dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,831 Commits 11 Branches 78 Tags
Commit Graph

2831 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Àngel Ollé Blázquez
928bc32f4f Update README.md 2022-07-24 15:34:08 +02:00
René Zubcevic
6b63aaf8b1
Robot framework (#1304) 
* added Robot framework UI tests

* added Robot framework UI tests workflow

* Update test.yml

wait in workflow

* remove obsolete selenium java libs and test

* Update test.yml

push result to commit as comment

* Update test.yml

push comment does not seem to work on WebGoat PR

* clean up unrequired robot options

* update readme
 2022-07-24 12:28:01 +02:00
Àngel Ollé Blázquez
c4f16ceff6 Update README.md 2022-07-23 21:56:39 +02:00
Nanne Baars
4050d1817c Move to JRE image 2022-07-23 09:39:52 +02:00
Nanne Baars
37186e1d90 Explicity add ports to Java command 
This way we don't have to mention it somewhere in the documentation it is all in one command
 2022-07-23 09:39:52 +02:00
Nanne Baars
06b7244de7 Move XXE lesson to category A3: Injection 2022-07-23 09:39:52 +02:00
Nanne Baars
260168bb3f Remove automatic selection of a random port 2022-07-23 09:39:52 +02:00
dependabot[bot]
af9ba18040
Bump docker/build-push-action from 3.0.0 to 3.1.0 (#1302) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3.0.0...v3.1.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-20 18:50:11 +02:00
René Zubcevic
20dd3ffb95
Lang switch (#1297) 
* language selector first steps

* language german intro added

* ascii doc lang attribute as additional option

* removed some commented code

* changed adoc resource loader to take into account the selected language

* added readme

* added lang test cases
 2022-07-20 10:52:48 +02:00
Nanne Baars
24fcc8f321 Use starting instead of using. 2022-07-19 21:17:09 +02:00
Nanne Baars
ff965c83be Adjust year 2022-07-19 21:17:09 +02:00
Nanne Baars
2aa3609461 Fix typo 2022-07-19 21:17:09 +02:00
Nanne Baars
fe7774bb6f Update documentation regarding WebWolf 
WebWolf no longer runs as a separate application we can simplify the description.
 2022-07-19 21:17:09 +02:00
René Zubcevic
9e3eb39069
removed one duplicate label key and made all login and register fields multi language (#1296) 2022-07-16 06:53:39 +02:00
René Zubcevic
7add1ef73e
hints tested (#1295) 2022-07-15 12:44:37 +02:00
René Zubcevic
4fc03381a8
Label hint tests (#1293) 
* label test

* adjusted it test filter

* label test added
 2022-07-15 08:17:11 +02:00
René Zubcevic
16af4272a5
joda time refactored some dep fix (#1292) 2022-07-14 09:11:06 +02:00
dependabot[bot]
b47568ed69
Bump actions/cache from 3.0.4 to 3.0.5 (#1291) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.4...v3.0.5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-14 09:03:51 +02:00
René Zubcevic
f8b7ca5c85
Pom update (#1290) 
* asciidoctorj update

* pom and suppression updates
 2022-07-11 13:28:44 +02:00
René Zubcevic
e4eb5d783a
Some updates and code improvements (#1288) 
* try with resources

* StringBuilder

* removed ant and updated spring boot
 2022-07-10 17:13:26 +02:00
dependabot[bot]
7dd0dd0923
Bump actions/cache from 3.0.3 to 3.0.4 (#1270) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.3...v3.0.4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-20 15:25:31 +02:00
dependabot[bot]
aeb481e561
Bump actions/cache from 3.0.2 to 3.0.3 (#1260) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.2...v3.0.3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-04 18:06:55 +02:00
dependabot[bot]
8a22c88d61
Bump docker/build-push-action from 2.10.0 to 3.0.0 (#1252) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.10.0 to 3.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.10.0...v3.0.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-18 08:36:51 +02:00
dependabot[bot]
724666e10f
Bump docker/setup-buildx-action from 1 to 2 (#1253) 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-18 08:36:39 +02:00
dependabot[bot]
4953dd63ed
Bump docker/setup-qemu-action from 1.1.0 to 2.0.0 (#1254) 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1.1.0 to 2.0.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1.1.0...v2.0.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-18 08:36:28 +02:00
dependabot[bot]
a32055995d
Bump docker/login-action from 1.14.1 to 2.0.0 (#1255) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.14.1 to 2.0.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.14.1...v2.0.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-18 08:36:01 +02:00
Àngel Ollé Blázquez
3c0b243797
Added new active developer (#1249) 
Fix footer
 2022-05-06 07:34:49 +02:00
Àngel Ollé Blázquez
dfa31e0a28
JWT doc code typo fix (#1247) 2022-04-20 08:16:21 +02:00
René Zubcevic
b32240f96b
owasp top10-2021 (#1235) 2022-04-11 21:12:41 +02:00
René Zubcevic
02c3f9551f
update spring boot (#1242) 2022-04-11 21:12:10 +02:00
dependabot[bot]
bc91ca86e8
Bump actions/cache from 2.1.7 to 3.0.2 (#1239) 
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.0.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2.1.7...v3.0.2)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-11 18:14:54 +02:00
dependabot[bot]
1dadf20ee0
Bump actions/checkout from 2 to 3 (#1240) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-11 18:14:42 +02:00
dependabot[bot]
4ff41299e3
Bump actions/setup-java from 2 to 3 (#1241) 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2 to 3.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-11 18:14:28 +02:00
Àngel Ollé Blázquez
a9fa53535d
Fix Build Badge and Link (#1238) 2022-04-11 07:45:58 +02:00
Nanne Baars
711649924b
Refactoring (#1201) 
* Some initial refactoring

