From 325b96455965e2ce64234e6be9283ccb8eca7060 Mon Sep 17 00:00:00 2001
From: Daniel Kvist <daniel@danielkvist.net>
Date: Wed, 21 Oct 2015 21:57:35 +0200
Subject: [PATCH 1/4] Fix #112 deployment descriptor elements in wrong order
 and off white spacing

---
 .../src/main/webapp/WEB-INF/web.xml           | 26 +++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/webgoat-container/src/main/webapp/WEB-INF/web.xml b/webgoat-container/src/main/webapp/WEB-INF/web.xml
index f0d38c3ce..f45d4a5ab 100644
--- a/webgoat-container/src/main/webapp/WEB-INF/web.xml
+++ b/webgoat-container/src/main/webapp/WEB-INF/web.xml
@@ -26,19 +26,19 @@
          parameters, including zero.
     -->
     <context-param>
-        <param-name>email</param-name>
-        <param-value>webgoat@owasp.org</param-value>
         <description>
             The EMAIL address of the administrator to whom questions
             and comments about this application should be addressed.
         </description>
+        <param-name>email</param-name>
+        <param-value>webgoat@owasp.org</param-value>
     </context-param>
     <context-param>
-         <param-name>emaillist</param-name>
-        <param-value>owasp-webgoat@lists.owasp.org</param-value>
         <description>
             The EMAIL address of the webgoat email list
         </description>
+        <param-name>emaillist</param-name>
+        <param-value>owasp-webgoat@lists.owasp.org</param-value>
     </context-param>
     <!-- spring MVC -->
     <context-param>
@@ -73,23 +73,23 @@
          You can define any number of servlets, including zero.
     -->
     <servlet>
-        <servlet-name>AxisServlet</servlet-name>
         <display-name>Apache-Axis Servlet</display-name>
+        <servlet-name>AxisServlet</servlet-name>
         <servlet-class>
           org.apache.axis.transport.http.AxisServlet
       </servlet-class>
     </servlet>
     <servlet>
-        <servlet-name>AdminServlet</servlet-name>
         <display-name>Axis Admin Servlet</display-name>
+        <servlet-name>AdminServlet</servlet-name>
         <servlet-class>
           org.apache.axis.transport.http.AdminServlet
       </servlet-class>
         <load-on-startup>100</load-on-startup>
     </servlet>
     <servlet>
-        <servlet-name>SOAPMonitorService</servlet-name>
         <display-name>SOAPMonitorService</display-name>
+        <servlet-name>SOAPMonitorService</servlet-name>
         <servlet-class>
           org.apache.axis.monitor.SOAPMonitorService
       </servlet-class>
@@ -100,7 +100,6 @@
         <load-on-startup>100</load-on-startup>
     </servlet>
     <servlet>
-        <servlet-name>WebGoat</servlet-name>
         <description>
         This servlet plays the "controller" role in the MVC architecture
         used in this application.
@@ -110,13 +109,14 @@
         filename extension is removed).  The corresponding value is the
         name of the action class that will be used to process this request.
       </description>
+        <servlet-name>WebGoat</servlet-name>
         <servlet-class>org.owasp.webgoat.HammerHead</servlet-class>
         <init-param>
-            <param-name>email</param-name>
-            <param-value>WebGoat@owasp.org</param-value>
             <description>The EMAIL address of the administrator to whom questions
         		and comments about this application should be addressed.
       		</description>
+            <param-name>email</param-name>
+            <param-value>WebGoat@owasp.org</param-value>
         </init-param>
         <init-param>
             <param-name>debug</param-name>
@@ -172,17 +172,17 @@
         <load-on-startup>5</load-on-startup>
     </servlet>
     <servlet>
-        <servlet-name>LessonSource</servlet-name>
         <description>
         This servlet returns the Java source of the current lesson. 
       </description>
+        <servlet-name>LessonSource</servlet-name>
         <servlet-class>org.owasp.webgoat.LessonSource</servlet-class>
     </servlet>
     <servlet>
-        <servlet-name>Catcher</servlet-name>
-        <description>
+	<description>
         This servlet catches any posts and marks the appropriate lesson property. 
       </description>
+        <servlet-name>Catcher</servlet-name>
         <servlet-class>org.owasp.webgoat.Catcher</servlet-class>
     </servlet>
     <servlet>

From c1e836360f024d131cdf66bb85d0f2fdde7635f4 Mon Sep 17 00:00:00 2001
From: Daniel Kvist <daniel@danielkvist.net>
Date: Thu, 22 Oct 2015 22:14:09 +0200
Subject: [PATCH 2/4] Fix #81 to activate close button in the modal footer

