From dfdfb8bcaf6b7a27fc284163357522819b0397ab Mon Sep 17 00:00:00 2001
From: mayhew64 <mayhew64@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Mon, 22 Jan 2007 16:03:43 +0000
Subject: [PATCH] Update info for OWASP build and for Release 5.0

git-svn-id: http://webgoat.googlecode.com/svn/trunk@62 4033779f-a91e-0410-96ef-6bf7bf53c507
---
  webgoat/main/build.xml                       |  50 +++++---
 .../main/project/WebContent/WEB-INF/web.xml   |   2 +-
 .../WebContent/WEB-INF/webgoat.properties     |   1 +
  webgoat/main/project/build.xml               |   8 +-
 ...uide_DRAFT.doc => WebGoat_Users_Guide.doc} | Bin
  webgoat/main/readme.txt                      |  43 +++----
  webgoat/main/webgoat.sh                      | 120 +++++++++---------
 7 files changed, 119 insertions(+), 105 deletions(-)
 rename  webgoat/main/project/doc/{WebGoatv4UsersGuide_DRAFT.doc => WebGoat_Users_Guide.doc} (100%)

diff --git a/ webgoat/main/build.xml b/ webgoat/main/build.xml
index 9223b59dc..b6b9a7b30 100644
--- a/ webgoat/main/build.xml	
+++ b/ webgoat/main/build.xml	
@@ -56,9 +56,10 @@
 
   <property name="app.home"    		   value="${basedir}/project"/>
   <property name="app.name"    		   value="WebGoat"/>	<!-- MUST BE CONSISTENT WITH project/build.xml! -->
-  <property name="app.version"    		   value="5.0"/>		<!-- MUST BE CONSISTENT WITH project/build.xml! -->
+  <property name="app.version"    		   value="5.0-RC1"/>		<!-- MUST BE CONSISTENT WITH project/build.xml! -->
   <property name="catalina.home" 		   value="${basedir}/tomcat"/>
   <property name="dist.home"     		   value="${app.home}/dist"/>
+  <property name="dist.owasp"     		   value="${app.home}/owasp_distributions"/>
   <property name="install.home"     	   value="WebGoatClassCD"/>
 
 <!-- ==================== Clean Target ==================================== -->
@@ -84,7 +85,9 @@
   <target name="clean_all"
    description="Delete old build, dist directories and zips">
  	<delete dir="${dist.home}"/>
+ 	<delete dir="${dist.owasp}"/>
  	<mkdir dir="${dist.home}"/>
+ 	<mkdir dir="${dist.owasp}"/>
   </target>
 
