From 7e2b98e78a24755028aa106c49f548fc2047b151 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 16:56:32 -0400 Subject: [PATCH 01/20] Adding Slack badge on the README file --- README.MD | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.MD b/README.MD index ff2dc00dc..ed4a724f7 100644 --- a/README.MD +++ b/README.MD @@ -1,6 +1,8 @@ # WebGoat: A deliberately insecure Web Application [![Build Status](https://travis-ci.org/WebGoat/WebGoat.svg)](https://travis-ci.org/WebGoat/WebGoat) +[![Join the OWASP conversation on Slack](https://owasp.herokuapp.com/badge.svg)](https://owasp.herokuapp.com/) + # Important Information From 62a526f3bb1ca49f9e3aa5aba33f9225c67adfc1 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 17:08:47 -0400 Subject: [PATCH 02/20] updating README to reflect 7.0-SNAPSHOT.war --- README.MD | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.MD b/README.MD index ed4a724f7..0a44ba61d 100644 --- a/README.MD +++ b/README.MD @@ -1,7 +1,7 @@ # WebGoat: A deliberately insecure Web Application [![Build Status](https://travis-ci.org/WebGoat/WebGoat.svg)](https://travis-ci.org/WebGoat/WebGoat) -[![Join the OWASP conversation on Slack](https://owasp.herokuapp.com/badge.svg)](https://owasp.herokuapp.com/) +[![OWASP Slack](https://owasp.herokuapp.com/badge.svg)](https://owasp.herokuapp.com/) # Important Information @@ -57,7 +57,7 @@ Java VM >= 1.6 installed ( JDK 1.7 recommended) 2. Run it using java: ```Shell -$ java -jar WebGoat-6.0-exec-war.jar +$ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar ``` 3. Then navigate in your browser to: (http://localhost:8080/WebGoat) @@ -65,7 +65,7 @@ $ java -jar WebGoat-6.0-exec-war.jar 4. If you would like to change the port or other options, use: ```Shell -$ java -jar WebGoat-6.0-exec-war.jar --help +$ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar --help ``` # For Developers @@ -95,7 +95,7 @@ Before you can run the project you need to build some lessons first clone https: ```Shell $ cd WebGoat-Lessons $ mvn package - $ cp target/plugins/*.jar WebGoat/webgoat-container/target/webgoat-container-6.1.0/plugin_lessons/ + $ cp target/plugins/*.jar WebGoat/webgoat-container/target/webgoat-container-7.0-SNAPSHOT/plugin_lessons/ ``` Then you can run the project with one of the steps below (From the WebGoat folder not WebGoat-Lessons): @@ -114,8 +114,8 @@ Maven will run the project in an embedded tomcat. the package phase also builds an executable jar file. You can run it using: ```Shell -$ cd target -$ java -jar WebGoat-6.0-exec-war.jar http://localhost:8080/WebGoat +$ cd webgoat-container/target +$ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar http://localhost:8080/WebGoat ``` Browse to http://localhost:8080/WebGoat @@ -123,5 +123,5 @@ Browse to http://localhost:8080/WebGoat 3. Tomcat the package phase also builds a war file. You can deploy it using: ```Shell -$ cp target/WebGoat-6.0-exec-war.war /webapps/ +$ cp webgoat-container/target/webgoat-container-7.0-SNAPSHOT-war-exec.jar /webapps/ ``` From 656a37a403bb9879258e67442907743c196883bd Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 17:09:49 -0400 Subject: [PATCH 03/20] Update travis.yml to build for JDK8 and also call the package goal --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index ca5df44d9..0a3ea5494 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,7 @@ language: java jdk: - oraclejdk7 + - oraclejdk8 install: /bin/true script: - - mvn clean install \ No newline at end of file + - mvn clean package install From bab6fab7446d431aae48e0b455adb1cce7249ec4 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 17:28:22 -0400 Subject: [PATCH 04/20] Adding Amazzon S3 .war artifact upload --- .travis.yml | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 0a3ea5494..e96b2f608 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,18 @@ language: java jdk: - - oraclejdk7 - - oraclejdk8 -install: /bin/true +- oraclejdk7 +- oraclejdk8 +install: "/bin/true" script: - - mvn clean package install +- mvn clean package install + +addons: + artifacts: true + paths: + - $HOME/build/dougmorato/WebGoat/webgoat-container/target/webgoat-container-7.0-SNAPSHOT-war-exec.jar + debug: true +env: + global: + - secure: FFaCXoDUwfNWnWIym+qzJ4HznJnp5L/+RaewfOE3fOyispOdDVvvDbTb5LjG+BQ17dEsbMC4qPKIWLSP3Hf8fV6EzYrIztP2RRaRICrDW1JhLbsg+PiBsCPieE5MqMK4hWNE5BxHQ9C00oeQINZc+kw2Lj7FP7kSwCM+TklzhJ3J9kWd3iosSAUXsau6Pfj+TC3PyTbfoeiKP4VIDGKrgLY9ea4aPNm5oSsQ7/me2BhtO0LxQZwtJIbC8RITSQu1LCdUZAqOsLI0olNmWKadWENZSK2ROTBxezrV00vxHjlEwf8z3PrfWOCiSmCVfwS09mMk38sA4GL/zxdiEsQzT8d69fBp/+qVBWZ66ILyqYEJJoWgJ58VQatuolDIW2qCtbx1lnmXKRt7kgf93ilhPLQVlVDsTlfVqKVDPA+EyVHmiPppXqIDNWfBwUj3sJuHVIUw94GioMkzRv97sJf1+9t+03CIQm0Sqlh8fs40t0p0lBY42U7w7SgQA2ieEOATknn3mzWsF5STxV5gRVU37EV6I1eNIaG2NbygoOSbqTQEudZVrekrwAI1H904k/kcK9zbeKkpReFw6tHTDxHE5R1/7dwkCgKzN/dSpOp0cG0hPBEAdlZR6PdF5CrnLKhq53YG0a+k1qZv9v5IGrT5tbWkTHf+Rse6tbQL4rvbK6Y= + - secure: T5UDV8JQC+Px3e6zzV5Dz00hXmG57WP31ocgD+PrDTxX0QxP8jtaRmmA9pjs5fPZFUMGBpaD4j0bHNziRDmza+bO5DcBywglua6LcSdi3o1ROuP4vU2EyT9IMlqfE8mRPdl7d0IlPpszKfA+b8eQlakevE2f6KJN/cYb7JfPh5Rewzlx7cJrwGUcYwirKPr8TbIuRa+LbzPcqxo4knftAX4Cg5CsVCvmpbQfYLjGyyuJx8WnQzAEP6zQK/WAJ+yQ6ZHt4v1VUqZMlTS5z2Vxo1nXID5KDRzb7GuzY602xOCTeZiM+9ZYJv7NZeNv7wKlRV9y/91Xql2IL64fapZhGX4+i5B1YCizxnRX/MY5JK3GsKtVcl4kkuHOJYNh12WIToGIeYV1SvR6JCf5Zp+GqMfjpHQBcoJMZ6c+Zf/GSzzLbwahz7loFuqn3TDIMwCvnmUFBgEOnKLzVzuK0wOOjYxDIfPU+kdmuOeWlP2NhhetsL8jdg70b4tKMlQS1nokUgI0Zkzlv5uvcJiv0bb6OmELkT9Gnc7yb4AP0nIYsfT04seja/sgzk1je+dY6OTLodUHSs3a8fCzaIicVfUM3s0lWo04bK+LefCRCTtsqM3D8JviYOHC7+cP+MGeci0FHbvz93PjEvTQSiYN0dAgStPmGYDKqpJr0geEhYKjlvc= + - secure: y1MlQ1uGl+Zu9liQUMAy0TBdBlX7wjiM/Z+IJzgEcwK3390HxEXTCI48u1HCjOmw7MiKVhGKVAHPQIB6mBfiuVHn5TOVwhNXwvPdJ8Xjt7RPRsyzxgediEDWh18mISPYIaNA3gEyz0dswQ4ZTvDBloZmvHyEE3RjKrjzuG7djnfb5fiMeLZuX0QPPdYC4fvW0cJTdM8UCOBacGJ5XILE1C4IFeLWRsObxUIHum7tUaFcln6tprcLyDb2eXoacVNjDqzMJoMYlQPh2vAJ4gpJ/ZBP4J4f1n97Q4HlhyREoytFwtOd3BhIS4ZnB8dhNFOQoaxOr/WYzMjMoTN2l8l+RL/4c37A6OHhf3qxiXmI/UaxW/QRF17MASjCyFgugnwseLPOrCUZ1pRGvi6NR7+EFOrcaMuZfJ1CmyqvNj2g2hGCm3G81wtfyWJHqXJCc+umdjGFRWOQU960BccREA0woRURpELcrXvSslYOMJnVJM23jPJ9/yL0zAx3jvSOLAMuNnTa9bl0nZ672r0Rwrtay6W57NJwmAknAn8zBL8vgqtqytvoKYIGZVZCinFnjom1NR6wx/sDRe3uE2cJf7bS7v9PrZ8hto8wkoqQ5VerbYxVglVnjgOI4VqX27r4BFuGNcyw4JlNwybr1PxAU0wI3SF/VzVdgZ+orPeIB+kDfOA= From 03f3851a2bfa80508c12f828d848f37e5cb34394 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 18:35:03 -0400 Subject: [PATCH 05/20] Updating .war file download link to Amazon S3 --- README.MD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.MD b/README.MD index 0a44ba61d..cec40f9c7 100644 --- a/README.MD +++ b/README.MD @@ -52,7 +52,7 @@ Java VM >= 1.6 installed ( JDK 1.7 recommended) 1. Download the executable jar file which contains all the lessons: - (https://github.com/WebGoat/WebGoat/releases/**TBD**/WebGoat-6.0.1-war-exec.jar) + https://s3.amazonaws.com/webgoat-war/webgoat-container-7.0-SNAPSHOT-war-exec.jar 2. Run it using java: From 5f58bf40aefcf7b9d2ee680dc70f2d292196a55d Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 18:46:55 -0400 Subject: [PATCH 06/20] Fix Amazon S3 settings for Travis --- .travis.yml | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/.travis.yml b/.travis.yml index e96b2f608..51139a80b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,14 +5,18 @@ jdk: install: "/bin/true" script: - mvn clean package install - addons: - artifacts: true - paths: - - $HOME/build/dougmorato/WebGoat/webgoat-container/target/webgoat-container-7.0-SNAPSHOT-war-exec.jar - debug: true -env: - global: - - secure: