WebGoat

Author	SHA1	Message	Date
dependabot[bot]	fd5189c102	chore: bump com.diffplug.spotless:spotless-maven-plugin (#1688 ) Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.38.0 to 2.41.1. - [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md) - [Commits](https://github.com/diffplug/spotless/compare/lib/2.38.0...maven/2.41.1) --- updated-dependencies: - dependency-name: com.diffplug.spotless:spotless-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-04 22:24:53 +01:00
Nanne Baars	ae261f201a	feat: show directly requested file in requests overview When a call directly hits a file it is now show up in the requests overview. This helps the user whether an attack from WebGoat actually requested the uploaded file. Closes: gh-1551	2023-12-04 21:34:16 +01:00
Nanne Baars	3d651526be	feat: show creating time in file upload overview Closes: gh-1551	2023-12-04 21:32:02 +01:00
Nanne Baars	c7c2a61f65	chore: fix startup message (#1687 ) Since we use two application context, the event listener would print out the last one with the WebWolf context. As WebWolf is part of WebGoat we should not refer to it anymore during startup as users should always go to WebGoat first.	2023-12-04 07:59:29 +01:00
Nanne Baars	b7f657ad2c	chore: fix WebWolf UI (#1686 ) Fix-ups after the Bootstrap 5 upgrade for WebWolf.	2023-12-02 12:59:56 +01:00
René Zubcevic	7fea42afe9	Fix/state of software supply chain links (#1683 ) * fix:update state of software supply chain links * fix:fix second link * fix:links formatting --------- Co-authored-by: maurycupitt <maury@cupitt.com>	2023-11-27 15:33:14 +01:00
René Zubcevic	826887cc83	Consistent environment values and url references (#1677 ) * organizing environment variables * Update application-webgoat.properties * Update pom.xml * test without ssl * fix docker base image and default env entries * seperate server.address from webgoat.host and webwolf.host * change base image and enable endpoint logging for docker as well * change README * change README * make integration test able to verify against alternative host names * use dynamic ports and remove system println	2023-11-27 14:35:49 +01:00
Nanne Baars	62db86246e	chore: back to snapshot	2023-11-23 22:34:34 +01:00
Nanne Baars	f7a9995fe0	chore: create release v2023.5 v2023.5	2023-11-23 16:05:13 +01:00
dependabot[bot]	d6c4e8e454	chore: bump docker/build-push-action from 4.1.1 to 5.1.0 (#1670 ) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4.1.1 to 5.1.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v4.1.1...v5.1.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: René Zubcevic <rene@zubcevic.com>	2023-11-20 15:11:59 +01:00
dependabot[bot]	26628a39e1	chore: bump org.apache.commons:commons-compress from 1.23.0 to 1.25.0 (#1672 ) Bumps org.apache.commons:commons-compress from 1.23.0 to 1.25.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-compress dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: René Zubcevic <rene@zubcevic.com>	2023-11-20 15:05:36 +01:00
dependabot[bot]	2d26a318d1	chore: bump org.owasp:dependency-check-maven from 6.5.1 to 8.4.3 (#1671 ) Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 6.5.1 to 8.4.3. - [Release notes](https://github.com/jeremylong/DependencyCheck/releases) - [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](https://github.com/jeremylong/DependencyCheck/compare/v6.5.1...v8.4.3) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-20 14:55:37 +01:00
Agustín Díaz	dc16e9a0fb	fix: typo in WebGoad.txt (#1667 ) Signed-off-by: Agustín Díaz <agustin.ramiro.diaz@gmail.com>	2023-11-17 18:59:02 +01:00
René Zubcevic	88a321c268	search box moved and jwt encode/decode with little delay (#1664 )	2023-11-16 14:42:10 +01:00
René Zubcevic	8450c5a5be	skip validation for JWT (#1663 ) * skip validation for JWT * skip validation for JWT * skip validation for JWT	2023-11-15 18:30:14 +01:00
René Zubcevic	ba75e10efd	fixed issue in JWT test tool and added robot test (#1658 )	2023-11-14 18:14:48 +01:00
