dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update info for OWASP build and for Release 5.0

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@62 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64 2007-01-22 16:03:43 +00:00
parent 8b51818508
commit dfdfb8bcaf
7 changed files with 119 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
webgoat/main/build.xml
View File

@ -56,9 +56,10 @@
<property name="app.home" value="${basedir}/project"/> <property name="app.home" value="${basedir}/project"/>
<property name="app.name" value="WebGoat"/> <!-- MUST BE CONSISTENT WITH project/build.xml! --> <property name="app.name" value="WebGoat"/> <!-- MUST BE CONSISTENT WITH project/build.xml! -->
<property name="app.version" value="5.0"/> <!-- MUST BE CONSISTENT WITH project/build.xml! --> <property name="app.version" value="5.0-RC1"/> <!-- MUST BE CONSISTENT WITH project/build.xml! -->
<property name="catalina.home" value="${basedir}/tomcat"/> <property name="catalina.home" value="${basedir}/tomcat"/>
<property name="dist.home" value="${app.home}/dist"/> <property name="dist.home" value="${app.home}/dist"/>
<property name="dist.owasp" value="${app.home}/owasp_distributions"/>
<property name="install.home" value="WebGoatClassCD"/> <property name="install.home" value="WebGoatClassCD"/>
<!-- ==================== Clean Target ==================================== --> <!-- ==================== Clean Target ==================================== -->
@ -84,7 +85,9 @@
<target name="clean_all" <target name="clean_all"
description="Delete old build, dist directories and zips"> description="Delete old build, dist directories and zips">
<delete dir="${dist.home}"/> <delete dir="${dist.home}"/>
<delete dir="${dist.owasp}"/>
<mkdir dir="${dist.home}"/> <mkdir dir="${dist.home}"/>
<mkdir dir="${dist.owasp}"/>
</target> </target>
<!-- ==================== Compile Target ===================================== --> <!-- ==================== Compile Target ===================================== -->
@ -189,6 +192,13 @@
<zip destfile="${dist.home}/Unix_${app.name}-${app.version}_Release.zip" <zip destfile="${dist.home}/Unix_${app.name}-${app.version}_Release.zip"
basedir="" basedir=""
includes="doc/, tomcat/, webgoat.sh, readme.txt"/> includes="doc/, tomcat/, webgoat.sh, readme.txt"/>
<!-- Add the WebGoat-x.x on the path -->
<unzip src="${dist.home}/Unix_${app.name}-${app.version}_Release.zip" dest="${dist.home}/temp/${app.name}-${app.version}"/>
<delete file="${dist.home}/Unix_${app.name}-${app.version}_Release.zip"/>
<zip destfile="${dist.home}/Unix_${app.name}-${app.version}_Release.zip"
basedir="${dist.home}/temp"/>
<delete dir="${dist.home}/temp" includeemptydirs="true"/>
<move file="${dist.home}/${app.name}-${app.version}.war" tofile="${dist.home}/Unix_${app.name}-${app.version}.war"/> <move file="${dist.home}/${app.name}-${app.version}.war" tofile="${dist.home}/Unix_${app.name}-${app.version}.war"/>
<delete file="${catalina.home}/webapps/${app.name}.war"/> <delete file="${catalina.home}/webapps/${app.name}.war"/>
</target> </target>
@ -221,7 +231,14 @@
<copy file="${dist.home}/${app.name}-${app.version}.war" tofile="${catalina.home}/webapps/${app.name}.war"/> <copy file="${dist.home}/${app.name}-${app.version}.war" tofile="${catalina.home}/webapps/${app.name}.war"/>
<zip destfile="${dist.home}/Windows_${app.name}-${app.version}_Release.zip" <zip destfile="${dist.home}/Windows_${app.name}-${app.version}_Release.zip"
basedir="" basedir=""
includes="doc/, java/, tomcat/, webgoat.bat, readme.txt"/> includes="doc/, java/, tomcat/, webgoat.bat, webgoat_8080.bat, readme.txt"/>
<!-- Add the WebGoat-x.x on the path -->
<unzip src="${dist.home}/Windows_${app.name}-${app.version}_Release.zip" dest="${dist.home}/temp/${app.name}-${app.version}"/>
<delete file="${dist.home}/Windows_${app.name}-${app.version}_Release.zip"/>
<zip destfile="${dist.home}/Windows_${app.name}-${app.version}_Release.zip"
basedir="${dist.home}/temp"/>
<delete dir="${dist.home}/temp" includeemptydirs="true"/>
<move file="${dist.home}/${app.name}-${app.version}.war" tofile="${dist.home}/Windows_${app.name}-${app.version}.war"/> <move file="${dist.home}/${app.name}-${app.version}.war" tofile="${dist.home}/Windows_${app.name}-${app.version}.war"/>
