dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clean up and introduced Spring Dev tools to automatically reload classes.

Browse Source
This commit is contained in:
Nanne Baars 2016-10-30 15:13:32 +01:00
parent b8992bdc0e
commit 89a717bbd2
17 changed files with 164 additions and 292 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pom.xml
View File

@ -289,6 +289,15 @@
</profile>
</profiles>
<dependencies>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.16.10</version>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>

44
webgoat-container/pom.xml
View File

@ -214,30 +214,27 @@
<artifactId>jruby-complete</artifactId>
</dependency>
</requiresUnpack>
<fork>true</fork>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>springloaded</artifactId>
<version>1.2.0.RELEASE</version>
</dependency>
</dependencies>
<!--<dependencies>-->
<!--<dependency>-->
<!--<groupId>org.springframework</groupId>-->
<!--<artifactId>springloaded</artifactId>-->
<!--<version>1.2.5.RELEASE</version>-->
<!--</dependency>-->
<!--</dependencies>-->
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
@ -246,26 +243,9 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<!--<dependency>-->
<!--<groupId>org.springframework.boot</groupId>-->
<!--<artifactId>spring-boot-devtools</artifactId>-->
<!--<optional>true</optional>-->
<!--</dependency>-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-loader</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-yaml</artifactId>

2
webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
View File

@ -35,7 +35,7 @@ import org.owasp.webgoat.session.LabelDebugger;
import org.owasp.webgoat.session.WebSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.embedded.ServletRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

28
webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
View File

@ -32,27 +32,22 @@ package org.owasp.webgoat;
import org.owasp.webgoat.plugins.Plugin;
import org.owasp.webgoat.plugins.PluginClassLoader;
import org.owasp.webgoat.plugins.PluginEndpointPublisher;
import org.owasp.webgoat.plugins.PluginsLoader;
import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.UserTracker;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.session.WebgoatProperties;
import org.springframework.beans.factory.annotation.Autowire;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.DefaultListableBeanFactory;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.context.web.SpringBootServletInitializer;
import org.springframework.context.ApplicationContext;
import org.springframework.boot.web.support.SpringBootServletInitializer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.PropertySource;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.context.support.AbstractApplicationContext;
import javax.servlet.ServletContext;
import java.io.File;
@ -79,7 +74,7 @@ public class WebGoat extends SpringBootServletInitializer {
}
@Bean
public PluginClassLoader pluginClassLoader() {
public PluginClassLoader pluginClassLoader(@Qualifier("pluginTargetDirectory") File pluginTargetDirectory) {
return new PluginClassLoader(PluginClassLoader.class.getClassLoader());
}
@ -96,25 +91,14 @@ public class WebGoat extends SpringBootServletInitializer {
@Bean
public Course course(PluginsLoader pluginsLoader, WebgoatContext webgoatContext, ServletContext context, WebgoatProperties webgoatProperties,
ApplicationContext applicationContext) {
PluginEndpointPublisher pluginEndpointPublisher) {
Course course = new Course(webgoatProperties);
course.loadCourses(webgoatContext, context, "/");
List<Plugin> plugins = pluginsLoader.loadPlugins();
course.loadLessonFromPlugin(plugins);
plugins.forEach(p -> publishEndpointsWithSpring(p, (AbstractApplicationContext)applicationContext));
return course;
}
plugins.forEach(p -> pluginEndpointPublisher.publish(p));
private void publishEndpointsWithSpring(Plugin plugin, AbstractApplicationContext applicationContext) {
plugin.getLessonEndpoints().forEach(e -> {
try {
BeanDefinition beanDefinition = new RootBeanDefinition(e, Autowire.BY_TYPE.value(), true);
DefaultListableBeanFactory beanFactory = (DefaultListableBeanFactory) applicationContext.getBeanFactory();
beanFactory.registerBeanDefinition(beanDefinition.getBeanClassName(), beanDefinition);
} catch (Exception ex) {
logger.warn("Failed to register " + e.getSimpleName() + " as endpoint with Spring, skipping...");
}
});
return course;
}
@Bean

105
webgoat-container/src/main/java/org/owasp/webgoat/plugins/LegacyLoader.java
View File

