Update info for OWASP build and for Release 5.0

git-svn-id: http://webgoat.googlecode.com/svn/trunk@62 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-01-22 16:03:43 +00:00 · 2007-01-22 16:03:43 +00:00 · dfdfb8bcaf
commit dfdfb8bcaf
parent 8b51818508
7 changed files with 119 additions and 105 deletions
--- a/webgoat/main/build.xml
+++ b/webgoat/main/build.xml
@ -56,9 +56,10 @@

  <property name="app.home"    		   value="${basedir}/project"/>
  <property name="app.name"    		   value="WebGoat"/>	<!-- MUST BE CONSISTENT WITH project/build.xml! -->
-  <property name="app.version"    		   value="5.0"/>		<!-- MUST BE CONSISTENT WITH project/build.xml! -->
+  <property name="app.version"    		   value="5.0-RC1"/>		<!-- MUST BE CONSISTENT WITH project/build.xml! -->
  <property name="catalina.home" 		   value="${basedir}/tomcat"/>
  <property name="dist.home"     		   value="${app.home}/dist"/>
+  <property name="dist.owasp"     		   value="${app.home}/owasp_distributions"/>
  <property name="install.home"     	   value="WebGoatClassCD"/>

 <!-- ==================== Clean Target ==================================== -->
@ -84,7 +85,9 @@
  <target name="clean_all"
   description="Delete old build, dist directories and zips">
 	<delete dir="${dist.home}"/>
+ 	<delete dir="${dist.owasp}"/>
 	<mkdir dir="${dist.home}"/>
+ 	<mkdir dir="${dist.owasp}"/>
  </target>

 <!-- ==================== Compile Target ===================================== -->
@ -189,6 +192,13 @@
 		<zip destfile="${dist.home}/Unix_${app.name}-${app.version}_Release.zip"
 			basedir=""	
 			includes="doc/, tomcat/, webgoat.sh, readme.txt"/>	
+        <!-- Add the WebGoat-x.x on the path -->
+		<unzip src="${dist.home}/Unix_${app.name}-${app.version}_Release.zip" dest="${dist.home}/temp/${app.name}-${app.version}"/>
+		<delete file="${dist.home}/Unix_${app.name}-${app.version}_Release.zip"/>
+		<zip destfile="${dist.home}/Unix_${app.name}-${app.version}_Release.zip"
+			basedir="${dist.home}/temp"/>
+		<delete dir="${dist.home}/temp" includeemptydirs="true"/>
+		
 		<move file="${dist.home}/${app.name}-${app.version}.war" tofile="${dist.home}/Unix_${app.name}-${app.version}.war"/>
 	    	<delete file="${catalina.home}/webapps/${app.name}.war"/>		 
 	</target>
@ -221,7 +231,14 @@
 		<copy file="${dist.home}/${app.name}-${app.version}.war" tofile="${catalina.home}/webapps/${app.name}.war"/>
 		<zip destfile="${dist.home}/Windows_${app.name}-${app.version}_Release.zip"
 			basedir=""
-		   	includes="doc/, java/, tomcat/, webgoat.bat, readme.txt"/>
+		   	includes="doc/, java/, tomcat/, webgoat.bat, webgoat_8080.bat, readme.txt"/>
+        <!-- Add the WebGoat-x.x on the path -->
+		<unzip src="${dist.home}/Windows_${app.name}-${app.version}_Release.zip" dest="${dist.home}/temp/${app.name}-${app.version}"/>
+		<delete file="${dist.home}/Windows_${app.name}-${app.version}_Release.zip"/>
+		<zip destfile="${dist.home}/Windows_${app.name}-${app.version}_Release.zip"
+			basedir="${dist.home}/temp"/>
+		<delete dir="${dist.home}/temp" includeemptydirs="true"/>
+		
 		<move file="${dist.home}/${app.name}-${app.version}.war" tofile="${dist.home}/Windows_${app.name}-${app.version}.war"/>
 	    	<delete file="${catalina.home}/webapps/${app.name}.war"/>	 
 	</target> 	
@ -232,7 +249,7 @@
 		<delete dir="${dist.home}/temp" includeemptydirs="true"/>
 		<zip destfile="${dist.home}/${app.name}-${app.version}_developer.zip"
 		 	basedir=""
-	    	 	includes="java/, eclipse/, tomcat/, project/JavaSource/, project/WebContent/, project/build.xml, project/doc, webgoat.bat, webgoat.sh, eclipse.bat, readme.txt, HOW*"
+	    	 	includes="java/, eclipse/, tomcat/, project/JavaSource/, project/WebContent/, project/build.xml, project/doc, webgoat.bat, webgoat_8080.bat, webgoat.sh, eclipse.bat, readme.txt, HOW*"
 	    	 	excludes="project/JavaSource/org/owasp/webgoat/lessons/instructor/, project/.*, project/WebContent/WEB-INF/webgoat-lab.properties, project/WebContent/WEB-INF/webgoat-class.properties, project/build/WEB-INF/webgoat-lab.properties, project/build/WEB-INF/webgoat-class.properties"/>
 	    	 <unzip src="${dist.home}/${app.name}-${app.version}_developer.zip" dest="${dist.home}/temp"/>
 	    	 <move file="${dist.home}/temp/project/WebContent/WEB-INF/webgoat-owasp.properties" tofile="${dist.home}/temp/project/WebContent/WEB-INF/webgoat.properties"/>
@ -257,7 +274,7 @@

