From e34faa13d6269b27196763eb8b03d95fc4c54d40 Mon Sep 17 00:00:00 2001
From: Jason <jason.white@owasp.org>
Date: Wed, 2 May 2018 16:35:57 -0600
Subject: [PATCH 01/10] fix for periodic fail on StoredXssCommentsTest
---
.../webgoat/plugin/StoredXssCommentsTest.java | 21 ++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java b/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java
index 3187e936b..4e7802e77 100644
--- a/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java
+++ b/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java
@@ -33,8 +33,10 @@ import org.mockito.runners.MockitoJUnitRunner;
import org.owasp.webgoat.assignments.AssignmentEndpointTest;
import org.springframework.http.MediaType;
import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.MvcResult;
import org.springframework.test.web.servlet.ResultActions;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.util.Assert;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
@@ -80,12 +82,17 @@ public class StoredXssCommentsTest extends AssignmentEndpointTest {
*/
//Ensures it is vulnerable
-// @Test
-// public void isNotEncoded() throws Exception {
-// //do get to get comments after posting xss payload
-// ResultActions taintedResults = mockMvc.perform(MockMvcRequestBuilders.get("/CrossSiteScripting/stored-xss"));
-// taintedResults.andExpect(jsonPath("$[0].text",CoreMatchers.is(CoreMatchers.containsString("<script>console.warn('unit test me')</script>"))));
-// }
+ @Test
+ public void isNotEncoded() throws Exception {
+ //do get to get comments after posting xss payload
+ ResultActions taintedResults = mockMvc.perform(MockMvcRequestBuilders.get("/CrossSiteScripting/stored-xss"));
+ MvcResult mvcResult = taintedResults.andReturn();
+ assert(mvcResult.getResponse().getContentAsString().contains("<script>console.warn"));
+ }
+
+ private Boolean hasScriptTagInComments () {
+ return false;
+ }
//Could be used to test an encoding solution ... commented out so build will pass. Uncommenting will fail build, but leaving in as positive Security Unit Test
@@ -95,4 +102,4 @@ public class StoredXssCommentsTest extends AssignmentEndpointTest {
// ResultActions taintedResults = mockMvc.perform(MockMvcRequestBuilders.get("/CrossSiteScripting/stored-xss"));
// taintedResults.andExpect(jsonPath("$[0].text",CoreMatchers.is(CoreMatchers.containsString("<scriptgt;"))));
// }
-}
\ No newline at end of file
+}
From 20e45da8ae12548ca3a097d18a4ff248e42c0023 Mon Sep 17 00:00:00 2001
From: Jason <jason.white@owasp.org>
Date: Wed, 2 May 2018 16:36:34 -0600
Subject: [PATCH 02/10] cleanup that was missed in prev. commit
---
.../java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java | 5 -----
1 file changed, 5 deletions(-)
diff --git a/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java b/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java
index 4e7802e77..a333a2602 100644
--- a/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java
+++ b/webgoat-lessons/cross-site-scripting/src/test/java/org/owasp/webgoat/plugin/StoredXssCommentsTest.java
@@ -90,11 +90,6 @@ public class StoredXssCommentsTest extends AssignmentEndpointTest {
assert(mvcResult.getResponse().getContentAsString().contains("<script>console.warn"));
}
- private Boolean hasScriptTagInComments () {
- return false;
- }
-
-
//Could be used to test an encoding solution ... commented out so build will pass. Uncommenting will fail build, but leaving in as positive Security Unit Test
// @Test
// public void isEncoded() throws Exception {
From 6cfefba0eef5c53d18d85280576b2e711a0ee448 Mon Sep 17 00:00:00 2001
From: Jason <jason.white@owasp.org>
Date: Thu, 3 May 2018 10:25:34 -0600
Subject: [PATCH 03/10] work-arounds, fixes for page initialization and some
clean-up
---
.../js/goatApp/controller/LessonController.js | 43 +++----------------
.../js/goatApp/view/LessonContentView.js | 12 ++++--
.../js/goatApp/view/PaginationControlView.js | 10 ++---
3 files changed, 20 insertions(+), 45 deletions(-)
diff --git a/webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js b/webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js
index e692e0beb..662b67702 100644
--- a/webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js
+++ b/webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js
@@ -73,6 +73,7 @@ define(['jquery',
}
this.loadLesson = function(name,pageNum) {
+
if (this.name === name) {
this.listenToOnce(this.lessonHintView, 'hints:showButton', this.onShowHintsButton);
this.listenTo(this.lessonHintView, 'hints:hideButton', this.onHideHintsButton);
@@ -83,15 +84,15 @@ define(['jquery',
return;
}
+ if (pageNum && !this.name) {
+ //placeholder
+ }
+
this.helpsLoaded = {};
if (typeof(name) === 'undefined' || name === null) {
//TODO: implement lesson not found or return to welcome page?
