dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,955 Commits 11 Branches 78 Tags
Commit Graph

2955 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
4bc53a6666
chore: bump maven-checkstyle-plugin from 3.1.2 to 3.2.1 (#1472) 
Bumps [maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.1.2 to 3.2.1.
- [Release notes](https://github.com/apache/maven-checkstyle-plugin/releases)
- [Commits](https://github.com/apache/maven-checkstyle-plugin/compare/maven-checkstyle-plugin-3.1.2...maven-checkstyle-plugin-3.2.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2023-06-02 08:54:21 +02:00
dependabot[bot]
61d5fb9ece
chore: bump jsoup from 1.15.4 to 1.16.1 (#1484) 
Bumps [jsoup](https://github.com/jhy/jsoup) from 1.15.4 to 1.16.1.
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES)
- [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.15.4...jsoup-1.16.1)

---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-02 08:43:43 +02:00
dependabot[bot]
6eafa45e4c chore: bump jacoco-maven-plugin from 0.8.8 to 0.8.10 
Bumps [jacoco-maven-plugin](https://github.com/jacoco/jacoco) from 0.8.8 to 0.8.10.
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](https://github.com/jacoco/jacoco/compare/v0.8.8...v0.8.10)

---
updated-dependencies:
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-01 23:48:16 +02:00
caputdraconis
ac6de9d788 Fix typo of HijackSession_content0.adoc 2023-04-17 09:04:15 +02:00
dependabot[bot]
f6855bf6a5
chore: bump guava from 30.1-jre to 31.1-jre (#1448) 
Bumps [guava](https://github.com/google/guava) from 30.1-jre to 31.1-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-06 11:55:22 +02:00
dependabot[bot]
f7b4af5023
chore: bump bootstrap from 3.3.7 to 5.2.3 (#1441) 
Bumps [bootstrap](https://github.com/webjars/bootstrap) from 3.3.7 to 5.2.3.
- [Release notes](https://github.com/webjars/bootstrap/releases)
- [Commits](https://github.com/webjars/bootstrap/compare/bootstrap-3.3.7...bootstrap-5.2.3)

---
updated-dependencies:
- dependency-name: org.webjars:bootstrap
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-06 11:55:08 +02:00
dependabot[bot]
e720eec5f9
chore: bump jruby from 9.3.6.0 to 9.4.2.0 (#1454) 
Bumps jruby from 9.3.6.0 to 9.4.2.0.

---
updated-dependencies:
- dependency-name: org.jruby:jruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-06 11:54:51 +02:00
dependabot[bot]
a43a6125e8
chore: bump actions/cache from 3.2.6 to 3.3.1 (#1453) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.6 to 3.3.1.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.2.6...v3.3.1)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-06 11:54:05 +02:00
dependabot[bot]
d3e2164716
chore: bump asm from 9.1 to 9.5 (#1460) 
Bumps asm from 9.1 to 9.5.

---
updated-dependencies:
- dependency-name: org.ow2.asm:asm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-06 11:53:50 +02:00
Loris Sierra
cbf2e153d9 Restrict SSRF Regexes 2023-03-08 23:22:38 +01:00
dependabot[bot]
0795ff0fc5 chore: bump commons-io from 2.6 to 2.11.0 
Bumps commons-io from 2.6 to 2.11.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-01 11:09:19 +01:00
dependabot[bot]
d7cdfeec2a chore: bump webdrivermanager from 4.3.1 to 5.3.2 
Bumps [webdrivermanager](https://github.com/bonigarcia/webdrivermanager) from 4.3.1 to 5.3.2.
- [Release notes](https://github.com/bonigarcia/webdrivermanager/releases)
- [Changelog](https://github.com/bonigarcia/webdrivermanager/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bonigarcia/webdrivermanager/compare/webdrivermanager-4.3.1...webdrivermanager-5.3.2)

---
updated-dependencies:
- dependency-name: io.github.bonigarcia:webdrivermanager
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-01 11:09:08 +01:00
dependabot[bot]
491fe2d84d chore: bump maven-enforcer-plugin from 3.0.0 to 3.2.1 
Bumps [maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 3.0.0 to 3.2.1.
- [Release notes](https://github.com/apache/maven-enforcer/releases)
- [Commits](https://github.com/apache/maven-enforcer/compare/enforcer-3.0.0...enforcer-3.2.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-01 11:08:28 +01:00
dependabot[bot]
a509e8e24e chore: bump commons-text from 1.9 to 1.10.0 
Bumps commons-text from 1.9 to 1.10.0.

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-01 11:07:37 +01:00
Nanne Baars
e50986a098
fix: challenge 7 (#1433) 2023-02-22 22:55:48 +01:00
Àngel Ollé Blázquez
61dac201f0 Add coverage profile 2023-02-22 14:51:55 +01:00
dependabot[bot]
c5629be618
chore: bump spotless-maven-plugin from 2.29.0 to 2.33.0 (#1426) 
Bumps [spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.29.0 to 2.33.0.
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](https://github.com/diffplug/spotless/compare/lib/2.29.0...lib/2.33.0)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 13:36:24 +01:00
dependabot[bot]
df8c83fe74
chore: bump eclipse-temurin from 17-jre-focal to 19-jre-focal (#1427) 
Bumps eclipse-temurin from 17-jre-focal to 19-jre-focal.

---
updated-dependencies:
- dependency-name: eclipse-temurin
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 13:36:07 +01:00
dependabot[bot]
6d3813c2ce
chore: bump commons-compress from 1.21 to 1.22 (#1428) 
Bumps commons-compress from 1.21 to 1.22.

