Updating README and moving webapp dir to old
This commit is contained in:
Nanne Baars
parent
289da771c9
commit
9066e45725
34
README.MD
34
README.MD
@ -44,15 +44,15 @@ first thing that all hackers claim.*
|
||||
# Easy Run ( For non-developers )
|
||||
|
||||
Every successful build of the WebGoat Lessons Container and the WebGoat Lessons in our Continuous Integration Server
|
||||
creates an "Easy Run" Executable JAR file, which contains the WebGoat Lessons Server, the lessons and a embedded Tomcat server.
|
||||
creates an "Easy Run" Executable WAR file, which contains the WebGoat Lessons Server, the lessons and a embedded Tomcat server.
|
||||
|
||||
You can check for the "Last Modified" date of our "Easy Run" jar file [HERE](http://webgoat-war.s3-website-us-east-1.amazonaws.com/)
|
||||
You can check for the "Last Modified" date of our "Easy Run" war file [HERE](http://webgoat-war.s3-website-us-east-1.amazonaws.com/)
|
||||
|
||||
The "Easy Run" JAR file offers a no hassle approach to testing and running WebGoat. Follow these instructions if you
|
||||
wish to simply try/test/run the current development version of WebGoat
|
||||
|
||||
### Prerequisites:
|
||||
* Java VM >= 1.6 installed ( JDK 1.7 recommended)
|
||||
* Java VM 1.8 installed
|
||||
|
||||
## Easy Run Instructions:
|
||||
|
||||
@ -65,7 +65,7 @@ https://s3.amazonaws.com/webgoat-war/webgoat-container-7.0.1-war-exec.jar
|
||||
Open a command shell/window, browse to where you downloaded the easy run jar and type:
|
||||
|
||||
```Shell
|
||||
java -jar webgoat-container-7.0.1-war-exec.jar
|
||||
java -jar webgoat-container-7.0.1.war
|
||||
```
|
||||
|
||||
#### 3. Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and happy hacking !
|
||||
@ -82,8 +82,8 @@ Follow these instructions if you wish to run Webgoat and modify the source code
|
||||
|
||||
### Prerequisites:
|
||||
|
||||
* Java >= 1.6 ( JDK 1.7 recommended )
|
||||
* Maven > 2.0.9
|
||||
* Java 8
|
||||
* Maven > 3.2.1
|
||||
* Your favorite IDE, with Maven awareness: Netbeans/IntelliJ/Eclipse with m2e installed.
|
||||
* Git, or Git support in your IDE
|
||||
|
||||
@ -136,19 +136,19 @@ The __maven tomcat7:run-war__ goal runs the project in an embedded tomcat:
|
||||
|
||||
```Shell
|
||||
cd WebGoat
|
||||
mvn -pl webgoat-container tomcat7:run-war
|
||||
mvn -pl webgoat-container spring-boot:run
|
||||
```
|
||||
|
||||
Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and happy hacking !
|
||||
|
||||
#### Option #2: Java executable JAR
|
||||
The __maven package__ goal generates an executable .jar file:
|
||||
The __maven install__ goal generates an executable .war file:
|
||||
|
||||
```Shell
|
||||
cd WebGoat
|
||||
mvn package
|
||||
cd webgoat-container/target
|
||||
java -jar webgoat-container-7.1-SNAPSHOT-war-exec.jar http://localhost:8080/WebGoat
|
||||
java -jar webgoat-container-7.1-SNAPSHOT.war
|
||||
```
|
||||
|
||||
Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and happy hacking !
|
||||
@ -168,18 +168,10 @@ Browse to [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat) and hap
|
||||
|
||||
## Reloading plugins and lessons
|
||||
|
||||
If you want to __reload all the plugin and lessons__, open a new browser tab and visit the following url:
|
||||
|
||||
[http://localhost:8080/WebGoat/service/reloadplugins.mvc](http://localhost:8080/WebGoat/service/reloadplugins.mvc)
|
||||
|
||||
After the plugin reload is complete, _reloading a message_ will appear and you can refresh the __main WebGoat browser tab__.
|
||||
If you want to __reload all the plugin and lessons__, open up the developer tools available from the info menu. This will
|
||||
show an extra set of links below the cookie overview.
|
||||
|
||||
## Debugging label properties
|
||||
|
||||
To be able to see which labels are loaded through a property file, open a new browser tab and visit the following url:
|
||||
|
||||
[http://localhost:8080/WebGoat/service/debug/labels.mvc](http://localhost:8080/WebGoat/service/debug/labels.mvc)
|
||||
|
||||
Switch back to the main WebGoat broswer tab and __reload the main WebGoat browser tab__.
|
||||
|
||||
After the reload is complete, all labels which where loaded from a property file will be __marked green__.
|
||||
To be able to see which labels are loaded through a property file, open up the developer tools avalailable from the info menu
|
||||
After the reload is complete, all labels which are loaded from a property file will be __marked green__.
|
||||
|
||||
1
pom.xml
1
pom.xml
@ -152,7 +152,6 @@
|
||||
<maven-release-plugin.version>2.5.2</maven-release-plugin.version>
|
||||
<maven-source-plugin.version>2.4</maven-source-plugin.version>
|
||||
<maven-surefire-plugin.version>2.19</maven-surefire-plugin.version>
|
||||
<maven-war-plugin.version>2.6</maven-war-plugin.version>
|
||||
<nexus-staging-maven-plugin.version>1.6.6</nexus-staging-maven-plugin.version>
|
||||
<sauce_junit.version>2.1.20</sauce_junit.version>
|
||||
<selenium-java.version>2.48.2</selenium-java.version>
|
||||
|
||||
@ -39,7 +39,7 @@
|
||||
<attachArtifactClassifier>exec</attachArtifactClassifier>
|
||||
<contextReloadable>true</contextReloadable>
|
||||
<useSeparateTomcatClassLoader>true</useSeparateTomcatClassLoader>
|
||||
<contextFile>${project.basedir}/src/main/webapp/WEB-INF/context.xml</contextFile>
|
||||
<contextFile>${project.basedir}/src/main/old/WEB-INF/context.xml</contextFile>
|
||||
</configuration>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
@ -147,77 +147,6 @@
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-war-plugin</artifactId>
|
||||
<version>${maven-war-plugin.version}</version>
|
||||
<configuration>
|
||||
<!-- archiving the classes breaks the admin screen loads in course.java
|
||||
the legacy lesson loader does not look in jar files for lessons -->
|
||||
<archiveClasses>false</archiveClasses>
|
||||
<archive>
|
||||
<manifest>
|
||||
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
|
||||
</manifest>
|
||||
<manifestEntries>
|
||||
<Specification-Title>${project.name}</Specification-Title>
|
||||
<Specification-Version>${project.version}</Specification-Version>
|
||||
<Implementation-Version>${build.number}</Implementation-Version>
|
||||
</manifestEntries>
|
||||
</archive>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>build-helper-maven-plugin</artifactId>
|
||||
<version>${build-helper-maven-plugin.version}</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>attach-artifacts</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>attach-artifact</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<artifacts>
|
||||
<artifact>
|
||||
<file>${project.build.directory}/webgoat-container-${project.version}.jar</file>
|
||||
</artifact>
|
||||
</artifacts>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.tomcat.maven</groupId>
|
||||
<artifactId>tomcat7-maven-plugin</artifactId>
|
||||
<version>2.3-SNAPSHOT</version>
|
||||
<configuration>
|
||||
<server>local_tomcat</server>
|
||||
<url>http://localhost:8080/manager/text</url>
|
||||
<path>/WebGoat</path>
|
||||
<attachArtifactClassifier>exec</attachArtifactClassifier>
|
||||
<contextReloadable>true</contextReloadable>
|
||||
<useSeparateTomcatClassLoader>true</useSeparateTomcatClassLoader>
|
||||
