Projects STRLCPY wrongsecrets Commits 02c237df
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    .github/scripts/docker-create.sh
    skipped 44 lines
    45 45   cd ../..
    46 46   heroku container:push --recursive --arg argBasedVersion=${tag}heroku --app arcane-scrubland-42646
    47 47   heroku container:release web --app arcane-scrubland-42646
    48  - heroku container:push --recursive --arg argBasedVersion=${tag}heroku --arg CTF_ENABLED=true --arg HINTS_ENABLED=false --app wrongsecrets-ctf
     48 + heroku container:push --recursive --arg argBasedVersion=${tag}heroku,CTF_ENABLED=true,HINTS_ENABLED=false --app wrongsecrets-ctf
    49 49   heroku container:release web --app wrongsecrets-ctf
    50 50   exit
    51 51  }
    skipped 4 lines
    56 56   heroku container:login
    57 57   echo "heroku deployment to prod"
    58 58   cd ../..
    59  - heroku container:push --recursive --arg argBasedVersion=${tag}heroku --arg CANARY_URLS=http://canarytokens.com/feedback/images/traffic/tgy3epux7jm59n0ejb4xv4zg3/submit.aspx,http://canarytokens.com/traffic/cjldn0fsgkz97ufsr92qelimv/post.jsp --app=wrongsecrets
     59 + heroku container:push --recursive --arg argBasedVersion=${tag}heroku,CANARY_URLS=http://canarytokens.com/feedback/images/traffic/tgy3epux7jm59n0ejb4xv4zg3/submit.aspx,http://canarytokens.com/traffic/cjldn0fsgkz97ufsr92qelimv/post.jsp --app=wrongsecrets
    60 60   heroku container:release web --app=wrongsecrets
    61 61   exit
    62 62  }
    skipped 282 lines
  • ■ ■ ■ ■
    Dockerfile.web
    1  -FROM jeroenwillemsen/wrongsecrets:ctfdtest10-no-vault
     1 +FROM jeroenwillemsen/wrongsecrets:ctfdtest12-no-vault
    2 2   
    3 3  ARG argBasedVersion="1.4.7"
    4 4  ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
    skipped 13 lines
  • ■ ■ ■ ■ ■
    README.md
    skipped 212 lines
    213 213  Want to know if your tool detects everything? We will keep track of the embedded secrets in [this issue](https://github.com/commjoen/wrongsecrets/issues/201) and have a [branch](https://github.com/commjoen/wrongsecrets/tree/experiment-bed) in which we put additional secrets for your tool to detect.
    214 214  The branch will contain a Docker container generation script using which you can eventually test your container secret scanning.
    215 215   
    216  -## CTFD Support - Experimental
     216 +## CTF
    217 217   
    218  -NOTE: CTFD support is experimental, but can work based on the [Juiceshop CTF CLI](https://github.com/juice-shop/juice-shop-ctf).
     218 +### CTFD Support
     219 + 
     220 +NOTE: CTFD support is experimental, and now works based on the [Juiceshop CTF CLI](https://github.com/juice-shop/juice-shop-ctf).
    219 221  NOTE-II: https://wrongsecrets-ctf.herokuapp.com is based on a free heroku instance, which takes time to warm up. Initial creation of the zip file for CTFD requires you to visit [https://wrongsecrets-ctf.herokuapp.com/api/Challenges](https://wrongsecrets-ctf.herokuapp.com/api/Challenges) once before executing the steps below.
    220 222   
    221 223  Follow the following steps:
    222 224   
    223 225  ```shell
    224 226   npm install -g juice-shop-ctf-cli
    225  - juice-shop-ctf #choose ctfd and https://wrongsecrets-ctf.herokuapp.com as domain. No trailing slash! The key is 'TRwzkRJnHOTckssAeyJbysWgP!Qc2T'
    226  - docker run -p 8001:8000 -it ctfd/ctfd:3.4.3 # configure challenge and import the zip from juice-shop-ctf
     227 + juice-shop-ctf #choose ctfd and https://wrongsecrets-ctf.herokuapp.com as domain. No trailing slash! The key is 'TRwzkRJnHOTckssAeyJbysWgP!Qc2T', feel free to enable hints. We do not support snippets or links/urls to code or hints.
