## How to get started with the project in IntelliJ IDEA
137
137
138
-
-
139
-
140
138
### Step 1: Fork the Project.
141
139
142
-
Navigate to the landing page of the repository in your web browser and click on the **_Fork_** button on the repository’s home page.
143
-
A forked copy of that Git repository will be added to your personal GitHub.
140
+
Navigate to the landing page of the repository in your web browser and click on the **_Fork_** button on the repository’s home page.
141
+
A forked copy of that Git repository will be added to your personal GitHub.
144
142
145
-
![](images/fork-project-1.png)
143
+
![](images/fork-project-1.png)
146
144
147
-
-
148
145
149
146
### Step 2: Clone the Project.
150
147
151
-
A **clone** is a full copy of a repository, including all logging and versions of files.
152
-
To **_clone_** the Project to your local desktop by clicking on the button as shown below.
153
-
154
-
![](images/clone-project-2.png)
148
+
A **clone** is a full copy of a repository, including all logging and versions of files.
149
+
To **_clone_** the Project to your local desktop by clicking on the button as shown below.
155
150
156
-
-
151
+
![](images/clone-project-2.png)
157
152
158
153
### Step 3: Open the Project using IntelliJ IDEA
154
+
**_Open_** the Cloned Project using IntelliJ IDEA by clicking on the button as shown below.
159
155
160
-
- **_Open_** the Cloned Project using IntelliJ IDEA by clicking on the button as shown below.
156
+
![](images/open-project-3.1.png)
161
157
162
-
![](images/open-project-3.1.png)
158
+
**Wait** till the Project Loads.
163
159
164
-
- **Wait** till the Project Loads.
165
-
166
-
![](images/wait-3.2.png)
160
+
![](images/wait-3.2.png)
167
161
168
162
169
163
### Step 4: Setup.
170
164
171
-
-Open Settings by pressing **_Ctrl+Alt+S_**
172
-
![](images/open-settings-4.1.png)
165
+
Open Settings by pressing **_Ctrl+Alt+S_**
173
166
174
-
- Follow the path **_IDE settings>Language & Frameworks > Lombok_** and then click on **_Lombok._**
175
-
![](images/lombok-setup-4.2.png)
167
+
![](images/open-settings-4.1.png)
176
168
177
-
- Make sure that the **_Lombok processing_** is enabled.
178
-
![](images/lombok-processing-4.3.png)
169
+
Follow the path **_IDE settings>Language & Frameworks > Lombok_** and then click on **_Lombok._**
179
170
180
-
- Select **_Plugins > Marketplace_** and type 'google-java-format' and restart IntelliJ to install the plugin.
171
+
![](images/lombok-setup-4.2.png)
181
172
182
-
- Open Settings by pressing **_Ctrl+Alt+S_**
183
-
![](images/open-settings-4.1.png)
173
+
Make sure that the **_Lombok processing_** is enabled.
184
174
185
-
- Select **_google-java-format Settings_** and click enable.
186
-
![](images/open-settings-4.4.png)
175
+
![](images/lombok-processing-4.3.png)
187
176
188
-
- ### Step 5: Reload the project
177
+
Select **_Plugins > Marketplace_** and type 'google-java-format' and restart IntelliJ to install the plugin.
189
178
190
-
- Open the **_Maven_** Tab
179
+
Open Settings by pressing **_Ctrl+Alt+S_**
180
+
181
+
![](images/open-settings-4.1.png)
182
+
183
+
Select **_google-java-format Settings_** and click enable.
184
+
185
+
![](images/open-settings-4.4.png)
186
+
187
+
### Step 5: Reload the project
188
+
189
+
Open the **_Maven_** Tab
191
190
192
-
![](images/open-maven-5.1.png)
191
+
![](images/open-maven-5.1.png)
193
192
194
-
-Press the **_Reload_** button as shown below and allow the project to Reload.
193
+
Press the **_Reload_** button as shown below and allow the project to Reload.
195
194
196
-
![](images/reload-maven-5.2.png)
195
+
![](images/reload-maven-5.2.png)
197
196
198
-
-Further use the **_OWASP WrongSecrets --> Lifecycle --> install_** step to load all the depedencies
197
+
Further use the **_OWASP WrongSecrets --> Lifecycle --> install_** step to load all the depedencies
199
198
200
199
**NOTE:** Indians and other Asia-Pacific countries users may have to use **VPN** if you enounter this exception `org.owasp.dependencycheck.utils.DownloadFailedException: TLS Connection Reset`.
