dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Introduced stanalone project which allows us to pass arguments to the Tomcat instance (eg port, address)

Browse Source
This commit is contained in:
Nanne Baars
2016-09-09 08:11:04 +02:00
parent 56bad8e087
commit b250af3564
7 changed files with 230 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pom.xml
View File

@ -164,6 +164,7 @@
<modules> <modules>
<module>webgoat-container</module> <module>webgoat-container</module>
<module>webgoat-standalone</module>
</modules> </modules>
<distributionManagement> <distributionManagement>

6
webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
View File

@ -20,6 +20,7 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import java.io.IOException; import java.io.IOException;
import java.io.PrintWriter; import java.io.PrintWriter;
import java.net.URL;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.Date; import java.util.Date;
import java.util.Locale; import java.util.Locale;
@ -243,7 +244,10 @@ public class HammerHead extends HttpServlet {
httpDateFormat.setTimeZone(TimeZone.getTimeZone("GMT")); httpDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
propertiesPath = getServletContext().getRealPath("/WEB-INF/webgoat.properties"); propertiesPath = getServletContext().getRealPath("/WEB-INF/webgoat.properties");
webgoatContext = new WebgoatContext(this); webgoatContext = new WebgoatContext(this);
logger.info("Browse to http://localhost:8080/WebGoat and happy hacking!"); URL runningStandalone = Thread.currentThread().getContextClassLoader().getResource("standalone.properties");
if (runningStandalone == null) {
logger.info("Browse to http://localhost:8080/WebGoat and happy hacking!");
}
} }
/** /**

8
webgoat-standalone/.gitignore vendored Normal file
View File

@ -0,0 +1,8 @@
target/
.idea/
*.iml
/src/main/webapp/plugin_lessons/*.jar
/src/main/webapp/plugin_extracted/*
dependency-reduced-pom.xml
src/main/webapp/users/guest.org.owasp.webgoat.lessons.BackDoors.props
/src/main/webapp/WEB-INF/lib/*.jar

31
webgoat-standalone/README.MD Normal file
View File

@ -0,0 +1,31 @@
# WebGoat standalone runner
## Introduction
This project is aimed to be the replacement for the exec-war, it contains
a simple Main.class which will start an embedded Tomcat server.
This makes it easier to change the server address and the portnumber for example.
It kind of works in the same way Spring Boot starts an embedded Tomcat server.
## Usage
For the first time make sure you run a complete build:
```Shell
mvn clean install
```
Open up your favourite IDE and run the Main.class which will start the
embedded Tomcat server.
Or in a shell:
```Shell
java -jar webgoat-standalone-<<version>>-exec.jar
```
The following command line options are available:
```
-a, --address Specify the server address, like 192.168.0.1 (default localhost)
-p, --port Specify on which port the server should run (default 6047)
```

103
webgoat-standalone/pom.xml Normal file
View File

@ -0,0 +1,103 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<name>webgoat-standalone</name>
<modelVersion>4.0.0</modelVersion>
<artifactId>webgoat-standalone</artifactId>
<parent>
<groupId>org.owasp.webgoat</groupId>
<artifactId>webgoat-parent</artifactId>
<version>7.1-SNAPSHOT</version>
</parent>
<dependencies>
<dependency>
<groupId>com.github.ryenus</groupId>
<artifactId>rop</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>org.owasp.webgoat</groupId>
<artifactId>webgoat-container</artifactId>
<version>${project.version}</version>
</dependency>
<!--************* Tomcat dependencies **************-->
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>${tomcat-catalina.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-logging-juli</artifactId>
<version>${tomcat-catalina.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<version>${tomcat-catalina.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-jasper</artifactId>
<version>${tomcat-catalina.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-jasper-el</artifactId>
<version>${tomcat-catalina.version}</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-jsp-api</artifactId>
<version>${tomcat-catalina.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>${maven-compiler-plugin.version}</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
<encoding>ISO-8859-1</encoding>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>2.3</version>
<executions>
<!-- Run shade goal on package phase -->
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
<configuration>
<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
<resource>META-INF/spring.handlers</resource>
</transformer>
<transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
<resource>META-INF/spring.schemas</resource>
</transformer>
<transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
<mainClass>org.owasp.webgoat.Main</mainClass>
</transformer>
</transformers>
<shadedArtifactAttached>true</shadedArtifactAttached>
<shadedClassifierName>exec</shadedClassifierName>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

81
webgoat-standalone/src/main/java/org/owasp/webgoat/Main.java Normal file
View File

@ -0,0 +1,81 @@
package org.owasp.webgoat;
import com.github.ryenus.rop.OptionParser;
import com.github.ryenus.rop.OptionParser.Option;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.core.StandardContext;
import org.apache.catalina.startup.Tomcat;
import org.apache.coyote.AbstractProtocol;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
import java.net.InetAddress;
import static com.github.ryenus.rop.OptionParser.Command;
/**
* ************************************************************************************************
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
* <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* <p>
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
* <p>
* Getting Source ==============
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
* <p>
*
* @author WebGoat
* @version $Id: $Id
* @since July 24, 2016
*/
@Command(name = "webgoat", descriptions = "Start the WebGoat")
public class Main {
private final Logger logger = LoggerFactory.getLogger(Main.class);
@Option(opt = {"-p", "--port"}, description = "HTTP port to use")
int port = 6047;
@Option(opt = {"-a", "--address"}, description = "Server address to use")
String address = "localhost";
void run() throws Exception {
String webappDirLocation = "webgoat-container/src/main/webapp/";
Tomcat tomcat = new Tomcat();
StandardContext ctx = (StandardContext) tomcat.addWebapp("/", new File(webappDirLocation).getAbsolutePath());
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setPort(port);
if (connector.getProtocolHandler() instanceof AbstractProtocol) {
AbstractProtocol<?> protocol = (AbstractProtocol<?>) connector.getProtocolHandler();
protocol.setAddress(InetAddress.getByName(address));
protocol.setPort(port);
}
tomcat.getService().addConnector(connector);
tomcat.start();
logger.info("Browse to http://{}:{}/WebGoat and happy hacking!", address, port);
tomcat.getServer().await();
}
public static void main(String[] args) throws Exception {
OptionParser parser = new OptionParser(Main.class);
parser.parse(args);
}
}

1
webgoat-standalone/src/main/standalone.properties Normal file
View File

@ -0,0 +1 @@
# Dummy property file to figure out whether we started as a war or as a standalone jar