Merge branch 'release/v2023.0'

buck383 · Jan 5, 2023 · 6398d31 · 6398d31
2 parents 7847e69 + 716a7dd
commit 6398d31
Show file tree

Hide file tree

Showing 1,549 changed files with 32,924 additions and 31,906 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,3 @@
+**
+
+!/target
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,15 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+max_line_length = 120
+tab_width = 4
+ij_continuation_indent_size = 8
+ij_formatter_off_tag = @formatter:off
+ij_formatter_on_tag = @formatter:on
+ij_formatter_tags_enabled = false
+ij_java_names_count_to_use_import_on_demand = 999
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -0,0 +1 @@
+custom: https://owasp.org/donate/?reponame=www-project-webgoat&title=OWASP+WebGoat
diff --git a/.github/lock.yml b/.github/lock.yml
@@ -0,0 +1,10 @@
+---
+daysUntilLock: 365
+skipCreatedBefore: false
+exemptLabels: []
+lockLabel: false
+lockComment: >
+  This thread has been automatically locked because it has not had
+  recent activity after it was closed. :lock: Please open a new issue
+  for regressions or related bugs.
+setLockReason: false
diff --git a/.github/stale.yml b/.github/stale.yml
@@ -0,0 +1,10 @@
+---
+daysUntilStale: 90
+daysUntilClose: 14
+onlyLabels:
+  - waiting for input
+  - wontfix
+staleLabel: stale
+markComment: >
+  This issue has been automatically marked as `stale` because it has not had recent activity. :calendar: It will be _closed automatically_ in one week if no further activity occurs.
+closeComment: false
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -3,56 +3,66 @@ on:
   pull_request:
     paths-ignore:
       - '.txt'
-      - '*.MD'
-      - '*.md'
       - 'LICENSE'
       - 'docs/**'
   push:
     branches:
-      - master
+      - main
       - develop
       - release/*
     tags-ignore:
       - '*'
     paths-ignore:
       - '.txt'
-      - '*.MD'
-      - '*.md'
       - 'LICENSE'
       - 'docs/**'
 
 jobs:
-  build:
+  pr-build:
+    if: >
+      github.event_name == 'pull_request' && !github.event.pull_request.draft && (
+        github.event.action == 'opened' ||
+        github.event.action == 'reopened' ||
+        github.event.action == 'synchronize' 
+      )
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
-        java: [15]
     steps:
-      - uses: actions/checkout@v2
-      - name: Set up JDK ${{ matrix.java }}
-        uses: actions/setup-java@v2
+      - uses: actions/checkout@v3
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
         with:
-          distribution: 'zulu'
-          java-version: ${{ matrix.java }}
+          distribution: 'temurin'
+          java-version: 17
           architecture: x64
       - name: Cache Maven packages
-        uses: actions/cache@v2.1.5
+        uses: actions/cache@v3.2.2
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2
+          restore-keys: ${{ runner.os }}-m2-
       - name: Build with Maven
-        run: mvn clean install
+        run: mvn --no-transfer-progress verify
 
-  notify-slack:
-    if: github.event_name == 'push' && (success() || failure())
-    needs:
-      - build
+  build:
+    if: github.repository == 'WebGoat/WebGoat' && github.event_name == 'push'
     runs-on: ubuntu-latest
+    name: "Branch build"
     steps:
-      - name: "Slack workflow notification"
-        uses: Gamesight/slack-workflow-status@master
-        with:
-          repo_token: ${{secrets.GITHUB_TOKEN}}
-          slack_webhook_url: ${{secrets.SLACK_WEBHOOK_URL}}
+        - uses: actions/checkout@v3
+        - name: set up JDK 17
+          uses: actions/setup-java@v3
+          with:
+              distribution: 'temurin'
+              java-version: 17
+              architecture: x64
+        - name: Cache Maven packages
+          uses: actions/cache@v3.2.2
+          with:
+              path: ~/.m2
+              key: ubuntu-latest-m2-${{ hashFiles('**/pom.xml') }}
+              restore-keys: ubuntu-latest-m2-
+        - name: Test with Maven
+          run: mvn --no-transfer-progress verify
diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,26 +5,27 @@ on:
       - v*
 jobs:
   release:
+    if: github.repository == 'WebGoat/WebGoat'
     name: Release WebGoat
     runs-on: ubuntu-latest
     environment:
       name: release
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3
 
       - name: "Get tag name"
         id: tag
         uses: dawidd6/action-get-tag@v1
 
       - name: Set up JDK 15
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           distribution: 'zulu'
           java-version: 15
           architecture: x64
 
       - name: Cache Maven packages
-        uses: actions/cache@v2.1.5
+        uses: actions/cache@v3.2.2
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
@@ -37,16 +38,15 @@ jobs:
           echo "WEBGOAT_MAVEN_VERSION=${WEBGOAT_MAVEN_VERSION:1}" >> $GITHUB_ENV
       - name: Build with Maven
         run: |
-          mvn versions:set -DnewVersion=${{ env.WEBGOAT_MAVEN_VERSION }}
-          mvn clean install -DskipTests
+          mvn --no-transfer-progress versions:set -DnewVersion=${{ env.WEBGOAT_MAVEN_VERSION }}
+          mvn --no-transfer-progress install -DskipTests
 
