OWASP · commjoen · Mar 30, 2024 · Mar 30, 2024 · Mar 30, 2024 · Mar 30, 2024
@@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb
 git rebase -i main
 git rebase -i master
 git stash
-export tempPassword="WSUKayftrYy/iemVnymAQ8KvZMlFd9z3OjDfmtrK/c8="
+export tempPassword="nwRjz2BWCWEnDOzaNpZl/p6OEewJiEGfd0/gBoBKLbo="
 mvn run tempPassword
 k6
 npx k6

@@ -65,12 +65,12 @@ jobs:
       #- run: |
       #   make bootstrap
       #   make release
-      - name: Set up JDK 21
+      - name: Set up JDK 22
         uses: actions/setup-java@v4
         with:
-          java-version: "21"
-          distribution: "corretto"
+          java-version: "22"
+          distribution: "temurin"
       - name: run mvn clean package
         run: ./mvnw clean package -Ddependency-check.skip=true -Dmaven.test.skip=true
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+#      - name: Perform CodeQL Analysis blocked on https://github.com/github/roadmap/issues/919
+#        uses: github/codeql-action/analyze@v3
@@ -18,11 +18,11 @@ jobs:
     runs-on: ubuntu-latest
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      - name: Set up JDK 21
+      - name: Set up JDK 22
         uses: actions/setup-java@v4
         with:
-          java-version: "21"
-          distribution: "corretto"
+          java-version: "22"
+          distribution: "temurin"
       - uses: actions/checkout@v4
       - name: Navigate to test script and run
         run: cd .github/scripts && bash docker-create.sh -t
@@ -14,11 +14,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Set up JDK 21
+      - name: Set up JDK 22
         uses: actions/setup-java@v4
         with:
-          java-version: "21"
-          distribution: "corretto"
+          java-version: "22"
+          distribution: "temurin"
       - name: Clean install
         run: ./mvnw --no-transfer-progress clean install -DskipTests -Ddependency-check.skip -Dcyclonedx.skip=true -Dexec.skip
       - name: Start wrongsecrets

@@ -14,11 +14,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Set up JDK 21
+      - name: Set up JDK 22
         uses: actions/setup-java@v4
         with:
-          java-version: "21"
-          distribution: "corretto"
+          java-version: "22"
+          distribution: "temurin"
       - name: Clean install
         run: ./mvnw --no-transfer-progress clean install -DskipTests -Ddependency-check.skip -Dcyclonedx.skip=true -Dexec.skip
       - name: Compile javadoc

@@ -25,11 +25,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Set up JDK 21
+      - name: Set up JDK 22
         uses: actions/setup-java@v4
         with:
-          java-version: "21"
-          distribution: "corretto"
+          java-version: "22"
+          distribution: "temurin"
       - name: checkstyle with Maven
         run: ./mvnw --no-transfer-progress checkstyle:check
 
@@ -38,11 +38,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Set up JDK 21
+      - name: Set up JDK 22
         uses: actions/setup-java@v4
         with:
-          java-version: "21"
-          distribution: "corretto"
+          java-version: "22"
+          distribution: "temurin"
       - name: spotbugs with Maven
         run: ./mvnw --no-transfer-progress package -DskipTests spotbugs:check
   test:
@@ -53,11 +53,11 @@ jobs:
       contents: read
     steps:
       - uses: actions/checkout@v4
-      - name: Set up JDK 21
+      - name: Set up JDK 22
         uses: actions/setup-java@v4
         with:
-          java-version: "21"
-          distribution: "corretto"
+          java-version: "22"
+          distribution: "temurin"
       - name: Test with Maven
         run: ./mvnw --no-transfer-progress test
       - uses: actions/upload-artifact@v4

@@ -31,8 +31,8 @@ jobs:
           cache: "npm"
       - uses: actions/setup-java@v4
         with:
-          distribution: 'oracle'
-          java-version: '21'
+          distribution: 'temurin'
+          java-version: '22'
       - name: Install npm dependencies
         run: npm install
       - uses: actions/cache@v4

@@ -123,8 +123,8 @@ Please be sure to take a careful look at our [Code of Conduct](https://github.co
 2. **Node.Js 20**
    [_Node.Js_](https://nodejs.org/en/) is an open-source library and a cross-platform JavaScript **runtime environment** specifically for running web applications outside one's browser.
 
-3. **JDK-21**
-   [_JDK_](https://www.oracle.com/java/technologies/downloads/#java21) is a tool used in development and testing programs written in the Java programming language.
+3. **JDK-22**
+   [_JDK_](https://www.oracle.com/java/technologies/downloads/#java22) is a tool used in development and testing programs written in the Java programming language.
 
