Fully working WebGoat after migrating to Spring Boot.
This commit is contained in:
Nanne Baars
@ -8,4 +8,15 @@ server.error.include-stacktrace=always
|
||||
logging.level.org.springframework=DEBUG
|
||||
logging.level.org.hibernate=ERROR
|
||||
spring.thymeleaf.cache=false
|
||||
security.enable-csrf=false
|
||||
security.enable-csrf=false
|
||||
|
||||
webgoat.build.version=@project.version@
|
||||
webgoat.email=webgoat@owasp.org
|
||||
webgoat.emaillist=owasp-webgoat@lists.owasp.org
|
||||
webgoat.feedback.address=webgoat@owasp.org
|
||||
webgoat.feedback.address.html=<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>
|
||||
webgoat.database.driver=org.hsqldb.jdbcDriver
|
||||
webgoat.database.connection.string=jdbc:hsqldb:mem:test
|
||||
# TODO_NB
|
||||
#webgoat.database.connection.string=jdbc:hsqldb:mem:${USER}
|
||||
webgoat.default.language=en
|
||||
|
||||
@ -0,0 +1,39 @@
|
||||
define([
|
||||
'backbone'],
|
||||
function(
|
||||
Backbone) {
|
||||
return Backbone.Model.extend({
|
||||
id: 'label-status',
|
||||
url: 'service/debug/labels.mvc',
|
||||
|
||||
label: '',
|
||||
labels: {
|
||||
enable: 'Enable label debugging',
|
||||
disable: 'Disable label debugging'
|
||||
},
|
||||
|
||||
initialize: function() {
|
||||
this.load();
|
||||
},
|
||||
|
||||
fetch: function(options) {
|
||||
options || (options = {});
|
||||
var data = (options.data || {});
|
||||
if(this.enabled != undefined) {
|
||||
options.data = { enabled: !this.enabled };
|
||||
}
|
||||
return Backbone.Collection.prototype.fetch.call(this, options);
|
||||
},
|
||||
|
||||
load: function () {
|
||||
this.fetch().then(this.labelStatusLoaded.bind(this));
|
||||
},
|
||||
|
||||
labelStatusLoaded: function(data) {
|
||||
this.enabled = data.enabled;
|
||||
this.label = this.enabled ? this.labels['disable'] : this.labels['enable'];
|
||||
this.trigger('plugins:loaded', this, data);
|
||||
}
|
||||
|
||||
});
|
||||
});
|
||||
@ -0,0 +1,13 @@
|
||||
define(['jquery',
|
||||
'underscore',
|
||||
'backbone'],
|
||||
function ($,
|
||||
_,
|
||||
Backbone) {
|
||||
return Backbone.Model.extend({
|
||||
url: 'service/lessonprogress.mvc',
|
||||
completed: function () {
|
||||
this.fetch();
|
||||
}
|
||||
});
|
||||
});
|
||||
@ -0,0 +1,19 @@
|
||||
define([
|
||||
'backbone'],
|
||||
function(
|
||||
Backbone) {
|
||||
return Backbone.Model.extend({
|
||||
url: 'service/reloadplugins.mvc',
|
||||
id: 'reload-plugins',
|
||||
label: 'Reload plugins',
|
||||
|
||||
load: function () {
|
||||
this.fetch().then(this.pluginsLoaded.bind(this));
|
||||
},
|
||||
|
||||
pluginsLoaded: function(data) {
|
||||
this.trigger('plugins:loaded', this, data);
|
||||
}
|
||||
|
||||
});
|
||||
});
|
||||
@ -0,0 +1,77 @@
|
||||
define(['jquery',
|
||||
'underscore',
|
||||
'backbone',
|
||||
'goatApp/model/PluginReloadModel',
|
||||
'goatApp/model/LabelDebugModel'],
|
||||
function(
|
||||
$,
|
||||
_,
|
||||
Backbone,
|
||||
PluginReloadModel,
|
||||
LabelDebugModel) {
|
||||
return Backbone.View.extend({
|
||||
el: '#developer-controls',
|
||||
|
||||
onControlClick: function(model) {
|
||||
$('#' + model.id).find('td').text('Loading...');
|
||||
model.load();
|
||||
},
|
||||
|
||||
onPluginsLoaded: function(model) {
|
||||
window.location.href = 'welcome.mvc';
|
||||
},
|
||||
|
||||
onLabelsLoaded: function(model) {
|
||||
this.models[1] = model;
|
||||
this.render();
|
||||
Backbone.history.loadUrl(Backbone.history.getFragment());
|
||||
},
|
||||
|
||||
initialize: function(options) {
|
||||
this.addMenuListener();
|
||||
this.models = [new PluginReloadModel(), new LabelDebugModel()];
|
||||
this.listenTo(this.models[0], 'plugins:loaded', this.onPluginsLoaded);
|
||||
this.listenTo(this.models[1], 'plugins:loaded', this.onLabelsLoaded);
|
||||
this.render();
|
||||
},
|
||||
|
||||
addMenuListener: function() {
|
||||