René Zubcevic	d1e44bbc98	Password reset link test condition more strict and move all WebWolf links to /WebWolf (#1645 ) * better check on host and port for password reset and make context roots more flexible * spotless applied * removed hardcoded /WebGoat from js * removed hardcoded /WebGoat from js * fix spotless * fix scoreboard * upgrade WebWolf bootstrap version and icons and templates - part 1 * fixed more bootstrap 5 style issues and context path issues * organized WebSecurityConfig based on latest conventions and added basic support for oauth (more work needed) * spotless applied * added mock bean * requires updates to properties - commented for now * requires updates to properties - commented for now * oauth secrets through env values * user creation after oauth login * integration test against non default context paths * adjusted StartupMessage * add global model element username * conditionally show login oauth links * fixed WebWolf login --------- Co-authored-by: René Zubcevic <rene@Mac-mini-van-Rene.local>	2023-11-14 10:01:59 +01:00
dependabot[bot]	5a4974f3c2	chore: bump org.apache.maven.plugins:maven-checkstyle-plugin (#1640 ) Bumps [org.apache.maven.plugins:maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.3.0 to 3.3.1. - [Commits](https://github.com/apache/maven-checkstyle-plugin/compare/maven-checkstyle-plugin-3.3.0...maven-checkstyle-plugin-3.3.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-02 08:13:39 +01:00
dependabot[bot]	4fc1d1fb22	chore: bump org.apache.maven.plugins:maven-surefire-plugin (#1641 ) Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.1.2 to 3.2.1. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.1.2...surefire-3.2.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-02 07:26:26 +01:00
René Zubcevic	084a105c69	Java 21 initial support (#1622 ) * check java 17 and 21 in build * build on regular branch push * build on regular branch push * build on regular branch push * update spring boot for Java21 support	2023-10-23 20:21:00 +02:00
dependabot[bot]	7485cb8b9a	chore: bump org.webjars:bootstrap from 3.3.7 to 5.3.2 (#1624 ) * chore: bump org.webjars:bootstrap from 3.3.7 to 5.3.2 Bumps [org.webjars:bootstrap](https://github.com/webjars/bootstrap) from 3.3.7 to 5.3.2. - [Commits](https://github.com/webjars/bootstrap/compare/bootstrap-3.3.7...bootstrap-5.3.2) --- updated-dependencies: - dependency-name: org.webjars:bootstrap dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * small update and ignore major updates * small update and ignore major updates --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: René Zubcevic <rene@zubcevic.com>	2023-10-23 20:09:48 +02:00
dependabot[bot]	c312ae989f	chore: bump docker/setup-buildx-action from 2 to 3 (#1628 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-23 17:12:25 +02:00
dependabot[bot]	5fde7fbf29	chore: bump docker/login-action from 2.2.0 to 3.0.0 (#1630 ) Bumps [docker/login-action](https://github.com/docker/login-action) from 2.2.0 to 3.0.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v2.2.0...v3.0.0) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: René Zubcevic <rene@zubcevic.com>	2023-10-23 17:03:54 +02:00
dependabot[bot]	a32c56bfc7	chore: bump actions/first-interaction from 1.1.1 to 1.2.0 (#1629 ) Bumps [actions/first-interaction](https://github.com/actions/first-interaction) from 1.1.1 to 1.2.0. - [Release notes](https://github.com/actions/first-interaction/releases) - [Commits](https://github.com/actions/first-interaction/compare/v1.1.1...v1.2.0) --- updated-dependencies: - dependency-name: actions/first-interaction dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: René Zubcevic <rene@zubcevic.com>	2023-10-23 16:57:16 +02:00
dependabot[bot]	6fd3eb57eb	chore: bump com.google.guava:guava from 32.1.1-jre to 32.1.3-jre (#1627 ) Bumps [com.google.guava:guava](https://github.com/google/guava) from 32.1.1-jre to 32.1.3-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: René Zubcevic <rene@zubcevic.com>	2023-10-23 16:49:02 +02:00
dependabot[bot]	1743d017ff	chore: bump commons-io:commons-io from 2.13.0 to 2.14.0 (#1626 ) Bumps commons-io:commons-io from 2.13.0 to 2.14.0. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-23 16:25:45 +02:00
dependabot[bot]	2b2638943b	chore: bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 (#1625 ) Bumps [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) from 0.8.10 to 0.8.11. - [Release notes](https://github.com/jacoco/jacoco/releases) - [Commits](https://github.com/jacoco/jacoco/compare/v0.8.10...v0.8.11) --- updated-dependencies: - dependency-name: org.jacoco:jacoco-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-23 16:18:27 +02:00
François Capon	45c26d8aaf	Fix servers id (#1619 )	2023-10-22 15:25:52 +02:00
Àngel Ollé Blázquez	be30551850	fix: potential NPE in the stored XSS assignment	2023-08-27 14:31:35 +02:00
