feat: add Docker desktop version of WebGoat with all tools installed

The new Docker image uses linuxserver/webtop giving users the opportunity to run a Linux desktop in their browser without installing any tools on their local machine.
2023-02-16 21:34:26 +01:00 · 2023-02-16 21:34:26 +01:00 · f1012c85d6
commit f1012c85d6
parent ecfc321f14
5 changed files with 60 additions and 0 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1,3 +1,4 @@
 **

 !/target
+!/config/desktop
--- a/29
+++ b/29
@ -0,0 +1,29 @@
+FROM lscr.io/linuxserver/webtop:ubuntu-xfce
+LABEL NAME = "WebGoat: A deliberately insecure Web Application"
+MAINTAINER "WebGoat team"
+
+WORKDIR /config
+
+COPY target/webgoat-*.jar /config/webgoat.jar
+COPY config/desktop/start_webgoat.sh /config/start_webgoat.sh
+COPY config/desktop/start_zap.sh /config/start_zap.sh
+COPY config/desktop/WebGoat.txt /config/Desktop/
+
+RUN \
+ curl -LO https://github.com/zaproxy/zaproxy/releases/download/v2.12.0/ZAP_2.12.0_Linux.tar.gz && \
+ tar zfxv ZAP_2.12.0_Linux.tar.gz && \
+ rm -rf ZAP_2.12.0_Linux.tar.gz && \
+ curl -LO https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.6%2B10/OpenJDK17U-jre_aarch64_linux_hotspot_17.0.6_10.tar.gz && \
+ tar zfxv OpenJDK17U-jre_aarch64_linux_hotspot_17.0.6_10.tar.gz && \
+ rm -rf OpenJDK17U-jre_aarch64_linux_hotspot_17.0.6_10.tar.gz && \
+ chmod +x /config/start_webgoat.sh && \
+ chmod +x /config/start_zap.sh && \
+ apt-get update &&  \
+ apt-get --yes install vim nano && \
+ echo "JAVA_HOME=/config/jdk-17.0.6+10-jre/" >> .bash_aliases && \
+ echo "PATH=$PATH:$JAVA_HOME/bin" >> .bash_aliases
+
+
+ENV JAVA_HOME=/home/webgoat/jdk-17.0.6+10-jre
+
+WORKDIR /config/Desktop
--- a/config/desktop/WebGoat.txt
+++ b/config/desktop/WebGoat.txt
@ -0,0 +1,10 @@
+** Welcome to WebGoat desktop image
+
+With this image you have WebGoat and ZAP and a browser available to you in a browser running on Ubuntu.
+You can start WebGoat and ZAP by opening a terminal and type:
+
+./start-webgoat.sh
+./start_zap.sh
+
+Happy hacking,
+Team WebGoat
--- a/config/desktop/start_webgoat.sh
+++ b/config/desktop/start_webgoat.sh
@ -0,0 +1,17 @@
+#!/bin/sh
+
+/config/jdk-17.0.6+10-jre/bin/java \
+  -Duser.home=/config \
+  -Dfile.encoding=UTF-8 \
+  -DTZ=Europe/Amsterdam \
+  --add-opens java.base/java.lang=ALL-UNNAMED \
+  --add-opens java.base/java.util=ALL-UNNAMED \
+  --add-opens java.base/java.lang.reflect=ALL-UNNAMED \
+  --add-opens java.base/java.text=ALL-UNNAMED \
+  --add-opens java.desktop/java.beans=ALL-UNNAMED \
+  --add-opens java.desktop/java.awt.font=ALL-UNNAMED \
+  --add-opens java.base/sun.nio.ch=ALL-UNNAMED \
+  --add-opens java.base/java.io=ALL-UNNAMED \
+  --add-opens java.base/java.util=ALL-UNNAMED \
+  -Drunning.in.docker=false \
+  -jar /config/webgoat.jar
--- a/config/desktop/start_zap.sh
+++ b/config/desktop/start_zap.sh
@ -0,0 +1,3 @@
+#!/bin/sh
+
+/config/jdk-17.0.6+10-jre/bin/java -jar /config/ZAP_2.12.0/zap-2.12.0.jar