dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,826 Commits 11 Branches 78 Tags
6fcd12364c38d4508aa7707ea11c73e75051fd68
Commit Graph

3826 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
30e40f2e59 chore: bump org.jruby:jruby from 9.4.3.0 to 9.4.7.0 (#1813) 
Bumps org.jruby:jruby from 9.4.3.0 to 9.4.7.0.

---
updated-dependencies:
- dependency-name: org.jruby:jruby
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2024-06-08 08:23:28 +02:00
dependabot[bot]
8f11fb6729 chore: bump docker/login-action from 3.0.0 to 3.2.0 (#1815) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.0.0 to 3.2.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3.0.0...v3.2.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2024-06-08 08:17:41 +02:00
dependabot[bot]
10e36c203f chore: bump com.google.guava:guava from 32.1.3-jre to 33.2.1-jre (#1814) 
Bumps [com.google.guava:guava](https://github.com/google/guava) from 32.1.3-jre to 33.2.1-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2024-06-08 08:13:01 +02:00
dependabot[bot]
edcce09b5f chore: bump docker/build-push-action from 5.1.0 to 5.3.0 (#1816) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.1.0 to 5.3.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v5.1.0...v5.3.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-08 08:08:14 +02:00
François Capon
3134f18066 fix: Success if only Smith earn most salary (#1744) 
* Update labels

* Update Java

* Update Test

---------

Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2024-06-01 10:50:38 +02:00
Vandeputte Brice
e219887f14 docs: Update HttpBasics_plan.adoc - fix broken link to https://www.zaproxy.org/ (#1803) 
fix broken link OWASP ZAP -  https://www.zaproxy.org/

Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2024-06-01 10:45:12 +02:00
René Zubcevic
508703ffce update dependencies and version (#1807) 
* update dependencies and version
* debug macos build issue
* update and fix Dockerfile(s)
 2024-05-31 19:39:03 +02:00
Nanne Baars
e308d7cde7 chore: upgrade checkout out to v4 (#1781) 2024-03-25 22:27:56 +01:00
Nanne Baars
4ab820e1d1 feat: move CSRF to A3 (#1776) 
CSRF is part of security misconfiguration in the OWASP Top 10.
 2024-03-21 20:50:37 +01:00
Jason White
1a6a7e0be1 reverting my goofs after launching from wrong browser tab (#1774) 2024-03-19 18:01:30 +01:00
Jason White
2e9140ab64 Merge pull request #1773 from misfir3/test-semgrep-on-merge 
Test semgrep on merge
 2024-03-18 13:21:21 -06:00
Jason White
b79c83a52e linty 2024-03-18 19:19:12 +00:00
Jason White
297c6f49b5 Merge branch 'main' into test-semgrep-on-merge 2024-03-18 13:14:39 -06:00
Jason White
d2049a8fcc updating for testing 2024-03-18 19:13:50 +00:00
Jason White
24db39eae2 test semgrep 2024-03-18 19:12:13 +00:00
Jason White
98443184e9 Merge pull request #1 from WebGoat/develop 
updating from main branch to test semgrep
 2024-03-18 13:05:23 -06:00
Nanne Baars
62931a1836 feature: enable CORS configuration (#1771) 2024-03-17 10:55:27 +01:00
cap-dev0x
c18430752a build(Dockerfile): replace deprecated MAINTAINER tag with label of the same 
Current syntax now used to denote the "WebGoat team" as maintainer

Link: https://docs.docker.com/reference/dockerfile/#label

Signed-off-by: cap-dev0x <158111888+cap-dev0x@users.noreply.github.com>
 2024-02-25 23:20:23 +01:00
François Capon
57d5b313b9 Fix typo in SQLi blind case 2024-02-10 16:02:35 +01:00
cap-dev0x
dd0f135088 fix(quiz): use $ instead of jQuery which is undefined (#1736) 
Fixes: #1703

Signed-off-by: cap-dev0x <158111888+cap-dev0x@users.noreply.github.com>
 2024-02-05 14:30:01 +01:00
dependabot[bot]
ad0286d5ba chore: bump actions/cache from 3.3.1 to 4.0.0 (#1729) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.3.1 to 4.0.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.3.1...v4.0.0)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-29 11:03:15 +01:00
dependabot[bot]
b67eb44142 chore: bump io.github.bonigarcia:webdrivermanager from 5.3.3 to 5.6.3 (#1716) 
Bumps [io.github.bonigarcia:webdrivermanager](https://github.com/bonigarcia/webdrivermanager) from 5.3.3 to 5.6.3.
- [Release notes](https://github.com/bonigarcia/webdrivermanager/releases)
- [Changelog](https://github.com/bonigarcia/webdrivermanager/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bonigarcia/webdrivermanager/compare/webdrivermanager-5.3.3...webdrivermanager-5.6.3)

---
updated-dependencies:
- dependency-name: io.github.bonigarcia:webdrivermanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 15:10:16 +01:00
dependabot[bot]
7e75e9b8fc chore: bump org.apache.commons:commons-exec from 1.3 to 1.4.0 (#1721) 
Bumps org.apache.commons:commons-exec from 1.3 to 1.4.0.

