diff --git a/.travis.yml b/.travis.yml index ca5df44d9..f629b4182 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,37 @@ language: java + jdk: - oraclejdk7 -install: /bin/true + - oraclejdk8 + +install: "/bin/true" + script: - - mvn clean install \ No newline at end of file + - mvn clean package install + +before_deploy: + - export WEBGOAT_ARTIFACT_VERSION=$(grep "" $HOME/build/$TRAVIS_REPO_SLUG/pom.xml | cut -d ">" -f 2 | cut -d "<" -f 1) + - export WEBGOAT_JAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.jar + - export WEBGOAT_JAR_EXEC_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION-war-exec.jar + - export WEBGOAT_WAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.war + - export WEBGOAT_ARTIFACTS_FOLDER=$HOME/build/$TRAVIS_REPO_SLUG/Deployable_Artifacts/ + - mkdir $WEBGOAT_ARTIFACTS_FOLDER + - mv $WEBGOAT_JAR_EXEC_FILE $WEBGOAT_ARTIFACTS_FOLDER + - mv $WEBGOAT_JAR_FILE $WEBGOAT_ARTIFACTS_FOLDER + - mv $WEBGOAT_WAR_FILE $WEBGOAT_ARTIFACTS_FOLDER + - echo "Contents of artifcts folder:" + - ls $WEBGOAT_ARTIFACTS_FOLDER + +deploy: + provider: s3 + access_key_id: AKIAJQLKPGHXRH2AH5QA + secret_access_key: + secure: Ru994ZN5RNxO3VgKWP1tudOrjhoTl8KoanG7+xgfJF2n/pq8JKz0A8y2CmPKwrm0d5Dr0x3MNev6GUQK25c9IZCjB6ePdlMD+IR102NU8TC9rjnei0nWj8R/TYVNZRxJvrJnHzrR11Vst5cIJUu8Z5LC0XW3FK+NWivobgSEd5/QbMVt/37JRjjOrNqUjGGlsZwvauCOBh5yO0fvS13Msrz1fMFgG/jza537VytcWGgcYY6e2dvSKr8JddSxdqx+PUb8vzi3mKO/NHVDlmCuzTBHzeTTIifEBOhvyZHSrj9jPqVtK/RF94dH9ALG4h15ca6jMc6x9UIclekP7gy+NeOpQYEDquPfY28Rendx952AzS0uVZFOOG34OGafVm3v4mpJ4YJjJP52cJ2XzkgO7CCOT3BfqE1qfnrXDVJ9myazoCM3vQIyLVZzFlxt3mRb39d5ucGzrWMOfJIU6igzDvwuedRjJUQhuBcoR+aRJBEjsLb55vAcHsI8uR4olVFTJtDWs8o/5/ocI53jTvG8GDIgjbBexoid9EZdz62dvQdj/P1MGS21Xt9Z218mbMmiNayAY3dX+5soBpMKXd2sHQPwWjwKkRg0OqNiYcXBD31qs8aHmdQsqE6lHPQ7nWXIkEmvDsEz8hdTgjcteJPMTNGCAD86ntav7KCJ+QVLpCQ= + bucket: "webgoat-war" + skip_cleanup: true + acl: public_read + local_dir: $WEBGOAT_ARTIFACTS_FOLDER + on: + repo: WebGoat/WebGoat + branch: master + jdk: oraclejdk8 diff --git a/README.MD b/README.MD index ff2dc00dc..d606408b4 100644 --- a/README.MD +++ b/README.MD @@ -34,92 +34,105 @@ you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.* -You can find more information about WebGoat at: -(https://github.com/WebGoat/) - - # Easy Run Instructions ( For non-developers ) -**Note - Use WebGoat-Legacy for a stable build** +**Note - Use [WebGoat-Legacy](https://github.com/WebGoat/WebGoat-Legacy) for a stable build** Follow these instructions if you simply wish to run WebGoat -**Prerequisites:** +### Prerequisites: -Java VM >= 1.6 installed ( JDK 1.7 recommended) +* Java VM >= 1.6 installed ( JDK 1.7 recommended) 1. Download the executable jar file which contains all the lessons: - (https://github.com/WebGoat/WebGoat/releases/**TBD**/WebGoat-6.0.1-war-exec.jar) + https://s3.amazonaws.com/webgoat-war/webgoat-container-7.0-SNAPSHOT-war-exec.jar 2. Run it using java: ```Shell -$ java -jar WebGoat-6.0-exec-war.jar +$ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar ``` 3. Then navigate in your browser to: (http://localhost:8080/WebGoat) -4. If you would like to change the port or other options, use: +4.