9d5ab5fb21 
					 
					
						
						
							
							chore: bump docker/setup-qemu-action from 3.1.0 to 3.3.0 ( #2000 )  
						
						
						
						
					 
					
						2025-01-14 23:33:20 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						aee7abc6b7 
					 
					
						
						
							
							chore: bump docker/build-push-action from 6.10.0 to 6.11.0 ( #2001 )  
						
						
						
						
					 
					
						2025-01-14 23:32:04 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						06e2fdbd33 
					 
					
						
						
							
							refactor: use symbolic link for Java ( #1996 )  
						
						
						
						
					 
					
						2025-01-12 16:17:45 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						02f43c54d0 
					 
					
						
						
							
							chore: bump org.springframework.boot:spring-boot-starter-parent ( #1994 )  
						
						
						
						
					 
					
						2024-12-25 11:00:53 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						19f4f8dc46 
					 
					
						
						
							
							chore: bump com.google.guava:guava from 33.3.1-jre to 33.4.0-jre ( #1995 )  
						
						
						
						
					 
					
						2024-12-25 11:00:37 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						112ca3ab22 
					 
					
						
						
							
							fix: enable resource patterns again ( #1993 )  
						
						... 
						
						
						
						`LessonScanner.java` got removed by mistake.
Closes: gh-1992 
						
						
					 
					
						2024-12-21 18:47:30 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0244655409 
					 
					
						
						
							
							feat: Move to Java 23  
						
						... 
						
						
						
						Closes: gh-1990 
						
						
					 
					
						2024-12-21 14:16:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a95213757d 
					 
					
						
						
							
							chore: bump org.springframework.boot:spring-boot-starter-parent from 3.3.5 to 3.4.0 ( #1962 )  
						
						
						
						
					 
					
						2024-12-16 20:16:10 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6d90852c1f 
					 
					
						
						
							
							chore: bump org.apache.commons:commons-text from 1.12.0 to 1.13.0 ( #1986 )  
						
						
						
						
					 
					
						2024-12-16 20:15:53 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4f8652758c 
					 
					
						
						
							
							refactor: remove unused code ( #1985 )  
						
						
						
						
					 
					
						2024-12-15 13:06:49 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5fc2e0602c 
					 
					
						
						
							
							refactor: move plugin messages ( #1968 )  
						
						
						
						
					 
					
						2024-12-03 22:13:44 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f3c7f4588b 
					 
					
						
						
							
							chore: bump docker/build-push-action from 6.9.0 to 6.10.0 ( #1969 )  
						
						
						
						
					 
					
						2024-12-03 22:13:24 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						119b84d034 
					 
					
						
						
							
							chore: bump org.wiremock:wiremock-standalone from 3.9.2 to 3.10.0 ( #1970 )  
						
						
						
						
					 
					
						2024-12-03 22:13:11 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						afd951228d 
					 
					
						
						
							
							chore: bump org.jsoup:jsoup from 1.18.1 to 1.18.3 ( #1971 )  
						
						
						
						
					 
					
						2024-12-03 22:13:00 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						51e3f59054 
					 
					
						
						
							
							fix: Hint labels showing default text regardless of localization ( #1965 )  
						
						
						
						
					 
					
						2024-11-26 23:34:09 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cc0efd8600 
					 
					
						
						
							
							chore: bump commons-io:commons-io from 2.17.0 to 2.18.0 ( #1961 )  
						
						
						
						
					 
					
						2024-11-26 23:21:10 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e29dccf3c9 
					 
					
						
						
							
							chore: bump org.testcontainers:junit-jupiter from 1.20.3 to 1.20.4 ( #1963 )  
						
						
						
						
					 
					
						2024-11-26 23:20:25 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0cf861fb3c 
					 
					
						
						
							
							chore: bump org.testcontainers:testcontainers from 1.20.3 to 1.20.4 ( #1964 )  
						
						
						
						
					 
					
						2024-11-26 23:20:11 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d8100385b6 
					 
					
						
						
							
							fix: automatically solve XSS mitigation ( #1957 )  
						
						... 
						
						
						
						This PR moves the mitigation Java class into the correct package.
The lesson was automatically solved because no assignments were found.
Closes : #1943  
						
						
					 
					
						2024-11-14 08:42:55 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4880afa0e3 
					 
					
						
						
							
							fix: remove implicit context path guessing ( #1956 )  
						
						... 
						
						
						
						Pass the context-path in the assignment overview so the frontend can easily match an assignment. 
						
						
					 
					
						2024-11-13 21:32:28 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e60ca6ce72 
					 
					
						
						
							
							chore: bump org.jruby:jruby from 9.4.8.0 to 9.4.9.0 ( #1954 )  
						
						
						
						
					 
					
						2024-11-11 13:46:45 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						88a763f513 
					 
					
						
						
							
							chore: bump org.testcontainers:junit-jupiter from 1.20.1 to 1.20.3 ( #1946 )  
						
						... 
						
