webgoat / webgoat Goto Github PK
View Code? Open in Web Editor NEWWebGoat is a deliberately insecure application
Home Page: https://owasp.org/www-project-webgoat/
License: Other
webgoat's Issues
how to up webgoat to netbeans on mac os x.
hello~
i want to use netbeans IDE built webgoat on mac os x . how can i do it?
โ ~ brew install maven
==> Downloading http://www.apache.org/dyn/closer.cgi?path=maven/maven-3/3.2.3/bi
==> Best Mirror http://mirror.bit.edu.cn/apache/maven/maven-3/3.2.3/binaries/apa
curl: (22) The requested URL returned error: 404 Not Found
Error: Failed to download resource "maven"
Download failed: http://mirror.bit.edu.cn/apache/maven/maven-3/3.2.3/binaries/apache-maven-3.2.3-bin.tar.gz
Clicking on 'LAB: Role Based Access Control' produces 'Invalid Session' in UI
The stack trace is ...
2015-08-23 00:33:28,276 DEBUG - HH Entering Session_id: 10593521B908AFB0D490A02640CA96DB
2015-08-23 00:33:28,276 ERROR - Error handling request
java.lang.NumberFormatException: For input string: "null"
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
at java.lang.Integer.parseInt(Integer.java:580)
at java.lang.Integer.parseInt(Integer.java:615)
at org.owasp.webgoat.session.ParameterParser.getIntParameter(ParameterParser.java:377)
at org.owasp.webgoat.session.WebSession.update(WebSession.java:845)
at org.owasp.webgoat.HammerHead.updateSession(HammerHead.java:403)
at org.owasp.webgoat.HammerHead.doPost(HammerHead.java:132)
at org.owasp.webgoat.HammerHead.doGet(HammerHead.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
...
When I change the URL from:
http://localhost:8080/WebGoat/start.mvc#attack/152/200
to
http://localhost:8080/WebGoat/start.mvc#attack/152/200/0
... it appears to work (since support was added for the stage param), but has 'Stage 2' above in the view.
@nbaars or @WebGoat you may be able to decipher a little better than me what's going on.
Review and cleanup Installation Docs
Reflected XSS Attacks error message error
The error message is supposed to say something like:
'Whoops you entered an invalid 3 digit code CODE.' Or something like that.
Instead it displays: * ReflectedXSSWhoops1111testReflectedXSSWhoops2
where 111test is what I entered in the last field of the lesson.
Lesson Interdependency
This is more of a placeholder for something I think I noted last night and I need to play with some more. Some lessons, even though they are in separate *.jar's, have (I believe) legacy inter-dependencies. Don't know if we can/want to introspect a lesson *.jar when unpacking and determine that, but we may want to as I was getting the 'invalid session' last night which came back to a NoClassDefFound error (related to CSRF lessons). I didn't grab the details at the moment, but some info may still be in my terminal scrollback. Will update once I can verify more about this.
Re-enable/update WebGoat Info link
This should be updated and re-enabled with the changes in Backbone. Should be pretty straightforward to re-enable. See image below
Create support in client-side routing for 'stages'
Stages will never get past stage 1 currently. Client-side routing does not support that parameter. Support/route needs to be added.
Move webgoat-container UP one directory
Close button on about dialog does not close the dialog
The window close works but not the close button. Firefox on a Mac.
./webgoat_developer_bootstrap.sh script continues to try to launch WebGoat after compilation errors
If there is an error like the following, it keeps chugging along and tries to run WebGoat anyway. Can you add some kind of error handling to detect Maven errors at each stage and stop if there was an error?
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project FOO: Compilation failure
Whatever the error was
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn -rf :FOO
____________________ Starting WebGoat using the embedded Tomcat ___________________
Open a web browser and navigate to http://localhost:8080/WebGoat/
STDOUT and STDERR logs are captured in ./webgoat_developer_bootstrap.log
To stop the Tomcat execution, press CTRL + C
If you close this terminal window, Tomcat and WebGoat will stop running
############################### HAPPY HACKING!
Order of buttons switch after submit
It seems like the order of the buttons (Lesson source, Hints, etc) change after a submit. See screenshots the lesson opens correctly after a submit the order is different. After entering a url and clicking submit the order changes.
