Merge branch 'next' of https://github.com/WebGoat/WebGoat into next

Author: act-ive

src/main/webapp/WEB-INF/pages/about.jsp

@@ -1,124 +1,97 @@
 <%@ page contentType="text/html; charset=ISO-8859-1" language="java"
          errorPage=""%>
 
-<!-- Latest compiled and minified CSS -->
-<link rel="stylesheet" href="plugins/bootstrap/css/bootstrap.min.css"/>
-<link rel="stylesheet" href="css/webgoat.css" type="text/css" />
+<!-- This modal content is included into the main_new.jsp -->
 
-<div class="modal-header">
-    <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
-    <h1 class="modal-title" id="myModalLabel">About WebGoat</h1>
-</div>
-<div class="modal-body">
-    <p>Thank you for using WebGoat! This program is a demonstration of common web application flaws.
-        The exercises are intended to provide hands on experience with
-        application penetration testing techniques. </p>
-    <p>The WebGoat project is led
-        by Bruce Mayhew. Please send all comments to Bruce at [TODO, session was blowing up here for some reason].</p>
-
-    <div id="team">
-        <table border="0" align="center" class="lessonText">
-            <tr>
-                <td width="50%">
-                    <div align="center"><a href="http://www.owasp.org"><img
-                                border="0" src="images/logos/owasp.jpg" alt="OWASP Foundation"
-                                longdesc="http://www.owasp.org" /></a></div>
-                </td>
-                <td width="50%">
-                    <div align="center"><a href="http://www.aspectsecurity.com"><img
-                                border="0" src="images/logos/aspect.jpg" alt="Aspect Security"
-                                longdesc="http://www.aspectsecurity.com" /></a></div>
-                </td>
-            </tr>
-            <tr>
-                <td colspan="2">
-                    <div align="center"><span class="style1">
-                            WebGoat Authors </span></div>
-                </td>
-            </tr>
-            <tr>
-                <td colspan="2">
-                    <div align="center"><span class="style2">
-                            Bruce Mayhew </span></div>
-                </td>
-            </tr>
-            <tr>
-                <td colspan="2">
-                    <div align="center"><span class="style2">
-                            Jeff Williams </span></div>
-                </td>
-            </tr>
-            <tr>
-                <td width="50%">
-                    <div align="center"><span class="style1"><br />
-                            WebGoat Design Team </span></div>
-                </td>
-                <td width="50%">
-                    <div align="center"><span class="style1"><br />
-                            V5.4 Lesson Contributers </span></div>
-                </td>
-            </tr>
-            <tr>
-                <td valign="top">
-                    <div align="center" class="style2">David Anderson</div>
-                    <div align="center" class="style2">Laurence Casey (Graphics)</div>
-                    <div align="center" class="style2">Rogan Dawes</div>
-                    <div align="center" class="style2">Bruce Mayhew</div>
-                </td>
-                <td valign="top">
-                    <div align="center" class="style2">Sherif Koussa</div>
-                    <div align="center" class="style2">Yiannis Pavlosoglou</div>
-                    <div align="center" class="style2"></div>
-
-                </td>
-            </tr>
-            <tr>
-                <td height="25" valign="bottom">
-                    <div align="center"><span class="style1">Special Thanks
-                            for V5.4</span></div>
-                </td>
-                <td height="25" valign="bottom">
-                    <div align="center"><span class="style1">Documentation
-                            Contributers</span></div>
-                </td>
-            </tr>
-            <tr>
-                <td>
-                    <div align="center" class="style2">Brian Ciomei (Multitude of bug fixes)</div>
-                    <div align="center" class="style2">To all who have sent comments</div>
-
-                </td>
-                <td>
-                    <div align="center" class="style2">
-                        <a href="http://www.zionsecurity.com/" target="_blank">Erwin Geirnaert</a></div>
-                    <div align="center" class="style2">
-                        <a href="http://yehg.org/" target="_blank">Aung Khant</a></div>
-                    <div align="center" class="style2">
-                        <a href="http://www.softwaresecured.com" target="blank">Sherif Koussa</a>
-                    </div>
-                </td>
-            </tr>
-            <tr>
-                <td>
-                    <div align="center" class="style2">&nbsp;</div>
-                </td>