FFaCXoDUwfNWnWIym+qzJ4HznJnp5L/+RaewfOE3fOyispOdDVvvDbTb5LjG+BQ17dEsbMC4qPKIWLSP3Hf8fV6EzYrIztP2RRaRICrDW1JhLbsg+PiBsCPieE5MqMK4hWNE5BxHQ9C00oeQINZc+kw2Lj7FP7kSwCM+TklzhJ3J9kWd3iosSAUXsau6Pfj+TC3PyTbfoeiKP4VIDGKrgLY9ea4aPNm5oSsQ7/me2BhtO0LxQZwtJIbC8RITSQu1LCdUZAqOsLI0olNmWKadWENZSK2ROTBxezrV00vxHjlEwf8z3PrfWOCiSmCVfwS09mMk38sA4GL/zxdiEsQzT8d69fBp/+qVBWZ66ILyqYEJJoWgJ58VQatuolDIW2qCtbx1lnmXKRt7kgf93ilhPLQVlVDsTlfVqKVDPA+EyVHmiPppXqIDNWfBwUj3sJuHVIUw94GioMkzRv97sJf1+9t+03CIQm0Sqlh8fs40t0p0lBY42U7w7SgQA2ieEOATknn3mzWsF5STxV5gRVU37EV6I1eNIaG2NbygoOSbqTQEudZVrekrwAI1H904k/kcK9zbeKkpReFw6tHTDxHE5R1/7dwkCgKzN/dSpOp0cG0hPBEAdlZR6PdF5CrnLKhq53YG0a+k1qZv9v5IGrT5tbWkTHf+Rse6tbQL4rvbK6Y= - - secure: T5UDV8JQC+Px3e6zzV5Dz00hXmG57WP31ocgD+PrDTxX0QxP8jtaRmmA9pjs5fPZFUMGBpaD4j0bHNziRDmza+bO5DcBywglua6LcSdi3o1ROuP4vU2EyT9IMlqfE8mRPdl7d0IlPpszKfA+b8eQlakevE2f6KJN/cYb7JfPh5Rewzlx7cJrwGUcYwirKPr8TbIuRa+LbzPcqxo4knftAX4Cg5CsVCvmpbQfYLjGyyuJx8WnQzAEP6zQK/WAJ+yQ6ZHt4v1VUqZMlTS5z2Vxo1nXID5KDRzb7GuzY602xOCTeZiM+9ZYJv7NZeNv7wKlRV9y/91Xql2IL64fapZhGX4+i5B1YCizxnRX/MY5JK3GsKtVcl4kkuHOJYNh12WIToGIeYV1SvR6JCf5Zp+GqMfjpHQBcoJMZ6c+Zf/GSzzLbwahz7loFuqn3TDIMwCvnmUFBgEOnKLzVzuK0wOOjYxDIfPU+kdmuOeWlP2NhhetsL8jdg70b4tKMlQS1nokUgI0Zkzlv5uvcJiv0bb6OmELkT9Gnc7yb4AP0nIYsfT04seja/sgzk1je+dY6OTLodUHSs3a8fCzaIicVfUM3s0lWo04bK+LefCRCTtsqM3D8JviYOHC7+cP+MGeci0FHbvz93PjEvTQSiYN0dAgStPmGYDKqpJr0geEhYKjlvc= - - secure: y1MlQ1uGl+Zu9liQUMAy0TBdBlX7wjiM/Z+IJzgEcwK3390HxEXTCI48u1HCjOmw7MiKVhGKVAHPQIB6mBfiuVHn5TOVwhNXwvPdJ8Xjt7RPRsyzxgediEDWh18mISPYIaNA3gEyz0dswQ4ZTvDBloZmvHyEE3RjKrjzuG7djnfb5fiMeLZuX0QPPdYC4fvW0cJTdM8UCOBacGJ5XILE1C4IFeLWRsObxUIHum7tUaFcln6tprcLyDb2eXoacVNjDqzMJoMYlQPh2vAJ4gpJ/ZBP4J4f1n97Q4HlhyREoytFwtOd3BhIS4ZnB8dhNFOQoaxOr/WYzMjMoTN2l8l+RL/4c37A6OHhf3qxiXmI/UaxW/QRF17MASjCyFgugnwseLPOrCUZ1pRGvi6NR7+EFOrcaMuZfJ1CmyqvNj2g2hGCm3G81wtfyWJHqXJCc+umdjGFRWOQU960BccREA0woRURpELcrXvSslYOMJnVJM23jPJ9/yL0zAx3jvSOLAMuNnTa9bl0nZ672r0Rwrtay6W57NJwmAknAn8zBL8vgqtqytvoKYIGZVZCinFnjom1NR6wx/sDRe3uE2cJf7bS7v9PrZ8hto8wkoqQ5VerbYxVglVnjgOI4VqX27r4BFuGNcyw4JlNwybr1PxAU0wI3SF/VzVdgZ+orPeIB+kDfOA= + artifacts: true + paths: + - "$HOME/build/dougmorato/WebGoat/webgoat-container/target/webgoat-container-7.0-SNAPSHOT-war-exec.jar" + debug: true +deploy: + provider: s3 + access_key_id: AKIAJQLKPGHXRH2AH5QA + secret_access_key: + secure: Ru994ZN5RNxO3VgKWP1tudOrjhoTl8KoanG7+xgfJF2n/pq8JKz0A8y2CmPKwrm0d5Dr0x3MNev6GUQK25c9IZCjB6ePdlMD+IR102NU8TC9rjnei0nWj8R/TYVNZRxJvrJnHzrR11Vst5cIJUu8Z5LC0XW3FK+NWivobgSEd5/QbMVt/37JRjjOrNqUjGGlsZwvauCOBh5yO0fvS13Msrz1fMFgG/jza537VytcWGgcYY6e2dvSKr8JddSxdqx+PUb8vzi3mKO/NHVDlmCuzTBHzeTTIifEBOhvyZHSrj9jPqVtK/RF94dH9ALG4h15ca6jMc6x9UIclekP7gy+NeOpQYEDquPfY28Rendx952AzS0uVZFOOG34OGafVm3v4mpJ4YJjJP52cJ2XzkgO7CCOT3BfqE1qfnrXDVJ9myazoCM3vQIyLVZzFlxt3mRb39d5ucGzrWMOfJIU6igzDvwuedRjJUQhuBcoR+aRJBEjsLb55vAcHsI8uR4olVFTJtDWs8o/5/ocI53jTvG8GDIgjbBexoid9EZdz62dvQdj/P1MGS21Xt9Z218mbMmiNayAY3dX+5soBpMKXd2sHQPwWjwKkRg0OqNiYcXBD31qs8aHmdQsqE6lHPQ7nWXIkEmvDsEz8hdTgjcteJPMTNGCAD86ntav7KCJ+QVLpCQ= + bucket: webgoat-war + acl: public_read + on: + repo: dougmorato/WebGoat + branch: docs From 5fba3a05cdeafd696562c9cdb56a81792af2fb23 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 19:02:28 -0400 Subject: [PATCH 07/20] Travis should only deploy target directory --- .travis.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 51139a80b..b7a9632ad 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,18 +5,15 @@ jdk: install: "/bin/true" script: - mvn clean package install -addons: - artifacts: true - paths: - - "$HOME/build/dougmorato/WebGoat/webgoat-container/target/webgoat-container-7.0-SNAPSHOT-war-exec.jar" - debug: true deploy: provider: s3 access_key_id: AKIAJQLKPGHXRH2AH5QA secret_access_key: secure: