dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

Browse Source
This commit is contained in:
Jason White 2015-10-24 09:12:02 -05:00
commit d52dfe87c4
4 changed files with 20 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.travis.yml
View File

@ -14,11 +14,13 @@ before_deploy:
- export WEBGOAT_JAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.jar - export WEBGOAT_JAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.jar
- export WEBGOAT_JAR_EXEC_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION-war-exec.jar - export WEBGOAT_JAR_EXEC_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION-war-exec.jar
- export WEBGOAT_WAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.war - export WEBGOAT_WAR_FILE=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target/webgoat-container-$WEBGOAT_ARTIFACT_VERSION.war
- export WEBGOAT_CONTAINTER_TARGET_DIR=$HOME/build/$TRAVIS_REPO_SLUG/webgoat-container/target
- export WEBGOAT_ARTIFACTS_FOLDER=$HOME/build/$TRAVIS_REPO_SLUG/Deployable_Artifacts/ - export WEBGOAT_ARTIFACTS_FOLDER=$HOME/build/$TRAVIS_REPO_SLUG/Deployable_Artifacts/
- mkdir $WEBGOAT_ARTIFACTS_FOLDER - mkdir $WEBGOAT_ARTIFACTS_FOLDER
- mv $WEBGOAT_JAR_EXEC_FILE $WEBGOAT_ARTIFACTS_FOLDER - cp -fa $WEBGOAT_JAR_EXEC_FILE $WEBGOAT_ARTIFACTS_FOLDER
- mv $WEBGOAT_JAR_FILE $WEBGOAT_ARTIFACTS_FOLDER - cp -fa $WEBGOAT_JAR_FILE $WEBGOAT_ARTIFACTS_FOLDER
- mv $WEBGOAT_WAR_FILE $WEBGOAT_ARTIFACTS_FOLDER - cp -fa $WEBGOAT_WAR_FILE $WEBGOAT_ARTIFACTS_FOLDER
- cp -fa $WEBGOAT_CONTAINTER_TARGET_DIR/* $WEBGOAT_ARTIFACTS_FOLDER
- echo "Contents of artifcts folder:" - echo "Contents of artifcts folder:"
- ls $WEBGOAT_ARTIFACTS_FOLDER - ls $WEBGOAT_ARTIFACTS_FOLDER
deploy: deploy:
@ -39,8 +41,6 @@ notifications:
secure: S9VFew5NSE8WDzYD1VDBUULKKT0fzgblQACznwQ85699b2yeX9TX58N3RZvRS1JVagVP1wu2xOrwN2g+AWx4Ro3UBZD5XG86uTJWpCLD4cRWHBoGMH2TfvI7/IzsWmgxH4MBxFRvZr/eEhlVAux+N9H4EoEdS4CKsJXEqV37PlA= secure: S9VFew5NSE8WDzYD1VDBUULKKT0fzgblQACznwQ85699b2yeX9TX58N3RZvRS1JVagVP1wu2xOrwN2g+AWx4Ro3UBZD5XG86uTJWpCLD4cRWHBoGMH2TfvI7/IzsWmgxH4MBxFRvZr/eEhlVAux+N9H4EoEdS4CKsJXEqV37PlA=
env: env:
global: global:
# The next declaration is the encrypted COVERITY_SCAN_TOKEN, created
# via the "travis encrypt" command using the project repo's public key
- secure: "ZLZKz6lGt8YZ+NhkZPBAlI235+lEmu37Tcf+yTwh5yXuHAlnvvF6hPui7rANA/stbYGOIqIdhGOXbdrwyTU4Pvg78VwJOwsa9RtHJfou3pg4Ud9i0/dEeVl8aakmg2HDaWYGcFox8X1ViVc5UWjuBLztfJKQUEx0buJoWdMSf2E=" - secure: "ZLZKz6lGt8YZ+NhkZPBAlI235+lEmu37Tcf+yTwh5yXuHAlnvvF6hPui7rANA/stbYGOIqIdhGOXbdrwyTU4Pvg78VwJOwsa9RtHJfou3pg4Ud9i0/dEeVl8aakmg2HDaWYGcFox8X1ViVc5UWjuBLztfJKQUEx0buJoWdMSf2E="
addons: addons:
sauce_connect: true sauce_connect: true

7
webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
View File

@ -13,7 +13,6 @@ import java.net.URL;
import java.nio.file.FileVisitResult; import java.nio.file.FileVisitResult;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.SimpleFileVisitor; import java.nio.file.SimpleFileVisitor;
import java.nio.file.attribute.BasicFileAttributes; import java.nio.file.attribute.BasicFileAttributes;
import java.util.List; import java.util.List;
@ -56,13 +55,9 @@ public class PluginsLoader {
if (!alreadyLoaded) { if (!alreadyLoaded) {
WebappClassLoader cl = (WebappClassLoader) Thread.currentThread().getContextClassLoader(); WebappClassLoader cl = (WebappClassLoader) Thread.currentThread().getContextClassLoader();
cl.setAntiJARLocking(true); cl.setAntiJARLocking(true);
List<URL> jars = listJars(); List<URL> jars = listJars();
Path webInfLib = pluginTarget.getParent().resolve(cl.getJarPath().replaceFirst("\\/", ""));
for (URL jar : jars) { for (URL jar : jars) {
Path sourceJarFile = Paths.get(jar.toURI()); cl.addRepository(jar.toString());
FileUtils.copyFileToDirectory(sourceJarFile.toFile(), webInfLib.toFile());
} }
alreadyLoaded = true; alreadyLoaded = true;
} }