@ -1,10 +1,9 @@
package org.owasp.webgoat.plugins;
import org.owasp.webgoat.session.WebgoatContext;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.session.WebgoatProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.support.SimpleBeanDefinitionRegistry;
import org.springframework.context.annotation.ClassPathBeanDefinitionScanner;
@ -21,39 +20,38 @@ import java.util.List;
import java.util.Set;
/**
*************************************************************************************************
*
*
* ************************************************************************************************
* <p>
* <p>
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* <p>
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* <p>
* Getting Source ==============
*
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @since October 28, 2003
* @version $Id: $Id
* @since October 28, 2003
*/
@Slf4j
public class LegacyLoader {
final Logger logger = LoggerFactory.getLogger(LegacyLoader.class);
private final List<String> files = new LinkedList<String>();
/**
@ -64,7 +62,7 @@ public class LegacyLoader {
/**
* Take an absolute file and return the filename.
*
* <p>
* Ex. /etc/password becomes password
*
* @param s
@ -86,7 +84,7 @@ public class LegacyLoader {
/**
* Take a class name and return the equivalent file name
*
* <p>
* Ex. org.owasp.webgoat becomes org/owasp/webgoat.java
*
* @param className
@ -121,8 +119,8 @@ public class LegacyLoader {
}
// skip over plugins and/or extracted plugins
if ( fileName.indexOf("lessons/plugin") >= 0 || fileName.indexOf("plugin_extracted") >= 0) {
return null;
if (fileName.indexOf("lessons/plugin") >= 0 || fileName.indexOf("plugin_extracted") >= 0) {
return null;
}
// if the file is in /WEB-INF/classes strip the dir info off
@ -140,20 +138,19 @@ public class LegacyLoader {
}
/**
* Load all of the filenames into a temporary cache
*
* @param context a {@link javax.servlet.ServletContext} object.
* @param path a {@link java.lang.String} object.
* @param path a {@link java.lang.String} object.
*/
public void loadFiles(ServletContext context, String path) {
logger.debug("Loading files into cache, path: " + path);
log.debug("Loading files into cache, path: " + path);
Resource resource = new ClassPathResource("/");
//resource.get
Set resourcePaths = null;
if (resourcePaths == null) {
logger.error("Unable to load file cache for courses, this is probably a bug or configuration issue");
log.error("Unable to load file cache for courses, this is probably a bug or configuration issue");
return;
}
Iterator itr = resourcePaths.iterator();
@ -165,20 +162,20 @@ public class LegacyLoader {
loadFiles(context, file);
} else {
files.add(file);
}
}
}
}
/**
* Instantiate all the lesson objects into a cache
*
* @param path a {@link java.lang.String} object.
* @param context a {@link javax.servlet.ServletContext} object.
* @param path a {@link java.lang.String} object.
* @param context a {@link javax.servlet.ServletContext} object.
* @param webgoatContext a {@link org.owasp.webgoat.session.WebgoatContext} object.
* @param properties a {@link org.owasp.webgoat.session.WebgoatProperties} object.
* @param properties a {@link org.owasp.webgoat.session.WebgoatProperties} object.
* @return a {@link java.util.List} object.
*/
public List<AbstractLesson> loadLessons(WebgoatContext webgoatContext, ServletContext context, String path, WebgoatProperties properties ) {
public List<AbstractLesson> loadLessons(WebgoatContext webgoatContext, ServletContext context, String path, WebgoatProperties properties) {
BeanDefinitionRegistry bdr = new SimpleBeanDefinitionRegistry();
ClassPathBeanDefinitionScanner s = new ClassPathBeanDefinitionScanner(bdr);
@ -193,28 +190,28 @@ public class LegacyLoader {
for (String file : beanDefinitionNames) {
String className = bdr.getBeanDefinition(file).getBeanClassName();
try {
Class c = Class.forName(className);
Object o = c.newInstance();
try {
Class c = Class.forName(className);
Object o = c.newInstance();
if (o instanceof AbstractLesson) {
AbstractLesson lesson = (AbstractLesson) o;
lesson.setWebgoatContext(webgoatContext);
if (o instanceof AbstractLesson) {
AbstractLesson lesson = (AbstractLesson) o;
lesson.setWebgoatContext(webgoatContext);
lesson.update(properties);
lesson.update(properties);
if (lesson.getHidden() == false) {
lessons.add(lesson);
}
if (lesson.getHidden() == false) {
lessons.add(lesson);
}
} catch (Exception e) {
// Bruce says:
// I don't think we want to log the exception here. We could
// be potentially showing a lot of exceptions that don't matter.
// We would only care if the lesson extended AbstractLesson and we
// can't tell that because it threw the exception. Catch 22
// logger.error("Error in loadLessons: ", e);
}
} catch (Exception e) {
// Bruce says:
// I don't think we want to log the exception here. We could
// be potentially showing a lot of exceptions that don't matter.
// We would only care if the lesson extended AbstractLesson and we
// can't tell that because it threw the exception. Catch 22
// logger.error("Error in loadLessons: ", e);
}
}
loadResources(lessons);
return lessons;
@ -233,36 +230,36 @@ public class LegacyLoader {
*
* @param lessons a {@link java.util.List} object.
*/
public void loadResources(List<AbstractLesson> lessons ) {
public void loadResources(List<AbstractLesson> lessons) {
for (AbstractLesson lesson : lessons) {
logger.info("Loading resources for lesson -> " + lesson.getName());
log.info("Loading resources for lesson -> " + lesson.getName());
String className = lesson.getClass().getName();
String classFile = getSourceFile(className);
logger.info("Lesson classname: " + className);
logger.info("Lesson java file: " + classFile);
log.info("Lesson classname: " + className);
log.info("Lesson java file: " + classFile);
for (String absoluteFile : files) {
String fileName = getFileName(absoluteFile);
//logger.debug("Course: looking at file: " + absoluteFile);
if (absoluteFile.endsWith(classFile)) {
logger.info("Set source file for " + classFile);
log.info("Set source file for " + classFile);
lesson.setSourceFileName(absoluteFile);
}
if (absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html")
&& className.endsWith(fileName)) {
logger.info("setting lesson plan file " + absoluteFile + " for lesson "
log.info("setting lesson plan file " + absoluteFile + " for lesson "
+ lesson.getClass().getName());
logger.info("fileName: " + fileName + " == className: " + className);
log.info("fileName: " + fileName + " == className: " + className);
String language = getLanguageFromFileName("/lesson_plans", absoluteFile);
lesson.setLessonPlanFileName(language, absoluteFile);
}
if (absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html")
&& className.endsWith(fileName)) {
logger.info("setting lesson solution file " + absoluteFile + " for lesson "
log.info("setting lesson solution file " + absoluteFile + " for lesson "
+ lesson.getClass().getName());
logger.info("fileName: " + fileName + " == className: " + className);
log.info("fileName: " + fileName + " == className: " + className);
lesson.setLessonSolutionFileName(absoluteFile);
}
}