       - name: "Create release"
         uses: softprops/action-gh-release@v1
         with:
           draft: false
           files: |
-            webgoat-server/target/webgoat-server-${{ env.WEBGOAT_MAVEN_VERSION }}.jar
-            webwolf/target/webwolf-${{ env.WEBGOAT_MAVEN_VERSION }}.jar
+            webgoat/target/webgoat-${{ env.WEBGOAT_MAVEN_VERSION }}.jar
           body: |
             ## Version ${{ steps.tag.outputs.tag }}
 
@@ -74,50 +74,53 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: "Set up QEMU"
-        uses: docker/setup-qemu-action@v1.1.0
+        uses: docker/setup-qemu-action@v2.1.0
         with:
           platforms: all
 
       - name: "Set up Docker Buildx"
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: "Login to dockerhub"
-        uses: docker/login-action@v1.9.0
+        uses: docker/login-action@v2.1.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: "Build and push"
-        uses: docker/build-push-action@v2.7.0
+        uses: docker/build-push-action@v3.2.0
         with:
-          context: ./docker
-          file: docker/Dockerfile
+          context: ./
+          file: ./Dockerfile
           push: true 
-          platforms: linux/amd64, linux/arm64
+          platforms: linux/amd64, linux/arm64, linux/arm/v7
           tags: |
-            webgoat/goatandwolf:${{ env.WEBGOAT_TAG_VERSION }}
-            webgoat/goatandwolf:latest
+            webgoat/webgoat:${{ env.WEBGOAT_TAG_VERSION }}
+            webgoat/webgoat:latest
           build-args: |
             webgoat_version=${{ env.WEBGOAT_MAVEN_VERSION }}
 
       - name: "Image digest"
         run: echo ${{ steps.docker_build.outputs.digest }}
   new_version:
+    permissions:
+      contents: write  # for Git to git push
+    if: github.repository == 'WebGoat/WebGoat'
     name: Update development version
     needs: [ release ]
     runs-on: ubuntu-latest
     environment:
       name: release
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3
         with:
           ref: develop
           token: ${{ secrets.WEBGOAT_DEPLOYER_TOKEN }}
 
-      - name: Set up JDK 15
-        uses: actions/setup-java@v2
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
         with:
-          java-version: 15
+          java-version: 17
           architecture: x64
 
       - name: Set version to next snapshot

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,68 @@
+name: "UI-Test"
+on:
+    pull_request:
+        paths-ignore:
+            - '.txt'
+            - '*.MD'
+            - '*.md'
+            - 'LICENSE'
+            - 'docs/**'
+    push:
+#        tags-ignore:
+#            - '*'
+        paths-ignore:
+            - '.txt'
+            - '*.MD'
+            - '*.md'
+            - 'LICENSE'
+            - 'docs/**'
+
+jobs:
+    build:
+        runs-on: ubuntu-latest
+        # display name of the job
+        name: "Robot framework test"
+        steps:
+            # Uses an default action to checkout the code
+            - uses: actions/checkout@v3
+            # Uses an action to add Python to the VM
+            - name: Setup Pyton
+              uses: actions/setup-python@v4
+              with:
+                  python-version: '3.7'
+                  architecture: x64
+            # Uses an action to add JDK 17 to the VM (and mvn?)
+            - name: set up JDK 17
+              uses: actions/setup-java@v3
+              with:
+                  distribution: 'temurin'
+                  java-version: 17
+                  architecture: x64
+            #Uses an action to set up a cache using a certain key based on the hash of the dependencies
+            - name: Cache Maven packages
+              uses: actions/cache@v3.2.2
+              with:
+                  path: ~/.m2
+                  key: ubuntu-latest-m2-${{ hashFiles('**/pom.xml') }}
+                  restore-keys: ubuntu-latest-m2-
+            - uses: BSFishy/pip-action@v1
+              with:
+                  packages: |
+                      robotframework
+                      robotframework-SeleniumLibrary
+                      webdriver-manager
+            - name: Run with Maven
+              run: mvn --no-transfer-progress spring-boot:run &
+            - name: Wait to start
+              uses: ifaxity/wait-on-action@v1
+              with:
+                  resource: http://127.0.0.1:8080/WebGoat
+            - name: Test with Robotframework
+              run: python3 -m robot --variable HEADLESS:"1" --outputdir robotreport robot/goat.robot
+            # send report to forks only due to limits on permission tokens
+            - name: Send report to commit
+              if: github.repository != 'WebGoat/WebGoat' && github.event_name == 'push'
+              uses: joonvena/robotframework-reporter-action@v2.1
+              with:
+                  gh_access_token: ${{ secrets.GITHUB_TOKEN }}
+                  report_path: 'robotreport'
diff --git a/.github/workflows/welcome.yml b/.github/workflows/welcome.yml
@@ -7,9 +7,10 @@ on:
 
 jobs:
   greeting:
+    if: github.repository == 'WebGoat/WebGoat'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/first-interaction@v1.1.0
+      - uses: actions/first-interaction@v1.1.1
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           issue-message: 'Thanks for submitting your first issue, we will have a look as quickly as possible.'

diff --git a/.gitignore b/.gitignore
@@ -55,3 +55,5 @@ webgoat.script
 TestClass.class
 **/*.flattened-pom.xml
 /.gitconfig
+
+webgoat.gitconfig
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		custom: https://owasp.org/donate/?reponame=www-project-webgoat&title=OWASP+WebGoat