dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,769 Commits 11 Branches 78 Tags
82ec5f56d630c973c96c2072eccf9910988a7f73
Commit Graph

3769 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nanne Baars
e308d7cde7 chore: upgrade checkout out to v4 (#1781) 2024-03-25 22:27:56 +01:00
Nanne Baars
4ab820e1d1 feat: move CSRF to A3 (#1776) 
CSRF is part of security misconfiguration in the OWASP Top 10.
 2024-03-21 20:50:37 +01:00
Jason White
1a6a7e0be1 reverting my goofs after launching from wrong browser tab (#1774) 2024-03-19 18:01:30 +01:00
Jason White
2e9140ab64 Merge pull request #1773 from misfir3/test-semgrep-on-merge 
Test semgrep on merge
 2024-03-18 13:21:21 -06:00
Jason White
b79c83a52e linty 2024-03-18 19:19:12 +00:00
Jason White
297c6f49b5 Merge branch 'main' into test-semgrep-on-merge 2024-03-18 13:14:39 -06:00
Jason White
d2049a8fcc updating for testing 2024-03-18 19:13:50 +00:00
Jason White
24db39eae2 test semgrep 2024-03-18 19:12:13 +00:00
Jason White
98443184e9 Merge pull request #1 from WebGoat/develop 
updating from main branch to test semgrep
 2024-03-18 13:05:23 -06:00
Nanne Baars
62931a1836 feature: enable CORS configuration (#1771) 2024-03-17 10:55:27 +01:00
cap-dev0x
c18430752a build(Dockerfile): replace deprecated MAINTAINER tag with label of the same 
Current syntax now used to denote the "WebGoat team" as maintainer

Link: https://docs.docker.com/reference/dockerfile/#label

Signed-off-by: cap-dev0x <158111888+cap-dev0x@users.noreply.github.com>
 2024-02-25 23:20:23 +01:00
François Capon
57d5b313b9 Fix typo in SQLi blind case 2024-02-10 16:02:35 +01:00
cap-dev0x
dd0f135088 fix(quiz): use $ instead of jQuery which is undefined (#1736) 
Fixes: #1703

Signed-off-by: cap-dev0x <158111888+cap-dev0x@users.noreply.github.com>
 2024-02-05 14:30:01 +01:00
dependabot[bot]
ad0286d5ba chore: bump actions/cache from 3.3.1 to 4.0.0 (#1729) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.3.1 to 4.0.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.3.1...v4.0.0)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-29 11:03:15 +01:00
dependabot[bot]
b67eb44142 chore: bump io.github.bonigarcia:webdrivermanager from 5.3.3 to 5.6.3 (#1716) 
Bumps [io.github.bonigarcia:webdrivermanager](https://github.com/bonigarcia/webdrivermanager) from 5.3.3 to 5.6.3.
- [Release notes](https://github.com/bonigarcia/webdrivermanager/releases)
- [Changelog](https://github.com/bonigarcia/webdrivermanager/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bonigarcia/webdrivermanager/compare/webdrivermanager-5.3.3...webdrivermanager-5.6.3)

---
updated-dependencies:
- dependency-name: io.github.bonigarcia:webdrivermanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 15:10:16 +01:00
dependabot[bot]
7e75e9b8fc chore: bump org.apache.commons:commons-exec from 1.3 to 1.4.0 (#1721) 
Bumps org.apache.commons:commons-exec from 1.3 to 1.4.0.

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-exec
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 14:59:40 +01:00
dependabot[bot]
40c679ec5a chore: bump org.jsoup:jsoup from 1.16.1 to 1.17.2 (#1717) 
Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup) from 1.16.1 to 1.17.2.
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES.md)
- [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.16.1...jsoup-1.17.2)

---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 14:51:32 +01:00
Peter Potrowl
4ebb869f5d Fix hidden links in MissingFunctionAC.html. (#1710) 2023-12-29 15:01:35 +01:00
Peter Potrowl
6bb7a182dc Fix typos in texts. 2023-12-14 23:00:59 +01:00
Peter Potrowl
cb2c99d38d Improve texts to avoid confusion. 2023-12-14 22:54:20 +01:00
dependabot[bot]
84029345b4 chore: bump actions/setup-java from 3 to 4 (#1698) 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-06 20:17:13 +01:00
dependabot[bot]
a0ca199cdc chore: bump actions/setup-python from 4 to 5 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-06 19:39:28 +01:00
Nanne Baars
2058298e2d chore: move to SNAPSHOT 2023-12-06 17:35:12 +01:00
Nanne Baars
17acef57b4 chore: add pre-commit hooks 
chore: add pre-commit hooks

chore: add pre-commit hooks

chore: add pre-commit hooks

chore: add pre-commit hooks
 2023-12-06 17:16:24 +01:00
Nanne Baars
d913967ec5 refactor: remove usage of RequestMapping 2023-12-06 17:16:24 +01:00
Nanne Baars
87edc7d1db refactor: use AssertJ for testing 
Majority of our test cases use AssertJ
 2023-12-06 17:16:24 +01:00
Nanne Baars
ac7a9c7863 chore: update GitHub action name 2023-12-05 14:22:19 +01:00
dependabot[bot]
2803ef45e4 chore: bump org.webjars:bootstrap from 5.3.1 to 5.3.2 (#1693) 
Bumps [org.webjars:bootstrap](https://github.com/webjars/bootstrap) from 5.3.1 to 5.3.2.
- [Commits](https://github.com/webjars/bootstrap/compare/bootstrap-5.3.1...bootstrap-5.3.2)