<delete file="${catalina.home}/webapps/${app.name}.war"/> <delete file="${catalina.home}/webapps/${app.name}.war"/>
</target> </target>
@ -232,7 +249,7 @@
<delete dir="${dist.home}/temp" includeemptydirs="true"/> <delete dir="${dist.home}/temp" includeemptydirs="true"/>
<zip destfile="${dist.home}/${app.name}-${app.version}_developer.zip" <zip destfile="${dist.home}/${app.name}-${app.version}_developer.zip"
basedir="" basedir=""
includes="java/, eclipse/, tomcat/, project/JavaSource/, project/WebContent/, project/build.xml, project/doc, webgoat.bat, webgoat.sh, eclipse.bat, readme.txt, HOW*" includes="java/, eclipse/, tomcat/, project/JavaSource/, project/WebContent/, project/build.xml, project/doc, webgoat.bat, webgoat_8080.bat, webgoat.sh, eclipse.bat, readme.txt, HOW*"
excludes="project/JavaSource/org/owasp/webgoat/lessons/instructor/, project/.*, project/WebContent/WEB-INF/webgoat-lab.properties, project/WebContent/WEB-INF/webgoat-class.properties, project/build/WEB-INF/webgoat-lab.properties, project/build/WEB-INF/webgoat-class.properties"/> excludes="project/JavaSource/org/owasp/webgoat/lessons/instructor/, project/.*, project/WebContent/WEB-INF/webgoat-lab.properties, project/WebContent/WEB-INF/webgoat-class.properties, project/build/WEB-INF/webgoat-lab.properties, project/build/WEB-INF/webgoat-class.properties"/>
<unzip src="${dist.home}/${app.name}-${app.version}_developer.zip" dest="${dist.home}/temp"/> <unzip src="${dist.home}/${app.name}-${app.version}_developer.zip" dest="${dist.home}/temp"/>
<move file="${dist.home}/temp/project/WebContent/WEB-INF/webgoat-owasp.properties" tofile="${dist.home}/temp/project/WebContent/WEB-INF/webgoat.properties"/> <move file="${dist.home}/temp/project/WebContent/WEB-INF/webgoat-owasp.properties" tofile="${dist.home}/temp/project/WebContent/WEB-INF/webgoat.properties"/>
@ -257,7 +274,7 @@
<!-- Build the WebGoat WAR with the desired properties file --> <!-- Build the WebGoat WAR with the desired properties file -->
<ant dir="${app.home}" inheritAll="false"> <ant dir="${app.home}" inheritAll="false">
<target name="WebGoatPropertiesLAB"/> <target name="WebGoatPropertiesOWASP"/>
<target name="BuildWindowsWar"/> <target name="BuildWindowsWar"/>
</ant> </ant>
@ -266,25 +283,22 @@
<!-- Build the CD image --> <!-- Build the CD image -->
<zip destfile="${dist.home}/${ant.project.name}.zip"> <zip destfile="${dist.home}/${ant.project.name}.zip">
<zipfileset dir="." prefix="${install.home}" <zipfileset dir="." prefix="${install.home}"
includes="eclipse/, java/, project/, tomcat/, webscarab/, InfoZip/, eclipse.bat, webgoat.bat, webscarab.bat" includes="eclipse/, java/, project/, tomcat/, webscarab/, eclipse.bat, webgoat.bat, webgoat_8080.bat, webscarab.bat"
excludes="project/.*, project/.settings/**, project/dist/**, project/bin/**, project/build/**"/> excludes="project/.*, project/.settings/**, project/dist/**, project/owasp_distributions/**, project/bin/**, project/build/**"/>
<zipfileset src="project-student.zip" prefix="${install.home}"/>
</zip> </zip>
<copy todir="${dist.home}">
<fileset dir="." includes="install.bat, uninstall.bat InfoZip/"/>
<fileset dir="doc" includes="install.doc, readme.doc"/>
<fileset dir="doc">
<include name="J2EE Labs Slides.ppt"/>
</fileset>
</copy>
</target> </target>
<!--Build all release --> <!--Build all release -->
<target name="Build_OWASP_Course" depends="clean_all, BuildDev_release, BuildUnixWar_release, BuildWindowsWar_release" <target name="Build_OWASP_Release" depends="clean_all"
description="Creates all binary distributions for OWASP"> description="Creates all binary distributions for OWASP">
<copy file="${basedir}/readme.txt" tofile="${dist.home}/readme.txt"/> <copy file="${basedir}/readme.txt" tofile="${dist.owasp}/readme.txt"/>
<antcall target="BuildDev_release"> </antcall>
<copydir dest="${dist.owasp}" src="${dist.home}"/>
<antcall target="BuildUnixWar_release"> </antcall>
<copydir dest="${dist.owasp}" src="${dist.home}"/>
<antcall target="BuildWindowsWar_release"> </antcall>
<copydir dest="${dist.owasp}" src="${dist.home}"/>
</target> </target>
<!-- ==================== Prepare Target ================================== --> <!-- ==================== Prepare Target ================================== -->

