WebGoat

Author	SHA1	Message	Date
dependabot[bot]	7e75e9b8fc	chore: bump org.apache.commons:commons-exec from 1.3 to 1.4.0 (#1721 ) Bumps org.apache.commons:commons-exec from 1.3 to 1.4.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-exec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-09 14:59:40 +01:00
dependabot[bot]	40c679ec5a	chore: bump org.jsoup:jsoup from 1.16.1 to 1.17.2 (#1717 ) Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup) from 1.16.1 to 1.17.2. - [Release notes](https://github.com/jhy/jsoup/releases) - [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES.md) - [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.16.1...jsoup-1.17.2) --- updated-dependencies: - dependency-name: org.jsoup:jsoup dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-09 14:51:32 +01:00
Peter Potrowl	4ebb869f5d	Fix hidden links in MissingFunctionAC.html. (#1710 )	2023-12-29 15:01:35 +01:00
Peter Potrowl	6bb7a182dc	Fix typos in texts.	2023-12-14 23:00:59 +01:00
Peter Potrowl	cb2c99d38d	Improve texts to avoid confusion.	2023-12-14 22:54:20 +01:00
dependabot[bot]	84029345b4	chore: bump actions/setup-java from 3 to 4 (#1698 ) Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-06 20:17:13 +01:00
dependabot[bot]	a0ca199cdc	chore: bump actions/setup-python from 4 to 5 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-12-06 19:39:28 +01:00
Nanne Baars	2058298e2d	chore: move to SNAPSHOT	2023-12-06 17:35:12 +01:00
Nanne Baars	17acef57b4	chore: add pre-commit hooks chore: add pre-commit hooks chore: add pre-commit hooks chore: add pre-commit hooks chore: add pre-commit hooks	2023-12-06 17:16:24 +01:00
Nanne Baars	d913967ec5	refactor: remove usage of `RequestMapping`	2023-12-06 17:16:24 +01:00
Nanne Baars	87edc7d1db	refactor: use AssertJ for testing Majority of our test cases use AssertJ	2023-12-06 17:16:24 +01:00
Nanne Baars	ac7a9c7863	chore: update GitHub action name	2023-12-05 14:22:19 +01:00
dependabot[bot]	2803ef45e4	chore: bump org.webjars:bootstrap from 5.3.1 to 5.3.2 (#1693 ) Bumps [org.webjars:bootstrap](https://github.com/webjars/bootstrap) from 5.3.1 to 5.3.2. - [Commits](https://github.com/webjars/bootstrap/compare/bootstrap-5.3.1...bootstrap-5.3.2) --- updated-dependencies: - dependency-name: org.webjars:bootstrap dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-05 14:04:09 +01:00
Nanne Baars	5357a65e05	chore: release 2023.8 v2023.8	2023-12-05 11:21:15 +01:00
Nanne Baars	d343c60781	chore: do not spend time on building the Docker image We can test this ourselves there is no need to run this on every PR towards the repository.	2023-12-05 11:15:53 +01:00
Nanne Baars	98acc1f55a	fix: get the right Github token	2023-12-05 11:15:06 +01:00
Nanne Baars	f99888e61b	fix: typo in the step of the name	2023-12-05 11:14:51 +01:00
Nanne Baars	29dda49190	chore: WebWolf bootstrap can now be updated	2023-12-05 11:14:27 +01:00
Nanne Baars	369be6f688	fix: disable extra build file	2023-12-05 11:14:08 +01:00
Nanne Baars	d5f869c006	chore: release version 2023.7 v2023.7	2023-12-04 23:10:52 +01:00
Nanne Baars	a9caaabb47	fix: wrong Docker image	2023-12-04 23:09:51 +01:00
Nanne Baars	fb2ff01775	chore: release 2023.6 v2023.6	2023-12-04 22:56:58 +01:00
dependabot[bot]	89ecf1d2ad	chore: bump actions/first-interaction from 1.2.0 to 1.3.0 (#1691 ) Bumps [actions/first-interaction](https://github.com/actions/first-interaction) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/actions/first-interaction/releases) - [Commits](https://github.com/actions/first-interaction/compare/v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: actions/first-interaction dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-04 22:45:16 +01:00
dependabot[bot]	1b66a742da	chore: bump actions/setup-java from 3 to 4 (#1690 ) Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-04 22:40:54 +01:00
dependabot[bot]	a831da5886	chore: bump commons-io:commons-io from 2.14.0 to 2.15.1 (#1689 ) Bumps commons-io:commons-io from 2.14.0 to 2.15.1. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-04 22:33:27 +01:00