 <!-- ==================== Compile Target ===================================== -->
@@ -189,6 +192,13 @@
 		<zip destfile="${dist.home}/Unix_${app.name}-${app.version}_Release.zip"
 			basedir=""	
 			includes="doc/, tomcat/, webgoat.sh, readme.txt"/>	
+        <!-- Add the WebGoat-x.x on the path -->
+		<unzip src="${dist.home}/Unix_${app.name}-${app.version}_Release.zip" dest="${dist.home}/temp/${app.name}-${app.version}"/>
+		<delete file="${dist.home}/Unix_${app.name}-${app.version}_Release.zip"/>
+		<zip destfile="${dist.home}/Unix_${app.name}-${app.version}_Release.zip"
+			basedir="${dist.home}/temp"/>
+		<delete dir="${dist.home}/temp" includeemptydirs="true"/>
+		
 		<move file="${dist.home}/${app.name}-${app.version}.war" tofile="${dist.home}/Unix_${app.name}-${app.version}.war"/>
 	    	<delete file="${catalina.home}/webapps/${app.name}.war"/>		 
 	</target>
@@ -221,7 +231,14 @@
 		<copy file="${dist.home}/${app.name}-${app.version}.war" tofile="${catalina.home}/webapps/${app.name}.war"/>
 		<zip destfile="${dist.home}/Windows_${app.name}-${app.version}_Release.zip"
 			basedir=""
-		   	includes="doc/, java/, tomcat/, webgoat.bat, readme.txt"/>
+		   	includes="doc/, java/, tomcat/, webgoat.bat, webgoat_8080.bat, readme.txt"/>
+        <!-- Add the WebGoat-x.x on the path -->
+		<unzip src="${dist.home}/Windows_${app.name}-${app.version}_Release.zip" dest="${dist.home}/temp/${app.name}-${app.version}"/>
+		<delete file="${dist.home}/Windows_${app.name}-${app.version}_Release.zip"/>
+		<zip destfile="${dist.home}/Windows_${app.name}-${app.version}_Release.zip"
+			basedir="${dist.home}/temp"/>
+		<delete dir="${dist.home}/temp" includeemptydirs="true"/>
+		
 		<move file="${dist.home}/${app.name}-${app.version}.war" tofile="${dist.home}/Windows_${app.name}-${app.version}.war"/>
 	    	<delete file="${catalina.home}/webapps/${app.name}.war"/>	 
 	</target> 	
@@ -232,7 +249,7 @@
 		<delete dir="${dist.home}/temp" includeemptydirs="true"/>
 		<zip destfile="${dist.home}/${app.name}-${app.version}_developer.zip"
 		 	basedir=""
-	    	 	includes="java/, eclipse/, tomcat/, project/JavaSource/, project/WebContent/, project/build.xml, project/doc, webgoat.bat, webgoat.sh, eclipse.bat, readme.txt, HOW*"
+	    	 	includes="java/, eclipse/, tomcat/, project/JavaSource/, project/WebContent/, project/build.xml, project/doc, webgoat.bat, webgoat_8080.bat, webgoat.sh, eclipse.bat, readme.txt, HOW*"
 	    	 	excludes="project/JavaSource/org/owasp/webgoat/lessons/instructor/, project/.*, project/WebContent/WEB-INF/webgoat-lab.properties, project/WebContent/WEB-INF/webgoat-class.properties, project/build/WEB-INF/webgoat-lab.properties, project/build/WEB-INF/webgoat-class.properties"/>
 	    	 <unzip src="${dist.home}/${app.name}-${app.version}_developer.zip" dest="${dist.home}/temp"/>
 	    	 <move file="${dist.home}/temp/project/WebContent/WEB-INF/webgoat-owasp.properties" tofile="${dist.home}/temp/project/WebContent/WEB-INF/webgoat.properties"/>
@@ -257,7 +274,7 @@
 
 		<!-- Build the WebGoat WAR with the desired properties file -->
 		<ant dir="${app.home}" inheritAll="false">
-			<target name="WebGoatPropertiesLAB"/>
+			<target name="WebGoatPropertiesOWASP"/>
 			<target name="BuildWindowsWar"/>
 		</ant>
 
@@ -266,25 +283,22 @@
 		<!-- Build the CD image -->
 		<zip destfile="${dist.home}/${ant.project.name}.zip">
 			<zipfileset dir="." prefix="${install.home}"
-				includes="eclipse/, java/, project/, tomcat/, webscarab/, InfoZip/, eclipse.bat, webgoat.bat, webscarab.bat"
-				excludes="project/.*, project/.settings/**, project/dist/**, project/bin/**, project/build/**"/>
-			<zipfileset src="project-student.zip" prefix="${install.home}"/>
+				includes="eclipse/, java/, project/, tomcat/, webscarab/, eclipse.bat, webgoat.bat, webgoat_8080.bat, webscarab.bat"
+				excludes="project/.*, project/.settings/**, project/dist/**, project/owasp_distributions/**, project/bin/**, project/build/**"/>
 		</zip>
-		<copy todir="${dist.home}"> 
-			<fileset dir="." includes="install.bat, uninstall.bat InfoZip/"/> 
-			<fileset dir="doc" includes="install.doc, readme.doc"/> 
-			<fileset dir="doc"> 
-				<include name="J2EE Labs Slides.ppt"/>
-			</fileset> 
-		</copy> 
-
-
 	</target> 	
 	