 		<!-- Build the WebGoat WAR with the desired properties file -->
 		<ant dir="${app.home}" inheritAll="false">
-			<target name="WebGoatPropertiesLAB"/>
+			<target name="WebGoatPropertiesOWASP"/>
 			<target name="BuildWindowsWar"/>
 		</ant>

@ -266,25 +283,22 @@
 		<!-- Build the CD image -->
 		<zip destfile="${dist.home}/${ant.project.name}.zip">
 			<zipfileset dir="." prefix="${install.home}"
-				includes="eclipse/, java/, project/, tomcat/, webscarab/, InfoZip/, eclipse.bat, webgoat.bat, webscarab.bat"
-				excludes="project/.*, project/.settings/**, project/dist/**, project/bin/**, project/build/**"/>
-			<zipfileset src="project-student.zip" prefix="${install.home}"/>
+				includes="eclipse/, java/, project/, tomcat/, webscarab/, eclipse.bat, webgoat.bat, webgoat_8080.bat, webscarab.bat"
+				excludes="project/.*, project/.settings/**, project/dist/**, project/owasp_distributions/**, project/bin/**, project/build/**"/>
 		</zip>
-		<copy todir="${dist.home}"> 
-			<fileset dir="." includes="install.bat, uninstall.bat InfoZip/"/> 
-			<fileset dir="doc" includes="install.doc, readme.doc"/> 
-			<fileset dir="doc"> 
-				<include name="J2EE Labs Slides.ppt"/>
-			</fileset> 
-		</copy> 
-
-
 	</target> 	
 	
 	<!--Build all release -->
-	<target name="Build_OWASP_Course" depends="clean_all, BuildDev_release, BuildUnixWar_release, BuildWindowsWar_release"
+	<target name="Build_OWASP_Release" depends="clean_all"
 		   description="Creates all binary distributions for OWASP">
-		<copy file="${basedir}/readme.txt" tofile="${dist.home}/readme.txt"/>
+		<copy file="${basedir}/readme.txt" tofile="${dist.owasp}/readme.txt"/>
+		<antcall target="BuildDev_release"> </antcall>
+		<copydir dest="${dist.owasp}" src="${dist.home}"/>
+		<antcall target="BuildUnixWar_release"> </antcall> 
+		<copydir dest="${dist.owasp}" src="${dist.home}"/>
+		<antcall target="BuildWindowsWar_release"> </antcall> 
+		<copydir dest="${dist.owasp}" src="${dist.home}"/>
+
 	</target> 

 <!-- ==================== Prepare Target ================================== -->
--- a/webgoat/main/project/WebContent/WEB-INF/web.xml
+++ b/webgoat/main/project/WebContent/WEB-INF/web.xml
@ -138,7 +138,7 @@
      			 example, replace "<" with "&lt;" and ">" with "&gt;". -->
            <param-name>FeedbackAddress</param-name>
            <param-value>
-				&lt;A HREF=mailto:webgoat@g2-inc.com&gt;webgoat@g2-inc.com&lt;/A&gt;
+				&lt;A HREF=mailto:WebGoat@g2-inc.com&gt;WebGoat@g2-inc.com&lt;/A&gt;
            </param-value>
      </init-param>
      
--- a/webgoat/main/project/WebContent/WEB-INF/webgoat.properties
+++ b/webgoat/main/project/WebContent/WEB-INF/webgoat.properties
@ -0,0 +1 @@
+#lesson.BufferOverflow.hidden=true
--- a/webgoat/main/project/build.xml
+++ b/webgoat/main/project/build.xml
@ -74,7 +74,7 @@

  <property name="app.name"      		   value="WebGoat"/>
  <property name="app.path"      		   value="/${app.name}"/>
-  <property name="app.version"   		   value="5.0"/> <!-- UPDATE THIS! -->
+  <property name="app.version"   		   value="5.0-RC1"/> <!-- UPDATE THIS! -->
  <property name="build.home"    		   value="${basedir}/build"/>
  <property name="catalina.home" 		   value="${basedir}/../tomcat"/> <!-- UPDATE THIS! -->
  <property name="dist.home"     		   value="${basedir}/dist"/>
@ -259,10 +259,10 @@
 		<copy file="${web.home}/WEB-INF/webgoat-class.properties" tofile="${web.home}/WEB-INF/webgoat.properties" overwrite="yes"/>
 	</target>
 				
-	<!-- Copying webgoat-lmc.properties to webgoat.properties -->
-	<target name="WebGoatPropertiesLMC">
+	<!-- Copying webgoat-lab.properties to webgoat.properties -->
+	<target name="WebGoatPropertiesLAB">
 		<attrib file="${web.home}/WEB-INF/webgoat.properties" readonly="false"/>
-		<copy file="${web.home}/WEB-INF/webgoat-lmc.properties" tofile="${web.home}/WEB-INF/webgoat.properties" overwrite="yes"/>
+		<copy file="${web.home}/WEB-INF/webgoat-lab.properties" tofile="${web.home}/WEB-INF/webgoat.properties" overwrite="yes"/>
 	</target>
 				
 	<!-- Copying the static content into the build directory -->
--- a/webgoat/main/project/doc/WebGoatv4UsersGuide_DRAFT.doc
+++ b/webgoat/main/project/doc/WebGoatv4UsersGuide_DRAFT.doc
--- a/webgoat/main/readme.txt
+++ b/webgoat/main/readme.txt
@ -1,5 +1,13 @@
-WebGoat 4.0
-05.23.2006
+**********          WebGoat 5.0
+**********          01.17.2007
+**********
+**
+**  Source Code: http://code.google.com/p/webgoat
+**  User Guide: http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents
+**  Home Page: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
+**  Contact Info: webgoat@g2-inc.com
+**
+**********

 Thank you for downloading WebGoat!

@ -25,31 +33,22 @@ http://www.owasp.org

 CREDITS (Latest release)

-	Laurence Casey (http://www.aspectsecurity.com)
-	Bruce Mayhew (http://www.aspectsecurity.com)
-	Jeremy Ferragamo (http://www.aspectsecurity.com)
-	Alex Smolen (http://www.parasoft.com)
+	Bruce Mayhew (http://www.g2-inc.com)
+	Sherif Koussa (http://www.macadamian.com)
 	Rogan Dawes (http://dawes.za.net/rogan)
-	Chuck Willis (http://www.securityfoundry.com)
-
+	Carlo Pelliccioni
 	The many people who have sent comments and suggestions...
        
 WHAT'S NEW

-	* Runs on Linux and OSX 10.4
-	* WebGoat is now current in CVS. (http://cvs.sourceforge.net/viewcvs.py/owasp/webgoat/)
-	* Improved ant build process and added Unix support 
-	* Infrastructure changes to support multi-stage lessons
-	* Eclipse development release 
-	* Minor screen improvements
-
-	* Web services lessons
-	* Blind SQL lesson
-	* Weak session identifier lesson
-	* Split SQL lesson into numeric and string SQL lessons
-	* Added parameterized query stage to SQL lessons
-	* Additional stage for basic authentication lesson
-	* Summary report card for multi-user environment
+	* WebGoat is now current at Google code. (http://code.google.com/p/webgoat)
+	* HTTP Splitting 
+	* Cross-Site Request Forgery 
+	* XPATH Injection 
+	* AJAX Security 
+	* Log Spoofing 
+	* Cache Poisoning 
+	* Back Doors via SQL Injection 

