dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,159 Commits 11 Branches 78 Tags
Commit Graph

3159 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
a4305f408e
chore: bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre (#2083) 2025-03-29 15:59:42 +01:00
dependabot[bot]
7dea5a1bde
chore: bump com.microsoft.playwright:playwright from 1.50.0 to 1.51.0 (#2084) 2025-03-29 15:59:29 +01:00
Geoffrey Tsai
8cd0b0a8c9
resolve the url for the developer tools network (#2087) 2025-03-29 15:59:09 +01:00
Geoffrey Tsai
72c09f7240
update the sql mitigation lessons 9 and 10 to contain the correct urls (#2077) 2025-03-21 14:15:19 +01:00
dependabot[bot]
d8c402f0d6
chore: bump docker/login-action from 3.3.0 to 3.4.0 (#2074) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3.3.0...v3.4.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-20 12:30:50 +01:00
Nanne Baars
95136c9930
chore: update about page (#2070) 2025-03-12 06:59:01 +01:00
Nanne Baars
23d6fe6f36
fix: correct number of solved assignments in report card (#2065) 
* fix: correct number of solved assignments in report card

Filter the list of assignments to accurately count the number of solved assignments.

Closes: gh-2063

* chore: remove scoreboard code

This is added when we run a CTF challenge during OWASP AppSecEU in 2017. We can remove this code.

Closes: gh-2064
 2025-03-11 22:57:49 +01:00
Nanne Baars
2c5e4c4491
chore: use webgoat.org (#2066) 
Closes: gh-2046
 2025-03-11 22:47:02 +01:00
dependabot[bot]
c89fcb140a
chore: bump org.jsoup:jsoup from 1.18.3 to 1.19.1 (#2058) 
Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup) from 1.18.3 to 1.19.1.
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES.md)
- [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.18.3...jsoup-1.19.1)

---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-11 21:45:10 +01:00
dependabot[bot]
3cfd053c83
chore: bump org.wiremock:wiremock-standalone from 3.12.0 to 3.12.1 (#2059) 
Bumps [org.wiremock:wiremock-standalone](https://github.com/wiremock/wiremock) from 3.12.0 to 3.12.1.
- [Release notes](https://github.com/wiremock/wiremock/releases)
- [Commits](https://github.com/wiremock/wiremock/compare/3.12.0...3.12.1)

---
updated-dependencies:
- dependency-name: org.wiremock:wiremock-standalone
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-11 21:44:45 +01:00
Nanne Baars
10adb1b05f chore: back to snapshot 2025-03-11 20:28:08 +01:00
Nanne Baars
c3ed45a733 chore: new release 2025.3 v2025.3 2025-03-11 20:16:10 +01:00
Nanne Baars
e2f80b18e2
fix: rewrite questions (#2057) 
Closes: gh-1178
 2025-03-11 20:05:35 +01:00
Nanne Baars
641f24df9d
fix: update filtering internal endpoints in ZAP (#2055) 2025-03-08 12:40:09 +01:00
dependabot[bot]
3b3933b69e
chore: bump docker/setup-qemu-action from 3.4.0 to 3.6.0 (#2049) 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.4.0 to 3.6.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.6.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-05 16:55:56 +01:00
dependabot[bot]
05497371db
chore: bump docker/build-push-action from 6.14.0 to 6.15.0 (#2050) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.14.0 to 6.15.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6.14.0...v6.15.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-05 16:55:47 +01:00
Nanne Baars
32cf225d6b chore: back to snapshot 2025-03-02 20:47:20 +01:00
Nanne Baars
affa3f7a1c chore: release 2025.2 v2025.2 2025-03-02 20:37:33 +01:00
Nanne Baars
e9f79cc739
fix: SQL advanced assignment 5 (#2047) 
- Add and show correct hints
- Fix solving the lesson immediately when you register as tom. Now uses `informationMessage` to display a message in the UI
- Add Playwright test

Closes: gh-2045
 2025-03-02 20:31:05 +01:00
Nanne Baars
c37a8e8c19 chore: back to snapshot 2025-03-01 17:16:13 +01:00
Nanne Baars
5eeeee1e66 chore: extend create release documentation 2025-03-01 17:14:59 +01:00
Nanne Baars
0d4cc06342 chore: new release 2025.1 v2025.1 2025-03-01 16:38:56 +01:00
Nanne Baars
1d74727db6 chore: new release 2025.0 v2025.0 2025-03-01 16:03:06 +01:00
dependabot[bot]
957cd161f2
chore: bump org.wiremock:wiremock-standalone from 3.11.0 to 3.12.0 (#2026) 
Bumps [org.wiremock:wiremock-standalone](https://github.com/wiremock/wiremock) from 3.11.0 to 3.12.0.
- [Release notes](https://github.com/wiremock/wiremock/releases)
- [Commits](https://github.com/wiremock/wiremock/compare/3.11.0...3.12.0)

