Installer fixes

README

@@ -47,18 +47,16 @@ How To Build And Run under Mac OS X and Linux:
   9. Click on 'Test Configuration', followed by 'Rebuild Database' and
      hopefully you should be good go! Enjoy your hackathon!
 
-How to build and run under Windows:
-  1. Prerequisites:
+How to build and run under Windows with MySql:
+   1. Prerequisites:
      a. Visual Studio 2010 and above.
-     b. Mysql database that's up and running with at least one user
-        aleady setup with full permissions.
+     b. Create a Mysql database with empty database and at least one user with full permissions.
   2. Open WebGoat.sln file via Visual Studio, and click on debug.
   3. You should see the WebGoat.NET page at which point click on
      'Set Up Database'.
-  3. You should see a form with a bunch of setup information for the
-     database. For 'Data Provider' choose MySql. You'll need to fill in
-     the respective data entries for your mysql db. 'Client Executable'
-     and 'Data File Path' are not necessary for MySql so you can leave
-     them empty.
-  4. Click on 'Test Configuration', followed by 'Rebuild Database' and
+  4. You should see a form with a bunch of setup information for the
+     database.  Some placeholder text is already entered for you.  
+     Edit it to match your configuration. 
+     'Data File Path' is not necessary for MySql so you can leave it empty.
+  5. Click on 'Test Configuration', followed by 'Rebuild Database' and
      hopefully you should be good go! Enjoy your hackathon!

