dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,114 Commits 11 Branches 78 Tags
Commit Graph

3114 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
René Zubcevic
ba75e10efd
fixed issue in JWT test tool and added robot test (#1658) 2023-11-14 18:14:48 +01:00
René Zubcevic
d1e44bbc98
Password reset link test condition more strict and move all WebWolf links to /WebWolf (#1645) 
* better check on host and port for password reset and make context roots more flexible

* spotless applied

* removed hardcoded /WebGoat from js

* removed hardcoded /WebGoat from js

* fix spotless

* fix scoreboard

* upgrade WebWolf bootstrap version and icons and templates - part 1

* fixed more bootstrap 5 style issues and context path issues

* organized WebSecurityConfig based on latest conventions and added basic support for oauth (more work needed)

* spotless applied

* added mock bean

* requires updates to properties - commented for now

* requires updates to properties - commented for now

* oauth secrets through env values

* user creation after oauth login

* integration test against non default context paths

* adjusted StartupMessage

* add global model element username

* conditionally show login oauth links

* fixed WebWolf login

---------

Co-authored-by: René Zubcevic <rene@Mac-mini-van-Rene.local>
 2023-11-14 10:01:59 +01:00
dependabot[bot]
5a4974f3c2
chore: bump org.apache.maven.plugins:maven-checkstyle-plugin (#1640) 
Bumps [org.apache.maven.plugins:maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.3.0 to 3.3.1.
- [Commits](https://github.com/apache/maven-checkstyle-plugin/compare/maven-checkstyle-plugin-3.3.0...maven-checkstyle-plugin-3.3.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-02 08:13:39 +01:00
dependabot[bot]
4fc1d1fb22
chore: bump org.apache.maven.plugins:maven-surefire-plugin (#1641) 
Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.1.2 to 3.2.1.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.1.2...surefire-3.2.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-02 07:26:26 +01:00
René Zubcevic
084a105c69
Java 21 initial support (#1622) 
* check java 17 and 21 in build

* build on regular branch push

* build on regular branch push

* build on regular branch push

* update spring boot for Java21 support
 2023-10-23 20:21:00 +02:00
dependabot[bot]
7485cb8b9a
chore: bump org.webjars:bootstrap from 3.3.7 to 5.3.2 (#1624) 
* chore: bump org.webjars:bootstrap from 3.3.7 to 5.3.2

Bumps [org.webjars:bootstrap](https://github.com/webjars/bootstrap) from 3.3.7 to 5.3.2.
- [Commits](https://github.com/webjars/bootstrap/compare/bootstrap-3.3.7...bootstrap-5.3.2)

---
updated-dependencies:
- dependency-name: org.webjars:bootstrap
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* small update and ignore major updates

* small update and ignore major updates

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2023-10-23 20:09:48 +02:00
dependabot[bot]
c312ae989f
chore: bump docker/setup-buildx-action from 2 to 3 (#1628) 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-23 17:12:25 +02:00
dependabot[bot]
5fde7fbf29
chore: bump docker/login-action from 2.2.0 to 3.0.0 (#1630) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 2.2.0 to 3.0.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v2.2.0...v3.0.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2023-10-23 17:03:54 +02:00
dependabot[bot]
a32c56bfc7
chore: bump actions/first-interaction from 1.1.1 to 1.2.0 (#1629) 
Bumps [actions/first-interaction](https://github.com/actions/first-interaction) from 1.1.1 to 1.2.0.
- [Release notes](https://github.com/actions/first-interaction/releases)
- [Commits](https://github.com/actions/first-interaction/compare/v1.1.1...v1.2.0)

---
updated-dependencies:
- dependency-name: actions/first-interaction
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2023-10-23 16:57:16 +02:00
dependabot[bot]
6fd3eb57eb
chore: bump com.google.guava:guava from 32.1.1-jre to 32.1.3-jre (#1627) 
Bumps [com.google.guava:guava](https://github.com/google/guava) from 32.1.1-jre to 32.1.3-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2023-10-23 16:49:02 +02:00
dependabot[bot]
1743d017ff
chore: bump commons-io:commons-io from 2.13.0 to 2.14.0 (#1626) 
Bumps commons-io:commons-io from 2.13.0 to 2.14.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-23 16:25:45 +02:00
dependabot[bot]
2b2638943b
chore: bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 (#1625) 
Bumps [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) from 0.8.10 to 0.8.11.
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](https://github.com/jacoco/jacoco/compare/v0.8.10...v0.8.11)

