STRLCPY/wrongsecrets

Merge pull request #829 from OWASP/Pre-release-final-fixes-branch

Pre-release fixes (docs, tests, bugfixes in challenge 33 & challenge 13, pre-commit&node upgrades) and setting up 1.6.4 release

Jeroen Willemsen committed with GitHub 11 months ago

158fec25

2 parents
16a80b85
b79fb8bd

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

Total 25 files Show one by one

■ ■ ■ ■ ■ ■

.github/scripts/docker-create.sh

		skipped 285 lines
286	286
287	287		build_update_pom() {
288	288		echo "Building new license overview"
289		-	cd ../.. && mvn license:add-third-party -Dlicense.excludedScopes=test
	289	+	cd ../.. && ./mvnw license:add-third-party -Dlicense.excludedScopes=test
290	290		cd .github/scripts
291	291		echo "preprocessing third party file"
292	292		sed '/^$/d' ../../target/generated-sources/license/THIRD-PARTY.txt > temp1a.txt
		skipped 5 lines
298	298		mv temp4.txt ../../src/main/resources/templates/about.html
299	299		rm tem*.txt
300	300		echo "Building and updating pom.xml file so we can use it in our docker"
301		-	cd ../.. && mvn clean && mvn --batch-mode release:update-versions -DdevelopmentVersion=${tag}-SNAPSHOT && mvn install -DskipTests
	301	+	cd ../.. && ./mvnw clean && ./mvnw --batch-mode release:update-versions -DdevelopmentVersion=${tag}-SNAPSHOT && ./mvnw install -DskipTests
302	302		cd .github/scripts
303	303		docker buildx create --name mybuilder
304	304		docker buildx use mybuilder
		skipped 111 lines

■ ■ ■ ■ ■ ■

.github/scripts/secondkey.txt

1 - GsJy3Ko=9Aplb6tUA=2hYby7
2 -

All occurrences
■ ■ ■ ■ ■ ■

.github/scripts/thirdkey.txt

1 - NY6u6RObCYuu5wm2X4/pQkP4kGaonuHGsVoJAC/r16c=
2 -

All occurrences

■ ■ ■ ■ ■ ■

.github/workflows/main.yml

		skipped 45 lines
46	46		java-version: "19"
47	47		distribution: "temurin"
48	48		- name: Test with Cypress
49		-	run: mvn verify -Dexec.id=xcypress-test -DskipTests -Ddependency-check.skip
	49	+	run: \|
	50	+	./mvnw verify -Dexec.id=xcypress-test -DskipTests -Ddependency-check.skip
50	51		- name: Uploading screenshots
51	52		uses: actions/upload-artifact@v3
52	53		if: failure()
		skipped 29 lines

■ ■ ■ ■ ■ ■ ■

.github/workflows/minikube-k8s-test.yml

		skipped 43 lines
44	44		echo "Do minikube delete to stop minikube from running and cleanup to start fresh again"
45	45		echo "wait 20 seconds so we can check if vault-k8s-container works"
46	46		sleep 20
47		-	curl http://localhost:8080/spoil-6
	47	+	if curl http://localhost:8080/spoil-5 -s \| grep -q spoiler-answer
	48	+	then
	49	+	echo "spoil-5 works"
	50	+	else
	51	+	echo "error in spoil-5"
	52	+	fi
	53	+	if curl http://localhost:8080/spoil-6 -s \| grep -q spoiler-answer
	54	+	then
	55	+	echo "spoil-6 works"
	56	+	else
	57	+	echo "error in spoil-6"
	58	+	fi
	59	+	if curl http://localhost:8080/spoil-7 -s \| grep -q spoiler-answer
	60	+	then
	61	+	echo "spoil-7 works"
	62	+	else
	63	+	echo "error in spoil-7"
	64	+	fi
	65	+	if curl http://localhost:8080/spoil-33 -s \| grep -q spoiler-answer
	66	+	then
	67	+	echo "spoil-33 works"
	68	+	else
	69	+	echo "error in spoil-33"
	70	+	fi
48	71		echo "logs from pod to make sure:"
49	72		cat pod.log
50	73

■ ■ ■ ■ ■ ■

.pre-commit-config.yaml

		skipped 8 lines
9	9		submodules: false
10	10		repos:
11	11		- repo: https://github.com/pre-commit/pre-commit-hooks
12		-	rev: v4.3.0
	12	+	rev: v4.4.0
13	13		hooks:
14	14		- id: check-yaml
15	15		- id: end-of-file-fixer
16	16		exclude: ^(src/test/resources/yourkey.txt\|src/test/resources/secondkey.txt)
17	17		- id: trailing-whitespace
18	18		- repo: https://github.com/antonbabenko/pre-commit-terraform
19		-	rev: v1.71.0
	19	+	rev: v1.79.1
20	20		hooks:
21	21		- id: terraform_fmt
22	22		- id: terraform_tflint
		skipped 13 lines
36	36		- "--args=--only=terraform_workspace_remote"
37	37		- id: terraform_docs
38	38		- repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
39		-	rev: v9.4.0
	39	+	rev: v9.5.0
40	40		hooks:
41	41		- id: commitlint
42	42		stages: [commit-msg]
		skipped 4 lines
47	47		args: [ 'clean compile' ]
48	48		- id: maven-spotless-apply
49	49		- repo: https://github.com/eslint/eslint
50		-	rev: v8.35.0
	50	+	rev: v8.41.0
51	51		hooks:
52	52		- id: eslint
53	53		args:
		skipped 2 lines

