Add support for spring boot

hdiv · Apr 23, 2024 · 2b27bb5 · 2b27bb5
1 parent 1c22956
commit 2b27bb5
Show file tree

Hide file tree

Showing 29 changed files with 538 additions and 490 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,3 @@
+build
+.gradle
+Dockerfile
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,8 @@
+root = true
+
+[*]
+indent_style = tab
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = false
+insert_final_newline = false
diff --git a/.gitignore b/.gitignore
@@ -1,9 +1,13 @@
 .project
 .settings
 .classpath
+.gradle
 target
+build
 build.xml
 /.apt_generated/
 /.apt_generated_tests/
 agent.config
 hdivAgentLog.hlg
+hdiv-ee-agent.jar
+license.hdiv
diff --git a/Dockerfile b/Dockerfile
@@ -1,37 +1,40 @@
-FROM gradle:7.3.1-jdk17 AS builder
+FROM gradle:7.3.1-jdk17 AS log4j
 LABEL maintainer="Hdiv Security"
 
 COPY --chown=gradle:gradle ./log4j-cve-2021-44228 /home/gradle/src
 WORKDIR /home/gradle/src
 RUN gradle :malicious-server:bootJar --no-daemon
 
-FROM openjdk:8u181-jdk-alpine
+FROM gradle:8.7-jdk17 AS app
+LABEL maintainer="Hdiv Security"
+
+COPY --chown=gradle:gradle . /home/gradle/src
+WORKDIR /home/gradle/src
+RUN gradle :bootWar --no-daemon
 
-RUN mkdir /app
-COPY --from=builder /home/gradle/src/malicious-server/build/libs/*.jar /app/malicious-server.jar
+FROM openjdk:8u342-jre-slim
 
-RUN mkdir -p /usr/local/tomcat/
+WORKDIR /app
 
-WORKDIR /usr/local/tomcat
-RUN wget --no-check-certificate http://dlcdn.apache.org/tomcat/tomcat-8/v8.5.73/bin/apache-tomcat-8.5.73.tar.gz
-RUN tar xvfz apache*.tar.gz
-RUN mv apache-tomcat-8.5.73/* /usr/local/tomcat/.
+COPY --from=log4j /home/gradle/src/malicious-server/build/libs/*.jar /app/malicious-server.jar
+COPY --from=app /home/gradle/src/build/libs/*.war /app/insecure-bank.war
 
-ADD start.sh /usr/local/tomcat/
+ADD start.sh /app/start.sh
 
-# Copy the application to tomcat
-ADD target/insecure-bank.war /usr/local/tomcat/webapps
+RUN chmod +x /app/start.sh
 
 # Copy the license file
-ADD license.hdiv /usr/local/tomcat/hdiv/
+ADD license.hdiv /app/hdiv/
 
 # Copy the agent jar
-ADD hdiv-ee-agent.jar /usr/local/tomcat/hdiv/
+ADD hdiv-ee-agent.jar /app/hdiv/
+
+ENV JAVA_OPTS="-javaagent:/app/hdiv/hdiv-ee-agent.jar \
+    -Dhdiv.config.dir=/app/hdiv/ \
+    -Dhdiv.console.url=http://console:8080/hdiv-console-services \
+    -Dhdiv.console.token=04db250da579302ca273a958 \
+    -Dhdiv.server.name=Testing-Docker \
+    -Dhdiv.toolbar.enabled=true"
 
 # Run Tomcat and enjoy!
-CMD export JAVA_OPTS="-javaagent:hdiv/hdiv-ee-agent.jar \
-  -Dhdiv.config.dir=hdiv/ \
-  -Dhdiv.console.url=http://console:8080/hdiv-console-services \
-  -Dhdiv.console.token=04db250da579302ca273a958 \
-  -Dhdiv.server.name=Testing-Docker \
-  -Dhdiv.toolbar.enabled=true" && ./start.sh
+CMD /app/start.sh
diff --git a/README.md b/README.md
@@ -6,12 +6,11 @@
 
         $ git clone https://github.com/hdiv/insecure-bank.git
         
-2. Run the application using an embedded Tomcat:
+2. Run the application:
 
-	    $ mvn clean package
-	    $ mvn cargo:run
-	    
-3. You can then access the bank application here: http://localhost:8080/insecure-bank/
+	    $ ./gradlew bootRun
+
+3. You can then access the bank application here: http://localhost:8080/
 
 ## Running with Docker
 
@@ -23,7 +22,7 @@ Place Hdiv agent and license in the application root folder.
         $ docker run -p 8080:8080 -d --name insecure-bank-app insecure-bank
         $ docker logs insecure-bank-app
 
-Open the application in > http://localhost:8080/insecure-bank        
+Open the application in > http://localhost:8080/
 
 ## Login credentials
 - Username: john

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -0,0 +1,43 @@
+plugins {
+	java
+	war
+	id("org.springframework.boot") version "2.7.18"
+	id("io.spring.dependency-management") version "1.0.15.RELEASE"
+}
+
+group = "org.hdivsamples"
+version = "0.0.1-SNAPSHOT"
+
+sourceSets {
+	main {
+		resources.srcDir("src/main/webapp")
+	}
+}
+
+java {
+	sourceCompatibility = JavaVersion.VERSION_1_8
+}
+
+repositories {
+	mavenCentral()
+}
+
+dependencies {
+	implementation("org.springframework.boot:spring-boot-starter-jdbc")
+	implementation("org.springframework.boot:spring-boot-starter-web")
+	implementation("org.springframework.boot:spring-boot-starter-security")
+	implementation("org.springframework.boot:spring-boot-starter-validation")
+	implementation("org.springframework.ldap:spring-ldap-core")
+	implementation("com.unboundid:unboundid-ldapsdk")
+	implementation("commons-fileupload:commons-fileupload:1.5")
+	implementation("commons-io:commons-io:2.13.0")
+	implementation("com.google.guava:guava:30.0-jre")
+
+	runtimeOnly("javax.servlet:jstl")
+	runtimeOnly("org.apache.tomcat.embed:tomcat-embed-jasper")
+	runtimeOnly("org.hsqldb:hsqldb")
+}
+
+tasks.withType<Test> {
+	useJUnitPlatform()
+}
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,6 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+networkTimeout=10000
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists