Merge pull request #1309 from OWASP/feature-1306-testing-update

Update the cypress tests for #1306

src/main/java/org/owasp/wrongsecrets/Challenges.java

@@ -24,6 +24,14 @@ public class Challenges {
   private final Map<String, Challenge> classNameToChallenge;
   private final Map<ChallengeDefinition, List<Challenge>> challengeDefinitionToChallenge;
 
+  public static final class ErrorResponses {
+    public static final String ENCRYPTION_ERROR = "Error Encrypting";
+    public static final String DECRYPTION_ERROR = "Error Decrypting";
+    public static final String EXECUTION_ERROR = "Error Executing executable";
+    public static final String FILE_MOUNT_ERROR = "Error reading secret";
+    // if_you_see_this_please_fix_the_keepass_setup
+  }
+
   public Challenges(ChallengeDefinitionsConfiguration definitions, List<Challenge> challenges) {
     this.definitions = definitions;
 

src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java

@@ -16,8 +16,8 @@
 import org.owasp.wrongsecrets.Challenges;
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
-import org.owasp.wrongsecrets.challenges.docker.Challenge37;
 import org.owasp.wrongsecrets.challenges.docker.Challenge8;
+import org.owasp.wrongsecrets.challenges.docker.authchallenge.Challenge37;
 import org.owasp.wrongsecrets.challenges.docker.challenge30.Challenge30;
 import org.owasp.wrongsecrets.definitions.ChallengeDefinition;
 import org.springframework.beans.factory.annotation.Value;

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge12.java

@@ -1,5 +1,7 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
+import static org.owasp.wrongsecrets.Challenges.ErrorResponses.FILE_MOUNT_ERROR;
+
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
@@ -32,8 +34,11 @@ private String getActualData() {
     try {
       return Files.readString(Paths.get(dockerMountPath, "yourkey.txt"), StandardCharsets.UTF_8);
     } catch (Exception e) {
-      log.warn("Exception during file reading, defaulting to default without cloud environment", e);
-      return "if_you_see_this_please_use_docker_instead";
+      log.warn(
+          "Exception during file reading, defaulting to default without a docker container"
+              + " environment",
+          e);
+      return FILE_MOUNT_ERROR;
     }
   }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge13.java

@@ -50,8 +50,6 @@ private boolean isKeyCorrect(String base64EncodedKey) {
         || !isBase64(base64EncodedKey)
         || Strings.isNullOrEmpty(plainText)
         || Strings.isNullOrEmpty(cipherText)) {
-      // log.debug("Checking secret with values {}, {}, {}", base64EncodedKey, plainText,
-      // cipherText);
       return false;
     }
 

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java

@@ -8,6 +8,7 @@
 import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import lombok.extern.slf4j.Slf4j;
+import org.owasp.wrongsecrets.Challenges;
 import org.owasp.wrongsecrets.challenges.Challenge;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
@@ -37,7 +38,11 @@ public Spoiler spoiler() {
   @Override
   public boolean answerCorrect(String answer) {
     String correctString = quickDecrypt(ciphterText);
-    return answer.equals(correctString) || minimummatch_found(answer);
+    if (!correctString.equals(Challenges.ErrorResponses.DECRYPTION_ERROR)) {
+      return answer.equals(correctString) || minimummatch_found(answer);
+    } else {
+      return false;
+    }
   }
 
   private boolean minimummatch_found(String answer) {
@@ -73,7 +78,7 @@ private String quickDecrypt(String cipherText) {
       return new String(plainTextBytes, StandardCharsets.UTF_8);
     } catch (Exception e) {
       log.warn("Exception with Challenge 15", e);
-      return "";
+      return Challenges.ErrorResponses.DECRYPTION_ERROR;
     }
   }
 

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java

@@ -5,6 +5,7 @@
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import lombok.extern.slf4j.Slf4j;
+import org.owasp.wrongsecrets.Challenges;
 import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
@@ -34,7 +35,7 @@ public String getActualData() {
           .strip();
     } catch (Exception e) {
       log.warn("Exception during file reading, defaulting to default without cloud environment", e);
-      return "if_you_see_this_please_use_docker_instead";
+      return Challenges.ErrorResponses.FILE_MOUNT_ERROR;
     }
   }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge17.java

@@ -5,6 +5,7 @@
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import lombok.extern.slf4j.Slf4j;
+import org.owasp.wrongsecrets.Challenges;
 import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
@@ -33,7 +34,7 @@ private String getActualData() {
       return Files.readString(Paths.get(dockerMountPath, "thirdkey.txt"), StandardCharsets.UTF_8);
     } catch (Exception e) {
       log.warn("Exception during file reading, defaulting to default without cloud environment", e);
-      return "if_you_see_this_please_use_docker_instead";
+      return Challenges.ErrorResponses.FILE_MOUNT_ERROR;
     }
   }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge18.java

@@ -5,6 +5,7 @@
 import java.security.NoSuchAlgorithmException;
 import java.util.Base64;
 import lombok.extern.slf4j.Slf4j;
+import org.owasp.wrongsecrets.Challenges;
 import org.owasp.wrongsecrets.challenges.Challenge;
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.beans.factory.annotation.Value;
@@ -38,7 +39,7 @@ private String calculateHash(String hash, String input) {
     } catch (NoSuchAlgorithmException e) {
       log.warn("Exception thrown when calculating hash", e);
     }
-    return "No Hash Selected";
+    return Challenges.ErrorResponses.DECRYPTION_ERROR;
   }
 
   /** {@inheritDoc} */

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge25.java

@@ -1,5 +1,7 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
+import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR;
+
 import java.nio.charset.StandardCharsets;
 import java.security.spec.AlgorithmParameterSpec;
 import javax.crypto.Cipher;
@@ -33,7 +35,7 @@ public Spoiler spoiler() {
   @Override
   public boolean answerCorrect(String answer) {
     String correctString = quickDecrypt(cipherText);
-    return answer.equals(correctString);
+    return answer.equals(correctString) && !DECRYPTION_ERROR.equals(correctString);
   }
 
   private String quickDecrypt(String cipherText) {
@@ -48,7 +50,7 @@ private String quickDecrypt(String cipherText) {
           StandardCharsets.UTF_8);
     } catch (Exception e) {
       log.warn("Exception with Challenge 25", e);
-      return "";
+      return DECRYPTION_ERROR;
     }
   }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge26.java

@@ -1,5 +1,7 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
+import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR;
+
 import java.nio.charset.StandardCharsets;
 import java.security.spec.AlgorithmParameterSpec;
 import javax.crypto.Cipher;
@@ -33,7 +35,7 @@ public Spoiler spoiler() {
   @Override
   public boolean answerCorrect(String answer) {
     String correctString = quickDecrypt(cipherText);
-    return answer.equals(correctString);
+    return answer.equals(correctString) && !DECRYPTION_ERROR.equals(answer);
   }
 
   private String quickDecrypt(String cipherText) {
@@ -48,7 +50,7 @@ private String quickDecrypt(String cipherText) {
           StandardCharsets.UTF_8);
     } catch (Exception e) {
       log.warn("Exception with Challenge 26", e);
-      return "";
+      return DECRYPTION_ERROR;
     }
   }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge27.java

@@ -1,5 +1,7 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
+import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR;
+
 import java.nio.charset.StandardCharsets;
 import java.security.spec.AlgorithmParameterSpec;
 import javax.crypto.Cipher;
@@ -33,7 +35,7 @@ public Spoiler spoiler() {
   @Override
   public boolean answerCorrect(String answer) {
     String correctString = quickDecrypt(cipherText);
-    return answer.equals(correctString);
+    return answer.equals(correctString) && !DECRYPTION_ERROR.equals(answer);
   }
 
   private String quickDecrypt(String cipherText) {
@@ -48,7 +50,7 @@ private String quickDecrypt(String cipherText) {
           StandardCharsets.UTF_8);
     } catch (Exception e) {
       log.warn("Exception with Challenge 27", e);
-      return "";
+      return DECRYPTION_ERROR;
     }
   }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge29.java

@@ -1,5 +1,7 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
+import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR;
+
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
@@ -77,7 +79,7 @@ private String decryptActualAnswer() {
       return new String(decoded, StandardCharsets.UTF_8);
     } catch (Exception e) {
       log.warn("Exception when decrypting", e);
-      return "decrypt_error";
+      return DECRYPTION_ERROR;
     }
   }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge32.java

@@ -1,5 +1,7 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
+import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR;
+
 import java.nio.charset.StandardCharsets;
 import java.security.spec.AlgorithmParameterSpec;
 import javax.crypto.Cipher;
@@ -47,7 +49,7 @@ private String decrypt(String cipherTextString) {
           StandardCharsets.UTF_8);
     } catch (Exception e) {
       log.warn("Exception in Challenge32", e);
-      return "";
+      return DECRYPTION_ERROR;
     }
   }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge35.java

@@ -1,5 +1,7 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
+import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR;
+
 import java.nio.charset.StandardCharsets;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
@@ -31,7 +33,7 @@ private String getKey() {
       return decrypt(ciphertext);
     } catch (Exception e) {
       log.warn("there was an exception with decrypting content in challenge35", e);
-      return "error_decryption";
+      return DECRYPTION_ERROR;
     }
   }
 

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge39.java

@@ -1,5 +1,7 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
+import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR;
+
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
@@ -59,7 +61,7 @@ private String getSolution() {
       return new String(decryptedData, StandardCharsets.UTF_8);
     } catch (Exception e) {
       log.warn("there was an exception with decrypting content in challenge39", e);
-      return "error_decryption";
+      return DECRYPTION_ERROR;
     }
   }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge40.java