201
200
202
-
-
203
-
204
201
### Step 6: Running the Project.
205
202
206
-
-Open the **_WrongSecretsApplication_** by following the path **_main>java>org.owasp.wrongsecrets>WrongSecretApplication_**.
207
-
![](images/open-application-6.1.png)
208
-
- Press **_Shift+F10_** to run the application, this will open up the **_Run/Debug Configurations Menu._**
209
-
![](images/run-application-6.2.png)
203
+
Open the **_WrongSecretsApplication_** by following the path **_main>java>org.owasp.wrongsecrets>WrongSecretApplication_**.
210
204
211
-
- ### Step 7: Setting up Configurations.
205
+
![](images/open-application-6.1.png)
212
206
213
-
- Select **_Edit configuration templates_** then select **_Application_** section.
207
+
Press **_Shift+F10_** to run the application, this will open up the **_Run/Debug Configurations Menu._**
214
208
215
-
![](images/edit-config-7.1.png)
209
+
![](images/run-application-6.2.png)
216
210
217
-
- There under the **_Application_** section click on the button shown below.
211
+
### Step 7: Setting up Configurations.
218
212
219
-
![](images/modify-options-7.2.png)
213
+
Select **_Edit configuration templates_** then select **_Application_** section.
220
214
221
-
- **_Select_** all the fields that are Selected in the below picture.
215
+
![](images/edit-config-7.1.png)
222
216
223
-
![](images/select-options-7.3.png)
217
+
There under the **_Application_** section click on the button shown below.
224
218
225
-
- **_Fill out_** all the fields as shown below.
219
+
![](images/modify-options-7.2.png)
226
220
227
-
![](images/fill-fields-7.4.png)
221
+
**_Select_** all the fields that are Selected in the below picture.
228
222
229
-
- Again press **_Shift+F10_** which runs the Application.
223
+
![](images/select-options-7.3.png)
230
224
231
-
![](images/run-application-6.2.png)
225
+
**_Fill out_** all the fields as shown below.
232
226
233
-
-
227
+
![](images/fill-fields-7.4.png)
228
+
229
+
Again press **_Shift+F10_** which runs the Application.
230
+
231
+
![](images/run-application-6.2.png)
234
232
235
233
### There you have it, **_WrongSecrets_** running successfully.
236
234
237
-
-Here is a _preview_ on how does it look after successfully running the Application.
238
-
**Note:** Running the Application doesn't open any kind of **_GUI_**, it only initializes the **_local webserver_** that you can open via a **_browser._**
239
-
![](images/final-output-8.png)
235
+
Here is a _preview_ on how does it look after successfully running the Application.
236
+
**Note:** Running the Application doesn't open any kind of **_GUI_**, it only initializes the **_local webserver_** that you can open via a **_browser._**
237
+
238
+
![](images/final-output-8.png)
239
+
240
+
Here is the preview of the **web server**, you can try to find the secrets by means of solving the challenge offered at: [**Challenges**](https://github.com/OWASP/wrongsecrets#basic-docker-exercises)
240
241
241
-
- Here is the preview of the **web server**, you can try to find the secrets by means of solving the challenge offered at:
First make sure that you have an [Issue](https://github.com/OWASP/wrongsecrets/issues/new) reported for which a challenge is really wanted, And make sure the challenge is assigned to you, as others might be working on the challenge.
254
-
255
-
-
250
+
First make sure that you have an [Issue](https://github.com/OWASP/wrongsecrets/issues/new) reported for which a challenge is really wanted, And make sure the challenge is assigned to you, as others might be working on the challenge.
Please note that PRs for new challenges are only accepted when unit tests are added to prove that the challenge works. Normally tests should not immediately leak the actual secret, so leverage the `.spoil()` functionality of your test implementation for this.
366
361
367
-
-
368
-
369
362
### Step 4: Adding explanations, reasons and hints.
370
363
371
-
Add the explanation for your challenge along with the hints that will help in finding the secret in this folder `wrongsecrets/src/main/resources/explanations/`.
