diff --git a/.github/scripts/.bash_history b/.github/scripts/.bash_history
index e63cf903e..cf109b4be 100644
--- a/.github/scripts/.bash_history
+++ b/.github/scripts/.bash_history
@@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb
git rebase -i main
git rebase -i master
git stash
-export tempPassword="nwRjz2BWCWEnDOzaNpZl/p6OEewJiEGfd0/gBoBKLbo="
+export tempPassword="xw1nQ/d3x3jpCLwVS9QHZTHKcXh4z5Enuk2v70QRmq0="
mvn run tempPassword
k6
npx k6
diff --git a/.github/scripts/docker-create.sh b/.github/scripts/docker-create.sh
index ca300cdc8..554a91685 100755
--- a/.github/scripts/docker-create.sh
+++ b/.github/scripts/docker-create.sh
@@ -73,6 +73,9 @@ Heroku_publish_demo() {
export TEST_DATA=$(echo -n $RAW_TEST)
curl --fail 'https://arcane-scrubland-42646.herokuapp.com/token' --data-raw "grant_type=client_credentials&client_id=WRONGSECRET_CLIENT_ID&client_secret=$TEST_DATA"
echo $?
+ echo "testing arcane with cypress"
+ cd ../../src/test/e2e
+ npx cypress run --config-file cypress.config.arcane.js
exit
}
@@ -90,6 +93,9 @@ Heroku_publish_prod(){
export TEST_DATA=$(echo -n $RAW_TEST)
curl --fail 'https://wrongsecrets.herokuapp.com/token' --data-raw "grant_type=client_credentials&client_id=WRONGSECRET_CLIENT_ID&client_secret=$TEST_DATA"
echo $?
+ echo "testing heroku with cypress"
+ cd ../../src/test/e2e
+ npx cypress run --config-file cypress.config.heroku.js
exit
}
@@ -404,6 +410,9 @@ test() {
fi
echo "testing curl for webjar caching"
curl -I 'http://localhost:8080/webjars/bootstrap/5.3.3/css/bootstrap.min.css'
+ echo "testing with cypress (requires node20)"
+ cd ../../src/test/e2e
+ npx cypress run
echo "Testing complete"
else
return
diff --git a/.github/workflows/container_test.yml b/.github/workflows/container_test.yml
index 1ad69cfed..d83c6d17b 100644
--- a/.github/workflows/container_test.yml
+++ b/.github/workflows/container_test.yml
@@ -26,3 +26,8 @@ jobs:
- uses: actions/checkout@v4
- name: Navigate to test script and run
run: cd .github/scripts && bash docker-create.sh -t
+ - uses: actions/upload-artifact@v4
+ if: success() || failure()
+ with:
+ name: e2e results
+ path: src/test/e2e/cypress/reports/mochawesome/
diff --git a/.github/workflows/heroku_tests.yml b/.github/workflows/heroku_tests.yml
new file mode 100644
index 000000000..8dbe0fab5
--- /dev/null
+++ b/.github/workflows/heroku_tests.yml
@@ -0,0 +1,33 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Test Heroku with cypress
+
+# Controls when the workflow will run
+on:
+ push:
+ branches:
+ - master
+ pull_request:
+ branches: [master]
+ workflow_dispatch:
+
+permissions:
+ contents: read
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+ test-heroku:
+ name: run tests
+ runs-on: ubuntu-latest
+ # Steps represent a sequence of tasks that will be executed as part of the job
+ steps:
+ - uses: actions/checkout@v4
+ - name: Run Tests
+ run: |
+ cd src/test/e2e
+ npm install cypress
+ npx cypress run --config-file cypress.config.heroku.js
+ - uses: actions/upload-artifact@v4
+ if: success() || failure()
+ with:
+ name: e2e results
+ path: src/test/e2e/cypress/reports/mochawesome/
diff --git a/README.md b/README.md
index aea0070f6..7f3741c60 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
[](https://twitter.com/intent/tweet?text=Want%20to%20dive%20into%20secrets%20management%20and%20do%20some%20hunting?%20try%20this&url=https://github.com/OWASP/wrongsecrets&hashtags=secretsmanagement,secrets,hunting,p0wnableapp,OWASP,WrongSecrets) [
](https://tootpick.org/#text=Want%20to%20dive%20into%20secrets%20management%20and%20do%20some%20hunting?%20try%20this%0A%0Ahttps://github.com/OWASP/wrongsecrets%20%23secretsmanagement,%20%23secrets,%20%23hunting,%20%23p0wnableapp,%20%23OWASP,%20%23WrongSecrets) [
