dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,148 Commits 11 Branches 78 Tags
f263888c032b1cb76d311e592b59487e1ee60b74
Commit Graph

3148 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Àngel Ollé Blázquez
a9fa53535d Fix Build Badge and Link (#1238) 2022-04-11 07:45:58 +02:00
Nanne Baars
711649924b Refactoring (#1201) 
* Some initial refactoring

* Make it one application

* Got it working

* Fix problem on Windows

* Move WebWolf

* Move first lesson

* Moved all lessons

* Fix pom.xml

* Fix tests

* Add option to initialize a lesson

This way we can create content for each user inside a lesson. The initialize method will be called when a new user is created or when a lesson reset happens

* Clean up pom.xml files

* Remove fetching labels based on language.

We only support English at the moment, all the lesson explanations are written in English which makes it very difficult to translate. If we only had labels it would make sense to support multiple languages

* Fix SonarLint issues

* And move it all to the main project

* Fix for documentation paths

* Fix pom warnings

* Remove PMD as it does not work

* Update release notes about refactoring

Update release notes about refactoring

Update release notes about refactoring

* Fix lesson template

* Update release notes

* Keep it in the same repo in Dockerhub

* Update documentation to show how the connection is obtained.

Resolves: #1180

* Rename all integration tests

* Remove command from Dockerfile

* Simplify GitHub actions

Currently, we use a separate actions for pull-requests and branch build.
This is now consolidated in one action.
The PR action triggers always, it now only trigger when the PR is
opened and not in draft.
Running all platforms on a branch build is a bit too much, it is better
 to only run all platforms when someone opens a PR.

* Remove duplicate entry from release notes

* Add explicit registry for base image

* Lesson scanner not working when fat jar

When running the fat jar we have to take into account we
are reading from the jar file and not the filesystem. In
this case you cannot use `getFile` for example.

* added info in README and fixed release docker

* changed base image and added ignore file

Co-authored-by: Zubcevic.com <rene@zubcevic.com>
 2022-04-09 14:56:12 +02:00
neilnaveen
f3d8206a07 Set permissions for GitHub actions (#1228) 
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
 2022-04-09 12:54:32 +02:00
dependabot[bot]
56f5b0f0fa Bump actions/cache from 2.1.7 to 3 (#1220) 
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.7...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-26 14:33:06 +01:00
dependabot[bot]
bed2eed8d8 Bump docker/build-push-action from 2.7.0 to 2.10.0 (#1218) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.7.0 to 2.10.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.7.0...v2.10.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-26 14:32:53 +01:00
dependabot[bot]
984548ae88 Bump actions/checkout from 2 to 3 (#1213) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-09 14:52:49 +01:00
dependabot[bot]
32475ea37e Bump docker/login-action from 1.13.0 to 1.14.1 (#1214) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.13.0 to 1.14.1.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.13.0...v1.14.1)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-09 14:52:28 +01:00
dependabot[bot]
2332bf22a7 Bump docker/login-action from 1.12.0 to 1.13.0 (#1209) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-28 07:58:56 +01:00
René Zubcevic
3bc009297e Update SessionManagementTest.java (#1198) 
url() is required in this case. You will notice it when changing host name or when using https
 2021-12-23 17:07:55 +01:00
Nanne Baars
44ab36aa1b Add message that WebGoat should be running while detecting datasource 2021-12-22 15:57:39 +01:00
Nanne Baars
969335f2f6 Update documentation for starting with java -jar 2021-12-22 15:57:11 +01:00
Nanne Baars
c000a9b467 Improve startup message Docker 2021-12-22 12:55:27 +01:00
dependabot[bot]
c5389f31c3 Bump docker/login-action from 1.9.0 to 1.12.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.9.0 to 1.12.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.9.0...v1.12.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-21 12:53:41 +01:00
Nanne Baars
85d4633f62 Update enforcer and exclude log4j-core completely (every version) 2021-12-21 10:05:12 +01:00
Nanne Baars
7ded0968c1 Ban log4j all together and update OWASP dep check 
Remove
 2021-12-20 21:45:44 +01:00
Zubcevic.com
cb6b1d73d1 upgrade to latest spring-boot libs and fixed related issues 2021-12-20 21:45:44 +01:00
Nanne Baars
44f70ce4dc Remove unnecessary compiler section from pom.xml as it confuses Intellij while importing 2021-12-20 16:45:06 +01:00
Nanne Baars
a42f8fcf75 No progress information for Maven 2021-12-20 16:45:06 +01:00
Nanne Baars
ac4b06f11b Move enabling security to WebGoat core and add resetting the lessons. 
We can use it for more lessons and showcase how to apply security directly from the source code.