 	<!--Build all release -->
-	<target name="Build_OWASP_Course" depends="clean_all, BuildDev_release, BuildUnixWar_release, BuildWindowsWar_release"
+	<target name="Build_OWASP_Release" depends="clean_all"
 		   description="Creates all binary distributions for OWASP">
-		<copy file="${basedir}/readme.txt" tofile="${dist.home}/readme.txt"/>
+		<copy file="${basedir}/readme.txt" tofile="${dist.owasp}/readme.txt"/>
+		<antcall target="BuildDev_release"> </antcall>
+		<copydir dest="${dist.owasp}" src="${dist.home}"/>
+		<antcall target="BuildUnixWar_release"> </antcall> 
+		<copydir dest="${dist.owasp}" src="${dist.home}"/>
+		<antcall target="BuildWindowsWar_release"> </antcall> 
+		<copydir dest="${dist.owasp}" src="${dist.home}"/>
+
 	</target> 
 
 <!-- ==================== Prepare Target ================================== -->
diff --git a/ webgoat/main/project/WebContent/WEB-INF/web.xml b/ webgoat/main/project/WebContent/WEB-INF/web.xml
index da78355ce..e3595d6f5 100644
--- a/ webgoat/main/project/WebContent/WEB-INF/web.xml	
+++ b/ webgoat/main/project/WebContent/WEB-INF/web.xml	
@@ -138,7 +138,7 @@
       			 example, replace "<" with "&lt;" and ">" with "&gt;". -->
             <param-name>FeedbackAddress</param-name>
             <param-value>
-				&lt;A HREF=mailto:webgoat@g2-inc.com&gt;webgoat@g2-inc.com&lt;/A&gt;
+				&lt;A HREF=mailto:WebGoat@g2-inc.com&gt;WebGoat@g2-inc.com&lt;/A&gt;
             </param-value>
       </init-param>
       
diff --git a/ webgoat/main/project/WebContent/WEB-INF/webgoat.properties b/ webgoat/main/project/WebContent/WEB-INF/webgoat.properties
index e69de29bb..985d9dda0 100644
--- a/ webgoat/main/project/WebContent/WEB-INF/webgoat.properties	
+++ b/ webgoat/main/project/WebContent/WEB-INF/webgoat.properties	
@@ -0,0 +1 @@
+#lesson.BufferOverflow.hidden=true
diff --git a/ webgoat/main/project/build.xml b/ webgoat/main/project/build.xml
index 86a5b4866..d7ab1033a 100644
--- a/ webgoat/main/project/build.xml	
+++ b/ webgoat/main/project/build.xml	
@@ -74,7 +74,7 @@
 
   <property name="app.name"      		   value="WebGoat"/>
   <property name="app.path"      		   value="/${app.name}"/>
-  <property name="app.version"   		   value="5.0"/> <!-- UPDATE THIS! -->
+  <property name="app.version"   		   value="5.0-RC1"/> <!-- UPDATE THIS! -->
   <property name="build.home"    		   value="${basedir}/build"/>
   <property name="catalina.home" 		   value="${basedir}/../tomcat"/> <!-- UPDATE THIS! -->
   <property name="dist.home"     		   value="${basedir}/dist"/>
@@ -259,10 +259,10 @@
 		<copy file="${web.home}/WEB-INF/webgoat-class.properties" tofile="${web.home}/WEB-INF/webgoat.properties" overwrite="yes"/>
 	</target>
 				
-	<!-- Copying webgoat-lmc.properties to webgoat.properties -->
-	<target name="WebGoatPropertiesLMC">
+	<!-- Copying webgoat-lab.properties to webgoat.properties -->
+	<target name="WebGoatPropertiesLAB">
 		<attrib file="${web.home}/WEB-INF/webgoat.properties" readonly="false"/>
-		<copy file="${web.home}/WEB-INF/webgoat-lmc.properties" tofile="${web.home}/WEB-INF/webgoat.properties" overwrite="yes"/>
+		<copy file="${web.home}/WEB-INF/webgoat-lab.properties" tofile="${web.home}/WEB-INF/webgoat.properties" overwrite="yes"/>
 	</target>
 				