}
this.lessonContent.loadData({'name':name});
-// this.planView = {};
-// this.solutionView = {};
-// this.sourceView = {};
-// this.lessonHintView = {};
this.name = name;
};
@@ -124,10 +125,7 @@ define(['jquery',
this.helpControlsView = null;
this.lessonContentView.model = this.lessonContent;
this.lessonContentView.render();
-
- //this.planView = new PlanView();
- //this.solutionView = new SolutionView();
- //this.sourceView = new SourceView();
+ //TODO: consider moving hintView as child of lessonContentView ...
if (this.lessonHintView) {
this.lessonHintView.stopListening();
this.lessonHintView = null;
@@ -152,35 +150,6 @@ define(['jquery',
this.helpsLoaded[curHelp.helpElement] = curHelp.value;
};
-// this.hideShowHelps = function(showHelp) {
-// var showId = '#lesson-' + showHelp + '-row';
-// var contentId = '#lesson-' + showHelp + '-content';
-// $('.lesson-help').not(showId).hide();
-// if (!showId) {
-// return;
-// }
-//
-// if ($(showId).is(':visible')) {
-// $(showId).hide();
-// return;
-// } else {
-// //TODO: move individual .html operations into individual help views
-// switch(showHelp) {
-// case 'plan':
-// $(contentId).html(this.planView.model.get('content'));
-// break;
-// case 'solution':
-// $(showId).html(this.solutionView.model.get('content'));
-// break;
-// case 'source':
-// $(contentId).html('<pre>' + this.sourceView.model.get('content') + '</pre>');
-// break;
-// }
-// $(showId).show();
-// GoatUtils.scrollToHelp()
-// }
-// };
-
this.showHintsView = function() {
this.lessonHintView.render();
if (this.lessonHintView.getHintsCount > 0) {
diff --git a/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js b/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js
index 3fca490f0..75ff968b2 100644
--- a/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js
+++ b/webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js
@@ -59,7 +59,7 @@ define(['jquery',
var currentPage = (!isNaN(startPageNum) && startPageNum && startPageNum < this.$contentPages) ? startPageNum : 0;
//init views & pagination
this.showCurContentPage(currentPage);
- this.paginationControlView = new PaginationControlView(this.$contentPages,this.model.get('lessonUrl'));
+ this.paginationControlView = new PaginationControlView(this.$contentPages,this.model.get('lessonUrl'),startPageNum);
},
updatePagination: function() {
@@ -187,13 +187,19 @@ define(['jquery',
return endpoints;
},
+ onNavToPage: function(pageNum) {
+ var assignmentPaths = this.findAssigmentEndpointsOnPage(pageNum);
+ this.trigger('endpoints:filtered',assignmentPaths);
+ },
+
navToPage: function (pageNum) {
this.paginationControlView.setCurrentPage(pageNum);//provides validation
this.showCurContentPage(this.paginationControlView.currentPage);
this.paginationControlView.render();
this.paginationControlView.hideShowNavButtons();
- var assignmentPaths = this.findAssigmentEndpointsOnPage(pageNum);
- this.trigger('endpoints:filtered',assignmentPaths);
+ this.onNavToPage(pageNum);
+ //var assignmentPaths = this.findAssigmentEndpointsOnPage(pageNum);
+ //this.trigger('endpoints:filtered',assignmentPaths);
},
/* for testing */
diff --git a/webgoat-container/src/main/resources/static/js/goatApp/view/PaginationControlView.js b/webgoat-container/src/main/resources/static/js/goatApp/view/PaginationControlView.js
index 2dcecf136..7dac8f063 100644
--- a/webgoat-container/src/main/resources/static/js/goatApp/view/PaginationControlView.js
+++ b/webgoat-container/src/main/resources/static/js/goatApp/view/PaginationControlView.js
@@ -12,14 +12,14 @@ define(['jquery',
template: PaginationTemplate,
el: '#lesson-page-controls',
- initialize: function ($contentPages,baseLessonUrl) {
+ initialize: function ($contentPages,baseLessonUrl,initPageNum) {
this.$contentPages = $contentPages;
this.collection = new LessonOverviewCollection();
this.listenTo(this.collection, 'reset', this.render);
this.numPages = this.$contentPages.length;
this.baseUrl = baseLessonUrl;
this.collection.fetch({reset:true});
- this.initPagination();
+ this.initPagination(initPageNum);
//this.render();
},
@@ -117,9 +117,9 @@ define(['jquery',
$('span.glyphicon-class.glyphicon.glyphicon-circle-arrow-right.show-next-page').hide();
},
- initPagination: function() {
- //track pagination state in this view ... start at 0
