New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New JWT weaknesses #392
Merged
bkimminich
merged 14 commits into
juice-shop:jwt_challenges
from
tghosth:jwt_weaknesses
Oct 12, 2017
Merged
New JWT weaknesses #392
bkimminich
merged 14 commits into
juice-shop:jwt_challenges
from
tghosth:jwt_weaknesses
Oct 12, 2017
Commits on Aug 6, 2017
-
* Remove reference of node.js-version specific Docker images * Update REFERENCES.md Added my talk at BSidesTLV * Fixed broken label into LABEL_RECYCLE_QUANTITY * Remove juice reference (#362) and reformat markdown files * Change donation/merchandise label for customized apps (solves #362) * Add video, code and scan results (of @Soluto's integration with ZAP and Webdriver/Selenium) * Add missing exclamation point * Add more API backend tests - app config - password reset * Remove unused config variable * Add "Jawa Script T-Shirt" product * Update test dependencies * Fall back to Protractor 4 * Migrate first batch of API tests to frisby v2 * Migrate file serving API tests to frisby2 * Add X-XSS-Protection header absence test * Migrate complaint API tests to frisby2 * Use actually existing Complaint resource * Move HTTP request logging to top of router chain * Adapt to frisby2 URI encoding behavior * Adapt to JSON non-strict expectations (see vlucas/frisby#365) * Set `application/json` content header for POST requests * Migrate recycle API tests to frisby2 * Migrate feedback API tests to frisby2 * Migrate but disable file upload tests for frisby2 (see vlucas/frisby#372) * Migrate redirect tests to frisby2 * Make test work by preventing URL encoding (vlucas/frisby@4842632) * Migrate challenge API tests to frisby2 * Migrate security question tests to frisby2 * Align `describe` contexts (now consequently use /rest or /api prefix) * Migrate security answer tests to frisby2 * Migrate basket item tests to frisby2 * Add test for forward-slash error expectation * Migrate product tests to frisby2 * Migrate user tests to frisby2 * Mark all disabled tests * Add disabled tests for password reset use cases * Enable file upload tests (see vlucas/frisby#374) * Drop node.js 4.x support due to rejection by Heroku * Drop node.js 4 support * Attempt to fix Heroku semver issues (https://kb.heroku.com/why-is-my-node-js-build-failing-because-of-an-invalid-semver-requirement) * Specify node engines as range for Heroku (this lets 5.x and 7.x appear as supported) * Specify node engines as range for Heroku (this lets 5.x and 7.x appear as supported) * Block tampering attempts on password reset form (and complete tests of API route) * Use frisby latest 2.x release * Migrate to Jest as runner for frisby.js tests * Avoid using Basket id=1 in API tests (as it might concurrently be checked out) * Use Basket id=3 in basket item tests * Add bower_components to modules for Jest * Specify testPathIgnorePatterns for Jest * Fix formatting * Drop node.js 4.x support (for seemingly being on bad terms with Jest) * Drop node.js 4.x from CI jobs * Remove node.js 4.x from compatibility table * Soften expectation dependency of UNION SQLi and CSRF tests * Remove unneeded dependencies * Remove password check during UNION SQLi for Bender * Fix styleguide violations * Add back js-yaml dependency (needed by Heroku) * Remove illegal comment * Add back dottie and fix js-yaml version
Commits on Aug 27, 2017
Commits on Oct 10, 2017
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.