Add multiple PHP versions

Author: cytopia

.env-example

@@ -1,12 +1,25 @@
+# PHP VERSION
+# -----------
+# Uncomment one of the PHP versions you want to use for DVWA
+#PHP_VERSION=5.6
+#PHP_VERSION=7.0
+#PHP_VERSION=7.1
+PHP_VERSION=7.2
+#PHP_VERSION=7.3
+#PHP_VERSION=7.4
+#PHP_VERSION=8.0
+
+
+LISTEN_PORT=8000
 # Local Listen Port
 # -----------------
 LISTEN_PORT=8000
 
 
 # ReCAPTCHA settings
 # ------------------
-#   Used for the 'Insecure CAPTCHA' module
-#   You'll need to generate your own keys at: https://www.google.com/recaptcha/admin
+# Used for the 'Insecure CAPTCHA' module
+# You'll need to generate your own keys at: https://www.google.com/recaptcha/admin
 RECAPTCHA_PRIV_KEY=
 RECAPTCHA_PUB_KEY=
 

.github/workflows/test.yml

@@ -0,0 +1,149 @@
+---
+
+# -------------------------------------------------------------------------------------------------
+# Job Name
+# -------------------------------------------------------------------------------------------------
+name: Linux
+
+
+# -------------------------------------------------------------------------------------------------
+# When to run
+# -------------------------------------------------------------------------------------------------
+on:
+  # Runs on Pull Requests
+  pull_request:
+
+  # Runs on master Branch and Tags
+  push:
+    branches:
+      - master
+    tags:
+      - '[0-9]+.[0-9]+*'
+
+
+# -------------------------------------------------------------------------------------------------
+# What to run
+# -------------------------------------------------------------------------------------------------
+jobs:
+  smoke_linux:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php:
+          - "5.6"
+          - "7.0"
+          - "7.1"
+          - "7.2"
+          - "7.3"
+          - "7.4"
+          - "8.0"
+
+    name: "[PHP ${{ matrix.php }}]"
+    steps:
+
+      # ------------------------------------------------------------
+      # Checkout repository
+      # ------------------------------------------------------------
+      - name: Checkout repository
+        uses: actions/checkout@v1
+
+      - name: Show environment
+        shell: bash
+        run: |
+          env
+
+      - name: Show network
+        shell: bash
+        run: |
+          netstat -an || true
+          ss -tlun || true
+
+      - name: Show Docker version
+        shell: bash
+        run: |
+          docker version
+
+      # ------------------------------------------------------------
+      # Setup
+      # ------------------------------------------------------------
+      - name: Configure
+        shell: bash
+        run: |
+          cp .env-example .env
+          echo "PHP_VERSION=${PHP}" >> .env
+        env:
+          PHP: ${{ matrix.php }}
+
+      # ------------------------------------------------------------
+      # Build & Run
+      # ------------------------------------------------------------
+      - name: Build
+        shell: bash
+        run: |
+          retry() {
+            for n in $(seq ${RETRIES}); do
+              echo "[${n}/${RETRIES}] ${*}";
+              if eval "${*}"; then
+                echo "[SUCC] ${n}/${RETRIES}";
+                return 0;
+              fi;
+              sleep 2;
+              echo "[FAIL] ${n}/${RETRIES}";
+            done;
+            return 1;
+          }
+          retry make build
+        env:
+          RETRIES: 20
+
+      - name: Run
+        shell: bash
+        run: |
+          retry() {
+            for n in $(seq ${RETRIES}); do
+              echo "[${n}/${RETRIES}] ${*}";
+              if eval "${*}"; then
+                echo "[SUCC] ${n}/${RETRIES}";
+                return 0;
+              fi;
+              sleep 2;
+              echo "[FAIL] ${n}/${RETRIES}";
+            done;
+            return 1;
+          }
+          retry make start
+        env:
+          RETRIES: 20
+
+      # ------------------------------------------------------------
+      # Wait
+      # ------------------------------------------------------------
+      - name: Wait
+        shell: bash
+        run: |
+          sleep 10
+
+      # ------------------------------------------------------------
+      # Test
+      # ------------------------------------------------------------
+      - name: Test
+        shell: bash
+        run: |
+          SUCCESS=0
+          for i in $(seq 60); do
+            printf "."
+            if [ "$(curl -sS -o /dev/null -w '%{http_code}' http://localhost:8000/login.php)" = "200" ]; then
+              SUCCESS=1;
+              break;
+            fi
+            sleep 1;
+          done
+          if [ "${SUCCESS}" != "1" ]; then
+            printf "\\nFAILED"
+            false
+          else
+            printf "\\nSUCCESS"
+          fi

Makefile

@@ -20,7 +20,7 @@ start: .env
 
 stop:
 	@echo "Stopping DVWA"
-	docker-compose stop
+	docker-compose down
 
 logs:
 	docker-compose logs -f dvwa_web

README.md

@@ -11,6 +11,9 @@
 **[Sec Tools](#lock-cytopia-sec-tools)** |
 **[License](#page_facing_up-license)**
 
+[![Linux](https://github.com/cytopia/docker-dvwa/actions/workflows/test.yml/badge.svg)](https://github.com/cytopia/docker-dvwa/actions/workflows/test.yml)
+
+
 DVWA has an official Docker image available at [Dockerhub](https://hub.docker.com/r/vulnerables/web-dvwa/), however by the time of writing this image did not receive any updates for 2 years.
 