 4. **IntelliJ IDEA**
    [_IntelliJ IDEA_](https://www.jetbrains.com/idea/download) is an integrated development environment basically an **IDE** written in Java for developing software written in Java, Kotlin, Groovy etc.
@@ -190,9 +190,9 @@ Select **_google-java-format Settings_** and click enable.
 
 Open **_File > Project structure _**.
 
-In the tab `Project` make sure that an SDK of version `21` is selected (e.g. `openjdk-21`, `oraclejdk-21` or just `21` depending on which Java JDK variant you installed).
+In the tab `Project` make sure that an SDK of version `22` is selected (e.g. `openjdk-22`, `oraclejdk-22` or just `22` depending on which Java JDK variant you installed).
 
-In the tab `SDKs` make sure that an SDK of version `21` is selected.
+In the tab `SDKs` make sure that an SDK of version `22` is selected.
 
 
 ### Step 6: Reload the project

@@ -1,7 +1,7 @@
-FROM amazoncorretto:22.0.0-alpine
+FROM eclipse-temurin:22_36-jre-alpine
 
 ARG argBasedPassword="default"
-ARG argBasedVersion="1.8.4"
+ARG argBasedVersion="1.8.5test5"
 ARG spring_profile=""
 ENV SPRING_PROFILES_ACTIVE=$spring_profile
 ENV ARG_BASED_PASSWORD=$argBasedPassword
@@ -17,7 +17,7 @@ RUN echo "$argBasedPassword"
 
 RUN apk add --no-cache libstdc++
 
-# RUN useradd -u 2000 -m wrongsecrets
+#RUN useradd -u 2000 -m wrongsecrets
 RUN adduser -u 2000 -D wrongsecrets
 USER wrongsecrets
 

@@ -1,5 +1,5 @@
-FROM jeroenwillemsen/wrongsecrets:1.8.4-no-vault
-ARG argBasedVersion="1.8.4-no-vault"
+FROM jeroenwillemsen/wrongsecrets:1.8.5test5-no-vault
+ARG argBasedVersion="1.8.5alpha5-no-vault"
 ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
 ARG CTF_ENABLED=false
 ARG HINTS_ENABLED=true

@@ -306,6 +306,7 @@ Contributors:
 - [Rick M @kingthorin](https://github.com/kingthorin)
 - [Shlomo Zalman Heigh @szh](https://github.com/szh)
 - [Fern @f3rn0s](https://github.com/f3rn0s)
+- [Jeff Tong @Wind010](https://github.com/Wind010)
 
 Testers:
 
@@ -441,11 +442,11 @@ You can use the OWASP Dependency-checker by calling `mvn dependency-check:aggreg
 
 ### Get the project started in IntelliJ IDEA
 
-Requirements: make sure you have the following tools installed: [Docker](https://www.docker.com/products/docker-desktop/), [Java21 JDK](https://jdk.java.net/21/), [NodeJS 20](https://nodejs.org/en/download/current) and [IntelliJ IDEA](https://www.jetbrains.com/idea/download).
+Requirements: make sure you have the following tools installed: [Docker](https://www.docker.com/products/docker-desktop/), [Java22 JDK](https://jdk.java.net/22/), [NodeJS 20](https://nodejs.org/en/download/current) and [IntelliJ IDEA](https://www.jetbrains.com/idea/download).
 
 1. Fork and clone the project as described in the [documentation](https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md).
 2. Import the project in IntelliJ (e.g. import as mvn project / local sources)
-3. Go to the project settings and make sure it uses Java21 (And that the JDK can be found)
+3. Go to the project settings and make sure it uses Java22 (And that the JDK can be found)
 4. Go to the IDE settings>Language & Frameworks > Lombok and make sure Lombok processing is enabled
 5. Open the Maven Tab in your IDEA and run "Reload All Maven Projects" to make the system sync and download everything. Next, in that same tab use the "install" option as part of the OWASP WrongSecrets Lifecycle to genereate the asciidoc and such.
 6. Now run the `main` method in `org.owasp.wrongsecrets.WrongSecretsApplication.java`. This should fail with a stack trace.

