STRLCPY/wrongsecrets

Merge pull request #529 from MarcinNowak-codes/spring-security-5.8.0
```
Spring Security 5.8.0
```
Jeroen Willemsen committed with GitHub 2 years ago

19960ff8

2 parents
fc7e4ec3
4b95bc10

■ ■ ■ ■ ■ ■

pom.xml

		skipped 4 lines
5	5		<parent>
6	6		<groupId>org.springframework.boot</groupId>
7	7		<artifactId>spring-boot-starter-parent</artifactId>
8		-	<version>2.7.5</version>
	8	+	<version>2.7.6</version>
9	9		<relativePath/> <!-- lookup parent from repository -->
10	10		</parent>
11	11		<groupId>org.owasp</groupId>
		skipped 44 lines
56	56		<thymeleaf.version>3.0.15.RELEASE</thymeleaf.version>
57	57		<thymeleaf.layout>3.1.0</thymeleaf.layout>
58	58		<asciidoctor.maven.plugin.version>2.2.2</asciidoctor.maven.plugin.version>
59		-	<spring.security.version>5.7.5</spring.security.version>
	59	+	<spring-security.version>5.8.0</spring-security.version>
60	60		<com.azure.spring.version>4.4.1</com.azure.spring.version>
61	61		<cyclonedx.core.version>7.2.0</cyclonedx.core.version>
62	62		<KeePassJava2.version>2.1.4</KeePassJava2.version>
		skipped 29 lines
92	92		<dependency>
93	93		<groupId>org.springframework.security</groupId>
94	94		<artifactId>spring-security-config</artifactId>
95		-	<version>${spring.security.version}</version>
	95	+	<version>${spring-security.version}</version>
96	96		</dependency>
97	97		<dependency>
98	98		<groupId>org.springframework.security</groupId>
99	99		<artifactId>spring-security-web</artifactId>
100		-	<version>${spring.security.version}</version>
	100	+	<version>${spring-security.version}</version>
101	101		</dependency>
102	102		<dependency>
103	103		<groupId>org.springframework.security</groupId>
104	104		<artifactId>spring-security-test</artifactId>
105		-	<version>${spring.security.version}</version>
	105	+	<version>${spring-security.version}</version>
106	106		<scope>test</scope>
107	107		</dependency>
108	108		<dependency>
		skipped 342 lines

■ ■ ■ ■ ■ ■

src/main/java/org/owasp/wrongsecrets/ActuatorSecurityConfiguration.java

		skipped 11 lines
12	12		@Bean
13	13		@Order(2)
14	14		public SecurityFilterChain configureActuatorSecurity(HttpSecurity http) throws Exception {
15		-	http.requestMatcher(r ->
	15	+	http.securityMatcher(r ->
16	16		r.getRequestURL().toString().contains("/actuator/health"))
17	17		.csrf().disable();
18	18		return http.build();
		skipped 3 lines

■ ■ ■ ■ ■ ■

src/main/java/org/owasp/wrongsecrets/canaries/TokenCallbackSecurityConfiguration.java

		skipped 3 lines
4	4		import org.springframework.context.annotation.Configuration;
5	5		import org.springframework.core.annotation.Order;
6	6		import org.springframework.security.config.annotation.web.builders.HttpSecurity;
7		-	import org.springframework.security.web.DefaultSecurityFilterChain;
	7	+	import org.springframework.security.web.SecurityFilterChain;
8	8
9	9		@Configuration
10	10		public class TokenCallbackSecurityConfiguration {
11	11
12	12		@Bean
13	13		@Order(0)
14		-	public DefaultSecurityFilterChain configureTokenCallbackSecurity(HttpSecurity http) throws Exception {
15		-	http.requestMatcher(r ->
	14	+	public SecurityFilterChain configureTokenCallbackSecurity(HttpSecurity http) throws Exception {
	15	+	http.securityMatcher(r ->
16	16		r.getRequestURL().toString().contains("canaries") \|\| r.getRequestURL().toString().contains("token"))
17	17		.csrf().disable();
18	18		return http.build();
		skipped 3 lines

■ ■ ■ ■ ■ ■

src/main/resources/application.properties

		skipped 68 lines
69	69		spring.config.activate.on-profile=local
70	70		challengedockermtpath=./
71	71		asciidoctor.enabled=true
	72	+	spring.cloud.vault.enabled=false
72	73		#---
73	74		spring.config.activate.on-profile=local-vault
74	75		wrongsecretvalue=wrongsecret
		skipped 29 lines

Merge pull request #529 from MarcinNowak-codes/spring-security-5.8.0