* Make it one application

* Got it working

* Fix problem on Windows

* Move WebWolf

* Move first lesson

* Moved all lessons

* Fix pom.xml

* Fix tests

* Add option to initialize a lesson

This way we can create content for each user inside a lesson. The initialize method will be called when a new user is created or when a lesson reset happens

* Clean up pom.xml files

* Remove fetching labels based on language.

We only support English at the moment, all the lesson explanations are written in English which makes it very difficult to translate. If we only had labels it would make sense to support multiple languages

* Fix SonarLint issues

* And move it all to the main project

* Fix for documentation paths

* Fix pom warnings

* Remove PMD as it does not work

* Update release notes about refactoring

Update release notes about refactoring

Update release notes about refactoring

* Fix lesson template

* Update release notes

* Keep it in the same repo in Dockerhub

* Update documentation to show how the connection is obtained.

Resolves: #1180

* Rename all integration tests

* Remove command from Dockerfile

* Simplify GitHub actions

Currently, we use a separate actions for pull-requests and branch build.
This is now consolidated in one action.
The PR action triggers always, it now only trigger when the PR is
opened and not in draft.
Running all platforms on a branch build is a bit too much, it is better
 to only run all platforms when someone opens a PR.

* Remove duplicate entry from release notes

* Add explicit registry for base image

* Lesson scanner not working when fat jar

When running the fat jar we have to take into account we
are reading from the jar file and not the filesystem. In
this case you cannot use `getFile` for example.

* added info in README and fixed release docker

* changed base image and added ignore file

Co-authored-by: Zubcevic.com <rene@zubcevic.com>
 2022-04-09 14:56:12 +02:00
neilnaveen
f3d8206a07
Set permissions for GitHub actions (#1228) 
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
 2022-04-09 12:54:32 +02:00
dependabot[bot]
56f5b0f0fa
Bump actions/cache from 2.1.7 to 3 (#1220) 
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.7...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-26 14:33:06 +01:00
dependabot[bot]
bed2eed8d8
Bump docker/build-push-action from 2.7.0 to 2.10.0 (#1218) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.7.0 to 2.10.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.7.0...v2.10.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-26 14:32:53 +01:00
dependabot[bot]
984548ae88
Bump actions/checkout from 2 to 3 (#1213) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-09 14:52:49 +01:00
dependabot[bot]
32475ea37e
Bump docker/login-action from 1.13.0 to 1.14.1 (#1214) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.13.0 to 1.14.1.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.13.0...v1.14.1)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-09 14:52:28 +01:00
dependabot[bot]
2332bf22a7
Bump docker/login-action from 1.12.0 to 1.13.0 (#1209) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-28 07:58:56 +01:00
René Zubcevic
3bc009297e
Update SessionManagementTest.java (#1198) 
url() is required in this case. You will notice it when changing host name or when using https
 2021-12-23 17:07:55 +01:00
Nanne Baars
44ab36aa1b
Add message that WebGoat should be running while detecting datasource 2021-12-22 15:57:39 +01:00
Nanne Baars
969335f2f6
Update documentation for starting with java -jar 2021-12-22 15:57:11 +01:00
Nanne Baars
c000a9b467
Improve startup message Docker 2021-12-22 12:55:27 +01:00
dependabot[bot]
c5389f31c3 Bump docker/login-action from 1.9.0 to 1.12.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.9.0 to 1.12.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.9.0...v1.12.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-21 12:53:41 +01:00
Nanne Baars
85d4633f62
Update enforcer and exclude log4j-core completely (every version) 2021-12-21 10:05:12 +01:00
Nanne Baars
7ded0968c1 Ban log4j all together and update OWASP dep check 
Remove
 2021-12-20 21:45:44 +01:00
Zubcevic.com
cb6b1d73d1 upgrade to latest spring-boot libs and fixed related issues 2021-12-20 21:45:44 +01:00
Nanne Baars
44f70ce4dc Remove unnecessary compiler section from pom.xml as it confuses Intellij while importing 2021-12-20 16:45:06 +01:00