Add new Radu lesson and update Docker configuration for deployment

.github/workflows/deploy-to-gcp.yml

@@ -0,0 +1,28 @@
+name: Deploy to GCP
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+
+    - name: Authenticate to GCP
+      uses: google-github-actions/auth@v1
+      with:
+        credentials_json: ${{ secrets.GCP_KEY }}
+
+    - name: Set up Cloud SDK
+      uses: google-github-actions/setup-gcloud@v1
+      with:
+        project_id: your-gcp-project-id
+
+    - name: Deploy to App Engine
+      run: |
+        gcloud app deploy --quiet

.github/workflows/java-ci.yml

@@ -0,0 +1,37 @@
+name: Java CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+
+    - name: Set up JDK
+      uses: actions/setup-java@v3
+      with:
+        java-version: '11' # Adjust the Java version as needed
+        distribution: 'temurin'
+
+    - name: Cache Gradle dependencies
+      uses: actions/cache@v3
+      with:
+        path: ~/.gradle/caches
+        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+        restore-keys: |
+          ${{ runner.os }}-gradle-
+
+    - name: Build with Gradle
+      run: ./gradlew build
+
+    - name: Run tests
+      run: ./gradlew test

.gradle/buildOutputCleanup/cache.properties

@@ -0,0 +1,2 @@
+#Thu Apr 10 16:20:23 IST 2025
+gradle.version=8.8

.vscode/settings.json

@@ -0,0 +1,4 @@
+{
+    "java.compile.nullAnalysis.mode": "automatic",
+    "java.configuration.updateBuildConfiguration": "automatic"
+}

Dockerfile

@@ -0,0 +1,14 @@
+# Use an official OpenJDK runtime as a parent image
+FROM openjdk:11-jre-slim
+
+# Set the working directory in the container
+WORKDIR /app
+
+# Copy the application WAR file into the container
+COPY target/WebGoat.war /app/WebGoat.war
+
+# Expose the port your application runs on
+EXPOSE 8080
+
+# Run the application
+CMD ["java", "-jar", "/app/WebGoat.war"]

README.MD

@@ -1,88 +1,88 @@
-# Sonatype DepShield
-[![DepShield Badge](https://depshield.sonatype.org/badges/WebGoat/WebGoat-Legacy/depshield.svg)](https://depshield.github.io)
-
-# Important Information
-
-Thank you for downloading WebGoat!  This is the WebGoat Legacy version which is essentially the WebGoat 5 with a new UI. 
-
-This program is a demonstration of common server-side application flaws. The
-exercises are intended to be used by people to learn about application
-penetration testing techniques.
-
-* [Home Page](http://webgoat.github.io)
-* [OWASP Project Home Page](http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)
-* [Source Code](https://github.com/WebGoat/WebGoat-Legacy)
-* [Easy-Run Download](https://webgoat.atlassian.net/builds/browse/WEB-WGM/latestSuccessful/artifact/JOB1/WebGoat-Embedded-Tomcat/WebGoat-6.0-SNAPSHOT-war-exec.jar  )      
-* [Wiki](https://github.com/WebGoat/WebGoat-Legacy/wiki)
-* [FAQ (old info):](http://code.google.com/p/webgoat/wiki/FAQ)
-* [Contact Info - Direct to Bruce Mayhew]([email protected])
-* [Mailing List - WebGoat Community - For most questions]([email protected]) 
-
-**WARNING 1:** *While running this program your machine will be extremely
-vulnerable to attack. You should to disconnect from the Internet while using
-this program.*
-
-**WARNING 2:** *This program is for educational purposes only. If you attempt
-these techniques without authorization, you are very likely to get caught. If
-you are caught engaging in unauthorized hacking, most companies will fire you.
-Claiming that you were doing security research will not work as that is the
-first thing that all hackers claim.*
-
-You can find more information about WebGoat at:
-(https://github.com/WebGoat/)
+# WebGoat Legacy
 
+[![DepShield Badge](https://depshield.sonatype.org/badges/WebGoat/WebGoat-Legacy/depshield.svg)](https://depshield.github.io)
 
-# Easy Run Instructions ( For non-developers )
+## Overview
 
-Follow these instructions if you simply wish to run WebGoat
+WebGoat Legacy is a demonstration of common server-side application flaws. It is designed to teach application penetration testing techniques through hands-on exercises. This version is based on WebGoat 5 with a new user interface.
 
