diff --git a/src/main/java/org/owasp/wrongsecrets/Challenges.java b/src/main/java/org/owasp/wrongsecrets/Challenges.java index b2ffba8c8..26f91174f 100644 --- a/src/main/java/org/owasp/wrongsecrets/Challenges.java +++ b/src/main/java/org/owasp/wrongsecrets/Challenges.java @@ -24,6 +24,14 @@ public class Challenges { private final Map classNameToChallenge; private final Map> challengeDefinitionToChallenge; + public static final class ErrorResponses { + public static final String ENCRYPTION_ERROR = "Error Encrypting"; + public static final String DECRYPTION_ERROR = "Error Decrypting"; + public static final String EXECUTION_ERROR = "Error Executing executable"; + public static final String FILE_MOUNT_ERROR = "Error reading secret"; + // if_you_see_this_please_fix_the_keepass_setup + } + public Challenges(ChallengeDefinitionsConfiguration definitions, List challenges) { this.definitions = definitions; diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java b/src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java index 8c9fe0f3d..6e84aa5d6 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java @@ -16,8 +16,8 @@ import org.owasp.wrongsecrets.Challenges; import org.owasp.wrongsecrets.RuntimeEnvironment; import org.owasp.wrongsecrets.ScoreCard; -import org.owasp.wrongsecrets.challenges.docker.Challenge37; import org.owasp.wrongsecrets.challenges.docker.Challenge8; +import org.owasp.wrongsecrets.challenges.docker.authchallenge.Challenge37; import org.owasp.wrongsecrets.challenges.docker.challenge30.Challenge30; import org.owasp.wrongsecrets.definitions.ChallengeDefinition; import org.springframework.beans.factory.annotation.Value; diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge12.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge12.java index a21d2ac7e..7469c6b19 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge12.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge12.java @@ -1,5 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.FILE_MOUNT_ERROR; + import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import java.nio.charset.StandardCharsets; import java.nio.file.Files; @@ -32,8 +34,11 @@ private String getActualData() { try { return Files.readString(Paths.get(dockerMountPath, "yourkey.txt"), StandardCharsets.UTF_8); } catch (Exception e) { - log.warn("Exception during file reading, defaulting to default without cloud environment", e); - return "if_you_see_this_please_use_docker_instead"; + log.warn( + "Exception during file reading, defaulting to default without a docker container" + + " environment", + e); + return FILE_MOUNT_ERROR; } } } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge13.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge13.java index 4ca47c183..a49824ea0 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge13.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge13.java @@ -50,8 +50,6 @@ private boolean isKeyCorrect(String base64EncodedKey) { || !isBase64(base64EncodedKey) || Strings.isNullOrEmpty(plainText) || Strings.isNullOrEmpty(cipherText)) { - // log.debug("Checking secret with values {}, {}, {}", base64EncodedKey, plainText, - // cipherText); return false; } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java index e50ac67ea..b0f567caf 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java @@ -8,6 +8,7 @@ import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; import lombok.extern.slf4j.Slf4j; +import org.owasp.wrongsecrets.Challenges; import org.owasp.wrongsecrets.challenges.Challenge; import org.owasp.wrongsecrets.challenges.Spoiler; import org.springframework.beans.factory.annotation.Value; @@ -37,7 +38,11 @@ public Spoiler spoiler() { @Override public boolean answerCorrect(String answer) { String correctString = quickDecrypt(ciphterText); - return answer.equals(correctString) || minimummatch_found(answer); + if (!correctString.equals(Challenges.ErrorResponses.DECRYPTION_ERROR)) { + return answer.equals(correctString) || minimummatch_found(answer); + } else { + return false; + } } private boolean minimummatch_found(String answer) { @@ -73,7 +78,7 @@ private String quickDecrypt(String cipherText) { return new String(plainTextBytes, StandardCharsets.UTF_8); } catch (Exception e) { log.warn("Exception with Challenge 15", e); - return ""; + return Challenges.ErrorResponses.DECRYPTION_ERROR; } } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java index 7d88446ec..8a1d285d8 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java @@ -5,6 +5,7 @@ import java.nio.file.Files; import java.nio.file.Paths; import lombok.extern.slf4j.Slf4j; +import org.owasp.wrongsecrets.Challenges; import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; @@ -34,7 +35,7 @@ public String getActualData() { .strip(); } catch (Exception e) { log.warn("Exception during file reading, defaulting to default without cloud environment", e); - return "if_you_see_this_please_use_docker_instead"; + return Challenges.ErrorResponses.FILE_MOUNT_ERROR; } } } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge17.