One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback.
The lesson did not work properly as the directory is reused across several path traversal lessons. First thing before uploading the zip file we now clean the directory.
The html had a reference to a location of the profile picture, this was part of a hint but this only causes confusion as this is not indicating to where you need to upload the picture with the Zip Slip vulnerability.
The assignment now contains a direct hint as where the image needs to be saved. The assignment is about creating a vulnerable zip file and NOT about guessing where the image should be saved inside WebGoat.
* language selector first steps
* language german intro added
* ascii doc lang attribute as additional option
* removed some commented code
* changed adoc resource loader to take into account the selected language
* added readme
* added lang test cases
* Some initial refactoring
* Make it one application
* Got it working
* Fix problem on Windows
* Move WebWolf
* Move first lesson
* Moved all lessons
* Fix pom.xml
* Fix tests
* Add option to initialize a lesson
This way we can create content for each user inside a lesson. The initialize method will be called when a new user is created or when a lesson reset happens
* Clean up pom.xml files
* Remove fetching labels based on language.
We only support English at the moment, all the lesson explanations are written in English which makes it very difficult to translate. If we only had labels it would make sense to support multiple languages
* Fix SonarLint issues
* And move it all to the main project
* Fix for documentation paths
* Fix pom warnings
* Remove PMD as it does not work
* Update release notes about refactoring
Update release notes about refactoring
Update release notes about refactoring
* Fix lesson template
* Update release notes
* Keep it in the same repo in Dockerhub
* Update documentation to show how the connection is obtained.
Resolves: #1180
* Rename all integration tests
* Remove command from Dockerfile
* Simplify GitHub actions
Currently, we use a separate actions for pull-requests and branch build.
This is now consolidated in one action.
The PR action triggers always, it now only trigger when the PR is
opened and not in draft.
Running all platforms on a branch build is a bit too much, it is better
to only run all platforms when someone opens a PR.
* Remove duplicate entry from release notes
* Add explicit registry for base image
* Lesson scanner not working when fat jar
When running the fat jar we have to take into account we
are reading from the jar file and not the filesystem. In
this case you cannot use `getFile` for example.
* added info in README and fixed release docker
* changed base image and added ignore file
Co-authored-by: Zubcevic.com <rene@zubcevic.com>
