From c7c2a61f658ebcf2b669359707ba2d39614a85f9 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Mon, 4 Dec 2023 07:59:29 +0100
Subject: [PATCH] chore: fix startup message (#1687)

Since we use two application context, the event listener would print out the last one with the WebWolf context. As WebWolf is part of WebGoat we should not refer to it anymore during startup as users should always go to WebGoat first.
---
 .../container/DatabaseConfiguration.java      |  2 -
 .../owasp/webgoat/server/StartWebGoat.java    | 32 +++++++----
 .../owasp/webgoat/server/StartupMessage.java  | 55 -------------------
 .../resources/application-webgoat.properties  |  3 +-
 4 files changed, 24 insertions(+), 68 deletions(-)
 delete mode 100644 src/main/java/org/owasp/webgoat/server/StartupMessage.java

diff --git a/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java b/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java
index 65d0b144e..95e750a36 100644
--- a/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java
+++ b/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java
@@ -6,7 +6,6 @@ import javax.sql.DataSource;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.flywaydb.core.Flyway;
-import org.owasp.webgoat.container.lessons.LessonScanner;
 import org.owasp.webgoat.container.service.RestartLessonService;
 import org.springframework.boot.autoconfigure.jdbc.DataSourceProperties;
 import org.springframework.context.annotation.Bean;
@@ -20,7 +19,6 @@ import org.springframework.jdbc.datasource.DriverManagerDataSource;
 public class DatabaseConfiguration {
 
   private final DataSourceProperties properties;
-  private final LessonScanner lessonScanner;
 
   @Bean
   @Primary
diff --git a/src/main/java/org/owasp/webgoat/server/StartWebGoat.java b/src/main/java/org/owasp/webgoat/server/StartWebGoat.java
index 54c9b8929..2e87ef20e 100644
--- a/src/main/java/org/owasp/webgoat/server/StartWebGoat.java
+++ b/src/main/java/org/owasp/webgoat/server/StartWebGoat.java
@@ -25,24 +25,36 @@
 
 package org.owasp.webgoat.server;
 
+import lombok.extern.slf4j.Slf4j;
 import org.owasp.webgoat.container.WebGoat;
 import org.owasp.webgoat.webwolf.WebWolf;
 import org.springframework.boot.Banner;
 import org.springframework.boot.WebApplicationType;
 import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.context.ApplicationContext;
 
+@Slf4j
 public class StartWebGoat {
 
   public static void main(String[] args) {
-    new SpringApplicationBuilder()
-        .parent(ParentConfig.class)
-        .web(WebApplicationType.NONE)
-        .bannerMode(Banner.Mode.OFF)
-        .child(WebGoat.class)
-        .web(WebApplicationType.SERVLET)
-        .sibling(WebWolf.class)
-        .bannerMode(Banner.Mode.OFF)
-        .web(WebApplicationType.SERVLET)
-        .run(args);
+    var parentBuilder =
+        new SpringApplicationBuilder()
+            .parent(ParentConfig.class)
+            .web(WebApplicationType.NONE)
+            .bannerMode(Banner.Mode.OFF);
+    parentBuilder.child(WebWolf.class).web(WebApplicationType.SERVLET).run(args);
+    ApplicationContext webGoatContext =
+        parentBuilder.child(WebGoat.class).web(WebApplicationType.SERVLET).run(args);
+
+    printStartUpMessage(webGoatContext);
+  }
+
+  private static void printStartUpMessage(ApplicationContext webGoatContext) {
+    var url = webGoatContext.getEnvironment().getProperty("webgoat.url");
+    var sslEnabled =
+        webGoatContext.getEnvironment().getProperty("server.ssl.enabled", Boolean.class);
+    log.warn(
+        "Please browse to " + "{} to start using WebGoat...",
+        sslEnabled ? url.replace("http", "https") : url);
   }
 }
diff --git a/src/main/java/org/owasp/webgoat/server/StartupMessage.java b/src/main/java/org/owasp/webgoat/server/StartupMessage.java
deleted file mode 100644
index 7273ed77b..000000000
--- a/src/main/java/org/owasp/webgoat/server/StartupMessage.java
+++ /dev/null
@@ -1,55 +0,0 @@
-package org.owasp.webgoat.server;
-
-import lombok.NoArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.boot.context.event.ApplicationReadyEvent;
-import org.springframework.context.event.ContextStoppedEvent;
-import org.springframework.context.event.EventListener;
-import org.springframework.stereotype.Component;
-import org.springframework.util.StringUtils;
-
-@Component
-@Slf4j
-@NoArgsConstructor
-public class StartupMessage {
-
-  private String port;
-  private String address;
-  private String contextPath;
-
-  private String applicationName;
-
-  private static boolean useSSL =
-      Boolean.valueOf(System.getenv().getOrDefault("WEBGOAT_SSLENABLED", "true"));
-
-  @EventListener
-  void onStartup(ApplicationReadyEvent event) {
-
-    port = event.getApplicationContext().getEnvironment().getProperty("server.port");
-    address = event.getApplicationContext().getEnvironment().getProperty("server.address");
-    contextPath =
-        event.getApplicationContext().getEnvironment().getProperty("server.servlet.context-path");
-    applicationName =
-        event.getApplicationContext().getEnvironment().getProperty("spring.application.name");
-    if (StringUtils.hasText(applicationName)) {
-      if (applicationName.equals("WebGoat")) {
-        log.warn(
-            "Please browse to "
-                + (useSSL ? "https://" : "http://")
-                + "{}:{}{} to start using WebGoat...",
-            event.getApplicationContext().getEnvironment().getProperty("webgoat.host"),
-            port,
-            contextPath);
-      } else {
-        log.warn(
-            "Please browse to http://{}:{}{} to start using WebWolf...",
-            event.getApplicationContext().getEnvironment().getProperty("webwolf.host"),
-            port,
-            contextPath);
-      }
-    }
-  }
-
-  @EventListener
-  void onShutdown(ContextStoppedEvent event) {}
-}
diff --git a/src/main/resources/application-webgoat.properties b/src/main/resources/application-webgoat.properties
index aefde2765..b394e77c0 100644
--- a/src/main/resources/application-webgoat.properties
+++ b/src/main/resources/application-webgoat.properties
@@ -3,7 +3,7 @@ server.error.path=/error.html
 server.servlet.context-path=${WEBGOAT_CONTEXT:/WebGoat}
 server.servlet.session.persistent=false
 server.port=${WEBGOAT_PORT:8080}
-server.address=0.0.0.0
+server.address=${WEBGOAT_HOST:127.0.0.1}
 webgoat.host=${WEBGOAT_HOST:127.0.0.1}
 webgoat.port=${WEBGOAT_PORT:8080}
 webgoat.context=${WEBGOAT_CONTEXT:/WebGoat}
@@ -43,6 +43,7 @@ webgoat.feedback.address=webgoat@owasp.org
 webgoat.feedback.address.html=<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>
 webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
 webgoat.default.language=en
+webgoat.url=http://${server.address}:${server.port}${server.servlet.context-path}
 
 webwolf.host=${WEBWOLF_HOST:127.0.0.1}
 webwolf.port=${WEBWOLF_PORT:9090}