e4eb5d783a 
					 
					
						
						
							
							Some updates and code improvements ( #1288 )  
						
						... 
						
						
						
						* try with resources
* StringBuilder
* removed ant and updated spring boot 
						
						
					 
					
						2022-07-10 17:13:26 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7dd0dd0923 
					 
					
						
						
							
							Bump actions/cache from 3.0.3 to 3.0.4 ( #1270 )  
						
						... 
						
						
						
						Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.0.3...v3.0.4 )
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-06-20 15:25:31 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						aeb481e561 
					 
					
						
						
							
							Bump actions/cache from 3.0.2 to 3.0.3 ( #1260 )  
						
						... 
						
						
						
						Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.0.2...v3.0.3 )
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-06-04 18:06:55 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8a22c88d61 
					 
					
						
						
							
							Bump docker/build-push-action from 2.10.0 to 3.0.0 ( #1252 )  
						
						... 
						
						
						
						Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 2.10.0 to 3.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v2.10.0...v3.0.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-05-18 08:36:51 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						724666e10f 
					 
					
						
						
							
							Bump docker/setup-buildx-action from 1 to 2 ( #1253 )  
						
						... 
						
						
						
						Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 1 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](https://github.com/docker/setup-buildx-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-05-18 08:36:39 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4953dd63ed 
					 
					
						
						
							
							Bump docker/setup-qemu-action from 1.1.0 to 2.0.0 ( #1254 )  
						
						... 
						
						
						
						Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 1.1.0 to 2.0.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1.1.0...v2.0.0 )
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-05-18 08:36:28 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a32055995d 
					 
					
						
						
							
							Bump docker/login-action from 1.14.1 to 2.0.0 ( #1255 )  
						
						... 
						
						
						
						Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.14.1 to 2.0.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v1.14.1...v2.0.0 )
---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-05-18 08:36:01 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3c0b243797 
					 
					
						
						
							
							Added new active developer ( #1249 )  
						
						... 
						
						
						
						Fix footer 
						
						
					 
					
						2022-05-06 07:34:49 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						dfa31e0a28 
					 
					
						
						
							
							JWT doc code typo fix ( #1247 )  
						
						
						
						
					 
					
						2022-04-20 08:16:21 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b32240f96b 
					 
					
						
						
							
							owasp top10-2021 ( #1235 )  
						
						
						
						
					 
					
						2022-04-11 21:12:41 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						02c3f9551f 
					 
					
						
						
							
							update spring boot ( #1242 )  
						
						
						
						
					 
					
						2022-04-11 21:12:10 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bc91ca86e8 
					 
					
						
						
							
							Bump actions/cache from 2.1.7 to 3.0.2 ( #1239 )  
						
						... 
						
						
						
						Bumps [actions/cache](https://github.com/actions/cache ) from 2.1.7 to 3.0.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v2.1.7...v3.0.2 )
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-04-11 18:14:54 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1dadf20ee0 
					 
					
						
						
							
							Bump actions/checkout from 2 to 3 ( #1240 )  
						
						... 
						
						
						
						Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-04-11 18:14:42 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4ff41299e3 
					 
					
						
						
							
							Bump actions/setup-java from 2 to 3 ( #1241 )  
						
						... 
						
						
						
						Bumps [actions/setup-java](https://github.com/actions/setup-java ) from 2 to 3.
- [Release notes](https://github.com/actions/setup-java/releases )
- [Commits](https://github.com/actions/setup-java/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-04-11 18:14:28 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a9fa53535d 
					 
					
						
						
							
							Fix Build Badge and Link ( #1238 )  
						
						
						
						
					 
					
						2022-04-11 07:45:58 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						711649924b 
					 
					
						
						
							
							Refactoring ( #1201 )  
						
						... 
						