WebGoat.NET.sln

@@ -1,6 +1,8 @@
 
-Microsoft Visual Studio Solution File, Format Version 11.00
-# Visual Studio 2010
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.24720.0
+MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WebGoat.NET", "WebGoat\WebGoat.NET.csproj", "{83B04441-0F79-4424-AAD0-46E0C3CDDAA1}"
 EndProject
 Global
@@ -14,6 +16,9 @@ Global
 		{83B04441-0F79-4424-AAD0-46E0C3CDDAA1}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{83B04441-0F79-4424-AAD0-46E0C3CDDAA1}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
 	GlobalSection(MonoDevelopProperties) = preSolution
 		StartupItem = WebGoat\WebGoat.NET.csproj
 		Policies = $0
@@ -23,7 +28,7 @@ Global
 		$0.StandardHeader = $2
 		$2.Text = 
 		$2.IncludeInNewFiles = True
-		$0.TextStylePolicy = $3
+		$0.TextStylePolicy = $34
 		$3.inheritsSet = null
 		$3.scope = text/x-csharp
 		$0.CSharpFormattingPolicy = $4
@@ -46,28 +51,25 @@ Global
 		$4.inheritsSet = Mono
 		$4.inheritsScope = text/x-csharp
 		$4.scope = text/x-csharp
-		$0.TextStylePolicy = $5
 		$5.FileWidth = 120
 		$5.inheritsSet = VisualStudio
 		$5.inheritsScope = text/plain
 		$5.scope = text/plain
 		$0.NameConventionPolicy = $6
 		$6.Rules = $7
-		$7.NamingRule = $8
+		$7.NamingRule = $32
 		$8.Name = Namespaces
 		$8.AffectedEntity = Namespace
 		$8.VisibilityMask = VisibilityMask
 		$8.NamingStyle = PascalCase
 		$8.IncludeInstanceMembers = True
 		$8.IncludeStaticEntities = True
-		$7.NamingRule = $9
 		$9.Name = Types
 		$9.AffectedEntity = Class, Struct, Enum, Delegate
 		$9.VisibilityMask = VisibilityMask
 		$9.NamingStyle = PascalCase
 		$9.IncludeInstanceMembers = True
 		$9.IncludeStaticEntities = True
-		$7.NamingRule = $10
 		$10.Name = Interfaces
 		$10.RequiredPrefixes = $11
 		$11.String = I
@@ -76,7 +78,6 @@ Global
 		$10.NamingStyle = PascalCase
 		$10.IncludeInstanceMembers = True
 		$10.IncludeStaticEntities = True
-		$7.NamingRule = $12
 		$12.Name = Attributes
 		$12.RequiredSuffixes = $13
 		$13.String = Attribute
@@ -85,7 +86,6 @@ Global
 		$12.NamingStyle = PascalCase
 		$12.IncludeInstanceMembers = True
 		$12.IncludeStaticEntities = True
-		$7.NamingRule = $14
 		$14.Name = Event Arguments
 		$14.RequiredSuffixes = $15
 		$15.String = EventArgs
@@ -94,7 +94,6 @@ Global
 		$14.NamingStyle = PascalCase
 		$14.IncludeInstanceMembers = True
 		$14.IncludeStaticEntities = True
-		$7.NamingRule = $16
 		$16.Name = Exceptions
 		$16.RequiredSuffixes = $17
 		$17.String = Exception
@@ -103,97 +102,82 @@ Global
 		$16.NamingStyle = PascalCase
 		$16.IncludeInstanceMembers = True
 		$16.IncludeStaticEntities = True
-		$7.NamingRule = $18
 		$18.Name = Methods
 		$18.AffectedEntity = Methods
 		$18.VisibilityMask = VisibilityMask
 		$18.NamingStyle = PascalCase
 		$18.IncludeInstanceMembers = True
 		$18.IncludeStaticEntities = True
-		$7.NamingRule = $19
 		$19.Name = Static Readonly Fields
 		$19.AffectedEntity = ReadonlyField
 		$19.VisibilityMask = Internal, Protected, Public
 		$19.NamingStyle = PascalCase
 		$19.IncludeInstanceMembers = False
 		$19.IncludeStaticEntities = True
-		$7.NamingRule = $20
 		$20.Name = Fields (Non Private)
 		$20.AffectedEntity = Field
 		$20.VisibilityMask = Internal, Protected, Public
 		$20.NamingStyle = PascalCase
 		$20.IncludeInstanceMembers = True
 		$20.IncludeStaticEntities = True
-		$7.NamingRule = $21
 		$21.Name = ReadOnly Fields (Non Private)
 		$21.AffectedEntity = ReadonlyField
 		$21.VisibilityMask = Internal, Protected, Public
 		$21.NamingStyle = PascalCase
 		$21.IncludeInstanceMembers = True
 		$21.IncludeStaticEntities = False
-		$7.NamingRule = $22
 		$22.Name = Fields (Private)
 		$22.AllowedPrefixes = $23
-		$23.String = _
 		$23.String = m_
 		$22.AffectedEntity = Field, ReadonlyField
 		$22.VisibilityMask = Private
 		$22.NamingStyle = CamelCase
 		$22.IncludeInstanceMembers = True
 		$22.IncludeStaticEntities = False
-		$7.NamingRule = $24
 		$24.Name = Static Fields (Private)
 		$24.AffectedEntity = Field
 		$24.VisibilityMask = Private
 		$24.NamingStyle = CamelCase
 		$24.IncludeInstanceMembers = False
 		$24.IncludeStaticEntities = True
-		$7.NamingRule = $25
 		$25.Name = ReadOnly Fields (Private)
 		$25.AllowedPrefixes = $26
-		$26.String = _
 		$26.String = m_
 		$25.AffectedEntity = ReadonlyField
 		$25.VisibilityMask = Private
 		$25.NamingStyle = CamelCase
 		$25.IncludeInstanceMembers = True
 		$25.IncludeStaticEntities = False
-		$7.NamingRule = $27
 		$27.Name = Constant Fields
 		$27.AffectedEntity = ConstantField
 		$27.VisibilityMask = VisibilityMask
 		$27.NamingStyle = PascalCase
 		$27.IncludeInstanceMembers = True
 		$27.IncludeStaticEntities = True
-		$7.NamingRule = $28
 		$28.Name = Properties
 		$28.AffectedEntity = Property
 		$28.VisibilityMask = VisibilityMask
 		$28.NamingStyle = PascalCase
 		$28.IncludeInstanceMembers = True
 		$28.IncludeStaticEntities = True
-		$7.NamingRule = $29
 		$29.Name = Events
 		$29.AffectedEntity = Event
 		$29.VisibilityMask = VisibilityMask
 		$29.NamingStyle = PascalCase
 		$29.IncludeInstanceMembers = True
 		$29.IncludeStaticEntities = True
-		$7.NamingRule = $30
 		$30.Name = Enum Members
 		$30.AffectedEntity = EnumMember
 		$30.VisibilityMask = VisibilityMask
 		$30.NamingStyle = PascalCase
 		$30.IncludeInstanceMembers = True
 		$30.IncludeStaticEntities = True
-		$7.NamingRule = $31
 		$31.Name = Parameters
 		$31.AffectedEntity = Parameter
 		$31.VisibilityMask = VisibilityMask
 		$31.NamingStyle = CamelCase
 		$31.IncludeInstanceMembers = True
 		$31.IncludeStaticEntities = True
-		$7.NamingRule = $32
 		$32.Name = Type Parameters
 		$32.RequiredPrefixes = $33
 		$33.String = T
@@ -202,11 +186,7 @@ Global
 		$32.NamingStyle = PascalCase
 		$32.IncludeInstanceMembers = True
 		$32.IncludeStaticEntities = True
-		$0.TextStylePolicy = $34
 		$34.inheritsSet = null
 		$34.scope = application/x-ashx
 	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
 EndGlobal