Environment: Windows 10, Firefox browser
Lesson Plan does not toggle on/off
Once the lesson plan, solution, and java source buttons are pressed, it can't be turned off. The content always shows.
Also, there are some "[]" characters in the "Java [Source]" and "Lesson Plan]" buttons
https://github.com/WebGoat/WebGoat/blob/master/README.MD don't work on Windows 7
These instructions download, build, and deploy instructions worked like a champ. I love it when things like this 'just work'.
However, when I actually start running WebGoat, using: Option #1: Using the Maven-Tomcat Plugin
The maven tomcat7:run-war goal runs the project in an embedded tomcat:
cd WebGoat
mvn -pl webgoat-container tomcat7:run-war
I get the following error. I don't understand how this could be a permissions error because I installed and built and ran all this with the same user ID. Am I doing something wrong? Or is there a bug in WebGoat?
Thanks, Dave
[INFO] Initializing main webgoat servlet
[ERROR] Loading plugins failed
org.owasp.webgoat.plugins.PluginLoadingFailure: Property file detected, but unable to copy the properties
at org.owasp.webgoat.plugins.Plugin.copyProperties(Plugin.java:96)
at org.owasp.webgoat.plugins.Plugin.loadFiles(Plugin.java:80)
at org.owasp.webgoat.plugins.PluginsLoader.processPlugins(PluginsLoader.java:86)
at org.owasp.webgoat.plugins.PluginsLoader.loadPlugins(PluginsLoader.java:49)
at org.owasp.webgoat.plugins.PluginsLoader.run(PluginsLoader.java:113)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.nio.file.NoSuchFileException: C:\dwichers\WebGoat\webgoat-container\target\webgoat-container-7.0-SNAPSHOT\plugin_extracted\plugin\i18n\WebGoatLabels_ru.properties
at sun.nio.fs.WindowsException.translateToIOException(WindowsException.java:79)
at sun.nio.fs.WindowsException.rethrowAsIOException(WindowsException.java:97)
at sun.nio.fs.WindowsException.rethrowAsIOException(WindowsException.java:102)
at sun.nio.fs.WindowsFileSystemProvider.newByteChannel(WindowsFileSystemProvider.java:230)
at java.nio.file.Files.newByteChannel(Files.java:317)
at java.nio.file.Files.newByteChannel(Files.java:363)
at java.nio.file.Files.readAllBytes(Files.java:2981)
at org.owasp.webgoat.plugins.Plugin.copyProperties(Plugin.java:90)
... 11 more
Sep 14, 2015 2:58:49 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Sep 14, 2015 3:00:45 PM org.apache.jasper.compiler.TldLocationsCache tldScanJar
INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Which I think is then causing this error:
[ERROR] Loading plugins failed
org.owasp.webgoat.plugins.PluginLoadingFailure: Property file detected, but unable to copy the properties
at org.owasp.webgoat.plugins.Plugin.copyProperties(Plugin.java:96)
at org.owasp.webgoat.plugins.Plugin.loadFiles(Plugin.java:80)
at org.owasp.webgoat.plugins.PluginsLoader.processPlugins(PluginsLoader.java:86)
at org.owasp.webgoat.plugins.PluginsLoader.loadPlugins(PluginsLoader.java:49)
at org.owasp.webgoat.plugins.PluginsLoader.run(PluginsLoader.java:113)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.nio.file.NoSuchFileException: C:\dwichers\WebGoat\webgoat-container\target\webgoat-container-7.0-SNAPSHOT\plugin_extracted\plugin\i18n\WebGoatLabels_fr.properties
at sun.nio.fs.WindowsException.translateToIOException(WindowsException.java:79)
at sun.nio.fs.WindowsException.rethrowAsIOException(WindowsException.java:97)
at sun.nio.fs.WindowsException.rethrowAsIOException(WindowsException.java:102)
at sun.nio.fs.WindowsFileSystemProvider.newByteChannel(WindowsFileSystemProvider.java:230)
at java.nio.file.Files.newByteChannel(Files.java:317)
at java.nio.file.Files.newByteChannel(Files.java:363)
at java.nio.file.Files.readAllBytes(Files.java:2981)
at org.owasp.webgoat.plugins.Plugin.copyProperties(Plugin.java:90)
... 11 more
by the way.