Ru994ZN5RNxO3VgKWP1tudOrjhoTl8KoanG7+xgfJF2n/pq8JKz0A8y2CmPKwrm0d5Dr0x3MNev6GUQK25c9IZCjB6ePdlMD+IR102NU8TC9rjnei0nWj8R/TYVNZRxJvrJnHzrR11Vst5cIJUu8Z5LC0XW3FK+NWivobgSEd5/QbMVt/37JRjjOrNqUjGGlsZwvauCOBh5yO0fvS13Msrz1fMFgG/jza537VytcWGgcYY6e2dvSKr8JddSxdqx+PUb8vzi3mKO/NHVDlmCuzTBHzeTTIifEBOhvyZHSrj9jPqVtK/RF94dH9ALG4h15ca6jMc6x9UIclekP7gy+NeOpQYEDquPfY28Rendx952AzS0uVZFOOG34OGafVm3v4mpJ4YJjJP52cJ2XzkgO7CCOT3BfqE1qfnrXDVJ9myazoCM3vQIyLVZzFlxt3mRb39d5ucGzrWMOfJIU6igzDvwuedRjJUQhuBcoR+aRJBEjsLb55vAcHsI8uR4olVFTJtDWs8o/5/ocI53jTvG8GDIgjbBexoid9EZdz62dvQdj/P1MGS21Xt9Z218mbMmiNayAY3dX+5soBpMKXd2sHQPwWjwKkRg0OqNiYcXBD31qs8aHmdQsqE6lHPQ7nWXIkEmvDsEz8hdTgjcteJPMTNGCAD86ntav7KCJ+QVLpCQ= - bucket: webgoat-war + bucket: "webgoat-war" + skip_cleanup: true acl: public_read + local_dir: - ./WebGoat/webgoat-container/target/ on: repo: dougmorato/WebGoat branch: docs From 68cf2c033f725cf469ad437c616284ce96848d2c Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 19:07:59 -0400 Subject: [PATCH 08/20] fix directory to upload to S3 --- .travis.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index b7a9632ad..5f5d906fd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,14 @@ language: java + jdk: -- oraclejdk7 -- oraclejdk8 + - oraclejdk7 + - oraclejdk8 + install: "/bin/true" + script: -- mvn clean package install + - mvn clean package install + deploy: provider: s3 access_key_id: AKIAJQLKPGHXRH2AH5QA @@ -13,7 +17,7 @@ deploy: bucket: "webgoat-war" skip_cleanup: true acl: public_read - local_dir: - ./WebGoat/webgoat-container/target/ + local_dir: build/dougmorato/WebGoat/webgoat-container/target/ on: repo: dougmorato/WebGoat branch: docs From e5a475eff8b7fbd43189f3c0e82ee40a1bff59a0 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 20:00:30 -0400 Subject: [PATCH 09/20] fix directory to upload to S3 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 5f5d906fd..a8d33fbc6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,7 +17,7 @@ deploy: bucket: "webgoat-war" skip_cleanup: true acl: public_read - local_dir: build/dougmorato/WebGoat/webgoat-container/target/ + local_dir: .build/dougmorato/WebGoat/webgoat-container/target/ on: repo: dougmorato/WebGoat branch: docs From 950fe974a75fef2c271de6f35b504802d6db65e9 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 20:05:12 -0400 Subject: [PATCH 10/20] replace ./ for /Users/dm in travis S3 uploader --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index a8d33fbc6..a26f24a56 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,7 +17,7 @@ deploy: bucket: "webgoat-war" skip_cleanup: true acl: public_read - local_dir: .build/dougmorato/WebGoat/webgoat-container/target/ + local_dir: $HOME/build/dougmorato/WebGoat/webgoat-container/target/ on: repo: dougmorato/WebGoat branch: docs From 71effddccb59ba403c91f69b7a15d4fbcc8347e2 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 20:37:49 -0400 Subject: [PATCH 11/20] Update S3 deployment to upload jar/war files only --- .travis.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index a26f24a56..3e56ae071 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,6 +9,10 @@ install: "/bin/true" script: - mvn clean package install +before_deploy: + - export WEBGOAT_RELEASE_FILES=$(ls build/webgoat-container/target/webgoat-container-*.*ar) + - echo "Webgoat release files $WEBGOAT_RELEASE_FILES" + deploy: provider: s3 access_key_id: AKIAJQLKPGHXRH2AH5QA @@ -17,7 +21,8 @@ deploy: bucket: "webgoat-war" skip_cleanup: true acl: public_read - local_dir: $HOME/build/dougmorato/WebGoat/webgoat-container/target/ + file_glob: true + file: "${WEBGOAT_RELEASE_FILES}" on: repo: dougmorato/WebGoat branch: docs From d96fe2a71e8b86de65706a5b45e0ba4a71f9811e Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 20:47:15 -0400 Subject: [PATCH 12/20] specify files for S# upload --- .travis.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3e56ae071..0131436da 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,7 +11,10 @@ script: before_deploy: - export WEBGOAT_RELEASE_FILES=$(ls build/webgoat-container/target/webgoat-container-*.