■ ■ ■ ■ ■ ■

CONTRIBUTING.md

		skipped 134 lines
135	135
136	136		## How to get started with the project in IntelliJ IDEA
137	137
138		-	-
139		-
140	138		### Step 1: Fork the Project.
141	139
142		-	Navigate to the landing page of the repository in your web browser and click on the _Fork_ button on the repository’s home page.
143		-	A forked copy of that Git repository will be added to your personal GitHub.
	140	+	Navigate to the landing page of the repository in your web browser and click on the _Fork_ button on the repository’s home page.
	141	+	A forked copy of that Git repository will be added to your personal GitHub.
144	142
145		-	![](images/fork-project-1.png)
	143	+	![](images/fork-project-1.png)
146	144
147		-	-
148	145
149	146		### Step 2: Clone the Project.
150	147
151		-	A clone is a full copy of a repository, including all logging and versions of files.
152		-	To _clone_ the Project to your local desktop by clicking on the button as shown below.
153		-
154		-	![](images/clone-project-2.png)
	148	+	A clone is a full copy of a repository, including all logging and versions of files.
	149	+	To _clone_ the Project to your local desktop by clicking on the button as shown below.
155	150
156		-	-
	151	+	![](images/clone-project-2.png)
157	152
158	153		### Step 3: Open the Project using IntelliJ IDEA
	154	+	_Open_ the Cloned Project using IntelliJ IDEA by clicking on the button as shown below.
159	155
160		-	- _Open_ the Cloned Project using IntelliJ IDEA by clicking on the button as shown below.
	156	+	![](images/open-project-3.1.png)
161	157
162		-	![](images/open-project-3.1.png)
	158	+	Wait till the Project Loads.
163	159
164		-	- Wait till the Project Loads.
165		-
166		-	![](images/wait-3.2.png)
	160	+	![](images/wait-3.2.png)
167	161
168	162
169	163		### Step 4: Setup.
170	164
171		-	- Open Settings by pressing _Ctrl+Alt+S_
172		-	![](images/open-settings-4.1.png)
	165	+	Open Settings by pressing _Ctrl+Alt+S_
173	166
174		-	- Follow the path _IDE settings>Language & Frameworks > Lombok_ and then click on _Lombok._
175		-	![](images/lombok-setup-4.2.png)
	167	+	![](images/open-settings-4.1.png)
176	168
177		-	- Make sure that the _Lombok processing_ is enabled.
178		-	![](images/lombok-processing-4.3.png)
	169	+	Follow the path _IDE settings>Language & Frameworks > Lombok_ and then click on _Lombok._
179	170
180		-	- Select _Plugins > Marketplace_ and type 'google-java-format' and restart IntelliJ to install the plugin.
	171	+	![](images/lombok-setup-4.2.png)
181	172
182		-	- Open Settings by pressing _Ctrl+Alt+S_
183		-	![](images/open-settings-4.1.png)
	173	+	Make sure that the _Lombok processing_ is enabled.
184	174
185		-	- Select _google-java-format Settings_ and click enable.
186		-	![](images/open-settings-4.4.png)
	175	+	![](images/lombok-processing-4.3.png)
187	176
188		-	- ### Step 5: Reload the project
	177	+	Select _Plugins > Marketplace_ and type 'google-java-format' and restart IntelliJ to install the plugin.
189	178
190		-	- Open the _Maven_ Tab
	179	+	Open Settings by pressing _Ctrl+Alt+S_
	180	+
	181	+	![](images/open-settings-4.1.png)
	182	+
	183	+	Select _google-java-format Settings_ and click enable.
	184	+
	185	+	![](images/open-settings-4.4.png)
	186	+
	187	+	### Step 5: Reload the project
	188	+
	189	+	Open the _Maven_ Tab
191	190
192		-	![](images/open-maven-5.1.png)
	191	+	![](images/open-maven-5.1.png)
193	192
194		-	- Press the _Reload_ button as shown below and allow the project to Reload.
	193	+	Press the _Reload_ button as shown below and allow the project to Reload.
195	194
196		-	![](images/reload-maven-5.2.png)
	195	+	![](images/reload-maven-5.2.png)
197	196
198		-	- Further use the _OWASP WrongSecrets --> Lifecycle --> install_ step to load all the depedencies
	197	+	Further use the _OWASP WrongSecrets --> Lifecycle --> install_ step to load all the depedencies
199	198
200	199		NOTE: Indians and other Asia-Pacific countries users may have to use VPN if you enounter this exception `org.owasp.dependencycheck.utils.DownloadFailedException: TLS Connection Reset`.
201	200
202		-	-
203		-
204	201		### Step 6: Running the Project.
205	202
206		-	- Open the _WrongSecretsApplication_ by following the path _main>java>org.owasp.wrongsecrets>WrongSecretApplication_.
207		-	![](images/open-application-6.1.png)
208		-	- Press _Shift+F10_ to run the application, this will open up the _Run/Debug Configurations Menu._
209		-	![](images/run-application-6.2.png)
	203	+	Open the _WrongSecretsApplication_ by following the path _main>java>org.owasp.wrongsecrets>WrongSecretApplication_.
210	204
211		-	- ### Step 7: Setting up Configurations.
	205	+	![](images/open-application-6.1.png)
212	206
213		-	- Select _Edit configuration templates_ then select _Application_ section.
	207	+	Press _Shift+F10_ to run the application, this will open up the _Run/Debug Configurations Menu._
214	208
215		-	![](images/edit-config-7.1.png)
	209	+	![](images/run-application-6.2.png)
216	210
217		-	- There under the _Application_ section click on the button shown below.
	211	+	### Step 7: Setting up Configurations.
218	212
219		-	![](images/modify-options-7.2.png)
	213	+	Select _Edit configuration templates_ then select _Application_ section.
220	214
221		-	- _Select_ all the fields that are Selected in the below picture.
	215	+	![](images/edit-config-7.1.png)
222	216
223		-	![](images/select-options-7.3.png)
	217	+	There under the _Application_ section click on the button shown below.
224	218
225		-	- _Fill out_ all the fields as shown below.
	219	+	![](images/modify-options-7.2.png)
226	220
227		-	![](images/fill-fields-7.4.png)
	221	+	_Select_ all the fields that are Selected in the below picture.
228	222
229		-	- Again press _Shift+F10_ which runs the Application.
	223	+	![](images/select-options-7.3.png)
230	224
231		-	![](images/run-application-6.2.png)
	225	+	_Fill out_ all the fields as shown below.
232	226
233		-	-
	227	+	![](images/fill-fields-7.4.png)
	228	+
	229	+	Again press _Shift+F10_ which runs the Application.
	230	+
	231	+	![](images/run-application-6.2.png)
234	232
235	233		### There you have it, _WrongSecrets_ running successfully.
236	234
237		-	- Here is a _preview_ on how does it look after successfully running the Application.