     228 + docker run -p 8001:8000 -it ctfd/ctfd:3.4.3
    227 229  ```
    228 230   
     231 +Now visit the CTFD instance at [http://localhost:8001](http://localhost:8001) and setup your CTF. Then use the administrative backup function to import the zipfile you created with the juice-shop-ctf command.
    229 232  Game on using [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com) !
    230  -Want to setup your own? You can!
     233 +Want to setup your own? You can! Watch out for people finding your key though, so secure it properly: make sure the running container with the actual ctf-key is not exposed to the audience, similar to our heroku container.
     234 + 
     235 +## FBCTF Support (Experimental!)
     236 + 
     237 +NOTE: FBCTF support is experimental.
     238 + 
     239 +follow the same step as with CTFD, only now choose fbctfd and as a url for the countrymapping choose `https://raw.githubusercontent.com/commjoen/wrongsecrets/79a982558016c8ce70948a8106f9a2ee5b5b9eea/config/fbctf.yml`. Then follow [https://github.com/facebookarchive/fbctf/wiki/Quick-Setup-Guide](https://github.com/facebookarchive/fbctf/wiki/Quick-Setup-Guide) to run the FBCTF.
     240 + 
     241 + 
    231 242   
    232 243  ## Notes on development
    233 244   
    skipped 78 lines
  • ■ ■ ■ ■ ■ ■
    config/fbctf.yml
     1 +ctf:
     2 + showFlagsInNotifications: true
     3 + showCountryDetailsInNotifications: both
     4 + countryMapping:
     5 + challenge1:
     6 + name: Canada
     7 + code: CA
     8 + challenge2:
     9 + name: Austria
     10 + code: AT
     11 + challenge3:
     12 + name: Israel
     13 + code: IL
     14 + challenge4:
     15 + name: Russian Federation
     16 + code: RU
     17 + challenge5:
     18 + name: Honduras
     19 + code: HN
     20 + challenge6:
     21 + name: Guatemala
     22 + code: GT
     23 + challenge7:
     24 + name: Germany
     25 + code: DE
     26 + challenge8:
     27 + name: Uruguay
     28 + code: UY
     29 + challenge9:
     30 + name: Myanmar
     31 + code: MM
     32 + challenge10:
     33 + name: Costa Rica
     34 + code: CR
     35 + challenge11:
     36 + name: Paraguay
     37 + code: PY
     38 + challenge12:
     39 + name: Slovakia
     40 + code: SK
     41 + challenge13:
     42 + name: Madagascar
     43 + code: MG
     44 + challenge14:
     45 + name: Belize
     46 + code: BZ
     47 + challenge15:
     48 + name: Korea (Democratic People's Republic of)
     49 + code: KP
     50 + challenge16:
     51 + name: Korea
     52 + code: KR
     53 + challenge17:
     54 + name: Belarus
     55 + code: BY
     56 + challenge18:
     57 + name: Bolivia
     58 + code: BO
     59 + challenge19:
     60 + name: Switzerland
     61 + code: CH
     62 + challenge20:
     63 + name: Peru
     64 + code: PE
     65 + challenge21:
     66 + name: Ukraine
     67 + code: UA
     68 + challenge22:
     69 + name: United States of America
     70 + code: US
     71 + challenge23:
     72 + name: Turkey
     73 + code: TR
     74 + challenge24:
     75 + name: Suriname
     76 + code: SR
     77 + challenge25:
     78 + name: Colombia
     79 + code: CO
     80 + challenge26:
     81 + name: Poland
     82 + code: PL
     83 + challenge27:
     84 + name: Ecuador
     85 + code: EC
     86 + challenge28:
     87 + name: Sri Lanka
     88 + code: LK
     89 + challenge29:
     90 + name: Eritrea
     91 + code: ER
     92 + challenge30:
     93 + name: Panama
     94 + code: PA
     95 + 
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/InMemoryScoreCard.java
    skipped 6 lines
    7 7   
    8 8  public class InMemoryScoreCard implements ScoreCard {
    9 9   
    10  - private final int maxPoints;
     10 + private final int maxNumberOfChallenges;
    11 11   private final Set<Challenge> solvedChallenges = new HashSet<>();
