f3c7f4588b
chore: bump docker/build-push-action from 6.9.0 to 6.10.0 ( #1969 )
2024-12-03 22:13:24 +01:00
119b84d034
chore: bump org.wiremock:wiremock-standalone from 3.9.2 to 3.10.0 ( #1970 )
2024-12-03 22:13:11 +01:00
afd951228d
chore: bump org.jsoup:jsoup from 1.18.1 to 1.18.3 ( #1971 )
2024-12-03 22:13:00 +01:00
51e3f59054
fix: Hint labels showing default text regardless of localization ( #1965 )
2024-11-26 23:34:09 +01:00
cc0efd8600
chore: bump commons-io:commons-io from 2.17.0 to 2.18.0 ( #1961 )
2024-11-26 23:21:10 +01:00
e29dccf3c9
chore: bump org.testcontainers:junit-jupiter from 1.20.3 to 1.20.4 ( #1963 )
2024-11-26 23:20:25 +01:00
0cf861fb3c
chore: bump org.testcontainers:testcontainers from 1.20.3 to 1.20.4 ( #1964 )
2024-11-26 23:20:11 +01:00
d8100385b6
fix: automatically solve XSS mitigation ( #1957 )
...
This PR moves the mitigation Java class into the correct package.
The lesson was automatically solved because no assignments were found.
Closes : #1943
2024-11-14 08:42:55 +01:00
4880afa0e3
fix: remove implicit context path guessing ( #1956 )
...
Pass the context-path in the assignment overview so the frontend can easily match an assignment.
2024-11-13 21:32:28 +01:00
e60ca6ce72
chore: bump org.jruby:jruby from 9.4.8.0 to 9.4.9.0 ( #1954 )
2024-11-11 13:46:45 +01:00
88a763f513
chore: bump org.testcontainers:junit-jupiter from 1.20.1 to 1.20.3 ( #1946 )
...
Bumps [org.testcontainers:junit-jupiter](https://github.com/testcontainers/testcontainers-java ) from 1.20.1 to 1.20.3.
- [Release notes](https://github.com/testcontainers/testcontainers-java/releases )
- [Changelog](https://github.com/testcontainers/testcontainers-java/blob/main/CHANGELOG.md )
- [Commits](https://github.com/testcontainers/testcontainers-java/compare/1.20.1...1.20.3 )
---
updated-dependencies:
- dependency-name: org.testcontainers:junit-jupiter
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-07 16:13:27 +01:00
7f33d3609f
chore: bump org.apache.maven.plugins:maven-surefire-plugin ( #1948 )
...
Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire ) from 3.5.1 to 3.5.2.
- [Release notes](https://github.com/apache/maven-surefire/releases )
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.5.1...surefire-3.5.2 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-07 16:13:10 +01:00
bf02077427
chore: bump org.wiremock:wiremock-standalone from 3.9.1 to 3.9.2 ( #1947 )
...
Bumps [org.wiremock:wiremock-standalone](https://github.com/wiremock/wiremock ) from 3.9.1 to 3.9.2.
- [Release notes](https://github.com/wiremock/wiremock/releases )
- [Commits](https://github.com/wiremock/wiremock/compare/3.9.1...3.9.2 )
---
updated-dependencies:
- dependency-name: org.wiremock:wiremock-standalone
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-07 15:46:43 +01:00
e1e00bca73
fix: JWT kid/jku lessons ( #1949 )
...
* refactor: rewrite hints
Use active voice and fix grammar issues.
* fix: use Thymeleaf `th:action`
* fix: JWT kid/jku lessons
Split the JavaScript into two files they pointed to the same URL
The JWTs are now valid, they parse successfully.
The paths now include `/kid` and `/jku` to make sure the hints match accordingly in the UI. Otherwise `/delete` would pick up both hints from both assignments as the paths overlap.
Closes : #1715
* fix: update to latest pre-commit version
* fix: increase timeouts for server to start during integration tests
2024-11-07 15:45:33 +01:00
d59153d6d7
Fix password reset lesson ( #1941 )
...
* docs: improve text
* fix: use correct POST url
2024-10-29 17:32:51 +01:00
87fae00f03
chore: bump commons-io:commons-io from 2.16.1 to 2.17.0 ( #1937 )
...
Bumps commons-io:commons-io from 2.16.1 to 2.17.0.
---
updated-dependencies:
- dependency-name: commons-io:commons-io
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-29 16:30:32 +01:00
3f6a74ad86
chore(gh-actions): update dependency
2024-10-28 22:02:02 +01:00
1d37ee0877
ci: run pre-commit checks first
...
Create a dependency between the jobs.
2024-10-28 21:59:10 +01:00
4f6ab25ebd
ci: run pre-commit checks first
2024-10-28 21:57:43 +01:00
af687e71fe
chore: bump com.google.guava:guava from 33.3.0-jre to 33.3.1-jre ( #1939 )
2024-10-28 20:02:09 +01:00
83ed4c3d5c
chore: bump org.testcontainers:testcontainers from 1.20.1 to 1.20.3 ( #1935 )
2024-10-28 15:05:33 +01:00
62cdfd0824
chore: bump com.github.terma:javaniotcpproxy from 1.5 to 1.6 ( #1936 )
2024-10-28 15:04:15 +01:00
e7457f4821
chore: bump org.apache.maven.plugins:maven-checkstyle-plugin ( #1938 )
2024-10-28 15:04:01 +01:00
4efaf87c7e
Fix passing command line arguments ( #1933 )
...
* fix: use banners correctly
* fix: passing command line arguments
Since we already have `webwolf.port` it makes sense to also define `webwolf.port` explicitly and not rely on `server.port`
Closes : #1910
2024-10-27 08:39:02 +01:00
cf5101a633
chore: bump org.asciidoctor:asciidoctorj from 2.5.13 to 3.0.0 ( #1897 )
2024-10-26 22:53:43 +02:00
3f049ba53a
Nbaars/1886 ( #1932 )
...
* improved code readbility
* chore: format code
---------
Co-authored-by: guilherme peixoto <peixoto-guilherme7@hotmail.com >
2024-10-26 22:18:28 +02:00
7e294fbdb5
chore: bump org.apache.commons:commons-compress from 1.26.2 to 1.27.1 ( #1884 )
2024-10-26 19:27:07 +02:00
2177eb663a
chore: bump docker/build-push-action from 6.7.0 to 6.9.0 ( #1920 )
2024-10-26 16:59:13 +02:00
50692300eb
docs: Show boolean operators priority on where ( #1902 )
2024-10-26 14:48:50 +02:00
e2c2d425cb
chore: bump actions/cache from 4.0.2 to 4.1.1 ( #1925 )
2024-10-26 14:25:04 +02:00
6bbd3cb66b
chore: bump org.springframework.boot:spring-boot-starter-parent ( #1931 )
2024-10-26 14:20:14 +02:00
d08a56d351
chore: add test for solving same lesson as different user. ( #1930 )
...
We removed the constraint but did not add an extra testcase to cover this bug.
Closes : #1890
2024-10-26 12:06:30 +02:00
ec97568ec2
chore: bump org.apache.maven.plugins:maven-surefire-plugin ( #1922 )
...
Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire ) from 3.3.1 to 3.5.1.
- [Release notes](https://github.com/apache/maven-surefire/releases )
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.3.1...surefire-3.5.1 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-26 10:55:02 +02:00
9b68368b23
chore: bump pre-commit-ci/lite-action from 1.0.1 to 1.1.0 ( #1926 )
...
Bumps [pre-commit-ci/lite-action](https://github.com/pre-commit-ci/lite-action ) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/pre-commit-ci/lite-action/releases )
- [Commits](https://github.com/pre-commit-ci/lite-action/compare/v1.0.1...v1.1.0 )
---
updated-dependencies:
- dependency-name: pre-commit-ci/lite-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-26 10:54:46 +02:00
ab068901f1
Remove WebGoat session object ( #1929 )
...
* refactor: modernize code
* refactor: move to Tomcat
* chore: bump to Spring Boot 3.3.3
* refactor: use Testcontainers to run integration tests
* refactor: lesson/assignment progress
* chore: format code
* refactor: first step into removing base class for assignment
Always been a bit of an ugly construction, as none of the dependencies are clear. The constructors are hidden due to autowiring the base class. This PR removes two of the fields.
As a bonus we now wire the authentication principal directly in the controllers.
* refactor: use authentication principal directly.
* refactor: pass lesson to the endpoints
No more need to get the current lesson set in a session. The lesson is now passed to the endpoints.
* fix: Testcontainers cannot run on Windows host in Github actions.
Since we have Windows specific paths let's run it standalone for now. We need to run these tests on Docker as well (for now disabled)
2024-10-26 10:54:21 +02:00
cb7c508046
fix: reset form and quiz color on reset lesson ( #1903 )
...
* ./mvnw spotless:apply
```
[INFO] --- spotless-maven-plugin:2.41.1:apply (default-cli) @ webgoat ---
[INFO] Writing clean file: /home/ulyssa/labs/WebGoat/WebGoat-bb6e84d/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java
```
* On reset lesson: reset form and quizzes colors
2024-10-26 09:22:18 +02:00
f4c86be6c7
Update fix version
2024-10-18 22:50:19 +02:00
cf2c115093
fix: xss lesson typo
2024-10-18 22:38:32 +02:00
bb6e84ddcf
chore: bump com.google.guava:guava from 33.2.1-jre to 33.3.0-jre ( #1879 )
...
Bumps [com.google.guava:guava](https://github.com/google/guava ) from 33.2.1-jre to 33.3.0-jre.
- [Release notes](https://github.com/google/guava/releases )
- [Commits](https://github.com/google/guava/commits )
---
updated-dependencies:
- dependency-name: com.google.guava:guava
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-04 21:44:38 +02:00
5fc2666b43
chore: bump docker/build-push-action from 6.5.0 to 6.7.0 ( #1877 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 6.5.0 to 6.7.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v6.5.0...v6.7.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-04 21:43:46 +02:00
6e946f21a2
chore: bump io.github.bonigarcia:webdrivermanager from 5.9.1 to 5.9.2 ( #1866 )
...