-            </tr>
-        </table>
+<div class="modal-content">
+    <div class="modal-header">
+        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
+        <h3 class="modal-title" id="myModalLabel">About WebGoat - Provided by the OWASP Foundation</h3>
+    </div>
+    <div class="modal-body modal-scroll">
+        <p>Thanks for hacking The Goat!</p> 
+		<p>WebGoat is a demonstration of common web application flaws. The
+        associated exercises are intended to provide hands-on experience with
+        techniques aimed at demonstrating and testing application penetration.
+        </p>
+		<p>From the entire WebGoat team, we appreciate your interest and efforts
+        in making applications not just better, but safer and more secure for
+        everyone. We, as well as our sacrificial goat, thank you.</p>
+        <p>Version: 6.0</p>
+        <div class="row">
+          <div class="col-md-6">
+              <p>Contact us:
+              <ul>
+                  <li>WebGoat mailing list: [email protected]</li>
+                  <li>Bruce Mayhew:  [email protected]</li>
+              </ul>
+              </p>
+          </div>
+ 		</div>       
+        <div class="row">
+            <div class="col-md-6">
+                <p>WebGoat Authors
+                <ul>
+                    <li>Bruce Mayhew (Project Lead)</li>
+                    <li>Jeff Williams (Original Idea)</li>
+                    <li>Richard Lawson (Architect)</li>
+                    <li>Jason White (Architect)</li>
+                </ul>
+                </p>
+            </div>
+            <div class="col-md-6">
+                <p>WebGoat Design Team
+                <ul>
+                    <li>Richard Lawson</li>
+                    <li>Bruce Mayhew</li>
+                    <li>Jason White</li>
+                    <li>Ali Looney (User Interface)</li>
+                    <li>Jeff Wayman (Website and Docs)</li>
+                </ul>
+                </p>
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-md-6">
+                <p>Active Contributors
+                <ul>
+                    <li>Nanne Baars (Developer)</li>
+                    <li>Dave Cowden (Everything)</li>
+                    <li>Keith Gasser (Survey)</li>
+                    <li>Li Simon (Developer)</li>
+                </ul>
+                </p>
+            </div>
+            <div class="col-md-6">
+                <p>Past Contributors
+                <ul>
+                    <li>David Anderson (Developer/Design)</li>
+                    <li>Christopher Blum (Lessons)</li>
+                    <li>Laurence Casey (Graphics)</li>
+                    <li>Brian Ciomei (Bug fixes)</li>
+                    <li>Rogan Dawes (Lessons)</li>
+                    <li>Erwin Geirnaert (Solutions)</li>
+                    <li>Aung Knant (Documentation)</li>
+                    <li>Ryan Knell (Lessons)</li>
+                    <li>Christine Koppeit (Build)</li>
+                    <li>Sherif Kousa (Lessons/Documentation)</li>
+                    <li>Reto Lippuner (Lessons)</li>
+                    <li>PartNet (Lessons)</li>
+                    <li>Yiannis Pavlosoglou (Lessons)</li>
+                    <li>Eric Sheridan (Lessons)</li>
+                    <li>Alex Smolen (Lessons)</li>
+                    <li>Chuck Willis (Lessons)</li>
+                    <li>Marcel Wirth (Lessons)</li>
+                </ul>
+                </p>
+                <p>Did we miss you? Our sincere apologies, as we know there have
+                been many contributors over the years. If your name does not
+                appear in any of the lists above, please send us a note. We'll
+                get you added with no further sacrifices required.</p>
+            </div>
+        </div>
+    </div>
+    <div class="modal-footer">
+        <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
     </div>
-    <div align="center" class="style2">&nbsp;</div>
-    <div align="center" class="style2">&nbsp;</div>
-    <div align="center" class="style2">&nbsp;</div>
-    <div id="warning">WARNING<br />
-        While running this program, your machine is extremely vulnerable to
-        attack if you are not running on localhost. If you are NOT running on localhost (default configuration), You should disconnect from the network while using this program.
-        <br />
-        <br />
-        This program is for educational purposes only. Use of these techniques
-        without permission could lead to job termination, financial liability,
-        and/or criminal penalties.</div>
-</div>
-<div class="modal-footer">
-    <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
 </div>
-
-

src/main/webapp/WEB-INF/pages/main_new.jsp

@@ -57,7 +57,7 @@
 
 
         <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
-        <title>WebGoat V6.0</title>
+        <title>WebGoat</title>
     </head>
 