    12 12   
    13 13   public InMemoryScoreCard(int numberOfChallenge) {
    14  - maxPoints = numberOfChallenge * 50;
     14 + maxNumberOfChallenges = numberOfChallenge;
    15 15   }
    16 16   
    17 17   @Override
    skipped 8 lines
    26 26   
    27 27   @Override
    28 28   public float getProgress() {
    29  - return (100 / (float) maxPoints) * getTotalReceivedPoints();
     29 + return ((float) 100 / maxNumberOfChallenges) * solvedChallenges.size();
    30 30   }
    31 31   
    32 32   @Override
    33 33   public int getTotalReceivedPoints() {
    34  - return solvedChallenges.size() * 50;
     34 + return solvedChallenges.stream().map(challenge -> challenge.difficulty() * (100 + (challenge.difficulty() - 1) * 25)).reduce(0, Integer::sum);
    35 35   }
    36 36   
    37 37   @Override
    skipped 5 lines
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/StatsController.java
    skipped 14 lines
    15 15   @Autowired
    16 16   private SessionConfiguration sessionConfiguration;
    17 17   
     18 + @Value("${hints_enabled}")
     19 + private boolean hintsEnabled;
     20 + @Value("${reason_enabled}")
     21 + private boolean reasonEnabled;
     22 + @Value("${ctf_enabled}")
     23 + private boolean ctfModeEnabled;
     24 + 
    18 25   @Value("${canarytokenURLs}")
    19 26   private String[] canaryTokenURLs;
    20 27   
    skipped 3 lines
    24 31   model.addAttribute("sessioncounter", sessionConfiguration.getCounter());
    25 32   model.addAttribute("lastCanaryToken", canaryCounter.getLastToken());
    26 33   model.addAttribute("canarytokenURLs", canaryTokenURLs);
     34 + model.addAttribute("hintsEnabled", hintsEnabled);
     35 + model.addAttribute("reasonEnabled", reasonEnabled);
     36 + model.addAttribute("ctfModeEnabled",ctfModeEnabled);
    27 37   return "stats";
    28 38   }
    29 39  }
    skipped 1 lines
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/Challenge.java
    skipped 20 lines
    21 21   
    22 22   public abstract int difficulty();
    23 23   
     24 + public abstract String getTech();
     25 + 
    24 26   public boolean solved(String answer) {
    25 27   var correctAnswer = answerCorrect(answer);
    26 28   if (correctAnswer) {
    skipped 18 lines
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/ChallengeUI.java
    skipped 37 lines
    38 38   return challengeNumber;
    39 39   }
    40 40   
     41 + public String getTech() {
     42 + return challenge.getTech();
     43 + }
     44 + 
    41 45   public Integer next() {
    42 46   return challengeNumber + 1;
    43 47   }
    skipped 36 lines
  • ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/ChallengesAPIController.java
    skipped 12 lines
    13 13  import org.springframework.util.ResourceUtils;
    14 14  import org.springframework.web.bind.annotation.GetMapping;
    15 15  import org.springframework.web.bind.annotation.RestController;
     16 +import org.yaml.snakeyaml.Yaml;
    16 17   
    17 18  import java.io.BufferedReader;
    18 19  import java.io.IOException;
    19 20  import java.io.InputStreamReader;
    20 21  import java.util.ArrayList;
    21 22  import java.util.List;
     23 +import java.util.Locale;
    22 24   
    23 25  @Slf4j
    24 26  @RestController
    skipped 29 lines
    54 56   jsonChallenge.put("id", i);
    55 57   jsonChallenge.put("name", challenges.get(i).getName());
    56 58   jsonChallenge.put("key", challenges.get(i).getExplanation());
    57  - jsonChallenge.put("category", getCategory(challenges.get(i)));
     59 + jsonChallenge.put("category", getCategory(challenges.get(i)) + " - " + challenges.get(i).getTech());
    58 60   jsonChallenge.put("description", descriptions.get(i));
    59 61   jsonChallenge.put("hint", hints.get(i));