*ar) - - echo "Webgoat release files $WEBGOAT_RELEASE_FILES" + - export WEBGOAT_JAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container*-war-exec.jar + - export WEBGOAT_WAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container*.war + - echo "Webgoat JAR file $WEBGOAT_JAR_FILE" + - echo "Webgoat WAR file $WEBGOAT_WAR_FILE" deploy: provider: s3 @@ -22,7 +25,9 @@ deploy: skip_cleanup: true acl: public_read file_glob: true - file: "${WEBGOAT_RELEASE_FILES}" + file: + - ${WEBGOAT_JAR_FILE} + - ${WEBGOAT_WAR_FILE} on: repo: dougmorato/WebGoat branch: docs From 6ea75074883ffad762fe41ad66995a3566ed35b1 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 21:14:03 -0400 Subject: [PATCH 13/20] Deploy S3 using maven parent version --- .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 0131436da..1f66d52f5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,9 +10,9 @@ script: - mvn clean package install before_deploy: - - export WEBGOAT_RELEASE_FILES=$(ls build/webgoat-container/target/webgoat-container-*.*ar) - - export WEBGOAT_JAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container*-war-exec.jar - - export WEBGOAT_WAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container*.war + - export WEBGOAT_ARTIFACT_VERSION=$(grep "" $HOME/build/$TRAVIS_REPO_SLUG/pom.xml | cut -d ">" -f 2 | cut -d "<" -f 1) + - export WEBGOAT_JAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION-war-exec.jar + - export WEBGOAT_WAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.war - echo "Webgoat JAR file $WEBGOAT_JAR_FILE" - echo "Webgoat WAR file $WEBGOAT_WAR_FILE" From cb5a7a577397f74a3ba7ee085301ad0f47929b36 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 21:17:49 -0400 Subject: [PATCH 14/20] Fix variable for S3 deploy --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1f66d52f5..d29895c9f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -26,8 +26,8 @@ deploy: acl: public_read file_glob: true file: - - ${WEBGOAT_JAR_FILE} - - ${WEBGOAT_WAR_FILE} + - $WEBGOAT_JAR_FILE + - $WEBGOAT_WAR_FILE on: repo: dougmorato/WebGoat branch: docs From cf040af06b284a165989dd41ac6a9461660e02b4 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 21:33:58 -0400 Subject: [PATCH 15/20] Move artifacts to folder, then deploy folder to S3 --- .travis.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index d29895c9f..c706cead2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,8 +13,12 @@ before_deploy: - export WEBGOAT_ARTIFACT_VERSION=$(grep "" $HOME/build/$TRAVIS_REPO_SLUG/pom.xml | cut -d ">" -f 2 | cut -d "<" -f 1) - export WEBGOAT_JAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION-war-exec.jar - export WEBGOAT_WAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.war - - echo "Webgoat JAR file $WEBGOAT_JAR_FILE" - - echo "Webgoat WAR file $WEBGOAT_WAR_FILE" + - export WEBGOAT_ARTIFACTS_FOLDER=$HOME/build/$TRAVIS_REPO_SLUG/Deployable_Artifacts/ + - mkdir $WEBGOAT_ARTIFACTS_FOLDER + - mv $WEBGOAT_JAR_FILE $WEBGOAT_ARTIFACTS_FOLDER + - mv $WEBGOAT_WAR_FILE $WEBGOAT_ARTIFACTS_FOLDER + - echo "Contents of artifcts folder:" + - ls $WEBGOAT_ARTIFACTS_FOLDER deploy: provider: s3 @@ -24,10 +28,7 @@ deploy: bucket: "webgoat-war" skip_cleanup: true acl: public_read - file_glob: true - file: - - $WEBGOAT_JAR_FILE - - $WEBGOAT_WAR_FILE + local_dir: $WEBGOAT_ARTIFACTS_FOLDER on: repo: dougmorato/WebGoat branch: docs From 1fbfb8bb667052af7add35dfa96cda46e4b299e5 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 21:40:51 -0400 Subject: [PATCH 16/20] Also deploy non-exec jar. Only deploy for JDK8 builds --- .travis.