Repository files navigation

This project aims at demonstrating various security vulnerabilities such as the ones listed in theOWASP Top10.

This project requiresMaven 3 andJava Development Kit version 8.The project does not work with Java 9.

1. Extract, configure and install Maven on your machine, in an appropriate location:https://maven.apache.org/install.html.
2. Extract and install Java Development Kit on your machine, in an appropriate location e.g.c:\Program Files (x86)\Java\ on Windows,/System/Library/Java/ on Mac OSX,/usr/java/ on Linux.
3. Configure theJAVA_HOME environment variable and path on your machine. Instructions here:WINDOWS,MAC,LINUX.
4. You may need to also configure the Path variable:https://www.java.com/en/download/help/path.xml
5. Download the TicketMagpie-master project to your local machine and install to an appropriate location e.gC:\Users\[username]\ticketmagpie (on Windows).Make sure to rename ticketmagpie-master to ticketmagpie

Once you have configured and installed Maven and Java Development Kit and TicketMagpie, you can start the application by running this command from the root folder of the project:

mvn spring-boot:run

The application will then be available atlocalhost.

The application is published on thedocker hub. You can run it like this, with the in-memory database:

docker run -e"SPRING_PROFILES_ACTIVE=hsqldb" -p8080:8080"codecop/ticketmagpie"

The application will then be available atlocalhost.

By default, the application expects a MySQL database to be available on localhost, default port 3306.The application will use the userroot to connect to a database calledticketmagpie.

If you have MySQL orMariaDB installed, initially create the database with:

mysql -u root< src/main/resources/create-mysql-database.sql

If you have Docker installed, run the latest MySQL docker image with suitable configuration:

docker run -d -e MYSQL_ALLOW_EMPTY_PASSWORD=yes \              -e MYSQL_DATABASE=ticketmagpie -p 3306:3306"mysql:latest"

You can pass custom database configuration as follows:

mvn spring-boot:run -Dspring.datasource.url=jdbc:mysql://MYSQL_SERVER:PORT/DB_NAME \                    -Dspring.datasource.username=USER \                    -Dspring.datasource.password=PASSWORD

If you do not have a database server, you can run the application with an HSQLDB in-memory database:

mvn spring-boot:run -Dspring.profiles.active=hsqldb

To send password recovery email you need to configure an SMTP server with credentials.

You can pass the email configuration as follows:

mvn spring-boot:run -Dmail.smtp.host=SMTP_SERVER \                    -Dmail.smtp.port=587 \                    -Dmail.smtp.username=USER@DOMAIN.COM \                    -Dmail.smtp.password=PASSWORD