36
webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonConfiguration.java
View File

@ -1,36 +0,0 @@
package org.owasp.webgoat.plugins;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
* <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* <p>
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
* <p>
* Getting Source ==============
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
* <p>
*
* @author WebGoat
* @version $Id: $Id
* @since June 28, 2016
*/
public class LessonConfiguration {
private String title;
}

55
webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonDescription.java
View File

@ -1,55 +0,0 @@
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
* <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* <p>
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
* <p>
* Getting Source ==============
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
* <p>
*
* @author WebGoat
* @version $Id: $Id
* @since May 15, 2016
*/
package org.owasp.webgoat.plugins;
import java.util.List;
public class LessonDescription {
private String name;
private String title;
private String category;
private int ranking;
private List<String> hints;
}
/**
lesson:
name: Access Control Matrix
title: Using an Access Control Matrix
category: ACCESS_CONTROL
ranking: 10
hints:
- Many sites attempt to restrict access to resources by role.
- Developers frequently make mistakes implementing this scheme.
- Attempt combinations of users, roles, and resources.
*/

62
webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginEndpointPublisher.java Normal file
View File

@ -0,0 +1,62 @@
package org.owasp.webgoat.plugins;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowire;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.DefaultListableBeanFactory;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.AbstractApplicationContext;
import org.springframework.stereotype.Component;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
* <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* <p>
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
* <p>
* Getting Source ==============
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
* <p>
*
* @author nbaars
* @version $Id: $Id
* @since October 16, 2016
*/
@Component
@Slf4j
public class PluginEndpointPublisher {
private AbstractApplicationContext applicationContext;
public PluginEndpointPublisher(ApplicationContext applicationContext) {
this.applicationContext = (AbstractApplicationContext) applicationContext;
}
public void publish(Plugin plugin) {
plugin.getLessonEndpoints().forEach(e -> {
try {
BeanDefinition beanDefinition = new RootBeanDefinition(e, Autowire.BY_TYPE.value(), true);
DefaultListableBeanFactory beanFactory = (DefaultListableBeanFactory) applicationContext.getBeanFactory();
beanFactory.registerBeanDefinition(beanDefinition.getBeanClassName(), beanDefinition);
} catch (Exception ex) {
log.error("Failed to register " + e.getSimpleName() + " as endpoint with Spring, skipping...");
}
});
}
}