 	<!-- Copying the static content into the build directory -->
diff --git a/ webgoat/main/project/doc/WebGoatv4UsersGuide_DRAFT.doc b/ webgoat/main/project/doc/WebGoat_Users_Guide.doc
similarity index 100%
rename from  webgoat/main/project/doc/WebGoatv4UsersGuide_DRAFT.doc
rename to  webgoat/main/project/doc/WebGoat_Users_Guide.doc
diff --git a/ webgoat/main/readme.txt b/ webgoat/main/readme.txt
index b6efe0e33..e5a8f851c 100644
--- a/ webgoat/main/readme.txt	
+++ b/ webgoat/main/readme.txt	
@@ -1,5 +1,13 @@
-WebGoat 4.0
-05.23.2006
+**********          WebGoat 5.0
+**********          01.17.2007
+**********
+**
+**  Source Code: http://code.google.com/p/webgoat
+**  User Guide: http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents
+**  Home Page: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
+**  Contact Info: webgoat@g2-inc.com
+**
+**********
 
 Thank you for downloading WebGoat!
 
@@ -25,31 +33,22 @@ http://www.owasp.org
 
 CREDITS (Latest release)
 
-	Laurence Casey (http://www.aspectsecurity.com)
-	Bruce Mayhew (http://www.aspectsecurity.com)
-	Jeremy Ferragamo (http://www.aspectsecurity.com)
-	Alex Smolen (http://www.parasoft.com)
+	Bruce Mayhew (http://www.g2-inc.com)
+	Sherif Koussa (http://www.macadamian.com)
 	Rogan Dawes (http://dawes.za.net/rogan)
-	Chuck Willis (http://www.securityfoundry.com)
-
+	Carlo Pelliccioni
 	The many people who have sent comments and suggestions...
         
 WHAT'S NEW
 
-	* Runs on Linux and OSX 10.4
-	* WebGoat is now current in CVS. (http://cvs.sourceforge.net/viewcvs.py/owasp/webgoat/)
-	* Improved ant build process and added Unix support 
-	* Infrastructure changes to support multi-stage lessons
-	* Eclipse development release 
-	* Minor screen improvements
-
-	* Web services lessons
-	* Blind SQL lesson
-	* Weak session identifier lesson
-	* Split SQL lesson into numeric and string SQL lessons
-	* Added parameterized query stage to SQL lessons
-	* Additional stage for basic authentication lesson
-	* Summary report card for multi-user environment
+	* WebGoat is now current at Google code. (http://code.google.com/p/webgoat)
+	* HTTP Splitting 
+	* Cross-Site Request Forgery 
+	* XPATH Injection 
+	* AJAX Security 
+	* Log Spoofing 
+	* Cache Poisoning 
+	* Back Doors via SQL Injection 
 