238		-	Note: Running the Application doesn't open any kind of _GUI_, it only initializes the _local webserver_ that you can open via a _browser._
239		-	![](images/final-output-8.png)
	235	+	Here is a _preview_ on how does it look after successfully running the Application.
	236	+	Note: Running the Application doesn't open any kind of _GUI_, it only initializes the _local webserver_ that you can open via a _browser._
	237	+
	238	+	![](images/final-output-8.png)
	239	+
	240	+	Here is the preview of the web server, you can try to find the secrets by means of solving the challenge offered at: [Challenges](https://github.com/OWASP/wrongsecrets#basic-docker-exercises)
240	241
241		-	- Here is the preview of the web server, you can try to find the secrets by means of solving the challenge offered at:
242		-	[Challenges](https://github.com/OWASP/wrongsecrets#basic-docker-exercises)
243		-	![](images/screenshot.png)
	242	+	![](images/screenshot.png)
244	243
245	244		---
246	245
247	246		## How to add a challenge
248	247
249		-	-
250		-
251	248		### Step 1: Creating a new issue.
252	249
253		-	First make sure that you have an [Issue](https://github.com/OWASP/wrongsecrets/issues/new) reported for which a challenge is really wanted, And make sure the challenge is assigned to you, as others might be working on the challenge.
254		-
255		-	-
	250	+	First make sure that you have an [Issue](https://github.com/OWASP/wrongsecrets/issues/new) reported for which a challenge is really wanted, And make sure the challenge is assigned to you, as others might be working on the challenge.
256	251
257	252		### Step 2: Adding the challenge.
258	253
		skipped 4 lines
263	258		- Here is an example of a possible Challenge 28:
264	259
265	260		```java
266		-	package org.owasp.wrongsecrets.challenges.docker;
267		-	import lombok.extern.slf4j.Slf4j;
268		-	import org.owasp.wrongsecrets.RuntimeEnvironment;
269		-	import org.owasp.wrongsecrets.ScoreCard;
270		-	import org.owasp.wrongsecrets.challenges.Challenge;
271		-	import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
272		-	import org.owasp.wrongsecrets.challenges.Spoiler;
273		-	import org.springframework.core.annotation.Order;
274		-	import org.springframework.stereotype.Component;
275		-	import java.util.List;
276		-	/**
277		-	* Describe what your challenge does
278		-	*/
279		-	@Slf4j
280		-	@Component
281		-	@Order(28) //make sure this number is the same as your challenge
282		-	public class Challenge28 extends Challenge {
283		-	private final String secret;
284		-	public Challenge28(ScoreCard scoreCard) {
285		-	super(scoreCard);
286		-	secret = "hello world";
287		-	}
288		-	//is this challenge usable in CTF mode?
289		-	@Override
290		-	public boolean canRunInCTFMode() {
291		-	return true;
292		-	}
293		-	//return the plain text secret here
294		-	@Override
295		-	public Spoiler spoiler() {
296		-	return new Spoiler(secret);
297		-	}
298		-	//here you validate if your answer matches the secret
299		-	@Override
300		-	public boolean answerCorrect(String answer) {
301		-	return secret.equals(answer);
302		-	}
303		-	//which runtime can you use to run the challenge on? (You can just use Docker here)
304		-	/**
305		-	* {@inheritDoc}
306		-	*/
307		-	@Override
308		-	public List<RuntimeEnvironment.Environment> supportedRuntimeEnvironments() {
309		-	return List.of(RuntimeEnvironment.Environment.DOCKER);
310		-	}
311		-	//set the difficulty: 1=low, 5=very hard
312		-	/**
313		-	* {@inheritDoc}
314		-	* Difficulty: 1.
315		-	*/
316		-	@Override
317		-	public int difficulty() {
318		-	return 1;
319		-	}
320		-	//on which tech is this challenge? See ChallengeTechnology.Tech for categories
321		-	/**
322		-	* {@inheritDoc}
323		-	* Secrets based.
324		-	*/
325		-	@Override
326		-	public String getTech() {
327		-	return ChallengeTechnology.Tech.SECRETS.id;
328		-	}
329		-	//if you use this in a shared environment and need to adapt it, then return true here.
330		-	@Override
331		-	public boolean isLimittedWhenOnlineHosted() {
332		-	return false;
	261	+	package org.owasp.wrongsecrets.challenges.docker;
	262	+	import lombok.extern.slf4j.Slf4j;
	263	+	import org.owasp.wrongsecrets.RuntimeEnvironment;
	264	+	import org.owasp.wrongsecrets.ScoreCard;
	265	+	import org.owasp.wrongsecrets.challenges.Challenge;
	266	+	import org.owasp.wrongsecrets.challenges.ChallengeTechnology;
	267	+	import org.owasp.wrongsecrets.challenges.Spoiler;
	268	+	import org.springframework.core.annotation.Order;
	269	+	import org.springframework.stereotype.Component;
	270	+	import java.util.List;
	271	+	/**
	272	+	* Describe what your challenge does
	273	+	*/
	274	+	@Slf4j
	275	+	@Component
	276	+	@Order(28) //make sure this number is the same as your challenge
	277	+	public class Challenge28 extends Challenge {
	278	+	private final String secret;
	279	+	public Challenge28(ScoreCard scoreCard) {
	280	+	super(scoreCard);
	281	+	secret = "hello world";
	282	+	}
	283	+	//is this challenge usable in CTF mode?
	284	+	@Override
	285	+	public boolean canRunInCTFMode() {
	286	+	return true;
	287	+	}
	288	+	//return the plain text secret here
	289	+	@Override
	290	+	public Spoiler spoiler() {
	291	+	return new Spoiler(secret);
	292	+	}
	293	+	//here you validate if your answer matches the secret
	294	+	@Override
	295	+	public boolean answerCorrect(String answer) {
	296	+	return secret.equals(answer);
	297	+	}
	298	+	//which runtime can you use to run the challenge on? (You can just use Docker here)
	299	+	/**
	300	+	* {@inheritDoc}
	301	+	*/
	302	+	@Override
	303	+	public List<RuntimeEnvironment.Environment> supportedRuntimeEnvironments() {
	304	+	return List.of(RuntimeEnvironment.Environment.DOCKER);
	305	+	}
	306	+	//set the difficulty: 1=low, 5=very hard
	307	+	/**
	308	+	* {@inheritDoc}
	309	+	* Difficulty: 1.
	310	+	*/
	311	+	@Override
	312	+	public int difficulty() {
	313	+	return 1;
	314	+	}
	315	+	//on which tech is this challenge? See ChallengeTechnology.Tech for categories
	316	+	/**
	317	+	* {@inheritDoc}
	318	+	* Secrets based.
	319	+	*/
	320	+	@Override
	321	+	public String getTech() {
	322	+	return ChallengeTechnology.Tech.SECRETS.id;
	323	+	}
	324	+	//if you use this in a shared environment and need to adapt it, then return true here.
	325	+	@Override
	326	+	public boolean isLimittedWhenOnlineHosted() {