- this.currentPage = 0;
+ initPagination: function(initPageNum) {
+ //track pagination state in this view ... start at 0 .. unless a pageNum was provided
+ this.currentPage = !initPageNum ? 0 : initPageNum;
},
setCurrentPage: function (pageNum) {
From 089dd56a154565786c41bb6bc1a79b305ccfe41f Mon Sep 17 00:00:00 2001
From: Jason <jason.white@owasp.org>
Date: Thu, 3 May 2018 10:49:31 -0600
Subject: [PATCH 04/10] wiring jqueryui to vuln jquery #368
---
webgoat-container/src/main/resources/static/js/main.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/webgoat-container/src/main/resources/static/js/main.js b/webgoat-container/src/main/resources/static/js/main.js
index 4715858cd..4c77d9c0f 100644
--- a/webgoat-container/src/main/resources/static/js/main.js
+++ b/webgoat-container/src/main/resources/static/js/main.js
@@ -30,7 +30,7 @@ require.config({
shim: {
"jqueryui": {
exports:"$",
- deps: ['jquery']
+ deps: ['libs/jquery-2.1.4.min']
},
underscore: {
exports: "_"
From 186f24f1dfde2af545e377d3c4d62c29427f7fbf Mon Sep 17 00:00:00 2001
From: Jason <jason.white@owasp.org>
Date: Thu, 3 May 2018 10:49:58 -0600
Subject: [PATCH 05/10] more hintview patching
---
.../js/goatApp/controller/LessonController.js | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js b/webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js
index 662b67702..11b8279cf 100644
--- a/webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js
+++ b/webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js
@@ -126,11 +126,7 @@ define(['jquery',
this.lessonContentView.model = this.lessonContent;
this.lessonContentView.render();
//TODO: consider moving hintView as child of lessonContentView ...
- if (this.lessonHintView) {
- this.lessonHintView.stopListening();
- this.lessonHintView = null;
- }
- this.lessonHintView = new HintView();
+ this.createLessonHintView();
//TODO: instantiate model with values (not sure why was not working before)
var paramModel = new ParamModel({});
@@ -146,11 +142,23 @@ define(['jquery',
this.lessonProgressModel.completed();
};
+ this.createLessonHintView = function () {
+ if (this.lessonHintView) {
+ this.lessonHintView.stopListening();
+ this.lessonHintView = null;
+ }
+ this.lessonHintView = new HintView();
+ }
+
this.addCurHelpState = function (curHelp) {
this.helpsLoaded[curHelp.helpElement] = curHelp.value;
};
this.showHintsView = function() {
+ if (!this.lessonHintView) {
+ this.createLessonHintView();
+ }
+ //
this.lessonHintView.render();
if (this.lessonHintView.getHintsCount > 0) {
this.helpControlsView.showHintsButton();
From 31f7ea6985ea54433eaa8c66881c9534130757b7 Mon Sep 17 00:00:00 2001
From: jason <jason@jasons-MacBook-Pro.local>
Date: Mon, 14 May 2018 12:15:48 -0600
Subject: [PATCH 06/10] script to automate WebGoat deployment on GKE
---
.../GCP/GKE-Docker/gke-deploy-config.sh | 4 ++
.../GCP/GKE-Docker/gke-deploy.sh | 47 +++++++++++++++++++
2 files changed, 51 insertions(+)
create mode 100644 platformQuickStarts/GCP/GKE-Docker/gke-deploy-config.sh
create mode 100644 platformQuickStarts/GCP/GKE-Docker/gke-deploy.sh
diff --git a/platformQuickStarts/GCP/GKE-Docker/gke-deploy-config.sh b/platformQuickStarts/GCP/GKE-Docker/gke-deploy-config.sh
new file mode 100644
index 000000000..87a076730
--- /dev/null
+++ b/platformQuickStarts/GCP/GKE-Docker/gke-deploy-config.sh
@@ -0,0 +1,4 @@
+CURTAG=webgoat/webgoat-8.0
+DEST_TAG=gcr.io/your-gke-project/your-webgoat-tag
+CLUSTER_NAME=your-cluster-name
+PORT_NUM=8080
\ No newline at end of file
diff --git a/platformQuickStarts/GCP/GKE-Docker/gke-deploy.sh b/platformQuickStarts/GCP/GKE-Docker/gke-deploy.sh
new file mode 100644
index 000000000..7be5f336c
--- /dev/null
+++ b/platformQuickStarts/GCP/GKE-Docker/gke-deploy.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+source deploy.cfg
+
+echo "tagging $CURTAG to $DEST_TAG"
+docker tag $CURTAG $DEST_TAG
+# gcloud docker -- push $DEST_TAG
+docker push $DEST_TAG
+if [ $? -eq 0 ]; then
+ echo "*** $DEST_TAG pushed ... "
+else
+ echo "failed to push $DEST_TAG to GKE repo"
+ exit 1
+fi
+
+echo "*** creating cluster $CLUSTER_NAME ... "
+gcloud container clusters create $CLUSTER_NAME
+if [ $? -eq 0 ]; then
+ echo "*** $CLUSTER_NAME cluster created ... "
+else
+ echo "!!! failed to create cluster $CLUSTER_NAME"
