Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updation #17

Merged
merged 321 commits into from
May 30, 2023
Merged

updation #17

merged 321 commits into from
May 30, 2023

Conversation

puneeth072003
Copy link
Owner

No description provided.

dependabot bot and others added 30 commits April 24, 2023 01:58
@dependabot
build(deps): bump hashicorp/google from 4.59.0 to 4.62.1 in /gcp
bdb73b8 
Bumps [hashicorp/google](https://github.com/hashicorp/terraform-provider-google) from 4.59.0 to 4.62.1.
- [Release notes](https://github.com/hashicorp/terraform-provider-google/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-google/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-google@v4.59.0...v4.62.1)

---
updated-dependencies:
- dependency-name: hashicorp/google
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump random from 3.4.3 to 3.5.1 in /azure
4392d16 
Bumps random from 3.4.3 to 3.5.1.

---
updated-dependencies:
- dependency-name: random
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump random from 3.4.3 to 3.5.1 in /gcp
e20a607 
Bumps random from 3.4.3 to 3.5.1.

---
updated-dependencies:
- dependency-name: random
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump aws from 4.61.0 to 4.64.0 in /aws
d6bbf00 
Bumps aws from 4.61.0 to 4.64.0.

---
updated-dependencies:
- dependency-name: aws
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump random from 3.4.3 to 3.5.1 in /aws
80f9da4 
Bumps random from 3.4.3 to 3.5.1.

---
updated-dependencies:
- dependency-name: random
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump terraform-aws-modules/eks/aws in /aws
303150d 
Bumps [terraform-aws-modules/eks/aws](https://github.com/terraform-aws-modules/terraform-aws-eks) from 19.12.0 to 19.13.1.
- [Release notes](https://github.com/terraform-aws-modules/terraform-aws-eks/releases)
- [Changelog](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/CHANGELOG.md)
- [Commits](terraform-aws-modules/terraform-aws-eks@v19.12.0...v19.13.1)

---
updated-dependencies:
- dependency-name: terraform-aws-modules/eks/aws
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): update terraform-aws-modules/vpc/aws requirement from ~>…
5f8a35a 
… 3.19.0 to ~> 4.0.1

Updates the requirements on [terraform-aws-modules/vpc/aws](https://github.com/terraform-aws-modules/terraform-aws-vpc) to permit the latest version.
- [Release notes](https://github.com/terraform-aws-modules/terraform-aws-vpc/releases)
- [Changelog](https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/CHANGELOG.md)
- [Commits](terraform-aws-modules/terraform-aws-vpc@v3.19.0...v4.0.1)

---
updated-dependencies:
- dependency-name: terraform-aws-modules/vpc/aws
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@commjoen
Merge pull request #768 from OWASP/dependabot/npm_and_yarn/commitlint…
dd6930d 
…/config-conventional-17.6.1

build(deps-dev): bump @commitlint/config-conventional from 17.4.4 to 17.6.1
@dependabot
build(deps-dev): bump eslint from 8.37.0 to 8.39.0
90b5f00 
Bumps [eslint](https://github.com/eslint/eslint) from 8.37.0 to 8.39.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v8.37.0...v8.39.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@commjoen
Merge pull request #767 from OWASP/dependabot/npm_and_yarn/eslint-8.39.0
bdf8d3c 
build(deps-dev): bump eslint from 8.37.0 to 8.39.0
@commjoen
Merge pull request #771 from OWASP/dependabot/maven/org.springframewo…
5146eed 
…rk.boot-spring-boot-starter-parent-3.0.6

build(deps): bump spring-boot-starter-parent from 3.0.5 to 3.0.6
@dependabot
build(deps): bump maven-checkstyle-plugin from 3.2.1 to 3.2.2
aa875a5 
Bumps [maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.2.1 to 3.2.2.
- [Release notes](https://github.com/apache/maven-checkstyle-plugin/releases)
- [Commits](apache/maven-checkstyle-plugin@maven-checkstyle-plugin-3.2.1...maven-checkstyle-plugin-3.2.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-checkstyle-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@commjoen
Merge pull request #774 from OWASP/dependabot/maven/org.apache.maven.…
c871752 
…plugins-maven-checkstyle-plugin-3.2.2

