How do I get jar file of webgoat - linux

I want to learn cyber security and I started with webgoat(On youtube). It says that you should donwnload a jar file from github.com. But I am not able to get the jar file on https://github.com/WebGoat/WebGoat/releases

Looks like a while ago they stopped producing the jar file. Latest build with one is https://github.com/WebGoat/WebGoat/releases/tag/v8.1.0
If you want to use 8.2.0 look at building the source detailed https://github.com/WebGoat/WebGoat

Related

How do I fix the log4j vulnerability (Windows)?

I work in a lab and use a number of Windows VMs to run analysis software. I manage these VMs and am being asked to fix the log4j vulnerability. However, while I have some experience in research computing, I'm really lost as to exactly what I need to do.
I know I need to update to log4j 2.16.0. For next steps, I received instructions from our IT to "make sure that both of the patched API and Core jars are listed in your application’s classpath, which can be done from the command line or by using a manifest file." Unfortunately I don't know what that means.
What are the exact steps I should take to fix the log4j vulnerability on a Windows machine (Windows Server 2019 Datacentre)?
Java applications typically use JAR files that ar zip files with classes. The Log4J.jar file has to be updated. Java applications load these classes at startup, by loading all jar files and classfiles that are specified in the classpath. From the command line that may look like this
Java -cp log4j.jar;myapp.jar my.app.HelloWorld
Its enough to replace the jar file with a new version and restart the application. How the startup looks like for you and where the jar files are located can wildly vary and is impossible to guess without more information
R Greg Stacey
https://github.com/lunasec-io/lunasec/releases/
Apex One indicates a ramsomware

Looking for solution for exporting data to Excel with Vaadin

We are looking for solution to export the data to excel in Vaadin application.
I have downloaded Vaadin excel exporter from GitHub https://github.com/bonprix/vaadin-excel-exporter which sounds to be a very useful utility but I am getting the error below when I am compiling vaadin-excel-exporter-demo project.
<vaadin.version>8.0.6</vaadin.version>
Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project vaadin-excel-exporter-demo: Compilation failure: Compilation failure:
[ERROR] /C:/Java/Vaadin/VaadinProjetcs/vaadin-excel-exporter-master/vaadin-excel-exporter-master/vaadin-excel-exporter-demo/src/main/java/org/vaadin/addons/excelexporter/demo/DemoUI.java:[12,61] package org.vaadin.addons.excelexporter.configuration.builder does not exist
I've tried mvn clean and also delete the full .m2/repository local repository 
Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:2.3.2:compile (default-compile)
After searching on different forums it looks like maybe this add-on is missing from Maven repo. I have tried version 2.1 and LATEST.
<artifactId>vaadin-excel-exporter</artifactId>
<packaging>jar</packaging>
<!--version>2.1-SNAPSHOT</version-->
<version>LATEST</version>
<name>Excel Exporter</name>
So I have two questions.
Has anybody had the same problem wih this tool and/or maybe can explain what i am doing wrong.
If this tool is not maybe available anymore can anyone please share the tool which I can use to export the grid data to Excel. I am new with Vaadin so providing the code examples will be highly appreciated
Thanks
Alex
If you look at the add-on through Vaadin directory, you'll find the necessary additions to your pom.xml in the Maven section of the sidebar. In this case, like Erik said in the comments, you are likely missing
<repository>
<id>vaadin-addons</id>
<url>https://maven.vaadin.com/vaadin-addons</url>
</repository>
The directory page also includes code samples for using the component after you get the dependencies fixed, as well as other information about the add-on. I haven't tested whether the demo within GitHub works, but the add-on itself should be usable in your project regardless. The newest version published through the directory is 2.0.
If you want to compile the add-on locally rather than use it through the add-on repository, you need to first successfully compile the add-on module, and then use the exact version configured in the pom.xml. Currently the master branch seems to be using <version>2.1-SNAPSHOT</version>.