(Optional) If you would like to change the port or other options, use: ```Shell -$ java -jar WebGoat-6.0-exec-war.jar --help +$ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar --help ``` # For Developers Follow these instructions if you wish to run Webgoat and modify the source code as well. -**Prerequisites:** -/ +### Prerequisites: + * Java >= 1.6 ( JDK 1.7 recommended ) * Maven > 2.0.9 * Your favorite IDE, with Maven awareness: Netbeans/IntelliJ/Eclipse with m2e installed. * Git, or Git support in your IDE -**Note:** WebGoat source code can be downloaded at: (https://github.com/WebGoat/WebGoat). +#### Cloning the Lesson Server and the Lessons project: - -**Building the project (Developers)** - -Using a command shell/window: +Open a command shell/window, navigate to where you wish to download the source and type: ```Shell -$ mvn clean package +$ git clone git@github.com:WebGoat/WebGoat.git +$ git clone git@github.com:WebGoat/WebGoat-Lessons.git ``` -Before you can run the project you need to build some lessons first clone https://github.com/WebGoat/WebGoat-Lessons and run: +#### Now let's start by compiling the WebGoat Lessons server. ```Shell - $ cd WebGoat-Lessons - $ mvn package - $ cp target/plugins/*.jar WebGoat/webgoat-container/target/webgoat-container-6.1.0/plugin_lessons/ +$ cd WebGoat +$ mvn clean compile +$ cd .. ``` +#### Before you can run the project, we need to compile the lessons and copy them over: +** If you don't run this step, you will not have any Lessons to work with!** + +```Shell +$ cd WebGoat-Lessons +$ mvn package +$ cp target/plugins/*.jar ../WebGoat/webgoat-container/target/webgoat-container-7.0-SNAPSHOT/plugin_lessons/ +$ cd .. +``` + +#### Now we are ready to run the project. There are 3 options you can choose from to run the project: + Then you can run the project with one of the steps below (From the WebGoat folder not WebGoat-Lessons): -1. Maven-Tomcat Plugin - using a command shell/window: +#### Option #1: Using the Maven-Tomcat Plugin +The __maven tomcat7:run-war__ goal runs the project in an embedded tomcat: ```Shell +$ cd WebGoat $ mvn -pl webgoat-container tomcat7:run-war ``` -Browse to http://localhost:8080/WebGoat -Maven will run the project in an embedded tomcat. +Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking ! -2. Java JAR - the package phase also builds an executable jar file. You can run it using: +#### Option #2: Java executable JAR +The __maven package__ goal generates an executable .jar file: ```Shell -$ cd target -$ java -jar WebGoat-6.0-exec-war.jar http://localhost:8080/WebGoat +$ cd WebGoat +$ mvn package +$ cd webgoat-container/target +$ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar http://localhost:8080/WebGoat ``` -Browse to http://localhost:8080/WebGoat +Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking ! -3. Tomcat the package phase also builds a war file. You can deploy it using: +#### Option #3: Deploy the WebGoat WAR file in yout local Tomcat or other Application Serve: +The _maven package_ goal generates a .war file that can deployed into an Application Server, such as Tomcat ```Shell -$ cp target/WebGoat-6.0-exec-war.war /webapps/ +$ cd WebGoat +$ mvn package +$ cp webgoat-container/target/webgoat-container-7.0-SNAPSHOT-war-exec.jar /webapps/ ``` + +Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking !