Merge branch 'OWASP:master' into fix/Issue812

.github/workflows/pre-commit.yml

@@ -8,8 +8,8 @@ on:
 
 env:
   TF_DOCS_VERSION: v0.19.0
-  TFSEC_VERSION: v1.28.11
   TFLINT_VERSION: v0.53.0
+  TRIVY_VERSION: 0.58.0
 permissions:
   contents: read
 jobs:
@@ -54,11 +54,10 @@ jobs:
           tar -zxvf terraform_docs.tar.gz terraform-docs
           chmod +x terraform-docs
           mv terraform-docs /usr/local/bin/
-      - name: Setup tfsec
+      - name: Setup trivy
         run: |
-          curl --output tfsec https://github.com/aquasecurity/tfsec/releases/download/${{env.TFSEC_VERSION}}/tfsec-linux-amd64
-          chmod +x tfsec
-          mv tfsec /usr/local/bin/
+          wget https://github.com/aquasecurity/trivy/releases/download/v${{env.TRIVY_VERSION}}/trivy_${{env.TRIVY_VERSION}}_Linux-64bit.deb
+          sudo dpkg -i trivy_${{env.TRIVY_VERSION}}_Linux-64bit.deb
       - name: Pre-commit checks
         uses: pre-commit/action@v3.0.1
       - name: pre-commit-ci-lite

README.md

@@ -86,8 +86,10 @@ You can install it by doing:
 ```bash
 docker run -p 8080:8080 jeroenwillemsen/wrongsecrets:latest-no-vault
 ```
-
-Now you can try to find the secrets by means of solving the challenge offered at:
+Now you can try to find the secrets by means of solving the challenge offered at the links below
+<details>
+    <summary>all the links for docker challenges (click triangle to open the block).
+    </summary>
 
 -   [localhost:8080/challenge/challenge-1](http://localhost:8080/challenge/challenge-1)
 -   [localhost:8080/challenge/challenge-2](http://localhost:8080/challenge/challenge-2)
@@ -129,6 +131,8 @@ Now you can try to find the secrets by means of solving the challenge offered at
 -   [localhost:8080/challenge/challenge-50](http://localhost:8080/challenge/challenge-50)
 -   [localhost:8080/challenge/challenge-51](http://localhost:8080/challenge/challenge-51)
 
+</details>
+
 Note that these challenges are still very basic, and so are their explanations. Feel free to file a PR to make them look
 better ;-).
 

aws/go.mod

@@ -2,7 +2,7 @@ module wrongsecrets
 
 go 1.22.7
 
-toolchain go1.23.3
+toolchain go1.23.4
 
 require github.com/gruntwork-io/terratest v0.47.2
 
@@ -74,7 +74,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.32.0 // indirect
 	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/net v0.31.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/oauth2 v0.24.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect

aws/go.sum

@@ -704,6 +704,8 @@ golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
 golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
 golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

azure/go.mod

@@ -2,7 +2,7 @@ module wrongsecrets
 
 go 1.22.7
 
-toolchain go1.23.3
+toolchain go1.23.4
 
 require github.com/gruntwork-io/terratest v0.47.2
 
@@ -74,7 +74,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.32.0 // indirect
 	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/net v0.31.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/oauth2 v0.24.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect

azure/go.sum

@@ -704,6 +704,8 @@ golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
 golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
 golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

gcp/go.mod

@@ -2,7 +2,7 @@ module wrongsecrets
 
 go 1.22.7
 
-toolchain go1.23.3
+toolchain go1.23.4
 
 require github.com/gruntwork-io/terratest v0.47.2
 
@@ -74,7 +74,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.32.0 // indirect
 	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/net v0.31.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/oauth2 v0.24.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect

gcp/go.sum

@@ -704,6 +704,8 @@ golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
 golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
 golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