<contextFile>${project.basedir}/src/main/webapp/WEB-INF/context.xml</contextFile>
|
||||
</configuration>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.owasp.webgoat</groupId>
|
||||
<artifactId>webgoat-container</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>tomcat-run</id>
|
||||
<goals>
|
||||
<goal>exec-war-only</goal>
|
||||
</goals>
|
||||
<phase>package</phase>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-surefire-plugin</artifactId>
|
||||
@ -276,11 +205,6 @@
|
||||
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
|
||||
<version>2.1.2.RELEASE</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.xeustechnologies</groupId>
|
||||
<artifactId>jcl-core</artifactId>
|
||||
<version>2.7</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.activation</groupId>
|
||||
<artifactId>activation</artifactId>
|
||||
@ -311,52 +235,6 @@
|
||||
<artifactId>axis-ant</artifactId>
|
||||
<version>${axis-ant.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.commons</groupId>
|
||||
<artifactId>commons-lang3</artifactId>
|
||||
<version>${commons-lang3.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-io</groupId>
|
||||
<artifactId>commons-io</artifactId>
|
||||
<version>${commons-io.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-collections</groupId>
|
||||
<artifactId>commons-collections</artifactId>
|
||||
<version>${commons-collections.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-digester</groupId>
|
||||
<artifactId>commons-digester</artifactId>
|
||||
<version>${commons-digester.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>xml-apis</groupId>
|
||||
<artifactId>xml-apis</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<!--<dependency>-->
|
||||
<!--<groupId>commons-logging</groupId>-->
|
||||
<!--<artifactId>commons-logging</artifactId>-->
|
||||
<!--<version>${commons-logging.version}</version>-->
|
||||
<!--</dependency>-->
|
||||
<!--<dependency>-->
|
||||
<!--<groupId>org.slf4j</groupId>-->
|
||||
<!--<artifactId>jcl-over-slf4j</artifactId>-->
|
||||
<!--<version>${jcl-over-slf4j.version}</version>-->
|
||||
<!--</dependency>-->
|
||||
<dependency>
|
||||
<groupId>commons-discovery</groupId>
|
||||
<artifactId>commons-discovery</artifactId>
|
||||
<version>${commons-discovery.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.mail</groupId>
|
||||
<artifactId>javax.mail-api</artifactId>
|
||||
<version>${mail-api.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>hsqldb</groupId>
|
||||
<artifactId>hsqldb</artifactId>
|
||||
@ -367,11 +245,6 @@
|
||||
<artifactId>wsdl4j</artifactId>
|
||||
<version>${wsdl4j.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>java2html</groupId>
|
||||
<artifactId>j2h</artifactId>
|
||||
<version>${j2h.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>ecs</groupId>
|
||||
<artifactId>ecs</artifactId>
|
||||
@ -382,39 +255,6 @@
|
||||
<artifactId>javax.transaction-api</artifactId>
|
||||
<version>${javax.transaction-api.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>net.sourceforge.jtds</groupId>
|
||||
<artifactId>jtds</artifactId>
|
||||
<version>${jtds.version}</version>
|
||||
</dependency>
|
||||
<!--<dependency>-->
|
||||
<!--<groupId>org.apache.tomcat</groupId>-->
|
||||
<!--<artifactId>tomcat-catalina</artifactId>-->
|
||||
<!--<version>${tomcat-catalina.version}</version>-->
|
||||
<!--<scope>provided</scope>-->
|
||||
<!--</dependency>-->
|
||||
|
||||
|
||||
<!-- ************* spring MVC and related dependencies ************** -->
|
||||
|
||||
<!-- servlet API -->
|
||||
<!--<dependency>-->
|
||||
<!--<groupId>javax</groupId>-->
|
||||
<!--<artifactId>javaee-api</artifactId>-->
|
||||
<!--<version>${javaee-api.version}</version>-->
|
||||
<!--<scope>provided</scope>-->
|
||||
<!--</dependency>-->