	327	+	return false;
333	328
	329	+	}
334	330		}
335		-	}
336	331		```
337		-	- ### Step 3: Adding Test File.
	332	+	### Step 3: Adding Test File.
338	333
339		-	Add the new TestFile in this folder `wrongsecrets/src/test/java/org/owasp/wrongsecrets/challenges/`. TestFile is required to do unit testing.
340		-	These are the things that you have to keep in mind.
	334	+	Add the new TestFile in this folder `wrongsecrets/src/test/java/org/owasp/wrongsecrets/challenges/`. TestFile is required to do unit testing.
	335	+	These are the things that you have to keep in mind.
341	336
342		-	- Make sure that this file is also of Java type.
343		-	- Here is a unit test for reference:
344		-	```java
345		-	package org.owasp.wrongsecrets.challenges.docker;
346		-	import org.assertj.core.api.Assertions;
347		-	import org.junit.jupiter.api.Test;
348		-	import org.junit.jupiter.api.extension.ExtendWith;
349		-	import org.mockito.Mock;
350		-	import org.mockito.Mockito;
351		-	import org.mockito.junit.jupiter.MockitoExtension;
352		-	import org.owasp.wrongsecrets.ScoreCard;
353		-	@ExtendWith(MockitoExtension.class)
354		-	class Challenge28Test {
355		-	@Mock
356		-	private ScoreCard scoreCard;
357		-	@Test
358		-	void rightAnswerShouldSolveChallenge() {
359		-	var challenge = new Challenge28(scoreCard);
360		-	Assertions.assertThat(challenge.solved("wrong answer")).isFalse();
361		-	Assertions.assertThat(challenge.solved(challenge.spoiler().solution())).isTrue();
362		-	}
363		-	}
364		-	```
	337	+	Make sure that this file is also of Java type.
	338	+	Here is a unit test for reference:
	339	+	```java
	340	+	package org.owasp.wrongsecrets.challenges.docker;
	341	+	import org.assertj.core.api.Assertions;
	342	+	import org.junit.jupiter.api.Test;
	343	+	import org.junit.jupiter.api.extension.ExtendWith;
	344	+	import org.mockito.Mock;
	345	+	import org.mockito.Mockito;
	346	+	import org.mockito.junit.jupiter.MockitoExtension;
	347	+	import org.owasp.wrongsecrets.ScoreCard;
	348	+	@ExtendWith(MockitoExtension.class)
	349	+	class Challenge28Test {
	350	+	@Mock
	351	+	private ScoreCard scoreCard;
	352	+	@Test
	353	+	void rightAnswerShouldSolveChallenge() {
	354	+	var challenge = new Challenge28(scoreCard);
	355	+	Assertions.assertThat(challenge.solved("wrong answer")).isFalse();
	356	+	Assertions.assertThat(challenge.solved(challenge.spoiler().solution())).isTrue();
	357	+	}
	358	+	}
	359	+	```
365	360		Please note that PRs for new challenges are only accepted when unit tests are added to prove that the challenge works. Normally tests should not immediately leak the actual secret, so leverage the `.spoil()` functionality of your test implementation for this.
366	361
367		-	-
368		-
369	362		### Step 4: Adding explanations, reasons and hints.
370	363
371		-	Add the explanation for your challenge along with the hints that will help in finding the secret in this folder `wrongsecrets/src/main/resources/explanations/`.
372		-	Things to be noted.
	364	+	Add the explanation for your challenge along with the hints that will help in finding the secret in this folder `wrongsecrets/src/main/resources/explanations/`.
	365	+	Things to be noted:
373	366
374		-	- All the possible explanations for your challenge, included with all the hints and reasons should be provided.
375		-	- Everything must be in separate AsciiDoc files.
376		-	- Follow this fashion in naming the file.
	367	+	- All the possible explanations for your challenge, included with all the hints and reasons should be provided.
	368	+	- Everything must be in separate AsciiDoc files.
	369	+	- Follow this fashion in naming the file: `challenge<number>.adoc`, `challenge<number>_hint.adoc`, and `challenge<number>_reason.adoc`.
377	370
378		-	- Here is a Explanation for reference:
	371	+	Here is a Explanation for reference:
379	372
380		-	```adoc
381		-	=== Hello world challenge
382		-
383		-	Welcome to OWASP WrongSecrets Beginner guide Challenge
	373	+	```adoc
	374	+	=== Hello world challenge
384	375
385		-	Basically this challenge is there only to demonstrate how to add a challenge in our project and to give you a basic idea on how does things work.
	376	+	Welcome to OWASP WrongSecrets Beginner guide Challenge
386	377
387		-	```
	378	+	Basically this challenge is there only to demonstrate how to add a challenge in our project and to give you a basic idea on how does things work.
388	379
389		-	- refer this block for reasons:
	380	+	```
390	381
391		-	```adoc
392		-	==== What’s the purpose of this specific challenge?
393		-	With this challenge, we basically aim to help new contributors to better understand the code and encourage them to add new challenges for our end-user.
394		-	```
	382	+	refer this block for reasons:
395	383
396		-	- Use this block as refrence for hints:
	384	+	```adoc
	385	+	==== What’s the purpose of this specific challenge?
	386	+	With this challenge, we basically aim to help new contributors to better understand the code and encourage them to add new challenges for our end-user.
	387	+	```
397	388
398		-	```adoc
399		-	Your secret is `Hello World`
	389	+	Use this block as refrence for hints:
400	390
401		-	Copy this and paste it in the box provided and press "Submit" and you are good to go.
	391	+	```adoc
	392	+	Your secret is `Hello World`
402	393
403		-	This challenge is only meant for helping new contributors to add new challenges. Please, have fun with trying more difficult challenges;-).
404		-	```
	394	+	Copy this and paste it in the box provided and press "Submit" and you are good to go.
405	395
406		-	- ### Step 5: Submitting your PR.
407		-	After completing all the above steps, final step is to submit the PR and refer [Contributing.md](https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md#how-to-get-your-pr-accepted) on how to get your PR accepted.
	396	+	This challenge is only meant for helping new contributors to add new challenges. Please, have fun with trying more difficult challenges;-).
	397	+	```
408	398
409		-	---
	399	+	### Step 5: Submitting your PR.
	400	+	After completing all the above steps, final step is to submit the PR and refer [Contributing.md](https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md#how-to-get-your-pr-accepted) on how to get your PR accepted.
410	401