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-compress
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 13:35:52 +01:00
dependabot[bot]
ecfa0197af
chore: bump maven-surefire-plugin from 3.0.0-M5 to 3.0.0-M9 (#1429) 
Bumps [maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.0.0-M5 to 3.0.0-M9.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.0.0-M5...surefire-3.0.0-M9)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 13:35:36 +01:00
dependabot[bot]
8467ae8a0b
chore: bump jsoup from 1.14.3 to 1.15.4 (#1430) 
Bumps [jsoup](https://github.com/jhy/jsoup) from 1.14.3 to 1.15.4.
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES)
- [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.14.3...jsoup-1.15.4)

---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 13:35:20 +01:00
dependabot[bot]
5243fa2bf2
chore: bump jose4j from 0.7.6 to 0.9.3 (#1431) 
Bumps [jose4j](https://bitbucket.org/b_c/jose4j) from 0.7.6 to 0.9.3.
- [Commits](https://bitbucket.org/b_c/jose4j/branches/compare/jose4j-0.9.3..jose4j-0.7.6)

---
updated-dependencies:
- dependency-name: org.bitbucket.b_c:jose4j
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 13:35:01 +01:00
dependabot[bot]
36f99dede8 Bump actions/cache from 3.2.5 to 3.2.6 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.5 to 3.2.6.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.2.5...v3.2.6)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-22 13:34:10 +01:00
Nanne Baars
5dbe2eaf19 refactor: update challenge code 
- Flags are now wired through a Spring config
- Introduced Flag class
- Removed Flags from the FlagController
 2023-02-22 11:01:34 +01:00
Nanne Baars
1b49b2fd3b chore: format markdown file 2023-02-22 11:01:34 +01:00
Nanne Baars
b49c61636b ci: add maven and docker to dependabot configuration 2023-02-22 11:01:34 +01:00
Nanne Baars
8269207d6b docs: add documentation we start using Conventional Commits. 
Fixes #1022
 2023-02-22 11:01:34 +01:00
Nanne Baars
de2f568229 chore: back to snapshot version after release 2023-02-22 11:01:34 +01:00
Nanne Baars
9f6cf39ff2 ci: add distribution in snapshot job 2023-02-22 11:01:34 +01:00
Nanne Baars
19d54dbe95 chore: release version 2023.4 2023-02-22 11:01:34 +01:00
Nanne Baars
0f38519ecf ci: add step for pushing Docker desktop image 2023-02-17 12:56:43 +01:00
Nanne Baars
4c95c9ec6a ci: add step to build and verify Docker image 2023-02-17 12:56:43 +01:00
Nanne Baars
f6c7a54931 docs: add screenshot to README and add Docker WebGoat desktop text 2023-02-17 12:56:43 +01:00
Nanne Baars
f1012c85d6 feat: add Docker desktop version of WebGoat with all tools installed 
The new Docker image uses linuxserver/webtop giving users the opportunity
to run a Linux desktop in their browser without installing any tools
on their local machine.
 2023-02-17 12:56:43 +01:00
Nanne Baars
ecfc321f14 feature: Add extra feedback once someone solves JWT refresh lesson differently 
One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback.
 2023-02-16 20:32:27 +00:00
Nanne Baars
73b8c431fc chore: use constructor instead of field dependency injection 2023-02-16 20:32:27 +00:00
dependabot[bot]
b68adfbc7c Bump devops-infra/action-pull-request from 0.5.3 to 0.5.5 
Bumps [devops-infra/action-pull-request](https://github.com/devops-infra/action-pull-request) from 0.5.3 to 0.5.5.
- [Release notes](https://github.com/devops-infra/action-pull-request/releases)
- [Commits](https://github.com/devops-infra/action-pull-request/compare/v0.5.3...v0.5.5)

---
updated-dependencies:
- dependency-name: devops-infra/action-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-16 14:09:05 +00:00
Nanne Baars
1a2855afcd chore: set directories explicitly when running IT tests 2023-02-16 12:24:02 +00:00
Nanne Baars
693771220c fix: change url in JavaScript for JWT endpoint 
The JavaScript pointed to the context root /WebWolf/ which is no longer in use.
 2023-02-16 12:24:02 +00:00
Àngel Ollé Blázquez
075b1ab30a Fix WebWolf JWT tool 2023-02-15 22:40:24 +00:00
Nanne Baars
390ff39f19 chore: format src/test/it as well 2023-02-15 19:01:06 +00:00
Nanne Baars
3ec34b0df5 fix: challenge test fails sometimes when calling scoreboard endpoint 2023-02-15 19:01:06 +00:00
Nanne Baars
eb4c8388f8 Update Dockerfile 2023-02-15 12:11:12 +00:00
Àngel Ollé Blázquez
ae081ce319 Add fileserver location (test) 2023-02-15 12:00:54 +00:00
Nanne Baars
bd398e4c09 #1396 Fix templates path for views 2023-02-15 11:58:49 +00:00
dependabot[bot]
c9d1653d4f Bump docker/build-push-action from 3.2.0 to 4.0.0 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.2.0 to 4.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3.2.0...v4.0.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-10 21:39:35 +01:00
dependabot[bot]
77c91b8df8 Bump actions/cache from 3.2.3 to 3.2.5 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.3 to 3.2.5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.2.3...v3.2.5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-10 21:38:56 +01:00
Nanne Baars
f9b810c5ee Fix formatting issue 2023-01-14 18:29:24 +01:00
Nanne Baars
dc0fc09679 Move to main and skip develop 
Using main and develop imposes a complicated release process with Gitflow etc. To simplify our release process we move our development to the main branch skipping develop.
 2023-01-14 18:24:35 +01:00
Nanne Baars
a0173fd8f8 Merge branch 'develop' 2023-01-14 17:07:37 +01:00