2
webgoat/main/project/WebContent/WEB-INF/web.xml
View File

@ -138,7 +138,7 @@
example, replace "<" with "&lt;" and ">" with "&gt;". --> example, replace "<" with "&lt;" and ">" with "&gt;". -->
<param-name>FeedbackAddress</param-name> <param-name>FeedbackAddress</param-name>
<param-value> <param-value>
&lt;A HREF=mailto:webgoat@g2-inc.com&gt;webgoat@g2-inc.com&lt;/A&gt; &lt;A HREF=mailto:WebGoat@g2-inc.com&gt;WebGoat@g2-inc.com&lt;/A&gt;
</param-value> </param-value>
</init-param> </init-param>

1
webgoat/main/project/WebContent/WEB-INF/webgoat.properties
View File

@ -0,0 +1 @@
#lesson.BufferOverflow.hidden=true

8
webgoat/main/project/build.xml
View File

@ -74,7 +74,7 @@
<property name="app.name" value="WebGoat"/> <property name="app.name" value="WebGoat"/>
<property name="app.path" value="/${app.name}"/> <property name="app.path" value="/${app.name}"/>
<property name="app.version" value="5.0"/> <!-- UPDATE THIS! --> <property name="app.version" value="5.0-RC1"/> <!-- UPDATE THIS! -->
<property name="build.home" value="${basedir}/build"/> <property name="build.home" value="${basedir}/build"/>
<property name="catalina.home" value="${basedir}/../tomcat"/> <!-- UPDATE THIS! --> <property name="catalina.home" value="${basedir}/../tomcat"/> <!-- UPDATE THIS! -->
<property name="dist.home" value="${basedir}/dist"/> <property name="dist.home" value="${basedir}/dist"/>
@ -259,10 +259,10 @@
<copy file="${web.home}/WEB-INF/webgoat-class.properties" tofile="${web.home}/WEB-INF/webgoat.properties" overwrite="yes"/> <copy file="${web.home}/WEB-INF/webgoat-class.properties" tofile="${web.home}/WEB-INF/webgoat.properties" overwrite="yes"/>
</target> </target>
<!-- Copying webgoat-lmc.properties to webgoat.properties --> <!-- Copying webgoat-lab.properties to webgoat.properties -->
<target name="WebGoatPropertiesLMC"> <target name="WebGoatPropertiesLAB">
<attrib file="${web.home}/WEB-INF/webgoat.properties" readonly="false"/> <attrib file="${web.home}/WEB-INF/webgoat.properties" readonly="false"/>
<copy file="${web.home}/WEB-INF/webgoat-lmc.properties" tofile="${web.home}/WEB-INF/webgoat.properties" overwrite="yes"/> <copy file="${web.home}/WEB-INF/webgoat-lab.properties" tofile="${web.home}/WEB-INF/webgoat.properties" overwrite="yes"/>
</target> </target>
<!-- Copying the static content into the build directory --> <!-- Copying the static content into the build directory -->

0
webgoat/main/project/doc/WebGoatv4UsersGuide_DRAFT.doc → webgoat/main/project/doc/WebGoat_Users_Guide.doc
View File

43
webgoat/main/readme.txt
View File

@ -1,5 +1,13 @@
WebGoat 4.0 ********** WebGoat 5.0
05.23.2006 ********** 01.17.2007
**********
**
** Source Code: http://code.google.com/p/webgoat
** User Guide: http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents
** Home Page: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
** Contact Info: webgoat@g2-inc.com
**
**********
Thank you for downloading WebGoat! Thank you for downloading WebGoat!
@ -25,31 +33,22 @@ http://www.owasp.org
CREDITS (Latest release) CREDITS (Latest release)
Laurence Casey (http://www.aspectsecurity.com) Bruce Mayhew (http://www.g2-inc.com)
Bruce Mayhew (http://www.aspectsecurity.com) Sherif Koussa (http://www.macadamian.com)
Jeremy Ferragamo (http://www.aspectsecurity.com)
Alex Smolen (http://www.parasoft.com)
Rogan Dawes (http://dawes.za.net/rogan) Rogan Dawes (http://dawes.za.net/rogan)
Chuck Willis (http://www.securityfoundry.com) Carlo Pelliccioni
The many people who have sent comments and suggestions... The many people who have sent comments and suggestions...
WHAT'S NEW WHAT'S NEW
* Runs on Linux and OSX 10.4 * WebGoat is now current at Google code. (http://code.google.com/p/webgoat)
* WebGoat is now current in CVS. (http://cvs.sourceforge.net/viewcvs.py/owasp/webgoat/) * HTTP Splitting
* Improved ant build process and added Unix support * Cross-Site Request Forgery
* Infrastructure changes to support multi-stage lessons * XPATH Injection
* Eclipse development release * AJAX Security
* Minor screen improvements * Log Spoofing
* Cache Poisoning
* Web services lessons * Back Doors via SQL Injection
* Blind SQL lesson
* Weak session identifier lesson
* Split SQL lesson into numeric and string SQL lessons
* Added parameterized query stage to SQL lessons
* Additional stage for basic authentication lesson
* Summary report card for multi-user environment
INSTALLATION INSTALLATION

2
webgoat/main/webgoat.sh
View File

@ -1,4 +1,4 @@
#!/bin/sh #! /bin/sh
SYSTEM=`uname -s` SYSTEM=`uname -s`
CATALINA_HOME=./tomcat CATALINA_HOME=./tomcat