WebGoat/App_Code/DB/MySqlDbProvider.cs

@@ -6,7 +6,8 @@
 using System.Diagnostics;
 using System.IO;
 using System.Threading;
-
+using System.Web;
+
 namespace OWASP.WebGoat.NET.App_Code.DB
 {
     public class MySqlDbProvider : IDbProvider
@@ -18,6 +19,7 @@ public class MySqlDbProvider : IDbProvider
         private readonly string _uid;
         private readonly string _database;
         private readonly string _clientExec;
+
 
         private readonly ILog log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
 
@@ -103,8 +105,12 @@ public bool RecreateGoatDb()
 
             log.Info("Running recreate");
 
-            int retVal1 = Math.Abs(Util.RunProcessWithInput(_clientExec, args, DbConstants.DB_CREATE_MYSQL_SCRIPT));
-            int retVal2 = Math.Abs(Util.RunProcessWithInput(_clientExec, args, DbConstants.DB_LOAD_MYSQL_SCRIPT));
+            string createScript = HttpContext.Current.Server.MapPath(DbConstants.DB_CREATE_MYSQL_SCRIPT.Replace("\\", "/"));
+            string loadScript = HttpContext.Current.Server.MapPath(DbConstants.DB_LOAD_MYSQL_SCRIPT.Replace("\\", "/"));
+
+
+            int retVal1 = Math.Abs(Util.RunProcessWithInput(_clientExec, args, createScript));
+            int retVal2 = Math.Abs(Util.RunProcessWithInput(_clientExec, args, loadScript));
 
             return Math.Abs(retVal1) + Math.Abs(retVal2) == 0;
         }

WebGoat/Configuration/Default.config

@@ -1 +1,7 @@
-dbtype=MySql
+dbtype=MySql
+host=localhost
+port=3306
+client=C:\Program Files\MySQL\MySQL Server 5.7\bin\mysql.exe
+database=webgoat
+uid=user
+pwd=password

WebGoat/ProxySetup.aspx

@@ -17,7 +17,7 @@
             ErrorMessage="Name is Required" ControlToValidate="txtName"></asp:RequiredFieldValidator><br />
         <asp:RegularExpressionValidator ID="valRegEx" runat="server" 
             ErrorMessage="Invalid Characters Detected!" ControlToValidate="txtName" 
-            ValidationExpression="[a-zA-Z\-\ \_]*"></asp:RegularExpressionValidator>
+            ValidationExpression="[a-zA-Z\-\ _]*"></asp:RegularExpressionValidator>
         <p />
         Enter your name (letters only): 
 		<asp:TextBox ID="txtName" runat="server" Width="304px"></asp:TextBox>

WebGoat/Resources/Master-Pages/Site.Master.cs

@@ -20,7 +20,7 @@ protected void Page_Load(object sender, EventArgs e)
         }
         protected void lbtGenerateTestData_Click(object sender, EventArgs e)
         {
-        	Response.Redirect("/RebuildDatabase.aspx");
+        	Response.Redirect("~/RebuildDatabase.aspx");
         }
         public void GreyOutMenu()
         {