build(deps): bump maven-checkstyle-plugin from 3.2.1 to 3.2.2
@dependabot
build(deps): bump cyclonedx-maven-plugin from 2.7.6 to 2.7.7
e889e53 
Bumps [cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin) from 2.7.6 to 2.7.7.
- [Release notes](https://github.com/CycloneDX/cyclonedx-maven-plugin/releases)
- [Commits](CycloneDX/cyclonedx-maven-plugin@cyclonedx-maven-plugin-2.7.6...cyclonedx-maven-plugin-2.7.7)

---
updated-dependencies:
- dependency-name: org.cyclonedx:cyclonedx-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@commjoen
Merge pull request #786 from OWASP/dependabot/maven/org.cyclonedx-cyc…
e9e5abb 
…lonedx-maven-plugin-2.7.7

build(deps): bump cyclonedx-maven-plugin from 2.7.6 to 2.7.7
@dependabot
build(deps): bump spotbugs-maven-plugin from 4.7.3.3 to 4.7.3.4
06a83db 
Bumps [spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.7.3.3 to 4.7.3.4.
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.7.3.3...spotbugs-maven-plugin-4.7.3.4)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@commjoen
Merge pull request #785 from OWASP/dependabot/maven/com.github.spotbu…
8d6a7a2 
…gs-spotbugs-maven-plugin-4.7.3.4

build(deps): bump spotbugs-maven-plugin from 4.7.3.3 to 4.7.3.4
@dependabot
build(deps): bump spring-cloud-gcp-dependencies from 4.1.3 to 4.2.0
7bef4b7 
Bumps [spring-cloud-gcp-dependencies](https://github.com/GoogleCloudPlatform/spring-cloud-gcp) from 4.1.3 to 4.2.0.
- [Release notes](https://github.com/GoogleCloudPlatform/spring-cloud-gcp/releases)
- [Changelog](https://github.com/GoogleCloudPlatform/spring-cloud-gcp/blob/main/CHANGELOG.md)
- [Commits](GoogleCloudPlatform/spring-cloud-gcp@v4.1.3...v4.2.0)

---
updated-dependencies:
- dependency-name: com.google.cloud:spring-cloud-gcp-dependencies
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@commjoen
Fix for dependency change
8e1c594
@commjoen
Merge pull request #770 from OWASP/dependabot/maven/com.google.cloud-…
494f192 
…spring-cloud-gcp-dependencies-4.2.0

build(deps): bump spring-cloud-gcp-dependencies from 4.1.3 to 4.2.0
@dependabot
build(deps): bump aws.sdk.version from 2.20.39 to 2.20.53
0c659f7 
Bumps `aws.sdk.version` from 2.20.39 to 2.20.53.

Updates `sts` from 2.20.39 to 2.20.53

Updates `ssm` from 2.20.39 to 2.20.53

---
updated-dependencies:
- dependency-name: software.amazon.awssdk:sts
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: software.amazon.awssdk:ssm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@commjoen
Merge pull request #787 from OWASP/dependabot/maven/aws.sdk.version-2…
3e4330f 
….20.53

build(deps): bump aws.sdk.version from 2.20.39 to 2.20.53
@commjoen
Update POM file with new version: 1.6.3RC1
c58854d
@commjoen
Update POM file with new version: 1.6.3RC1
c8256c6
@commjoen
Merge pull request #769 from OWASP/dependabot/terraform/gcp/hashicorp…
4c17f70 
…/google-beta-4.62.1

build(deps): bump hashicorp/google-beta from 4.59.0 to 4.62.1 in /gcp
@commjoen
Merge pull request #783 from OWASP/dependabot/terraform/aws/terraform…
8f1785b 
…-aws-modules/vpc/aws-tw-4.0.1

