Apply formatting

This will make sure we have a consistent style across our project and the PRs are only concerned with actual changes and no longer about style.

.github/stale.yml

@@ -2,9 +2,9 @@
 daysUntilStale: 90
 daysUntilClose: 14
 onlyLabels:
-  - waiting-for-input
+  - waiting for input
   - wontfix
 staleLabel: stale
 markComment: >
   This issue has been automatically marked as `stale` because it has not had recent activity. :calendar: It will be _closed automatically_ in one week if no further activity occurs.
-closeComment: false
+closeComment: false

.github/workflows/build.yml

@@ -47,6 +47,8 @@ jobs:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2-
+      - name: Check code formatting
+        run: mvn --no-transfer-progress spotless:check
       - name: Build with Maven
         run: mvn --no-transfer-progress package
 
@@ -68,5 +70,8 @@ jobs:
               path: ~/.m2
               key: ubuntu-latest-m2-${{ hashFiles('**/pom.xml') }}
               restore-keys: ubuntu-latest-m2-
+        - name: Check code formatting
+          #Fail fast
+          run: mvn --no-transfer-progress spotless:check
         - name: Test with Maven
           run: mvn --no-transfer-progress verify

CONTRIBUTING.md

@@ -1,4 +1,5 @@
 # Contributing
+
 [![GitHub contributors](https://img.shields.io/github/contributors/WebGoat/WebGoat.svg)](https://github.com/WebGoat/WebGoat/graphs/contributors)
 ![GitHub issues by-label "help wanted"](https://img.shields.io/github/issues/WebGoat/WebGoat/help%20wanted.svg)
 ![GitHub issues by-label "good first issue"](https://img.shields.io/github/issues/WebGoat/WebGoat/good%20first%20issue.svg)
@@ -24,7 +25,7 @@ There are a couple of ways on how you can contribute to the project:
 Your PR is valuable to us, and to make sure we can integrate it smoothly, we have a few items for you to consider. In short:
 The minimum requirements for code contributions are:
 
-1. The code _must_ be compliant with the configured Checkstyle and PMD rules.
+1. The code _must_ be compliant with the configured Java Google Formatter, Checkstyle and PMD rules.
 2. All new and changed code _should_ have a corresponding unit and/or integration test.
 3. New and changed lessons _must_ have a corresponding integration test.
 4. [Status checks](https://docs.github.com/en/github/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks) should pass for your last commit.
@@ -38,14 +39,13 @@ Pull requests should be as small/atomic as possible. Large, wide-sweeping change
 * If you are making spelling corrections in the docs, don't modify other files.
 * If you are adding new functions don't '*cleanup*' unrelated functions. That cleanup belongs in another pull request.
 
-
 ### Write a good commit message
 
 * Explain why you make the changes. [More infos about a good commit message.](https://betterprogramming.pub/stop-writing-bad-commit-messages-8df79517177d)
 
 * If you fix an issue with your commit, please close the issue by [adding one of the keywords and the issue number](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue) to your commit message.
 
-  For example: `Fix #545` or `Closes #10`
+For example: `Fix #545` or `Closes #10`
 
 ## How to set up your Contributor Environment
 
@@ -54,27 +54,34 @@ Pull requests should be as small/atomic as possible. Large, wide-sweeping change
 3. Clone your own repository to your host computer so that you can make modifications. If you followed the GitHub tutorial from step 2, you have already done this.
 4. Go to the newly cloned directory "WebGoat" and add the remote upstream repository:
 
-    ```bash
-    $ git remote -v
-    origin [email protected]:<your Github handle>/WebGoat.git (fetch)
-    origin [email protected]:<your Github handle>/WebGoat.git (push)
+   ```bash
+   	$ git remote -v
+   	origin [email protected]:<your Github handle>/WebGoat.git (fetch)
+   	origin [email protected]:<your Github handle>/WebGoat.git (push)
 
-    $ git remote add upstream [email protected]:WebGoat/WebGoat.git
+   	$ git remote add upstream [email protected]:WebGoat/WebGoat.git
 
