dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,087 Commits 11 Branches 78 Tags
Commit Graph

315 Commits

Author SHA1 Message Date
Nanne Baars
1d74727db6 chore: new release 2025.0 2025-03-01 16:03:06 +01:00
dependabot[bot]
957cd161f2
chore: bump org.wiremock:wiremock-standalone from 3.11.0 to 3.12.0 (#2026) 
Bumps [org.wiremock:wiremock-standalone](https://github.com/wiremock/wiremock) from 3.11.0 to 3.12.0.
- [Release notes](https://github.com/wiremock/wiremock/releases)
- [Commits](https://github.com/wiremock/wiremock/compare/3.11.0...3.12.0)

---
updated-dependencies:
- dependency-name: org.wiremock:wiremock-standalone
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-01 11:01:46 +01:00
Nanne Baars
55bd0a49db
chore: cleanup IT tests (#2040) 2025-02-28 18:39:23 +01:00
dependabot[bot]
3d4780d7e0
chore: bump org.testcontainers:testcontainers from 1.20.4 to 1.20.5 (#2034) 2025-02-27 18:34:58 +01:00
dependabot[bot]
92d4981b90
chore: bump com.diffplug.spotless:spotless-maven-plugin (#2035) 2025-02-27 18:34:47 +01:00
dependabot[bot]
8166b10c1a
chore: bump org.testcontainers:junit-jupiter from 1.20.4 to 1.20.5 (#2036) 2025-02-27 18:34:36 +01:00
dependabot[bot]
6d1ebadf85
chore: bump org.springframework.boot:spring-boot-starter-parent (#2037) 2025-02-27 18:34:24 +01:00
dependabot[bot]
9572a7b840
chore: bump com.microsoft.playwright:playwright from 1.49.0 to 1.50.0 (#2025) 2025-02-22 20:55:35 +01:00
dependabot[bot]
6c16d4ccfc
chore: bump io.github.bonigarcia:webdrivermanager from 5.9.2 to 5.9.3 (#2027) 2025-02-22 20:55:07 +01:00
dependabot[bot]
93c3f19ca7
chore: bump org.jruby:jruby from 9.4.11.0 to 9.4.12.0 (#2028) 2025-02-22 20:54:55 +01:00
Nanne Baars
00f3538be2
chore: format all code according to SPDX (#2023) 2025-02-16 19:48:05 +01:00
dependabot[bot]
2a5b4385ea
chore: bump com.diffplug.spotless:spotless-maven-plugin (#2006) 
Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.41.1 to 2.44.2.
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](https://github.com/diffplug/spotless/compare/maven/2.41.1...maven/2.44.2)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-15 19:52:40 +01:00
dependabot[bot]
8638d94595
chore: bump org.springframework.boot:spring-boot-starter-parent (#2013) 
Bumps [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 3.4.1 to 3.4.2.
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](https://github.com/spring-projects/spring-boot/compare/v3.4.1...v3.4.2)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-starter-parent
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-15 18:55:26 +01:00
dependabot[bot]
3ef5e34dd0
chore: bump org.jruby:jruby from 9.4.9.0 to 9.4.11.0 (#2017) 
Bumps org.jruby:jruby from 9.4.9.0 to 9.4.11.0.

---
updated-dependencies:
- dependency-name: org.jruby:jruby
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-15 18:55:09 +01:00
dependabot[bot]
019ab0495f
chore: bump com.auth0:java-jwt from 4.4.0 to 4.5.0 (#2018) 
Bumps [com.auth0:java-jwt](https://github.com/auth0/java-jwt) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/auth0/java-jwt/releases)
- [Changelog](https://github.com/auth0/java-jwt/blob/master/CHANGELOG.md)
- [Commits](https://github.com/auth0/java-jwt/compare/4.4.0...4.5.0)

---
updated-dependencies:
- dependency-name: com.auth0:java-jwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-15 18:54:59 +01:00
dependabot[bot]
2aeee521ab
chore: bump org.wiremock:wiremock-standalone from 3.10.0 to 3.11.0 (#2019) 
Bumps [org.wiremock:wiremock-standalone](https://github.com/wiremock/wiremock) from 3.10.0 to 3.11.0.
- [Release notes](https://github.com/wiremock/wiremock/releases)
- [Commits](https://github.com/wiremock/wiremock/compare/3.10.0...3.11.0)

---
updated-dependencies:
- dependency-name: org.wiremock:wiremock-standalone
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-15 18:54:49 +01:00
Nanne Baars
d96dbe2edf fix: build failure 2025-01-26 18:47:10 +01:00
Nanne Baars
8e45316638
feat: Introduce Playwright for UI testing 
Instead of using Robot Framework which does not run during a `mvn install`. Playwright seems to be the better approach. We can now write them as normal JUnit test and they are executed during a build.

