3340eb92dd
* feature/spring-boot: (92 commits) XXE checkin XXE checkin XXE first attempt HTTP-Basics mark lesson complete issue fixed cleaning up some fixing the scroll 'sliver' problem. Likely need to check back on this when menu grows again lesson pagination fixes mainly, some other fixes included & clean up Incremental style changes refactor to help accomodate multiple attacks and output in one 'page' Updated some of the credits double-feedback fix on single page commenting out to stop redundant callbacks few cleanup items, added least privilege Fixed test for password First wave is complete; some rendering issues Trying to wire up the DB connection and fill out first sql stub Fixing hide/show of next/prev buttons another stub First round of sql injection with stubs Give focus to username when loading the login page ... Signed-off-by: Doug Morato <dm@corp.io> # Conflicts: # .travis.yml # README.MD # pom.xml # webgoat-container/pom.xml # webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java # webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java # webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java # webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java # webgoat-container/src/main/java/org/owasp/webgoat/service/RestartLessonService.java # webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java # webgoat-container/src/main/resources/static/js/goatApp/controller/LessonController.js # webgoat-container/src/main/resources/webgoat.properties # webgoat-container/src/main/webapp/META-INF/context.xml # webgoat-container/src/main/webapp/WEB-INF/context.xml # webgoat-container/src/main/webapp/js/goatApp/view/LessonContentView.js # webgoat-container/src/test/java/org/owasp/webgoat/plugins/WebGoatIT.java # webgoat-container/src/test/resources/log4j.properties # webgoat_developer_bootstrap.sh
350 lines
14 KiB
XML
350 lines
14 KiB
XML
<?xml version="1.0"?>
|
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
|
|
|
<modelVersion>4.0.0</modelVersion>
|
|
<groupId>org.owasp.webgoat</groupId>
|
|
<artifactId>webgoat-parent</artifactId>
|
|
<packaging>pom</packaging>
|
|
<version>7.1-SNAPSHOT</version>
|
|
|
|
<name>WebGoat Parent Pom</name>
|
|
<description>Parent Pom for the WebGoat Project. A deliberately insecure Web Application</description>
|
|
<inceptionYear>2006</inceptionYear>
|
|
<url>https://github.com/WebGoat/WebGoat</url>
|
|
|
|
<organization>
|
|
<name>OWASP</name>
|
|
<url>https://webgoat.github.io/</url>
|
|
</organization>
|
|
|
|
<parent>
|
|
<groupId>org.springframework.boot</groupId>
|
|
<artifactId>spring-boot-starter-parent</artifactId>
|
|
<version>1.4.1.RELEASE</version>
|
|
</parent>
|
|
|
|
<licenses>
|
|
<license>
|
|
<name>GNU General Public License, version 2</name>
|
|
<url>https://www.gnu.org/licenses/gpl-2.0.txt</url>
|
|
</license>
|
|
</licenses>
|
|
|
|
<developers>
|
|
<developer>
|
|
<id>mayhew64</id>
|
|
<name>Bruce Mayhew</name>
|
|
<email>webgoat@owasp.org</email>
|
|
<organization>OWASP</organization>
|
|
<organizationUrl>https://github.com/WebGoat/WebGoat</organizationUrl>
|
|
</developer>
|
|
<developer>
|
|
<id>nbaars</id>
|
|
<name>Nanne Baars</name>
|
|
<email>nbaars@xebia.com</email>
|
|
<organizationUrl>https://github.com/nbaars</organizationUrl>
|
|
<timezone>Europe/Amsterdam</timezone>
|
|
</developer>
|
|
<developer>
|
|
<id>misfir3</id>
|
|
<name />
|
|
<email />
|
|
</developer>
|
|
<developer>
|
|
<id>jwayman</id>
|
|
<name>Jeff Wayman</name>
|
|
<email />
|
|
</developer>
|
|
<developer>
|
|
<id>dcowden</id>
|
|
<name>Dave Cowden</name>
|
|
<email />
|
|
</developer>
|
|
<developer>
|
|
<id>lawson89</id>
|
|
<name>Richard Lawson</name>
|
|
<email />
|
|
</developer>
|
|
<developer>
|
|
<id>dougmorato</id>
|
|
<name>Doug Morato</name>
|
|
<email>doug.morato@owasp.org</email>
|
|
<organization>OWASP</organization>
|
|
<organizationUrl>https://github.com/dougmorato</organizationUrl>
|
|
<timezone>America/New_York</timezone>
|
|
<properties>
|
|
<picUrl>https://avatars2.githubusercontent.com/u/9654?v=3&s=150</picUrl>
|
|
</properties>
|
|
</developer>
|
|
</developers>
|
|
|
|
<mailingLists>
|
|
<mailingList>
|
|
<name>OWASP WebGoat Mailing List</name>
|
|
<subscribe>https://lists.owasp.org/mailman/listinfo/owasp-webgoat</subscribe>
|
|