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-exec
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 14:59:40 +01:00
dependabot[bot]
40c679ec5a chore: bump org.jsoup:jsoup from 1.16.1 to 1.17.2 (#1717) 
Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup) from 1.16.1 to 1.17.2.
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES.md)
- [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.16.1...jsoup-1.17.2)

---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 14:51:32 +01:00
Peter Potrowl
4ebb869f5d Fix hidden links in MissingFunctionAC.html. (#1710) 2023-12-29 15:01:35 +01:00
Peter Potrowl
6bb7a182dc Fix typos in texts. 2023-12-14 23:00:59 +01:00
Peter Potrowl
cb2c99d38d Improve texts to avoid confusion. 2023-12-14 22:54:20 +01:00
dependabot[bot]
84029345b4 chore: bump actions/setup-java from 3 to 4 (#1698) 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-06 20:17:13 +01:00
dependabot[bot]
a0ca199cdc chore: bump actions/setup-python from 4 to 5 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-06 19:39:28 +01:00
Nanne Baars
2058298e2d chore: move to SNAPSHOT 2023-12-06 17:35:12 +01:00
Nanne Baars
17acef57b4 chore: add pre-commit hooks 
chore: add pre-commit hooks

chore: add pre-commit hooks

chore: add pre-commit hooks

chore: add pre-commit hooks
 2023-12-06 17:16:24 +01:00
Nanne Baars
d913967ec5 refactor: remove usage of RequestMapping 2023-12-06 17:16:24 +01:00
Nanne Baars
87edc7d1db refactor: use AssertJ for testing 
Majority of our test cases use AssertJ
 2023-12-06 17:16:24 +01:00
Nanne Baars
ac7a9c7863 chore: update GitHub action name 2023-12-05 14:22:19 +01:00
dependabot[bot]
2803ef45e4 chore: bump org.webjars:bootstrap from 5.3.1 to 5.3.2 (#1693) 
Bumps [org.webjars:bootstrap](https://github.com/webjars/bootstrap) from 5.3.1 to 5.3.2.
- [Commits](https://github.com/webjars/bootstrap/compare/bootstrap-5.3.1...bootstrap-5.3.2)

---
updated-dependencies:
- dependency-name: org.webjars:bootstrap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-05 14:04:09 +01:00
Nanne Baars
5357a65e05 chore: release 2023.8 v2023.8 2023-12-05 11:21:15 +01:00
Nanne Baars
d343c60781 chore: do not spend time on building the Docker image 
We can test this ourselves there is no need to run this on every PR towards the repository.
 2023-12-05 11:15:53 +01:00
Nanne Baars
98acc1f55a fix: get the right Github token 2023-12-05 11:15:06 +01:00
Nanne Baars
f99888e61b fix: typo in the step of the name 2023-12-05 11:14:51 +01:00
Nanne Baars
29dda49190 chore: WebWolf bootstrap can now be updated 2023-12-05 11:14:27 +01:00
Nanne Baars
369be6f688 fix: disable extra build file 2023-12-05 11:14:08 +01:00
Nanne Baars
d5f869c006 chore: release version 2023.7 v2023.7 2023-12-04 23:10:52 +01:00
Nanne Baars
a9caaabb47 fix: wrong Docker image 2023-12-04 23:09:51 +01:00
Nanne Baars
fb2ff01775 chore: release 2023.6 v2023.6 2023-12-04 22:56:58 +01:00
dependabot[bot]
89ecf1d2ad chore: bump actions/first-interaction from 1.2.0 to 1.3.0 (#1691) 
Bumps [actions/first-interaction](https://github.com/actions/first-interaction) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/actions/first-interaction/releases)
- [Commits](https://github.com/actions/first-interaction/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: actions/first-interaction
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 22:45:16 +01:00
dependabot[bot]
1b66a742da chore: bump actions/setup-java from 3 to 4 (#1690) 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 22:40:54 +01:00
dependabot[bot]
a831da5886 chore: bump commons-io:commons-io from 2.14.0 to 2.15.1 (#1689) 
Bumps commons-io:commons-io from 2.14.0 to 2.15.1.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 22:33:27 +01:00
dependabot[bot]
fd5189c102 chore: bump com.diffplug.spotless:spotless-maven-plugin (#1688) 
Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.38.0 to 2.41.1.
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](https://github.com/diffplug/spotless/compare/lib/2.38.0...maven/2.41.1)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 22:24:53 +01:00
Nanne Baars
ae261f201a feat: show directly requested file in requests overview 
When a call directly hits a file it is now show up in the requests overview. This helps the user whether an attack from WebGoat actually requested the uploaded file.

Closes: gh-1551
 2023-12-04 21:34:16 +01:00
Nanne Baars
3d651526be feat: show creating time in file upload overview 
Closes: gh-1551
 2023-12-04 21:32:02 +01:00