } } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonConfiguration.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonConfiguration.java deleted file mode 100644 index 8a96c6655..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonConfiguration.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.owasp.webgoat.plugins; - -/** - * ************************************************************************************************ - * This file is part of WebGoat, an Open Web Application Security Project utility. For details, - * please see http://www.owasp.org/ - *

- * Copyright (c) 2002 - 20014 Bruce Mayhew - *

- * This program is free software; you can redistribute it and/or modify it under the terms of the - * GNU General Public License as published by the Free Software Foundation; either version 2 of the - * License, or (at your option) any later version. - *

- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without - * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - *

- * You should have received a copy of the GNU General Public License along with this program; if - * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA - * 02111-1307, USA. - *

- * Getting Source ============== - *

- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software - * projects. - *

- * - * @author WebGoat - * @version $Id: $Id - * @since June 28, 2016 - */ -public class LessonConfiguration { - - private String title; - -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonDescription.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonDescription.java deleted file mode 100644 index 5aeb1fe39..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonDescription.java +++ /dev/null @@ -1,55 +0,0 @@ -/** - * ************************************************************************************************ - * This file is part of WebGoat, an Open Web Application Security Project utility. For details, - * please see http://www.owasp.org/ - *

- * Copyright (c) 2002 - 20014 Bruce Mayhew - *

- * This program is free software; you can redistribute it and/or modify it under the terms of the - * GNU General Public License as published by the Free Software Foundation; either version 2 of the - * License, or (at your option) any later version. - *

- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without - * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - *

- * You should have received a copy of the GNU General Public License along with this program; if - * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA - * 02111-1307, USA. - *

- * Getting Source ============== - *

- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software - * projects. - *

- * - * @author WebGoat - * @version $Id: $Id - * @since May 15, 2016 - */ -package org.owasp.webgoat.plugins; - - -import java.util.List; - -public class LessonDescription { - - private String name; - private String title; - private String category; - private int ranking; - private List hints; -} - - -/** - lesson: - name: Access Control Matrix - title: Using an Access Control Matrix - category: ACCESS_CONTROL - ranking: 10 - hints: - - Many sites attempt to restrict access to resources by role. - - Developers frequently make mistakes implementing this scheme. - - Attempt combinations of users, roles, and resources. - */ \ No newline at end of file diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginEndpointPublisher.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginEndpointPublisher.java new file mode 100644 index 000000000..98c97b795 --- /dev/null +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginEndpointPublisher.java @@ -0,0 +1,62 @@ +package org.owasp.webgoat.plugins; + +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowire; +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.beans.factory.support.DefaultListableBeanFactory; +import org.springframework.beans.factory.support.RootBeanDefinition; +import org.springframework.context.ApplicationContext; +import org.springframework.context.support.AbstractApplicationContext; +import org.springframework.stereotype.Component; + +/** + * ************************************************************************************************ + * This file is part of WebGoat, an Open Web Application Security Project utility. For details, + * please see http://www.owasp.org/ + *

+ * Copyright (c) 2002 - 20014 Bruce Mayhew + *

+ * This program is free software; you can redistribute it and/or modify it under the terms of the + * GNU General Public License as published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License along with this program; if + * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + * 02111-1307, USA. + *