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge17.java index 3e98de0b1..54a104509 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge17.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge17.java @@ -5,6 +5,7 @@ import java.nio.file.Files; import java.nio.file.Paths; import lombok.extern.slf4j.Slf4j; +import org.owasp.wrongsecrets.Challenges; import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; @@ -33,7 +34,7 @@ private String getActualData() { return Files.readString(Paths.get(dockerMountPath, "thirdkey.txt"), StandardCharsets.UTF_8); } catch (Exception e) { log.warn("Exception during file reading, defaulting to default without cloud environment", e); - return "if_you_see_this_please_use_docker_instead"; + return Challenges.ErrorResponses.FILE_MOUNT_ERROR; } } } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge18.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge18.java index 9fffc50ea..e87ef0ca2 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge18.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge18.java @@ -5,6 +5,7 @@ import java.security.NoSuchAlgorithmException; import java.util.Base64; import lombok.extern.slf4j.Slf4j; +import org.owasp.wrongsecrets.Challenges; import org.owasp.wrongsecrets.challenges.Challenge; import org.owasp.wrongsecrets.challenges.Spoiler; import org.springframework.beans.factory.annotation.Value; @@ -38,7 +39,7 @@ private String calculateHash(String hash, String input) { } catch (NoSuchAlgorithmException e) { log.warn("Exception thrown when calculating hash", e); } - return "No Hash Selected"; + return Challenges.ErrorResponses.DECRYPTION_ERROR; } /** {@inheritDoc} */ diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge25.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge25.java index 289699bb0..98f9ccfa0 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge25.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge25.java @@ -1,5 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; + import java.nio.charset.StandardCharsets; import java.security.spec.AlgorithmParameterSpec; import javax.crypto.Cipher; @@ -33,7 +35,7 @@ public Spoiler spoiler() { @Override public boolean answerCorrect(String answer) { String correctString = quickDecrypt(cipherText); - return answer.equals(correctString); + return answer.equals(correctString) && !DECRYPTION_ERROR.equals(correctString); } private String quickDecrypt(String cipherText) { @@ -48,7 +50,7 @@ private String quickDecrypt(String cipherText) { StandardCharsets.UTF_8); } catch (Exception e) { log.warn("Exception with Challenge 25", e); - return ""; + return DECRYPTION_ERROR; } } } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge26.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge26.java index 1bbfa60e4..0e5cfe006 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge26.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge26.java @@ -1,5 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; + import java.nio.charset.StandardCharsets; import java.security.spec.AlgorithmParameterSpec; import javax.crypto.Cipher; @@ -33,7 +35,7 @@ public Spoiler spoiler() { @Override public boolean answerCorrect(String answer) { String correctString = quickDecrypt(cipherText); - return answer.equals(correctString); + return answer.equals(correctString) && !DECRYPTION_ERROR.equals(answer); } private String quickDecrypt(String cipherText) { @@ -48,7 +50,7 @@ private String quickDecrypt(String cipherText) { StandardCharsets.UTF_8); } catch (Exception e) { log.warn("Exception with Challenge 26", e); - return ""; + return DECRYPTION_ERROR; } } } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge27.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge27.java index 998164525..bbaaa3c94 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge27.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge27.java @@ -1,5 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; + import java.nio.charset.StandardCharsets; import java.security.spec.AlgorithmParameterSpec; import javax.crypto.Cipher; @@ -33,7 +35,7 @@ public Spoiler spoiler() { @Override public boolean answerCorrect(String answer) { String correctString = quickDecrypt(cipherText); - return answer.equals(correctString); + return answer.equals(correctString) && !DECRYPTION_ERROR.equals(answer); } private String quickDecrypt(String cipherText) { @@ -48,7 +50,7 @@ private String quickDecrypt(String cipherText) { StandardCharsets.UTF_8); } catch (Exception e) { log.warn("Exception with Challenge 27", e); - return ""; + return DECRYPTION_ERROR; } } } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge29.