Àngel Ollé Blázquez	49862f6b90	fix: fixes the default change in trailing slash matching and address the affected assignments	2023-08-27 14:14:27 +02:00
Àngel Ollé Blázquez	4009785bb8	fix: crypto basics broken links	2023-08-27 13:16:08 +02:00
Àngel Ollé Blázquez	d8341c86a1	bug: fix hint that was breaking the template, causing hints from different assignments to mix (#1424 )	2023-08-27 02:08:52 +02:00
Àngel Ollé Blázquez	055578893d	feat: improve MFAC lesson hint texts for a better user experience (#1424 )	2023-08-27 02:08:52 +02:00
dependabot[bot]	b89ebd70ad	chore: bump webdrivermanager from 5.3.2 to 5.3.3 Bumps [webdrivermanager](https://github.com/bonigarcia/webdrivermanager) from 5.3.2 to 5.3.3. - [Release notes](https://github.com/bonigarcia/webdrivermanager/releases) - [Changelog](https://github.com/bonigarcia/webdrivermanager/blob/master/CHANGELOG.md) - [Commits](https://github.com/bonigarcia/webdrivermanager/compare/webdrivermanager-5.3.2...webdrivermanager-5.3.3) --- updated-dependencies: - dependency-name: io.github.bonigarcia:webdrivermanager dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-08-27 00:34:41 +02:00
Àngel Ollé Blázquez	7b81247dd1	fix: HijackSession lesson template deprecated Tymeleaf attribute	2023-08-26 02:57:50 +02:00
Àngel Ollé Blázquez	3bc2e57c9c	Fix NPE in IDOR lesson	2023-08-26 02:22:33 +02:00
Àngel Ollé Blázquez	c3ec168d59	Add new assignment IT tests	2023-08-26 01:30:17 +02:00
Àngel Ollé Blázquez	a67fbf5a5a	fix: XSS mitigation	2023-08-26 01:30:17 +02:00
Àngel Ollé Blázquez	3365c8d447	Remove wrong files	2023-08-25 22:50:40 +02:00
Àngel Ollé Blázquez	368c046779	fix: Stored Cross-Site Scripting Lesson	2023-08-25 20:55:26 +02:00
dependabot[bot]	8749137d1e	chore: bump org.webjars:jquery from 3.6.4 to 3.7.0 Bumps [org.webjars:jquery](https://github.com/webjars/jquery) from 3.6.4 to 3.7.0. - [Commits](https://github.com/webjars/jquery/compare/jquery-3.6.4...jquery-3.7.0) --- updated-dependencies: - dependency-name: org.webjars:jquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-08-25 00:31:04 +02:00
Àngel Ollé Blázquez	786cabd251	Make webjar dependencies version agnostic	2023-08-24 16:43:28 +02:00
dependabot[bot]	dda8b10f55	chore: bump org.jruby:jruby from 9.4.2.0 to 9.4.3.0 Bumps org.jruby:jruby from 9.4.2.0 to 9.4.3.0. --- updated-dependencies: - dependency-name: org.jruby:jruby dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-08-19 00:20:59 +02:00
dependabot[bot]	d6ca083529	chore: bump commons-io:commons-io from 2.11.0 to 2.13.0 Bumps commons-io:commons-io from 2.11.0 to 2.13.0. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-08-18 16:15:17 +02:00
test2user-aqil	7c92d625dd	doc: fix version strings Replace `2023.3` with `2023.4`	2023-08-16 15:59:23 +02:00
Àngel Ollé Blázquez	4ba818533c	fix: WebWolf JWT jquery webjar	2023-08-09 01:32:03 +02:00
Nanne Baars	a9b1fd66b8	feat: implement JWT jku example (#1552 ) Closes #1539	2023-08-08 17:18:22 +02:00
dependabot[bot]	8f6e47e6d4	chore: bump com.nulab-inc:zxcvbn from 1.7.0 to 1.8.0 (#1542 ) Bumps [com.nulab-inc:zxcvbn](https://github.com/nulab/zxcvbn4j) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/nulab/zxcvbn4j/releases) - [Changelog](https://github.com/nulab/zxcvbn4j/blob/master/CHANGELOG.md) - [Commits](https://github.com/nulab/zxcvbn4j/compare/1.7.0...1.8.0) --- updated-dependencies: - dependency-name: com.nulab-inc:zxcvbn dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-04 16:34:49 +02:00
dependabot[bot]	61de52840f	chore: bump com.diffplug.spotless:spotless-maven-plugin from 2.33.0 to 2.38.0 (#1535 ) * chore: bump com.diffplug.spotless:spotless-maven-plugin Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.33.0 to 2.38.0. - [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md) - [Commits](https://github.com/diffplug/spotless/compare/lib/2.33.0...lib/2.38.0) --- updated-dependencies: - dependency-name: com.diffplug.spotless:spotless-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore: format code --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nanne Baars <nanne.baars@owasp.org>	2023-07-30 15:10:31 +02:00
dependabot[bot]	fd3eb2451c	chore: bump guava from 31.1-jre to 32.1.1-jre (#1530 ) Bumps [guava](https://github.com/google/guava) from 31.1-jre to 32.1.1-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-29 12:35:06 +02:00

... 17 18 19 20 21 ...

3829 Commits