@@ -1,5 +1,7 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
+import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR;
+
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
@@ -60,7 +62,7 @@ private String getSolution() {
       return new String(decryptedData, StandardCharsets.UTF_8);
     } catch (Exception e) {
       log.warn("there was an exception with decrypting content in challenge40", e);
-      return "error_decryption";
+      return DECRYPTION_ERROR;
     }
   }
 }

src/main/java/org/owasp/wrongsecrets/challenges/docker/authchallenge/AuthenticatedRestControllerChallenge37.java

@@ -3,7 +3,6 @@
 import io.swagger.v3.oas.annotations.Operation;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.owasp.wrongsecrets.challenges.docker.Challenge37;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge37.java → src/main/java/org/owasp/wrongsecrets/challenges/docker/authchallenge/Challenge37.java

@@ -1,11 +1,13 @@
-package org.owasp.wrongsecrets.challenges.docker;
+package org.owasp.wrongsecrets.challenges.docker.authchallenge;
 
+import com.google.common.base.Strings;
 import java.nio.charset.Charset;
 import java.util.UUID;
 import lombok.extern.slf4j.Slf4j;
 import org.bouncycastle.util.encoders.Base64;
 import org.owasp.wrongsecrets.BasicAuthentication;
 import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.stereotype.Component;
 
@@ -20,8 +22,12 @@ public class Challenge37 extends FixedAnswerChallenge {
   private String secret;
   private static final String password = "YjNCbGJpQnpaWE5oYldVPQo=";
 
-  public Challenge37() {
-    secret = UUID.randomUUID().toString();
+  public Challenge37(@Value("${DEFAULT37}") String secret) {
+    if ("DEFAULT37".equals(secret) || Strings.isNullOrEmpty(secret)) {
+      this.secret = UUID.randomUUID().toString();
+    } else {
+      this.secret = secret;
+    }
   }
 
   @Bean

src/main/java/org/owasp/wrongsecrets/challenges/docker/binaryexecution/BinaryExecutionHelper.java

@@ -1,5 +1,7 @@
 package org.owasp.wrongsecrets.challenges.docker.binaryexecution;
 
+import static org.owasp.wrongsecrets.Challenges.ErrorResponses.EXECUTION_ERROR;
+
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Strings;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
@@ -19,7 +21,7 @@ private enum BinaryInstructionForFile {
     Guess
   }
 
-  public static final String ERROR_EXECUTION = "Error with executing";
+  public static final String ERROR_EXECUTION = EXECUTION_ERROR;
   private final int challengeNumber;
 
   private Exception executionException;

src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge33.java

@@ -1,5 +1,7 @@
 package org.owasp.wrongsecrets.challenges.kubernetes;
 
+import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR;
+
 import com.google.common.base.Strings;
 import java.nio.charset.StandardCharsets;
 import java.security.spec.AlgorithmParameterSpec;
@@ -34,7 +36,7 @@ public Spoiler spoiler() {
 
   @Override
   public boolean answerCorrect(String answer) {
-    return getSolution().equals(answer);
+    return getSolution().equals(answer) && !DECRYPTION_ERROR.equals(answer);
   }
 
   private String getSolution() {
@@ -59,7 +61,7 @@ private String decrypt(String cipherTextString) {
           StandardCharsets.UTF_8);
     } catch (Exception e) {
       log.warn("Exception in Challenge33", e);
-      return "";
+      return DECRYPTION_ERROR;
     }
   }
 }

src/main/resources/application.properties

@@ -67,6 +67,7 @@ canarytokenURLs=http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/po
 challenge15ciphertext=qcyRgfXSh0HUKsW/Xb5LnuWt9DgU8tQJfluR66UDDlmMgVWCGEwk1qxKCi4ZvzDwM38xP3nRFqO4SZEgqp8Ul8Ej/lNDbQCgBuszSILVSV6D9eojOMl6zTcNgzUmjW2K3dJKN9LqXOLYezEpEN2gUaYqPu2nVqmUptKTmXGwAnmQH1TIl2MUueRuXpRKe72IMzKenxZHKRsNFp+ebQebS3qzP+Q=
 challenge25ciphertext=dQMhBe8oLxIdGLcxPanDLS++srED/x05P+Ph9PFZKlL2K42vXi7Vtbh3/N90sGT087W7ARURZg==
 challenge26ciphertext=gbU5thfgy8nwzF/qc1Pq59PrJzLB+bfAdTOrx969JZx1CKeG4Sq7v1uUpzyCH/Fo8W8ghdBJJrQORw==
+DEFAULT37=DEFAULT37
 challenge27ciphertext=gYPQPfb0TUgWK630tHCWGwwME6IWtPWA51eU0Qpb9H7/lMlZPdLGZWmYE83YmEDmaEvFr2hX
 challenge41password=UEBzc3dvcmQxMjM=
 management.endpoint.health.probes.enabled=true