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge29.java index 300531043..0e7f539e7 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge29.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge29.java @@ -1,5 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; + import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import java.io.IOException; import java.nio.charset.StandardCharsets; @@ -77,7 +79,7 @@ private String decryptActualAnswer() { return new String(decoded, StandardCharsets.UTF_8); } catch (Exception e) { log.warn("Exception when decrypting", e); - return "decrypt_error"; + return DECRYPTION_ERROR; } } } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge32.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge32.java index 2fde7bbc5..43d1db584 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge32.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge32.java @@ -1,5 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; + import java.nio.charset.StandardCharsets; import java.security.spec.AlgorithmParameterSpec; import javax.crypto.Cipher; @@ -47,7 +49,7 @@ private String decrypt(String cipherTextString) { StandardCharsets.UTF_8); } catch (Exception e) { log.warn("Exception in Challenge32", e); - return ""; + return DECRYPTION_ERROR; } } } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge35.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge35.java index 0a782bb03..7c163e152 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge35.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge35.java @@ -1,5 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; + import java.nio.charset.StandardCharsets; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; @@ -31,7 +33,7 @@ private String getKey() { return decrypt(ciphertext); } catch (Exception e) { log.warn("there was an exception with decrypting content in challenge35", e); - return "error_decryption"; + return DECRYPTION_ERROR; } } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge39.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge39.java index 2a907b234..6097cf4af 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge39.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge39.java @@ -1,5 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; + import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; @@ -59,7 +61,7 @@ private String getSolution() { return new String(decryptedData, StandardCharsets.UTF_8); } catch (Exception e) { log.warn("there was an exception with decrypting content in challenge39", e); - return "error_decryption"; + return DECRYPTION_ERROR; } } } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge40.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge40.java index 217fb0031..2d4ae233a 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge40.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge40.java @@ -1,5 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; + import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; @@ -60,7 +62,7 @@ private String getSolution() { return new String(decryptedData, StandardCharsets.UTF_8); } catch (Exception e) { log.warn("there was an exception with decrypting content in challenge40", e); - return "error_decryption"; + return DECRYPTION_ERROR; } } } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/authchallenge/AuthenticatedRestControllerChallenge37.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/authchallenge/AuthenticatedRestControllerChallenge37.java index 0ef054fa3..3c78a197a 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/authchallenge/AuthenticatedRestControllerChallenge37.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/authchallenge/AuthenticatedRestControllerChallenge37.java @@ -3,7 +3,6 @@ import io.swagger.v3.oas.annotations.Operation; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.owasp.wrongsecrets.challenges.docker.Challenge37; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge37.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/authchallenge/Challenge37.java similarity index 72% rename from src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge37.java rename to src/main/java/org/owasp/wrongsecrets/challenges/docker/authchallenge/Challenge37.java index 0b397638a..a8870a79c 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge37.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/authchallenge/Challenge37.java @@ -1,11 +1,13 @@ -package org.owasp.wrongsecrets.challenges.docker; +package org.owasp.wrongsecrets.challenges.docker.authchallenge; +import com.google.common.base.Strings; import java.nio.charset.Charset; import java.util.UUID; import lombok.extern.slf4j.Slf4j; import org.bouncycastle.util.encoders.Base64; import org.owasp.wrongsecrets.BasicAuthentication; import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.stereotype.Component; @@ -20,8 +22,12 @@ public class Challenge37 extends FixedAnswerChallenge { private String secret; private static final String password = "YjNCbGJpQnpaWE5oYldVPQo="; - public Challenge37() { - secret = UUID.randomUUID().toString(); + public Challenge37(@Value("${DEFAULT37}") String secret) { + if ("DEFAULT37".equals(secret) || Strings.isNullOrEmpty(secret)) { + this.secret = UUID.randomUUID().toString(); + } else { + this.secret = secret; + } } @Bean diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/binaryexecution/BinaryExecutionHelper.