0f38519ecf
ci: add step for pushing Docker desktop image
2023-02-17 12:56:43 +01:00
4c95c9ec6a
ci: add step to build and verify Docker image
2023-02-17 12:56:43 +01:00
f6c7a54931
docs: add screenshot to README and add Docker WebGoat desktop text
2023-02-17 12:56:43 +01:00
f1012c85d6
feat: add Docker desktop version of WebGoat with all tools installed
...
The new Docker image uses linuxserver/webtop giving users the opportunity
to run a Linux desktop in their browser without installing any tools
on their local machine.
2023-02-17 12:56:43 +01:00
ecfc321f14
feature: Add extra feedback once someone solves JWT refresh lesson differently
...
One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback.
2023-02-16 20:32:27 +00:00
73b8c431fc
chore: use constructor instead of field dependency injection
2023-02-16 20:32:27 +00:00
b68adfbc7c
Bump devops-infra/action-pull-request from 0.5.3 to 0.5.5
...
Bumps [devops-infra/action-pull-request](https://github.com/devops-infra/action-pull-request ) from 0.5.3 to 0.5.5.
- [Release notes](https://github.com/devops-infra/action-pull-request/releases )
- [Commits](https://github.com/devops-infra/action-pull-request/compare/v0.5.3...v0.5.5 )
---
updated-dependencies:
- dependency-name: devops-infra/action-pull-request
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-02-16 14:09:05 +00:00
1a2855afcd
chore: set directories explicitly when running IT tests
2023-02-16 12:24:02 +00:00
693771220c
fix: change url in JavaScript for JWT endpoint
...
The JavaScript pointed to the context root /WebWolf/ which is no longer in use.
2023-02-16 12:24:02 +00:00
075b1ab30a
Fix WebWolf JWT tool
2023-02-15 22:40:24 +00:00
390ff39f19
chore: format src/test/it as well
2023-02-15 19:01:06 +00:00
3ec34b0df5
fix: challenge test fails sometimes when calling scoreboard endpoint
2023-02-15 19:01:06 +00:00
eb4c8388f8
Update Dockerfile
2023-02-15 12:11:12 +00:00
ae081ce319
Add fileserver location (test)
2023-02-15 12:00:54 +00:00
bd398e4c09
#1396 Fix templates path for views
2023-02-15 11:58:49 +00:00
c9d1653d4f
Bump docker/build-push-action from 3.2.0 to 4.0.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.2.0 to 4.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v3.2.0...v4.0.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-02-10 21:39:35 +01:00
77c91b8df8
Bump actions/cache from 3.2.3 to 3.2.5
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.3 to 3.2.5.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.2.3...v3.2.5 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-02-10 21:38:56 +01:00
f9b810c5ee
Fix formatting issue
2023-01-14 18:29:24 +01:00
dc0fc09679
Move to main and skip develop
...
Using main and develop imposes a complicated release process with Gitflow etc. To simplify our release process we move our development to the main branch skipping develop.
2023-01-14 18:24:35 +01:00
a0173fd8f8
Merge branch 'develop'
2023-01-14 17:07:37 +01:00
58e7e9d4ef
Bump actions/cache from 3.2.2 to 3.2.3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v3.2.2...v3.2.3 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-01-11 20:59:09 +01:00
c7a41d1b17
Merge branch 'release/v2023.3' into develop
2023-01-05 21:59:37 +01:00
edd9aa36c2
Merge branch 'release/v2023.3'
2023-01-05 21:59:29 +01:00
27fe1850de
Preparing new release
2023-01-05 21:59:01 +01:00
5c2bbd1227
Fix jar path while creating a release
2023-01-05 21:57:08 +01:00
683b629663
Back to snapshot
2023-01-05 21:52:40 +01:00
04908a81e7
Add change log URL
2023-01-05 21:51:45 +01:00
701de68ef2
Merge branch 'release/v2023.2' into develop
2023-01-05 21:37:28 +01:00
81ed738493
Merge branch 'release/v2023.2'
2023-01-05 21:37:21 +01:00
c03d153978
New release
2023-01-05 21:36:48 +01:00
6ab04db2ee
Merge branch 'release/v2023.1' into develop
2023-01-05 21:06:36 +01:00
a108a937b5
Merge branch 'release/v2023.1'
2023-01-05 21:06:22 +01:00
6d5ea57606
New release
2023-01-05 21:02:26 +01:00
79fd88eeb6
Use Java 17
2023-01-05 21:00:43 +01:00
64b10c1a59
Merge branch 'release/v2023.0' into develop
2023-01-05 20:52:02 +01:00
6398d31c14
Merge branch 'release/v2023.0'
2023-01-05 20:51:53 +01:00
716a7dd9ea
Preparing release 2023.0
2023-01-05 20:51:34 +01:00
323daae578
Vulnerable components only work in a Docker container
2023-01-05 20:51:15 +01:00
bdbf66c8e1
Merge branch 'release/v2023.1' into develop
2023-01-05 20:38:54 +01:00
174a59c35a
Preparing release 2023.1
2023-01-05 20:38:20 +01:00
a08e515f6d
Merge branch 'release/v2023.0' into develop
2023-01-05 20:35:02 +01:00
f766edcfcb
Preparing release 2023.0
2023-01-05 20:31:24 +01:00
3901814363
Fix documentation link for XXE mitigation.
2023-01-05 19:00:12 +01:00
59bfd7c6d4
Move XXE to A05 - Security Misconfiguration
2023-01-05 19:00:12 +01:00
11776e1d6a
Remove explicit goal for code formatting
...
`mvn verify` already checks formatting, having a separate step is not necessary. We now also check Markdown files for correct formatting.
2023-01-05 18:18:52 +01:00
7664625afa
Add documentation about reusing the container.
...
The documentation now contains a description to reuse the initially create container. This way the user can start where they left off. The documentation only described creating a new container each and every time leaving users to create a new login each and every time.
Add documentation about reusing the container.
The documentation now contains a description to reuse the initially create container. This way the user can start where they left off. The documentation only described creating a new container each and every time leaving users to create a new login each and every time.
2023-01-05 18:18:52 +01:00
dca415099f
Remove unused JavaScript function
2023-01-05 11:33:00 +01:00
54e115aff0
Update the solution with WebWolf URLs
...
The new solution uses WebWolf paths as these will change automatically when a user start WebGoat on a different port. It no longer depends on the hardcoded port `8080`.
2023-01-05 11:02:45 +01:00
fcaa2d8589
Fix zip slip lesson.
...
The lesson did not work properly as the directory is reused across several path traversal lessons. First thing before uploading the zip file we now clean the directory.
The html had a reference to a location of the profile picture, this was part of a hint but this only causes confusion as this is not indicating to where you need to upload the picture with the Zip Slip vulnerability.
The assignment now contains a direct hint as where the image needs to be saved. The assignment is about creating a vulnerable zip file and NOT about guessing where the image should be saved inside WebGoat.
2023-01-05 11:02:45 +01:00
9666597164
- Add reference to the WebWolf icon in the top right corner.
...
- Format all text of the lesson
2023-01-04 08:07:51 +01:00
