dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,122 Commits 11 Branches 78 Tags
Commit Graph

3122 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
François Capon
3134f18066
fix: Success if only Smith earn most salary (#1744) 
* Update labels

* Update Java

* Update Test

---------

Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2024-06-01 10:50:38 +02:00
Vandeputte Brice
e219887f14
docs: Update HttpBasics_plan.adoc - fix broken link to https://www.zaproxy.org/ (#1803) 
fix broken link OWASP ZAP -  https://www.zaproxy.org/

Co-authored-by: René Zubcevic <rene@zubcevic.com>
 2024-06-01 10:45:12 +02:00
René Zubcevic
508703ffce
update dependencies and version (#1807) 
* update dependencies and version
* debug macos build issue
* update and fix Dockerfile(s)
 2024-05-31 19:39:03 +02:00
Nanne Baars
e308d7cde7
chore: upgrade checkout out to v4 (#1781) 2024-03-25 22:27:56 +01:00
Nanne Baars
4ab820e1d1
feat: move CSRF to A3 (#1776) 
CSRF is part of security misconfiguration in the OWASP Top 10.
 2024-03-21 20:50:37 +01:00
Jason White
1a6a7e0be1
reverting my goofs after launching from wrong browser tab (#1774) 2024-03-19 18:01:30 +01:00
Jason White
2e9140ab64
Merge pull request #1773 from misfir3/test-semgrep-on-merge 
Test semgrep on merge
 2024-03-18 13:21:21 -06:00
Jason White
b79c83a52e
linty 2024-03-18 19:19:12 +00:00
Jason White
297c6f49b5
Merge branch 'main' into test-semgrep-on-merge 2024-03-18 13:14:39 -06:00
Jason White
d2049a8fcc
updating for testing 2024-03-18 19:13:50 +00:00
Jason White
24db39eae2
test semgrep 2024-03-18 19:12:13 +00:00
Jason White
98443184e9
Merge pull request #1 from WebGoat/develop 
updating from main branch to test semgrep
 2024-03-18 13:05:23 -06:00
Nanne Baars
62931a1836
feature: enable CORS configuration (#1771) 2024-03-17 10:55:27 +01:00
cap-dev0x
c18430752a build(Dockerfile): replace deprecated MAINTAINER tag with label of the same 
Current syntax now used to denote the "WebGoat team" as maintainer

Link: https://docs.docker.com/reference/dockerfile/#label

Signed-off-by: cap-dev0x <158111888+cap-dev0x@users.noreply.github.com>
 2024-02-25 23:20:23 +01:00
François Capon
57d5b313b9 Fix typo in SQLi blind case 2024-02-10 16:02:35 +01:00
cap-dev0x
dd0f135088
fix(quiz): use $ instead of jQuery which is undefined (#1736) 
Fixes: #1703

Signed-off-by: cap-dev0x <158111888+cap-dev0x@users.noreply.github.com>
 2024-02-05 14:30:01 +01:00
dependabot[bot]
ad0286d5ba
chore: bump actions/cache from 3.3.1 to 4.0.0 (#1729) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.3.1 to 4.0.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.3.1...v4.0.0)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-29 11:03:15 +01:00
dependabot[bot]
b67eb44142
chore: bump io.github.bonigarcia:webdrivermanager from 5.3.3 to 5.6.3 (#1716) 
Bumps [io.github.bonigarcia:webdrivermanager](https://github.com/bonigarcia/webdrivermanager) from 5.3.3 to 5.6.3.
- [Release notes](https://github.com/bonigarcia/webdrivermanager/releases)
- [Changelog](https://github.com/bonigarcia/webdrivermanager/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bonigarcia/webdrivermanager/compare/webdrivermanager-5.3.3...webdrivermanager-5.6.3)

---
updated-dependencies:
- dependency-name: io.github.bonigarcia:webdrivermanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 15:10:16 +01:00
dependabot[bot]
7e75e9b8fc
chore: bump org.apache.commons:commons-exec from 1.3 to 1.4.0 (#1721) 
Bumps org.apache.commons:commons-exec from 1.3 to 1.4.0.

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-exec
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 14:59:40 +01:00
dependabot[bot]
40c679ec5a
chore: bump org.jsoup:jsoup from 1.16.1 to 1.17.2 (#1717) 
Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup) from 1.16.1 to 1.17.2.
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES.md)
- [Commits](https://github.com/jhy/jsoup/compare/jsoup-1.16.1...jsoup-1.17.2)