+ exit 1
+fi
+
+
+# DEST_TAG refers to the docker image we'll use
+kubectl run $CLUSTER_NAME --image=$DEST_TAG --port=$PORT_NUM
+if [ $? -eq 0 ]; then
+ echo "*** cluster should be running now ... "
+else
+ echo "!!! failed to start service"
+ echo "*** cleaning up, deleting cluster ... "
+ gcloud container clusters delete $CLUSTER_NAME --quiet
+ exit 1
+fi
+
+kubectl expose deployment $CLUSTER_NAME --type="LoadBalancer"
+if [ $? -eq 0 ]; then
+ echo "*** cluster exposed via load balancer ... "
+ echo "*** TO GET YOUR SERVICE's IP, run ... "
+ echo "$ kubectl get service $CLUSTER_NAME"
+else
+ echo "!!! failed to start service"
+ echo "*** cleaning up, deleting cluster ... "
+ gcloud container clusters delete $CLUSTER_NAME --quiet
+ exit 1
+fi
From 1734170e9e99ff169b28545d1d237a2dcab87566 Mon Sep 17 00:00:00 2001
From: Jason <jason.white@owasp.org>
Date: Mon, 4 Jun 2018 16:53:13 -0600
Subject: [PATCH 07/10] updates to missing function ac lesson
---
.../main/resources/templates/list_users.html | 5 +++--
.../plugin/MissingFunctionACYourHash.java | 2 +-
.../java/org/owasp/webgoat/plugin/Users.java | 2 +-
.../resources/i18n/WebGoatLabels.properties | 21 +++++++++++--------
4 files changed, 17 insertions(+), 13 deletions(-)
diff --git a/webgoat-container/src/main/resources/templates/list_users.html b/webgoat-container/src/main/resources/templates/list_users.html
index 5e2b3045b..050c85dc7 100644
--- a/webgoat-container/src/main/resources/templates/list_users.html
+++ b/webgoat-container/src/main/resources/templates/list_users.html
@@ -123,8 +123,9 @@
<section class="main-content-wrapper">
<section id="main-content"> <!--ng-controller="goatLesson"-->
<div id="lesson-page" class="pages">
- <span th:text="${numUsers}"> Users in WebGoat</span>
- <!-- iterate over users below -->su
+ <span th:text="${numUsers}"></span>
+ <span> Users in WebGoat</span>
+
<div sec:authorize="hasAuthority('WEBGOAT_ADMIN')">
<h3>WebGoat Users</h3>
<div th:each="user : ${allUsers}">
diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/MissingFunctionACYourHash.java b/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/MissingFunctionACYourHash.java
index 97770e635..d830ac7a1 100644
--- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/MissingFunctionACYourHash.java
+++ b/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/MissingFunctionACYourHash.java
@@ -13,7 +13,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
@AssignmentPath("/access-control/user-hash")
@AssignmentHints({"access-control.hash.hint1","access-control.hash.hint2","access-control.hash.hint3",
"access-control.hash.hint4","access-control.hash.hint5","access-control.hash.hint6","access-control.hash.hint7",
- "access-control.hash.hint8","access-control.hash.hint9"})
+ "access-control.hash.hint8","access-control.hash.hint9","access-control.hash.hint10","access-control.hash.hint11","access-control.hash.hint12"})
public class MissingFunctionACYourHash extends AssignmentEndpoint {
@Autowired
diff --git a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/Users.java b/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/Users.java
index 26e48709d..9b01ac3d5 100644
--- a/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/Users.java
+++ b/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/Users.java
@@ -51,7 +51,7 @@ public class Users extends Endpoint{
userMap.put("cc", results.getString(3));
userMap.put("ccType", results.getString(4));
userMap.put("cookie", results.getString(5));
- userMap.put("loginCOunt",Integer.toString(results.getInt(6)));
+ userMap.put("loginCount",Integer.toString(results.getInt(6)));
allUsersMap.put(id,userMap);
}
userSessionData.setValue("allUsers",allUsersMap);
diff --git a/webgoat-lessons/missing-function-ac/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/missing-function-ac/src/main/resources/i18n/WebGoatLabels.properties
index 876cff6de..4533fe073 100644
--- a/webgoat-lessons/missing-function-ac/src/main/resources/i18n/WebGoatLabels.properties
+++ b/webgoat-lessons/missing-function-ac/src/main/resources/i18n/WebGoatLabels.properties
@@ -11,12 +11,15 @@ access-control.hidden-menus.hint3=Look for something a super-user or administato
access-control.hash.success=Congrats! You really succeeded when you added the user.