						
						
						Bumps [org.testcontainers:junit-jupiter](https://github.com/testcontainers/testcontainers-java ) from 1.20.1 to 1.20.3.
- [Release notes](https://github.com/testcontainers/testcontainers-java/releases )
- [Changelog](https://github.com/testcontainers/testcontainers-java/blob/main/CHANGELOG.md )
- [Commits](https://github.com/testcontainers/testcontainers-java/compare/1.20.1...1.20.3 )
---
updated-dependencies:
- dependency-name: org.testcontainers:junit-jupiter
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2024-11-07 16:13:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7f33d3609f 
					 
					
						
						
							
							chore: bump org.apache.maven.plugins:maven-surefire-plugin ( #1948 )  
						
						... 
						
						
						
						Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire ) from 3.5.1 to 3.5.2.
- [Release notes](https://github.com/apache/maven-surefire/releases )
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.5.1...surefire-3.5.2 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2024-11-07 16:13:10 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bf02077427 
					 
					
						
						
							
							chore: bump org.wiremock:wiremock-standalone from 3.9.1 to 3.9.2 ( #1947 )  
						
						... 
						
						
						
						Bumps [org.wiremock:wiremock-standalone](https://github.com/wiremock/wiremock ) from 3.9.1 to 3.9.2.
- [Release notes](https://github.com/wiremock/wiremock/releases )
- [Commits](https://github.com/wiremock/wiremock/compare/3.9.1...3.9.2 )
---
updated-dependencies:
- dependency-name: org.wiremock:wiremock-standalone
  dependency-type: direct:production
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2024-11-07 15:46:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e1e00bca73 
					 
					
						
						
							
							fix: JWT kid/jku lessons ( #1949 )  
						
						... 
						
						
						
						* refactor: rewrite hints
Use active voice and fix grammar issues.
* fix: use Thymeleaf `th:action`
* fix: JWT kid/jku lessons
Split the JavaScript into two files they pointed to the same URL
The JWTs are now valid, they parse successfully.
The paths now include `/kid` and `/jku` to make sure the hints match accordingly in the UI. Otherwise `/delete` would pick up both hints from both assignments as the paths overlap.
Closes : #1715 
* fix: update to latest pre-commit version
* fix: increase timeouts for server to start during integration tests 
						
						
					 
					
						2024-11-07 15:45:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d59153d6d7 
					 
					
						
						
							
							Fix password reset lesson ( #1941 )  
						
						... 
						
						
						
						* docs: improve text
* fix: use correct POST url 
						
						
					 
					
						2024-10-29 17:32:51 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						87fae00f03 
					 
					
						
						
							
							chore: bump commons-io:commons-io from 2.16.1 to 2.17.0 ( #1937 )  
						
						... 
						
						
						
						Bumps commons-io:commons-io from 2.16.1 to 2.17.0.
---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2024-10-29 16:30:32 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3f6a74ad86 
					 
					
						
						
							
							chore(gh-actions): update dependency  
						
						
						
						
					 
					
						2024-10-28 22:02:02 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1d37ee0877 
					 
					
						
						
							
							ci: run pre-commit checks first  
						
						... 
						
						
						
						Create a dependency between the jobs. 
						
						
					 
					
						2024-10-28 21:59:10 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4f6ab25ebd 
					 
					
						
						
							
							ci: run pre-commit checks first  
						
						
						
						
					 
					
						2024-10-28 21:57:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						af687e71fe 
					 
					
						
						
							
							chore: bump com.google.guava:guava from 33.3.0-jre to 33.3.1-jre ( #1939 )  
						
						
						
						
					 
					
						2024-10-28 20:02:09 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						83ed4c3d5c 
					 
					
						
						
							
							chore: bump org.testcontainers:testcontainers from 1.20.1 to 1.20.3 ( #1935 )  
						
						
						
						
					 
					
						2024-10-28 15:05:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						62cdfd0824 
					 
					
						
						
							
							chore: bump com.github.terma:javaniotcpproxy from 1.5 to 1.6 ( #1936 )  
						
						
						
						
					 
					
						2024-10-28 15:04:15 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e7457f4821 
					 
					
						
						
							
							chore: bump org.apache.maven.plugins:maven-checkstyle-plugin ( #1938 )  
						
						
						
						
					 
					
						2024-10-28 15:04:01 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4efaf87c7e 
					 
					
						
						
							
							Fix passing command line arguments ( #1933 )  
						
						... 
						
						
						
						* fix: use banners correctly
* fix: passing command line arguments
Since we already have `webwolf.port` it makes sense to also define `webwolf.port` explicitly and not rely on `server.port`
Closes : #1910  
						
						
					 
					
						2024-10-27 08:39:02 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cf5101a633 
					 
					
						
						
							
							chore: bump org.asciidoctor:asciidoctorj from 2.5.13 to 3.0.0 ( #1897 )  
						
						
						
						
					 
					
						2024-10-26 22:53:43 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3f049ba53a 
					 
					
						
						
							
							Nbaars/1886 ( #1932 )  
						
						... 
						