						
						
						* Some initial refactoring
* Make it one application
* Got it working
* Fix problem on Windows
* Move WebWolf
* Move first lesson
* Moved all lessons
* Fix pom.xml
* Fix tests
* Add option to initialize a lesson
This way we can create content for each user inside a lesson. The initialize method will be called when a new user is created or when a lesson reset happens
* Clean up pom.xml files
* Remove fetching labels based on language.
We only support English at the moment, all the lesson explanations are written in English which makes it very difficult to translate. If we only had labels it would make sense to support multiple languages
* Fix SonarLint issues
* And move it all to the main project
* Fix for documentation paths
* Fix pom warnings
* Remove PMD as it does not work
* Update release notes about refactoring
Update release notes about refactoring
Update release notes about refactoring
* Fix lesson template
* Update release notes
* Keep it in the same repo in Dockerhub
* Update documentation to show how the connection is obtained.
Resolves : #1180 
* Rename all integration tests
* Remove command from Dockerfile
* Simplify GitHub actions
Currently, we use a separate actions for pull-requests and branch build.
This is now consolidated in one action.
The PR action triggers always, it now only trigger when the PR is
opened and not in draft.
Running all platforms on a branch build is a bit too much, it is better
 to only run all platforms when someone opens a PR.
* Remove duplicate entry from release notes
* Add explicit registry for base image
* Lesson scanner not working when fat jar
When running the fat jar we have to take into account we
are reading from the jar file and not the filesystem. In
this case you cannot use `getFile` for example.
* added info in README and fixed release docker
* changed base image and added ignore file
Co-authored-by: Zubcevic.com <rene@zubcevic.com > 
						
						
					 
					
						2022-04-09 14:56:12 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f3d8206a07 
					 
					
						
						
							
							Set permissions for GitHub actions ( #1228 )  
						
						... 
						
						
						
						- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions 
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions 
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs 
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com > 
						
						
					 
					
						2022-04-09 12:54:32 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						56f5b0f0fa 
					 
					
						
						
							
							Bump actions/cache from 2.1.7 to 3 ( #1220 )  
						
						... 
						
						
						
						Bumps [actions/cache](https://github.com/actions/cache ) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases )
- [Commits](https://github.com/actions/cache/compare/v2.1.7...v3 )
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-03-26 14:33:06 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bed2eed8d8 
					 
					
						
						
							
							Bump docker/build-push-action from 2.7.0 to 2.10.0 ( #1218 )  
						
						... 
						
						
						
						Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 2.7.0 to 2.10.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v2.7.0...v2.10.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-03-26 14:32:53 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						984548ae88 
					 
					
						
						
							
							Bump actions/checkout from 2 to 3 ( #1213 )  
						
						... 
						
						
						
						Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-03-09 14:52:49 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						32475ea37e 
					 
					
						
						
							
							Bump docker/login-action from 1.13.0 to 1.14.1 ( #1214 )  
						
						... 
						
						
						
						Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.13.0 to 1.14.1.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v1.13.0...v1.14.1 )
---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-03-09 14:52:28 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2332bf22a7 
					 
					
						
						
							
							Bump docker/login-action from 1.12.0 to 1.13.0 ( #1209 )  
						
						... 
						
						
						
						Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v1.12.0...v1.13.0 )
---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
						
						
					 
					
						2022-02-28 07:58:56 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3bc009297e 
					 
					
						
						
							
							Update SessionManagementTest.java ( #1198 )  
						
						... 
						
						
						
						url() is required in this case. You will notice it when changing host name or when using https 
						
						
					 
					
						2021-12-23 17:07:55 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						44ab36aa1b 
					 
					
						
						
							
							Add message that WebGoat should be running while detecting datasource  
						
						
						
						
					 
					
						2021-12-22 15:57:39 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						969335f2f6 
					 
					
						
						
							
							Update documentation for starting with java -jar  
						
						
						
						
					 
					
						2021-12-22 15:57:11 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c000a9b467 
					 
					
						
						
							
							Improve startup message Docker  
						
						
						
						
					 
					
						2021-12-22 12:55:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c5389f31c3 
					 
					
						
						
							
							Bump docker/login-action from 1.9.0 to 1.12.0  
						
						... 
						
						
						
						Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.9.0 to 1.12.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v1.9.0...v1.12.0 )
---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com > 
						
						
					 
					
						2021-12-21 12:53:41 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						85d4633f62 
					 
					
						
						
							
							Update enforcer and exclude log4j-core completely (every version)  
						
						
						
						
					 
					
						2021-12-21 10:05:12 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7ded0968c1 
					 
					
						
						
							
							Ban log4j all together and update OWASP dep check  
						
						... 
						
