dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,823 Commits 11 Branches 78 Tags
Commit Graph

2823 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nanne Baars
f6c7a54931 docs: add screenshot to README and add Docker WebGoat desktop text 2023-02-17 12:56:43 +01:00
Nanne Baars
f1012c85d6 feat: add Docker desktop version of WebGoat with all tools installed 
The new Docker image uses linuxserver/webtop giving users the opportunity
to run a Linux desktop in their browser without installing any tools
on their local machine.
 2023-02-17 12:56:43 +01:00
Nanne Baars
ecfc321f14 feature: Add extra feedback once someone solves JWT refresh lesson differently 
One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback.
 2023-02-16 20:32:27 +00:00
Nanne Baars
73b8c431fc chore: use constructor instead of field dependency injection 2023-02-16 20:32:27 +00:00
dependabot[bot]
b68adfbc7c Bump devops-infra/action-pull-request from 0.5.3 to 0.5.5 
Bumps [devops-infra/action-pull-request](https://github.com/devops-infra/action-pull-request) from 0.5.3 to 0.5.5.
- [Release notes](https://github.com/devops-infra/action-pull-request/releases)
- [Commits](https://github.com/devops-infra/action-pull-request/compare/v0.5.3...v0.5.5)

---
updated-dependencies:
- dependency-name: devops-infra/action-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-16 14:09:05 +00:00
Nanne Baars
1a2855afcd chore: set directories explicitly when running IT tests 2023-02-16 12:24:02 +00:00
Nanne Baars
693771220c fix: change url in JavaScript for JWT endpoint 
The JavaScript pointed to the context root /WebWolf/ which is no longer in use.
 2023-02-16 12:24:02 +00:00
Àngel Ollé Blázquez
075b1ab30a Fix WebWolf JWT tool 2023-02-15 22:40:24 +00:00
Nanne Baars
390ff39f19 chore: format src/test/it as well 2023-02-15 19:01:06 +00:00
Nanne Baars
3ec34b0df5 fix: challenge test fails sometimes when calling scoreboard endpoint 2023-02-15 19:01:06 +00:00
Nanne Baars
eb4c8388f8 Update Dockerfile 2023-02-15 12:11:12 +00:00
Àngel Ollé Blázquez
ae081ce319 Add fileserver location (test) 2023-02-15 12:00:54 +00:00
Nanne Baars
bd398e4c09 #1396 Fix templates path for views 2023-02-15 11:58:49 +00:00
dependabot[bot]
c9d1653d4f Bump docker/build-push-action from 3.2.0 to 4.0.0 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.2.0 to 4.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v3.2.0...v4.0.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-10 21:39:35 +01:00
dependabot[bot]
77c91b8df8 Bump actions/cache from 3.2.3 to 3.2.5 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.3 to 3.2.5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.2.3...v3.2.5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-10 21:38:56 +01:00
Nanne Baars
f9b810c5ee Fix formatting issue 2023-01-14 18:29:24 +01:00
Nanne Baars
dc0fc09679 Move to main and skip develop 
Using main and develop imposes a complicated release process with Gitflow etc. To simplify our release process we move our development to the main branch skipping develop.
 2023-01-14 18:24:35 +01:00
Nanne Baars
a0173fd8f8 Merge branch 'develop' 2023-01-14 17:07:37 +01:00
dependabot[bot]
58e7e9d4ef Bump actions/cache from 3.2.2 to 3.2.3 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.2 to 3.2.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.2.2...v3.2.3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-11 20:59:09 +01:00
Nanne Baars
c7a41d1b17 Merge branch 'release/v2023.3' into develop 2023-01-05 21:59:37 +01:00
Nanne Baars
edd9aa36c2 Merge branch 'release/v2023.3' v2023.3 2023-01-05 21:59:29 +01:00
Nanne Baars
27fe1850de Preparing new release 2023-01-05 21:59:01 +01:00
Nanne Baars
5c2bbd1227 Fix jar path while creating a release 2023-01-05 21:57:08 +01:00
Nanne Baars
683b629663 Back to snapshot 2023-01-05 21:52:40 +01:00
Nanne Baars
04908a81e7 Add change log URL 2023-01-05 21:51:45 +01:00
Nanne Baars
701de68ef2 Merge branch 'release/v2023.2' into develop 2023-01-05 21:37:28 +01:00
Nanne Baars
81ed738493 Merge branch 'release/v2023.2' v2023.2 2023-01-05 21:37:21 +01:00
Nanne Baars
c03d153978 New release 2023-01-05 21:36:48 +01:00
Nanne Baars
6ab04db2ee Merge branch 'release/v2023.1' into develop 2023-01-05 21:06:36 +01:00
Nanne Baars
a108a937b5 Merge branch 'release/v2023.1' v2023.1 2023-01-05 21:06:22 +01:00
Nanne Baars
6d5ea57606 New release 2023-01-05 21:02:26 +01:00
Nanne Baars
79fd88eeb6 Use Java 17 2023-01-05 21:00:43 +01:00
Nanne Baars
64b10c1a59 Merge branch 'release/v2023.0' into develop 2023-01-05 20:52:02 +01:00
Nanne Baars
6398d31c14 Merge branch 'release/v2023.0' v2023.0 2023-01-05 20:51:53 +01:00
Nanne Baars
716a7dd9ea Preparing release 2023.0 2023-01-05 20:51:34 +01:00
Nanne Baars
323daae578 Vulnerable components only work in a Docker container 2023-01-05 20:51:15 +01:00
Nanne Baars
bdbf66c8e1 Merge branch 'release/v2023.1' into develop 2023-01-05 20:38:54 +01:00
Nanne Baars
174a59c35a Preparing release 2023.1 2023-01-05 20:38:20 +01:00
Nanne Baars
a08e515f6d Merge branch 'release/v2023.0' into develop 2023-01-05 20:35:02 +01:00
Nanne Baars
f766edcfcb Preparing release 2023.0 2023-01-05 20:31:24 +01:00
Nanne Baars
3901814363 Fix documentation link for XXE mitigation. 2023-01-05 19:00:12 +01:00
Nanne Baars
59bfd7c6d4 Move XXE to A05 - Security Misconfiguration 2023-01-05 19:00:12 +01:00
Nanne Baars
11776e1d6a Remove explicit goal for code formatting 
`mvn verify` already checks formatting, having a separate step is not necessary. We now also check Markdown files for correct formatting.
 2023-01-05 18:18:52 +01:00
Nanne Baars
7664625afa Add documentation about reusing the container. 
The documentation now contains a description to reuse the initially create container. This way the user can start where they left off. The documentation only described creating a new container each and every time leaving users to create a new login each and every time.