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/binaryexecution/BinaryExecutionHelper.java index b20d8cd8c..1a97a6ecf 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/binaryexecution/BinaryExecutionHelper.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/binaryexecution/BinaryExecutionHelper.java @@ -1,5 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker.binaryexecution; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.EXECUTION_ERROR; + import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Strings; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; @@ -19,7 +21,7 @@ private enum BinaryInstructionForFile { Guess } - public static final String ERROR_EXECUTION = "Error with executing"; + public static final String ERROR_EXECUTION = EXECUTION_ERROR; private final int challengeNumber; private Exception executionException; diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge33.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge33.java index cf713eaea..75baca0f5 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge33.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge33.java @@ -1,5 +1,7 @@ package org.owasp.wrongsecrets.challenges.kubernetes; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; + import com.google.common.base.Strings; import java.nio.charset.StandardCharsets; import java.security.spec.AlgorithmParameterSpec; @@ -34,7 +36,7 @@ public Spoiler spoiler() { @Override public boolean answerCorrect(String answer) { - return getSolution().equals(answer); + return getSolution().equals(answer) && !DECRYPTION_ERROR.equals(answer); } private String getSolution() { @@ -59,7 +61,7 @@ private String decrypt(String cipherTextString) { StandardCharsets.UTF_8); } catch (Exception e) { log.warn("Exception in Challenge33", e); - return ""; + return DECRYPTION_ERROR; } } } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index db446f102..1215764b5 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -67,6 +67,7 @@ canarytokenURLs=http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/po challenge15ciphertext=qcyRgfXSh0HUKsW/Xb5LnuWt9DgU8tQJfluR66UDDlmMgVWCGEwk1qxKCi4ZvzDwM38xP3nRFqO4SZEgqp8Ul8Ej/lNDbQCgBuszSILVSV6D9eojOMl6zTcNgzUmjW2K3dJKN9LqXOLYezEpEN2gUaYqPu2nVqmUptKTmXGwAnmQH1TIl2MUueRuXpRKe72IMzKenxZHKRsNFp+ebQebS3qzP+Q= challenge25ciphertext=dQMhBe8oLxIdGLcxPanDLS++srED/x05P+Ph9PFZKlL2K42vXi7Vtbh3/N90sGT087W7ARURZg== challenge26ciphertext=gbU5thfgy8nwzF/qc1Pq59PrJzLB+bfAdTOrx969JZx1CKeG4Sq7v1uUpzyCH/Fo8W8ghdBJJrQORw== +DEFAULT37=DEFAULT37 challenge27ciphertext=gYPQPfb0TUgWK630tHCWGwwME6IWtPWA51eU0Qpb9H7/lMlZPdLGZWmYE83YmEDmaEvFr2hX challenge41password=UEBzc3dvcmQxMjM= management.endpoint.health.probes.enabled=true diff --git a/src/main/resources/templates/welcome.html b/src/main/resources/templates/welcome.html index b33a10f1e..be2584894 100644 --- a/src/main/resources/templates/welcome.html +++ b/src/main/resources/templates/welcome.html @@ -120,9 +120,9 @@
  • Adarsh A @adarsh-a-tw
  • Shubham Patel @Shubham-Patel07
  • Filip Chyla @fchyla
    • -
  • Dmitry Litosh @Dlitosh
    • -
  • Vineeth Jagadeesh @djvinnie
  • Turjo Chowdhury @turjoc120
    • +
  • Vineeth Jagadeesh @djvinnie
    • +
  • Dmitry Litosh @Dlitosh
  • Josh Grossman @tghosth
  • alphasec @alphasecio
  • CaduRoriz @CaduRoriz
    • @@ -130,12 +130,13 @@
  • Mike Woudenberg @mikewoudenberg
  • Spyros @northdpole
  • RubenAtBinx @RubenAtBinx
    • -
  • Alex Bender @alex-bender
    • -
  • Nicolas Humblot @nhumblot
    • -
  • Rick M @kingthorin
    • -
  • Shlomo Zalman Heigh @szh
    • -
  • Fern @f3rn0s
  • Jeff Tong @Wind010
    • +
  • Fern @f3rn0s
    • +
  • Shlomo Zalman Heigh @szh
    • +
  • Rick M @kingthorin
    • +
  • Nicolas Humblot @nhumblot
    • +
  • Danny Lloyd @dannylloyd
    • +
  • Alex Bender @alex-bender
    • Testers:
