Monday, 19 August 2013

Creating a clone of WebGoat on GitHub

I needed a couple vulnerable source code examples (to use on the new TeamMentor Eclipse plug-in) so an obvious option was to use WebGoat (whose code is currently hosted at Google Code page)

But since there wasn’t a source code download option (in the current download page)

image


… and this project is not using Git (sorry, but I can’t use SVN anymore :) … it’s too painful)

image 

… I quickly created a clone of it using the $ git svn clone -s http://webgoat.googlecode.com/svn webgoat

... which downloaded the entire source code and available history:

image

When completed (it took a little bit since there was quite a bit of history)

image

I had this File Structure:

image

and

image

This Git repo Size:

image

This Git History:

image

which goes back all the way to 2006!

image

These Braches:

image

Note that after the svn clone the current git master branch is the original svn truck.

But as we can see by the above list, there is already an webgoat-6.0 branch going on (in fact most of the recent code updates are done there), so here is how we can create+checkout a git tracking branch for it:

image

... which will make the file system look like this now:

image

... and the Git History like this:

image

Next step is to push this version to the newly created https://github.com/OWASP/WebGoat repo (in OWASP GitHub organisation):

image

On the local repo add a remote:

image

… and push –all

image

Once the upload completes:

image 

… the code will be at GitHub:

image

including the webgoat-6.0 branch:

image

Finally I updated the OWASP WebGoat page to make references to this new GitHub repo:

image

And that’s it!

Now you can go to https://github.com/OWASP/WebGoat and clone (or download the zip) of OWASP's WebGoat :)
Post a Comment