When trying Option #2 I get a different error:
SEVERE: Exception fixing docBase for context [/WebGoat] java.io.FileNotFoundException: C:\dwichers\WebGoat\webgoat-container\target.extract\webapps\WebGoat.war (The system cannot find the file specified)
And indeed, that file is not in that directory.
p.s. The quick start using the .sh script for Mac worked like a champ.
Labs with Stages all throw exceptions
When loading any of the labs with Stages 1 through N I get stack traces like this:
Error Message: javax.servlet.ServletException: File "/plugin_extracted/plugin/CrossSiteScripting/jsp/CrossSiteScripting.jsp" not found
org.apache.jasper.JasperException: javax.servlet.ServletException: File "/plugin_extracted/plugin/CrossSiteScripting/jsp/CrossSiteScripting.jsp" not found
at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:585)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:455)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
Update Plugin Architecture Docs
After login, there is no default lesson
You kind of get a blank screen with just the menus on the side. Seems like you should default to go to the Http Basics lesson, which is what previous WebGoat used to do.
Http Basics lessons fails to load
Due to:
[INFO] PARM MAP: {stage=[Ljava.lang.String;@7683034d, Screen=[Ljava.lang.String;@5e50edd8, menu=[Ljava.lang.String;@14883b86}
java.util.MissingResourceException: Can't find resource for bundle java.util.PropertyResourceBundle, key EnterYourName
[INFO] Role: user at java.util.ResourceBundle.getObject(ResourceBundle.java:450)
Did a check for the key and it is indeed missing from the WebGoat.properties. This key was available in my local workspace but after a rm plugins_extracted it also started failing.
Discover Clues in HTML lesson doesn't work
It displays this: WeakAuthenticationCookiePleaseSignIn - which isn't right. Probably should just say: Please Sign In.
And when you try to sign in, it doesn't anything like invalid login, or whatever when the credentials don't work.
Implement Loading Spinner on Menu
It can take a moment to run/load (at least locally). On initial menu load, implement spinner while menu loads.
Improve uniqueness of menu item Id's
Would be better to operate ID-less and that may happen in a refactor of the MenuView later, but for now, need to improve uniqueness of menu item id's (e.g. we have two 'Stage 1: Stored XSS' lessons and the ID is made deterministically from the name (only) currently.
User Info/Logout Links
See the Webgoat 6.0.1 release for how it should behave, how it was set up. The 'user' icon should show the 'current user' (usually just 'guest' still) and the log out link. Image included below.
Reload/Update Menu
There is no clean indication of lesson completion, but content reloads. That even can be used to reload/update the menu for completed lessons. The menu load can be hooked there. It will need to support keeping the current category/lesson/stage open. Despite the menuView needing a good refactoring (longer term). There is some initial work started on this.
Ajax Security: LAB: Client Side Filtering
Some wonky rendering is occurring when loading this lesson. The web goat financials portion of the screen does not get rendered until the "select user" is clicked. Tested on Safari and Firefox
Initial render:
After clicking on the select user:
Need instructions on how to add a new WebGoat Lesson Category
Its not hard, but figuring this out yourself with no instructions is a pain.
Showing them how to update the Category class and then update the configuration file(s) to add the new lesson(s) so they show up in the left hand menu would be very helpful.
DOM Injection Lesson - Java Source does not work
Clicking on the JavaSource Button Generates a
SyntaxError: missing ; before statement " + lineSep + "function validate() {" + lineSep
in the javascript console.
i8n highlighting
As part of the property loading in the label manager, it would be nice to set a flag that allowed a user to see which rendered text on a screen was served via i8n properties. This can be a hidden parameter much like debug=true is.
Add project cloning and setup instructions
re-enable challenge handling in LessonInfoModel
Challenge needs hints turned off. This special case needs to be moved from LessonMenuService to the LessonInfoModel/Service.
