Skip to content

Commit

Permalink
Merge branch 'master' of https://github.com/commjoen/wrongsecrets into
Browse files Browse the repository at this point in the history 
…#44-JavaScript_library_with_key_obfuscated

� Conflicts:
�	pom.xml
  • Loading branch information
@drnow4u
drnow4u committed Apr 2, 2022
2 parents 0613527 + ae42fdd commit 2b7222a
Show file tree
Hide file tree
Showing 10 changed files with 37 additions and 21 deletions.
4 changes: 2 additions & 2 deletions Dockerfile.web
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
FROM jeroenwillemsen/wrongsecrets:1.3.9-no-vault
FROM jeroenwillemsen/wrongsecrets:1.3.10-no-vault

ARG argBasedVersion="1.3.9"
ARG argBasedVersion="1.3.10"
ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
ENV APP_VERSION=$argBasedVersion
ENV K8S_ENV=Heroku(Docker)
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ For the basic docker exercises you currently require:
You can install it by doing:

```bash
docker run -p 8080:8080 jeroenwillemsen/wrongsecrets:1.3.9-no-vault
docker run -p 8080:8080 jeroenwillemsen/wrongsecrets:1.3.10-no-vault
```

Now you can try to find the secrets by means of solving the challenge offered at:
Expand Down
2 changes: 1 addition & 1 deletion aws/k8s/secret-challenge-vault-deployment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ spec:
volumeAttributes:
secretProviderClass: "wrongsecrets-aws-secretsmanager"
containers:
- image: jeroenwillemsen/wrongsecrets:1.3.9-k8s-vault
- image: jeroenwillemsen/wrongsecrets:1.3.10-k8s-vault
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
Expand Down
2 changes: 1 addition & 1 deletion azure/k8s/secret-challenge-vault-deployment.yml.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ spec:
volumeAttributes:
secretProviderClass: "azure-wrongsecrets-vault"
containers:
- image: jeroenwillemsen/wrongsecrets:1.3.9-k8s-vault
- image: jeroenwillemsen/wrongsecrets:1.3.10-k8s-vault
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
Expand Down
18 changes: 18 additions & 0 deletions gcp/k8s-vault-gcp-ingress-clean.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/bin/bash
# set -o errexit
# set -o pipefail
# set -o nounset

source ../scripts/check-available-commands.sh

checkCommandsAvailable gcloud kubectl

export GCP_PROJECT=$(gcloud config list --format 'value(core.project)' 2>/dev/null)

kubectl delete -f ./k8s-gke-ingress.yaml

echo "Waiting 10 seconds..."
sleep 10

echo "Fecthing network endpoint groups. If this yields results, clean them up:"
gcloud compute network-endpoint-groups list
2 changes: 1 addition & 1 deletion gcp/k8s-vault-gcp-ingress-start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,4 +153,4 @@ echo " "
echo "Your ingress url is: http://$(kubectl get ingress basic-ingress --output jsonpath='{.status.loadBalancer.ingress[].ip}')"
echo " "

echo "Run terraform destroy to clean everything up."
echo "Run terraform destroy to clean everything up. You may need to go to the 'network endpoint groups' in google cloud and clean up some remaining resources."
2 changes: 1 addition & 1 deletion gcp/k8s/secret-challenge-vault-deployment.yml.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ spec:
volumeAttributes:
secretProviderClass: "wrongsecrets-gcp-secretsmanager"
containers:
- image: jeroenwillemsen/wrongsecrets:1.3.9-k8s-vault
- image: jeroenwillemsen/wrongsecrets:1.3.10-k8s-vault
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
Expand Down
2 changes: 1 addition & 1 deletion k8s/secret-challenge-deployment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ spec:
runAsGroup: 2000
fsGroup: 2000
containers:
- image: jeroenwillemsen/wrongsecrets:1.3.9-no-vault
- image: jeroenwillemsen/wrongsecrets:1.3.10-no-vault
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
Expand Down
2 changes: 1 addition & 1 deletion k8s/secret-challenge-vault-deployment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ spec:
runAsNonRoot: true
serviceAccountName: vault
containers:
- image: jeroenwillemsen/wrongsecrets:1.3.9-k8s-vault
- image: jeroenwillemsen/wrongsecrets:1.3.10-k8s-vault
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
Expand Down
22 changes: 10 additions & 12 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,12 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.5</version>
<version>2.6.6</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>org.owasp</groupId>
<artifactId>wrongsecrets</artifactId>
<version>1.3.7-SNAPSHOT</version>
<version>1.3.10-SNAPSHOT</version>
<name>OWASP WrongSecrets</name>
<description>Examples with how to not use secrets</description>
<url>https://owasp.org/www-project-wrongsecrets/</url>
Expand Down Expand Up @@ -43,24 +43,22 @@
<spring.cloud-version>2021.0.1</spring.cloud-version>
<lombok.version>1.18.22</lombok.version>
<maven.compiler.target>17</maven.compiler.target>
<aws.sdk.version>2.17.139</aws.sdk.version>
<aws.sdk.version>2.17.161</aws.sdk.version>
<asciidoctorj.version>2.5.3</asciidoctorj.version>
<jruby.version>9.3.3.0</jruby.version>
<jruby.version>9.3.4.0</jruby.version>
<bootstrap.version>5.1.3</bootstrap.version>
<github.button.version>2.14.1</github.button.version>
<gcp.sdk.version>24.3.0</gcp.sdk.version>
<gcp.sdk.version>25.1.0</gcp.sdk.version>
<thymeleaf-spring5.version>3.0.15.RELEASE</thymeleaf-spring5.version>
<thymeleaf.version>3.0.15.RELEASE</thymeleaf.version>
<thymeleaf.layout>3.0.0</thymeleaf.layout>
<thymeleaf.layout>3.1.0</thymeleaf.layout>
<asciidoctor.maven.plugin.version>2.2.2</asciidoctor.maven.plugin.version>
<azure.keyvault.version>4.3.7</azure.keyvault.version>
<azure.identity.version>1.4.4</azure.identity.version>
<azure.keyvault.version>4.4.0</azure.keyvault.version>
<azure.identity.version>1.4.6</azure.identity.version>
<azure.keyvault.spring.version>2.3.5</azure.keyvault.spring.version>
<spring.security.version>5.6.2</spring.security.version>
<cyclonedx.core.version>7.0.0</cyclonedx.core.version>
<cyclonedx.core.version>7.1.3</cyclonedx.core.version>
<KeePassJava2.version>2.1.4</KeePassJava2.version>
<!-- can be deleted after moving to spring-boot-starter-parent 2.6.6-->
<spring-framework.version>5.3.18</spring-framework.version>

</properties>

Expand Down Expand Up @@ -252,7 +250,7 @@
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>10.0</version>
<version>10.1</version>
</dependency>
</dependencies>
</plugin>
Expand Down

0 comments on commit 2b7222a

Please sign in to comment.