Additionally this PR solves some interesting bugs found during writing Playwright tests:

- A reset of a lesson removes all assignments as a result another user wouldn't see any assignments
- If someone solves an assignment the assignment automatically got solved for a new user since the assignment included the `solved` flag which immediately got copied to new lesson progress.
- Introduction of assignment progress linking a assignment not directly to all users.
 2025-01-26 16:59:59 +01:00
dependabot[bot]
02f43c54d0
chore: bump org.springframework.boot:spring-boot-starter-parent (#1994) 2024-12-25 11:00:53 +01:00
dependabot[bot]
19f4f8dc46
chore: bump com.google.guava:guava from 33.3.1-jre to 33.4.0-jre (#1995) 2024-12-25 11:00:37 +01:00
Nanne Baars
0244655409
feat: Move to Java 23 
Closes: gh-1990
 2024-12-21 14:16:33 +01:00
dependabot[bot]
a95213757d
chore: bump org.springframework.boot:spring-boot-starter-parent from 3.3.5 to 3.4.0 (#1962) 2024-12-16 20:16:10 +01:00
dependabot[bot]
6d90852c1f
chore: bump org.apache.commons:commons-text from 1.12.0 to 1.13.0 (#1986) 2024-12-16 20:15:53 +01:00
dependabot[bot]
119b84d034
chore: bump org.wiremock:wiremock-standalone from 3.9.2 to 3.10.0 (#1970) 2024-12-03 22:13:11 +01:00
dependabot[bot]
afd951228d
chore: bump org.jsoup:jsoup from 1.18.1 to 1.18.3 (#1971) 2024-12-03 22:13:00 +01:00
dependabot[bot]
cc0efd8600
chore: bump commons-io:commons-io from 2.17.0 to 2.18.0 (#1961) 2024-11-26 23:21:10 +01:00
dependabot[bot]
e29dccf3c9
chore: bump org.testcontainers:junit-jupiter from 1.20.3 to 1.20.4 (#1963) 2024-11-26 23:20:25 +01:00
dependabot[bot]
0cf861fb3c
chore: bump org.testcontainers:testcontainers from 1.20.3 to 1.20.4 (#1964) 2024-11-26 23:20:11 +01:00
dependabot[bot]
e60ca6ce72
chore: bump org.jruby:jruby from 9.4.8.0 to 9.4.9.0 (#1954) 2024-11-11 13:46:45 +01:00
dependabot[bot]
88a763f513
chore: bump org.testcontainers:junit-jupiter from 1.20.1 to 1.20.3 (#1946) 
Bumps [org.testcontainers:junit-jupiter](https://github.com/testcontainers/testcontainers-java) from 1.20.1 to 1.20.3.
- [Release notes](https://github.com/testcontainers/testcontainers-java/releases)
- [Changelog](https://github.com/testcontainers/testcontainers-java/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testcontainers/testcontainers-java/compare/1.20.1...1.20.3)

---
updated-dependencies:
- dependency-name: org.testcontainers:junit-jupiter
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-07 16:13:27 +01:00
dependabot[bot]
7f33d3609f
chore: bump org.apache.maven.plugins:maven-surefire-plugin (#1948) 
Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.1 to 3.5.2.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.5.1...surefire-3.5.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-07 16:13:10 +01:00
dependabot[bot]
bf02077427
chore: bump org.wiremock:wiremock-standalone from 3.9.1 to 3.9.2 (#1947) 
Bumps [org.wiremock:wiremock-standalone](https://github.com/wiremock/wiremock) from 3.9.1 to 3.9.2.
- [Release notes](https://github.com/wiremock/wiremock/releases)
- [Commits](https://github.com/wiremock/wiremock/compare/3.9.1...3.9.2)

---
updated-dependencies:
- dependency-name: org.wiremock:wiremock-standalone
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-07 15:46:43 +01:00
Nanne Baars
e1e00bca73
fix: JWT kid/jku lessons (#1949) 
* refactor: rewrite hints

Use active voice and fix grammar issues.

* fix: use Thymeleaf `th:action`

* fix: JWT kid/jku lessons

Split the JavaScript into two files they pointed to the same URL

The JWTs are now valid, they parse successfully.

The paths now include `/kid` and `/jku` to make sure the hints match accordingly in the UI. Otherwise `/delete` would pick up both hints from both assignments as the paths overlap.