26
webgoat-container/src/main/webapp/WEB-INF/web.xml
View File

@ -26,19 +26,19 @@
parameters, including zero. parameters, including zero.
--> -->
<context-param> <context-param>
<param-name>email</param-name>
<param-value>webgoat@owasp.org</param-value>
<description> <description>
The EMAIL address of the administrator to whom questions The EMAIL address of the administrator to whom questions
and comments about this application should be addressed. and comments about this application should be addressed.
</description> </description>
<param-name>email</param-name>
<param-value>webgoat@owasp.org</param-value>
</context-param> </context-param>
<context-param> <context-param>
<param-name>emaillist</param-name>
<param-value>owasp-webgoat@lists.owasp.org</param-value>
<description> <description>
The EMAIL address of the webgoat email list The EMAIL address of the webgoat email list
</description> </description>
<param-name>emaillist</param-name>
<param-value>owasp-webgoat@lists.owasp.org</param-value>
</context-param> </context-param>
<!-- spring MVC --> <!-- spring MVC -->
<context-param> <context-param>
@ -73,23 +73,23 @@
You can define any number of servlets, including zero. You can define any number of servlets, including zero.
--> -->
<servlet> <servlet>
<servlet-name>AxisServlet</servlet-name>
<display-name>Apache-Axis Servlet</display-name> <display-name>Apache-Axis Servlet</display-name>
<servlet-name>AxisServlet</servlet-name>
<servlet-class> <servlet-class>
org.apache.axis.transport.http.AxisServlet org.apache.axis.transport.http.AxisServlet
</servlet-class> </servlet-class>
</servlet> </servlet>
<servlet> <servlet>
<servlet-name>AdminServlet</servlet-name>
<display-name>Axis Admin Servlet</display-name> <display-name>Axis Admin Servlet</display-name>
<servlet-name>AdminServlet</servlet-name>
<servlet-class> <servlet-class>
org.apache.axis.transport.http.AdminServlet org.apache.axis.transport.http.AdminServlet
</servlet-class> </servlet-class>
<load-on-startup>100</load-on-startup> <load-on-startup>100</load-on-startup>
</servlet> </servlet>
<servlet> <servlet>
<servlet-name>SOAPMonitorService</servlet-name>
<display-name>SOAPMonitorService</display-name> <display-name>SOAPMonitorService</display-name>
<servlet-name>SOAPMonitorService</servlet-name>
<servlet-class> <servlet-class>
org.apache.axis.monitor.SOAPMonitorService org.apache.axis.monitor.SOAPMonitorService
</servlet-class> </servlet-class>
@ -100,7 +100,6 @@
<load-on-startup>100</load-on-startup> <load-on-startup>100</load-on-startup>
</servlet> </servlet>
<servlet> <servlet>
<servlet-name>WebGoat</servlet-name>
<description> <description>
This servlet plays the "controller" role in the MVC architecture This servlet plays the "controller" role in the MVC architecture
used in this application. used in this application.
@ -110,13 +109,14 @@
filename extension is removed). The corresponding value is the filename extension is removed). The corresponding value is the
name of the action class that will be used to process this request. name of the action class that will be used to process this request.
</description> </description>
<servlet-name>WebGoat</servlet-name>
<servlet-class>org.owasp.webgoat.HammerHead</servlet-class> <servlet-class>org.owasp.webgoat.HammerHead</servlet-class>
<init-param> <init-param>
<param-name>email</param-name>
<param-value>WebGoat@owasp.org</param-value>
<description>The EMAIL address of the administrator to whom questions <description>The EMAIL address of the administrator to whom questions
and comments about this application should be addressed. and comments about this application should be addressed.
</description> </description>
<param-name>email</param-name>
<param-value>WebGoat@owasp.org</param-value>
</init-param> </init-param>
<init-param> <init-param>
<param-name>debug</param-name> <param-name>debug</param-name>
@ -172,17 +172,17 @@
<load-on-startup>5</load-on-startup> <load-on-startup>5</load-on-startup>
</servlet> </servlet>
<servlet> <servlet>
<servlet-name>LessonSource</servlet-name>
<description> <description>
This servlet returns the Java source of the current lesson. This servlet returns the Java source of the current lesson.
</description> </description>
<servlet-name>LessonSource</servlet-name>
<servlet-class>org.owasp.webgoat.LessonSource</servlet-class> <servlet-class>org.owasp.webgoat.LessonSource</servlet-class>
</servlet> </servlet>
<servlet> <servlet>
<servlet-name>Catcher</servlet-name> <description>
<description>
This servlet catches any posts and marks the appropriate lesson property. This servlet catches any posts and marks the appropriate lesson property.
</description> </description>
<servlet-name>Catcher</servlet-name>
<servlet-class>org.owasp.webgoat.Catcher</servlet-class> <servlet-class>org.owasp.webgoat.Catcher</servlet-class>
</servlet> </servlet>
<servlet> <servlet>

2
webgoat-container/src/main/webapp/js/goatApp/view/UserAndInfoView.js
View File

@ -35,7 +35,7 @@ function($,
showAboutModal: function() { showAboutModal: function() {
$('#about-modal').show(400); $('#about-modal').show(400);
$('#about-modal div.modal-header button.close').unbind('click').on('click', function() { $('#about-modal div.modal-header button.close, #about-modal div.modal-footer button').unbind('click').on('click', function() {
$('#about-modal').hide(200); $('#about-modal').hide(200);
}); });
} }