<unsubscribe>Owasp-webgoat-request@lists.owasp.org</unsubscribe>
|
|
<post>owasp-webgoat@lists.owasp.org</post>
|
|
<archive>http://lists.owasp.org/pipermail/owasp-webgoat/</archive>
|
|
</mailingList>
|
|
</mailingLists>
|
|
|
|
<scm>
|
|
<url>https://github.com/WebGoat/WebGoat</url>
|
|
<connection>scm:git:git@github.com:WebGoat/WebGoat.git</connection>
|
|
<developerConnection>scm:git:git@github.com:WebGoat/WebGoat.git</developerConnection>
|
|
<tag>HEAD</tag>
|
|
</scm>
|
|
|
|
<issueManagement>
|
|
<system>Github Issues</system>
|
|
<url>https://github.com/WebGoat/WebGoat/issues</url>
|
|
</issueManagement>
|
|
|
|
<ciManagement>
|
|
<system>Travis CI</system>
|
|
<url>https://travis-ci.org/WebGoat/WebGoat</url>
|
|
</ciManagement>
|
|
|
|
<properties>
|
|
<maven.compiler.source>1.8</maven.compiler.source>
|
|
<maven.compiler.target>1.8</maven.compiler.target>
|
|
|
|
<!-- Use UTF-8 Encoding -->
|
|
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
|
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
|
|
|
|
<!-- This build number will be ubdated by Travis-CI -->
|
|
<build.number>build</build.number>
|
|
|
|
<!-- Shared properties with plugins and version numbers across submodules-->
|
|
<activation.version>1.1.1</activation.version>
|
|
<axis-ant.version>1.4</axis-ant.version>
|
|
<axis-jaxrpc.version>1.4</axis-jaxrpc.version>
|
|
<axis-saaj.version>1.4</axis-saaj.version>
|
|
<axis.version>1.4</axis.version>
|
|
<build-helper-maven-plugin.version>1.9.1</build-helper-maven-plugin.version>
|
|
<cobertura-maven-plugin.version>2.7</cobertura-maven-plugin.version>
|
|
<commons-collections.version>3.2.1</commons-collections.version>
|
|
<commons-digester.version>2.1</commons-digester.version>
|
|
<commons-discovery.version>0.5</commons-discovery.version>
|
|
<commons-fileupload.version>1.3.1</commons-fileupload.version>
|
|
<commons-io.version>2.4</commons-io.version>
|
|
<commons-lang3.version>3.4</commons-lang3.version>
|
|
<commons-logging.version>1.2</commons-logging.version>
|
|
<coveralls-maven-plugin.version>4.0.0</coveralls-maven-plugin.version>
|
|
<guava.version>18.0</guava.version>
|
|
<h2.version>1.4.190</h2.version>
|
|
<hsqldb.version>1.8.0.10</hsqldb.version>
|
|
<j2h.version>1.3.1</j2h.version>
|
|
<jackson-core.version>2.6.3</jackson-core.version>
|
|
<jackson-databind.version>2.6.3</jackson-databind.version>
|
|
<javaee-api.version>6.0</javaee-api.version>
|
|
<javax.transaction-api.version>1.2</javax.transaction-api.version>
|
|
<jcl-over-slf4j.version>1.7.12</jcl-over-slf4j.version>
|
|
<jstl.version>1.2</jstl.version>
|
|
<jtds.version>1.3.1</jtds.version>
|
|
<junit.version>4.12</junit.version>
|
|
<log4j.version>1.2.17</log4j.version>
|
|
<mail-api.version>1.5.4</mail-api.version>
|
|
<maven-compiler-plugin.version>3.3</maven-compiler-plugin.version>
|
|
<maven-failsafe-plugin.version>2.19</maven-failsafe-plugin.version>
|
|
<maven-gpg-plugin.version>1.6</maven-gpg-plugin.version>
|
|
<maven-jar-plugin.version>2.6</maven-jar-plugin.version>
|
|
<maven-javadoc-plugin.version>2.10.4</maven-javadoc-plugin.version>
|
|
<maven-release-plugin.version>2.5.2</maven-release-plugin.version>
|
|
<maven-source-plugin.version>3.0.1</maven-source-plugin.version>
|
|
<maven-surefire-plugin.version>2.19</maven-surefire-plugin.version>
|
|
<nexus-staging-maven-plugin.version>1.6.6</nexus-staging-maven-plugin.version>
|
|
<sauce_junit.version>2.1.20</sauce_junit.version>
|
|
<selenium-java.version>2.48.2</selenium-java.version>
|
|
<slf4j-api.version>1.7.12</slf4j-api.version>
|
|
<slf4j-log4j12.version>1.7.12</slf4j-log4j12.version>
|
|
<spring.security.version>3.2.4.RELEASE</spring.security.version>
|
|
<standard.version>1.1.2</standard.version>
|
|
<tiles.version>3.0.5</tiles.version>
|
|
<tomcat-catalina.version>7.0.65</tomcat-catalina.version>
|
|
<tomcat7-maven-plugin.version>2.3-SNAPSHOT</tomcat7-maven-plugin.version>
|
|
<versioneye-maven-plugin.version>3.5.1</versioneye-maven-plugin.version>
|
|
<wsdl4j.version>1.6.3</wsdl4j.version>
|
|
</properties>
|
|
|
|
<modules>
|
|
<module>webgoat-container</module>
|
|
<module>webgoat-lessons</module>
|
|
</modules>
|
|
|
|
<distributionManagement>
|
|
<snapshotRepository>
|
|
<id>ossrh</id>
|
|
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
|
|
</snapshotRepository>
|
|