-    $ git remote -v
-    origin [email protected]:<your Github handle>/WebGoat.git (fetch)
-    origin [email protected]:<your Github handle>/WebGoat.git (push)
-    upstream [email protected]:OWASP/WebGoat.git (fetch)
-    upstream [email protected]:OWASP/WebGoat.git (push)
-    ```
+   	$ git remote -v
+   	origin [email protected]:<your Github handle>/WebGoat.git (fetch)
+   	origin [email protected]:<your Github handle>/WebGoat.git (push)
+   	upstream [email protected]:OWASP/WebGoat.git (fetch)
+   	upstream [email protected]:OWASP/WebGoat.git (push)
+   ```
+
+   See also the GitHub documentation on "[Configuring a remote for a fork](https://docs.github.com/en/free-pro-team@latest/github/collaborating-with-issues-and-pull-requests/configuring-a-remote-for-a-fork "Configuring a remote for a fork")".
 
-    See also the GitHub documentation on "[Configuring a remote for a fork](https://docs.github.com/en/free-pro-team@latest/github/collaborating-with-issues-and-pull-requests/configuring-a-remote-for-a-fork "Configuring a remote for a fork")".
 5. Choose what to work on, based on any of the outstanding [issues](https://github.com/WebGoat/WebGoat/issues "WebGoat Issues").
+
 6. Create a branch so that you can cleanly work on the chosen issue: `git checkout -b FixingIssue66`
+
 7. Open your favorite editor and start making modifications. We recommend using the [IntelliJ Idea](https://www.jetbrains.com/idea/).
+
 8. After your modifications are done, push them to your forked repository. This can be done by executing the command `git add MYFILE` for every file you have modified, followed by `git commit -m 'your commit message here'` to commit the modifications and `git push` to push your modifications to GitHub.
+
 9. Create a Pull Request (PR) by going to your fork, <https://github.com/Your_Github_Handle/WebGoat> and click on the "New Pull Request" button. The target branch should typically be the Master branch. When submitting a PR, be sure to follow the checklist that is provided in the PR template. The checklist itself will be filled out by the reviewer.
+
 10. Your PR will be reviewed and comments may be given. In order to process a comment, simply make modifications to the same branch as before and push them to your repository. GitHub will automatically detect these changes and add them to your existing PR.
+
 11. When starting on a new PR in the future, make sure to always keep your local repo up to date:
 
     ```bash

CREATE_RELEASE.md

@@ -1,21 +1,21 @@
 ## Release WebGoat
 
-
 ### Version numbers
 
 For WebGoat we use milestone releases first before we release the official version, we use `v8.0.0.M3` while tagging
- and 8.0.0.M3 in the `pom.xml`. When we create the final release we remove the milestone release and use 
- `v8.0.0` in the `pom.xml`
- 
+and 8.0.0.M3 in the `pom.xml`. When we create the final release we remove the milestone release and use
+`v8.0.0` in the `pom.xml`
+
 ### Release notes:
-Update the release notes with the correct version. Use `git shortlog -s -n --since "SEP 31 2019"` for the list of 
+
+Update the release notes with the correct version. Use `git shortlog -s -n --since "SEP 31 2019"` for the list of
 committers.
 
 At the moment we use Gitflow, for a release you create a new release branch and take the following steps:
 
 ```
 git checkout develop
-git flow release start <version> 
+git flow release start <version>
 git flow release publish
 
 <<Make changes if necessary>>
@@ -30,5 +30,3 @@ git push --tags
 Now Travis takes over and will create the release in Github and on Docker Hub.
 
 NOTE: the `mvn versions:set` command above is just there to make sure the master branch contains the latest version
-
-

PULL_REQUEST_TEMPLATE.md

@@ -1 +1 @@
-Thank you for submitting a pull request to the WebGoat!
+Thank you for submitting a pull request to the WebGoat!

README.md

@@ -44,13 +44,12 @@ docker run -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amster
 
 **Important**: *Choose the correct timezone, so that the docker container and your host are in the same timezone. As it is important for the validity of JWT tokens used in certain exercises.*
 
-
 ## 2. Standalone
 
 Download the latest WebGoat release from [https://github.com/WebGoat/WebGoat/releases](https://github.com/WebGoat/WebGoat/releases)
 