Bumps [io.github.bonigarcia:webdrivermanager](https://github.com/bonigarcia/webdrivermanager ) from 5.9.1 to 5.9.2.
- [Release notes](https://github.com/bonigarcia/webdrivermanager/releases )
- [Changelog](https://github.com/bonigarcia/webdrivermanager/blob/master/CHANGELOG.md )
- [Commits](https://github.com/bonigarcia/webdrivermanager/compare/webdrivermanager-5.9.1...webdrivermanager-5.9.2 )
---
updated-dependencies:
- dependency-name: io.github.bonigarcia:webdrivermanager
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-04 15:57:57 +02:00
d38ba2a626
chore: bump docker/build-push-action from 6.4.1 to 6.5.0 ( #1867 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 6.4.1 to 6.5.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v6.4.1...v6.5.0 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-04 15:56:33 +02:00
4c7e6ae4f4
chore: bump org.wiremock:wiremock from 3.9.0 to 3.9.1 ( #1865 )
...
Bumps [org.wiremock:wiremock](https://github.com/wiremock/wiremock ) from 3.9.0 to 3.9.1.
- [Release notes](https://github.com/wiremock/wiremock/releases )
- [Commits](https://github.com/wiremock/wiremock/compare/3.9.0...3.9.1 )
---
updated-dependencies:
- dependency-name: org.wiremock:wiremock
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-04 15:56:12 +02:00
58b762eade
fix: copying file using transferTo sometimes fails. ( #1862 )
...
Turns out that using this method sometimes fails with an exception about unable to delete a directory.
The stacktrace points to:
```
java.nio.file.FileSystemException: /tmp/webwolf-fileserver/dumbanddummer/xxe_a11.dtd: Not a directory
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:100) ~[na:na]
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106) ~[na:na]
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[na:na]
at java.base/sun.nio.fs.UnixFileSystemProvider.implDelete(UnixFileSystemProvider.java:248) ~[na:na]
at java.base/sun.nio.fs.AbstractFileSystemProvider.deleteIfExists(AbstractFileSystemProvider.java:110) ~[na:na]
at java.base/java.nio.file.Files.deleteIfExists(Files.java:1191) ~[na:na]
at java.base/java.nio.file.Files.copy(Files.java:3147) ~[na:na]
at io.undertow.server.handlers.form.FormData$FileItem.write(FormData.java:274) ~[undertow-core-2.3.10.Final.jar!/:2.3.10.Final]
at io.undertow.servlet.spec.PartImpl.write(PartImpl.java:119) ~[undertow-servlet-2.3.10.Final.jar!/:2.3.10.Final]
at org.springframework.web.multipart.support.StandardMultipartHttpServletRequest$StandardMultipartFile.transferTo(StandardMultipartHttpServletRequest.java:254) ~[spring-web-6.0.13.jar!/:6.0.13]
at org.owasp.webgoat.webwolf.FileServer.importFile(FileServer.java:89)
```
It has to do with the underlying implmentation in Undertow. An explaination can be found here: https://stackoverflow.com/questions/60336929/java-nio-file-nosuchfileexception-when-file-transferto-is-called
The solution is to take the input stream and use a simple `Files.copy()` to copy the file.
Closes : #1737
2024-07-28 17:47:30 +02:00
2b0c22ac68
Small improvements ( #1848 )
...
* refactor: remove CORS
* improvement: add healthcheck to Docker file
2024-07-23 17:42:56 +02:00
85103bbcad
chore: bump docker/login-action from 3.2.0 to 3.3.0 ( #1855 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v3.2.0...v3.3.0 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-23 17:36:27 +02:00
b98e1a98e1
chore: bump docker/build-push-action from 6.2.0 to 6.4.1 ( #1854 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 6.2.0 to 6.4.1.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v6.2.0...v6.4.1 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 20:33:06 +02:00
73de259809
chore: bump org.wiremock:wiremock from 3.8.0 to 3.9.0 ( #1852 )
...
Bumps [org.wiremock:wiremock](https://github.com/wiremock/wiremock ) from 3.8.0 to 3.9.0.
- [Release notes](https://github.com/wiremock/wiremock/releases )
- [Commits](https://github.com/wiremock/wiremock/compare/3.8.0...3.9.0 )
---
updated-dependencies:
- dependency-name: org.wiremock:wiremock
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 20:32:48 +02:00
4a804fabb6
chore: bump org.jsoup:jsoup from 1.17.2 to 1.18.1 ( #1851 )
...
Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup ) from 1.17.2 to 1.18.1.
- [Release notes](https://github.com/jhy/jsoup/releases )
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES.md )
- [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.17.2...jsoup-1.18.1 )
---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 20:32:27 +02:00
7f652dadec
chore: bump org.apache.maven.plugins:maven-surefire-plugin ( #1850 )
...
Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire ) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/apache/maven-surefire/releases )
- [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.3.0...surefire-3.3.1 )
---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 20:32:10 +02:00