---
updated-dependencies:
- dependency-name: org.webjars:bootstrap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-05 14:04:09 +01:00
Nanne Baars
5357a65e05 chore: release 2023.8 v2023.8 2023-12-05 11:21:15 +01:00
Nanne Baars
d343c60781 chore: do not spend time on building the Docker image 
We can test this ourselves there is no need to run this on every PR towards the repository.
 2023-12-05 11:15:53 +01:00
Nanne Baars
98acc1f55a fix: get the right Github token 2023-12-05 11:15:06 +01:00
Nanne Baars
f99888e61b fix: typo in the step of the name 2023-12-05 11:14:51 +01:00
Nanne Baars
29dda49190 chore: WebWolf bootstrap can now be updated 2023-12-05 11:14:27 +01:00
Nanne Baars
369be6f688 fix: disable extra build file 2023-12-05 11:14:08 +01:00
Nanne Baars
d5f869c006 chore: release version 2023.7 v2023.7 2023-12-04 23:10:52 +01:00
Nanne Baars
a9caaabb47 fix: wrong Docker image 2023-12-04 23:09:51 +01:00
Nanne Baars
fb2ff01775 chore: release 2023.6 v2023.6 2023-12-04 22:56:58 +01:00
dependabot[bot]
89ecf1d2ad chore: bump actions/first-interaction from 1.2.0 to 1.3.0 (#1691) 
Bumps [actions/first-interaction](https://github.com/actions/first-interaction) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/actions/first-interaction/releases)
- [Commits](https://github.com/actions/first-interaction/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: actions/first-interaction
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 22:45:16 +01:00
dependabot[bot]
1b66a742da chore: bump actions/setup-java from 3 to 4 (#1690) 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 22:40:54 +01:00
dependabot[bot]
a831da5886 chore: bump commons-io:commons-io from 2.14.0 to 2.15.1 (#1689) 
Bumps commons-io:commons-io from 2.14.0 to 2.15.1.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 22:33:27 +01:00
dependabot[bot]
fd5189c102 chore: bump com.diffplug.spotless:spotless-maven-plugin (#1688) 
Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.38.0 to 2.41.1.
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](https://github.com/diffplug/spotless/compare/lib/2.38.0...maven/2.41.1)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 22:24:53 +01:00
Nanne Baars
ae261f201a feat: show directly requested file in requests overview 
When a call directly hits a file it is now show up in the requests overview. This helps the user whether an attack from WebGoat actually requested the uploaded file.

Closes: gh-1551
 2023-12-04 21:34:16 +01:00
Nanne Baars
3d651526be feat: show creating time in file upload overview 
Closes: gh-1551
 2023-12-04 21:32:02 +01:00
Nanne Baars
c7c2a61f65 chore: fix startup message (#1687) 
Since we use two application context, the event listener would print out the last one with the WebWolf context. As WebWolf is part of WebGoat we should not refer to it anymore during startup as users should always go to WebGoat first.
 2023-12-04 07:59:29 +01:00
Nanne Baars
b7f657ad2c chore: fix WebWolf UI (#1686) 
Fix-ups after the Bootstrap 5 upgrade for WebWolf.
 2023-12-02 12:59:56 +01:00
René Zubcevic
7fea42afe9 Fix/state of software supply chain links (#1683) 
* fix:update state of software supply chain links

* fix:fix second link

* fix:links formatting

---------

Co-authored-by: maurycupitt <maury@cupitt.com>
 2023-11-27 15:33:14 +01:00
René Zubcevic
826887cc83 Consistent environment values and url references (#1677) 
* organizing environment variables

* Update application-webgoat.properties

* Update pom.xml

* test without ssl

* fix docker base image and default env entries

* seperate server.address from webgoat.host and webwolf.host

* change base image and enable endpoint logging for docker as well

* change README

* change README

* make integration test able to verify against alternative host names

* use dynamic ports and remove system println
 2023-11-27 14:35:49 +01:00
Nanne Baars
62db86246e chore: back to snapshot 2023-11-23 22:34:34 +01:00
Nanne Baars
f7a9995fe0 chore: create release v2023.5 v2023.5 2023-11-23 16:05:13 +01:00
dependabot[bot]
d6c4e8e454 chore: bump docker/build-push-action from 4.1.1 to 5.1.0 (#1670) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4.1.1 to 5.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v4.1.1...v5.1.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2023-11-20 15:11:59 +01:00