Add documentation about reusing the container.

The documentation now contains a description to reuse the initially create container. This way the user can start where they left off. The documentation only described creating a new container each and every time leaving users to create a new login each and every time.
 2023-01-05 18:18:52 +01:00
Nanne Baars
dca415099f Remove unused JavaScript function 2023-01-05 11:33:00 +01:00
Nanne Baars
54e115aff0 Update the solution with WebWolf URLs 
The new solution uses WebWolf paths as these will change automatically when a user start WebGoat on a different port. It no longer depends on the hardcoded port `8080`.
 2023-01-05 11:02:45 +01:00
Nanne Baars
fcaa2d8589 Fix zip slip lesson. 
The lesson did not work properly as the directory is reused across several path traversal lessons. First thing before uploading the zip file we now clean the directory.

The html had a reference to a location of the profile picture, this was part of a hint but this only causes confusion as this is not indicating to where you need to upload the picture with the Zip Slip vulnerability.

The assignment now contains a direct hint as where the image needs to be saved. The assignment is about creating a vulnerable zip file and NOT about guessing where the image should be saved inside WebGoat.
 2023-01-05 11:02:45 +01:00
Nanne Baars
9666597164 - Add reference to the WebWolf icon in the top right corner. 
- Format all text of the lesson
 2023-01-04 08:07:51 +01:00
Nanne Baars
d2a1546dff
Apply formatting 
This will make sure we have a consistent style across our project and the PRs are only concerned with actual changes and no longer about style.
 2023-01-04 08:07:23 +01:00
Nanne Baars
b03777d39b Support boolean when parsing the token. 
When the admin json element passes as a `boolean`:

```
{
 "admin": true
}
```

the parsing is now successful.
 2023-01-04 07:43:18 +01:00