dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,867 Commits 11 Branches 78 Tags
Commit Graph

2867 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nanne Baars
bd5fe360c7
fix: WIP 2023-06-19 17:42:20 +02:00
dependabot[bot]
015216df5f
chore: bump docker/login-action from 2.1.0 to 2.2.0 (#1502) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-13 17:06:35 +02:00
dependabot[bot]
60fc807d36
chore: bump docker/build-push-action from 4.0.0 to 4.1.0 (#1501) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v4.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-13 10:50:53 +02:00
Nanne Baars
636a2bdaf5
fix: robotframework fails due to updated dependencies (#1508) 2023-06-13 10:00:50 +02:00
dependabot[bot]
816a694c84
chore: bump maven-surefire-plugin from 3.0.0-M9 to 3.1.0 (#1499) 
Bumps [maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.0.0-M9 to 3.1.0.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.0.0-M9...surefire-3.1.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2023-06-07 21:31:54 +02:00
dependabot[bot]
06a55ab278
chore: bump maven-checkstyle-plugin from 3.2.1 to 3.3.0 (#1496) 
Bumps [maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.2.1 to 3.3.0.
- [Commits](https://github.com/apache/maven-checkstyle-plugin/compare/maven-checkstyle-plugin-3.2.1...maven-checkstyle-plugin-3.3.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2023-06-07 09:41:13 +02:00
dependabot[bot]
0136c1070f
chore: bump spring-boot-starter-parent from 3.0.5 to 3.1.0 (#1497) 
Bumps [spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 3.0.5 to 3.1.0.
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](https://github.com/spring-projects/spring-boot/compare/v3.0.5...v3.1.0)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-starter-parent
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-06 16:21:11 +02:00
Nanne Baars
dce5eeb797 bug: fix Java image inside Docker file 
The image now downloads the correct Java version based on the architecture.
 2023-06-04 14:56:46 +02:00
Nanne Baars
ca886b4818
feat: upgrade to Spring Boot version 3 (#1477) 2023-06-04 11:19:47 +02:00
dependabot[bot]
ff3a2983e2
chore: bump zxcvbn from 1.5.2 to 1.7.0 (#1471) 
Bumps [zxcvbn](https://github.com/nulab/zxcvbn4j) from 1.5.2 to 1.7.0.
- [Release notes](https://github.com/nulab/zxcvbn4j/releases)
- [Changelog](https://github.com/nulab/zxcvbn4j/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nulab/zxcvbn4j/compare/1.5.2...1.7.0)

---
updated-dependencies:
- dependency-name: com.nulab-inc:zxcvbn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2023-06-02 16:21:17 +02:00
dependabot[bot]
6f0b88f9b6
chore: bump cglib-nodep from 2.2 to 3.3.0 (#1470) 
Bumps [cglib-nodep](https://github.com/cglib/cglib) from 2.2 to 3.3.0.
- [Release notes](https://github.com/cglib/cglib/releases)
- [Commits](https://github.com/cglib/cglib/commits)

---
updated-dependencies:
- dependency-name: cglib:cglib-nodep
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2023-06-02 16:06:55 +02:00
dependabot[bot]
9d9fb092be
chore: bump maven-enforcer-plugin from 3.2.1 to 3.3.0 (#1468) 
Bumps [maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 3.2.1 to 3.3.0.
- [Release notes](https://github.com/apache/maven-enforcer/releases)
- [Commits](https://github.com/apache/maven-enforcer/compare/enforcer-3.2.1...enforcer-3.3.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2023-06-02 09:01:54 +02:00
dependabot[bot]
4bc53a6666
chore: bump maven-checkstyle-plugin from 3.1.2 to 3.2.1 (#1472) 
Bumps [maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.1.2 to 3.2.1.
- [Release notes](https://github.com/apache/maven-checkstyle-plugin/releases)
- [Commits](https://github.com/apache/maven-checkstyle-plugin/compare/maven-checkstyle-plugin-3.1.2...maven-checkstyle-plugin-3.2.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2023-06-02 08:54:21 +02:00
dependabot[bot]
61d5fb9ece
chore: bump jsoup from 1.15.4 to 1.16.1 (#1484) 
Bumps [jsoup](https://github.com/jhy/jsoup) from 1.15.4 to 1.16.1.
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES)
- [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.15.4...jsoup-1.16.1)