-**Prerequisites:** 
+**WARNING:** This program is for educational purposes only. Running it will make your machine vulnerable to attacks. Disconnect from the Internet while using it.
 
-Java VM >= 1.6 installed ( JDK 1.7 recommended)
+## Features
 
-1. Download the executable jar file to any location of your choice:
+- Hands-on exercises to learn about application security vulnerabilities.
+- Demonstrates common server-side application flaws.
+- Includes a modernized user interface.
+- Supports easy and standard run modes for both non-developers and developers.
 
-    (https://webgoat.atlassian.net/builds/browse/WEB-WGM/latestSuccessful/artifact/shared/WebGoat-Embedded-Tomcat/WebGoat-6.0.1-war-exec.jar)
+## Prerequisites
 
-2. Run it using java:
+- **Java VM**: Version >= 1.6 (JDK 1.7 recommended).
+- **Maven**: Version > 2.0.9 (for developers).
+- **IDE**: NetBeans, IntelliJ, or Eclipse with Maven support (for developers).
+- **Git**: Required for source code management.
 
-    > java -jar WebGoat-6.0-exec-war.jar
+## Easy Run Instructions (For Non-Developers)
 
-3. Then navigate in your browser to: (http://localhost:8080/WebGoat)
+1. Download the executable jar file:
+   [WebGoat-6.0.1-war-exec.jar](https://webgoat.atlassian.net/builds/browse/WEB-WGM/latestSuccessful/artifact/shared/WebGoat-Embedded-Tomcat/WebGoat-6.0.1-war-exec.jar)
+2. Run it using Java:
+   ```
+   java -jar WebGoat-6.0-exec-war.jar
+   ```
+3. Open your browser and navigate to:
+   [http://localhost:8080/WebGoat](http://localhost:8080/WebGoat)
+4. To change the port or other options, use:
+   ```
+   java -jar WebGoat-6.0-exec-war.jar --help
+   ```
 
-4. If you would like to change the port or other options, use:
+## Standard Run Instructions (For Developers)
 
-    > java -jar WebGoat-6.0-exec-war.jar --help
+1. Clone the repository:
+   ```
+   git clone https://github.com/WebGoat/WebGoat-Legacy.git
+   ```
+2. Build the project using Maven:
+   ```
+   cd webgoat
+   mvn clean package
+   ```
+3. Run the project in an embedded Tomcat server:
+   ```
+   mvn tomcat:run-war
+   ```
+4. Alternatively, run the executable jar file:
+   ```
+   cd target
+   java -jar WebGoat-6.0-exec-war.jar
+   ```
 
+## Contributing
 
-# Standard Run Instructions (For Developers)
+Contributions are welcome! Please follow these steps:
 
-Follow These instructions if you wish to run Webgoat and modify the source code
-as well.
+1. Fork the repository.
+2. Create a new branch for your feature or bug fix.
+3. Commit your changes and push them to your fork.
+4. Submit a pull request with a detailed description of your changes.
 
-**Prerequisites:**
+## License
 
-* Java >= 1.6 ( JDK 1.7 recommended )
-* Maven > 2.0.9
-* Your favorite IDE, with Maven awareness: Netbeans/IntelliJ/Eclipse with m2e
-  installed. If you are setting up an IDE, Netbeans 8.0 contains the Maven and
-  Git support you need: (https://netbeans.org/downloads/)
-* Git, or Git support in your IDE
-
-**Note:** WebGoat source code can be downloaded at: (https://github.com/WebGoat/WebGoat-Legacy). 
-
+This project is licensed under the [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0).
 