See comments in #94
Null Pointer Exception on every page
Rebuilt from GIT on CentOS 7; most recent commit at time of clone was b2316c6
Error Message: null java.lang.NullPointerException at org.owasp.webgoat.util.LabelManagerImpl.get(LabelManagerImpl.java:66) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:132) at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:120) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at com.sun.proxy.$Proxy9.get(Unknown Source) at org.owasp.webgoat.lessons.LessonAdapter.makeSuccess(LessonAdapter.java:225) at org.owasp.webgoat.plugin.HowToWork.createContent(HowToWork.java:53) at org.owasp.webgoat.lessons.AbstractLesson.handleRequest(AbstractLesson.java:737) at org.owasp.webgoat.HammerHead.makeScreen(HammerHead.java:304) at org.owasp.webgoat.HammerHead.doPost(HammerHead.java:152) at org.owasp.webgoat.HammerHead.doGet(HammerHead.java:107) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)
WebGoat lessons do not load
Following the README instructions from a clean system. The following error occurs and the lessons do not load. WebGoat will start and the login screen appears, after login there is no content.
INFO: WebGoat is starting
Aug 21, 2015 8:45:28 AM org.apache.catalina.session.StandardManager doLoad
SEVERE: IOException while loading persisted sessions: java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: org.owasp.webgoat.util.LabelManagerImpl
java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: org.owasp.webgoat.util.LabelManagerImpl
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1355)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1993)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1918)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1801)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1993)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1918)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1801)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:371)
at org.apache.catalina.session.StandardSession.readObject(StandardSession.java:1595)
at org.apache.catalina.session.StandardSession.readObjectData(StandardSession.java:1060)
at org.apache.catalina.session.StandardManager.doLoad(StandardManager.java:284)
at org.apache.catalina.session.StandardManager.load(StandardManager.java:204)
at org.apache.catalina.session.StandardManager.startInternal(StandardManager.java:491)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5300)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.NotSerializableException: org.owasp.webgoat.util.LabelManagerImpl
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348)
at org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1671)
at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:1077)
at org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:432)
at org.apache.catalina.session.StandardManager.unload(StandardManager.java:353)
at org.apache.catalina.session.StandardManager.stopInternal(StandardManager.java:518)
at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:232)
at org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:5479)
at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:232)
at org.apache.catalina.core.ContainerBase$StopChild.call(ContainerBase.java:1575)
at org.apache.catalina.core.ContainerBase$StopChild.call(ContainerBase.java:1564)
... 4 more
Aug 21, 2015 8:45:28 AM org.apache.catalina.session.StandardManager startInternal
SEVERE: Exception loading sessions from persistent storage
java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: org.owasp.webgoat.util.LabelManagerImpl
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1355)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1993)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1918)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1801)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1993)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1918)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1801)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:371)
at org.apache.catalina.session.StandardSession.readObject(StandardSession.java:1595)
at org.apache.catalina.session.StandardSession.readObjectData(StandardSession.java:1060)
at org.apache.catalina.session.StandardManager.doLoad(StandardManager.java:284)
at org.apache.catalina.session.StandardManager.load(StandardManager.java:204)
at org.apache.catalina.session.StandardManager.startInternal(StandardManager.java:491)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5300)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.NotSerializableException: org.owasp.webgoat.util.LabelManagerImpl
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348)
at org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1671)
at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:1077)
at org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:432)
at org.apache.catalina.session.StandardManager.unload(StandardManager.java:353)
at org.apache.catalina.session.StandardManager.stopInternal(StandardManager.java:518)
at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:232)
at org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:5479)
at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:232)
at org.apache.catalina.core.ContainerBase$StopChild.call(ContainerBase.java:1575)
at org.apache.catalina.core.ContainerBase$StopChild.call(ContainerBase.java:1564)
... 4 more
Aug 21, 2015 8:45:28 AM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'mvc-dispatcher'
[INFO] FrameworkServlet 'mvc-dispatcher': initialization started
Eclipse import error for webgoat-container
When I import the webgoat-container project into Eclipse, I get this error:
No marketplace entries found to handle Execution create-jar, in /webgoat-container/pom.xml in Eclipse. Please see Help for more information.
Firefox and Edge miss one lesson in Menu
Just noticed when I was fixing an issue so I made a side by side comparison. All point to localhost and I used FireFox(left) Edge (middle) and Chrome(right) and Chrome has one more lesson displayed in the menu.