 If you prefer an always up-to-date version, use the here provided Docker Compose setup. The image will always be built locally against the latest master branch of the [DVWA](https://github.com/digininja/DVWA) repository.
@@ -58,7 +61,8 @@ This setup allows you to configure a few settings via the `.env` file.
 
 | Variable             | Default | Settings |
 |----------------------|---------|----------|
-| `LISTEN_PORT       ` | `8000`  | Local port for the web server to listen on |
+| `PHP_VERSION`        | `7.2`   | PHP version to run DVWA (`5.6`, `7.0`, `7.1`, `7.2`, `7.3`, `7.4` or `8.0`) |
+| `LISTEN_PORT`        | `8000`  | Local port for the web server to listen on |
 | `RECAPTCHA_PRIV_KEY` |         | Required to make the captcha module work. (See [FAQ](#bulb-faq) section below) |
 | `RECAPTCHA_PUB_KEY`  |         | Required to make the captcha module work. (See [FAQ](#bulb-faq) section below) |
 | `PHP_DISPLAY_ERRORS` | `0`     | Set to `1` to display PHP errors (if you want a really easy mode) |

docker-compose.yml

@@ -2,20 +2,30 @@
 version: '2.3'
 
 services:
+
   dvwa_web:
-    build: ./docker/
+    build:
+      context: ./docker/
+      args:
+        PHP_VERSION: ${PHP_VERSION:-7.2}
+    image: cytopia/dvwa:${PHP_VERSION:-7.2}
     restart: unless-stopped
     ports:
       - "${LISTEN_PORT:-8000}:80"
     networks:
-      - app-net
+      - dvwa-net
     environment:
       - RECAPTCHA_PRIV_KEY=${RECAPTCHA_PRIV_KEY:-}
       - RECAPTCHA_PUB_KEY=${RECAPTCHA_PUB_KEY:-}
       - SECURITY_LEVEL=${SECURITY_LEVEL:-medium}
       - PHPIDS_ENABLED=${PHPIDS_ENABLED:-0}
       - PHPIDS_VERBOSE=${PHPIDS_VERBOSE:-0}
       - PHP_DISPLAY_ERRORS=${PHP_DISPLAY_ERRORS:-0}
+      - MYSQL_HOSTNAME=dvwa_db
+      - MYSQL_DATABASE=dvwa
+      - MYSQL_USERNAME=dvwa
+      - MYSQL_PASSWORD=p@ssw0rd
+
   dvwa_db:
     image: mysql:5.6
     hostname: dvwa_db
@@ -28,10 +38,10 @@ services:
       MYSQL_PASSWORD: p@ssw0rd
     restart: unless-stopped
     networks:
-      - app-net
+      - dvwa-net
 
 networks:
-  app-net:
+  dvwa-net:
     driver: bridge
 
 volumes:

docker/Dockerfile

@@ -1,14 +1,16 @@
-FROM php:7.2-apache as builder
+ARG PHP_VERSION
+FROM php:${PHP_VERSION}-apache as builder
 
 # Get DVWA
 RUN set -eux \
-	&& apt update \
-	&& apt install -y \
+	&& apt-get update \
+	&& apt-get install -y \
 		git \
 	&& git clone https://github.com/digininja/DVWA /DVWA \
 	&& rm -rf /DVWA/.git \
 	&& rm -rf /DVWA/.github \
-	&& rm -rf /DVWA/.gitignore
+	&& rm -rf /DVWA/.gitignore \
+	&& rm -rf /DVWA/php.ini
 
 # Get Adminer
 RUN set -eux \
@@ -19,27 +21,32 @@ RUN set -eux \
 	&& curl -sS --fail -L "${URL}" > /adminer.php
 
 
-FROM php:7.2-apache
+ARG PHP_VERSION
+FROM php:${PHP_VERSION}-apache
 
 # Satisfy PHP requirements
 RUN set -eux \
-	&& apt update \
-	&& apt install -y \
+	&& apt-get update \
+	&& apt-get install -y \
 		libpng-dev \
 	&& docker-php-ext-install gd \
 	&& docker-php-ext-install mysqli \
-	&& docker-php-ext-install pdo_mysql
+	&& docker-php-ext-install pdo_mysql \
+	&& apt-get clean \
+	&& rm -rf /var/lib/apt/lists/*
 
 # Satisfy Application requirements
 RUN set -eux \
-	&& apt update \
-	&& apt install -y \
+	&& apt-get update \
+	&& apt-get install -y \
 		iputils-ping \
 		ltrace \
 		netcat \
 		strace \
 		sudo \
-		telnet
+		telnet \
+	&& apt-get clean \
+	&& rm -rf /var/lib/apt/lists/*
 
 # Copy source
 COPY --from=builder /DVWA/ /var/www/html/
@@ -53,6 +60,7 @@ RUN set -eux \
 		echo "allow_url_include = on"; \
 		echo "allow_url_fopen   = on"; \
 		echo "error_reporting   = E_ALL | E_STRICT"; \
+		echo "magic_quotes_gpc  = off"; \
 	} > /usr/local/etc/php/conf.d/default.ini
 
 # Adjust permissions

docker/config.inc.php

@@ -15,10 +15,5 @@
 # If you are using MariaDB then you cannot use root, you must use create a dedicated DVWA user.
 #   See README.md for more information on this.
 $_DVWA = array();
-$_DVWA[ 'db_server' ]   = 'dvwa_db';
-$_DVWA[ 'db_database' ] = 'dvwa';
-$_DVWA[ 'db_user' ]     = 'dvwa';
-$_DVWA[ 'db_password' ] = 'p@ssw0rd';
 $_DVWA[ 'db_port'] = '3306';
-
 ?>