Resolves: #1176
 2021-12-20 16:45:06 +01:00
Zubcevic.com
705ec85f35 openshift support 2021-12-19 13:49:38 +01:00
Àngel Ollé Blázquez
1f1fb73f86 Style fix (#1191) 
* renamed README

* rename
 2021-12-18 18:06:32 +01:00
Nanne Baars
e169650ebc Update documentation 2021-12-15 17:47:12 +01:00
Nanne Baars
2589aa3fa4 Update documentation 2021-12-15 17:46:58 +01:00
Nanne Baars
51c007c545 Update documentation 2021-12-15 17:46:46 +01:00
Nanne Baars
5089c107ba Update documentation 2021-12-15 17:46:35 +01:00
Nanne Baars
69a93f30d2 update documentation 2021-12-15 17:46:24 +01:00
Nanne Baars
80e01d680b add editor config 2021-12-15 17:46:14 +01:00
Nanne Baars
0658fcefcd update documentation 2021-12-15 17:46:03 +01:00
Nanne Baars
d41d21b2e6 Update the documentation 2021-12-15 17:45:52 +01:00
Àngel Ollé Blázquez
939f860ddd renamed spoof-cookie form 2021-12-08 19:37:10 +01:00
Àngel Ollé Blázquez
d047c41e86 Update README.MD 2021-11-27 18:06:45 +01:00
Nanne Baars
8dd66fc0ff Improve Docker start up script 
- Make sure the last line contains the information
- Split in separate functions
- Add option to skip starting nginx (by default it is started)
 2021-11-23 13:22:19 +01:00
Nanne Baars
d496c929b3 Use variables to check WebWolf host and port 
WebWolf can start on a different port, the assignment should take this into account and not check for a hardcoded value.

Resolves: #1055
 2021-11-23 13:22:08 +01:00
Nanne Baars
f8dda37027 Rename properties 
Rename `webwolf.url.*` to `webwolf.*.url` making it easier to move to a configuration class as no nested property is necessary
 2021-11-23 13:22:08 +01:00
dependabot[bot]
48fd7f310e Bump actions/cache from 2.1.5 to 2.1.7 
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.5 to 2.1.7.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.5...v2.1.7)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-11-23 13:21:52 +01:00
Àngel Ollé Blázquez
5107e111bf test url fix 2021-11-19 13:07:49 +01:00
Àngel Ollé Blázquez
dd2e9f074d Hijack Session Lesson 2021-11-19 13:07:49 +01:00
Nanne Baars
ec954046db Add Discussions badge 2021-11-16 17:53:16 +01:00
Jeroen Willemsen
6be9635f51 Update OWASP badge 2021-11-16 16:43:18 +01:00
Jeroen Willemsen
f7dd69e382 Fix to move to java17 2021-11-16 16:39:53 +01:00
Nanne Baars
fc6b0f28df Add endpoint for the JavaScript to post to 
The JavaScript posts to a random endpoint resulting in a HTTP/405 we now post to an existing endpoint.

Resolves: #1142
 2021-11-16 16:34:14 +01:00
Nanne Baars
f13632578d Fix layout of assignment and remove duplicate feedback 
Resolves: #1143
 2021-11-16 16:34:02 +01:00
Nanne Baars
b23b428763 Fix spelling/grammar 
Resolves: #1143
 2021-11-16 16:34:02 +01:00
Nanne Baars
32a41debad Fix spelling/grammar and reference to ZAP 2.8.0 
Resolves: #1141
 2021-11-16 16:33:48 +01:00
Nanne Baars
fafddda82a Update ZAP instructions 
We reference ZAP 2.8.0 explicitly which is not necessary. Also the way ZAP works changed, we no longer need to change the port as ZAP will report there is a conflict during startup.

Resolves: #1141
 2021-11-16 16:33:48 +01:00
Nanne Baars
5bf33db78f Remove obsolete hints 2021-11-16 16:33:36 +01:00
Nanne Baars
20d7015dff Move unit test to JUnit 5 2021-11-16 16:33:36 +01:00
Nanne Baars
2fbc52e6a2 Remove some unused code 2021-11-16 16:33:36 +01:00
Nanne Baars
ab0433bb67 Fix link and typo 
The link pointed to the old OWASP website. Also fixed some typos here and there

Resolves: #1136
 2021-11-16 16:33:10 +01:00
Nanne Baars
f2f7f36a6d Fix typo in hints 
The hints for JWT used `jwt` instead of `JWT` which makes it difficult to solve the lesson as the hint actually points someone in the wrong direction.

Resolves: #123
 2021-11-16 16:32:57 +01:00