Edge and Firefox each miss a different lesson.
Lesson Loading Scrolls down page in Firefox
Tested FF and Chrome, but only noticed this in FF.
Anyone else noticing this?
Spelling errors in: webgoat_developer_bootstrap.sh
in: webgoat_developer_bootstrap.sh
You might want to fix the 3 spelling / grammar errors in this:
Starting WebGoat using the embbebed Tomcat ___________________
Open a web broser an navigate to http://localhost:8080/WebGoat/
Embedded, browser, and 'and navigate to...'
Intermittent Startup Error
Sometimes WebGoat launches fine (this is on a Mac). But sometimes it only shows the Admin menus and in the webgoat log it has a stack trace with this info in it.
I've seen a similar error on Windows but the failure is far more consistent there (I reported this issue earlier). Maybe there is a threading problem or something? This in intermittent on Mac, where most often WebGoat starts fine, but sometimes this occurs and it doesn't start properly.
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.nio.file.NoSuchFileException: /Users/dwichers/git/Webgoat-Workspace/WebGoat/webgoat-container/target/webgoat-container-7.0-SNAPSHOT/plugin_extracted/plugin/i18n/WebGoatLabels_fr.properties
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:55)
at sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:144)
at java.nio.file.Files.readAttributes(Files.java:1684)
at java.nio.file.Files.size(Files.java:2273)
at java.nio.file.Files.readAllBytes(Files.java:2957)
at org.owasp.webgoat.plugins.Plugin.copyProperties(Plugin.java:90)
... 79 more
Lab - DOM-based cross-site scripting: Java Source produces XSS alert
No other hints on this so far, just noticed it happening when trying to reproduce the DOM Injection issue.
CSRF token by-pass lesson shows stacktrace
Navigate to this lesson and the following stacktrace will appear. Also note that when this error occurs you automatically solved the lesson.
[INFO] PARM MAP: {Screen=[Ljava.lang.String;@2a652319, menu=[Ljava.lang.String;@41f7af11, stage=[Ljava.lang.String;@f2f8ebf}
java.io.FileNotFoundException: \src\main\webapp\WEB-INF\classes\New Lesson Instructions.txt (The system cannot find the path specified)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
[INFO] Role: user at java.io.FileReader.<init>(FileReader.java:58)
at org.owasp.webgoat.lessons.LessonAdapter.createContent(LessonAdapter.java:82)
[INFO] Role: user at org.owasp.webgoat.lessons.AbstractLesson.handleRequest(AbstractLesson.java:737)
[INFO] Role: user at org.owasp.webgoat.HammerHead.makeScreen(HammerHead.java:304)
at org.owasp.webgoat.HammerHead.doPost(HammerHead.java:152)
[INFO] Role: user
at org.owasp.webgoat.HammerHead.doGet(HammerHead.java:107)[INFO] Role: user
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
[INFO] Role: user
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
[INFO] Role: user
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
[INFO] Role: user
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
[INFO] Role: user
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
[INFO] Role: user at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
[INFO] Role: user at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
[INFO] Role: user at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)[INFO] Role: user
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)[INFO] Role: user
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
[INFO] Role: user
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
[INFO] Role: user
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
[INFO] Role: user at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
[INFO] Role: user at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
[INFO] Role: user at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)[INFO] Checking if challenge authorized for: ShowHints
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
[INFO] authorized: false at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
[INFO] Checking if challenge authorized for: ShowHints at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
[INFO] authorized: false
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Sep 04, 2015 8:30:05 AM org.apache.catalina.core.ApplicationContext log
INFO: WebGoat: Fri Sep 04 08:30:05 CEST 2015 | 127.0.0.1:127.0.0.1 | org.owasp.webgoat.plugin.CsrfTokenByPass | [Screen=127,menu=900,stage=null]Consume LessonInfo Service to display title
When routed to a lesson e.g. #/attack/2/3 The title is not easily pulled from scope. The LessonInfo Service (Issue #23 ) will provide that. A call should be added to consume/use that.
Insecure login lesson has inline CSS background image is not applied
We need to extract the css in a separate file just like the other lessons.