dependabot[bot]	fd5189c102	chore: bump com.diffplug.spotless:spotless-maven-plugin (#1688 ) Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.38.0 to 2.41.1. - [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md) - [Commits](https://github.com/diffplug/spotless/compare/lib/2.38.0...maven/2.41.1) --- updated-dependencies: - dependency-name: com.diffplug.spotless:spotless-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-04 22:24:53 +01:00
Nanne Baars	ae261f201a	feat: show directly requested file in requests overview When a call directly hits a file it is now show up in the requests overview. This helps the user whether an attack from WebGoat actually requested the uploaded file. Closes: gh-1551	2023-12-04 21:34:16 +01:00
Nanne Baars	3d651526be	feat: show creating time in file upload overview Closes: gh-1551	2023-12-04 21:32:02 +01:00
Nanne Baars	c7c2a61f65	chore: fix startup message (#1687 ) Since we use two application context, the event listener would print out the last one with the WebWolf context. As WebWolf is part of WebGoat we should not refer to it anymore during startup as users should always go to WebGoat first.	2023-12-04 07:59:29 +01:00
Nanne Baars	b7f657ad2c	chore: fix WebWolf UI (#1686 ) Fix-ups after the Bootstrap 5 upgrade for WebWolf.	2023-12-02 12:59:56 +01:00
René Zubcevic	7fea42afe9	Fix/state of software supply chain links (#1683 ) * fix:update state of software supply chain links * fix:fix second link * fix:links formatting --------- Co-authored-by: maurycupitt <maury@cupitt.com>	2023-11-27 15:33:14 +01:00
René Zubcevic	826887cc83	Consistent environment values and url references (#1677 ) * organizing environment variables * Update application-webgoat.properties * Update pom.xml * test without ssl * fix docker base image and default env entries * seperate server.address from webgoat.host and webwolf.host * change base image and enable endpoint logging for docker as well * change README * change README * make integration test able to verify against alternative host names * use dynamic ports and remove system println	2023-11-27 14:35:49 +01:00
Nanne Baars	62db86246e	chore: back to snapshot	2023-11-23 22:34:34 +01:00
Nanne Baars	f7a9995fe0	chore: create release v2023.5 v2023.5	2023-11-23 16:05:13 +01:00
dependabot[bot]	d6c4e8e454	chore: bump docker/build-push-action from 4.1.1 to 5.1.0 (#1670 ) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4.1.1 to 5.1.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v4.1.1...v5.1.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: René Zubcevic <rene@zubcevic.com>	2023-11-20 15:11:59 +01:00
dependabot[bot]	26628a39e1	chore: bump org.apache.commons:commons-compress from 1.23.0 to 1.25.0 (#1672 ) Bumps org.apache.commons:commons-compress from 1.23.0 to 1.25.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-compress dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: René Zubcevic <rene@zubcevic.com>	2023-11-20 15:05:36 +01:00
dependabot[bot]	2d26a318d1	chore: bump org.owasp:dependency-check-maven from 6.5.1 to 8.4.3 (#1671 ) Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 6.5.1 to 8.4.3. - [Release notes](https://github.com/jeremylong/DependencyCheck/releases) - [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](https://github.com/jeremylong/DependencyCheck/compare/v6.5.1...v8.4.3) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-20 14:55:37 +01:00
Agustín Díaz	dc16e9a0fb	fix: typo in WebGoad.txt (#1667 ) Signed-off-by: Agustín Díaz <agustin.ramiro.diaz@gmail.com>	2023-11-17 18:59:02 +01:00
René Zubcevic	88a321c268	search box moved and jwt encode/decode with little delay (#1664 )	2023-11-16 14:42:10 +01:00
René Zubcevic	8450c5a5be	skip validation for JWT (#1663 ) * skip validation for JWT * skip validation for JWT * skip validation for JWT	2023-11-15 18:30:14 +01:00
René Zubcevic	ba75e10efd	fixed issue in JWT test tool and added robot test (#1658 )	2023-11-14 18:14:48 +01:00
