diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java index a00509665..edaf68ce5 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java @@ -31,6 +31,7 @@ package org.owasp.webgoat; import lombok.SneakyThrows; +import lombok.extern.slf4j.Slf4j; import org.owasp.webgoat.plugins.Plugin; import org.owasp.webgoat.plugins.PluginClassLoader; import org.owasp.webgoat.plugins.PluginEndpointPublisher; @@ -53,6 +54,7 @@ import java.io.File; import java.util.List; @SpringBootApplication +@Slf4j public class WebGoat extends SpringBootServletInitializer { @Override @@ -89,6 +91,13 @@ public class WebGoat extends SpringBootServletInitializer { public Course course(PluginsLoader pluginsLoader, PluginEndpointPublisher pluginEndpointPublisher) { Course course = new Course(); List plugins = pluginsLoader.loadPlugins(); + if (plugins.isEmpty()) { + log.error("No lessons found if you downloaded an official release of WebGoat please take the time to"); + log.error("create a new issue at https://github.com/WebGoat/WebGoat/issues/new"); + log.error("For developers run 'mvn package' first from the root directory."); + log.error("Stopping WebGoat..."); + System.exit(1); //we always run standalone + } course.createLessonsFromPlugins(plugins); plugins.forEach(p -> pluginEndpointPublisher.publish(p)); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java index dac0619be..4c4d36bb7 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java @@ -2,6 +2,7 @@ package org.owasp.webgoat.plugins; import com.google.common.base.Optional; import com.google.common.collect.Lists; +import lombok.Getter; import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.Endpoint; @@ -22,14 +23,17 @@ import static org.owasp.webgoat.plugins.PluginFileUtils.fileEndsWith; */ public class Plugin { + @Getter + private final String originationJar; private PluginClassLoader classLoader; private Class newLesson; private List> assignments = Lists.newArrayList(); private List> endpoints = Lists.newArrayList(); private List pluginFiles = Lists.newArrayList(); - public Plugin(PluginClassLoader classLoader) { + public Plugin(PluginClassLoader classLoader, String originatingJar) { this.classLoader = classLoader; + this.originationJar = originatingJar; } public List> getAssignments() { diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java index 8c176ecb2..fef9b13d6 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java @@ -36,7 +36,7 @@ public class PluginExtractor { */ public Plugin extractJarFile(final File archive, final File targetDirectory, PluginClassLoader cl) throws IOException { ZipFile zipFile = new ZipFile(archive); - Plugin plugin = new Plugin(cl); + Plugin plugin = new Plugin(cl, zipFile.getName()); try { Enumeration entries = zipFile.entries(); while (entries.hasMoreElements()) { diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java index 5139a19f7..35e2677fb 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java @@ -56,10 +56,13 @@ public class PluginsLoader { List plugins = Lists.newArrayList(); try { URL location = this.getClass().getProtectionDomain().getCodeSource().getLocation(); + log.trace("Determining whether we run as standalone jar or as directory..."); if (ResourceUtils.isFileURL(location)) { - extractToTempDirectoryFromExplodedDirectory(ResourceUtils.getFile(location)); + log.trace("Running from directory, copying lessons from {}", location.toString()); + extractToTargetDirectoryFromExplodedDirectory(ResourceUtils.getFile(location)); } else { - extractToTempDirectoryFromJarFile(ResourceUtils.getFile(ResourceUtils.extractJarFileURL(location))); + log.trace("Running from standalone jar, extracting lessons from {}", location.toString()); + extractToTargetDirectoryFromJarFile(ResourceUtils.getFile(ResourceUtils.extractJarFileURL(location))); } List jars = listJars(); plugins = processPlugins(jars); @@ -69,7 +72,7 @@ public class PluginsLoader { return plugins; } - private void extractToTempDirectoryFromJarFile(File jarFile) throws IOException { + private void extractToTargetDirectoryFromJarFile(File jarFile) throws IOException { ZipFile jar = new ZipFile(jarFile); Enumeration entries = jar.entries(); while (entries.hasMoreElements()) { @@ -95,13 +98,15 @@ public class PluginsLoader { outputStream.flush(); } } + log.trace("Extracting {} to {}", jar.getName(), pluginTargetDirectory); } - private void extractToTempDirectoryFromExplodedDirectory(File directory) throws IOException { + private void extractToTargetDirectoryFromExplodedDirectory(File directory) throws IOException { Files.walkFileTree(directory.toPath(), new SimpleFileVisitor() { @Override public FileVisitResult preVisitDirectory(Path dir, BasicFileAttributes attrs) throws IOException { if (dir.endsWith("plugin_lessons")) { + log.trace("Copying {} to {}", dir.toString(), pluginTargetDirectory); FileUtils.copyDirectory(dir.toFile(), pluginTargetDirectory); } return FileVisitResult.CONTINUE; @@ -117,6 +122,7 @@ public class PluginsLoader { public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException { if (PluginFileUtils.fileEndsWith(file, WEBGOAT_PLUGIN_EXTENSION)) { jars.add(file.toUri().toURL()); + log.trace("Found jar file at location: {}", file.toString()); } return FileVisitResult.CONTINUE; } @@ -137,7 +143,11 @@ public class PluginsLoader { for (int i = 0; i < n; i++) { Plugin plugin = completionService.take().get(); if (plugin.getLesson().isPresent()) { + log.trace("Plugin jar '{}' contains a lesson, loading into WebGoat...", plugin.getOriginationJar()); plugins.add(plugin); + } else { + log.trace("Plugin jar: '{}' does not contain a lesson not processing as a plugin (can be a utility jar)", + plugin.getOriginationJar()); } } LabelProvider.updatePluginResources( diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/UserTracker.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/UserTracker.java index 5e2dbdd22..cc5f76681 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/UserTracker.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/UserTracker.java @@ -84,7 +84,7 @@ public class UserTracker { @SneakyThrows public void load() { - File file = new File(webgoatHome, user); + File file = new File(webgoatHome, user + ".progress"); if (file.exists() && file.isFile()) { this.storage = (Map) SerializationUtils.deserialize(FileCopyUtils.copyToByteArray(file)); } @@ -92,7 +92,7 @@ public class UserTracker { @SneakyThrows private void save() { - File file = new File(webgoatHome, user); + File file = new File(webgoatHome, user + ".progress"); FileCopyUtils.copy(SerializationUtils.serialize(this.storage), file); } diff --git a/webgoat-container/src/main/resources/application.properties b/webgoat-container/src/main/resources/application.properties index 6f8caa3a5..57bb003a6 100644 --- a/webgoat-container/src/main/resources/application.properties +++ b/webgoat-container/src/main/resources/application.properties @@ -8,6 +8,7 @@ server.port=8080 logging.level.org.springframework=WARN logging.level.org.springframework.boot.devtools=DEBUG logging.level.org.owasp=DEBUG +logging.level.org.owasp.webgoat=TRACE spring.thymeleaf.cache=false spring.thymeleaf.content-type=text/html