+ * Getting Source ============== + *

+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software + * projects. + *

+ * + * @author nbaars + * @version $Id: $Id + * @since October 16, 2016 + */ +@Component +@Slf4j +public class PluginEndpointPublisher { + + private AbstractApplicationContext applicationContext; + + public PluginEndpointPublisher(ApplicationContext applicationContext) { + this.applicationContext = (AbstractApplicationContext) applicationContext; + } + + public void publish(Plugin plugin) { + plugin.getLessonEndpoints().forEach(e -> { + try { + BeanDefinition beanDefinition = new RootBeanDefinition(e, Autowire.BY_TYPE.value(), true); + DefaultListableBeanFactory beanFactory = (DefaultListableBeanFactory) applicationContext.getBeanFactory(); + beanFactory.registerBeanDefinition(beanDefinition.getBeanClassName(), beanDefinition); + } catch (Exception ex) { + log.error("Failed to register " + e.getSimpleName() + " as endpoint with Spring, skipping..."); + } + }); + } +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java index 0f7b534c9..8c176ecb2 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java @@ -42,7 +42,7 @@ public class PluginExtractor { while (entries.hasMoreElements()) { final ZipEntry zipEntry = entries.nextElement(); if (shouldProcessFile(zipEntry)) { - boolean processed = processClassFile(zipEntry); + boolean processed = processClassFile(zipFile, zipEntry, targetDirectory); if (!processed) { processed = processPropertyFile(zipFile, zipEntry, targetDirectory); @@ -77,9 +77,11 @@ public class PluginExtractor { return false; } - private boolean processClassFile(ZipEntry zipEntry) { + private boolean processClassFile(ZipFile zipFile, ZipEntry zipEntry, File targetDirectory) throws IOException { if (zipEntry.getName().endsWith(".class")) { classes.add(zipEntry.getName()); + final File targetFile = new File(targetDirectory, zipEntry.getName()); + copyFile(zipFile, zipEntry, targetFile, false); return true; } return false; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginFileUtils.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginFileUtils.java index 6e214092f..d744f2dac 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginFileUtils.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginFileUtils.java @@ -2,6 +2,7 @@ package org.owasp.webgoat.plugins; import com.google.common.base.Preconditions; +import lombok.experimental.UtilityClass; import org.apache.commons.io.IOUtils; import java.io.File; @@ -18,6 +19,7 @@ import java.util.Collection; * @version $Id: $Id * @author dm */ +@UtilityClass public class PluginFileUtils { /** diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java index 1600f559a..e07206f25 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java @@ -1,10 +1,9 @@ package org.owasp.webgoat.plugins; import com.google.common.collect.Lists; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.io.FileUtils; import org.owasp.webgoat.util.LabelProvider; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.ResourceUtils; @@ -36,11 +35,11 @@ import java.util.zip.ZipFile; * @author dm * @version $Id: $Id */ +@Slf4j public class PluginsLoader { private static final String WEBGOAT_PLUGIN_EXTENSION = "jar"; private static final int BUFFER_SIZE = 32 * 1024; - private final Logger logger = LoggerFactory.getLogger(this.getClass()); private final File pluginTargetDirectory; private final PluginClassLoader classLoader; @@ -67,7 +66,7 @@ public class PluginsLoader { List jars = listJars(); plugins = processPlugins(jars); } catch (Exception e) { - logger.error("Loading plugins failed", e); + log.error("Loading plugins failed", e); } return plugins; } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java index 433492467..3c552c012 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java @@ -1,5 +1,6 @@ package org.owasp.webgoat.session; +import lombok.extern.slf4j.Slf4j; import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.lessons.RandomLessonAdapter; @@ -7,8 +8,6 @@ import org.owasp.webgoat.lessons.SequentialLessonAdapter; import org.owasp.webgoat.lessons.model.RequestParameter; import org.owasp.webgoat.util.BeanProvider; import org.owasp.webgoat.util.LabelManager; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import javax.servlet.ServletContext; @@ -60,14 +59,13 @@ import java.util.Vector; * @since October 28, 2003 * @version $Id: $Id */ +@Slf4j public class WebSession { /** * @TODO_NB Spring can take inject this bean bound to a specific scope no longer necessary to bound it to a HTTP session */ - final Logger logger = LoggerFactory.getLogger(WebSession.class); - /** * Description of the Field */ @@ -1047,7 +1045,7 @@ public class WebSession { rla.setStage(this, null); } } catch (ParameterNotFoundException pnfe) { - logger.warn("ParameterNotFoundException when updating stage for RandomLessonAdapter: " + pnfe.getMessage() + " " + pnfe.getCause()); + log.warn("ParameterNotFoundException when updating stage for RandomLessonAdapter: " + pnfe.getMessage() + " " + pnfe.getCause()); } } @@ -1109,7 +1107,7 @@ public class WebSession { } } } catch (Exception e) { - logger.warn("Exception when updating properties in updateScreenProperties: " + e.getMessage() + " " + e.getCause()); + log.warn("Exception when updating properties in updateScreenProperties: " + e.getMessage() + " " + e.getCause()); } } @@ -1154,7 +1152,7 @@ public class WebSession { } // store parameters Map parmMap = request.getParameterMap(); - logger.info("PARM MAP: " + parmMap); + log.info("PARM MAP: " + parmMap); if (parmMap == null) { this.parmsOnLastRequest = new ArrayList(); } else { diff --git a/webgoat-container/src/main/resources/application.properties b/webgoat-container/src/main/resources/application.properties index f8406750f..45245ebae 100644 --- a/webgoat-container/src/main/resources/application.properties +++ b/webgoat-container/src/main/resources/application.properties @@ -6,10 +6,15 @@ server.port=8080 logging.level.org.springframework=WARN logging.level.org.springframework.boot.devtools=DEBUG +logging.level.org.owasp=DEBUG + spring.thymeleaf.cache=false spring.thymeleaf.content-type=text/html security.enable-csrf=false +spring.devtools.restart.enabled=true + + webgoat.build.version=@project.version@ webgoat.build.number=@build.number@ @@ -24,6 +29,4 @@ webgoat.database.connection.string=jdbc:hsqldb:mem:test webgoat.default.language=en -spring.devtools.restart.pollInterval=4000 -spring.devtools.livereload.enabled=true -spring.devtools.restart.enabled=true + diff --git a/webgoat-container/src/main/resources/log4j.properties b/webgoat-container/src/main/resources/log4j.properties deleted file mode 100644 index 2d27828df..000000000 --- a/webgoat-container/src/main/resources/log4j.properties +++ /dev/null @@ -1,48 +0,0 @@ -log4j.rootLogger=DEBUG, MAIN_LOG,CONSOLE -#log4j.rootLogger=DEBUG, MAIN_LOG, ERROR_LOG - -# MAIN - everything gets logged here -log4j.appender.MAIN_LOG=org.apache.log4j.RollingFileAppender -log4j.appender.MAIN_LOG.File=${catalina.home}/logs/webgoat_main.log -log4j.appender.MAIN_LOG.layout=org.apache.log4j.PatternLayout -log4j.appender.MAIN_LOG.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n -log4j.appender.MAIN_LOG.MaxFileSize=10MB -log4j.appender.MAIN_LOG.MaxBackupIndex=5 -log4j.appender.MAIN_LOG.append=true - -log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender -log4j.appender.CONSOLE.Target=System.out -log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout -log4j.appender.CONSOLE.layout.conversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p - %m%n - - -# a little less spring output -log4j.category.org.springframework = INFO -log4j.category.org.apache=INFO - -log4j.appender.default.out=org.apache.log4j.ConsoleAppender -log4j.appender.default.out.threeshold=DEBUG -log4j.appender.default.out.layout=org.apache.log4j.PatternLayout -log4j.appender.default.out.layout.ConversionPattern=%-5p %c: %m%n - -# ERROR -log4j.appender.ERROR_LOG=org.apache.log4j.RollingFileAppender -log4j.appender.ERROR_LOG.File=${catalina.home}/logs/webgoat_error.log -log4j.appender.ERROR_LOG.layout=org.apache.log4j.PatternLayout -log4j.appender.ERROR_LOG.layout.ConversionPattern=%d [%t] %-5p %x - %m%n -log4j.appender.ERROR_LOG.MaxFileSize=10MB -log4j.appender.ERROR_LOG.MaxBackupIndex=2 -log4j.appender.ERROR_LOG.append=true -log4j.appender.ERROR_LOG.Threshold=ERROR - -# PERFORMANCE -log4j.logger.PERF_LOG=DEBUG, PERF_LOG -log4j.appender.PERF_LOG=org.apache.log4j.RollingFileAppender -log4j.appender.PERF_LOG.File=${catalina.home}/logs/webgoat_perf.log -log4j.appender.PERF_LOG.layout=org.apache.log4j.PatternLayout -log4j.appender.PERF_LOG.layout.ConversionPattern=%m%n -log4j.appender.PERF_LOG.MaxFileSize=10MB -log4j.appender.PERF_LOG.MaxBackupIndex=2 -log4j.appender.PERF_LOG.append=true -log4j.additivity.PERF_LOG = false - diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/util/LabelProviderTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/util/LabelProviderTest.java index ab6ef5ec6..a2d88ab44 100644 --- a/webgoat-container/src/test/java/org/owasp/webgoat/util/LabelProviderTest.java +++ b/webgoat-container/src/test/java/org/owasp/webgoat/util/LabelProviderTest.java @@ -2,9 +2,7 @@ package org.owasp.webgoat.util; import org.hamcrest.CoreMatchers; import org.junit.Test; -import org.springframework.core.io.ClassPathResource; -import java.io.IOException; import java.util.Locale; import static org.junit.Assert.assertThat; @@ -18,15 +16,4 @@ public class LabelProviderTest { "Congratulations. You have successfully completed this lesson.")); } - @Test - public void loadingPluginLabels() throws IOException { - LabelProvider labelProvider = new LabelProvider(); - labelProvider.updatePluginResources(new ClassPathResource("log4j.properties").getFile().toPath()); - assertThat(labelProvider.get(Locale.ENGLISH, "LessonCompleted"), CoreMatchers.equalTo( - "Congratulations. You have successfully completed this lesson.")); - assertThat(labelProvider.get(Locale.ENGLISH, "log4j.appender.CONSOLE.Target"), CoreMatchers.equalTo( - "System.out")); - } - - } \ No newline at end of file diff --git a/webgoat-container/src/test/resources/log4j.properties b/webgoat-container/src/test/resources/log4j.properties deleted file mode 100644 index 89b84e170..000000000 --- a/webgoat-container/src/test/resources/log4j.properties +++ /dev/null @@ -1,7 +0,0 @@ -log4j.rootLogger=DEBUG, CONSOLE - -log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender -log4j.appender.CONSOLE.Target=System.out -log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout -log4j.appender.CONSOLE.layout.conversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p - %m%n - diff --git a/webgoat-lessons/pom.xml b/webgoat-lessons/pom.xml index 03df7e9f3..26e72a406 100644 --- a/webgoat-lessons/pom.xml +++ b/webgoat-lessons/pom.xml @@ -44,7 +44,7 @@ maven-dependency-plugin - copy-artifact + copy-artifact-src package copy @@ -62,14 +62,9 @@ ../../webgoat-container/src/main/resources/plugin_lessons - - - - org.apache.maven.plugins - maven-dependency-plugin - + - copy-artifact + copy-artifact-target package copy