Adding more trace logging during the loading of the plugins

webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java

@@ -31,6 +31,7 @@
 package org.owasp.webgoat;
 
 import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
 import org.owasp.webgoat.plugins.Plugin;
 import org.owasp.webgoat.plugins.PluginClassLoader;
 import org.owasp.webgoat.plugins.PluginEndpointPublisher;
@@ -53,6 +54,7 @@ import java.io.File;
 import java.util.List;
 
 @SpringBootApplication
+@Slf4j
 public class WebGoat extends SpringBootServletInitializer {
 
     @Override
@@ -89,6 +91,13 @@ public class WebGoat extends SpringBootServletInitializer {
     public Course course(PluginsLoader pluginsLoader, PluginEndpointPublisher pluginEndpointPublisher) {
         Course course = new Course();
         List<Plugin> plugins = pluginsLoader.loadPlugins();
+        if (plugins.isEmpty()) {
+            log.error("No lessons found if you downloaded an official release of WebGoat please take the time to");
+            log.error("create a new issue at https://github.com/WebGoat/WebGoat/issues/new");
+            log.error("For developers run 'mvn package' first from the root directory.");
+            log.error("Stopping WebGoat...");
+            System.exit(1); //we always run standalone
+        }
         course.createLessonsFromPlugins(plugins);
         plugins.forEach(p -> pluginEndpointPublisher.publish(p));
 

webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java

@@ -2,6 +2,7 @@ package org.owasp.webgoat.plugins;
 
 import com.google.common.base.Optional;
 import com.google.common.collect.Lists;
+import lombok.Getter;
 import org.owasp.webgoat.lessons.AbstractLesson;
 import org.owasp.webgoat.lessons.Assignment;
 import org.owasp.webgoat.lessons.Endpoint;
@@ -22,14 +23,17 @@ import static org.owasp.webgoat.plugins.PluginFileUtils.fileEndsWith;
  */
 public class Plugin {
 
+    @Getter
+    private final String originationJar;
     private PluginClassLoader classLoader;
     private Class<NewLesson> newLesson;
     private List<Class<Assignment>> assignments = Lists.newArrayList();
     private List<Class<Endpoint>> endpoints = Lists.newArrayList();
     private List<File> pluginFiles = Lists.newArrayList();
 
-    public Plugin(PluginClassLoader classLoader) {
+    public Plugin(PluginClassLoader classLoader, String originatingJar) {
         this.classLoader = classLoader;
+        this.originationJar = originatingJar;
     }
 
     public List<Class<Assignment>> getAssignments() {

webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java

@@ -36,7 +36,7 @@ public class PluginExtractor {
      */
     public Plugin extractJarFile(final File archive, final File targetDirectory, PluginClassLoader cl) throws IOException {
         ZipFile zipFile = new ZipFile(archive);
-        Plugin plugin = new Plugin(cl);
+        Plugin plugin = new Plugin(cl, zipFile.getName());
         try {
             Enumeration<? extends ZipEntry> entries = zipFile.entries();
             while (entries.hasMoreElements()) {

webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java

@@ -56,10 +56,13 @@ public class PluginsLoader {
         List<Plugin> plugins = Lists.newArrayList();
         try {
             URL location = this.getClass().getProtectionDomain().getCodeSource().getLocation();
+            log.trace("Determining whether we run as standalone jar or as directory...");
             if (ResourceUtils.isFileURL(location)) {
-                extractToTempDirectoryFromExplodedDirectory(ResourceUtils.getFile(location));
+                log.trace("Running from directory, copying lessons from {}", location.toString());
+                extractToTargetDirectoryFromExplodedDirectory(ResourceUtils.getFile(location));
             } else {
-                extractToTempDirectoryFromJarFile(ResourceUtils.getFile(ResourceUtils.extractJarFileURL(location)));
+                log.trace("Running from standalone jar, extracting lessons from {}", location.toString());
+                extractToTargetDirectoryFromJarFile(ResourceUtils.getFile(ResourceUtils.extractJarFileURL(location)));
             }
             List<URL> jars = listJars();
             plugins = processPlugins(jars);
@@ -69,7 +72,7 @@ public class PluginsLoader {
         return plugins;
     }
 
-    private void extractToTempDirectoryFromJarFile(File jarFile) throws IOException {
+    private void extractToTargetDirectoryFromJarFile(File jarFile) throws IOException {
         ZipFile jar = new ZipFile(jarFile);
         Enumeration<? extends ZipEntry> entries = jar.entries();
         while (entries.hasMoreElements()) {
@@ -95,13 +98,15 @@ public class PluginsLoader {
                 outputStream.flush();
             }
         }
+        log.trace("Extracting {} to {}", jar.getName(), pluginTargetDirectory);
     }
 
-    private void extractToTempDirectoryFromExplodedDirectory(File directory) throws IOException {
+    private void extractToTargetDirectoryFromExplodedDirectory(File directory) throws IOException {
         Files.walkFileTree(directory.toPath(), new SimpleFileVisitor<Path>() {
             @Override
             public FileVisitResult preVisitDirectory(Path dir, BasicFileAttributes attrs) throws IOException {
                 if (dir.endsWith("plugin_lessons")) {
+                    log.trace("Copying {} to {}", dir.toString(), pluginTargetDirectory);
                     FileUtils.copyDirectory(dir.toFile(), pluginTargetDirectory);
                 }
                 return FileVisitResult.CONTINUE;
@@ -117,6 +122,7 @@ public class PluginsLoader {
             public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException {
                 if (PluginFileUtils.fileEndsWith(file, WEBGOAT_PLUGIN_EXTENSION)) {
                     jars.add(file.toUri().toURL());
+                    log.trace("Found jar file at location: {}", file.toString());
                 }
                 return FileVisitResult.CONTINUE;
             }
@@ -137,7 +143,11 @@ public class PluginsLoader {
             for (int i = 0; i < n; i++) {
                 Plugin plugin = completionService.take().get();
                 if (plugin.getLesson().isPresent()) {
+                    log.trace("Plugin jar '{}' contains a lesson, loading into WebGoat...", plugin.getOriginationJar());
                     plugins.add(plugin);
+                } else {
+                    log.trace("Plugin jar: '{}' does not contain a lesson not processing as a plugin (can be a utility jar)",
+                            plugin.getOriginationJar());
                 }
             }
             LabelProvider.updatePluginResources(

webgoat-container/src/main/java/org/owasp/webgoat/session/UserTracker.java

@@ -84,7 +84,7 @@ public class UserTracker {
 
     @SneakyThrows
     public void load() {
-        File file = new File(webgoatHome, user);
+        File file = new File(webgoatHome, user + ".progress");
         if (file.exists() && file.isFile()) {
             this.storage = (Map<String, LessonTracker>) SerializationUtils.deserialize(FileCopyUtils.copyToByteArray(file));
         }
@@ -92,7 +92,7 @@ public class UserTracker {
 
     @SneakyThrows
     private void save() {
-        File file = new File(webgoatHome, user);
+        File file = new File(webgoatHome, user + ".progress");
         FileCopyUtils.copy(SerializationUtils.serialize(this.storage), file);
     }
 

webgoat-container/src/main/resources/application.properties

@@ -8,6 +8,7 @@ server.port=8080
 logging.level.org.springframework=WARN
 logging.level.org.springframework.boot.devtools=DEBUG
 logging.level.org.owasp=DEBUG
+logging.level.org.owasp.webgoat=TRACE
 
 spring.thymeleaf.cache=false
 spring.thymeleaf.content-type=text/html