dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use separate project for integration tests so we can start WebGoat and WebWolf

Browse Source
This commit is contained in:
Nanne Baars
2019-08-25 17:43:14 +02:00
parent 139651615e
commit ff530e926e
33 changed files with 793 additions and 742 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
webwolf/pom.xml
View File

@ -110,6 +110,22 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.1.2</version>
<executions>
<execution>
<phase>test-compile</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>internal</classifier>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>

15
webwolf/src/main/java/org/owasp/webwolf/WebWolf.java
View File

@ -1,29 +1,24 @@
package org.owasp.webwolf;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webwolf.requests.WebWolfTraceRepository;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.actuate.trace.TraceRepository;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.web.support.SpringBootServletInitializer;
import org.springframework.context.annotation.Bean;
import java.util.Map;
@SpringBootApplication
@Slf4j
public class WebWolf extends SpringBootServletInitializer {
public class WebWolf {
@Bean
public TraceRepository traceRepository() {
return new WebWolfTraceRepository();
}
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(WebWolf.class);
}
public static void main(String[] args) throws Exception {
public static void main(String[] args) {
System.setProperty("spring.config.name", "application-webwolf");
SpringApplication.run(WebWolf.class, args);
}
}

1
webwolf/src/main/java/org/owasp/webwolf/mailbox/Email.java
View File

@ -25,6 +25,7 @@ public class Email implements Serializable {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@JsonIgnore
private LocalDateTime time = LocalDateTime.now();
@Column(length = 1024)
private String contents;

2
webwolf/src/main/java/org/owasp/webwolf/requests/Requests.java
View File

@ -42,7 +42,7 @@ public class Requests {
}
@GetMapping
public ModelAndView get(HttpServletRequest request) {
public ModelAndView get() {
ModelAndView m = new ModelAndView("requests");
List<Tracert> traces = traceRepository.findAllTraces().stream()
.map(t -> new Tracert(t.getTimestamp(), path(t), toJsonString(t))).collect(toList());

21
webwolf/src/main/java/org/owasp/webwolf/requests/WebWolfTraceRepository.java
View File

@ -7,7 +7,10 @@ import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.actuate.trace.Trace;
import org.springframework.boot.actuate.trace.TraceRepository;
import java.util.*;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* Keep track of all the incoming requests, we are only keeping track of request originating from
@ -20,7 +23,7 @@ import java.util.*;
public class WebWolfTraceRepository implements TraceRepository {
private final EvictingQueue<Trace> traces = EvictingQueue.create(10000);
private List<String> exclusionList = Lists.newArrayList("/WebWolf/home", "/WebWolf/mail","/WebWolf/files", "/images/", "/login", "/favicon.ico", "/js/", "/webjars/", "/WebWolf/requests", "/css/", "/mail");
private List<String> exclusionList = Lists.newArrayList("/WebWolf/home", "/WebWolf/mail", "/WebWolf/files", "/images/", "/login", "/favicon.ico", "/js/", "/webjars/", "/WebWolf/requests", "/css/", "/mail");
@Override
public List<Trace> findAll() {
@ -40,21 +43,9 @@ public class WebWolfTraceRepository implements TraceRepository {
@Override
public void add(Map<String, Object> map) {
Optional<String> host = getFromHeaders("host", map);
String path = (String) map.getOrDefault("path", "");
if (host.isPresent() && !isInExclusionList(path)) {
if (!isInExclusionList(path)) {
traces.add(new Trace(new Date(), map));
}
}
private Optional<String> getFromHeaders(String header, Map<String, Object> map) {
Map<String, Object> headers = (Map<String, Object>) map.get("headers");
if (headers != null) {
Map<String, Object> request = (Map<String, Object>) headers.get("request");
if (request != null) {
return Optional.ofNullable((String) request.get(header));
}
}
return Optional.empty();
}
}

2
webwolf/src/main/java/org/owasp/webwolf/user/UserForm.java
View File

@ -15,7 +15,7 @@ import javax.validation.constraints.Size;
public class UserForm {
@NotNull
@Size(min=6, max=20)
@Size(min=6, max=40)
private String username;
@NotNull
@Size(min=6, max=10)

22
webwolf/src/main/java/org/owasp/webwolf/user/WebGoatUserCookie.java
View File

@ -1,22 +0,0 @@
package org.owasp.webwolf.user;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import org.springframework.data.annotation.Id;
import java.io.Serializable;
/**
* @author nbaars
* @since 8/20/17.
*/
@Getter
@NoArgsConstructor
@AllArgsConstructor
public class WebGoatUserCookie implements Serializable {
@Id
private String username;
private String cookie;
}

1
webwolf/src/main/resources/application.properties → webwolf/src/main/resources/application-webwolf.properties
View File

@ -10,6 +10,7 @@ spring.datasource.url=jdbc:hsqldb:hsql://${WEBGOAT_HOST:127.0.0.1}:${WEBGOAT_HSQ
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.HSQLDialect
spring.jpa.hibernate.ddl-auto=update
spring.messages.basename=i18n/messages
spring.jmx.enabled=false
logging.level.org.springframework=INFO
logging.level.org.springframework.boot.devtools=WARN