Use separate project for integration tests so we can start WebGoat and WebWolf

webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java

@@ -30,7 +30,6 @@
  */
 package org.owasp.webgoat;
 
-import lombok.extern.slf4j.Slf4j;
 import org.owasp.webgoat.plugins.PluginEndpointPublisher;
 import org.owasp.webgoat.plugins.PluginsLoader;
 import org.owasp.webgoat.session.Course;
@@ -38,30 +37,17 @@ import org.owasp.webgoat.session.UserSessionData;
 import org.owasp.webgoat.session.WebSession;
 import org.owasp.webgoat.session.WebgoatContext;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.builder.SpringApplicationBuilder;
-import org.springframework.boot.web.support.SpringBootServletInitializer;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Scope;
 import org.springframework.context.annotation.ScopedProxyMode;
 import org.springframework.web.client.RestTemplate;
 
 import java.io.File;
 
-@SpringBootApplication
-@Slf4j
-public class WebGoat extends SpringBootServletInitializer {
-
-    @Override
-    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
-        return application.sources(WebGoat.class);
-    }
-
-    public static void main(String[] args) throws Exception {
-        SpringApplication.run(WebGoat.class, args);
-    }
+@Configuration
+public class WebGoat {
 
     @Bean(name = "pluginTargetDirectory")
     public File pluginTargetDirectory(@Value("${webgoat.user.directory}") final String webgoatHome) {

webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java

@@ -58,7 +58,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
      * Constructor for the Lesson object
      */
     public AbstractLesson() {
-        id = new Integer(++count);
+        id = ++count;
     }
 
 

webgoat-container/src/main/java/org/owasp/webgoat/lessons/Category.java

@@ -36,40 +36,40 @@ import lombok.Getter;
  */
 public enum Category {
 
-    INTRODUCTION("Introduction", new Integer(5)),
-    GENERAL("General", new Integer(100)),
+    INTRODUCTION("Introduction", 5),
+    GENERAL("General", 100),
     
-    INJECTION("(A1) Injection", new Integer(300)),
-    AUTHENTICATION("(A2) Broken Authentication", new Integer(302)),
-    INSECURE_COMMUNICATION("(A3) Sensitive Data Exposure", new Integer(303)),
-    XXE("(A4) XML External Entities (XXE)", Integer.valueOf(304)),
-    ACCESS_CONTROL("(A5) Broken Access Control", new Integer(305)),
+    INJECTION("(A1) Injection", 300),
+    AUTHENTICATION("(A2) Broken Authentication", 302),
+    INSECURE_COMMUNICATION("(A3) Sensitive Data Exposure", 303),
+    XXE("(A4) XML External Entities (XXE)", 304),
+    ACCESS_CONTROL("(A5) Broken Access Control", 305),
     
-    XSS("(A7) Cross-Site Scripting (XSS)", new Integer(307)),
-    INSECURE_DESERIALIZATION("(A8) Insecure Deserialization", new Integer(308)),
-    VULNERABLE_COMPONENTS("(A9) Vulnerable Components", new Integer(309)),
+    XSS("(A7) Cross-Site Scripting (XSS)", 307),
+    INSECURE_DESERIALIZATION("(A8) Insecure Deserialization", 308),
+    VULNERABLE_COMPONENTS("(A9) Vulnerable Components", 309),
     
-    REQUEST_FORGERIES("(A8:2013) Request Forgeries", new Integer(318)),
+    REQUEST_FORGERIES("(A8:2013) Request Forgeries", 318),
 
     
-    REQ_FORGERIES("Request Forgeries", new Integer(450)),
+    REQ_FORGERIES("Request Forgeries", 450),
     
-    INSECURE_CONFIGURATION("Insecure Configuration", new Integer(600)),
-    INSECURE_STORAGE("Insecure Storage", new Integer(800)),
+    INSECURE_CONFIGURATION("Insecure Configuration", 600),
+    INSECURE_STORAGE("Insecure Storage", 800),
     
     
-    AJAX_SECURITY("AJAX Security", new Integer(1000)),
-    BUFFER_OVERFLOW("Buffer Overflows", new Integer(1100)),
-    CODE_QUALITY("Code Quality", new Integer(1200)),
-    CONCURRENCY("Concurrency", new Integer(1300)),
-    ERROR_HANDLING("Improper Error Handling", new Integer(1400)),
-    DOS("Denial of Service", new Integer(1500)),
-    MALICIOUS_EXECUTION("Malicious Execution", new Integer(1600)),
-    CLIENT_SIDE("Client side", new Integer(1700)),
-    SESSION_MANAGEMENT("Session Management Flaws", new Integer(1800)),
-    WEB_SERVICES("Web Services", new Integer(1900)),
-    ADMIN_FUNCTIONS("Admin Functions", new Integer(2000)),
-    CHALLENGE("Challenges", new Integer(3000));
+    AJAX_SECURITY("AJAX Security", 1000),
+    BUFFER_OVERFLOW("Buffer Overflows", 1100),
+    CODE_QUALITY("Code Quality", 1200),
+    CONCURRENCY("Concurrency", 1300),
+    ERROR_HANDLING("Improper Error Handling", 1400),
+    DOS("Denial of Service", 1500),
+    MALICIOUS_EXECUTION("Malicious Execution", 1600),
+    CLIENT_SIDE("Client side", 1700),
+    SESSION_MANAGEMENT("Session Management Flaws", 1800),
+    WEB_SERVICES("Web Services", 1900),
+    ADMIN_FUNCTIONS("Admin Functions", 2000),
+    CHALLENGE("Challenges", 3000);
 
     @Getter
     private String name;

webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java

@@ -51,7 +51,7 @@ public abstract class LessonAdapter extends AbstractLesson {
         // Do Nothing - called when restart lesson is pressed. Each lesson can do something
     }
         
-    private final static Integer DEFAULT_RANKING = new Integer(1000);
+    private final static Integer DEFAULT_RANKING = 1000;
 
     /**
      * <p>getDefaultRanking.</p>

webgoat-container/src/main/java/org/owasp/webgoat/users/UserForm.java

@@ -16,7 +16,7 @@ import javax.validation.constraints.Size;
 public class UserForm {
 
     @NotNull
-    @Size(min=6, max=20)
+    @Size(min=6, max=40)
     @Pattern(regexp = "[a-z0-9-]*", message = "can only contain lowercase letters, digits, and -")
     private String username;
     @NotNull