var showHandler = function(e) {
|
||||
e.preventDefault();
|
||||
$('#developer-control-container').show();
|
||||
$(this).text('Hide developer controls').off().on('click', hideHandler);
|
||||
};
|
||||
|
||||
var hideHandler = function(e) {
|
||||
e.preventDefault();
|
||||
$('#developer-control-container').hide();
|
||||
$(this).text('Show developer controls').off().on('click', showHandler);
|
||||
};
|
||||
|
||||
$('a[href="#developer-controls"]').click(showHandler);
|
||||
},
|
||||
|
||||
render: function() {
|
||||
this.$el.html('');
|
||||
var table = $('<table>',{'class':'developer-controls-table table-nonfluid'});
|
||||
var self = this;
|
||||
_.each(this.models, function(model) {
|
||||
var newRow = $('<tr>', { id: model.id });
|
||||
var headerCell = $('<th>')
|
||||
var statusCell = $('<td>')
|
||||
|
||||
var link = $('<a>', {
|
||||
'text': model.label,
|
||||
'title': model.label
|
||||
});
|
||||
link.click(_.bind(self.onControlClick, self, model));
|
||||
|
||||
newRow.append(headerCell.append(link));
|
||||
newRow.append(statusCell);
|
||||
table.append(newRow);
|
||||
});
|
||||
|
||||
this.$el.append(table);
|
||||
}
|
||||
});
|
||||
});
|
||||
@ -0,0 +1,26 @@
|
||||
define(['jquery',
|
||||
'underscore',
|
||||
'backbone',
|
||||
'goatApp/model/LessonProgressModel'],
|
||||
function ($,
|
||||
_,
|
||||
Backbone,
|
||||
LessonProgressModel) {
|
||||
return Backbone.View.extend({
|
||||
el: '#lesson-progress',
|
||||
initialize: function (lessonProgressModel) {
|
||||
this.model = lessonProgressModel;
|
||||
|
||||
if (this.model) {
|
||||
this.listenTo(this.model, 'change', this.render);
|
||||
}
|
||||
},
|
||||
render: function () {
|
||||
if (this.model.get("lessonCompleted")) {
|
||||
this.$el.html(this.model.get('successMessage'));
|
||||
} else {
|
||||
this.$el.html("");
|
||||
}
|
||||
}
|
||||
});
|
||||
});
|
||||
@ -1,42 +1,46 @@
|
||||
<!DOCTYPE html>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
|
||||
<html xmlns:th="http://www.thymeleaf.org">
|
||||
|
||||
<div class="modal-content">
|
||||
<body>
|
||||
<div th:fragment="about" class="modal-content">
|
||||
<div class="modal-header">
|
||||
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
|
||||
<h3 class="modal-title" id="myModalLabel">About WebGoat - Provided by the OWASP Foundation</h3>
|
||||
</div>
|
||||
<div class="modal-body modal-scroll">
|
||||
<p>Thanks for hacking The Goat!</p>
|
||||
<p>Thanks for hacking The Goat!</p>
|
||||
|
||||
<p>WebGoat is a demonstration of common web application flaws. The
|
||||
associated exercises are intended to provide hands-on experience with
|
||||
techniques aimed at demonstrating and testing application penetration.
|
||||
</p>
|
||||
|
||||
<p>From the entire WebGoat team, we appreciate your interest and efforts
|
||||
in making applications not just better, but safer and more secure for
|
||||
everyone. We, as well as our sacrificial goat, thank you.</p>
|
||||
|
||||
<p>
|
||||
Version: ${version}, Build: ${build}
|
||||
Version: <span th:text="${@environment.getProperty('webgoat.build.version')}"></span>
|
||||
</p>
|
||||
|
||||
<div class="row">
|
||||
<div class="col-md-6">
|
||||
<p>Contact us:
|
||||
<ul>
|
||||
<li>WebGoat mailing list: ${emailList}</li>
|
||||
<li>Bruce Mayhew: ${contactEmail}</li>
|
||||
<li>WebGoat mailing list: <span th:text="${@environment.getProperty('webgoat.emaillist')}"></span></li>
|
||||
<li>Bruce Mayhew: <span th:text="${@environment.getProperty('webgoat.email')}"></span></li>
|
||||
</ul>
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-md-6">
|
||||
<p>WebGoat Authors
|
||||
<ul>
|
||||
<li>Bruce Mayhew (Author & Project Lead)</li>
|
||||
<li>Jeff Williams (Author & Original Idea)</li>
|
||||
<li>Jason White (Architect)</li>
|
||||
<li>Nanne Baars (Plugin Architecture)</li>
|
||||