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index c706cead2..7594ee5a9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,10 +11,12 @@ script: before_deploy: - export WEBGOAT_ARTIFACT_VERSION=$(grep "" $HOME/build/$TRAVIS_REPO_SLUG/pom.xml | cut -d ">" -f 2 | cut -d "<" -f 1) - - export WEBGOAT_JAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION-war-exec.jar + - export WEBGOAT_JAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.jar + - export WEBGOAT_JAR_EXEC_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION-war-exec.jar - export WEBGOAT_WAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.war - export WEBGOAT_ARTIFACTS_FOLDER=$HOME/build/$TRAVIS_REPO_SLUG/Deployable_Artifacts/ - mkdir $WEBGOAT_ARTIFACTS_FOLDER + - mv $WEBGOAT_JAR_EXEC_FILE $WEBGOAT_ARTIFACTS_FOLDER - mv $WEBGOAT_JAR_FILE $WEBGOAT_ARTIFACTS_FOLDER - mv $WEBGOAT_WAR_FILE $WEBGOAT_ARTIFACTS_FOLDER - echo "Contents of artifcts folder:" @@ -32,3 +34,4 @@ deploy: on: repo: dougmorato/WebGoat branch: docs + jdk: oraclejdk8 From 65f239457f19f812be68191a56dc52e78c2b8f0c Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 21:44:54 -0400 Subject: [PATCH 17/20] On deploy to S3 if build from WebGoat/WebGoat repo on Master branch --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 7594ee5a9..f629b4182 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,6 +32,6 @@ deploy: acl: public_read local_dir: $WEBGOAT_ARTIFACTS_FOLDER on: - repo: dougmorato/WebGoat - branch: docs + repo: WebGoat/WebGoat + branch: master jdk: oraclejdk8 From ba8fb135264abb3ad4a4e22d003d3babc18421ec Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 22:19:41 -0400 Subject: [PATCH 18/20] Updated README instrauctions and formatting. Updated links to download from Amazon S3 --- README.MD | 66 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 41 insertions(+), 25 deletions(-) diff --git a/README.MD b/README.MD index cec40f9c7..6ce5036d4 100644 --- a/README.MD +++ b/README.MD @@ -42,13 +42,13 @@ You can find more information about WebGoat at: # Easy Run Instructions ( For non-developers ) -**Note - Use WebGoat-Legacy for a stable build** +**Note - Use [WebGoat-Legacy](https://github.com/WebGoat/WebGoat-Legacy) for a stable build** Follow these instructions if you simply wish to run WebGoat -**Prerequisites:** +## Prerequisites: -Java VM >= 1.6 installed ( JDK 1.7 recommended) +* Java VM >= 1.6 installed ( JDK 1.7 recommended) 1. Download the executable jar file which contains all the lessons: @@ -62,7 +62,7 @@ $ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar 3. Then navigate in your browser to: (http://localhost:8080/WebGoat) -4. If you would like to change the port or other options, use: +4.(Optional) If you would like to change the port or other options, use: ```Shell $ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar --help @@ -72,56 +72,72 @@ $ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar --help Follow these instructions if you wish to run Webgoat and modify the source code as well. -**Prerequisites:** -/ +## Prerequisites: + * Java >= 1.6 ( JDK 1.7 recommended ) * Maven > 2.0.9 * Your favorite IDE, with Maven awareness: Netbeans/IntelliJ/Eclipse with m2e installed. * Git, or Git support in your IDE -**Note:** WebGoat source code can be downloaded at: (https://github.com/WebGoat/WebGoat). +## Cloning the Lesson Server and the Lessons project: - -**Building the project (Developers)** - -Using a command shell/window: +Open a command shell/window, navigate to where you wish to download the source and type: ```Shell -$ mvn clean package +$ git clone git@github.com:WebGoat/WebGoat.git +$ git clone git@github.com:WebGoat/WebGoat-Lessons.git ``` -Before you can run the project you need to build some lessons first clone https://github.com/WebGoat/WebGoat-Lessons and run: +### Now let's start by compiling the WebGoat Lessons server. ```Shell - $ cd WebGoat-Lessons - $ mvn package - $ cp target/plugins/*.jar WebGoat/webgoat-container/target/webgoat-container-7.0-SNAPSHOT/plugin_lessons/ +$ cd WebGoat +$ mvn clean compile +$ cd .. ``` +### Before you can run the project, we need to compile the lessons and