<repository>
|
|
<id>ossrh</id>
|
|
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
|
|
</repository>
|
|
</distributionManagement>
|
|
|
|
<pluginRepositories>
|
|
<pluginRepository>
|
|
<id>apache.snapshots</id>
|
|
<url>http://repository.apache.org/snapshots/</url>
|
|
<!-- The releases element here is due to an issue in Maven 2.0 that will be
|
|
fixed in future releases. This should be able to be disabled altogether. -->
|
|
<releases>
|
|
<updatePolicy>daily</updatePolicy>
|
|
</releases>
|
|
<snapshots>
|
|
<updatePolicy>daily</updatePolicy>
|
|
</snapshots>
|
|
</pluginRepository>
|
|
</pluginRepositories>
|
|
|
|
<profiles>
|
|
<profile>
|
|
<id>release</id>
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>org.owasp.webgoat.lesson</groupId>
|
|
<artifactId>dist</artifactId>
|
|
<version>1.0</version>
|
|
<type>zip</type>
|
|
<scope>provided</scope>
|
|
<classifier>plugins</classifier>
|
|
</dependency>
|
|
</dependencies>
|
|
<build>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-dependency-plugin</artifactId>
|
|
<executions>
|
|
<execution>
|
|
<id>unpack-lesson</id>
|
|
<goals>
|
|
<goal>unpack-dependencies</goal>
|
|
</goals>
|
|
<phase>generate-resources</phase>
|
|
<configuration>
|
|
<outputDirectory>${project.basedir}/webgoat-container/src/main/webapp/plugin_lessons</outputDirectory>
|
|
<includeArtifactIds>dist</includeArtifactIds>
|
|
<includes>*.jar</includes>
|
|
</configuration>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.sonatype.plugins</groupId>
|
|
<artifactId>nexus-staging-maven-plugin</artifactId>
|
|
<version>${nexus-staging-maven-plugin.version}</version>
|
|
<extensions>true</extensions>
|
|
<configuration>
|
|
<serverId>ossrh</serverId>
|
|
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
|
|
<autoReleaseAfterClose>false</autoReleaseAfterClose>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-source-plugin</artifactId>
|
|
<version>${maven-source-plugin.version}</version>
|
|
<executions>
|
|
<execution>
|
|
<id>attach-sources</id>
|
|
<goals>
|
|
<goal>jar-no-fork</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-javadoc-plugin</artifactId>
|
|
<version>${maven-javadoc-plugin.version}</version>
|
|
<executions>
|
|
<execution>
|
|
<id>attach-javadocs</id>
|
|
<goals>
|
|
<goal>jar</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-gpg-plugin</artifactId>
|
|
<version>${maven-gpg-plugin.version}</version>
|
|
<executions>
|
|
<execution>
|
|
<id>sign-artifacts</id>
|
|
<phase>verify</phase>
|
|
<goals>
|
|
<goal>sign</goal>
|
|
</goals>
|
|
<configuration>
|
|
<keyname>WebGoat</keyname>
|
|
</configuration>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
</profile>
|
|
</profiles>
|
|
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>org.projectlombok</groupId>
|
|
<artifactId>lombok</artifactId>
|
|
<version>1.16.10</version>
|
|
<scope>provided</scope>
|
|
</dependency>
|
|
</dependencies>
|
|
|
|
<build>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-release-plugin</artifactId>
|
|
<version>${maven-release-plugin.version}</version>
|
|
<configuration>
|
|
<autoVersionSubmodules>true</autoVersionSubmodules>
|
|
<useReleaseProfile>false</useReleaseProfile>
|
|
<releaseProfiles>release</releaseProfiles>
|
|
<tagNameFormat>@{project.version}</tagNameFormat>
|
|
<goals>deploy</goals>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.eluder.coveralls</groupId>
|
|
<artifactId>coveralls-maven-plugin</artifactId>
|
|
<version>${coveralls-maven-plugin.version}</version>
|
|
<configuration>
|
|
<repoToken />
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.codehaus.mojo</groupId>
|
|
<artifactId>cobertura-maven-plugin</artifactId>
|
|
<version>${cobertura-maven-plugin.version}</version>
|
|
<configuration>
|
|
<check />
|
|
<format>xml</format>
|
|
<maxmem>256m</maxmem>
|
|
<!-- aggregated reports for multi-module projects -->
|
|
<aggregate>true</aggregate>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>com.versioneye</groupId>
|
|
<artifactId>versioneye-maven-plugin</artifactId>
|
|
<version>${versioneye-maven-plugin.version}</version>
|
|
<configuration>
|
|
<apiKey>a1e4a9da4ed34ee44cab</apiKey>
|
|
<projectId>562da95be346d7000e0369ac</projectId>
|
|
</configuration>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
|
|
</project>
|