 INSTALLATION
 
diff --git a/ webgoat/main/webgoat.sh b/ webgoat/main/webgoat.sh
index 9850952d7..25f26ea17 100644
--- a/ webgoat/main/webgoat.sh	
+++ b/ webgoat/main/webgoat.sh	
@@ -1,60 +1,60 @@
-#!/bin/sh
-
-SYSTEM=`uname -s`
-CATALINA_HOME=./tomcat
-PATH=${PATH}:./tomcat/bin
-export CATALINA_HOME PATH
-
-chmod +x ./$CATALINA_HOME/bin/*.sh
-if [ $SYSTEM = "Darwin" ]; then
-        JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home
-        export JAVA_HOME
-
-else
-
-is_java_1dot5() {
-        if [ "X$JAVA_HOME" != "X" -a -d $JAVA_HOME ]; then
-                $JAVA_HOME/bin/java -version 2>&1 | grep 'version \"1.5' >/dev/null
-                if [ $? -ne 0 ]; then
-                        echo "The JVM in \$JAVA_HOME isn't version 1.5."
-                        exit 1
-                fi
-        else
-                echo "Please set JAVA_HOME to a Java 1.5 JDK install"
-                exit 1
-        fi
-}
-
-is_java_1dot5
-
-fi
-
-case "$1" in
-	start80)
-		cp -f $CATALINA_HOME/conf/server_80.xml $CATALINA_HOME/conf/server.xml 
-		$CATALINA_HOME/bin/startup.sh
-		printf "\n  Open http://127.0.0.1/WebGoat/attack"
-		printf "\n  Username: guest"
-		printf "\n  Password: guest"
-		printf "\n  Or try http://guest:guest@127.0.0.1/WebGoat/attack \n\n\r"
-		sleep 2
-		tail -f $CATALINA_HOME/logs/catalina.out
-	;;
-	start8080)
-		cp -f $CATALINA_HOME/conf/server_8080.xml $CATALINA_HOME/conf/server.xml 
-		$CATALINA_HOME/bin/startup.sh
-		printf "\n  Open http://127.0.0.1:8080/WebGoat/attack"
-		printf "\n  Username: guest"
-		printf "\n  Password: guest"
-		printf "\n  Or try http://guest:guest@127.0.0.1:8080/WebGoat/attack \n\n\r"
-		sleep 2
-		tail -f $CATALINA_HOME/logs/catalina.out
-	;;
-	stop)
-		$CATALINA_HOME/bin/shutdown.sh
-	;;
-	*)
-		echo $"Usage: $prog {start8080|start80|stop}"
-		exit 1
-	;;
-esac
+#! /bin/sh
+
+SYSTEM=`uname -s`
+CATALINA_HOME=./tomcat
+PATH=${PATH}:./tomcat/bin
+export CATALINA_HOME PATH
+
+chmod +x ./$CATALINA_HOME/bin/*.sh
+if [ $SYSTEM = "Darwin" ]; then
+        JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home
+        export JAVA_HOME
+
+else
+
+is_java_1dot5() {
+        if [ "X$JAVA_HOME" != "X" -a -d $JAVA_HOME ]; then
+                $JAVA_HOME/bin/java -version 2>&1 | grep 'version \"1.5' >/dev/null
+                if [ $? -ne 0 ]; then
+                        echo "The JVM in \$JAVA_HOME isn't version 1.5."
+                        exit 1
+                fi
+        else
+                echo "Please set JAVA_HOME to a Java 1.5 JDK install"
+                exit 1
+        fi
+}
+
+is_java_1dot5
+
+fi
+
+case "$1" in
+	start80)
+		cp -f $CATALINA_HOME/conf/server_80.xml $CATALINA_HOME/conf/server.xml 
+		$CATALINA_HOME/bin/startup.sh
+		printf "\n  Open http://127.0.0.1/WebGoat/attack"
+		printf "\n  Username: guest"
+		printf "\n  Password: guest"
+		printf "\n  Or try http://guest:guest@127.0.0.1/WebGoat/attack \n\n\r"
+		sleep 2
+		tail -f $CATALINA_HOME/logs/catalina.out
+	;;
+	start8080)
+		cp -f $CATALINA_HOME/conf/server_8080.xml $CATALINA_HOME/conf/server.xml 
+		$CATALINA_HOME/bin/startup.sh
+		printf "\n  Open http://127.0.0.1:8080/WebGoat/attack"
+		printf "\n  Username: guest"
+		printf "\n  Password: guest"
+		printf "\n  Or try http://guest:guest@127.0.0.1:8080/WebGoat/attack \n\n\r"
+		sleep 2
+		tail -f $CATALINA_HOME/logs/catalina.out
+	;;
+	stop)
+		$CATALINA_HOME/bin/shutdown.sh
+	;;
+	*)
+		echo $"Usage: $prog {start8080|start80|stop}"
+		exit 1
+	;;
+esac