-1. Building the project (Developers) using a command shell/window:
+## Support
 
-    > cd webgoat
-    > mvn clean package
+For questions or support, please use the following resources:
 
-2. After opening the project in Netbeans or Eclipse, you can easily run the
-project using maven:
+- [WebGoat Wiki](https://github.com/WebGoat/WebGoat-Legacy/wiki)
+- [Mailing List](mailto:[email protected])
+- [Contact Bruce Mayhew](mailto:[email protected])
 
-    > mvn tomcat:run-war
+## Additional Resources
 
-3. Maven will run the project in an embedded tomcat. The package phase also builds an executable jar file. You can run it using:
+- [Home Page](http://webgoat.github.io)
+- [OWASP Project Home Page](http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)
+- [FAQ](http://code.google.com/p/webgoat/wiki/FAQ)
 
-    > cd target
-    > java -jar WebGoat-6.0-exec-war.jar http://localhost:8080/WebGoat
+Thank you for using WebGoat Legacy!

build.gradle

@@ -0,0 +1,69 @@
+plugins {
+    id 'java'
+    id 'war'
+    id 'org.gretty' version '4.0.3'
+}
+
+group = 'WebGoat'
+version = '6.0.1'
+
+sourceCompatibility = '17'
+targetCompatibility = '17'
+
+repositories {
+    mavenCentral()
+}
+
+dependencies {
+    implementation 'com.h2database:h2:2.1.214'
+    implementation 'com.sun.activation:jakarta.activation:1.2.2'
+    implementation 'org.apache.axis:axis:1.4'
+    implementation 'org.apache.commons:commons-lang3:3.12.0'
+    implementation 'commons-collections:commons-collections:3.2.2'
+    implementation 'org.slf4j:jcl-over-slf4j:2.0.9'
+    implementation 'com.sun.mail:jakarta.mail:1.6.7'
+    implementation 'javax.mail:mailapi:1.4.2'
+    implementation 'hsqldb:hsqldb:1.8.0.7'
+    implementation 'wsdl4j:wsdl4j:1.5.1'
+    implementation 'java2html:j2h:1.3.1'
+    implementation 'ecs:ecs:1.4.2'
+    implementation 'jakarta.transaction:jakarta.transaction-api:2.0.1'
+    implementation 'net.sourceforge.jtds:jtds:1.2.2'
+    providedCompile 'org.apache.tomcat:tomcat-catalina:9.0.78'
+    providedCompile 'javax:javaee-api:6.0'
+    implementation 'org.springframework:spring-core:5.3.22'
+    implementation 'org.springframework:spring-webmvc:5.3.22'
+    implementation 'org.springframework.security:spring-security-core:5.7.8'
+    implementation 'org.springframework.security:spring-security-config:5.7.8'
+    implementation 'org.springframework.security:spring-security-web:5.7.8'
+    implementation 'commons-fileupload:commons-fileupload:1.4'
+    implementation 'commons-io:commons-io:2.11.0'
+    implementation 'javax.servlet:jstl:1.2'
+    implementation 'taglibs:standard:1.1.2'
+    implementation 'log4j:log4j:1.2.17'
+    testImplementation 'junit:junit:4.13.2'
+    implementation 'org.apache.tiles:tiles-core:3.0.8'
+    implementation 'org.slf4j:slf4j-api:2.0.9'
+    implementation 'org.slf4j:slf4j-log4j12:2.0.9'
+    implementation 'org.springframework.security:spring-security-oauth2-client:5.7.8'
+    implementation 'org.springframework.security:spring-security-oauth2-jose:5.7.8'
+}
+
+tasks.withType(JavaCompile) {
+    options.encoding = 'UTF-8'
+}
+
+war {
+    manifest {
+        attributes(
+            'Specification-Title': project.name,
+            'Specification-Version': project.version,
+            'Implementation-Version': 'local'
+        )
+    }
+}
+
+gretty {
+    contextPath = '/WebGoat'
+    servletContainer = 'tomcat9'
+}

docker-compose.yml

@@ -0,0 +1,29 @@
+version: '3.8'
+
+services:
+  webgoat:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - "8080:8080" # Map port 8080 of the container to port 8080 on the host
+    volumes:
+      - ./src/main/resources:/usr/local/tomcat/resources # Example volume mapping
+    environment:
+      - JAVA_OPTS=-Xms512m -Xmx1024m # Example Java options
+
+  database:
+    image: mysql:8.0
+    container_name: webgoat-db
+    environment:
+      MYSQL_ROOT_PASSWORD: rootpassword
+      MYSQL_DATABASE: webgoat
+      MYSQL_USER: webgoat
+      MYSQL_PASSWORD: webgoatpassword
+    ports:
+      - "3306:3306"
+    volumes:
+      - db_data:/var/lib/mysql
+
+volumes:
+  db_data: