Merge branch 'next' into WEB-139

Author: nbaars

pom.xml

@@ -1,5 +1,6 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <name>WebGoat</name>
     <modelVersion>4.0.0</modelVersion>
     <groupId>WebGoat</groupId>
     <artifactId>WebGoat</artifactId>
@@ -19,6 +20,8 @@
         <org.springframework.version>3.2.4.RELEASE</org.springframework.version>
         <spring.security.version>3.2.4.RELEASE</spring.security.version>
         <tiles.version>2.2.2</tiles.version>
+        <!-- If run from Bamboo this will be replaced with the bamboo build number -->
+        <build.number>local</build.number>
     </properties>
 
     <build>
@@ -40,6 +43,22 @@
                     <encoding>ISO-8859-1</encoding>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-war-plugin</artifactId>
+                <configuration>
+                    <manifest>
+                        <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+                    </manifest>
+                    <archive>
+                        <manifestEntries>
+                            <Specification-Title>${project.name}</Specification-Title>
+                            <Specification-Version>${project.version}</Specification-Version>
+                            <Implementation-Version>${build.number}</Implementation-Version>
+                        </manifestEntries>
+                    </archive>
+                </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.apache.tomcat.maven</groupId>
                 <artifactId>tomcat7-maven-plugin</artifactId>

src/main/java/org/owasp/webgoat/application/Application.java

@@ -0,0 +1,88 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.webgoat.application;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.builder.ToStringBuilder;
+
+/**
+ * Singleton which is created on context startup
+ *
+ * @author rlawson
+ */
+public class Application {
+
+    private static final Application INSTANCE = new Application();
+
+    private Application() {
+
+    }
+
+    public static final Application getInstance() {
+        return INSTANCE;
+    }
+
+    private String version = "SNAPSHOT";
+    private String build = "local";
+    private String name = "WebGoat";
+
+    /**
+     * @return the version
+     */
+    public String getVersion() {
+        return version;
+    }
+
+    /**
+     * @param version the version to set
+     */
+    public void setVersion(String version) {
+        if (StringUtils.isNotBlank(version)) {
+            this.version = version;
+        }
+    }
+
+    /**
+     * @return the build
+     */
+    public String getBuild() {
+        return build;
+    }
+
+    /**
+     * @param build the build to set
+     */
+    public void setBuild(String build) {
+        if (StringUtils.isNotBlank(build)) {
+            this.build = build;
+        }
+    }
+
+    /**
+     * @return the name
+     */
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * @param name the name to set
+     */
+    public void setName(String name) {
+        if (StringUtils.isNotBlank(name)) {
+            this.name = name;
+        }
+    }
+
+    @Override
+    public String toString() {
+        return new ToStringBuilder(this).
+                append("name", name).
+                append("version", version).
+                append("build", build).
+                toString();
+    }
+}

src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java

@@ -0,0 +1,52 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.webgoat.application;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.jar.Attributes;
+import java.util.jar.Manifest;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+/**
+ * Web application lifecycle listener.
+ *
+ * @author rlawson
+ */
+public class WebGoatServletListener implements ServletContextListener {
+
+    @Override
+    public void contextInitialized(ServletContextEvent sce) {
+        ServletContext context = sce.getServletContext();
+        context.log("WebGoat is starting");
+        setApplicationVariables(context);
+    }
+
+    @Override
+    public void contextDestroyed(ServletContextEvent sce) {
+        ServletContext context = sce.getServletContext();
+        context.log("WebGoat is stopping");
+    }
+
+    private void setApplicationVariables(ServletContext context) {
+        Application app = Application.getInstance();
+        try {
+            InputStream inputStream = context.getResourceAsStream("/META-INF/MANIFEST.MF");
+            Manifest manifest = new Manifest(inputStream);
+            Attributes attr = manifest.getMainAttributes();
+            String name = attr.getValue("Specification-Title");
+            String version = attr.getValue("Specification-Version");
+            String build = attr.getValue("Implementation-Version");
+            app.setName(name);
+            app.setVersion(version);
+            app.setBuild(build);
+        } catch (IOException ioe) {
+            context.log("Error setting application variables", ioe);
+        }
+    }
+}

src/main/java/org/owasp/webgoat/controller/Start.java

@@ -10,6 +10,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import org.apache.commons.lang3.StringUtils;
+import org.owasp.webgoat.application.Application;
 import org.owasp.webgoat.session.WebSession;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -55,6 +56,13 @@ public ModelAndView start(HttpServletRequest request,
 