Lesson works.
Ajax error handling in case application is down or session is expired
If the request is aborted, or there is an error in the response, that is not handled currently. This should be handled/presented to the user accordingly.
Review and cleanup releases and builds
Hide menu functionality
Another item to re-enable from WebGoat 6.0.1. The button to the right of the logo should toggle the menu/navigation. See below.
Properties are appended when loading plugins
Need to investigate a bit more but it seems like the properties in the folder webgoat-container\src\main\webapp\plugin_extracted\i18n are added over and over whenever plugins are loaded
LessonInfo Service
Expose a service/endpoint to provide basic Lesson information. Longer-term this will enable lazy loading of helps. Shorter-term, we need this to aid in getting the lesson title via the client-side routing (and generally).
{
lessonTitle:_TITLE_,
numberHints:_#_,
hasSource: T||F,
hasSolution: T||F,
hasPlan: T||F
}```https://www.owasp.org/index.php/How_to_write_a_new_WebGoat_lesson obsolete
I recommend you search around the OWASP Wiki and look for articles like this and either delete them, update them, or point them to where the latest information of this type exists.
Can't tell when WebGoat has actually started when using: webgoat_developer_bootstrap.sh
Towards the end of the launch it eventually displays the following message. But its still 'starting'. Can you add a line that indicates: WebGoat 'started' when its actually up and running?
____________________ Starting WebGoat using the embedded Tomcat ___________________
Open a web browser and navigate to http://localhost:8080/WebGoat/
STDOUT and STDERR logs are captured in ./webgoat_developer_bootstrap.log
To stop the Tomcat execution, press CTRL + C
If you close this terminal window, Tomcat and WebGoat will stop running
############################### HAPPY HACKING!
Lessons Intermittently showing up in WebGoat
I've written 2 new custom lessons (really just test cases, not lessons), and put them in a brand new category.
And sometimes when I start WebGoat, 1 shows up, and other times both show up. And then I added a 3rd lesson, and I have the config file set up like this:
category.MYNEW.ranking=7
lesson.MYNEW_Lesson1.ranking=10
lesson.MYNEW_Lesson2.ranking=15
lesson.MYNEW_File_Lesson.ranking=20
and this time 2 out of the 3 showed up. (The 1st and 3rd one).
And when I restarted and tried again, I only got 1. (The 2nd one) :-)
Remove OWASP/WebGoat Repository when 7.0 releases
Remove https://github.com/OWASP/WebGoat contents and replace it with a link to WebGoat/WebGoat/README or homepage
AbstractLesson needs good error handling to help newbees writing new lessons
AbstractLesson needs some error handling...
This method in this class is making a bunch of assumptions, like the properties file exists, and certain properties are in it.
Can you add some error handling so if the property doesn't exist, it doesn't simply throw a null pointer without explaining the problem? Like can't find property X in file Y (or something)? (See where I marked it throwing a null pointer exception because I didn't have my configuration right).
Also - can you explain somewhere what properties I have to create, what names, where to put them, and what goes in them so someone can make a new lesson work?
public void update(WebgoatProperties properties) {
String className = getClass().getName();
className = className.substring(className.lastIndexOf(".") + 1);
setRanking(new Integer(properties.getIntProperty("lesson." + className + ".ranking", getDefaultRanking()
.intValue())));
String categoryRankingKey = "category." + getDefaultCategory().getName() + ".ranking";
// System.out.println("Category ranking key: " + categoryRankingKey);
Category tempCategory = Category.getCategory(getDefaultCategory().getName());
tempCategory.setRanking(new Integer(properties.getIntProperty(categoryRankingKey, getDefaultCategory()
.getRanking().intValue()))); <--- null pointer here when this 'int' property doesn't exist.
category = tempCategory;
setHidden(properties.getBooleanProperty("lesson." + className + ".hidden", getDefaultHidden()));
// System.out.println(className + " in " + tempCategory.getName() + "
// (Category Ranking: " + tempCategory.getRanking() + " Lesson ranking:
// " + getRanking() + ", hidden:" + hidden +")");
}
Button to force plugin reloading
As a developer, I would like a button to force the reloading of all plugins.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.