---
updated-dependencies:
- dependency-name: org.wiremock:wiremock-standalone
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-01 11:01:46 +01:00
Nanne Baars
16b7a13de8
chore: add test case for multiple users solving lessons (#2043) 2025-02-28 20:56:15 +01:00
Nanne Baars
95dcc56a19
fix: register user while already logged in as other user. (#2042) 2025-02-28 20:56:00 +01:00
Nanne Baars
55bd0a49db
chore: cleanup IT tests (#2040) 2025-02-28 18:39:23 +01:00
dependabot[bot]
b5af30c819
chore: bump docker/build-push-action from 6.13.0 to 6.14.0 (#2033) 2025-02-27 18:35:10 +01:00
dependabot[bot]
3d4780d7e0
chore: bump org.testcontainers:testcontainers from 1.20.4 to 1.20.5 (#2034) 2025-02-27 18:34:58 +01:00
dependabot[bot]
92d4981b90
chore: bump com.diffplug.spotless:spotless-maven-plugin (#2035) 2025-02-27 18:34:47 +01:00
dependabot[bot]
8166b10c1a
chore: bump org.testcontainers:junit-jupiter from 1.20.4 to 1.20.5 (#2036) 2025-02-27 18:34:36 +01:00
dependabot[bot]
6d1ebadf85
chore: bump org.springframework.boot:spring-boot-starter-parent (#2037) 2025-02-27 18:34:24 +01:00
dependabot[bot]
9572a7b840
chore: bump com.microsoft.playwright:playwright from 1.49.0 to 1.50.0 (#2025) 2025-02-22 20:55:35 +01:00
dependabot[bot]
6c16d4ccfc
chore: bump io.github.bonigarcia:webdrivermanager from 5.9.2 to 5.9.3 (#2027) 2025-02-22 20:55:07 +01:00
dependabot[bot]
93c3f19ca7
chore: bump org.jruby:jruby from 9.4.11.0 to 9.4.12.0 (#2028) 2025-02-22 20:54:55 +01:00
dependabot[bot]
fadb07d73e
chore: bump devops-infra/action-pull-request from 0.5.5 to 0.6.0 (#2029) 2025-02-22 20:54:44 +01:00
dependabot[bot]
f66126e53d
chore: bump devops-infra/action-commit-push from 0.9.2 to 0.10.0 (#2030) 2025-02-22 20:54:32 +01:00
Nanne Baars
c3c520f487
refactor: small updates and improvements in HTTP Basic lesson (#2024) 
* refactor: cleanup attack result and builder

* refactor: solve compiler warnings

* feature: improve HTTP basics lesson

Closes: #494
 2025-02-18 14:26:21 +01:00
Nanne Baars
00f3538be2
chore: format all code according to SPDX (#2023) 2025-02-16 19:48:05 +01:00
dependabot[bot]
2a5b4385ea
chore: bump com.diffplug.spotless:spotless-maven-plugin (#2006) 
Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.41.1 to 2.44.2.
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](https://github.com/diffplug/spotless/compare/maven/2.41.1...maven/2.44.2)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-15 19:52:40 +01:00
dependabot[bot]
79ac5b7b99
chore: bump docker/build-push-action from 6.12.0 to 6.13.0 (#2012) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.12.0 to 6.13.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6.12.0...v6.13.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-15 18:55:37 +01:00
dependabot[bot]
8638d94595
chore: bump org.springframework.boot:spring-boot-starter-parent (#2013) 
Bumps [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 3.4.1 to 3.4.2.
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](https://github.com/spring-projects/spring-boot/compare/v3.4.1...v3.4.2)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-starter-parent
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-15 18:55:26 +01:00
dependabot[bot]
3ef5e34dd0
chore: bump org.jruby:jruby from 9.4.9.0 to 9.4.11.0 (#2017) 
Bumps org.jruby:jruby from 9.4.9.0 to 9.4.11.0.

---
updated-dependencies:
- dependency-name: org.jruby:jruby
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-15 18:55:09 +01:00
dependabot[bot]
019ab0495f
chore: bump com.auth0:java-jwt from 4.4.0 to 4.5.0 (#2018) 
Bumps [com.auth0:java-jwt](https://github.com/auth0/java-jwt) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/auth0/java-jwt/releases)
- [Changelog](https://github.com/auth0/java-jwt/blob/master/CHANGELOG.md)
- [Commits](https://github.com/auth0/java-jwt/compare/4.4.0...4.5.0)

---
updated-dependencies:
- dependency-name: com.auth0:java-jwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-15 18:54:59 +01:00
dependabot[bot]
2aeee521ab
chore: bump org.wiremock:wiremock-standalone from 3.10.0 to 3.11.0 (#2019) 
Bumps [org.wiremock:wiremock-standalone](https://github.com/wiremock/wiremock) from 3.10.0 to 3.11.0.
- [Release notes](https://github.com/wiremock/wiremock/releases)
- [Commits](https://github.com/wiremock/wiremock/compare/3.10.0...3.11.0)

---
updated-dependencies:
- dependency-name: org.wiremock:wiremock-standalone
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-15 18:54:49 +01:00
dependabot[bot]
b940e5ce58
chore: bump docker/setup-qemu-action from 3.3.0 to 3.4.0 (#2022) 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3.3.0...v3.4.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-15 18:54:38 +01:00
Nanne Baars
9c90a24cc0
docs(CSRFFeedback.java): fixed one invalid solution about CSRF attack (#2010) 
Co-authored-by: HackHuang <GoogTech@outlook.com>
Co-authored-by: HackHuang <hi@goog.tech>
 2025-01-26 20:23:40 +01:00
dependabot[bot]
2ac50bfbd8
chore: bump docker/build-push-action from 6.11.0 to 6.12.0 (#2005) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.11.0 to 6.12.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6.11.0...v6.12.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-26 19:18:25 +01:00
Nanne Baars
d96dbe2edf fix: build failure 2025-01-26 18:47:10 +01:00
Nanne Baars
8e45316638
feat: Introduce Playwright for UI testing 
Instead of using Robot Framework which does not run during a `mvn install`. Playwright seems to be the better approach. We can now write them as normal JUnit test and they are executed during a build.

Additionally this PR solves some interesting bugs found during writing Playwright tests:

- A reset of a lesson removes all assignments as a result another user wouldn't see any assignments
- If someone solves an assignment the assignment automatically got solved for a new user since the assignment included the `solved` flag which immediately got copied to new lesson progress.
- Introduction of assignment progress linking a assignment not directly to all users.
 2025-01-26 16:59:59 +01:00