From b250af3564ce0ab91ed809d2184059ec596fb973 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Fri, 9 Sep 2016 08:11:04 +0200
Subject: [PATCH] Introduced stanalone project which allows us to pass
 arguments to the Tomcat instance (eg port, address)

---
 pom.xml                                       |   1 +
 .../java/org/owasp/webgoat/HammerHead.java    |   6 +-
 webgoat-standalone/.gitignore                 |   8 ++
 webgoat-standalone/README.MD                  |  31 ++++++
 webgoat-standalone/pom.xml                    | 103 ++++++++++++++++++
 .../src/main/java/org/owasp/webgoat/Main.java |  81 ++++++++++++++
 .../src/main/standalone.properties            |   1 +
 7 files changed, 230 insertions(+), 1 deletion(-)
 create mode 100644 webgoat-standalone/.gitignore
 create mode 100644 webgoat-standalone/README.MD
 create mode 100644 webgoat-standalone/pom.xml
 create mode 100644 webgoat-standalone/src/main/java/org/owasp/webgoat/Main.java
 create mode 100644 webgoat-standalone/src/main/standalone.properties

diff --git a/pom.xml b/pom.xml
index 35694f036..c8d02b597 100644
--- a/pom.xml
+++ b/pom.xml
@@ -164,6 +164,7 @@
 
     <modules>
         <module>webgoat-container</module>
+        <module>webgoat-standalone</module>
     </modules>
 
     <distributionManagement>
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java b/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
index 8af97ff56..d870a8a49 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
@@ -20,6 +20,7 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.net.URL;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.Locale;
@@ -243,7 +244,10 @@ public class HammerHead extends HttpServlet {
         httpDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
         propertiesPath = getServletContext().getRealPath("/WEB-INF/webgoat.properties");
         webgoatContext = new WebgoatContext(this);
-        logger.info("Browse to http://localhost:8080/WebGoat and happy hacking!");
+        URL runningStandalone = Thread.currentThread().getContextClassLoader().getResource("standalone.properties");
+        if (runningStandalone == null) {
+            logger.info("Browse to http://localhost:8080/WebGoat and happy hacking!");
+        }
     }
 