access-control.hash.close=Keep trying, this one may take several attempts & steps to achieve. See the hints for help.
-access-control.hash.hint1=If you haven't found the hidden menus from the earlier exercise, go do that now.
-access-control.hash.hint2=When you look at the users page, there is a hint that more info is viewable by a given role of user.
-access-control.hash.hint3=Have you tried tampering the GET request? Can you find supported or unsupported methods? Can you trigger 500 errors?
-access-control.hash.hint4=There are actually two ways to solve this one. The first involves just changing a request header.
-access-control.hash.hint5=If the request to view users, were a 'service' or 'RESTful' endpoint, what would be different about it?
-access-control.hash.hint6=If you're still looking for hints ... try changing the Content-type header in the GET request.
-access-control.hash.hint7=The harder way involves changing the Content-type AND the method ... As well as a proper payload for the request. Look at how registration works first and extrapolate out from there.
-access-control.hash.hint8=See if you can add a user with a webgoat admin role, and if more is visible once you log in as that user.
-access-control.hash.hint9=If you create a new user with the admin role ... The role should include 'WEBGOAT' and 'ADMIN' in the role name. You'll have to do some guessing beyond that.
\ No newline at end of file
+access-control.hash.hint1=There is an easier way and a 'harder' way to achieve this, the easier way involves one simple change in a GET request.
+access-control.hash.hint2= If you haven't found the hidden menus from the earlier exercise, go do that first.
+access-control.hash.hint3=When you look at the users page, there is a hint that more info is viewable by a given role.
+access-control.hash.hint4=For the easy way, have you tried tampering the GET request? Different content-types?
+access-control.hash.hint5=For the 'easy' way, modify the GET request to /users to include 'Content-Type: application/json'
+access-control.hash.hint6=Now for the harder way ... it builds on the easier way
+access-control.hash.hint7=If the request to view users, were a 'service' or 'RESTful' endpoint, what would be different about it?
+access-control.hash.hint8=If you're still looking for hints ... try changing the Content-type header as in the GET request.
+access-control.hash.hint9=You also need to deliver a proper payload for the request (look at how registration works). This should be formatted in line with the content-type you just defined.
+access-control.hash.hint10=You will want to add WEBGOAT_ADMIN for the user's role. Yes, you'd have to guess/fuzz this in a real-world setting.
+access-control.hash.hint11=OK, here it is. First, create an admin user ... Change the method to POST, change the content-type to "application/json". And your payload should look something like: {"username":"newUser2","password":"newUser12","matchingPassword":"newUser12","role":"WEBGOAT_ADMIN"}
+access-control.hash.hint12=Now log in as that user and bring up WebGoat/users. Copy your hash and log back in to your original account and input it there to get credit.