      diff --git a/src/main/resources/wrong-secrets-configuration.yaml b/src/main/resources/wrong-secrets-configuration.yaml index 9cd34d9e8..5a1433568 100644 --- a/src/main/resources/wrong-secrets-configuration.yaml +++ b/src/main/resources/wrong-secrets-configuration.yaml @@ -623,7 +623,7 @@ configurations: - name: Challenge 37 short-name: "challenge-37" sources: - - class-name: "org.owasp.wrongsecrets.challenges.docker.Challenge37" + - class-name: "org.owasp.wrongsecrets.challenges.docker.authchallenge.Challenge37" explanation: "explanations/challenge37.adoc" hint: "explanations/challenge37_hint.adoc" reason: "explanations/challenge37_reason.adoc" diff --git a/src/test/e2e/cypress/integration/spoilers.cy.js b/src/test/e2e/cypress/integration/spoilers.cy.js index 6fbf21501..54103bb35 100644 --- a/src/test/e2e/cypress/integration/spoilers.cy.js +++ b/src/test/e2e/cypress/integration/spoilers.cy.js @@ -5,7 +5,7 @@ describe('Spoiler Tests', () => { cy.getAllChallenges() }) - it('Check all spoiler pages display correctly (e.g. have a title and some data)', () => { + it('Check all spoiler pages display correctly (e.g. have a title and some data without error codes)', () => { cy.get('@allChallengeNames').then((allChallengeNames) => { cy.wrap(allChallengeNames).each((challengeName) => { cy.visit(`/spoil/${challengeName}`) @@ -13,6 +13,10 @@ describe('Spoiler Tests', () => { cy.dataCy(SpoilersPage.SPOILER_TITLE).should('not.be.empty') cy.dataCy(SpoilersPage.SPOILER_ANSWER).should('be.visible') cy.dataCy(SpoilersPage.SPOILER_ANSWER).should('not.be.empty') + cy.dataCy(SpoilersPage.SPOILER_ANSWER).should('not.contain', 'Error Encrypting') + cy.dataCy(SpoilersPage.SPOILER_ANSWER).should('not.contain', 'Error Decrypting') + cy.dataCy(SpoilersPage.SPOILER_ANSWER).should('not.contain', 'Error Executing executable') + cy.dataCy(SpoilersPage.SPOILER_ANSWER).should('not.contain', 'Error reading secret') }) }) }) diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge12Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge12Test.java index 20e64a2d6..83c7404cb 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge12Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge12Test.java @@ -8,6 +8,7 @@ import java.nio.file.Path; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.io.TempDir; +import org.owasp.wrongsecrets.Challenges; import org.owasp.wrongsecrets.challenges.Spoiler; class Challenge12Test { @@ -17,7 +18,7 @@ void solveChallenge12WithoutFile(@TempDir Path dir) throws Exception { var challenge = new Challenge12(dir.toString()); assertThat(challenge.answerCorrect("secretvalueWitFile")).isFalse(); - assertThat(challenge.answerCorrect("if_you_see_this_please_use_docker_instead")).isTrue(); + assertThat(challenge.answerCorrect(Challenges.ErrorResponses.FILE_MOUNT_ERROR)).isTrue(); } @Test diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge16Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge16Test.java index 0b58e7843..1832c371e 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge16Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge16Test.java @@ -8,6 +8,7 @@ import java.nio.file.Path; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.io.TempDir; +import org.owasp.wrongsecrets.Challenges; import org.owasp.wrongsecrets.challenges.Spoiler; class Challenge16Test { @@ -17,7 +18,7 @@ void solveChallenge16WithoutFile(@TempDir Path dir) { var challenge = new Challenge16(dir.toString()); assertThat(challenge.answerCorrect("secretvalueWitFile")).isFalse(); - assertThat(challenge.answerCorrect("if_you_see_this_please_use_docker_instead")).isTrue(); + assertThat(challenge.answerCorrect(Challenges.ErrorResponses.FILE_MOUNT_ERROR)).isTrue(); } @Test diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge17Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge17Test.java index ab399ccb0..4afc54244 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge17Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge17Test.java @@ -7,6 +7,7 @@ import org.assertj.core.api.Assertions; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.io.TempDir; +import org.owasp.wrongsecrets.Challenges; import org.owasp.wrongsecrets.challenges.Spoiler; class Challenge17Test { @@ -16,7 +17,7 @@ void solveChallenge17WithoutFile(@TempDir Path dir) { var challenge = new Challenge17(dir.toString()); Assertions.assertThat(challenge.answerCorrect("secretvalueWitFile")).isFalse(); - Assertions.assertThat(challenge.answerCorrect("if_you_see_this_please_use_docker_instead")) + Assertions.assertThat(challenge.answerCorrect(Challenges.ErrorResponses.FILE_MOUNT_ERROR)) .isTrue(); } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge20Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge20Test.java index 170c3d28c..f3a9bb5d3 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge20Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge20Test.java @@ -1,7 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; import static org.assertj.core.api.Assertions.assertThat; -import static org.owasp.wrongsecrets.challenges.docker.binaryexecution.BinaryExecutionHelper.ERROR_EXECUTION; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.EXECUTION_ERROR; import org.junit.jupiter.api.Test; import org.owasp.wrongsecrets.challenges.Spoiler; @@ -12,7 +12,7 @@ class Challenge20Test { void spoilerShouldNotCrash() { var challenge = new Challenge20(); - assertThat(challenge.spoiler()).isNotEqualTo(new Spoiler(ERROR_EXECUTION)); + assertThat(challenge.spoiler()).isNotEqualTo(new