 ```shell
-java -Dfile.encoding=UTF-8 -Dwebgoat.port=8080 -Dwebwolf.port=9090 -jar webgoat-8.2.3.jar 
+java -Dfile.encoding=UTF-8 -Dwebgoat.port=8080 -Dwebwolf.port=9090 -jar webgoat-8.2.3.jar
 ```
 
 Click the link in the log to start WebGoat.
@@ -75,7 +74,7 @@ Now let's start by compiling the project.
 cd WebGoat
 git checkout <<branch_name>>
 # On Linux/Mac:
-./mvnw clean install 
+./mvnw clean install
 
 # On Windows:
 ./mvnw.cmd clean install
@@ -93,11 +92,11 @@ Now we are ready to run the project. WebGoat 8.x is using Spring-Boot.
 ./mvnw.cmd spring-boot:run
 
 ```
+
 ... you should be running WebGoat on http://localhost:8080/WebGoat momentarily.
 
 Note: The above link will redirect you to login page if you are not logged in. LogIn/Create account to proceed.
 
-
 To change the IP address add the following variable to the `WebGoat/webgoat-container/src/main/resources/application.properties` file:
 
 ```
@@ -109,6 +108,7 @@ server.address=x.x.x.x
 For specialist only. There is a way to set up WebGoat with a personalized menu. You can leave out some menu categories or individual lessons by setting certain environment variables.
 
 For instance running as a jar on a Linux/macOS it will look like this:
+
 ```Shell
 export EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE"
 export EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations"
@@ -120,3 +120,4 @@ Or in a docker run it would (once this version is pushed into docker hub) look l
 ```Shell
 docker run -d -p 8080:8080 -p 9090:9090 -e TZ=Europe/Amsterdam -e EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE" -e EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations" webgoat/webgoat
 ```
+

README_I18N.md

@@ -22,7 +22,7 @@ The following steps are required when you want to add a new language
 4. Add a welcome page to the introduction lesson
    1. Copy Introduction_.adoc to Introduction_es.adoc (if in this case you want to add Spanish)
    2. Add a highlighted section that explains that most parts of WebGoat will still be in English and invite people to translate parts where it would be valuable
-5. Translate the main labels 
+5. Translate the main labels
    1. Copy messages.properties to messages_es.properties (if in this case you want to add Spanish)
    2. Translate the label values
 6. Optionally translate lessons by

RELEASE_NOTES.md

@@ -1,19 +1,19 @@
-# WebGoat release notes 
+# WebGoat release notes
 
 ## Unreleased
 
 ### New functionality
 
 - New year's resolution: major refactoring of WebGoat to simplify the setup and improve building times.
 - Move away from multi-project setup:
-  - This has a huge performance benefit when building the application. Build time locally is now `Total time:  42.469 s` (depends on your local machine of course)
-  - No longer add Maven dependencies in several places
-  - H2 no longer needs to run as separate process, which solves the issue of WebWolf sharing and needing to configure the correct database connection.
+  * This has a huge performance benefit when building the application. Build time locally is now `Total time:  42.469 s` (depends on your local machine of course)
+  * No longer add Maven dependencies in several places
+  * H2 no longer needs to run as separate process, which solves the issue of WebWolf sharing and needing to configure the correct database connection.
 - More explicit paths in html files to reference `adoc` files, less magic.
 - Integrate WebWolf in WebGoat, the setup was way too complicated and needed configuration which could lead to mistakes and a not working application. This also simplifies the Docker configuration as there is only 1 Docker image.
 - Add WebWolf button in WebGoat
-- Move all lessons into `src/main/resources` 
-- WebGoat selects a port dynamically when starting. It will still start of port 8080 it will try another port to ease the user experience. 
+- Move all lessons into `src/main/resources`
+- WebGoat selects a port dynamically when starting. It will still start of port 8080 it will try another port to ease the user experience.
 - WebGoat logs URL after startup: `Please browse to http://127.0.0.1:8080/WebGoat to get started...`
 - Simplify `Dockerfile` as we no longer need a script to start everything
 - Maven build now start WebGoat jar with Maven plugin to make sure we run against the latest build.
@@ -35,22 +35,20 @@
 
 ### New functionality
 
-- Docker image now supports nginx when browsing to http://localhost a landing page is shown. 
+- Docker image now supports nginx when browsing to http://localhost a landing page is shown.
 