						
						
						* improved code readbility
* chore: format code
---------
Co-authored-by: guilherme peixoto <peixoto-guilherme7@hotmail.com > 
						
						
					 
					
						2024-10-26 22:18:28 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7e294fbdb5 
					 
					
						
						
							
							chore: bump org.apache.commons:commons-compress from 1.26.2 to 1.27.1 ( #1884 )  
						
						
						
						
					 
					
						2024-10-26 19:27:07 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2177eb663a 
					 
					
						
						
							
							chore: bump docker/build-push-action from 6.7.0 to 6.9.0 ( #1920 )  
						
						
						
						
					 
					
						2024-10-26 16:59:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						50692300eb 
					 
					
						
						
							
							docs: Show boolean operators priority on where ( #1902 )  
						
						
						
						
					 
					
						2024-10-26 14:48:50 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e2c2d425cb 
					 
					
						
						
							
							chore: bump actions/cache from 4.0.2 to 4.1.1 ( #1925 )  
						
						
						
						
					 
					
						2024-10-26 14:25:04 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6bbd3cb66b 
					 
					
						
						
							
							chore: bump org.springframework.boot:spring-boot-starter-parent ( #1931 )  
						
						
						
						
					 
					
						2024-10-26 14:20:14 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d08a56d351 
					 
					
						
						
							
							chore: add test for solving same lesson as different user. ( #1930 )  
						
						... 
						
						
						
						We removed the constraint but did not add an extra testcase to cover this bug.
Closes : #1890  
						
						
					 
					
						2024-10-26 12:06:30 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ec97568ec2 
					 
					
						
						
							
							chore: bump org.apache.maven.plugins:maven-surefire-plugin ( #1922 )  
						
						... 
						
						
						
						Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire ) from 3.3.1 to 3.5.1.
- [Release notes](https://github.com/apache/maven-surefire/releases )
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.3.1...surefire-3.5.1 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2024-10-26 10:55:02 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9b68368b23 
					 
					
						
						
							
							chore: bump pre-commit-ci/lite-action from 1.0.1 to 1.1.0 ( #1926 )  
						
						... 
						
						
						
						Bumps [pre-commit-ci/lite-action](https://github.com/pre-commit-ci/lite-action ) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/pre-commit-ci/lite-action/releases )
- [Commits](https://github.com/pre-commit-ci/lite-action/compare/v1.0.1...v1.1.0 )
---
updated-dependencies:
- dependency-name: pre-commit-ci/lite-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2024-10-26 10:54:46 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ab068901f1 
					 
					
						
						
							
							Remove WebGoat session object ( #1929 )  
						
						... 
						
						
						
						* refactor: modernize code
* refactor: move to Tomcat
* chore: bump to Spring Boot 3.3.3
* refactor: use Testcontainers to run integration tests
* refactor: lesson/assignment progress
* chore: format code
* refactor: first step into removing base class for assignment
Always been a bit of an ugly construction, as none of the dependencies are clear. The constructors are hidden due to autowiring the base class. This PR removes two of the fields.
As a bonus we now wire the authentication principal directly in the controllers.
* refactor: use authentication principal directly.
* refactor: pass lesson to the endpoints
No more need to get the current lesson set in a session. The lesson is now passed to the endpoints.
* fix: Testcontainers cannot run on Windows host in Github actions.
Since we have Windows specific paths let's run it standalone for now. We need to run these tests on Docker as well (for now disabled) 
						
						
					 
					
						2024-10-26 10:54:21 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cb7c508046 
					 
					
						
						
							
							fix: reset form and quiz color on reset lesson ( #1903 )  
						
						... 
						
						
						
						* ./mvnw spotless:apply
```
[INFO] --- spotless-maven-plugin:2.41.1:apply (default-cli) @ webgoat ---
[INFO] Writing clean file: /home/ulyssa/labs/WebGoat/WebGoat-bb6e84d/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java
```
* On reset lesson: reset form and quizzes colors 
						
						
					 
					
						2024-10-26 09:22:18 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f4c86be6c7 
					 
					
						
						
							
							Update fix version  
						
						
						
						
					 
					
						2024-10-18 22:50:19 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cf2c115093 
					 
					
						
						
							
							fix: xss lesson typo  
						
						
						
						
					 
					
						2024-10-18 22:38:32 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bb6e84ddcf 
					 
					
						
						
							
							chore: bump com.google.guava:guava from 33.2.1-jre to 33.3.0-jre ( #1879 )  
						
						... 
						
						
						
						Bumps [com.google.guava:guava](https://github.com/google/guava ) from 33.2.1-jre to 33.3.0-jre.
- [Release notes](https://github.com/google/guava/releases )
- [Commits](https://github.com/google/guava/commits )
---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2024-09-04 21:44:38 +02:00