---
updated-dependencies:
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-23 16:18:27 +02:00
François Capon
45c26d8aaf
Fix servers id (#1619) 2023-10-22 15:25:52 +02:00
Àngel Ollé Blázquez
be30551850 fix: potential NPE in the stored XSS assignment 2023-08-27 14:31:35 +02:00
Àngel Ollé Blázquez
49862f6b90 fix: fixes the default change in trailing slash matching and address the affected assignments 2023-08-27 14:14:27 +02:00
Àngel Ollé Blázquez
4009785bb8 fix: crypto basics broken links 2023-08-27 13:16:08 +02:00
Àngel Ollé Blázquez
d8341c86a1 bug: fix hint that was breaking the template, causing hints from different assignments to mix (#1424) 2023-08-27 02:08:52 +02:00
Àngel Ollé Blázquez
055578893d feat: improve MFAC lesson hint texts for a better user experience (#1424) 2023-08-27 02:08:52 +02:00
dependabot[bot]
b89ebd70ad chore: bump webdrivermanager from 5.3.2 to 5.3.3 
Bumps [webdrivermanager](https://github.com/bonigarcia/webdrivermanager) from 5.3.2 to 5.3.3.
- [Release notes](https://github.com/bonigarcia/webdrivermanager/releases)
- [Changelog](https://github.com/bonigarcia/webdrivermanager/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bonigarcia/webdrivermanager/compare/webdrivermanager-5.3.2...webdrivermanager-5.3.3)

---
updated-dependencies:
- dependency-name: io.github.bonigarcia:webdrivermanager
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-27 00:34:41 +02:00
Àngel Ollé Blázquez
7b81247dd1 fix: HijackSession lesson template deprecated Tymeleaf attribute 2023-08-26 02:57:50 +02:00
Àngel Ollé Blázquez
3bc2e57c9c Fix NPE in IDOR lesson 2023-08-26 02:22:33 +02:00
Àngel Ollé Blázquez
c3ec168d59 Add new assignment IT tests 2023-08-26 01:30:17 +02:00
Àngel Ollé Blázquez
a67fbf5a5a fix: XSS mitigation 2023-08-26 01:30:17 +02:00
Àngel Ollé Blázquez
3365c8d447 Remove wrong files 2023-08-25 22:50:40 +02:00
Àngel Ollé Blázquez
368c046779 fix: Stored Cross-Site Scripting Lesson 2023-08-25 20:55:26 +02:00
dependabot[bot]
8749137d1e chore: bump org.webjars:jquery from 3.6.4 to 3.7.0 
Bumps [org.webjars:jquery](https://github.com/webjars/jquery) from 3.6.4 to 3.7.0.
- [Commits](https://github.com/webjars/jquery/compare/jquery-3.6.4...jquery-3.7.0)

---
updated-dependencies:
- dependency-name: org.webjars:jquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-25 00:31:04 +02:00
Àngel Ollé Blázquez
786cabd251 Make webjar dependencies version agnostic 2023-08-24 16:43:28 +02:00
dependabot[bot]
dda8b10f55 chore: bump org.jruby:jruby from 9.4.2.0 to 9.4.3.0 
Bumps org.jruby:jruby from 9.4.2.0 to 9.4.3.0.

---
updated-dependencies:
- dependency-name: org.jruby:jruby
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-19 00:20:59 +02:00
dependabot[bot]
d6ca083529 chore: bump commons-io:commons-io from 2.11.0 to 2.13.0 
Bumps commons-io:commons-io from 2.11.0 to 2.13.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-18 16:15:17 +02:00
test2user-aqil
7c92d625dd doc: fix version strings 
Replace `2023.3` with `2023.4`
 2023-08-16 15:59:23 +02:00
Àngel Ollé Blázquez
4ba818533c fix: WebWolf JWT jquery webjar 2023-08-09 01:32:03 +02:00
Nanne Baars
a9b1fd66b8
feat: implement JWT jku example (#1552) 
Closes #1539
 2023-08-08 17:18:22 +02:00
dependabot[bot]
8f6e47e6d4
chore: bump com.nulab-inc:zxcvbn from 1.7.0 to 1.8.0 (#1542) 
Bumps [com.nulab-inc:zxcvbn](https://github.com/nulab/zxcvbn4j) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/nulab/zxcvbn4j/releases)
- [Changelog](https://github.com/nulab/zxcvbn4j/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nulab/zxcvbn4j/compare/1.7.0...1.8.0)