copy them over: + +```Shell +$ cd WebGoat-Lessons +$ mvn package +$ cp target/plugins/*.jar ../WebGoat/webgoat-container/target/webgoat-container-7.0-SNAPSHOT/plugin_lessons/ +$ cd .. +``` + +## Now we are ready to run the project. There are 3 options you can choose from to run the project: + Then you can run the project with one of the steps below (From the WebGoat folder not WebGoat-Lessons): -1. Maven-Tomcat Plugin - using a command shell/window: +### Option #1: Using the Maven-Tomcat Plugin +Maven will run the project in an embedded tomcat: ```Shell +$ cd WebGoat $ mvn -pl webgoat-container tomcat7:run-war ``` -Browse to http://localhost:8080/WebGoat -Maven will run the project in an embedded tomcat. +Browse to (http://localhost:8080/WebGoat) and happy hacking ! -2. Java JAR - the package phase also builds an executable jar file. You can run it using: +### Option #2: Java executable JAR +Call the maven package goal which will build an executable jar file: ```Shell +$ cd WebGoat +$ mvn package $ cd webgoat-container/target $ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar http://localhost:8080/WebGoat ``` -Browse to http://localhost:8080/WebGoat +Browse to (http://localhost:8080/WebGoat) and happy hacking ! -3. Tomcat the package phase also builds a war file. You can deploy it using: +### Option #3: Deploy the WebGoat WAR file in yout local Tomcat or other Application Serve: +The _maven package_ goal generates a .war file that can deployed into an Application Server, such as Tomcat ```Shell -$ cp webgoat-container/target/webgoat-container-7.0-SNAPSHOT-war-exec.jar /webapps/ +$ cd WebGoat +$ mvn package +$ cp webgoat-container/target/webgoat-container-7.0-SNAPSHOT-war-exec.jar /webapps/ ``` + +Browse to (http://localhost:8080/WebGoat) and happy hacking ! From 1e19a8a98bceed1c63d83ec100afbd79339312a5 Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 22:31:58 -0400 Subject: [PATCH 19/20] Some more README updates. Try to fix slack badge --- README.MD | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/README.MD b/README.MD index 6ce5036d4..8eda3ca6c 100644 --- a/README.MD +++ b/README.MD @@ -3,7 +3,6 @@ [![Build Status](https://travis-ci.org/WebGoat/WebGoat.svg)](https://travis-ci.org/WebGoat/WebGoat) [![OWASP Slack](https://owasp.herokuapp.com/badge.svg)](https://owasp.herokuapp.com/) - # Important Information ### This is a work in progress of the WebGoat Lesson Server, which is currently **UNDER MAJOR DEVELOMENT** @@ -36,17 +35,13 @@ you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.* -You can find more information about WebGoat at: -(https://github.com/WebGoat/) - - # Easy Run Instructions ( For non-developers ) **Note - Use [WebGoat-Legacy](https://github.com/WebGoat/WebGoat-Legacy) for a stable build** Follow these instructions if you simply wish to run WebGoat -## Prerequisites: +### Prerequisites: * Java VM >= 1.6 installed ( JDK 1.7 recommended) @@ -72,14 +67,14 @@ $ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar --help Follow these instructions if you wish to run Webgoat and modify the source code as well. -## Prerequisites: +### Prerequisites: * Java >= 1.6 ( JDK 1.7 recommended ) * Maven > 2.0.9 * Your favorite IDE, with Maven awareness: Netbeans/IntelliJ/Eclipse with m2e installed. * Git, or Git support in your IDE -## Cloning the Lesson Server and the Lessons project: +#### Cloning the Lesson Server and the Lessons project: Open a command shell/window, navigate to where you wish to download the source and type: @@ -88,7 +83,7 @@ $ git clone git@github.com:WebGoat/WebGoat.git $ git clone git@github.com:WebGoat/WebGoat-Lessons.git ``` -### Now let's start by compiling the WebGoat Lessons server. +#### Now let's start by compiling the WebGoat Lessons server. ```Shell $ cd WebGoat @@ -96,7 +91,8 @@ $ mvn clean compile $ cd .. ``` -### Before you can run the project, we need to compile the lessons and copy them over: +#### Before you can run the project, we need to compile the lessons and copy them over: +** If you don't run this step, you will not have any Lessons to work with!