6
webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java
View File

@ -42,7 +42,7 @@ public class PluginExtractor {
while (entries.hasMoreElements()) {
final ZipEntry zipEntry = entries.nextElement();
if (shouldProcessFile(zipEntry)) {
boolean processed = processClassFile(zipEntry);
boolean processed = processClassFile(zipFile, zipEntry, targetDirectory);
if (!processed) {
processed = processPropertyFile(zipFile, zipEntry, targetDirectory);
@ -77,9 +77,11 @@ public class PluginExtractor {
return false;
}
private boolean processClassFile(ZipEntry zipEntry) {
private boolean processClassFile(ZipFile zipFile, ZipEntry zipEntry, File targetDirectory) throws IOException {
if (zipEntry.getName().endsWith(".class")) {
classes.add(zipEntry.getName());
final File targetFile = new File(targetDirectory, zipEntry.getName());
copyFile(zipFile, zipEntry, targetFile, false);
return true;
}
return false;

2
webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginFileUtils.java
View File

@ -2,6 +2,7 @@ package org.owasp.webgoat.plugins;
import com.google.common.base.Preconditions;
import lombok.experimental.UtilityClass;
import org.apache.commons.io.IOUtils;
import java.io.File;
@ -18,6 +19,7 @@ import java.util.Collection;
* @version $Id: $Id
* @author dm
*/
@UtilityClass
public class PluginFileUtils {
/**

7
webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
View File

@ -1,10 +1,9 @@
package org.owasp.webgoat.plugins;
import com.google.common.collect.Lists;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.io.FileUtils;
import org.owasp.webgoat.util.LabelProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.ResourceUtils;
@ -36,11 +35,11 @@ import java.util.zip.ZipFile;
* @author dm
* @version $Id: $Id
*/
@Slf4j
public class PluginsLoader {
private static final String WEBGOAT_PLUGIN_EXTENSION = "jar";
private static final int BUFFER_SIZE = 32 * 1024;
private final Logger logger = LoggerFactory.getLogger(this.getClass());
private final File pluginTargetDirectory;
private final PluginClassLoader classLoader;
@ -67,7 +66,7 @@ public class PluginsLoader {
List<URL> jars = listJars();
plugins = processPlugins(jars);
} catch (Exception e) {
logger.error("Loading plugins failed", e);
log.error("Loading plugins failed", e);
}
return plugins;
}

12
webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java
View File

@ -1,5 +1,6 @@
package org.owasp.webgoat.session;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.RandomLessonAdapter;
@ -7,8 +8,6 @@ import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.lessons.model.RequestParameter;
import org.owasp.webgoat.util.BeanProvider;
import org.owasp.webgoat.util.LabelManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import javax.servlet.ServletContext;
@ -60,14 +59,13 @@ import java.util.Vector;
* @since October 28, 2003
* @version $Id: $Id
*/
@Slf4j
public class WebSession {
/**
* @TODO_NB Spring can take inject this bean bound to a specific scope no longer necessary to bound it to a HTTP session
*/
final Logger logger = LoggerFactory.getLogger(WebSession.class);
/**
* Description of the Field
*/
@ -1047,7 +1045,7 @@ public class WebSession {
rla.setStage(this, null);
}
} catch (ParameterNotFoundException pnfe) {
logger.warn("ParameterNotFoundException when updating stage for RandomLessonAdapter: " + pnfe.getMessage() + " " + pnfe.getCause());
log.warn("ParameterNotFoundException when updating stage for RandomLessonAdapter: " + pnfe.getMessage() + " " + pnfe.getCause());
}
}
@ -1109,7 +1107,7 @@ public class WebSession {
}
}
} catch (Exception e) {
logger.warn("Exception when updating properties in updateScreenProperties: " + e.getMessage() + " " + e.getCause());
log.warn("Exception when updating properties in updateScreenProperties: " + e.getMessage() + " " + e.getCause());
}
}
@ -1154,7 +1152,7 @@ public class WebSession {
}
// store parameters
Map<String, String[]> parmMap = request.getParameterMap();
logger.info("PARM MAP: " + parmMap);
log.info("PARM MAP: " + parmMap);
if (parmMap == null) {
this.parmsOnLastRequest = new ArrayList<RequestParameter>();
} else {

9
webgoat-container/src/main/resources/application.properties
View File

@ -6,10 +6,15 @@ server.port=8080
logging.level.org.springframework=WARN
logging.level.org.springframework.boot.devtools=DEBUG
logging.level.org.owasp=DEBUG
spring.thymeleaf.cache=false
spring.thymeleaf.content-type=text/html
security.enable-csrf=false
spring.devtools.restart.enabled=true
webgoat.build.version=@project.version@
webgoat.build.number=@build.number@
@ -24,6 +29,4 @@ webgoat.database.connection.string=jdbc:hsqldb:mem:test
webgoat.default.language=en
spring.devtools.restart.pollInterval=4000
spring.devtools.livereload.enabled=true
spring.devtools.restart.enabled=true

