WEB-68 Service to return WebGoat Version and Build Number

Author: lawson89

pom.xml

@@ -1,5 +1,6 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <name>WebGoat</name>
     <modelVersion>4.0.0</modelVersion>
     <groupId>WebGoat</groupId>
     <artifactId>WebGoat</artifactId>
@@ -19,6 +20,8 @@
         <org.springframework.version>3.2.4.RELEASE</org.springframework.version>
         <spring.security.version>3.2.4.RELEASE</spring.security.version>
         <tiles.version>2.2.2</tiles.version>
+        <!-- If run from Bamboo this will be replaced with the bamboo build number -->
+        <build.number>local</build.number>
     </properties>
 
     <build>
@@ -40,6 +43,22 @@
                     <encoding>ISO-8859-1</encoding>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-war-plugin</artifactId>
+                <configuration>
+                    <manifest>
+                        <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+                    </manifest>
+                    <archive>
+                        <manifestEntries>
+                            <Specification-Title>${project.name}</Specification-Title>
+                            <Specification-Version>${project.version}</Specification-Version>
+                            <Implementation-Version>${build.number}</Implementation-Version>
+                        </manifestEntries>
+                    </archive>
+                </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.apache.tomcat.maven</groupId>
                 <artifactId>tomcat7-maven-plugin</artifactId>

src/main/java/org/owasp/webgoat/application/Application.java

@@ -0,0 +1,88 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.webgoat.application;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.builder.ToStringBuilder;
+
+/**
+ * Singleton which is created on context startup
+ *
+ * @author rlawson
+ */
+public class Application {
+
+    private static final Application INSTANCE = new Application();
+
+    private Application() {
+
+    }
+
+    public static final Application getInstance() {
+        return INSTANCE;
+    }
+
+    private String version = "local";
+    private String build = "local";
+    private String name = "WebGoat";
+
+    /**
+     * @return the version
+     */
+    public String getVersion() {
+        return version;
+    }
+
+    /**
+     * @param version the version to set
+     */
+    public void setVersion(String version) {
+        if (StringUtils.isNotBlank(version)) {
+            this.version = version;
+        }
+    }
+
+    /**
+     * @return the build
+     */
+    public String getBuild() {
+        return build;
+    }
+
+    /**
+     * @param build the build to set
+     */
+    public void setBuild(String build) {
+        if (StringUtils.isNotBlank(build)) {
+            this.build = build;
+        }
+    }
+
+    /**
+     * @return the name
+     */
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * @param name the name to set
+     */
+    public void setName(String name) {
+        if (StringUtils.isNotBlank(name)) {
+            this.name = name;
+        }
+    }
+
+    @Override
+    public String toString() {
+        return new ToStringBuilder(this).
+                append("name", name).
+                append("version", version).
+                append("build", build).
+                toString();
+    }
+}

src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java

@@ -0,0 +1,52 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.webgoat.application;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.jar.Attributes;
+import java.util.jar.Manifest;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+/**
+ * Web application lifecycle listener.
+ *
+ * @author rlawson
+ */
+public class WebGoatServletListener implements ServletContextListener {
+
+    @Override
+    public void contextInitialized(ServletContextEvent sce) {
+        ServletContext context = sce.getServletContext();
+        context.log("WebGoat is starting");
+        setApplicationVariables(context);
+    }
+
+    @Override
+    public void contextDestroyed(ServletContextEvent sce) {
+        ServletContext context = sce.getServletContext();
+        context.log("WebGoat is stopping");
+    }
+
+    private void setApplicationVariables(ServletContext context) {
+        Application app = Application.getInstance();
+        try {
+            InputStream inputStream = context.getResourceAsStream("/META-INF/MANIFEST.MF");
+            Manifest manifest = new Manifest(inputStream);
+            Attributes attr = manifest.getMainAttributes();
+            String name = attr.getValue("Specification-Title");
+            String version = attr.getValue("Specification-Version");
+            String build = attr.getValue("Implementation-Version");
+            app.setName(name);
+            app.setVersion(version);
+            app.setBuild(build);
+        } catch (IOException ioe) {
+            context.log("Error setting application variables", ioe);
+        }
+    }
+}

src/main/java/org/owasp/webgoat/controller/Start.java

@@ -10,6 +10,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import org.apache.commons.lang3.StringUtils;
+import org.owasp.webgoat.application.Application;
 import org.owasp.webgoat.session.WebSession;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -55,6 +56,10 @@ public ModelAndView start(HttpServletRequest request,
 
         String contactEmail = servletContext.getInitParameter("email");
         model.addObject("contactEmail", contactEmail);
+        Application app = Application.getInstance();
+        logger.info("Setting application properties: " + app);
+        model.addObject("version", app.getVersion());
+        model.addObject("build", app.getBuild());
 
         // if everything ok then go to webgoat UI
         model.setViewName("main_new");

src/main/java/org/owasp/webgoat/service/ApplicationService.java

@@ -0,0 +1,59 @@
+/**
+ * *************************************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at
+ * https://github.com/WebGoat/WebGoat, a repository for free software projects.
+ *
+ * For details, please see http://webgoat.github.io
+ */
+package org.owasp.webgoat.service;
+
+import javax.servlet.http.HttpSession;
+import org.owasp.webgoat.application.Application;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+/**
+ *
+ * @author rlawson
+ */
+@Controller
+public class ApplicationService extends BaseService {
+
+    /**
+     * Returns global application info
+     *
+     * @param session
+     * @return
+     */
+    @RequestMapping(value = "/application.mvc", produces = "application/json")
+    public @ResponseBody
+    Application showApplication(HttpSession session) {
+        Application app = Application.getInstance();
+        return app;
+    }
+
+}