■ ■ ■ ■ ■ ■

Dockerfile.web

1		-	FROM jeroenwillemsen/wrongsecrets:1.6.4-no-vault
2		-	ARG argBasedVersion="1.6.4-no-vault"
	1	+	FROM jeroenwillemsen/wrongsecrets:1.6.5RC2-no-vault
	2	+	ARG argBasedVersion="1.6.5-no-vault"
3	3		ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
4	4		ARG CTF_ENABLED=false
5	5		ARG HINTS_ENABLED=true
		skipped 28 lines

■ ■ ■ ■ ■ ■

README.md

		skipped 40 lines
41	41		- [Running WrongSecrets in GCP](#running-wrongsecrets-in-gcp)
42	42		- [Running WrongSecrets in Azure](#running-wrongsecrets-in-azure)
43	43		- [Running Challenge15 in your own cloud only](#running-challenge15-in-your-own-cloud-only)
44		-	- [Do you want to play without guidance?](#do-you-want-to-play-without-guidance)
	44	+	- [Do you want to play without guidance?](#do-you-want-to-play-without-guidance-or-spoils)
45	45		- [Special thanks & Contributors](#special-thanks--contributors)
46	46		- [Sponsorships](#sponsorships)
47	47		- [Help Wanted](#help-wanted)
48	48		- [Use OWASP WrongSecrets as a secret detection benchmark](#use-owasp-wrongsecrets-as-a-secret-detection-benchmark)
49	49		- [CTF](#ctf)
50	50		- [CTFD Support](#ctfd-support)
51		-	- [FBCTF Support](#fbctf-support--experimental--)
	51	+	- [FBCTF Support](#fbctf-support-experimental)
52	52		- [Notes on development](#notes-on-development)
53	53		- [Dependency management](#dependency-management)
54	54		- [Get the project started in IntelliJ IDEA](#get-the-project-started-in-intellij-idea)
		skipped 16 lines
71	71
72	72		## Basic docker exercises
73	73
74		-	_Can be used for challenges 1-4, 8, 12-32_
	74	+	_Can be used for challenges 1-4, 8, 12-33_
75	75
76	76		For the basic docker exercises you currently require:
77	77
		skipped 50 lines
128	128
129	129		## Basic K8s exercise
130	130
131		-	_Can be used for challenges 1-6, 8, 12-32_
	131	+	_Can be used for challenges 1-6, 8, 12-33_
132	132
133	133		### Minikube based
134	134
		skipped 8 lines
143	143		minikube start
144	144		kubectl apply -f k8s/secrets-config.yml
145	145		kubectl apply -f k8s/secrets-secret.yml
	146	+	kubectl apply -f k8s/challenge33.yml
146	147		kubectl apply -f k8s/secret-challenge-deployment.yml
147	148		while [[ $(kubectl get pods -l app=secret-challenge -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') != "True" ]]; do echo "waiting for secret-challenge" && sleep 2; done
148	149		kubectl expose deployment secret-challenge --type=LoadBalancer --port=8080
		skipped 4 lines
153	154
154	155		- [localhost:8080/challenge/5](http://localhost:8080/challenge/5)
155	156		- [localhost:8080/challenge/6](http://localhost:8080/challenge/6)
	157	+	- [localhost:8080/challenge/33](http://localhost:8080/challenge/33)
156	158
157	159		### k8s based
158	160
		skipped 2 lines
161	163		```bash
162	164		kubectl apply -f k8s/secrets-config.yml
163	165		kubectl apply -f k8s/secrets-secret.yml
	166	+	kubectl apply -f k8s/challenge33.yml
164	167		kubectl apply -f k8s/secret-challenge-deployment.yml
165	168		while [[ $(kubectl get pods -l app=secret-challenge -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') != "True" ]]; do echo "waiting for secret-challenge" && sleep 2; done
166	169		kubectl port-forward \
		skipped 5 lines
172	175
173	176		- [localhost:8080/challenge/5](http://localhost:8080/challenge/5)
174	177		- [localhost:8080/challenge/6](http://localhost:8080/challenge/6)
	178	+	- [localhost:8080/challenge/33](http://localhost:8080/challenge/33)
175	179
176	180		### Okteto based
177	181
		skipped 14 lines
192	196		- vault [Install from here](https://www.vaultproject.io/downloads),
193	197		- grep, Cat, and Sed
194	198
195		-	Run `./k8s-vault-minkube-start.sh`, when the script is done, then the challenges will wait for you at <http://localhost:8080> . This will allow you to run challenges 1-8, 12-32.
	199	+	Run `./k8s-vault-minkube-start.sh`, when the script is done, then the challenges will wait for you at <http://localhost:8080> . This will allow you to run challenges 1-8, 12-33.
196	200
197	201		When you stopped the `k8s-vault-minikube-start.sh` script and want to resume the port forward run: `k8s-vault-minikube-resume.sh`.
198	202		This is because if you run the start script again it will replace the secret in the vault and not update the secret-challenge application with the new secret.
199	203
200	204		## Cloud Challenges
201	205
202		-	_Can be used for challenges 1-32_
	206	+	_Can be used for challenges 1-33_
203	207
204	208		READ THIS: Given that the exercises below contain IAM privilege escalation exercises,
205	209		never run this on an account which is related to your production environment or can influence your account-over-arching
		skipped 353 lines

■ ■ ■ ■ ■ ■

aws/k8s/secret-challenge-vault-deployment.yml

		skipped 40 lines
41	41		volumeAttributes:
42	42		secretProviderClass: "wrongsecrets-aws-secretsmanager"
43	43		containers:
44		-	- image: jeroenwillemsen/wrongsecrets:1.6.4-k8s-vault
	44	+	- image: jeroenwillemsen/wrongsecrets:1.6.5RC2-k8s-vault
45	45		imagePullPolicy: IfNotPresent
46	46		name: secret-challenge
47	47		securityContext:
		skipped 71 lines

■ ■ ■ ■ ■ ■

azure/k8s/secret-challenge-vault-deployment.yml.tpl

		skipped 40 lines
41	41		volumeAttributes:
42	42		secretProviderClass: "azure-wrongsecrets-vault"
43	43		containers:
44		-	- image: jeroenwillemsen/wrongsecrets:1.6.4-k8s-vault
	44	+	- image: jeroenwillemsen/wrongsecrets:1.6.5RC2-k8s-vault
45	45		imagePullPolicy: IfNotPresent
46	46		name: secret-challenge
47	47		securityContext:
		skipped 81 lines

■ ■ ■ ■ ■ ■

fly.toml

		skipped 8 lines
9	9		dockerfile = "Dockerfile"
10	10
11	11		[build.args]
12		-	argBasedVersion="1.6.4"
	12	+	argBasedVersion="1.6.5RC2"
13	13		spring_profile="without-vault"
14	14		springdoc_api-docs_enabled="false"
15	15		springdoc_swagger-ui_enabled="false"
		skipped 35 lines

■ ■ ■ ■ ■ ■

gcp/k8s/secret-challenge-vault-deployment.yml.tpl

		skipped 38 lines
39	39		volumeAttributes:
40	40		secretProviderClass: "wrongsecrets-gcp-secretsmanager"
41	41		containers:
42		-	- image: jeroenwillemsen/wrongsecrets:1.6.4-k8s-vault
	42	+	- image: jeroenwillemsen/wrongsecrets:1.6.5RC2-k8s-vault
43	43		imagePullPolicy: IfNotPresent
44	44		name: secret-challenge
45	45		ports:
		skipped 75 lines

■ ■ ■ ■ ■ ■

js/index.js

1		-	/* eslint-disable no-unused-vars */
2		-	function secret () {
3		-	const password = 'jLJIQZM=' + 9 + 'aG7l' + 6 + 'LAQ=' + 2 + 'UdiM' + 7
	1	+	function secret () { // eslint-disable-line no-unused-vars
	2	+	const password = 'tJbQjCM=' + 9 + 'SnCq' + 6 + 'LBU=' + 2 + 'h5GD' + 7
4	3		return password
5	4		}
6	5

■ ■ ■ ■ ■ ■

k8s/challenge33.yml

1	1		apiVersion: v1
2	2		data:
3		-	answer: VBUGh3wu/3I1naHj1Uf97Y0Lq8B5/92q1jwp3/aYSwHSJI8WqdZnYLj78hESlfPPKf1ZKPap4z2+r+G9NRwdFU/YBMTY3cNguMm5C6l2pTK9JhPFnUzerIwMrnhu9GjrqSFn/BtOvLnQa/mSgXDNJYUOU8gCHFs9JEeQv9hpWpyxlB2Nqu0MHrPNODY3ZohhkjWXaxbjCZi9SpmHydU06Z7LqWyF39G6V8CF6LBPkdUn3aJAV++F0Q9IcSM=
	3	+	answer: VkJVR2gzd3UvM0kxbmFIajFVZjk3WTBMcThCNS85MnExandwMy9hWVN3SFNKSThXcWRabllMajc4aEVTbGZQUEtmMVpLUGFwNHoyK3IrRzlOUndkRlUvWUJNVFkzY05ndU1tNUM2bDJwVEs5SmhQRm5VemVySXdNcm5odTlHanJxU0ZuL0J0T3ZMblFhL21TZ1hETkpZVU9VOGdDSEZzOUpFZVF2OWhwV3B5eGxCMk5xdTBNSHJQTk9EWTNab2hoa2pXWGF4YmpDWmk5U3BtSHlkVTA2WjdMcVd5RjM5RzZWOENGNkxCUGtkVW4zYUpBVisrRjBROUljU009Cg==
4	4		kind: Secret
5	5		metadata:
6	6		annotations:
		skipped 9 lines

■ ■ ■ ■ ■ ■

k8s/secret-challenge-deployment.yml

		skipped 27 lines
28	28		runAsGroup: 2000
29	29		fsGroup: 2000
30	30		containers:
31		-	- image: jeroenwillemsen/wrongsecrets:1.6.4-no-vault
	31	+	- image: jeroenwillemsen/wrongsecrets:1.6.5RC2-no-vault
32	32		imagePullPolicy: IfNotPresent
33	33		name: secret-challenge
34	34		ports:
		skipped 67 lines

■ ■ ■ ■ ■ ■

k8s/secret-challenge-vault-deployment.yml

		skipped 29 lines
30	30		runAsNonRoot: true
31	31		serviceAccountName: vault
32	32		containers:
33		-	- image: jeroenwillemsen/wrongsecrets:1.6.4-k8s-vault
	33	+	- image: jeroenwillemsen/wrongsecrets:1.6.5RC2-k8s-vault
34	34		imagePullPolicy: IfNotPresent
35	35		name: secret-challenge
36	36		securityContext:
		skipped 71 lines

■ ■ ■ ■ ■ ■

okteto/k8s/challenge33.yml

1	1		apiVersion: v1
2	2		data:
3		-	answer: VBUGh3wu/3I1naHj1Uf97Y0Lq8B5/92q1jwp3/aYSwHSJI8WqdZnYLj78hESlfPPKf1ZKPap4z2+r+G9NRwdFU/YBMTY3cNguMm5C6l2pTK9JhPFnUzerIwMrnhu9GjrqSFn/BtOvLnQa/mSgXDNJYUOU8gCHFs9JEeQv9hpWpyxlB2Nqu0MHrPNODY3ZohhkjWXaxbjCZi9SpmHydU06Z7LqWyF39G6V8CF6LBPkdUn3aJAV++F0Q9IcSM=
	3	+	answer: VkJVR2gzd3UvM0kxbmFIajFVZjk3WTBMcThCNS85MnExandwMy9hWVN3SFNKSThXcWRabllMajc4aEVTbGZQUEtmMVpLUGFwNHoyK3IrRzlOUndkRlUvWUJNVFkzY05ndU1tNUM2bDJwVEs5SmhQRm5VemVySXdNcm5odTlHanJxU0ZuL0J0T3ZMblFhL21TZ1hETkpZVU9VOGdDSEZzOUpFZVF2OWhwV3B5eGxCMk5xdTBNSHJQTk9EWTNab2hoa2pXWGF4YmpDWmk5U3BtSHlkVTA2WjdMcVd5RjM5RzZWOENGNkxCUGtkVW4zYUpBVisrRjBROUljU009Cg==
4	4		kind: Secret
5	5		metadata:
6	6		annotations:
		skipped 9 lines

■ ■ ■ ■ ■ ■

okteto/k8s/secret-challenge-ctf-deployment.yml

		skipped 27 lines
28	28		runAsGroup: 2000
29	29		fsGroup: 2000
30	30		containers:
31		-	- image: jeroenwillemsen/wrongsecrets:1.6.4-no-vault
	31	+	- image: jeroenwillemsen/wrongsecrets:1.6.5RC2-no-vault
32	32		name: secret-challenge-ctf
33	33		imagePullPolicy: IfNotPresent
34	34		securityContext:
		skipped 91 lines

■ ■ ■ ■ ■ ■

okteto/k8s/secret-challenge-deployment.yml

		skipped 27 lines
28	28		runAsGroup: 2000
29	29		fsGroup: 2000
30	30		containers:
31		-	- image: jeroenwillemsen/wrongsecrets:1.6.4-no-vault
	31	+	- image: jeroenwillemsen/wrongsecrets:1.6.5RC2-no-vault
32	32		name: secret-challenge
33	33		imagePullPolicy: IfNotPresent
34	34		securityContext:
		skipped 75 lines

package-lock.json

Diff is too large to be displayed.

■ ■ ■ ■ ■ ■

pom.xml

		skipped 5 lines
6	6		<groupId>org.springframework.boot</groupId>
7	7		<artifactId>spring-boot-starter-parent</artifactId>
8	8		<version>3.0.6</version>
9		-	<relativePath></relativePath>
10	9		<!-- lookup parent from repository -->
11	10		</parent>
12	11
13	12		<groupId>org.owasp</groupId>
14	13		<artifactId>wrongsecrets</artifactId>
15		-	<version>1.6.1-SNAPSHOT</version>
	14	+	<version>1.6.5RC1-SNAPSHOT</version>
16	15
17	16		<name>OWASP WrongSecrets</name>
18	17		<description>Examples with how to not use secrets</description>
		skipped 307 lines
326	325		<phase>pre-integration-test</phase>
327	326		<configuration>
328	327		<profiles>local,without-vault</profiles>
	328	+	<environmentVariables>
	329	+	<CHALLENGEDOCKERMTPATH>src/test/resources/</CHALLENGEDOCKERMTPATH>
	330	+	<challengedockermtpath>src/test/resources/</challengedockermtpath>
	331	+	<KEEPASSPATH>src/test/resources/alibabacreds.kdbx</KEEPASSPATH>
	332	+	<keepasspath>src/test/resources/alibabacreds.kdbx</keepasspath>
	333	+	</environmentVariables>
329	334		</configuration>
330	335		</execution>
331	336		<execution>
		skipped 94 lines
426	431		</goals>
427	432		<phase>generate-resources</phase>
428	433		<configuration>
429		-	<nodeVersion>v16.13.2</nodeVersion>
	434	+	<nodeVersion>v18.16.0</nodeVersion>
430	435		<!-- download node from https://nodejs.org/dist/ -->
431	436		<workingDirectory>js</workingDirectory>
432	437		</configuration>
		skipped 21 lines
454	459		<artifactId>exec-maven-plugin</artifactId>
455	460		<version>3.1.0</version>
456	461		<configuration>
457		-
458	462		<executable>./js/node_modules/.bin/javascript-obfuscator${script.extension}</executable>
459	463		<arguments>
460	464		<argument>./js/index.js</argument>
		skipped 146 lines

■ ■ ■ ■ ■ ■

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge13.java

		skipped 4 lines
5	5		import java.util.Arrays;
6	6		import java.util.Base64;
7	7		import java.util.List;
	8	+	import java.util.regex.Matcher;
	9	+	import java.util.regex.Pattern;
8	10		import javax.crypto.Cipher;
9	11		import javax.crypto.spec.GCMParameterSpec;
10	12		import javax.crypto.spec.SecretKeySpec;
		skipped 72 lines
83	85
84	86		private boolean isKeyCorrect(String base64EncodedKey) {
85	87		if (Strings.isNullOrEmpty(base64EncodedKey)
	88	+	\|\| !isBase64(base64EncodedKey)
86	89		\|\| Strings.isNullOrEmpty(plainText)
87	90		\|\| Strings.isNullOrEmpty(cipherText)) {
88	91		// log.debug("Checking secret with values {}, {}, {}", base64EncodedKey, plainText,
		skipped 24 lines
113	116		log.warn("Exception with Challenge 13", e);
114	117		return false;
115	118		}
	119	+	}
	120	+
	121	+	private boolean isBase64(String text) {
	122	+	String pattern = "^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=\|[A-Za-z0-9+/]{2}==)?$";
	123	+	Pattern r = Pattern.compile(pattern);
	124	+	Matcher m = r.matcher(text);
	125	+	return m.find();
116	126		}
117	127		}
118	128

■ ■ ■ ■ ■ ■

src/main/resources/static/css/style.css

skipped 38 lines
39 39 background-color: var(--bs-success-soft) !important;
40 40 }
41 41
42 + .table {
43 + --bs-table-bg: rgba(0, 0, 0, 0) !important;
44 + }
45 +

