From 96a706520f8e18aee09920ad2441c7a1b6e9df47 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Sun, 3 Dec 2023 19:43:33 +0100
Subject: [PATCH] chore: fix startup message

Since we use two application context, the event listener would print out the last one with the WebWolf context. As WebWolf is part of WebGoat we should not refer to it anymore during startup as users should always go to WebGoat first.
---
 .../container/DatabaseConfiguration.java      |  2 -
 .../owasp/webgoat/server/StartWebGoat.java    | 32 +++++++----
 .../owasp/webgoat/server/StartupMessage.java  | 55 -------------------
 .../resources/application-webgoat.properties  |  3 +-
 4 files changed, 24 insertions(+), 68 deletions(-)
 delete mode 100644 src/main/java/org/owasp/webgoat/server/StartupMessage.java

diff --git a/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java b/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java
index 65d0b144e7..95e750a36c 100644
--- a/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java
+++ b/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java
@@ -6,7 +6,6 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.flywaydb.core.Flyway;
-import org.owasp.webgoat.container.lessons.LessonScanner;
 import org.owasp.webgoat.container.service.RestartLessonService;
 import org.springframework.boot.autoconfigure.jdbc.DataSourceProperties;
 import org.springframework.context.annotation.Bean;
@@ -20,7 +19,6 @@
 public class DatabaseConfiguration {
 
   private final DataSourceProperties properties;
-  private final LessonScanner lessonScanner;
 
   @Bean
   @Primary
diff --git a/src/main/java/org/owasp/webgoat/server/StartWebGoat.java b/src/main/java/org/owasp/webgoat/server/StartWebGoat.java
index 54c9b8929d..2e87ef20ec 100644
--- a/src/main/java/org/owasp/webgoat/server/StartWebGoat.java
+++ b/src/main/java/org/owasp/webgoat/server/StartWebGoat.java
@@ -25,24 +25,36 @@
 
 package org.owasp.webgoat.server;
 
+import lombok.extern.slf4j.Slf4j;
 import org.owasp.webgoat.container.WebGoat;
 import org.owasp.webgoat.webwolf.WebWolf;
 import org.springframework.boot.Banner;
 import org.springframework.boot.WebApplicationType;
 import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.context.ApplicationContext;
 
+@Slf4j
 public class StartWebGoat {
 
   public static void main(String[] args) {
-    new SpringApplicationBuilder()
-        .parent(ParentConfig.class)
-        .web(WebApplicationType.NONE)
-        .bannerMode(Banner.Mode.OFF)
-        .child(WebGoat.class)
-        .web(WebApplicationType.SERVLET)
-        .sibling(WebWolf.class)
-        .bannerMode(Banner.Mode.OFF)
-        .web(WebApplicationType.SERVLET)
-        .run(args);
+    var parentBuilder =
+        new SpringApplicationBuilder()
+            .parent(ParentConfig.class)
+            .web(WebApplicationType.NONE)
+            .bannerMode(Banner.Mode.OFF);
+    parentBuilder.child(WebWolf.class).web(WebApplicationType.SERVLET).run(args);
+    ApplicationContext webGoatContext =
+        parentBuilder.child(WebGoat.class).web(WebApplicationType.SERVLET).run(args);
+
+    printStartUpMessage(webGoatContext);
+  }
+
+  private static void printStartUpMessage(ApplicationContext webGoatContext) {
+    var url = webGoatContext.getEnvironment().getProperty("webgoat.url");
+    var sslEnabled =
+        webGoatContext.getEnvironment().getProperty("server.ssl.enabled", Boolean.class);
+    log.warn(
+        "Please browse to " + "{} to start using WebGoat...",
+        sslEnabled ? url.replace("http", "https") : url);
   }
 }
diff --git a/src/main/java/org/owasp/webgoat/server/StartupMessage.java b/src/main/java/org/owasp/webgoat/server/StartupMessage.java
deleted file mode 100644
index 7273ed77b9..0000000000
--- a/src/main/java/org/owasp/webgoat/server/StartupMessage.java
+++ /dev/null
@@ -1,55 +0,0 @@
-package org.owasp.webgoat.server;
-
-import lombok.NoArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.boot.context.event.ApplicationReadyEvent;
-import org.springframework.context.event.ContextStoppedEvent;
-import org.springframework.context.event.EventListener;
-import org.springframework.stereotype.Component;
-import org.springframework.util.StringUtils;
-
-@Component
-@Slf4j
-@NoArgsConstructor
-public class StartupMessage {
-
-  private String port;
-  private String address;
-  private String contextPath;
-
-  private String applicationName;
-
-  private static boolean useSSL =
-      Boolean.valueOf(System.getenv().getOrDefault("WEBGOAT_SSLENABLED", "true"));
-
-  @EventListener
-  void onStartup(ApplicationReadyEvent event) {
-
-    port = event.getApplicationContext().getEnvironment().getProperty("server.port");
-    address = event.getApplicationContext().getEnvironment().getProperty("server.address");
-    contextPath =
-        event.getApplicationContext().getEnvironment().getProperty("server.servlet.context-path");
-    applicationName =
-        event.getApplicationContext().getEnvironment().getProperty("spring.application.name");
-    if (StringUtils.hasText(applicationName)) {
-      if (applicationName.equals("WebGoat")) {
-        log.warn(
-            "Please browse to "
-                + (useSSL ? "https://" : "http://")
-                + "{}:{}{} to start using WebGoat...",
-            event.getApplicationContext().getEnvironment().getProperty("webgoat.host"),
-            port,
-            contextPath);
-      } else {
-        log.warn(
-            "Please browse to http://{}:{}{} to start using WebWolf...",
-            event.getApplicationContext().getEnvironment().getProperty("webwolf.host"),
-            port,
-            contextPath);
-      }
-    }
-  }
-
-  @EventListener
-  void onShutdown(ContextStoppedEvent event) {}
-}
diff --git a/src/main/resources/application-webgoat.properties b/src/main/resources/application-webgoat.properties
index aefde27655..b394e77c06 100644
--- a/src/main/resources/application-webgoat.properties
+++ b/src/main/resources/application-webgoat.properties
@@ -3,7 +3,7 @@ server.error.path=/error.html
 server.servlet.context-path=${WEBGOAT_CONTEXT:/WebGoat}
 server.servlet.session.persistent=false
 server.port=${WEBGOAT_PORT:8080}
-server.address=0.0.0.0
+server.address=${WEBGOAT_HOST:127.0.0.1}
 webgoat.host=${WEBGOAT_HOST:127.0.0.1}
 webgoat.port=${WEBGOAT_PORT:8080}
 webgoat.context=${WEBGOAT_CONTEXT:/WebGoat}
@@ -43,6 +43,7 @@ webgoat.feedback.address=webgoat@owasp.org
 webgoat.feedback.address.html=<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>
 webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
 webgoat.default.language=en
+webgoat.url=http://${server.address}:${server.port}${server.servlet.context-path}
 
 webwolf.host=${WEBWOLF_HOST:127.0.0.1}
 webwolf.port=${WEBWOLF_PORT:9090}