René Zubcevic	d1e44bbc98	Password reset link test condition more strict and move all WebWolf links to /WebWolf (#1645 ) * better check on host and port for password reset and make context roots more flexible * spotless applied * removed hardcoded /WebGoat from js * removed hardcoded /WebGoat from js * fix spotless * fix scoreboard * upgrade WebWolf bootstrap version and icons and templates - part 1 * fixed more bootstrap 5 style issues and context path issues * organized WebSecurityConfig based on latest conventions and added basic support for oauth (more work needed) * spotless applied * added mock bean * requires updates to properties - commented for now * requires updates to properties - commented for now * oauth secrets through env values * user creation after oauth login * integration test against non default context paths * adjusted StartupMessage * add global model element username * conditionally show login oauth links * fixed WebWolf login --------- Co-authored-by: René Zubcevic <rene@Mac-mini-van-Rene.local>	2023-11-14 10:01:59 +01:00
dependabot[bot]	5a4974f3c2	chore: bump org.apache.maven.plugins:maven-checkstyle-plugin (#1640 ) Bumps [org.apache.maven.plugins:maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.3.0 to 3.3.1. - [Commits](https://github.com/apache/maven-checkstyle-plugin/compare/maven-checkstyle-plugin-3.3.0...maven-checkstyle-plugin-3.3.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-02 08:13:39 +01:00
dependabot[bot]	4fc1d1fb22	chore: bump org.apache.maven.plugins:maven-surefire-plugin (#1641 ) Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.1.2 to 3.2.1. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.1.2...surefire-3.2.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-02 07:26:26 +01:00
René Zubcevic	084a105c69	Java 21 initial support (#1622 ) * check java 17 and 21 in build * build on regular branch push * build on regular branch push * build on regular branch push * update spring boot for Java21 support	2023-10-23 20:21:00 +02:00
dependabot[bot]	7485cb8b9a	chore: bump org.webjars:bootstrap from 3.3.7 to 5.3.2 (#1624 ) * chore: bump org.webjars:bootstrap from 3.3.7 to 5.3.2 Bumps [org.webjars:bootstrap](https://github.com/webjars/bootstrap) from 3.3.7 to 5.3.2. - [Commits](https://github.com/webjars/bootstrap/compare/bootstrap-3.3.7...bootstrap-5.3.2) --- updated-dependencies: - dependency-name: org.webjars:bootstrap dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * small update and ignore major updates * small update and ignore major updates --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: René Zubcevic <rene@zubcevic.com>	2023-10-23 20:09:48 +02:00
dependabot[bot]	c312ae989f	chore: bump docker/setup-buildx-action from 2 to 3 (#1628 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-23 17:12:25 +02:00
dependabot[bot]	5fde7fbf29	chore: bump docker/login-action from 2.2.0 to 3.0.0 (#1630 ) Bumps [docker/login-action](https://github.com/docker/login-action) from 2.2.0 to 3.0.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v2.2.0...v3.0.0) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: René Zubcevic <rene@zubcevic.com>	2023-10-23 17:03:54 +02:00
dependabot[bot]	a32c56bfc7	chore: bump actions/first-interaction from 1.1.1 to 1.2.0 (#1629 ) Bumps [actions/first-interaction](https://github.com/actions/first-interaction) from 1.1.1 to 1.2.0. - [Release notes](https://github.com/actions/first-interaction/releases) - [Commits](https://github.com/actions/first-interaction/compare/v1.1.1...v1.2.0) --- updated-dependencies: - dependency-name: actions/first-interaction dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: René Zubcevic <rene@zubcevic.com>	2023-10-23 16:57:16 +02:00
dependabot[bot]	6fd3eb57eb	chore: bump com.google.guava:guava from 32.1.1-jre to 32.1.3-jre (#1627 ) Bumps [com.google.guava:guava](https://github.com/google/guava) from 32.1.1-jre to 32.1.3-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: René Zubcevic <rene@zubcevic.com>	2023-10-23 16:49:02 +02:00

... 5 6 7 8 9 ...

3254 Commits