---
updated-dependencies:
- dependency-name: com.nulab-inc:zxcvbn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-08-04 16:34:49 +02:00
dependabot[bot]
61de52840f
chore: bump com.diffplug.spotless:spotless-maven-plugin from 2.33.0 to 2.38.0 (#1535) 
* chore: bump com.diffplug.spotless:spotless-maven-plugin

Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.33.0 to 2.38.0.
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](https://github.com/diffplug/spotless/compare/lib/2.33.0...lib/2.38.0)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: format code

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nanne Baars <nanne.baars@owasp.org>
 2023-07-30 15:10:31 +02:00
dependabot[bot]
fd3eb2451c
chore: bump guava from 31.1-jre to 32.1.1-jre (#1530) 
Bumps [guava](https://github.com/google/guava) from 31.1-jre to 32.1.1-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-29 12:35:06 +02:00
dependabot[bot]
32fa1ec0a6
chore: bump jquery from 3.5.1 to 3.6.4 (#1529) 
Bumps [jquery](https://github.com/webjars/jquery) from 3.5.1 to 3.6.4.
- [Commits](https://github.com/webjars/jquery/compare/jquery-3.5.1...jquery-3.6.4)

---
updated-dependencies:
- dependency-name: org.webjars:jquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2023-07-27 13:04:46 +02:00
Àngel Ollé Blázquez
ad00119b0d Add Assignment7 Tests 2023-07-18 00:38:23 +02:00
Àngel Ollé Blázquez
25f49537e7 bug: Fix IDOR lesson 2023-07-16 17:14:27 +02:00
dependabot[bot]
8cb735e623 chore: bump joonvena/robotframework-reporter-action from 2.1 to 2.2 
Bumps [joonvena/robotframework-reporter-action](https://github.com/joonvena/robotframework-reporter-action) from 2.1 to 2.2.
- [Release notes](https://github.com/joonvena/robotframework-reporter-action/releases)
- [Commits](https://github.com/joonvena/robotframework-reporter-action/compare/v2.1...v2.2)

---
updated-dependencies:
- dependency-name: joonvena/robotframework-reporter-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-16 16:01:06 +02:00
dependabot[bot]
155a40aab4 chore: bump docker/build-push-action from 4.1.0 to 4.1.1 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-16 15:55:22 +02:00
dependabot[bot]
6c4ddbbaad chore: bump maven-surefire-plugin from 3.1.0 to 3.1.2 
Bumps [maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.1.0...surefire-3.1.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-16 15:41:25 +02:00
dependabot[bot]
d704f69879
chore: bump commons-compress from 1.22 to 1.23.0 (#1514) 
Bumps commons-compress from 1.22 to 1.23.0.

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-compress
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-15 09:28:40 +02:00
dependabot[bot]
3b2b613aa5
chore: bump asciidoctorj from 2.5.3 to 2.5.10 (#1498) 
Bumps [asciidoctorj](https://github.com/asciidoctor/asciidoctorj) from 2.5.3 to 2.5.10.
- [Release notes](https://github.com/asciidoctor/asciidoctorj/releases)
- [Changelog](https://github.com/asciidoctor/asciidoctorj/blob/v2.5.10/CHANGELOG.adoc)
- [Commits](https://github.com/asciidoctor/asciidoctorj/compare/v2.5.3...v2.5.10)

---
updated-dependencies:
- dependency-name: org.asciidoctor:asciidoctorj
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-18 20:21:53 +02:00
Nanne Baars
934ba3e496
fix: remove steps from release script (#1509) 
Closes gh-1383
 2023-06-18 20:13:38 +02:00
Àngel Ollé Blázquez
8ec718c1ef format 2023-06-15 19:26:33 +02:00
Àngel Ollé Blázquez
1df7ca61a3 Text content improvement 2023-06-15 19:26:33 +02:00
Àngel Ollé Blázquez
75398feca0 Add hints 2023-06-15 19:26:33 +02:00
dependabot[bot]
76a2365abf
chore: bump docker/setup-qemu-action from 2.1.0 to 2.2.0 (#1503) 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-14 10:31:00 +02:00
dependabot[bot]
015216df5f
chore: bump docker/login-action from 2.1.0 to 2.2.0 (#1502) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-13 17:06:35 +02:00
dependabot[bot]
60fc807d36
chore: bump docker/build-push-action from 4.0.0 to 4.1.0 (#1501) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v4.0.0...v4.1.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-13 10:50:53 +02:00