build(deps): update terraform-aws-modules/vpc/aws requirement from ~> 3.19.0 to ~> 4.0.1 in /aws
@commjoen
Merge pull request #781 from OWASP/dependabot/terraform/aws/random-3.5.1
17906fe 
build(deps): bump random from 3.4.3 to 3.5.1 in /aws
@pre-commit-ci-lite
[pre-commit.ci lite] apply automatic fixes
51d5daa
@pre-commit-ci-lite
[pre-commit.ci lite] apply automatic fixes
693e7a5
@commjoen
Merge pull request #780 from OWASP/dependabot/terraform/aws/aws-4.64.0
0b42e7b 
build(deps): bump aws from 4.61.0 to 4.64.0 in /aws
commjoen and others added 28 commits May 20, 2023 00:55
@commjoen
introduced another error to correct automatically
85002cb
@pre-commit-ci-lite
[pre-commit.ci lite] apply automatic fixes
e3b5d7d
@commjoen
Update README.md
612a5a6
@commjoen
Update screenshot, challenge1 instructions
9a14aa0
@pre-commit-ci-lite
[pre-commit.ci lite] apply automatic fixes
63f870e
@commjoen
Bugfixes in challenge ui
91f5beb
@commjoen
Merge pull request #824 from OWASP/spotless-automate
03531db
@commjoen
Merge pull request #825 from OWASP/status-badge-andscreenshot
b73d437 
Update README.md (badges & screenshots), challenge1 text, and a ui-bug
@bendehaan
feat: add visual cue for challenge completion
dc57c81
@pre-commit-ci-lite
[pre-commit.ci lite] apply automatic fixes
b81c7b6
@commjoen
Update README.md
c956dcb
@commjoen
Merge branch 'master' into scoring
8d9955d
@commjoen
Fixed tests by updating html formatting
d7e1a1c
@pre-commit-ci-lite
[pre-commit.ci lite] apply automatic fixes
a089278
@commjoen
Fix for okteto; namespace substitution in challenge33.yml
94c0b61
@commjoen
Replaced thymeleaf labelig with single lable in uiwrapperclass
ec278f3
@pre-commit-ci-lite
[pre-commit.ci lite] apply automatic fixes
8aab04a
@commjoen
Simplified solved-tracking through challengeui update
108b2f4
@commjoen
Simplified solved-tracking through challengeui update
04511ca
@commjoen
Fixes and javadoc
77c46f0
@pre-commit-ci-lite
[pre-commit.ci lite] apply automatic fixes
8c2d741
@commjoen
Merge pull request #827 from OWASP/okteto-fix
9eeb75b 
Fix for okteto; namespace substitution in challenge33.yml
@commjoen
Merge branch 'master' into scoring
84eb939
@RemakingEden
Tweaks to tests based on new labels and small changes
01b23a3
@bendehaan
Merge pull request #828 from RemakingEden/scoring-ui-tweaks
8a6e487
@commjoen
Fix okteto challenge33
489ef5a
@commjoen
Merge branch 'master' into scoring
ed358d7
@commjoen
Merge pull request #804 from OWASP/scoring
8ef4b2d 
feat(#647): initial scoring and highlighting
@puneeth072003 puneeth072003 merged commit 8cbd8d3 into puneeth072003:master May 30, 2023
github-advanced-security[bot]
github-advanced-security bot found potential problems May 30, 2023
View reviewed changes
src/main/java/org/owasp/wrongsecrets/canaries/TokenCallbackSecurityConfiguration.java
Comment on lines +25 to +30
http.securityMatcher(
r ->
r.getRequestURL().toString().contains("canaries")
|| r.getRequestURL().toString().contains("token"))
.csrf()
.disable();

Check failure

Code scanning / CodeQL

Disabled Spring CSRF protection

CSRF vulnerability due to protection being disabled.
src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java
}
private String generateCode(ChallengeUI challenge) {
SecretKeySpec secretKeySpec =
new SecretKeySpec(ctfKey.getBytes(StandardCharsets.UTF_8), "HmacSHA1");

Check failure

Code scanning / CodeQL

Use of a broken or risky cryptographic algorithm

Cryptographic algorithm [HmacSHA1](1) is weak and should not be used.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@puneeth072003 @RemakingEden @commjoen @bendehaan @drnow4u