Spoiler(EXECUTION_ERROR)); assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue(); } } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge21Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge21Test.java index 102e01c7e..ecd98ffa7 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge21Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge21Test.java @@ -1,7 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; import static org.assertj.core.api.Assertions.assertThat; -import static org.owasp.wrongsecrets.challenges.docker.binaryexecution.BinaryExecutionHelper.ERROR_EXECUTION; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.EXECUTION_ERROR; import org.junit.jupiter.api.Test; import org.owasp.wrongsecrets.challenges.Spoiler; @@ -12,7 +12,7 @@ class Challenge21Test { void spoilerShouldNotCrash() { var challenge = new Challenge21(); - assertThat(challenge.spoiler()).isNotEqualTo(new Spoiler(ERROR_EXECUTION)); + assertThat(challenge.spoiler()).isNotEqualTo(new Spoiler(EXECUTION_ERROR)); assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue(); } } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge22Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge22Test.java index 9918af964..f830750d8 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge22Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge22Test.java @@ -1,7 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; import static org.assertj.core.api.Assertions.assertThat; -import static org.owasp.wrongsecrets.challenges.docker.binaryexecution.BinaryExecutionHelper.ERROR_EXECUTION; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.EXECUTION_ERROR; import org.junit.jupiter.api.Test; import org.owasp.wrongsecrets.challenges.Spoiler; @@ -12,7 +12,7 @@ class Challenge22Test { void spoilerShouldNotCrash() { var challenge = new Challenge22(); - assertThat(challenge.spoiler()).isNotEqualTo(new Spoiler(ERROR_EXECUTION)); + assertThat(challenge.spoiler()).isNotEqualTo(new Spoiler(EXECUTION_ERROR)); assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue(); } } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge25Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge25Test.java index 8b852e4da..1f65eceb3 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge25Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge25Test.java @@ -1,6 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; import static org.assertj.core.api.Assertions.assertThat; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; import org.junit.jupiter.api.Test; @@ -11,6 +12,7 @@ void rightAnswerShouldSolveChallenge() { var challenge = new Challenge25( "dQMhBe8oLxIdGLcxPanDLS++srED/x05P+Ph9PFZKlL2K42vXi7Vtbh3/N90sGT087W7ARURZg=="); + assertThat(challenge.spoiler().solution()).isNotEqualTo(DECRYPTION_ERROR); assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue(); } } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge26Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge26Test.java index 6b5dbe025..fa67714c5 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge26Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge26Test.java @@ -1,6 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; import static org.assertj.core.api.Assertions.assertThat; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; import org.junit.jupiter.api.Test; @@ -11,6 +12,7 @@ void rightAnswerShouldSolveChallenge() { var challenge = new Challenge26( "gbU5thfgy8nwzF/qc1Pq59PrJzLB+bfAdTOrx969JZx1CKeG4Sq7v1uUpzyCH/Fo8W8ghdBJJrQORw=="); + assertThat(challenge.spoiler().solution()).isNotEqualTo(DECRYPTION_ERROR); assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue(); } } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge27Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge27Test.java index 40267c6df..a9a98bb78 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge27Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge27Test.java @@ -1,6 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; import static org.assertj.core.api.Assertions.assertThat; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; import org.junit.jupiter.api.Test; @@ -10,6 +11,7 @@ class Challenge27Test { void rightAnswerShouldSolveChallenge() { var challenge = new Challenge27("gYPQPfb0TUgWK630tHCWGwwME6IWtPWA51eU0Qpb9H7/lMlZPdLGZWmYE83YmEDmaEvFr2hX"); + assertThat(challenge.spoiler().solution()).isNotEqualTo(DECRYPTION_ERROR); assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue(); } } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge29Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge29Test.java index 8c02109ac..b0eff2259 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge29Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge29Test.java @@ -1,6 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; import static