 ### Bug fixes
 
 - [#1039 jwt-7-Code review](https://github.com/WebGoat/WebGoat/issues/1039)
 - [#1031 SQL Injection (intro) 5: Data Control Language (DCL) the wiki's solution is not correct](https://github.com/WebGoat/WebGoat/issues/1031)
 - [#1027 Webgoat 8.2.1 Vulnerable_Components_12 Shows internal server error](https://github.com/WebGoat/WebGoat/issues/1027)
 
-
 ## Version 8.2.1
 
 ### New functionality
 
 - New Docker image for arm64 architecture is now available (for Apple M1)
 
-
 ## Version 8.2.0
 
 ### New functionality
@@ -85,39 +83,38 @@ Special thanks to the following contributors providing us with a pull request:
 - maximmasiutin
 - toshihue
 - avivmu
-- KellyMarchewa 
+- KellyMarchewa
 - NatasG
 - gabe-sky
 
-
 ## Version 8.1.0
 
 ### New functionality
 
 - Added new lessons for cryptography and path-traversal
 - Extra content added to the XXE lesson
 - Explanation of the assignments will be part of WebGoat, in this release we added detailed descriptions on how to solve the XXE lesson. In the upcoming releases new explanations will be added. If you want to contribute please create a pull request on Github.
-- Docker improvements + docker stack for complete container with nginx 
-- Included JWT token decoding and generation, since jwt.io does not support None anymore 
+- Docker improvements + docker stack for complete container with nginx
+- Included JWT token decoding and generation, since jwt.io does not support None anymore
 
 ### Bug fixes
 
 - [#743 - Character encoding errors](https://github.com/WebGoat/WebGoat/issues/743)
 - [#811 -  Flag submission fails](https://github.com/WebGoat/WebGoat/issues/811)
 - [#810 - Scoreboard for challenges shows csrf users](https://github.com/WebGoat/WebGoat/issues/810)
-- [#788 - strange copy in constructor](https://github.com/WebGoat/WebGoat/issues/788) 
+- [#788 - strange copy in constructor](https://github.com/WebGoat/WebGoat/issues/788)
 - [#760 - Execution of standalone jar fails (Flyway migration step](https://github.com/WebGoat/WebGoat/issues/760)
 - [#766 - Unclear objective of vulnerable components practical assignment](https://github.com/WebGoat/WebGoat/issues/766)
 - [#708 - Seems like the home directory of WebGoat always use @project.version@](https://github.com/WebGoat/WebGoat/issues/708)
 - [#719 - WebGoat: 'Contact Us' email link in header is not correctly set](https://github.com/WebGoat/WebGoat/issues/719)
- - [#715 - Reset lesson doesn't reset the "HTML lesson" => forms stay succesful](https://github.com/WebGoat/WebGoat/issues/715)
- - [#725 - Vulnerable Components lesson 12 broken due to too new dependency](https://github.com/WebGoat/WebGoat/issues/725)
- - [#716 -  On M26 @project.version@ is not "interpreted" #7](https://github.com/WebGoat/WebGoat/issues/716)
- - [#721 couldn't be able to run CSRF lesson 3: Receive Whitelabel Error Page](https://github.com/WebGoat/WebGoat/issues/721)
- - [#724 - Dead link in VulnerableComponents lesson 11](https://github.com/WebGoat/WebGoat/issues/724)
- 
- ## Contributors
- 
+- [#715 - Reset lesson doesn't reset the "HTML lesson" => forms stay succesful](https://github.com/WebGoat/WebGoat/issues/715)
+- [#725 - Vulnerable Components lesson 12 broken due to too new dependency](https://github.com/WebGoat/WebGoat/issues/725)
+- [#716 -  On M26 @project.version@ is not "interpreted" #7](https://github.com/WebGoat/WebGoat/issues/716)
+- [#721 couldn't be able to run CSRF lesson 3: Receive Whitelabel Error Page](https://github.com/WebGoat/WebGoat/issues/721)
+- [#724 - Dead link in VulnerableComponents lesson 11](https://github.com/WebGoat/WebGoat/issues/724)
+
+## Contributors
+
 Special thanks to the following contributors providing us with a pull request:
 
 - Satoshi SAKAO
@@ -132,9 +129,5 @@ Special thanks to the following contributors providing us with a pull request:
 
 And everyone who provided feedback through Github.
 
-
 Team WebGoat
 
-
-
-

docs/README.md

@@ -2,4 +2,3 @@
 
 Old GitHub page which now redirects to OWASP website.
 
-