---
 .../src/main/webapp/js/goatApp/view/UserAndInfoView.js          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webgoat-container/src/main/webapp/js/goatApp/view/UserAndInfoView.js b/webgoat-container/src/main/webapp/js/goatApp/view/UserAndInfoView.js
index b6ee51c86..b28d6cc6f 100644
--- a/webgoat-container/src/main/webapp/js/goatApp/view/UserAndInfoView.js
+++ b/webgoat-container/src/main/webapp/js/goatApp/view/UserAndInfoView.js
@@ -35,7 +35,7 @@ function($,
 
 		showAboutModal: function() {
 			$('#about-modal').show(400);
-			$('#about-modal div.modal-header button.close').unbind('click').on('click', function() {
+			$('#about-modal div.modal-header button.close, #about-modal div.modal-footer button').unbind('click').on('click', function() {
 				$('#about-modal').hide(200);
 			});
 		}

From 010a67744cc68fece520d7a037733d7666ef2867 Mon Sep 17 00:00:00 2001
From: Doug Morato <dm@corp.io>
Date: Thu, 22 Oct 2015 18:51:34 -0400
Subject: [PATCH 3/4] Copy output and target info upload to S3 folder

Instead of moving the the jar and war files from target, copy these files and the target direcotry into the WEBGOAT_ARTIFACTS_FOLDER so it's all uploaded to S3

Signed-off-by: Doug Morato <dm@corp.io>
---
 .travis.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 8ead83a9b..7a7829bf0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -14,11 +14,13 @@ before_deploy:
   - export WEBGOAT_JAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.jar
   - export WEBGOAT_JAR_EXEC_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION-war-exec.jar
   - export WEBGOAT_WAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.war
+  - export WEBGOAT_CONTAINTER_TARGET_DIR=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target
   - export WEBGOAT_ARTIFACTS_FOLDER=$HOME/build/$TRAVIS_REPO_SLUG/Deployable_Artifacts/
   - mkdir $WEBGOAT_ARTIFACTS_FOLDER
-  - mv $WEBGOAT_JAR_EXEC_FILE $WEBGOAT_ARTIFACTS_FOLDER
-  - mv $WEBGOAT_JAR_FILE $WEBGOAT_ARTIFACTS_FOLDER
-  - mv $WEBGOAT_WAR_FILE $WEBGOAT_ARTIFACTS_FOLDER
+  - cp -fa $WEBGOAT_JAR_EXEC_FILE $WEBGOAT_ARTIFACTS_FOLDER
+  - cp -fa $WEBGOAT_JAR_FILE $WEBGOAT_ARTIFACTS_FOLDER
+  - cp -fa $WEBGOAT_WAR_FILE $WEBGOAT_ARTIFACTS_FOLDER
+  - cp -fa $WEBGOAT_CONTAINTER_TARGET_DIR/* $WEBGOAT_ARTIFACTS_FOLDER
   - echo "Contents of artifcts folder:"
   - ls $WEBGOAT_ARTIFACTS_FOLDER
 deploy:
@@ -39,8 +41,6 @@ notifications:
     secure: S9VFew5NSE8WDzYD1VDBUULKKT0fzgblQACznwQ85699b2yeX9TX58N3RZvRS1JVagVP1wu2xOrwN2g+AWx4Ro3UBZD5XG86uTJWpCLD4cRWHBoGMH2TfvI7/IzsWmgxH4MBxFRvZr/eEhlVAux+N9H4EoEdS4CKsJXEqV37PlA=
 env:
   global:
-   # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created
-   #   via the "travis encrypt" command using the project repo's public key
    - secure: "ZLZKz6lGt8YZ+NhkZPBAlI235+lEmu37Tcf+yTwh5yXuHAlnvvF6hPui7rANA/stbYGOIqIdhGOXbdrwyTU4Pvg78VwJOwsa9RtHJfou3pg4Ud9i0/dEeVl8aakmg2HDaWYGcFox8X1ViVc5UWjuBLztfJKQUEx0buJoWdMSf2E="
 addons:
   sauce_connect: true

From 060b0cd8faf75bf1d37cdd8b216b4dd2e081e1fe Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Fri, 23 Oct 2015 06:54:14 +0200
Subject: [PATCH 4/4]  Logging in sometimes goes to report card and misses
 category-menu #114

---
 .../main/java/org/owasp/webgoat/plugins/PluginsLoader.java | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
index c14bf7817..47f533e91 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
@@ -13,7 +13,6 @@ import java.net.URL;
 import java.nio.file.FileVisitResult;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.nio.file.Paths;
 import java.nio.file.SimpleFileVisitor;
 import java.nio.file.attribute.BasicFileAttributes;
 import java.util.List;
@@ -56,13 +55,9 @@ public class PluginsLoader {
             if (!alreadyLoaded) {
                 WebappClassLoader cl = (WebappClassLoader) Thread.currentThread().getContextClassLoader();
                 cl.setAntiJARLocking(true);
-
                 List<URL> jars = listJars();
-
-                Path webInfLib = pluginTarget.getParent().resolve(cl.getJarPath().replaceFirst("\\/", ""));
                 for (URL jar : jars) {
-                    Path sourceJarFile = Paths.get(jar.toURI());
-                    FileUtils.copyFileToDirectory(sourceJarFile.toFile(), webInfLib.toFile());
+                    cl.addRepository(jar.toString());
                 }
                 alreadyLoaded = true;
             }