org.assertj.core.api.Assertions.assertThat; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; import org.bouncycastle.util.encoders.Base64; import org.junit.jupiter.api.Test; @@ -13,7 +14,7 @@ class Challenge29Test { @Test void spoilerShouldRevealAnswer() throws Exception { var challenge = new Challenge29(); - assertThat(challenge.spoiler()).isNotEqualTo("decrypt_error"); + assertThat(challenge.spoiler().solution()).isNotEqualTo(DECRYPTION_ERROR); assertThat(challenge.spoiler()).isEqualTo(new Spoiler(passcode)); } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge32Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge32Test.java index 5ec83353d..1528ca528 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge32Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge32Test.java @@ -1,6 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; import static org.assertj.core.api.Assertions.assertThat; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; import org.junit.jupiter.api.Test; @@ -10,6 +11,7 @@ public class Challenge32Test { void spoilerShouldGiveAnswer() { var challenge = new Challenge32(); assertThat(challenge.spoiler().solution()).isNotEmpty(); + assertThat(challenge.spoiler().solution()).isNotEqualTo(DECRYPTION_ERROR); assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue(); } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge35Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge35Test.java index 2991ea765..223fb9272 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge35Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge35Test.java @@ -1,6 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; import static org.assertj.core.api.Assertions.assertThat; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; import org.junit.jupiter.api.Test; @@ -10,6 +11,7 @@ public class Challenge35Test { void spoilerShouldGiveAnswer() { var challenge = new Challenge35(); assertThat(challenge.spoiler().solution()).isNotEmpty(); + assertThat(challenge.spoiler().solution()).isNotEqualTo(DECRYPTION_ERROR); assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue(); } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge37Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge37Test.java index b7d9af6a2..ecc8ee8f5 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge37Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge37Test.java @@ -3,19 +3,20 @@ import static org.assertj.core.api.Assertions.assertThat; import org.junit.jupiter.api.Test; +import org.owasp.wrongsecrets.challenges.docker.authchallenge.Challenge37; public class Challenge37Test { @Test void spoilerShouldGiveAnswer() { - var challenge = new Challenge37(); + var challenge = new Challenge37("DEFAULT37"); assertThat(challenge.spoiler().solution()).isNotEmpty(); assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue(); } @Test void incorrectAnswerShouldNotSolveChallenge() { - var challenge = new Challenge37(); + var challenge = new Challenge37("DEFAULT37"); assertThat(challenge.answerCorrect("wrong answer")).isFalse(); } } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge39Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge39Test.java index f3b6de706..681b04ca7 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge39Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge39Test.java @@ -1,6 +1,8 @@ package org.owasp.wrongsecrets.challenges.docker; +import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.when; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; import java.io.IOException; import java.nio.charset.Charset; @@ -28,7 +30,7 @@ void spoilerShouldGiveAnswer() { var challenge = new Challenge39(resource); Assertions.assertThat(challenge.spoiler().solution()).isNotEmpty(); Assertions.assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue(); - Assertions.assertThat(challenge.answerCorrect("error_decryption")).isFalse(); + assertThat(challenge.spoiler().solution()).isNotEqualTo(DECRYPTION_ERROR); } @Test diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge40Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge40Test.java index 2b84dd207..af5b84fdf 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge40Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge40Test.java @@ -1,6 +1,7 @@ package org.owasp.wrongsecrets.challenges.docker; import static org.mockito.Mockito.when; +import static org.owasp.wrongsecrets.Challenges.ErrorResponses.DECRYPTION_ERROR; import java.io.IOException; import java.nio.charset.Charset; @@ -27,7 +28,7 @@ void spoilerShouldGiveAnswer() { var challenge = new Challenge40(resource); Assertions.assertThat(challenge.spoiler().solution()).isNotEmpty(); Assertions.assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue(); - Assertions.assertThat(challenge.answerCorrect("error_decryption")).isFalse(); + Assertions.assertThat(challenge.answerCorrect(DECRYPTION_ERROR)).isFalse(); } @Test