         String contactEmail = servletContext.getInitParameter("email");
         model.addObject("contactEmail", contactEmail);
+        String emailList = servletContext.getInitParameter("emaillist");
+        model.addObject("emailList", emailList);
+
+        Application app = Application.getInstance();
+        logger.info("Setting application properties: " + app);
+        model.addObject("version", app.getVersion());
+        model.addObject("build", app.getBuild());
 
         // if everything ok then go to webgoat UI
         model.setViewName("main_new");

src/main/java/org/owasp/webgoat/service/ApplicationService.java

@@ -0,0 +1,59 @@
+/**
+ * *************************************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at
+ * https://github.com/WebGoat/WebGoat, a repository for free software projects.
+ *
+ * For details, please see http://webgoat.github.io
+ */
+package org.owasp.webgoat.service;
+
+import javax.servlet.http.HttpSession;
+import org.owasp.webgoat.application.Application;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+/**
+ *
+ * @author rlawson
+ */
+@Controller
+public class ApplicationService extends BaseService {
+
+    /**
+     * Returns global application info
+     *
+     * @param session
+     * @return
+     */
+    @RequestMapping(value = "/application.mvc", produces = "application/json")
+    public @ResponseBody
+    Application showApplication(HttpSession session) {
+        Application app = Application.getInstance();
+        return app;
+    }
+
+}

src/main/webapp/WEB-INF/pages/about.jsp

@@ -10,24 +10,27 @@
     </div>
     <div class="modal-body modal-scroll">
         <p>Thanks for hacking The Goat!</p> 
-		<p>WebGoat is a demonstration of common web application flaws. The
-        associated exercises are intended to provide hands-on experience with
-        techniques aimed at demonstrating and testing application penetration.
+        <p>WebGoat is a demonstration of common web application flaws. The
+            associated exercises are intended to provide hands-on experience with
+            techniques aimed at demonstrating and testing application penetration.
         </p>
-		<p>From the entire WebGoat team, we appreciate your interest and efforts
-        in making applications not just better, but safer and more secure for
-        everyone. We, as well as our sacrificial goat, thank you.</p>
-        <p>Version: 6.0</p>
+        <p>From the entire WebGoat team, we appreciate your interest and efforts
+            in making applications not just better, but safer and more secure for
+            everyone. We, as well as our sacrificial goat, thank you.</p>
+        <p>
+            Version: ${version},&nbsp;Build: ${build}
+        </p>
+
         <div class="row">
-          <div class="col-md-6">
-              <p>Contact us:
-              <ul>
-                  <li>WebGoat mailing list: [email protected]</li>
-                  <li>Bruce Mayhew:  [email protected]</li>
-              </ul>
-              </p>
-          </div>
- 		</div>       
+            <div class="col-md-6">
+                <p>Contact us:
+                <ul>
+                    <li>WebGoat mailing list: ${emailList}</li>
+                    <li>Bruce Mayhew:  ${contactEmail}</li>
+                </ul>
+                </p>
+            </div>
+        </div>       
         <div class="row">
             <div class="col-md-6">
                 <p>WebGoat Authors
@@ -86,9 +89,9 @@
                 </ul>
                 </p>
                 <p>Did we miss you? Our sincere apologies, as we know there have
-                been many contributors over the years. If your name does not
-                appear in any of the lists above, please send us a note. We'll
-                get you added with no further sacrifices required.</p>
+                    been many contributors over the years. If your name does not
+                    appear in any of the lists above, please send us a note. We'll
+                    get you added with no further sacrifices required.</p>
             </div>
         </div>
     </div>