372
-
Things to be noted.
364
+
Add the explanation for your challenge along with the hints that will help in finding the secret in this folder `wrongsecrets/src/main/resources/explanations/`.
365
+
Things to be noted:
373
366
374
-
- All the possible explanations for your challenge, included with all the hints and reasons should be provided.
375
-
- Everything must be in separate **AsciiDoc files**.
376
-
- Follow this fashion in naming the file.
367
+
- All the possible explanations for your challenge, included with all the hints and reasons should be provided.
368
+
- Everything must be in separate **AsciiDoc files**.
369
+
- Follow this fashion in naming the file: `challenge<number>.adoc`, `challenge<number>_hint.adoc`, and `challenge<number>_reason.adoc`.
377
370
378
-
-Here is a Explanation for reference:
371
+
Here is a Explanation for reference:
379
372
380
-
```adoc
381
-
=== Hello world challenge
382
-
383
-
Welcome to OWASP WrongSecrets Beginner guide Challenge
373
+
```adoc
374
+
=== Hello world challenge
384
375
385
-
Basically this challenge is there only to demonstrate how to add a challenge in our project and to give you a basic idea on how does things work.
376
+
Welcome to OWASP WrongSecrets Beginner guide Challenge
386
377
387
-
```
378
+
Basically this challenge is there only to demonstrate how to add a challenge in our project and to give you a basic idea on how does things work.
388
379
389
-
- refer this block for reasons:
380
+
```
390
381
391
-
```adoc
392
-
==== What’s the purpose of this specific challenge?
393
-
With this challenge, we basically aim to help new contributors to better understand the code and encourage them to add new challenges for our end-user.
394
-
```
382
+
refer this block for reasons:
395
383
396
-
- Use this block as refrence for hints:
384
+
```adoc
385
+
==== What’s the purpose of this specific challenge?
386
+
With this challenge, we basically aim to help new contributors to better understand the code and encourage them to add new challenges for our end-user.
387
+
```
397
388
398
-
```adoc
399
-
Your secret is `Hello World`
389
+
Use this block as refrence for hints:
400
390
401
-
Copy this and paste it in the box provided and press "Submit" and you are good to go.
391
+
```adoc
392
+
Your secret is `Hello World`
402
393
403
-
This challenge is only meant for helping new contributors to add new challenges. Please, have fun with trying more difficult challenges;-).
404
-
```
394
+
Copy this and paste it in the box provided and press "Submit" and you are good to go.
405
395
406
-
- ### Step 5: Submitting your PR.
407
-
After completing all the above steps, final step is to submit the PR and refer [**Contributing.md**](https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md#how-to-get-your-pr-accepted) on how to get your PR accepted.
396
+
This challenge is only meant for helping new contributors to add new challenges. Please, have fun with trying more difficult challenges;-).
397
+
```
408
398
409
-
---
399
+
### Step 5: Submitting your PR.
400
+
After completing all the above steps, final step is to submit the PR and refer [**Contributing.md**](https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md#how-to-get-your-pr-accepted) on how to get your PR accepted.
- vault [Install from here](https://www.vaultproject.io/downloads),
193
197
- grep, Cat, and Sed
194
198
195
-
Run `./k8s-vault-minkube-start.sh`, when the script is done, then the challenges will wait for you at <http://localhost:8080> . This will allow you to run challenges 1-8, 12-32.
199
+
Run `./k8s-vault-minkube-start.sh`, when the script is done, then the challenges will wait for you at <http://localhost:8080> . This will allow you to run challenges 1-8, 12-33.
196
200
197
201
When you stopped the `k8s-vault-minikube-start.sh` script and want to resume the port forward run: `k8s-vault-minikube-resume.sh`.
198
202
This is because if you run the start script again it will replace the secret in the vault and not update the secret-challenge application with the new secret.