pom.xml

@@ -46,12 +46,12 @@
     <KeePassJava2.version>2.2.2</KeePassJava2.version>
     <asciidoctor.maven.plugin.version>3.1.1</asciidoctor.maven.plugin.version>
     <asciidoctorj.version>3.0.0</asciidoctorj.version>
-    <aws.sdk.version>2.29.15</aws.sdk.version>
+    <aws.sdk.version>2.29.39</aws.sdk.version>
     <bootstrap.version>5.3.3</bootstrap.version>
     <com.azure.spring.version>5.18.0</com.azure.spring.version>
     <cyclonedx.core.version>9.1.0</cyclonedx.core.version>
-    <datatables.version>2.1.0</datatables.version>
-    <dependency-check-maven.version>11.1.0</dependency-check-maven.version>
+    <datatables.version>2.1.8</datatables.version>
+    <dependency-check-maven.version>11.1.1</dependency-check-maven.version>
     <gatling-maven-plugin.version>4.10.2</gatling-maven-plugin.version>
     <gatling.version>3.13.1</gatling.version>
     <gcp.sdk.version>5.8.0</gcp.sdk.version>
@@ -63,10 +63,10 @@
     <maven-compiler-plugin.version>3.13.0</maven-compiler-plugin.version>
     <maven.compiler.proc>full</maven.compiler.proc>
     <maven.compiler.target>23</maven.compiler.target>
-    <spring.cloud-version>2023.0.3</spring.cloud-version>
+    <spring.cloud-version>2023.0.4</spring.cloud-version>
     <spring.security.version>6.2.3</spring.security.version>
     <system-stubs-jupiter.version>2.1.7</system-stubs-jupiter.version>
-    <thymeleaf-extras-springsecurity6.version>3.1.2.RELEASE</thymeleaf-extras-springsecurity6.version>
+    <thymeleaf-extras-springsecurity6.version>3.1.3.RELEASE</thymeleaf-extras-springsecurity6.version>
     <thymeleaf.layout.version>3.3.0</thymeleaf.layout.version>
   </properties>
 
@@ -323,7 +323,7 @@
             <dependency>
               <groupId>com.puppycrawl.tools</groupId>
               <artifactId>checkstyle</artifactId>
-              <version>10.20.2</version>
+              <version>10.21.0</version>
             </dependency>
           </dependencies>
         </plugin>

renovate.json

@@ -28,9 +28,9 @@
         {
             "customType": "regex",
             "fileMatch": ".github/workflows/pre-commit.yml",
-            "depNameTemplate": "aquasecurity/tfsec",
+            "depNameTemplate": "aquasecurity/trivy",
             "matchStrings": [
-                "TFSEC_VERSION=\"(?<currentValue>.*?)\""
+                "TRIVY_VERSION=\"(?<currentValue>.*?)\""
             ],
             "datasourceTemplate": "github-releases"
         },

src/main/resources/templates/index.html

@@ -5,7 +5,7 @@
     <meta charset="UTF-8">
     <title>OWASP WrongSecrets</title>
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
-    <link th:rel="stylesheet" th:href="@{/webjars/datatables/2.1.0/css/dataTables.bootstrap5.min.css} " />
+    <link th:rel="stylesheet" th:href="@{/webjars/datatables/2.1.8/css/dataTables.bootstrap5.min.css} " />
     <link th:rel="stylesheet" th:href="@{/webjars/bootstrap/5.3.3/css/bootstrap.min.css} " />
     <link rel="stylesheet" type="text/css" th:href="@{/css/style.css}" />
     <link rel="stylesheet" type="text/css" th:href="@{/css/dark.css}" />
@@ -21,8 +21,8 @@
     <script th:src="@{/webjars/bootstrap/5.3.3/js/bootstrap.bundle.min.js}"></script>
     <script th:src="@{/webjars/github-buttons/2.14.1/dist/buttons.min.js}"></script>
     <script th:src="@{/webjars/jquery/3.7.1/jquery.min.js}"></script>
-    <script th:src="@{/webjars/datatables/2.1.0/js/dataTables.min.js}"></script>
-    <script th:src="@{/webjars/datatables/2.1.0/js/dataTables.bootstrap5.min.js}"></script>
+    <script th:src="@{/webjars/datatables/2.1.8/js/dataTables.min.js}"></script>
+    <script th:src="@{/webjars/datatables/2.1.8/js/dataTables.bootstrap5.min.js}"></script>
     <script th:if="${allCompleted} eq 'party'">
         window.addEventListener("load", function () {
             new bootstrap.Modal(document.getElementById('finishedModal'), {}).toggle()