45c26d8aaf 
					 
					
						
						
							
							Fix servers id ( #1619 )  
						
						
						
						
					 
					
						2023-10-22 15:25:52 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						be30551850 
					 
					
						
						
							
							fix: potential NPE in the stored XSS assignment  
						
						
						
						
					 
					
						2023-08-27 14:31:35 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						49862f6b90 
					 
					
						
						
							
							fix: fixes the default change in trailing slash matching and address the affected assignments  
						
						
						
						
					 
					
						2023-08-27 14:14:27 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4009785bb8 
					 
					
						
						
							
							fix: crypto basics broken links  
						
						
						
						
					 
					
						2023-08-27 13:16:08 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d8341c86a1 
					 
					
						
						
							
							bug: fix hint that was breaking the template, causing hints from different assignments to mix ( #1424 )  
						
						
						
						
					 
					
						2023-08-27 02:08:52 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						055578893d 
					 
					
						
						
							
							feat: improve MFAC lesson hint texts for a better user experience ( #1424 )  
						
						
						
						
					 
					
						2023-08-27 02:08:52 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7b81247dd1 
					 
					
						
						
							
							fix: HijackSession lesson template deprecated Tymeleaf attribute  
						
						
						
						
					 
					
						2023-08-26 02:57:50 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3bc2e57c9c 
					 
					
						
						
							
							Fix NPE in IDOR lesson  
						
						
						
						
					 
					
						2023-08-26 02:22:33 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c3ec168d59 
					 
					
						
						
							
							Add new assignment IT tests  
						
						
						
						
					 
					
						2023-08-26 01:30:17 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a67fbf5a5a 
					 
					
						
						
							
							fix: XSS mitigation  
						
						
						
						
					 
					
						2023-08-26 01:30:17 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3365c8d447 
					 
					
						
						
							
							Remove wrong files  
						
						
						
						
					 
					
						2023-08-25 22:50:40 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						368c046779 
					 
					
						
						
							
							fix: Stored Cross-Site Scripting Lesson  
						
						
						
						
					 
					
						2023-08-25 20:55:26 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						786cabd251 
					 
					
						
						
							
							Make webjar dependencies version agnostic  
						
						
						
						
					 
					
						2023-08-24 16:43:28 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4ba818533c 
					 
					
						
						
							
							fix: WebWolf JWT jquery webjar  
						
						
						
						
					 
					
						2023-08-09 01:32:03 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a9b1fd66b8 
					 
					
						
						
							
							feat: implement JWT jku example ( #1552 )  
						
						... 
						
						
						
						Closes  #1539  
					
						2023-08-08 17:18:22 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						61de52840f 
					 
					
						
						
							
							chore: bump com.diffplug.spotless:spotless-maven-plugin from 2.33.0 to 2.38.0 ( #1535 )  
						
						... 
						
						
						
						* chore: bump com.diffplug.spotless:spotless-maven-plugin
Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless ) from 2.33.0 to 2.38.0.
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md )
- [Commits](https://github.com/diffplug/spotless/compare/lib/2.33.0...lib/2.38.0 )
---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore: format code
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nanne Baars <nanne.baars@owasp.org > 
						
						
					 
					
						2023-07-30 15:10:31 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ad00119b0d 
					 
					
						
						
							
							Add Assignment7 Tests  
						
						
						
						
					 
					
						2023-07-18 00:38:23 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						25f49537e7 
					 
					
						
						
							
							bug: Fix IDOR lesson  
						
						
						
						
					 
					
						2023-07-16 17:14:27 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8ec718c1ef 
					 
					
						
						
							
							format  
						
						
						
						
					 
					
						2023-06-15 19:26:33 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1df7ca61a3 
					 
					
						
						
							
							Text content improvement  
						
						
						
						
					 
					
						2023-06-15 19:26:33 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						75398feca0 
					 
					
						
						
							
							Add hints  
						
						
						
						
					 
					
						2023-06-15 19:26:33 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ca886b4818 
					 
					
						
						
							
							feat: upgrade to Spring Boot version 3 ( #1477 )  
						
						
						
						
					 
					
						2023-06-04 11:19:47 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ac6de9d788 
					 
					
						
						
							
							Fix typo of HijackSession_content0.adoc  
						
						
						
						
					 
					
						2023-04-17 09:04:15 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cbf2e153d9 
					 
					
						
						
							
							Restrict SSRF Regexes  
						
						
						
						
					 
					
						2023-03-08 23:22:38 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e50986a098 
					 
					
						
						
							
							fix: challenge 7 ( #1433 )  
						
						
						
						
					 
					
						2023-02-22 22:55:48 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5dbe2eaf19 
					 
					
						
						
							
							refactor: update challenge code  
						
						... 
						
						
						
						- Flags are now wired through a Spring config
- Introduced Flag class
- Removed Flags from the FlagController 
						
						
					 
					
						2023-02-22 11:01:34 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ecfc321f14 
					 
					
						
						
							
							feature: Add extra feedback once someone solves JWT refresh lesson differently  
						
						... 
						
						
						
						One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback. 
						