Packaging a Groovy application

I want to package a Groovy CLI application in a form that's easy to distribute, similar to what Java does with JARs. I haven't been able to find anything that seems to be able to do this. I've found a couple of things like this that are intended for one-off scripts, but nothing that can compile an entire Groovy application made up of a lot of separate Groovy files and resource data.
I don't necessarily need to have the Groovy standalone executable be a part of it (though that would be nice), and this is not a library intended to be used by other JVM languages. All I want is a simply packaged version of my application.
EDIT:
Based on the couple of responses I got, I don't think I was being clear enough on my goal. What I'm looking for is basically a archive format that Groovy can support. The goal here is to make this easier to distribute. Right now, the best way is to ZIP it up, have the user unzip it, and then modify a batch/shell file to start it. I was hoping to find a way to make this more like an executable JAR file, where the user just has to run a single file.
I know that Groovy compiles down to JVM-compatible byte-code, but I'm not trying to get this to run as Java code. I'm doing some dynamic addition of Groovy classes at runtime based on the user's configuration and Java won't be able to handle that. As I said in the original post, having the Groovy executable is included in the archive is kind of a nice-to-have. However, I do actually need Groovy to be executable that runs, not Java.
The Gradle Cookbook shows how to make a "fat jar" from a groovy project: http://wiki.gradle.org/display/GRADLE/Cookbook#Cookbook-Creatingafatjar
This bundles up all the dependencies, including groovy. The resulting jar file can be run on the command line like:
java -jar myapp.jar
I've had a lot of success using a combination of the eclipse Fat Jar plugin and Yet Another Java Service Wrapper.
Essentially this becomes a 'Java' problem not a groovy problem. Fat Jar is painless to use. It might take you a couple of tries to get your single jar right, but once all the dependencies are flattened into a single jar you are now off an running it at the command line with
java -jar application.jar
I then wrap these jars as a service. I often develop standalone groovy based services that perform some task. I set it up as a service on Windows server using Yet Another Java Service and schedule it using various techniques to interact with Windows services.

Creating own groovy library

Do anyone have an idea whats the best way of creating an own library for groovy.
I have several methods which i just dont want copy and paste into all my groovy scripts.
The perfect solution would be to do it by an
import myownmethods
How to create the library myownmethods.jar?
Thanks for any answer and solution
Cheers
The simplest method is to compile your groovy files with groovyc and then package them into a jar file with jar. For example:
groovyc -d classes myclasses.groovy
jar cvf myclasses.jar -C classes .
I'd also consider looking at gradle. To get started, you can use a build.gradle containing just:
apply plugin: 'groovy'
Then put your source files in a subdirectory called src/main/groovy and run gradle jar. It will build your source files into a jar file in build/libs.
You should follow the same process that you would for a Java library, i.e.
Create a project for the code
Configure your favorite build tool (Ant, Maven, etc.) to build a JAR for that project
Put the JAR somewhere where other projects can find it. If you're using a tool like Ivy or Maven that does dependency management you'll likely want to deploy it to a repository. Otherwise, you can probably just put it somewhere in source control †
Projects that depend on this library should either load it from the repository (if using dependency management), or have it copied into their lib directory (if not) †
† I know this sucks, but I can't remember how I used to manage dependencies without using a dependency management tool

Xerces error: org.apache.xerces.impl.dv.dtd.DTDDVFactoryImpl

I'm developing a web application using JSF 2.0, NetBeans 6.9.1, GlassFish Server 3.1, mojarra 2.0.3, and JasperReports 3.7.6. Included in my project library is the jar file "xerces-2.8.0.jar". This file was imported as part of the JasperReports jar file library. Whenever I try to deploy, run, or debug my project through NetBeans, I receive this error:
java.lang.Exception: java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: com.sun.faces.config.ConfigurationException: CONFIGURATION FAILED! DTD factory class org.apache.xerces.impl.dv.dtd.DTDDVFactoryImpl does not extend from DTDDVFactory.
After any change in my project my build fails, and I receive the above error, when I try to deploy, run, or debug it. I have to restart the server and run/debug a second time. I've searched the internet and cannot find a solution to this problem. I've looked at the jar file in question, and and DTDDVFactoryImpl does indeed extend from DTDDVFactory - I don't know why I'm receiving this error. While I can eventually get my project running, it would be much nicer if I wasn't receiving this error.
Can anyone please tell me how I can fix this? Do I need to remove this file from my project library? Do I need to update this file with a newer version/older version?
If you provide your own xerces.jar, you have to do that through the Endorsed Standards Override Mechanism (java -Djava.endorsed.dirs=/path/to/xerces.jar), you are not allowed to just add it on the classpath (and will sooner or later run into trouble if you do). Let me explain.
JAXP is the Java API for XML Processing. The creation of JAXP objects (like parsers, XSLT transfomers, DOM Documents) is done through the factory/factory-method pattern so you can plugin a new JAXP implementation (it has to be newer than the one provided in your JRE). Xerces provides (part of) a JAXP implementation and contains endorsed standards (an endorsed standard is a Java API defined through a standards process other than the Java Community Process, see the Endorsed Standards Override Mechanism). You'll run in all kinds of troubles if you don't use the ESOM.
I got this error when using Selenium with Glassfish. I got around it by copying XML jars (xerces-*, xalan-*, xml-apis*, serialize*) from selenium/libs/ to $AS_HOME/lib/endorsed (for Glassfish 2) or to $AS_HOME/glassfish/lib/endorsed for Glassfish 4.

Resources