** ```Shell $ cd WebGoat-Lessons @@ -105,22 +101,22 @@ $ cp target/plugins/*.jar ../WebGoat/webgoat-container/target/webgoat-container- $ cd .. ``` -## Now we are ready to run the project. There are 3 options you can choose from to run the project: +#### Now we are ready to run the project. There are 3 options you can choose from to run the project: Then you can run the project with one of the steps below (From the WebGoat folder not WebGoat-Lessons): -### Option #1: Using the Maven-Tomcat Plugin -Maven will run the project in an embedded tomcat: +##### Option #1: Using the Maven-Tomcat Plugin +The __maven tomcat7:run-war__ goal runs the project in an embedded tomcat: ```Shell $ cd WebGoat $ mvn -pl webgoat-container tomcat7:run-war ``` -Browse to (http://localhost:8080/WebGoat) and happy hacking ! +Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking ! -### Option #2: Java executable JAR -Call the maven package goal which will build an executable jar file: +##### Option #2: Java executable JAR +The __maven package__ goal generates an executable .jar file: ```Shell $ cd WebGoat @@ -129,9 +125,9 @@ $ cd webgoat-container/target $ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar http://localhost:8080/WebGoat ``` -Browse to (http://localhost:8080/WebGoat) and happy hacking ! +Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking ! -### Option #3: Deploy the WebGoat WAR file in yout local Tomcat or other Application Serve: +##### Option #3: Deploy the WebGoat WAR file in yout local Tomcat or other Application Serve: The _maven package_ goal generates a .war file that can deployed into an Application Server, such as Tomcat ```Shell @@ -140,4 +136,4 @@ $ mvn package $ cp webgoat-container/target/webgoat-container-7.0-SNAPSHOT-war-exec.jar /webapps/ ``` -Browse to (http://localhost:8080/WebGoat) and happy hacking ! +Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking ! From f08959f530f6793d6089b3364db6fe535968824c Mon Sep 17 00:00:00 2001 From: Doug Morato Date: Thu, 20 Aug 2015 22:34:36 -0400 Subject: [PATCH 20/20] Remove slack badge, as it's breaking formatting --- README.MD | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.MD b/README.MD index 8eda3ca6c..d606408b4 100644 --- a/README.MD +++ b/README.MD @@ -1,7 +1,6 @@ # WebGoat: A deliberately insecure Web Application [![Build Status](https://travis-ci.org/WebGoat/WebGoat.svg)](https://travis-ci.org/WebGoat/WebGoat) -[![OWASP Slack](https://owasp.herokuapp.com/badge.svg)](https://owasp.herokuapp.com/) # Important Information @@ -105,7 +104,7 @@ $ cd .. Then you can run the project with one of the steps below (From the WebGoat folder not WebGoat-Lessons): -##### Option #1: Using the Maven-Tomcat Plugin +#### Option #1: Using the Maven-Tomcat Plugin The __maven tomcat7:run-war__ goal runs the project in an embedded tomcat: ```Shell @@ -115,7 +114,7 @@ $ mvn -pl webgoat-container tomcat7:run-war Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking ! -##### Option #2: Java executable JAR +#### Option #2: Java executable JAR The __maven package__ goal generates an executable .jar file: ```Shell @@ -127,7 +126,7 @@ $ java -jar webgoat-container-7.0-SNAPSHOT-war-exec.jar http://localhost:8080/We Browse to [http://localhost:8080](http://localhost:8080/WebGoat) and happy hacking ! -##### Option #3: Deploy the WebGoat WAR file in yout local Tomcat or other Application Serve: +#### Option #3: Deploy the WebGoat WAR file in yout local Tomcat or other Application Serve: The _maven package_ goal generates a .war file that can deployed into an Application Server, such as Tomcat ```Shell