    60 62   jsonChallenge.put("solved", scoreCard.getChallengeCompleted(challenges.get(i).getChallenge()));
    skipped 59 lines
    120 122   }
    121 123   return null;
    122 124   }
     125 + 
    123 126  }
    124 127   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge10.java
    skipped 60 lines
    61 61   public int difficulty() {
    62 62   return 4;
    63 63   }
     64 + 
     65 + @Override
     66 + public String getTech() {
     67 + return "CSI-Driver";
     68 + }
    64 69  }
    65 70   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge11.java
    skipped 88 lines
    89 89   return 4;
    90 90   }
    91 91   
     92 + @Override
     93 + public String getTech() {
     94 + return "IAM Privilege escalation";
     95 + }
     96 + 
    92 97   private String getChallenge11Value(RuntimeEnvironment runtimeEnvironment) {
    93 98   if (runtimeEnvironment != null && runtimeEnvironment.getRuntimeEnvironment() != null) {
    94 99   return switch (runtimeEnvironment.getRuntimeEnvironment()) {
    skipped 83 lines
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge9.java
    skipped 60 lines
    61 61   public int difficulty() {
    62 62   return 3;
    63 63   }
     64 + 
     65 + @Override
     66 + public String getTech() {
     67 + return "Terraform";
     68 + }
    64 69  }
    65 70   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge1.java
    skipped 37 lines
    38 38   public int difficulty() {
    39 39   return 1;
    40 40   }
     41 + 
     42 + @Override
     43 + public String getTech() {
     44 + return "Git";
     45 + }
    41 46  }
    42 47   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge12.java
    skipped 46 lines
    47 47   return 3;
    48 48   }
    49 49   
     50 + @Override
     51 + public String getTech() {
     52 + return "Docker";
     53 + }
     54 + 
    50 55   private String getActualData() {
    51 56   try {
    52 57   return Files.readString(Paths.get(dockerMountPath, "yourkey.txt"));
    skipped 7 lines
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge13.java
    skipped 52 lines
    53 53   return 3;
    54 54   }
    55 55   
     56 + @Override
     57 + public String getTech() {
     58 + return "CI/CD";
     59 + }
     60 + 
    56 61   private boolean isKeyCorrect(String base64EncodedKey) {
    57 62   if (Strings.isEmpty(base64EncodedKey) || Strings.isEmpty(plainText) || Strings.isEmpty(cipherText)) {
    58 63   log.info("Checking secret with values {}, {}, {}", base64EncodedKey, plainText, cipherText);
    skipped 26 lines
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge14.java
    skipped 58 lines
    59 59   return 4;
    60 60   }
    61 61   
     62 + @Override
     63 + public String getTech() {
     64 + return "Password manager";
     65 + }
     66 + 
    62 67   private String findAnswer() {
    63 68   if (Strings.isEmpty(keepassxPassword)) {
    64 69   log.info("Checking secret with values {}", keepassxPassword);
    skipped 24 lines
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java
    skipped 53 lines
    54 54   return 2;
    55 55   }
    56 56   
     57 + @Override
     58 + public String getTech() {
     59 + return "Git";
     60 + }
     61 + 
    57 62   private String quickDecrypt(String cipherText) {
    58 63   try {
    59 64   final byte[] keyData = Base64.getDecoder().decode(encryptionKey);
    skipped 29 lines
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java
    skipped 46 lines
    47 47   return 3;
    48 48   }
    49 49   
     50 + @Override
     51 + public String getTech() {
     52 + return "Front-end";
     53 + }
     54 + 
    50 55   public String getActualData() {
    51 56   try {
    52 57   return Files.readString(Paths.get(dockerMountPath, "secondkey.txt"));
    skipped 7 lines
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge17.java
    skipped 46 lines
    47 47   return 3;
    48 48   }
    49 49   
     50 + @Override
     51 + public String getTech() {
     52 + return "Docker";
     53 + }
     54 + 
    50 55   public String getActualData() {
    51 56   try {
    52 57   return Files.readString(Paths.get(dockerMountPath, "thirdkey.txt"));
    skipped 7 lines
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge18.java
    skipped 69 lines
    70 70   public int difficulty() {
    71 71   return 5;
    72 72   }
     73 + 
     74 + @Override
     75 + public String getTech() {
     76 + return "Hashing";
     77 + }
    73 78  }
    74 79   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge19.java
    skipped 43 lines
    44 44   public int difficulty() {
    45 45   return 4;
    46 46   }
     47 + 
     48 + @Override
     49 + public String getTech() {
     50 + return "Binary";
     51 + }
    47 52  }
    48 53   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge2.java
    skipped 41 lines
    42 42   public int difficulty() {
    43 43   return 1;
    44 44   }
     45 + 
     46 + @Override
     47 + public String getTech() {
     48 + return "Git";
     49 + }
    45 50  }
    46 51   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge20.java
    skipped 43 lines
    44 44   public int difficulty() {
    45 45   return 4;
    46 46   }
     47 + 
     48 + @Override
     49 + public String getTech() {
     50 + return "Binary";
     51 + }
    47 52  }
    48 53   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge21.java
    skipped 43 lines
    44 44   public int difficulty() {
    45 45   return 5;
    46 46   }
     47 + 
     48 + @Override
     49 + public String getTech() {
     50 + return "Binary";
     51 + }
    47 52  }
    48 53   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge22.java
    skipped 42 lines
    43 43   public int difficulty() {
    44 44   return 5;
    45 45   }
     46 + 
     47 + @Override
     48 + public String getTech() {
     49 + return "Binary";
     50 + }
    46 51  }
    47 52   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge3.java
    skipped 41 lines
    42 42   public int difficulty() {
    43 43   return 1;
    44 44   }
     45 + 
     46 + @Override
     47 + public String getTech() {
     48 + return "Docker";
     49 + }
    45 50  }
    46 51   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge4.java
    skipped 43 lines
    44 44   return 2;
    45 45   }
    46 46   
     47 + @Override
     48 + public String getTech() {
     49 + return "Docker";
     50 + }
     51 + 
    47 52  }
    48 53   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge8.java
    skipped 49 lines
    50 50   return 2;
    51 51   }
    52 52   
     53 + @Override
     54 + public String getTech() {
     55 + return "Logging";
     56 + }
     57 + 
    53 58   private String generateRandomString(int length) {
    54 59   StringBuilder builder = new StringBuilder(length);
    55 60   for (int i = 0; i < length; i++) {
    skipped 6 lines
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge5.java
    skipped 41 lines
    42 42   public int difficulty() {
    43 43   return 2;
    44 44   }
     45 + 
     46 + @Override
     47 + public String getTech() {
     48 + return "Configmaps";
     49 + }
    45 50  }
    46 51   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge6.java
    skipped 41 lines
    42 42   public int difficulty() {
    43 43   return 2;
    44 44   }
     45 + 
     46 + @Override
     47 + public String getTech() {
     48 + return "Secrets";
     49 + }
    45 50  }
    46 51   
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge7.java
    skipped 46 lines
    47 47   public int difficulty() {