48
webgoat-container/src/main/resources/log4j.properties
View File

@ -1,48 +0,0 @@
log4j.rootLogger=DEBUG, MAIN_LOG,CONSOLE
#log4j.rootLogger=DEBUG, MAIN_LOG, ERROR_LOG
# MAIN - everything gets logged here
log4j.appender.MAIN_LOG=org.apache.log4j.RollingFileAppender
log4j.appender.MAIN_LOG.File=${catalina.home}/logs/webgoat_main.log
log4j.appender.MAIN_LOG.layout=org.apache.log4j.PatternLayout
log4j.appender.MAIN_LOG.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n
log4j.appender.MAIN_LOG.MaxFileSize=10MB
log4j.appender.MAIN_LOG.MaxBackupIndex=5
log4j.appender.MAIN_LOG.append=true
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.Target=System.out
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.conversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p - %m%n
# a little less spring output
log4j.category.org.springframework = INFO
log4j.category.org.apache=INFO
log4j.appender.default.out=org.apache.log4j.ConsoleAppender
log4j.appender.default.out.threeshold=DEBUG
log4j.appender.default.out.layout=org.apache.log4j.PatternLayout
log4j.appender.default.out.layout.ConversionPattern=%-5p %c: %m%n
# ERROR
log4j.appender.ERROR_LOG=org.apache.log4j.RollingFileAppender
log4j.appender.ERROR_LOG.File=${catalina.home}/logs/webgoat_error.log
log4j.appender.ERROR_LOG.layout=org.apache.log4j.PatternLayout
log4j.appender.ERROR_LOG.layout.ConversionPattern=%d [%t] %-5p %x - %m%n
log4j.appender.ERROR_LOG.MaxFileSize=10MB
log4j.appender.ERROR_LOG.MaxBackupIndex=2
log4j.appender.ERROR_LOG.append=true
log4j.appender.ERROR_LOG.Threshold=ERROR
# PERFORMANCE
log4j.logger.PERF_LOG=DEBUG, PERF_LOG
log4j.appender.PERF_LOG=org.apache.log4j.RollingFileAppender
log4j.appender.PERF_LOG.File=${catalina.home}/logs/webgoat_perf.log
log4j.appender.PERF_LOG.layout=org.apache.log4j.PatternLayout
log4j.appender.PERF_LOG.layout.ConversionPattern=%m%n
log4j.appender.PERF_LOG.MaxFileSize=10MB
log4j.appender.PERF_LOG.MaxBackupIndex=2
log4j.appender.PERF_LOG.append=true
log4j.additivity.PERF_LOG = false

13
webgoat-container/src/test/java/org/owasp/webgoat/util/LabelProviderTest.java
View File

@ -2,9 +2,7 @@ package org.owasp.webgoat.util;
import org.hamcrest.CoreMatchers;
import org.junit.Test;
import org.springframework.core.io.ClassPathResource;
import java.io.IOException;
import java.util.Locale;
import static org.junit.Assert.assertThat;
@ -18,15 +16,4 @@ public class LabelProviderTest {
"Congratulations. You have successfully completed this lesson."));
}
@Test
public void loadingPluginLabels() throws IOException {
LabelProvider labelProvider = new LabelProvider();
labelProvider.updatePluginResources(new ClassPathResource("log4j.properties").getFile().toPath());
assertThat(labelProvider.get(Locale.ENGLISH, "LessonCompleted"), CoreMatchers.equalTo(
"Congratulations. You have successfully completed this lesson."));
assertThat(labelProvider.get(Locale.ENGLISH, "log4j.appender.CONSOLE.Target"), CoreMatchers.equalTo(
"System.out"));
}
}

7
webgoat-container/src/test/resources/log4j.properties
View File

@ -1,7 +0,0 @@
log4j.rootLogger=DEBUG, CONSOLE
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.Target=System.out
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.conversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p - %m%n

11
webgoat-lessons/pom.xml
View File

@ -44,7 +44,7 @@
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>copy-artifact</id>
<id>copy-artifact-src</id>
<phase>package</phase>
<goals>
<goal>copy</goal>
@ -62,14 +62,9 @@
<outputDirectory>../../webgoat-container/src/main/resources/plugin_lessons</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<!-- Below is for development this will be picked up automatically by Spring and it will restart the container -->
<execution>
<id>copy-artifact</id>
<id>copy-artifact-target</id>
<phase>package</phase>
<goals>
<goal>copy</goal>