@@ -41,7 +41,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-aws-secretsmanager"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.8.4-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.8.5test5-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           securityContext:

@@ -8,7 +8,7 @@ app = "wrongsecrets"
 primary_region = "ams"
 
 [build]
-  image = "docker.io/jeroenwillemsen/wrongsecrets:1.8.4-no-vault"
+  image = "docker.io/jeroenwillemsen/wrongsecrets:1.8.5test5-no-vault"
 
 [env]
   K8S_ENV = "Fly(Docker)"

@@ -39,7 +39,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-gcp-secretsmanager"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.8.4-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.8.5test5-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           ports:

@@ -1,5 +1,5 @@
 // eslint-disable-next-line no-unused-vars
 function secret () {
-  const password = 'wprBVZE=' + 9 + 'Ft7i' + 6 + 'lY0=' + 2 + '6818' + 7
+  const password = 'JqJJ/Mg=' + 9 + 'n/OE' + 6 + 'knA=' + 2 + 'Tv8v' + 7
   return password
 }
@@ -28,7 +28,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.8.4-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.8.5test5-no-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           ports:

@@ -46,7 +46,7 @@ spec:
           type: RuntimeDefault
       serviceAccountName: vault
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.8.4-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.8.5test5-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           securityContext:

@@ -28,7 +28,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.8.4-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.8.5test5-no-vault
           name: secret-challenge-ctf
           imagePullPolicy: IfNotPresent
           securityContext:

@@ -28,7 +28,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.8.4-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.8.5test5-no-vault
           name: secret-challenge
           imagePullPolicy: IfNotPresent
           securityContext:

@@ -5,13 +5,13 @@
   <parent>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-    <version>3.2.3</version>
+    <version>3.2.4</version>
     <!-- lookup parent from repository -->
   </parent>
 
   <groupId>org.owasp</groupId>
   <artifactId>wrongsecrets</artifactId>
-  <version>1.8.3-SNAPSHOT</version>
+  <version>1.8.5test1-SNAPSHOT</version>
 
   <name>OWASP WrongSecrets</name>
   <description>Examples with how to not use secrets</description>
@@ -46,23 +46,23 @@
     <KeePassJava2.version>2.2.1</KeePassJava2.version>
     <asciidoctor.maven.plugin.version>3.0.0</asciidoctor.maven.plugin.version>
     <asciidoctorj.version>2.5.11</asciidoctorj.version>
-    <aws.sdk.version>2.25.0</aws.sdk.version>
+    <aws.sdk.version>2.25.20</aws.sdk.version>
     <bootstrap.version>5.3.3</bootstrap.version>
-    <com.azure.spring.version>5.9.1</com.azure.spring.version>
+    <com.azure.spring.version>5.11.0</com.azure.spring.version>
     <cyclonedx.core.version>8.0.3</cyclonedx.core.version>
     <datatables.version>1.13.5</datatables.version>
-    <dependency-check-maven.version>8.2.1</dependency-check-maven.version>
+    <dependency-check-maven.version>9.0.10</dependency-check-maven.version>
     <gatling-maven-plugin.version>4.8.2</gatling-maven-plugin.version>
-    <gatling.version>3.10.4</gatling.version>
+    <gatling.version>3.10.5</gatling.version>
     <gcp.sdk.version>5.0.4</gcp.sdk.version>
     <github.button.version>2.14.1</github.button.version>
-    <java.version>21</java.version>
+    <java.version>22</java.version>
     <jquery.version>3.7.1</jquery.version>
     <jruby.version>9.4.6.0</jruby.version>
-    <lombok.version>1.18.30</lombok.version>
-    <maven.compiler.target>21</maven.compiler.target>
-    <spring.cloud-version>2023.0.0</spring.cloud-version>
-    <spring.security.version>6.1.4</spring.security.version>
+    <lombok.version>1.18.32</lombok.version>
+    <maven.compiler.target>22</maven.compiler.target>
+    <spring.cloud-version>2023.0.1</spring.cloud-version>
+    <spring.security.version>6.2.3</spring.security.version>
     <system-stubs-jupiter.version>2.1.6</system-stubs-jupiter.version>
     <thymeleaf-extras-springsecurity6.version>3.1.2.RELEASE</thymeleaf-extras-springsecurity6.version>
     <thymeleaf.layout.version>3.3.0</thymeleaf.layout.version>
@@ -440,6 +440,7 @@
         <artifactId>dependency-check-maven</artifactId>
         <version>${dependency-check-maven.version}</version>
         <configuration>
+          <nvdApiKey>a1c86a6f-95f5-4680-b447-1e2e2c501cd0</nvdApiKey>
           <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
         </configuration>
         <executions>
@@ -511,8 +512,8 @@
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-compiler-plugin</artifactId>
         <configuration>
-          <source>21</source>
-          <target>21</target>
+          <source>22</source>
+          <target>22</target>
         </configuration>
       </plugin>
       <plugin>

@@ -195,7 +195,7 @@ private File createTempExecutable(String fileName) throws IOException {
       log.info("While we detected windows, please note that it is officially not supported.");
     } else if (useLinux()) {
       fileName = fileName + "-linux";
-      if (useMusl()) {
+      if (useMusl() && !fileName.contains("golang")) {
         fileName = fileName + "-musl";
       }
     }