    48 48   return 4;
    49 49   }
     50 + 
     51 + @Override
     52 + public String getTech() {
     53 + return "Vault";
     54 + }
    50 55  }
    51 56   
  • ■ ■ ■ ■ ■ ■
    src/main/resources/templates/stats.html
    skipped 6 lines
    7 7   <h1>Current Stats</h1>
    8 8   <p>Number of active sessions:</p>
    9 9   <p th:text="${sessioncounter}"></p>
     10 + <p>Hints enabled:<span th:text="${hintsEnabled}"></span></p>
     11 + <p>Reason enabled:<span th:text="${reasonEnabled}"></span></p>
     12 + <p>CTF-mode enabled:<span th:text="${ctfModeEnabled}"></span></p>
     13 + 
    10 14   <p>Number of canary callbacks since boot:</p>
    11 15   <p th:text="${canaryCounter}"></p>
    12 16   <p>Last canary token received:</p>
    skipped 11 lines
  • ■ ■ ■ ■ ■ ■
    src/main/resources/templates/welcome.html
    skipped 20 lines
    21 21   <thead>
    22 22   <tr>
    23 23   <th scope="col">#</th>
    24  - <th scope="col">Challenge &nbsp;&nbsp;&nbsp;&nbsp;</th>
    25  - <th scope="col" th:text="'Required environments (current: '+${environment}+')'"></th>
     24 + <th scope="col">Challenge&nbsp;&nbsp;&nbsp;</th>
     25 + <th scope="col">Focus&nbsp;&nbsp;&nbsp;</th>
     26 + <th scope="col" th:text="'Runs on environment (current: '+${environment}+')'"></th>
    26 27   </tr>
    27 28   </thead>
    28 29   <tbody>
    skipped 3 lines
    32 33   th:class="${challenge.isChallengeEnabled} ? '' : 'disabled'"><span
    33 34   th:text="${challenge.name}"
    34 35   th:remove="tag"></span></a></td>
     36 + <td th:text="${challenge.tech}"></td>
    35 37   <th:block th:if="${challenge.requiredEnv} == 'DOCKER'">
    36 38   <td>Docker</td>
    37 39   </th:block>
    38 40   <th:block th:if="${challenge.requiredEnv} == 'K8S'">
    39  - <td>Kubernetes or Minikube</td>
     41 + <td>K8s or Minikube</td>
    40 42   </th:block>
    41 43   <th:block th:if="${challenge.requiredEnv} == 'VAULT'">
    42  - <td>Kubernetes or Minikube with Vault</td>
     44 + <td>K8s or Minikube with Vault</td>
    43 45   </th:block>
    44 46   <th:block
    45 47   th:if="${challenge.requiredEnv} == 'AWS' or ${challenge.requiredEnv} == 'GCP'or ${challenge.requiredEnv} == 'AZURE'">
    skipped 103 lines
  • ■ ■ ■ ■ ■
    src/test/java/org/owasp/wrongsecrets/InMemoryScoreCardTest.java
    skipped 6 lines
    7 7  import org.mockito.junit.jupiter.MockitoExtension;
    8 8  import org.owasp.wrongsecrets.challenges.Challenge;
    9 9   
     10 +import static org.mockito.ArgumentMatchers.anyString;
     11 +import static org.mockito.Mockito.when;
     12 + 
    10 13  @ExtendWith(MockitoExtension.class)
    11 14  class InMemoryScoreCardTest {
    12 15   
    skipped 5 lines
    18 21   
    19 22   @Test
    20 23   void whenOneChallengeSolvedPointsShouldBeCalculatedCorrectly() {
     24 + when(challenge1.difficulty()).thenReturn(2);
    21 25   var scoring = new InMemoryScoreCard(2);
    22 26   scoring.completeChallenge(challenge1);
    23 27   
    24  - Assertions.assertThat(scoring.getTotalReceivedPoints()).isEqualTo(50);
     28 + Assertions.assertThat(scoring.getTotalReceivedPoints()).isEqualTo(250);
    25 29   }
    26 30   
    27 31   @Test
    28 32   void solvingAllChallengesShouldCalculateMaxPoints() {
     33 + when(challenge1.difficulty()).thenReturn(1);
     34 + when(challenge2.difficulty()).thenReturn(3);
    29 35   var scoring = new InMemoryScoreCard(2);
    30 36   scoring.completeChallenge(challenge1);
    31 37   scoring.completeChallenge(challenge2);
    32 38   
    33  - Assertions.assertThat(scoring.getTotalReceivedPoints()).isEqualTo(100);
     39 + Assertions.assertThat(scoring.getTotalReceivedPoints()).isEqualTo(550);
    34 40   }
    35 41   
    36 42  }
    skipped 1 lines
Please wait...
Page is in error, reload to recover