---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-02 08:43:43 +02:00
dependabot[bot]
6eafa45e4c chore: bump jacoco-maven-plugin from 0.8.8 to 0.8.10 
Bumps [jacoco-maven-plugin](https://github.com/jacoco/jacoco) from 0.8.8 to 0.8.10.
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](https://github.com/jacoco/jacoco/compare/v0.8.8...v0.8.10)

---
updated-dependencies:
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-01 23:48:16 +02:00
caputdraconis
ac6de9d788 Fix typo of HijackSession_content0.adoc 2023-04-17 09:04:15 +02:00
dependabot[bot]
f6855bf6a5
chore: bump guava from 30.1-jre to 31.1-jre (#1448) 
Bumps [guava](https://github.com/google/guava) from 30.1-jre to 31.1-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-06 11:55:22 +02:00
dependabot[bot]
f7b4af5023
chore: bump bootstrap from 3.3.7 to 5.2.3 (#1441) 
Bumps [bootstrap](https://github.com/webjars/bootstrap) from 3.3.7 to 5.2.3.
- [Release notes](https://github.com/webjars/bootstrap/releases)
- [Commits](https://github.com/webjars/bootstrap/compare/bootstrap-3.3.7...bootstrap-5.2.3)

---
updated-dependencies:
- dependency-name: org.webjars:bootstrap
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-06 11:55:08 +02:00
dependabot[bot]
e720eec5f9
chore: bump jruby from 9.3.6.0 to 9.4.2.0 (#1454) 
Bumps jruby from 9.3.6.0 to 9.4.2.0.

---
updated-dependencies:
- dependency-name: org.jruby:jruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-06 11:54:51 +02:00
dependabot[bot]
a43a6125e8
chore: bump actions/cache from 3.2.6 to 3.3.1 (#1453) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.6 to 3.3.1.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.2.6...v3.3.1)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-06 11:54:05 +02:00
dependabot[bot]
d3e2164716
chore: bump asm from 9.1 to 9.5 (#1460) 
Bumps asm from 9.1 to 9.5.

---
updated-dependencies:
- dependency-name: org.ow2.asm:asm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-06 11:53:50 +02:00
Loris Sierra
cbf2e153d9 Restrict SSRF Regexes 2023-03-08 23:22:38 +01:00
dependabot[bot]
0795ff0fc5 chore: bump commons-io from 2.6 to 2.11.0 
Bumps commons-io from 2.6 to 2.11.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-01 11:09:19 +01:00
dependabot[bot]
d7cdfeec2a chore: bump webdrivermanager from 4.3.1 to 5.3.2 
Bumps [webdrivermanager](https://github.com/bonigarcia/webdrivermanager) from 4.3.1 to 5.3.2.
- [Release notes](https://github.com/bonigarcia/webdrivermanager/releases)
- [Changelog](https://github.com/bonigarcia/webdrivermanager/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bonigarcia/webdrivermanager/compare/webdrivermanager-4.3.1...webdrivermanager-5.3.2)

---
updated-dependencies:
- dependency-name: io.github.bonigarcia:webdrivermanager
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-01 11:09:08 +01:00
dependabot[bot]
491fe2d84d chore: bump maven-enforcer-plugin from 3.0.0 to 3.2.1 
Bumps [maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 3.0.0 to 3.2.1.
- [Release notes](https://github.com/apache/maven-enforcer/releases)
- [Commits](https://github.com/apache/maven-enforcer/compare/enforcer-3.0.0...enforcer-3.2.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-01 11:08:28 +01:00
dependabot[bot]
a509e8e24e chore: bump commons-text from 1.9 to 1.10.0 
Bumps commons-text from 1.9 to 1.10.0.

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-01 11:07:37 +01:00
Nanne Baars
e50986a098
fix: challenge 7 (#1433) 2023-02-22 22:55:48 +01:00
Àngel Ollé Blázquez
61dac201f0 Add coverage profile 2023-02-22 14:51:55 +01:00
dependabot[bot]
c5629be618
chore: bump spotless-maven-plugin from 2.29.0 to 2.33.0 (#1426) 
Bumps [spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.29.0 to 2.33.0.
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](https://github.com/diffplug/spotless/compare/lib/2.29.0...lib/2.33.0)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 13:36:24 +01:00
dependabot[bot]
df8c83fe74
chore: bump eclipse-temurin from 17-jre-focal to 19-jre-focal (#1427) 
Bumps eclipse-temurin from 17-jre-focal to 19-jre-focal.