All occurrences

■ ■ ■ ■ ■ ■

src/main/resources/templates/about.html

		skipped 78 lines
79	79		<li>(Apache License 2.0) compiler (com.github.spullara.mustache.java:compiler:0.9.6 - http://github.com/spullara/mustache.java)</li>
80	80		<li>(Apache License, Version 2.0) JCIP Annotations under Apache License (com.github.stephenc.jcip:jcip-annotations:1.0-1 - http://stephenc.github.com/jcip-annotations)</li>
81	81		<li>(Apache 2.0) Google Android Annotations Library (com.google.android:annotations:4.1.1.4 - http://source.android.com/)</li>
82		-	<li>(BSD-3-Clause) API Common (com.google.api:api-common:2.8.0 - https://github.com/googleapis/gapic-generator-java)</li>
83		-	<li>(BSD-3-Clause) GAX (Google Api eXtensions) for Java (Core) (com.google.api:gax:2.25.0 - https://github.com/googleapis/gapic-generator-java)</li>
84		-	<li>(BSD-3-Clause) GAX (Google Api eXtensions) for Java (gRPC) (com.google.api:gax-grpc:2.25.0 - https://github.com/googleapis/gapic-generator-java)</li>
85		-	<li>(BSD-3-Clause) GAX (Google Api eXtensions) for Java (HTTP JSON) (com.google.api:gax-httpjson:0.110.0 - https://github.com/googleapis/gapic-generator-java)</li>
86		-	<li>(Apache-2.0) proto-google-cloud-secretmanager-v1 (com.google.api.grpc:proto-google-cloud-secretmanager-v1:2.15.0 - https://github.com/googleapis/google-cloud-java)</li>
87		-	<li>(Apache-2.0) proto-google-cloud-secretmanager-v1beta1 (com.google.api.grpc:proto-google-cloud-secretmanager-v1beta1:2.15.0 - https://github.com/googleapis/google-cloud-java)</li>
88		-	<li>(Apache-2.0) proto-google-common-protos (com.google.api.grpc:proto-google-common-protos:2.16.0 - https://github.com/googleapis/gapic-generator-java)</li>
89		-	<li>(Apache-2.0) proto-google-iam-v1 (com.google.api.grpc:proto-google-iam-v1:1.11.0 - https://github.com/googleapis/gapic-generator-java)</li>
	82	+	<li>(BSD-3-Clause) API Common (com.google.api:api-common:2.10.0 - https://github.com/googleapis/gapic-generator-java)</li>
	83	+	<li>(BSD-3-Clause) GAX (Google Api eXtensions) for Java (Core) (com.google.api:gax:2.27.0 - https://github.com/googleapis/gapic-generator-java)</li>
	84	+	<li>(BSD-3-Clause) GAX (Google Api eXtensions) for Java (gRPC) (com.google.api:gax-grpc:2.27.0 - https://github.com/googleapis/gapic-generator-java)</li>
	85	+	<li>(BSD-3-Clause) GAX (Google Api eXtensions) for Java (HTTP JSON) (com.google.api:gax-httpjson:0.112.0 - https://github.com/googleapis/gapic-generator-java)</li>
	86	+	<li>(Apache-2.0) proto-google-cloud-secretmanager-v1 (com.google.api.grpc:proto-google-cloud-secretmanager-v1:2.17.0 - https://github.com/googleapis/google-cloud-java)</li>
	87	+	<li>(Apache-2.0) proto-google-cloud-secretmanager-v1beta1 (com.google.api.grpc:proto-google-cloud-secretmanager-v1beta1:2.17.0 - https://github.com/googleapis/google-cloud-java)</li>
	88	+	<li>(Apache-2.0) proto-google-common-protos (com.google.api.grpc:proto-google-common-protos:2.18.0 - https://github.com/googleapis/gapic-generator-java)</li>
	89	+	<li>(Apache-2.0) proto-google-iam-v1 (com.google.api.grpc:proto-google-iam-v1:1.13.0 - https://github.com/googleapis/gapic-generator-java)</li>
90	90		<li>(BSD New license) Google Auth Library for Java - Credentials (com.google.auth:google-auth-library-credentials:1.16.0 - https://github.com/googleapis/google-auth-library-java/google-auth-library-credentials)</li>
91	91		<li>(BSD New license) Google Auth Library for Java - OAuth2 HTTP (com.google.auth:google-auth-library-oauth2-http:1.16.0 - https://github.com/googleapis/google-auth-library-java/google-auth-library-oauth2-http)</li>
92	92		<li>(Apache 2.0) AutoValue Annotations (com.google.auto.value:auto-value-annotations:1.10.1 - https://github.com/google/auto/tree/master/value)</li>
93		-	<li>(Apache-2.0) Google Cloud Secret Manager (com.google.cloud:google-cloud-secretmanager:2.15.0 - https://github.com/googleapis/google-cloud-java)</li>
	93	+	<li>(Apache-2.0) Google Cloud Secret Manager (com.google.cloud:google-cloud-secretmanager:2.17.0 - https://github.com/googleapis/google-cloud-java)</li>
94	94		<li>(The Apache Software License, Version 2.0) FindBugs-jsr305 (com.google.code.findbugs:jsr305:3.0.2 - http://findbugs.sourceforge.net/)</li>
95	95		<li>(Apache-2.0) Gson (com.google.code.gson:gson:2.9.1 - https://github.com/google/gson/gson)</li>
96	96		<li>(Apache 2.0) error-prone annotations (com.google.errorprone:error_prone_annotations:2.18.0 - https://errorprone.info/error_prone_annotations)</li>
		skipped 189 lines
286	286		<li>(The Apache Software License, Version 2.0) Dependency-Check Core (org.owasp:dependency-check-core:8.2.1 - https://github.com/jeremylong/DependencyCheck.git/dependency-check-core)</li>
287	287		<li>(The Apache Software License, Version 2.0) Dependency-Check Maven Plugin (org.owasp:dependency-check-maven:8.2.1 - https://github.com/jeremylong/DependencyCheck.git/dependency-check-maven)</li>
288	288		<li>(The Apache Software License, Version 2.0) Dependency-Check Utils (org.owasp:dependency-check-utils:8.2.1 - https://github.com/jeremylong/DependencyCheck.git/dependency-check-utils)</li>
289		-	<li>(The MIT License) Project Lombok (org.projectlombok:lombok:1.18.26 - https://projectlombok.org)</li>
	289	+	<li>(The MIT License) Project Lombok (org.projectlombok:lombok:1.18.28 - https://projectlombok.org)</li>
290	290		<li>(MIT-0) reactive-streams (org.reactivestreams:reactive-streams:1.0.4 - http://www.reactive-streams.org/)</li>
291	291		<li>(The MIT License) semver4j (org.semver4j:semver4j:4.3.0 - https://github.com/semver4j/semver4j)</li>
292	292		<li>(The Apache Software License, Version 2.0) Simple XML (org.simpleframework:simple-xml:2.7.1 - http://simple.sourceforge.net)</li>
		skipped 34 lines
327	327		<li>(Apache License, Version 2.0) spring-boot-starter-thymeleaf (org.springframework.boot:spring-boot-starter-thymeleaf:3.0.6 - https://spring.io/projects/spring-boot)</li>
328	328		<li>(Apache License, Version 2.0) spring-boot-starter-tomcat (org.springframework.boot:spring-boot-starter-tomcat:3.0.6 - https://spring.io/projects/spring-boot)</li>
329	329		<li>(Apache License, Version 2.0) spring-boot-starter-web (org.springframework.boot:spring-boot-starter-web:3.0.6 - https://spring.io/projects/spring-boot)</li>
330		-	<li>(Apache License, Version 2.0) Spring Cloud Commons (org.springframework.cloud:spring-cloud-commons:4.0.2 - https://projects.spring.io/spring-cloud/spring-cloud-commons/)</li>
331		-	<li>(Apache License, Version 2.0) Spring Cloud Context (org.springframework.cloud:spring-cloud-context:4.0.2 - https://projects.spring.io/spring-cloud/spring-cloud-context/)</li>
332		-	<li>(Apache License, Version 2.0) spring-cloud-starter (org.springframework.cloud:spring-cloud-starter:4.0.2 - https://projects.spring.io/spring-cloud)</li>
	330	+	<li>(Apache License, Version 2.0) Spring Cloud Commons (org.springframework.cloud:spring-cloud-commons:4.0.3 - https://projects.spring.io/spring-cloud/spring-cloud-commons/)</li>
	331	+	<li>(Apache License, Version 2.0) Spring Cloud Context (org.springframework.cloud:spring-cloud-context:4.0.3 - https://projects.spring.io/spring-cloud/spring-cloud-context/)</li>
	332	+	<li>(Apache License, Version 2.0) spring-cloud-starter (org.springframework.cloud:spring-cloud-starter:4.0.3 - https://projects.spring.io/spring-cloud)</li>
333	333		<li>(Apache License, Version 2.0) Spring Cloud Starter Vault Config (org.springframework.cloud:spring-cloud-starter-vault-config:4.0.1 - https://cloud.spring.io/spring-cloud-vault/)</li>
334	334		<li>(Apache License, Version 2.0) Spring Cloud Vault Configuration Integration (org.springframework.cloud:spring-cloud-vault-config:4.0.1 - https://spring.io/spring-cloud/spring-cloud-vault-parent/spring-cloud-vault-config)</li>
335	335		<li>(Apache License, Version 2.0) spring-security-config (org.springframework.security:spring-security-config:6.0.3 - https://spring.io/projects/spring-security)</li>
		skipped 8 lines
344	344		<li>(The Apache Software License, Version 2.0) thymeleaf-extras-springsecurity6 (org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.1.RELEASE - http://www.thymeleaf.org/thymeleaf-lib/thymeleaf-extras-springsecurity6)</li>
345	345		<li>(Public Domain) XZ for Java (org.tukaani:xz:1.9 - https://tukaani.org/xz/java.html)</li>
346	346		<li>(The Apache Software License, Version 2.0) unbescape (org.unbescape:unbescape:1.1.6.RELEASE - http://www.unbescape.org)</li>
347		-	<li>(Apache License, Version 2.0) Bootstrap (org.webjars:bootstrap:5.2.3 - http://webjars.org)</li>
	347	+	<li>(Apache License, Version 2.0) Bootstrap (org.webjars:bootstrap:5.3.0 - http://webjars.org)</li>
348	348		<li>(MIT) DataTables (org.webjars:datatables:1.13.2 - http://webjars.org)</li>
349	349		<li>(MIT License) jquery (org.webjars:jquery:3.6.4 - http://webjars.org)</li>
350	350		<li>(Apache 2.0) Swagger UI (org.webjars:swagger-ui:4.18.2 - http://webjars.org)</li>
		skipped 37 lines

		skipped 38 lines
39	39		background-color: var(--bs-success-soft) !important;
40	40		}
41	41
	42	+	.table {
	43	+	--bs-table-bg: rgba(0, 0, 0, 0) !important;
	44	+	}
	45	+

1		-	GsJy3Ko=9Aplb6tUA=2hYby7
2		-

1		-	NY6u6RObCYuu5wm2X4/pQkP4kGaonuHGsVoJAC/r16c=
2		-