<li>Bruce Mayhew (Author & Project Lead)</li>
|
||||
<li>Jeff Williams (Author & Original Idea)</li>
|
||||
<li>Jason White (Architect)</li>
|
||||
<li>Nanne Baars (Plugin Architecture)</li>
|
||||
<li>Richard Lawson (Architect)</li>
|
||||
</ul>
|
||||
</p>
|
||||
@ -44,11 +48,11 @@
|
||||
<div class="col-md-6">
|
||||
<p>Active Contributors
|
||||
<ul>
|
||||
<li>Nanne Baars (Developer)</li>
|
||||
<li>Jason White (Developer)</li>
|
||||
<li>Doug Morato (Developer & CI)</li>
|
||||
<li>Jeff Wayman (Docs)</li>
|
||||
<li>Bruce Mayhew (Developer)</li>
|
||||
<li>Nanne Baars (Developer)</li>
|
||||
<li>Jason White (Developer)</li>
|
||||
<li>Doug Morato (Developer & CI)</li>
|
||||
<li>Jeff Wayman (Docs)</li>
|
||||
<li>Bruce Mayhew (Developer)</li>
|
||||
<li>Michael Dever (Developer)</li>
|
||||
</ul>
|
||||
</p>
|
||||
@ -58,18 +62,20 @@
|
||||
<div class="col-md-6">
|
||||
<p>WebGoat Design Team (Active)
|
||||
<ul>
|
||||
<li>Nanne Baars (Plugin Architecture)</li>
|
||||
<li>Bruce Mayhew (Goat Herder)</li>
|
||||
<li>Jeff Wayman (Website and Docs)</li>
|
||||
<li>Jason White (User Interface)</li>
|
||||
<li>Nanne Baars (Plugin Architecture)</li>
|
||||
<li>Bruce Mayhew (Goat Herder)</li>
|
||||
<li>Jeff Wayman (Website and Docs)</li>
|
||||
<li>Jason White (User Interface)</li>
|
||||
</ul>
|
||||
</p><br/>
|
||||
|
||||
<p>Corporate Sponsorship - Companies that have donated significant time to WebGoat development
|
||||
<ul>
|
||||
<li>Aspect Security</li>
|
||||
<li>Ounce Labs</li>
|
||||
</ul>
|
||||
</p><br/>
|
||||
|
||||
<p>Did we miss you? Our sincere apologies, as we know there have
|
||||
been many contributors over the years. If your name does not
|
||||
appear in any of the lists above, please send us a note. We'll
|
||||
@ -110,3 +116,5 @@
|
||||
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
@ -1 +1,9 @@
|
||||
<h1>Lesson content</h1>
|
||||
<!DOCTYPE html>
|
||||
<html xmlns:th="http://www.thymeleaf.org">
|
||||
|
||||
<div id="lessonInstructions" th:utext="${instructions}"></div>
|
||||
<div id="message" class="info" th:text="${message}"></div>
|
||||
<br/>
|
||||
<div th:utext="${lesson.content}"></div>
|
||||
</html>
|
||||
|
||||
|
||||
@ -99,12 +99,17 @@
|
||||
<div class="col-md-8">
|
||||
<div class="col-md-12" align="left">
|
||||
<div class="panel" id="help-controls">
|
||||
<button class="btn btn-primary btn-xs btn-danger help-button" id="show-source-button">Show Source
|
||||
<button class="btn btn-primary btn-xs btn-danger help-button" id="show-source-button">Show
|
||||
Source
|
||||
</button>
|
||||
<button class="btn btn-primary btn-xs btn-danger help-button" id="show-solution-button">Show Solution
|
||||
<button class="btn btn-primary btn-xs btn-danger help-button" id="show-solution-button">Show
|
||||
Solution
|
||||
</button>
|
||||
<button class="btn btn-primary btn-xs btn-danger help-button" id="show-plan-button">Show Plan</button>
|
||||
<button class="btn btn-primary btn-xs btn-danger help-button" id="show-hints-button">Show Hints
|
||||
<button class="btn btn-primary btn-xs btn-danger help-button" id="show-plan-button">Show
|
||||
Plan
|
||||
</button>
|
||||
<button class="btn btn-primary btn-xs btn-danger help-button" id="show-hints-button">Show
|
||||
Hints
|
||||
</button>
|
||||
<button class="btn btn-xs help-button" id="restart-lesson-button">Restart Lesson</button>
|
||||
</div>
|
||||
@ -192,10 +197,7 @@
|
||||
<!-- About WebGoat Modal -->
|
||||
<div class="modal" id="about-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
|
||||
<div class="modal-dialog modal-lg">
|
||||
<div class="modal-content">
|
||||
<!-- TODO@NB
|
||||
<jsp:include page="../pages/about.jsp"/> -->
|
||||
</div>
|
||||
<div class="modal-content" th:replace="about :: about"></div>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
|
||||
Reference in New Issue
Block a user