						
					 
					
						2023-02-16 20:32:27 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						73b8c431fc 
					 
					
						
						
							
							chore: use constructor instead of field dependency injection  
						
						
						
						
					 
					
						2023-02-16 20:32:27 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						693771220c 
					 
					
						
						
							
							fix: change url in JavaScript for JWT endpoint  
						
						... 
						
						
						
						The JavaScript pointed to the context root /WebWolf/ which is no longer in use. 
						
						
					 
					
						2023-02-16 12:24:02 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						075b1ab30a 
					 
					
						
						
							
							Fix WebWolf JWT tool  
						
						
						
						
					 
					
						2023-02-15 22:40:24 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						390ff39f19 
					 
					
						
						
							
							chore: format src/test/it as well  
						
						
						
						
					 
					
						2023-02-15 19:01:06 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3ec34b0df5 
					 
					
						
						
							
							fix: challenge test fails sometimes when calling scoreboard endpoint  
						
						
						
						
					 
					
						2023-02-15 19:01:06 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ae081ce319 
					 
					
						
						
							
							Add fileserver location (test)  
						
						
						
						
					 
					
						2023-02-15 12:00:54 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bd398e4c09 
					 
					
						
						
							
							#1396  Fix templates path for views  
						
						
						
						
					 
					
						2023-02-15 11:58:49 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						323daae578 
					 
					
						
						
							
							Vulnerable components only work in a Docker container  
						
						
						
						
					 
					
						2023-01-05 20:51:15 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3901814363 
					 
					
						
						
							
							Fix documentation link for XXE mitigation.  
						
						
						
						
					 
					
						2023-01-05 19:00:12 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						59bfd7c6d4 
					 
					
						
						
							
							Move XXE to A05 - Security Misconfiguration  
						
						
						
						
					 
					
						2023-01-05 19:00:12 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dca415099f 
					 
					
						
						
							
							Remove unused JavaScript function  
						
						
						
						
					 
					
						2023-01-05 11:33:00 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						54e115aff0 
					 
					
						
						
							
							Update the solution with WebWolf URLs  
						
						... 
						
						
						
						The new solution uses WebWolf paths as these will change automatically when a user start WebGoat on a different port. It no longer depends on the hardcoded port `8080`. 
						
						
					 
					
						2023-01-05 11:02:45 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fcaa2d8589 
					 
					
						
						
							
							Fix zip slip lesson.  
						
						... 
						
						
						
						The lesson did not work properly as the directory is reused across several path traversal lessons. First thing before uploading the zip file we now clean the directory.
The html had a reference to a location of the profile picture, this was part of a hint but this only causes confusion as this is not indicating to where you need to upload the picture with the Zip Slip vulnerability.
The assignment now contains a direct hint as where the image needs to be saved. The assignment is about creating a vulnerable zip file and NOT about guessing where the image should be saved inside WebGoat. 
						
						
					 
					
						2023-01-05 11:02:45 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9666597164 
					 
					
						
						
							
							- Add reference to the WebWolf icon in the top right corner.  
						
						... 
						
						
						
						- Format all text of the lesson 
						
						
					 
					
						2023-01-04 08:07:51 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d2a1546dff 
					 
					
						
						
							
							Apply formatting  
						
						... 
						
						
						
						This will make sure we have a consistent style across our project and the PRs are only concerned with actual changes and no longer about style. 
						
						
					 
					
						2023-01-04 08:07:23 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b03777d39b 
					 
					
						
						
							
							Support boolean when parsing the token.  
						
						... 
						
						
						
						When the admin json element passes as a `boolean`:
```
{
 "admin": true
}
```
the parsing is now successful. 
						
						
					 
					
						2023-01-04 07:43:18 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						32468ff90b 
					 
					
						
						
							
							Add sql lesson ( #1370 )  
						
						
						
						
					 
					
						2023-01-04 07:42:29 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						71ec36102f 
					 
					
						
						
							
							Fix typo  
						
						
						
						
					 
					
						2022-12-01 21:34:19 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8db9ff30be 
					 
					
						
						
							
							Fixed incorrect word  
						
						... 
						
						
						
						while "wear" and "were" have similar pronunciation, one of them is better here than the other :) 
						
						
					 
					
						2022-11-29 18:55:44 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b51be74cab 
					 
					
						
						
							
							typofix  
						
						
						
						
					 
					
						2022-11-28 17:10:14 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						96c2595ad0 
					 
					
						
						
							
							Update interface name to exploit  
						
						... 
						
						
						
						The name is
org.owasp.webgoat.lessons.vulnerablecomponents.Contact
not
org.owasp.webgoat.vulnerablecomponents.Contact 
						
						
					 
					
						2022-09-21 22:32:16 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						34f5b79249 
					 
					
						
						
							
							isReadable works inside a container, isFile not ( #1334 )  
						
						
						
						
					 
					
						2022-09-12 09:02:07 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f5e4d4717a 
					 
					
						
						
							
							FixTypo - Fix typo in various lesson documentations  
						
						
						
						
					 
					
						2022-08-30 22:21:22 +02:00