---
updated-dependencies:
- dependency-name: eclipse-temurin
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 13:36:07 +01:00
dependabot[bot]
6d3813c2ce
chore: bump commons-compress from 1.21 to 1.22 (#1428) 
Bumps commons-compress from 1.21 to 1.22.

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-compress
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 13:35:52 +01:00
dependabot[bot]
ecfa0197af
chore: bump maven-surefire-plugin from 3.0.0-M5 to 3.0.0-M9 (#1429) 
Bumps [maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.0.0-M5 to 3.0.0-M9.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.0.0-M5...surefire-3.0.0-M9)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 13:35:36 +01:00
dependabot[bot]
8467ae8a0b
chore: bump jsoup from 1.14.3 to 1.15.4 (#1430) 
Bumps [jsoup](https://github.com/jhy/jsoup) from 1.14.3 to 1.15.4.
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES)
- [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.14.3...jsoup-1.15.4)

---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 13:35:20 +01:00
dependabot[bot]
5243fa2bf2
chore: bump jose4j from 0.7.6 to 0.9.3 (#1431) 
Bumps [jose4j](https://bitbucket.org/b_c/jose4j) from 0.7.6 to 0.9.3.
- [Commits](https://bitbucket.org/b_c/jose4j/branches/compare/jose4j-0.9.3..jose4j-0.7.6)

---
updated-dependencies:
- dependency-name: org.bitbucket.b_c:jose4j
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 13:35:01 +01:00
dependabot[bot]
36f99dede8 Bump actions/cache from 3.2.5 to 3.2.6 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.5 to 3.2.6.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.2.5...v3.2.6)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-22 13:34:10 +01:00
Nanne Baars
5dbe2eaf19 refactor: update challenge code 
- Flags are now wired through a Spring config
- Introduced Flag class
- Removed Flags from the FlagController
 2023-02-22 11:01:34 +01:00
Nanne Baars
1b49b2fd3b chore: format markdown file 2023-02-22 11:01:34 +01:00
Nanne Baars
b49c61636b ci: add maven and docker to dependabot configuration 2023-02-22 11:01:34 +01:00
Nanne Baars
8269207d6b docs: add documentation we start using Conventional Commits. 
Fixes #1022
 2023-02-22 11:01:34 +01:00
Nanne Baars
de2f568229 chore: back to snapshot version after release 2023-02-22 11:01:34 +01:00
Nanne Baars
9f6cf39ff2 ci: add distribution in snapshot job 2023-02-22 11:01:34 +01:00
Nanne Baars
19d54dbe95 chore: release version 2023.4 2023-02-22 11:01:34 +01:00
Nanne Baars
0f38519ecf ci: add step for pushing Docker desktop image 2023-02-17 12:56:43 +01:00
Nanne Baars
4c95c9ec6a ci: add step to build and verify Docker image 2023-02-17 12:56:43 +01:00
Nanne Baars
f6c7a54931 docs: add screenshot to README and add Docker WebGoat desktop text 2023-02-17 12:56:43 +01:00
Nanne Baars
f1012c85d6 feat: add Docker desktop version of WebGoat with all tools installed 
The new Docker image uses linuxserver/webtop giving users the opportunity
to run a Linux desktop in their browser without installing any tools
on their local machine.
 2023-02-17 12:56:43 +01:00
Nanne Baars
ecfc321f14 feature: Add extra feedback once someone solves JWT refresh lesson differently 
One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback.
 2023-02-16 20:32:27 +00:00
Nanne Baars
73b8c431fc chore: use constructor instead of field dependency injection 2023-02-16 20:32:27 +00:00
dependabot[bot]
b68adfbc7c Bump devops-infra/action-pull-request from 0.5.3 to 0.5.5 
Bumps [devops-infra/action-pull-request](https://github.com/devops-infra/action-pull-request) from 0.5.3 to 0.5.5.
- [Release notes](https://github.com/devops-infra/action-pull-request/releases)
- [Commits](https://github.com/devops-infra/action-pull-request/compare/v0.5.3...v0.5.5)

---
updated-dependencies:
- dependency-name: devops-infra/action-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-16 14:09:05 +00:00
Nanne Baars
1a2855afcd chore: set directories explicitly when running IT tests 2023-02-16 12:24:02 +00:00