](https://www.linkedin.com/shareArticle/?url=https://www.github.com/OWASP/wrongsecrets&title=OWASP%20WrongSecrets)
-[](https://github.com/OWASP/wrongsecrets/actions/workflows/main.yml) [](https://github.com/OWASP/wrongsecrets/actions/workflows/pre-commit.yml) [](https://github.com/OWASP/wrongsecrets/actions/workflows/terraform.yml) [](https://github.com/OWASP/wrongsecrets/actions/workflows/codeql-analysis.yml) [](https://github.com/OWASP/wrongsecrets/actions/workflows/link_checker.yml)[](https://github.com/OWASP/wrongsecrets/actions/workflows/java_swagger_doc.yml)
+[](https://github.com/OWASP/wrongsecrets/actions/workflows/main.yml) [](https://github.com/OWASP/wrongsecrets/actions/workflows/pre-commit.yml) [](https://github.com/OWASP/wrongsecrets/actions/workflows/terraform.yml) [](https://github.com/OWASP/wrongsecrets/actions/workflows/codeql-analysis.yml) [](https://github.com/OWASP/wrongsecrets/actions/workflows/link_checker.yml)[](https://github.com/OWASP/wrongsecrets/actions/workflows/java_swagger_doc.yml) [](https://github.com/OWASP/wrongsecrets/actions/workflows/heroku_tests.yml)
[](https://github.com/OWASP/wrongsecrets/actions/workflows/minikube-k8s-test.yml) [](https://github.com/OWASP/wrongsecrets/actions/workflows/minikube-vault-test.yml) [](https://github.com/OWASP/wrongsecrets/actions/workflows/container_test.yml)[](https://github.com/OWASP/wrongsecrets/actions/workflows/container-alts-test.yml)
[](https://github.com/OWASP/wrongsecrets/actions/workflows/dast-zap-test.yml)
diff --git a/js/index.js b/js/index.js
index 0da72f085..ca7b0ab39 100644
--- a/js/index.js
+++ b/js/index.js
@@ -1,5 +1,5 @@
// eslint-disable-next-line no-unused-vars
function secret () {
- const password = 'JqJJ/Mg=' + 9 + 'n/OE' + 6 + 'knA=' + 2 + 'Tv8v' + 7
+ const password = 'TV5mQAM=' + 9 + 'Fcek' + 6 + 'atA=' + 2 + 'O7ad' + 7
return password
}
diff --git a/src/test/e2e/cypress.config.arcane.js b/src/test/e2e/cypress.config.arcane.js
new file mode 100644
index 000000000..a9cb1c262
--- /dev/null
+++ b/src/test/e2e/cypress.config.arcane.js
@@ -0,0 +1,16 @@
+const { defineConfig } = require('cypress')
+
+module.exports = defineConfig({
+ video: false,
+ e2e: {
+ baseUrl: 'https://arcane-scrubland-42646.herokuapp.com/',
+ specPattern: 'cypress/integration/*.cy.js',
+ reporter: 'cypress-multi-reporters',
+ reporterOptions: {
+ configFile: 'reporter-config.json'
+ },
+ setupNodeEvents (on, config) {
+ // implement node event listeners here
+ }
+ }
+})
diff --git a/src/test/e2e/cypress.config.heroku.js b/src/test/e2e/cypress.config.heroku.js
new file mode 100644
index 000000000..e38fb7519
--- /dev/null
+++ b/src/test/e2e/cypress.config.heroku.js
@@ -0,0 +1,16 @@
+const { defineConfig } = require('cypress')
+
+module.exports = defineConfig({
+ video: false,
+ e2e: {
+ baseUrl: 'https://wrongsecrets.herokuapp.com/',
+ specPattern: 'cypress/integration/*.cy.js',
+ reporter: 'cypress-multi-reporters',
+ reporterOptions: {
+ configFile: 'reporter-config.json'
+ },
+ setupNodeEvents (on, config) {
+ // implement node event listeners here
+ }
+ }
+})
diff --git a/src/test/e2e/cypress/README.md b/src/test/e2e/cypress/README.md
index 6f01c4ac4..c7610a591 100644
--- a/src/test/e2e/cypress/README.md
+++ b/src/test/e2e/cypress/README.md
@@ -12,6 +12,14 @@ The reporting of the tests themselves will be located in `target/test-classes/e2
Please note that cypress requires the templates to have been build first.
+### Run outside of maven
+Want to run them outside of maven? Make sure you have node20 installed and the application running and listening to `http://localhost:8080` . Then do:
+
+```shell
+cd src/test/e2e/cypress
+npx cypress run
+```
+
## How to interact with elements
- To select an element in the UI, add a `data-cy` attribute to the HTML element and give it a unique value.