199
203
200
204
## Cloud Challenges
201
205
202
-
_Can be used for challenges 1-32_
206
+
_Can be used for challenges 1-33_
203
207
204
208
**READ THIS**: Given that the exercises below contain IAM privilege escalation exercises,
205
209
never run this on an account which is related to your production environment or can influence your account-over-arching
<li>(BSD New license) Google Auth Library for Java - Credentials (com.google.auth:google-auth-library-credentials:1.16.0 - https://github.com/googleapis/google-auth-library-java/google-auth-library-credentials)</li>
91
91
<li>(BSD New license) Google Auth Library for Java - OAuth2 HTTP (com.google.auth:google-auth-library-oauth2-http:1.16.0 - https://github.com/googleapis/google-auth-library-java/google-auth-library-oauth2-http)</li>
<li>(The MIT License) semver4j (org.semver4j:semver4j:4.3.0 - https://github.com/semver4j/semver4j)</li>
292
292
<li>(The Apache Software License, Version 2.0) Simple XML (org.simpleframework:simple-xml:2.7.1 - http://simple.sourceforge.net)</li>
skipped 34 lines
327
327
<li>(Apache License, Version 2.0) spring-boot-starter-thymeleaf (org.springframework.boot:spring-boot-starter-thymeleaf:3.0.6 - https://spring.io/projects/spring-boot)</li>
328
328
<li>(Apache License, Version 2.0) spring-boot-starter-tomcat (org.springframework.boot:spring-boot-starter-tomcat:3.0.6 - https://spring.io/projects/spring-boot)</li>
329
329
<li>(Apache License, Version 2.0) spring-boot-starter-web (org.springframework.boot:spring-boot-starter-web:3.0.6 - https://spring.io/projects/spring-boot)</li>
330
-
<li>(Apache License, Version 2.0) Spring Cloud Commons (org.springframework.cloud:spring-cloud-commons:4.0.2 - https://projects.spring.io/spring-cloud/spring-cloud-commons/)</li>
331
-
<li>(Apache License, Version 2.0) Spring Cloud Context (org.springframework.cloud:spring-cloud-context:4.0.2 - https://projects.spring.io/spring-cloud/spring-cloud-context/)</li>
332
-
<li>(Apache License, Version 2.0) spring-cloud-starter (org.springframework.cloud:spring-cloud-starter:4.0.2 - https://projects.spring.io/spring-cloud)</li>
330
+
<li>(Apache License, Version 2.0) Spring Cloud Commons (org.springframework.cloud:spring-cloud-commons:4.0.3 - https://projects.spring.io/spring-cloud/spring-cloud-commons/)</li>
331
+
<li>(Apache License, Version 2.0) Spring Cloud Context (org.springframework.cloud:spring-cloud-context:4.0.3 - https://projects.spring.io/spring-cloud/spring-cloud-context/)</li>
332
+
<li>(Apache License, Version 2.0) spring-cloud-starter (org.springframework.cloud:spring-cloud-starter:4.0.3 - https://projects.spring.io/spring-cloud)</li>
333
333
<li>(Apache License, Version 2.0) Spring Cloud Starter Vault Config (org.springframework.cloud:spring-cloud-starter-vault-config:4.0.1 - https://cloud.spring.io/spring-cloud-vault/)</li>
334
334
<li>(Apache License, Version 2.0) Spring Cloud Vault Configuration Integration (org.springframework.cloud:spring-cloud-vault-config:4.0.1 - https://spring.io/spring-cloud/spring-cloud-vault-parent/spring-cloud-vault-config)</li>
335
335
<li>(Apache License, Version 2.0) spring-security-config (org.springframework.security:spring-security-config:6.0.3 - https://spring.io/projects/spring-security)</li>
skipped 8 lines
344
344
<li>(The Apache Software License, Version 2.0) thymeleaf-extras-springsecurity6 (org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.1.RELEASE - http://www.thymeleaf.org/thymeleaf-lib/thymeleaf-extras-springsecurity6)</li>
345
345
<li>(Public Domain) XZ for Java (org.tukaani:xz:1.9 - https://tukaani.org/xz/java.html)</li>
346
346
<li>(The Apache Software License, Version 2.0) unbescape (org.unbescape:unbescape:1.1.6.RELEASE - http://www.unbescape.org)</li>
347
-
<li>(Apache License, Version 2.0) Bootstrap (org.webjars:bootstrap:5.2.3 - http://webjars.org)</li>
347
+
<li>(Apache License, Version 2.0) Bootstrap (org.webjars:bootstrap:5.3.0 - http://webjars.org)</li>