Closes: #1715

* fix: update to latest pre-commit version

* fix: increase timeouts for server to start during integration tests
 2024-11-07 15:45:33 +01:00
dependabot[bot]
87fae00f03
chore: bump commons-io:commons-io from 2.16.1 to 2.17.0 (#1937) 
Bumps commons-io:commons-io from 2.16.1 to 2.17.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-29 16:30:32 +01:00
dependabot[bot]
af687e71fe
chore: bump com.google.guava:guava from 33.3.0-jre to 33.3.1-jre (#1939) 2024-10-28 20:02:09 +01:00
dependabot[bot]
83ed4c3d5c
chore: bump org.testcontainers:testcontainers from 1.20.1 to 1.20.3 (#1935) 2024-10-28 15:05:33 +01:00
dependabot[bot]
62cdfd0824
chore: bump com.github.terma:javaniotcpproxy from 1.5 to 1.6 (#1936) 2024-10-28 15:04:15 +01:00
dependabot[bot]
e7457f4821
chore: bump org.apache.maven.plugins:maven-checkstyle-plugin (#1938) 2024-10-28 15:04:01 +01:00
dependabot[bot]
cf5101a633
chore: bump org.asciidoctor:asciidoctorj from 2.5.13 to 3.0.0 (#1897) 2024-10-26 22:53:43 +02:00
dependabot[bot]
7e294fbdb5
chore: bump org.apache.commons:commons-compress from 1.26.2 to 1.27.1 (#1884) 2024-10-26 19:27:07 +02:00
dependabot[bot]
6bbd3cb66b
chore: bump org.springframework.boot:spring-boot-starter-parent (#1931) 2024-10-26 14:20:14 +02:00
dependabot[bot]
ec97568ec2
chore: bump org.apache.maven.plugins:maven-surefire-plugin (#1922) 
Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.3.1 to 3.5.1.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.3.1...surefire-3.5.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-26 10:55:02 +02:00
Nanne Baars
ab068901f1
Remove WebGoat session object (#1929) 
* refactor: modernize code

* refactor: move to Tomcat

* chore: bump to Spring Boot 3.3.3

* refactor: use Testcontainers to run integration tests

* refactor: lesson/assignment progress

* chore: format code

* refactor: first step into removing base class for assignment

Always been a bit of an ugly construction, as none of the dependencies are clear. The constructors are hidden due to autowiring the base class. This PR removes two of the fields.

As a bonus we now wire the authentication principal directly in the controllers.

* refactor: use authentication principal directly.

* refactor: pass lesson to the endpoints

No more need to get the current lesson set in a session. The lesson is now passed to the endpoints.

* fix: Testcontainers cannot run on Windows host in Github actions.

Since we have Windows specific paths let's run it standalone for now. We need to run these tests on Docker as well (for now disabled)
 2024-10-26 10:54:21 +02:00
dependabot[bot]
bb6e84ddcf
chore: bump com.google.guava:guava from 33.2.1-jre to 33.3.0-jre (#1879) 
Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.2.1-jre to 33.3.0-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-04 21:44:38 +02:00
dependabot[bot]
6e946f21a2
chore: bump io.github.bonigarcia:webdrivermanager from 5.9.1 to 5.9.2 (#1866) 
Bumps [io.github.bonigarcia:webdrivermanager](https://github.com/bonigarcia/webdrivermanager) from 5.9.1 to 5.9.2.
- [Release notes](https://github.com/bonigarcia/webdrivermanager/releases)
- [Changelog](https://github.com/bonigarcia/webdrivermanager/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bonigarcia/webdrivermanager/compare/webdrivermanager-5.9.1...webdrivermanager-5.9.2)

---
updated-dependencies:
- dependency-name: io.github.bonigarcia:webdrivermanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-04 15:57:57 +02:00
dependabot[bot]
4c7e6ae4f4
chore: bump org.wiremock:wiremock from 3.9.0 to 3.9.1 (#1865) 
Bumps [org.wiremock:wiremock](https://github.com/wiremock/wiremock) from 3.9.0 to 3.9.1.
- [Release notes](https://github.com/wiremock/wiremock/releases)
- [Commits](https://github.com/wiremock/wiremock/compare/3.9.0...3.9.1)

---
updated-dependencies:
- dependency-name: org.wiremock:wiremock
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-04 15:56:12 +02:00
dependabot[bot]
73de259809
chore: bump org.wiremock:wiremock from 3.8.0 to 3.9.0 (#1852) 
Bumps [org.wiremock:wiremock](https://github.com/wiremock/wiremock) from 3.8.0 to 3.9.0.
- [Release notes](https://github.com/wiremock/wiremock/releases)
- [Commits](https://github.com/wiremock/wiremock/compare/3.8.0...3.9.0)

---
updated-dependencies:
- dependency-name: org.wiremock:wiremock
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-22 20:32:48 +02:00
dependabot[bot]
4a804fabb6
chore: bump org.jsoup:jsoup from 1.17.2 to 1.18.1 (#1851) 
Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup) from 1.17.2 to 1.18.1.
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES.md)
- [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.17.2...jsoup-1.18.1)

---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-22 20:32:27 +02:00
dependabot[bot]
7f652dadec
chore: bump org.apache.maven.plugins:maven-surefire-plugin (#1850) 
Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.3.0...surefire-3.3.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-22 20:32:10 +02:00
dependabot[bot]
f66dff1aeb
chore: bump org.eclipse.jetty.ee10:jetty-ee10-bom (#1840) 
Bumps [org.eclipse.jetty.ee10:jetty-ee10-bom](https://github.com/jetty/jetty.project) from 12.0.10 to 12.0.11.
- [Release notes](https://github.com/jetty/jetty.project/releases)
- [Commits](https://github.com/jetty/jetty.project/compare/jetty-12.0.10...jetty-12.0.11)

---
updated-dependencies:
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-10 12:14:45 +02:00