716a7dd9ea
Preparing release 2023.0
2023-01-05 20:51:34 +01:00
323daae578
Vulnerable components only work in a Docker container
2023-01-05 20:51:15 +01:00
bdbf66c8e1
Merge branch 'release/v2023.1' into develop
2023-01-05 20:38:54 +01:00
174a59c35a
Preparing release 2023.1
2023-01-05 20:38:20 +01:00
a08e515f6d
Merge branch 'release/v2023.0' into develop
2023-01-05 20:35:02 +01:00
f766edcfcb
Preparing release 2023.0
2023-01-05 20:31:24 +01:00
3901814363
Fix documentation link for XXE mitigation.
2023-01-05 19:00:12 +01:00
59bfd7c6d4
Move XXE to A05 - Security Misconfiguration
2023-01-05 19:00:12 +01:00
11776e1d6a
Remove explicit goal for code formatting
...
`mvn verify` already checks formatting, having a separate step is not necessary. We now also check Markdown files for correct formatting.
2023-01-05 18:18:52 +01:00
7664625afa
Add documentation about reusing the container.
...
The documentation now contains a description to reuse the initially create container. This way the user can start where they left off. The documentation only described creating a new container each and every time leaving users to create a new login each and every time.
Add documentation about reusing the container.
The documentation now contains a description to reuse the initially create container. This way the user can start where they left off. The documentation only described creating a new container each and every time leaving users to create a new login each and every time.
2023-01-05 18:18:52 +01:00
dca415099f
Remove unused JavaScript function
2023-01-05 11:33:00 +01:00
54e115aff0
Update the solution with WebWolf URLs
...
The new solution uses WebWolf paths as these will change automatically when a user start WebGoat on a different port. It no longer depends on the hardcoded port `8080`.
2023-01-05 11:02:45 +01:00
fcaa2d8589
Fix zip slip lesson.
...
The lesson did not work properly as the directory is reused across several path traversal lessons. First thing before uploading the zip file we now clean the directory.
The html had a reference to a location of the profile picture, this was part of a hint but this only causes confusion as this is not indicating to where you need to upload the picture with the Zip Slip vulnerability.
The assignment now contains a direct hint as where the image needs to be saved. The assignment is about creating a vulnerable zip file and NOT about guessing where the image should be saved inside WebGoat.
2023-01-05 11:02:45 +01:00
9666597164
- Add reference to the WebWolf icon in the top right corner.
...
- Format all text of the lesson
2023-01-04 08:07:51 +01:00
d2a1546dff
Apply formatting
...
This will make sure we have a consistent style across our project and the PRs are only concerned with actual changes and no longer about style.
2023-01-04 08:07:23 +01:00
b03777d39b
Support boolean when parsing the token.
...
When the admin json element passes as a `boolean`:
```
{
"admin": true
}
```
the parsing is now successful.
2023-01-04 07:43:18 +01:00
32468ff90b
Add sql lesson ( #1370 )
2023-01-04 07:42:29 +01:00
614235d913
Bump actions/cache from 3.2.1 to 3.2.2 ( #1369 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.1 to 3.2.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.2.1...v3.2.2 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-31 16:28:31 +01:00
9abf4ef2ea
Bump actions/cache from 3.0.11 to 3.2.1 ( #1368 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.11 to 3.2.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.0.11...v3.2.1 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-27 18:00:54 +01:00
6a18ee80be
Added info about login in the ReadMe file
2022-12-06 14:07:05 +01:00
71ec36102f
Fix typo
2022-12-01 21:34:19 +01:00
8db9ff30be
Fixed incorrect word
...
while "wear" and "were" have similar pronunciation, one of them is better here than the other :)
2022-11-29 18:55:44 +01:00
b51be74cab
typofix
2022-11-28 17:10:14 +01:00
d4e3c9b91c
Bump actions/cache from 3.0.10 to 3.0.11
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.10 to 3.0.11.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.0.10...v3.0.11 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-10-23 10:06:24 +02:00
87358d4238
Bump docker/setup-qemu-action from 2.0.0 to 2.1.0
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0 )
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-10-23 10:06:13 +02:00
3bc5309a1c
Bump docker/build-push-action from 3.1.1 to 3.2.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.1.1 to 3.2.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v3.1.1...v3.2.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-10-23 10:05:56 +02:00
8ec69d0a41
Bump docker/login-action from 2.0.0 to 2.1.0
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v2.0.0...v2.1.0 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-10-23 10:05:44 +02:00
1f567749bd
Bump actions/first-interaction from 1.1.0 to 1.1.1
...
Bumps [actions/first-interaction](https://github.com/actions/first-interaction ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/actions/first-interaction/releases )
- [Commits](https://github.com/actions/first-interaction/compare/v1.1.0...v1.1.1 )
---
updated-dependencies:
- dependency-name: actions/first-interaction
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-10-23 10:05:32 +02:00
ea892dbcb2
Bump actions/cache from 3.0.8 to 3.0.10 ( #1342 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.8 to 3.0.10.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.0.8...v3.0.10 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-05 11:24:44 +02:00
96c2595ad0
Update interface name to exploit
...
The name is
org.owasp.webgoat.lessons.vulnerablecomponents.Contact
not
org.owasp.webgoat.vulnerablecomponents.Contact
2022-09-21 22:32:16 +02:00
34f5b79249
isReadable works inside a container, isFile not ( #1334 )
2022-09-12 09:02:07 +02:00
f5e4d4717a
FixTypo - Fix typo in various lesson documentations
2022-08-30 22:21:22 +02:00
de3c2c8d85
Bump actions/cache from 3.0.6 to 3.0.8
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.6 to 3.0.8.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.0.6...v3.0.8 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-08-27 16:44:51 +02:00
975cbf5769
Bump docker/build-push-action from 3.1.0 to 3.1.1 ( #1321 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v3.1.0...v3.1.1 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-08 20:06:48 +02:00
3308f89acc
Bump actions/cache from 3.0.5 to 3.0.6 ( #1320 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.5 to 3.0.6.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.0.5...v3.0.6 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-06 21:59:58 +02:00
50f932b02e
Renamed to webwolfintroduction
2022-07-31 22:39:21 +02:00
251167c6b0
Renamed to webgoatintroduction
2022-07-31 22:39:21 +02:00
256c1dd3aa
Renamed to vulnerablecomponents
2022-07-31 22:39:21 +02:00
b93c935d6c
Renamed to sqlinjection
2022-07-31 22:39:21 +02:00
827a9d3467
Renamed to securepasswords
2022-07-31 22:39:21 +02:00
91470b93ea
Renamed to pathtraversal
2022-07-31 22:39:21 +02:00
37d684fdd3
Renamed to passwordreset
2022-07-31 22:39:21 +02:00
4f911c64a1
Renamed to missingac
2022-07-31 22:39:21 +02:00
e0a0a80ad9
Renamed to lessontemplate
2022-07-31 22:39:21 +02:00
26c289d7d4
Renamed to insecurelogin
2022-07-31 22:39:21 +02:00
1eff81718b
Renamed to httpproxies
2022-07-31 22:39:21 +02:00
08ce1add01
Renamed to httpbasics
2022-07-31 22:39:21 +02:00
25948306bd
Renamed to htmltampering
2022-07-31 22:39:21 +02:00
1c86f465dc
Renamed to clientsidefiltering
2022-07-31 22:39:21 +02:00
3b330fb328
Renamed to chromedevtools
2022-07-31 22:39:21 +02:00