From 71514fc39b911cfd719d6ccff59e187ef774727d Mon Sep 17 00:00:00 2001
From: Jason White <jason.white@owasp.org>
Date: Tue, 5 Jun 2018 09:45:47 -0600
Subject: [PATCH 08/10] GKE deploy script
---
platformQuickStarts/GCP/GKE-Docker/deploy.cfg | 4 ++++
1 file changed, 4 insertions(+)
create mode 100644 platformQuickStarts/GCP/GKE-Docker/deploy.cfg
diff --git a/platformQuickStarts/GCP/GKE-Docker/deploy.cfg b/platformQuickStarts/GCP/GKE-Docker/deploy.cfg
new file mode 100644
index 000000000..460110cc2
--- /dev/null
+++ b/platformQuickStarts/GCP/GKE-Docker/deploy.cfg
@@ -0,0 +1,4 @@
+CURTAG=webgoat/webgoat-8.0
+DEST_TAG=gcr.io/astech-training/raging-wire-webgoat
+CLUSTER_NAME=raging-wire-webgoat
+PORT_NUM=8080
\ No newline at end of file
From 5e8c610fbfe0f9c81c1deef92372cef56d48cdfa Mon Sep 17 00:00:00 2001
From: Jason White <jason.white@owasp.org>
Date: Tue, 5 Jun 2018 14:10:29 -0600
Subject: [PATCH 09/10] gke-deploy.sh
---
platformQuickStarts/GCP/GKE-Docker/gke-deploy.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/platformQuickStarts/GCP/GKE-Docker/gke-deploy.sh b/platformQuickStarts/GCP/GKE-Docker/gke-deploy.sh
index 7be5f336c..2fe6280cc 100644
--- a/platformQuickStarts/GCP/GKE-Docker/gke-deploy.sh
+++ b/platformQuickStarts/GCP/GKE-Docker/gke-deploy.sh
@@ -1,5 +1,10 @@
#!/bin/bash
+# Script to deploy webgoat docker (or I guess any docker for that matter) to GKE
+# You will need the SDK installed and be authenticated and set up for the project you
+# plan to push the image into and run it on
+
+# will pull in config vars
source deploy.cfg
echo "tagging $CURTAG to $DEST_TAG"
From cf0e4e40cf477681f365bb13c30a1c4ce0073613 Mon Sep 17 00:00:00 2001
From: Jason White <jason.white@owasp.org>
Date: Tue, 5 Jun 2018 14:36:40 -0600
Subject: [PATCH 10/10] clean up
---
.../GCP/GKE-Docker/gke-deploy.sh | 52 -------------------
1 file changed, 52 deletions(-)
delete mode 100644 platformQuickStarts/GCP/GKE-Docker/gke-deploy.sh
diff --git a/platformQuickStarts/GCP/GKE-Docker/gke-deploy.sh b/platformQuickStarts/GCP/GKE-Docker/gke-deploy.sh
deleted file mode 100644
index 2fe6280cc..000000000
--- a/platformQuickStarts/GCP/GKE-Docker/gke-deploy.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/bash
-
-# Script to deploy webgoat docker (or I guess any docker for that matter) to GKE
-# You will need the SDK installed and be authenticated and set up for the project you
-# plan to push the image into and run it on
-
-# will pull in config vars
-source deploy.cfg
-
-echo "tagging $CURTAG to $DEST_TAG"
-docker tag $CURTAG $DEST_TAG
-# gcloud docker -- push $DEST_TAG
-docker push $DEST_TAG
-if [ $? -eq 0 ]; then
- echo "*** $DEST_TAG pushed ... "
-else
- echo "failed to push $DEST_TAG to GKE repo"
- exit 1
-fi
-
-echo "*** creating cluster $CLUSTER_NAME ... "
-gcloud container clusters create $CLUSTER_NAME
-if [ $? -eq 0 ]; then
- echo "*** $CLUSTER_NAME cluster created ... "
-else
- echo "!!! failed to create cluster $CLUSTER_NAME"
- exit 1
-fi
-
-
-# DEST_TAG refers to the docker image we'll use
-kubectl run $CLUSTER_NAME --image=$DEST_TAG --port=$PORT_NUM
-if [ $? -eq 0 ]; then
- echo "*** cluster should be running now ... "
-else
- echo "!!! failed to start service"
- echo "*** cleaning up, deleting cluster ... "
- gcloud container clusters delete $CLUSTER_NAME --quiet
- exit 1
-fi
-
-kubectl expose deployment $CLUSTER_NAME --type="LoadBalancer"
-if [ $? -eq 0 ]; then
- echo "*** cluster exposed via load balancer ... "
- echo "*** TO GET YOUR SERVICE's IP, run ... "
- echo "$ kubectl get service $CLUSTER_NAME"
-else
- echo "!!! failed to start service"
- echo "*** cleaning up, deleting cluster ... "
- gcloud container clusters delete $CLUSTER_NAME --quiet
- exit 1
-fi