     /**
diff --git a/webgoat-standalone/.gitignore b/webgoat-standalone/.gitignore
new file mode 100644
index 000000000..6503556df
--- /dev/null
+++ b/webgoat-standalone/.gitignore
@@ -0,0 +1,8 @@
+target/
+.idea/
+*.iml
+/src/main/webapp/plugin_lessons/*.jar
+/src/main/webapp/plugin_extracted/*
+dependency-reduced-pom.xml
+src/main/webapp/users/guest.org.owasp.webgoat.lessons.BackDoors.props
+/src/main/webapp/WEB-INF/lib/*.jar
\ No newline at end of file
diff --git a/webgoat-standalone/README.MD b/webgoat-standalone/README.MD
new file mode 100644
index 000000000..334d6332f
--- /dev/null
+++ b/webgoat-standalone/README.MD
@@ -0,0 +1,31 @@
+# WebGoat standalone runner
+
+## Introduction
+This project is aimed to be the replacement for the exec-war, it contains
+a simple Main.class which will start an embedded Tomcat server.
+This makes it easier to change the server address and the portnumber for example.
+It kind of works in the same way Spring Boot starts an embedded Tomcat server.
+
+## Usage
+
+For the first time make sure you run a complete build:
+
+```Shell
+mvn clean install
+```
+
+Open up your favourite IDE and run the Main.class which will start the
+embedded Tomcat server.
+
+Or in a shell:
+
+```Shell
+java -jar webgoat-standalone-<<version>>-exec.jar
+```
+
+The following command line options are available:
+
+```
+-a, --address Specify the server address, like 192.168.0.1 (default localhost)
+-p, --port    Specify on which port the server should run (default 6047)
+```
\ No newline at end of file
diff --git a/webgoat-standalone/pom.xml b/webgoat-standalone/pom.xml
new file mode 100644
index 000000000..d84aa2fae
--- /dev/null
+++ b/webgoat-standalone/pom.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <name>webgoat-standalone</name>
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>webgoat-standalone</artifactId>
+
+    <parent>
+        <groupId>org.owasp.webgoat</groupId>
+        <artifactId>webgoat-parent</artifactId>
+        <version>7.1-SNAPSHOT</version>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.github.ryenus</groupId>
+            <artifactId>rop</artifactId>
+            <version>1.1.1</version>
+        </dependency>
+        <dependency>
+            <groupId>org.owasp.webgoat</groupId>
+            <artifactId>webgoat-container</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <!--************* Tomcat dependencies **************-->
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-core</artifactId>
+            <version>${tomcat-catalina.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-logging-juli</artifactId>
+            <version>${tomcat-catalina.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-jasper</artifactId>
+            <version>${tomcat-catalina.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-jasper</artifactId>
+            <version>${tomcat-catalina.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-jasper-el</artifactId>
+            <version>${tomcat-catalina.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-jsp-api</artifactId>
+            <version>${tomcat-catalina.version}</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>${maven-compiler-plugin.version}</version>
+                <configuration>
+                    <source>1.7</source>
+                    <target>1.7</target>
+                    <encoding>ISO-8859-1</encoding>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <version>2.3</version>
+                <executions>
+                    <!-- Run shade goal on package phase -->
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                        <configuration>
+                            <transformers>
+                                <transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
+                                    <resource>META-INF/spring.handlers</resource>
+                                </transformer>
+                                <transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
+                                    <resource>META-INF/spring.schemas</resource>
+                                </transformer>
+                                <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
+                                    <mainClass>org.owasp.webgoat.Main</mainClass>
+                                </transformer>
+                            </transformers>
+                            <shadedArtifactAttached>true</shadedArtifactAttached>
+                            <shadedClassifierName>exec</shadedClassifierName>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/webgoat-standalone/src/main/java/org/owasp/webgoat/Main.java b/webgoat-standalone/src/main/java/org/owasp/webgoat/Main.java
new file mode 100644
index 000000000..76e4aa37e
--- /dev/null
+++ b/webgoat-standalone/src/main/java/org/owasp/webgoat/Main.java
@@ -0,0 +1,81 @@
+package org.owasp.webgoat;
+
+import com.github.ryenus.rop.OptionParser;
+import com.github.ryenus.rop.OptionParser.Option;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.core.StandardContext;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.coyote.AbstractProtocol;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.net.InetAddress;
+
+import static com.github.ryenus.rop.OptionParser.Command;
+
+/**
+ * ************************************************************************************************
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ * <p>
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * <p>
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ * <p>
+ * Getting Source ==============
+ * <p>
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ * <p>
+ *
+ * @author WebGoat
+ * @version $Id: $Id
+ * @since July 24, 2016
+ */
+@Command(name = "webgoat", descriptions = "Start the WebGoat")
+public class Main {
+
+    private final Logger logger = LoggerFactory.getLogger(Main.class);
+
+    @Option(opt = {"-p", "--port"}, description = "HTTP port to use")
+    int port = 6047;
+
+    @Option(opt = {"-a", "--address"}, description = "Server address to use")
+    String address = "localhost";
+
+    void run() throws Exception {
+        String webappDirLocation = "webgoat-container/src/main/webapp/";
+        Tomcat tomcat = new Tomcat();
+        StandardContext ctx = (StandardContext) tomcat.addWebapp("/", new File(webappDirLocation).getAbsolutePath());
+
+        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
+        connector.setPort(port);
+
+        if (connector.getProtocolHandler() instanceof AbstractProtocol) {
+            AbstractProtocol<?> protocol = (AbstractProtocol<?>) connector.getProtocolHandler();
+            protocol.setAddress(InetAddress.getByName(address));
+            protocol.setPort(port);
+        }
+        tomcat.getService().addConnector(connector);
+        tomcat.start();
+        logger.info("Browse to http://{}:{}/WebGoat and happy hacking!", address, port);
+        tomcat.getServer().await();
+    }
+
+
+    public static void main(String[] args) throws Exception {
+        OptionParser parser = new OptionParser(Main.class);
+        parser.parse(args);
+    }
+}
\ No newline at end of file
diff --git a/webgoat-standalone/src/main/standalone.properties b/webgoat-standalone/src/main/standalone.properties
new file mode 100644
index 000000000..12be50b78
--- /dev/null
+++ b/webgoat-standalone/src/main/standalone.properties
@@ -0,0 +1 @@
+# Dummy property file to figure out whether we started as a war or as a standalone jar
\ No newline at end of file