     <body class="animated fadeIn" ng-app="goatApp">
@@ -354,10 +354,11 @@
                                             }
 
         </script>
-        <!-- Modal -->
+        <!-- About WebGoat Modal -->
         <div class="modal fade" id="aboutModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
             <div class="modal-dialog modal-lg">
                 <div class="modal-content">
+                    <jsp:include page="../pages/about.jsp"/> 
                 </div>
             </div>
         </div>

src/main/webapp/WEB-INF/spring-security.xml

@@ -21,6 +21,7 @@
     <http use-expressions="true">  
         <intercept-url pattern="/login.mvc" access="permitAll" />
         <intercept-url pattern="/logout.mvc" access="permitAll" />   
+        <intercept-url pattern="/index.jsp" access="permitAll" />          
         <intercept-url pattern="/servlet/AdminServlet/**" access="hasAnyRole('ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" />
         <intercept-url pattern="/JavaSource/**" access="hasRole('ROLE_SERVER_ADMIN')" />          	
         <intercept-url pattern="/**" access="hasAnyRole('ROLE_WEBGOAT_USER','ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" />

src/main/webapp/WEB-INF/web.xml

@@ -323,7 +323,7 @@
     </mime-mapping>
 
     <welcome-file-list>
-        <welcome-file>login.mvc</welcome-file>
+        <welcome-file>index.jsp</welcome-file>
     </welcome-file-list>
 
 </web-app>

src/main/webapp/css/img/logoBG.jpg

@@ -74,16 +74,16 @@ img {
 #header .brand {
   float: left;
   width: 240px;
-  min-height: 80px;
-  padding: 0 0 0 10px;
+  height: 80px;
+  padding: 0;
   position: relative;
-  background: #e84c3d url('img/logo.png') no-repeat 25px 26px;
+  background: url('img/logoBG.jpg') no-repeat 0px 0px;
 }
 #header .logo {
   color: #fff;
   font-size: 1.7em;
   text-transform: uppercase;
-  padding: 23px 0 0 57px;
+  padding: 23px 0 0 75px;
   display: inline-block;
 }
 #header .logo span {
@@ -714,6 +714,17 @@ fieldset[disabled] .btn-warning.active {
   color: #fff;
   border: none;
 }
+
+/* ==========================================================================
+  Modal
+   ========================================================================== */
+.modal-footer .btn + .btn {
+  margin-bottom: 5px;
+}
+.modal .modal-body.modal-scroll {
+  max-height: 350px;
+  overflow-y: auto;
+}
 /* ==========================================================================
    Media Queries
    ========================================================================== */
@@ -774,7 +785,7 @@ fieldset[disabled] .btn-warning.active {
 
 #topLinks {
   float:right;
-  margin-right:5px;s
+  margin-right:5px;
   margin-top:3px;
 }
 

src/main/webapp/css/main.css

@@ -1,3 +1,4 @@
+/*
 body{ 
 	min-width: 800px;
 	font-family: Arial,sans-serif;
@@ -49,7 +50,7 @@ h5{
 	font-size: 100%;
 	color: #334d55;
 }
-
+*/
 ul{
 	list-style-type: square;
 }

src/main/webapp/css/webgoat.css

@@ -0,0 +1,3 @@
+<%@ page session="false" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<c:redirect url="/login.mvc"/>

src/main/webapp/index.jsp

@@ -151,7 +151,7 @@ goat.controller('goatLesson', function($scope, $http, $modal, $log, $templateCac
 
     $scope.showAbout = function() {
         $('#aboutModal').modal({
-            remote: 'about.mvc'
+            //remote: 'about.mvc'
         });
     };