---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 14:51:32 +01:00
Peter Potrowl
4ebb869f5d
Fix hidden links in MissingFunctionAC.html. (#1710) 2023-12-29 15:01:35 +01:00
Peter Potrowl
6bb7a182dc Fix typos in texts. 2023-12-14 23:00:59 +01:00
Peter Potrowl
cb2c99d38d Improve texts to avoid confusion. 2023-12-14 22:54:20 +01:00
dependabot[bot]
84029345b4
chore: bump actions/setup-java from 3 to 4 (#1698) 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-06 20:17:13 +01:00
dependabot[bot]
a0ca199cdc chore: bump actions/setup-python from 4 to 5 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-06 19:39:28 +01:00
Nanne Baars
2058298e2d chore: move to SNAPSHOT 2023-12-06 17:35:12 +01:00
Nanne Baars
17acef57b4 chore: add pre-commit hooks 
chore: add pre-commit hooks

chore: add pre-commit hooks

chore: add pre-commit hooks

chore: add pre-commit hooks
 2023-12-06 17:16:24 +01:00
Nanne Baars
d913967ec5 refactor: remove usage of RequestMapping 2023-12-06 17:16:24 +01:00
Nanne Baars
87edc7d1db refactor: use AssertJ for testing 
Majority of our test cases use AssertJ
 2023-12-06 17:16:24 +01:00
Nanne Baars
ac7a9c7863 chore: update GitHub action name 2023-12-05 14:22:19 +01:00
dependabot[bot]
2803ef45e4
chore: bump org.webjars:bootstrap from 5.3.1 to 5.3.2 (#1693) 
Bumps [org.webjars:bootstrap](https://github.com/webjars/bootstrap) from 5.3.1 to 5.3.2.
- [Commits](https://github.com/webjars/bootstrap/compare/bootstrap-5.3.1...bootstrap-5.3.2)

---
updated-dependencies:
- dependency-name: org.webjars:bootstrap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-05 14:04:09 +01:00
Nanne Baars
5357a65e05 chore: release 2023.8 v2023.8 2023-12-05 11:21:15 +01:00
Nanne Baars
d343c60781 chore: do not spend time on building the Docker image 
We can test this ourselves there is no need to run this on every PR towards the repository.
 2023-12-05 11:15:53 +01:00
Nanne Baars
98acc1f55a fix: get the right Github token 2023-12-05 11:15:06 +01:00
Nanne Baars
f99888e61b fix: typo in the step of the name 2023-12-05 11:14:51 +01:00
Nanne Baars
29dda49190 chore: WebWolf bootstrap can now be updated 2023-12-05 11:14:27 +01:00
Nanne Baars
369be6f688 fix: disable extra build file 2023-12-05 11:14:08 +01:00
Nanne Baars
d5f869c006 chore: release version 2023.7 v2023.7 2023-12-04 23:10:52 +01:00
Nanne Baars
a9caaabb47 fix: wrong Docker image 2023-12-04 23:09:51 +01:00
Nanne Baars
fb2ff01775 chore: release 2023.6 v2023.6 2023-12-04 22:56:58 +01:00
dependabot[bot]
89ecf1d2ad
chore: bump actions/first-interaction from 1.2.0 to 1.3.0 (#1691) 
Bumps [actions/first-interaction](https://github.com/actions/first-interaction) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/actions/first-interaction/releases)
- [Commits](https://github.com/actions/first-interaction/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: actions/first-interaction
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 22:45:16 +01:00
dependabot[bot]
1b66a742da
chore: bump actions/setup-java from 3 to 4 (#1690) 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 22:40:54 +01:00
dependabot[bot]
a831da5886
chore: bump commons-io:commons-io from 2.14.0 to 2.15.1 (#1689) 
Bumps commons-io:commons-io from 2.14.0 to 2.15.1.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 22:33:27 +01:00
dependabot[bot]
fd5189c102
chore: bump com.diffplug.spotless:spotless-maven-plugin (#1688) 
Bumps [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) from 2.38.0 to 2.41.1.
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](https://github.com/diffplug/spotless/compare/lib/2.38.0...maven/2.41.1)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 22:24:53 +01:00
Nanne Baars
ae261f201a feat: show directly requested file in requests overview 
When a call directly hits a file it is now show up in the requests overview. This helps the user whether an attack from WebGoat actually requested the uploaded file.

Closes: gh-1551
 2023-12-04 21:34:16 +01:00
Nanne Baars
3d651526be feat: show creating time in file upload overview 
Closes: gh-1551
 2023-12-04 21:32:02 +01:00
Nanne Baars
c7c2a61f65
chore: fix startup message (#1687) 
Since we use two application context, the event listener would print out the last one with the WebWolf context. As WebWolf is part of WebGoat we should not refer to it anymore during startup as users should always go to WebGoat first.
 2023-12-04 07:59:29 +01:00
Nanne Baars
b7f657ad2c
chore: fix WebWolf UI (#1686) 
Fix-ups after the Bootstrap 5 upgrade for WebWolf.
 2023-12-02 12:59:56 +01:00
René Zubcevic
7fea42afe9
Fix/state of software supply chain links (#1683) 
* fix:update state of software supply chain links

* fix:fix second link

* fix:links formatting

---------

Co-authored-by: maurycupitt <maury@cupitt.com>
 2023-11-27 15:33:14 +01:00
René Zubcevic
826887cc83
Consistent environment values and url references (#1677) 
* organizing environment variables

* Update application-webgoat.properties

* Update pom.xml

* test without ssl

* fix docker base image and default env entries

* seperate server.address from webgoat.host and webwolf.host

* change base image and enable endpoint logging for docker as well

* change README

* change README

* make integration test able to verify against alternative host names

* use dynamic ports and remove system println
 2023-11-27 14:35:49 +01:00