 INSTALLATION

--- a/webgoat/main/webgoat.sh
+++ b/webgoat/main/webgoat.sh
@ -1,60 +1,60 @@
-#!/bin/sh
-
-SYSTEM=`uname -s`
-CATALINA_HOME=./tomcat
-PATH=${PATH}:./tomcat/bin
-export CATALINA_HOME PATH
-
-chmod +x ./$CATALINA_HOME/bin/*.sh
-if [ $SYSTEM = "Darwin" ]; then
-        JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home
-        export JAVA_HOME
-
-else
-
-is_java_1dot5() {
-        if [ "X$JAVA_HOME" != "X" -a -d $JAVA_HOME ]; then
-                $JAVA_HOME/bin/java -version 2>&1 | grep 'version \"1.5' >/dev/null
-                if [ $? -ne 0 ]; then
-                        echo "The JVM in \$JAVA_HOME isn't version 1.5."
-                        exit 1
-                fi
-        else
-                echo "Please set JAVA_HOME to a Java 1.5 JDK install"
-                exit 1
-        fi
-}
-
-is_java_1dot5
-
-fi
-
-case "$1" in
-	start80)
-		cp -f $CATALINA_HOME/conf/server_80.xml $CATALINA_HOME/conf/server.xml 
-		$CATALINA_HOME/bin/startup.sh
-		printf "\n  Open http://127.0.0.1/WebGoat/attack"
-		printf "\n  Username: guest"
-		printf "\n  Password: guest"
-		printf "\n  Or try http://guest:guest@127.0.0.1/WebGoat/attack \n\n\r"
-		sleep 2
-		tail -f $CATALINA_HOME/logs/catalina.out
-	;;
-	start8080)
-		cp -f $CATALINA_HOME/conf/server_8080.xml $CATALINA_HOME/conf/server.xml 
-		$CATALINA_HOME/bin/startup.sh
-		printf "\n  Open http://127.0.0.1:8080/WebGoat/attack"
-		printf "\n  Username: guest"
-		printf "\n  Password: guest"
-		printf "\n  Or try http://guest:guest@127.0.0.1:8080/WebGoat/attack \n\n\r"
-		sleep 2
-		tail -f $CATALINA_HOME/logs/catalina.out
-	;;
-	stop)
-		$CATALINA_HOME/bin/shutdown.sh
-	;;
-	*)
-		echo $"Usage: $prog {start8080|start80|stop}"
-		exit 1
-	;;
-esac
+#! /bin/sh
+
+SYSTEM=`uname -s`
+CATALINA_HOME=./tomcat
+PATH=${PATH}:./tomcat/bin
+export CATALINA_HOME PATH
+
+chmod +x ./$CATALINA_HOME/bin/*.sh
+if [ $SYSTEM = "Darwin" ]; then
+        JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home
+        export JAVA_HOME
+
+else
+
+is_java_1dot5() {
+        if [ "X$JAVA_HOME" != "X" -a -d $JAVA_HOME ]; then
+                $JAVA_HOME/bin/java -version 2>&1 | grep 'version \"1.5' >/dev/null
+                if [ $? -ne 0 ]; then
+                        echo "The JVM in \$JAVA_HOME isn't version 1.5."
+                        exit 1
+                fi
+        else
+                echo "Please set JAVA_HOME to a Java 1.5 JDK install"
+                exit 1
+        fi
+}
+
+is_java_1dot5
+
+fi
+
+case "$1" in
+	start80)
+		cp -f $CATALINA_HOME/conf/server_80.xml $CATALINA_HOME/conf/server.xml 
+		$CATALINA_HOME/bin/startup.sh
+		printf "\n  Open http://127.0.0.1/WebGoat/attack"
+		printf "\n  Username: guest"
+		printf "\n  Password: guest"
+		printf "\n  Or try http://guest:guest@127.0.0.1/WebGoat/attack \n\n\r"
+		sleep 2
+		tail -f $CATALINA_HOME/logs/catalina.out
+	;;
+	start8080)
+		cp -f $CATALINA_HOME/conf/server_8080.xml $CATALINA_HOME/conf/server.xml 
+		$CATALINA_HOME/bin/startup.sh
+		printf "\n  Open http://127.0.0.1:8080/WebGoat/attack"
+		printf "\n  Username: guest"
+		printf "\n  Password: guest"
+		printf "\n  Or try http://guest:guest@127.0.0.1:8080/WebGoat/attack \n\n\r"
+		sleep 2
+		tail -f $CATALINA_HOME/logs/catalina.out
+	;;
+	stop)
+		$CATALINA_HOME/bin/shutdown.sh
+	;;
+	*)
+		echo $"Usage: $prog {start8080|start80|stop}"
+		exit 1
+	;;
+esac