						
						
						Remove 
						
						
					 
					
						2021-12-20 21:45:44 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						cb6b1d73d1 
					 
					
						
						
							
							upgrade to latest spring-boot libs and fixed related issues  
						
						
						
						
					 
					
						2021-12-20 21:45:44 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						44f70ce4dc 
					 
					
						
						
							
							Remove unnecessary compiler section from pom.xml as it confuses Intellij while importing  
						
						
						
						
					 
					
						2021-12-20 16:45:06 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a42f8fcf75 
					 
					
						
						
							
							No progress information for Maven  
						
						
						
						
					 
					
						2021-12-20 16:45:06 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ac4b06f11b 
					 
					
						
						
							
							Move enabling security to WebGoat core and add resetting the lessons.  
						
						... 
						
						
						
						We can use it for more lessons and showcase how to apply security directly from the source code.
Resolves : #1176  
						
						
					 
					
						2021-12-20 16:45:06 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						705ec85f35 
					 
					
						
						
							
							openshift support  
						
						
						
						
					 
					
						2021-12-19 13:49:38 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1f1fb73f86 
					 
					
						
						
							
							Style fix ( #1191 )  
						
						... 
						
						
						
						* renamed README
* rename 
						
						
					 
					
						2021-12-18 18:06:32 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e169650ebc 
					 
					
						
						
							
							Update documentation  
						
						
						
						
					 
					
						2021-12-15 17:47:12 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2589aa3fa4 
					 
					
						
						
							
							Update documentation  
						
						
						
						
					 
					
						2021-12-15 17:46:58 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						51c007c545 
					 
					
						
						
							
							Update documentation  
						
						
						
						
					 
					
						2021-12-15 17:46:46 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5089c107ba 
					 
					
						
						
							
							Update documentation  
						
						
						
						
					 
					
						2021-12-15 17:46:35 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						69a93f30d2 
					 
					
						
						
							
							update documentation  
						
						
						
						
					 
					
						2021-12-15 17:46:24 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						80e01d680b 
					 
					
						
						
							
							add editor config  
						
						
						
						
					 
					
						2021-12-15 17:46:14 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0658fcefcd 
					 
					
						
						
							
							update documentation  
						
						
						
						
					 
					
						2021-12-15 17:46:03 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d41d21b2e6 
					 
					
						
						
							
							Update the documentation  
						
						
						
						
					 
					
						2021-12-15 17:45:52 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						939f860ddd 
					 
					
						
						
							
							renamed spoof-cookie form  
						
						
						
						
					 
					
						2021-12-08 19:37:10 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d047c41e86 
					 
					
						
						
							
							Update README.MD  
						
						
						
						
					 
					
						2021-11-27 18:06:45 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8dd66fc0ff 
					 
					
						
						
							
							Improve Docker start up script  
						
						... 
						
						
						
						- Make sure the last line contains the information
- Split in separate functions
- Add option to skip starting nginx (by default it is started) 
						
						
					 
					
						2021-11-23 13:22:19 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d496c929b3 
					 
					
						
						
							
							Use variables to check WebWolf host and port  
						
						... 
						
						
						
						WebWolf can start on a different port, the assignment should take this into account and not check for a hardcoded value.
Resolves : #1055  
						
						
					 
					
						2021-11-23 13:22:08 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f8dda37027 
					 
					
						
						
							
							Rename properties  
						
						... 
						
						
						
						Rename `webwolf.url.*` to `webwolf.*.url` making it easier to move to a configuration class as no nested property is necessary 
						
						
					 
					
						2021-11-23 13:22:08 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						48fd7f310e 
					 
					
						
						
							
							Bump actions/cache from 2.1.5 to 2.1.7  
						
						... 
						
						
						
						Bumps [actions/cache](https://github.com/actions/cache ) from 2.1.5 to 2.1.7.
- [Release notes](https://github.com/actions/cache/releases )
- [Commits](https://github.com/actions/cache/compare/v2.1.5...v2.1.7 )
---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com > 
						
						
					 
					
						2021-11-23 13:21:52 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5107e111bf 
					 
					
						
						
							
							test url fix  
						
						
						
						
					 
					
						2021-11-19 13:07:49 +01:00