|
||||
|
||||
|
||||
<!-- Jackson -->
|
||||
<dependency>
|
||||
<groupId>com.fasterxml.jackson.core</groupId>
|
||||
<artifactId>jackson-core</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.fasterxml.jackson.core</groupId>
|
||||
<artifactId>jackson-databind</artifactId>
|
||||
</dependency>
|
||||
|
||||
<!-- Apache Commons Upload -->
|
||||
<dependency>
|
||||
@ -429,56 +269,7 @@
|
||||
<version>${guava.version}</version>
|
||||
</dependency>
|
||||
|
||||
<!-- JSTL -->
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>jstl</artifactId>
|
||||
<version>${jstl.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>taglibs</groupId>
|
||||
<artifactId>standard</artifactId>
|
||||
<version>${standard.version}</version>
|
||||
</dependency>
|
||||
|
||||
<!--<dependency>-->
|
||||
<!--<groupId>log4j</groupId>-->
|
||||
<!--<artifactId>log4j</artifactId>-->
|
||||
<!--<version>${log4j.version}</version>-->
|
||||
<!--<exclusions>-->
|
||||
<!--<exclusion>-->
|
||||
<!--<groupId>javax.jms</groupId>-->
|
||||
<!--<artifactId>jms</artifactId>-->
|
||||
<!--</exclusion>-->
|
||||
<!--<exclusion>-->
|
||||
<!--<groupId>com.sun.jdmk</groupId>-->
|
||||
<!--<artifactId>jmxtools</artifactId>-->
|
||||
<!--</exclusion>-->
|
||||
<!--<exclusion>-->
|
||||
<!--<groupId>com.sun.jmx</groupId>-->
|
||||
<!--<artifactId>jmxri</artifactId>-->
|
||||
<!--</exclusion>-->
|
||||
<!--</exclusions>-->
|
||||
<!--</dependency>-->
|
||||
<dependency>
|
||||
<groupId>org.apache.tiles</groupId>
|
||||
<artifactId>tiles-core</artifactId>
|
||||
<version>${tiles.version}</version>
|
||||
<type>jar</type>
|
||||
</dependency>
|
||||
<!--<dependency>-->
|
||||
<!--<groupId>org.slf4j</groupId>-->
|
||||
<!--<artifactId>slf4j-api</artifactId>-->
|
||||
<!--<version>${slf4j-api.version}</version>-->
|
||||
<!--<type>jar</type>-->
|
||||
<!--</dependency>-->
|
||||
<!--<dependency>-->
|
||||
<!--<groupId>org.slf4j</groupId>-->
|
||||
<!--<artifactId>slf4j-log4j12</artifactId>-->
|
||||
<!--<version>${slf4j-log4j12.version}</version>-->
|
||||
<!--<type>jar</type>-->
|
||||
<!--</dependency>-->
|
||||
<!-- ************* END spring MVC and related dependencies ************** -->
|
||||
<!-- ************* START: Dependencies for Unit and Integration Testing ************** -->
|
||||
<dependency>
|
||||
|
||||
@ -69,7 +69,7 @@ public class PluginReloadService extends BaseService {
|
||||
String pluginPath = session.getServletContext().getRealPath("plugin_lessons");
|
||||
String targetPath = session.getServletContext().getRealPath("plugin_extracted");
|
||||
//new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).copyJars();
|
||||
webSession.getCourse().loadLessonFromPlugin(session.getServletContext());
|
||||
webSession.getCourse().loadLessonFromPlugin();
|
||||
|
||||
Map<String, Object> result = new HashMap<String, Object>();
|
||||
result.put("success", true);
|
||||
|
||||
@ -1,71 +0,0 @@
|
||||
package org.owasp.webgoat.servlets;
|
||||
|
||||
import java.io.IOException;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
/**
|
||||
* *************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project
|
||||
* utility. For details, please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 20014 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under
|
||||
* the terms of the GNU General Public License as published by the Free Software
|
||||
* Foundation; either version 2 of the License, or (at your option) any later
|
||||
* version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
* details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with
|
||||
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
|
||||
* Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
|
||||
* for free software projects.
|
||||
*
|
||||
* @version $Id: $Id
|
||||
* @author dm
|
||||
*/
|
||||
public class Controller extends HttpServlet {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/** {@inheritDoc} */
|
||||
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
|
||||
doPost(request, response);
|
||||
|
||||
}
|
||||
|
||||
/** {@inheritDoc} */
|
||||
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,
|
||||
IOException {
|
||||
|
||||
String userAgent = request.getHeader("user-agent");
|
||||
|
||||
String clientBrowser = "Not known!";
|
||||
|
||||
if (userAgent != null) {
|
||||
|
||||
clientBrowser = userAgent;
|
||||
|
||||
}
|
||||
|
||||
request.setAttribute("client.browser", clientBrowser);
|
||||
|
||||
request.getRequestDispatcher("/view.jsp").forward(request, response);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@ -321,10 +321,8 @@ public class Course {
|
||||
|
||||
/**
|
||||
* <p>loadLessonFromPlugin.</p>
|
||||
*
|
||||
* @param context a {@link javax.servlet.ServletContext} object.
|
||||
*/
|
||||
public void loadLessonFromPlugin(ServletContext context) {
|
||||
public void loadLessonFromPlugin() {
|
||||
Resource resource = new ClassPathResource("/plugin_lessons/plugin_lessons_marker.txt");
|
||||
String pluginPath = null;
|
||||
String targetPath = null;
|
||||
@ -380,7 +378,7 @@ public class Course {
|
||||
public void loadCourses(WebgoatContext webgoatContext, ServletContext context, String path) {
|
||||
logger.info("Loading courses: " + path);
|
||||
this.webgoatContext = webgoatContext;
|
||||
loadLessonFromPlugin(context);
|
||||
loadLessonFromPlugin();
|
||||
LegacyLoader loader = new LegacyLoader();
|
||||
lessons.addAll(loader.loadLessons(webgoatContext, context, path, properties));
|
||||
}
|
||||
|
||||
Binary file not shown.
BIN
webgoat-container/src/main/old/plugin_lessons/common-1.0.jar
Normal file
BIN
webgoat-container/src/main/old/plugin_lessons/common-1.0.jar
Normal file
Binary file not shown.
Binary file not shown.
BIN
webgoat-container/src/main/old/plugin_lessons/csrf-1.0.jar
Normal file
BIN
webgoat-container/src/main/old/plugin_lessons/csrf-1.0.jar
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -164,7 +164,7 @@ developer_bootstrap() {
|
||||
horizontal_rule
|
||||
echo "$COL_MAGENTA"
|
||||
echo "$COL_CYAN ***** Starting WebGoat using the embedded Tomcat ***** $COL_RESET"
|
||||
echo " Please be patient.... The startup of the server can take from 30s to 3 minutes."
|
||||
echo " Please be patient.... The startup of the server takes about 5 seconds..."
|
||||
echo " WebGoat will be ready for you when you see the following message on the command prompt:"
|
||||
echo "$COL_YELLOW INFO: Starting ProtocolHandler ["http-bio-8080"] $COL_RESET"
|
||||
echo "$COL_CYAN When you see the message above, open a web browser and navigate to http://localhost:8080/WebGoat/ $COL_RESET"
|
||||
@ -179,7 +179,7 @@ developer_bootstrap() {
|
||||
sleep 5
|
||||
|
||||
# Starting WebGoat
|
||||
mvn -q -DskipTests -file WebGoat/pom.xml -pl webgoat-container tomcat7:run-war
|
||||
mvn -q -pl webgoat-container spring-boot:run
|
||||
}
|
||||
|
||||
# Start main script
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user