Projects STRLCPY wrongsecrets Commits 19960ff8
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    pom.xml
    skipped 4 lines
    5 5   <parent>
    6 6   <groupId>org.springframework.boot</groupId>
    7 7   <artifactId>spring-boot-starter-parent</artifactId>
    8  - <version>2.7.5</version>
     8 + <version>2.7.6</version>
    9 9   <relativePath/> <!-- lookup parent from repository -->
    10 10   </parent>
    11 11   <groupId>org.owasp</groupId>
    skipped 44 lines
    56 56   <thymeleaf.version>3.0.15.RELEASE</thymeleaf.version>
    57 57   <thymeleaf.layout>3.1.0</thymeleaf.layout>
    58 58   <asciidoctor.maven.plugin.version>2.2.2</asciidoctor.maven.plugin.version>
    59  - <spring.security.version>5.7.5</spring.security.version>
     59 + <spring-security.version>5.8.0</spring-security.version>
    60 60   <com.azure.spring.version>4.4.1</com.azure.spring.version>
    61 61   <cyclonedx.core.version>7.2.0</cyclonedx.core.version>
    62 62   <KeePassJava2.version>2.1.4</KeePassJava2.version>
    skipped 29 lines
    92 92   <dependency>
    93 93   <groupId>org.springframework.security</groupId>
    94 94   <artifactId>spring-security-config</artifactId>
    95  - <version>${spring.security.version}</version>
     95 + <version>${spring-security.version}</version>
    96 96   </dependency>
    97 97   <dependency>
    98 98   <groupId>org.springframework.security</groupId>
    99 99   <artifactId>spring-security-web</artifactId>
    100  - <version>${spring.security.version}</version>
     100 + <version>${spring-security.version}</version>
    101 101   </dependency>
    102 102   <dependency>
    103 103   <groupId>org.springframework.security</groupId>
    104 104   <artifactId>spring-security-test</artifactId>
    105  - <version>${spring.security.version}</version>
     105 + <version>${spring-security.version}</version>
    106 106   <scope>test</scope>
    107 107   </dependency>
    108 108   <dependency>
    skipped 342 lines
  • ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/ActuatorSecurityConfiguration.java
    skipped 11 lines
    12 12   @Bean
    13 13   @Order(2)
    14 14   public SecurityFilterChain configureActuatorSecurity(HttpSecurity http) throws Exception {
    15  - http.requestMatcher(r ->
     15 + http.securityMatcher(r ->
    16 16   r.getRequestURL().toString().contains("/actuator/health"))
    17 17   .csrf().disable();
    18 18   return http.build();
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/canaries/TokenCallbackSecurityConfiguration.java
    skipped 3 lines
    4 4  import org.springframework.context.annotation.Configuration;
    5 5  import org.springframework.core.annotation.Order;
    6 6  import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    7  -import org.springframework.security.web.DefaultSecurityFilterChain;
     7 +import org.springframework.security.web.SecurityFilterChain;
    8 8   
    9 9  @Configuration
    10 10  public class TokenCallbackSecurityConfiguration {
    11 11   
    12 12   @Bean
    13 13   @Order(0)
    14  - public DefaultSecurityFilterChain configureTokenCallbackSecurity(HttpSecurity http) throws Exception {
    15  - http.requestMatcher(r ->
     14 + public SecurityFilterChain configureTokenCallbackSecurity(HttpSecurity http) throws Exception {
     15 + http.securityMatcher(r ->
    16 16   r.getRequestURL().toString().contains("canaries") || r.getRequestURL().toString().contains("token"))
    17 17   .csrf().disable();
    18 18   return http.build();
    skipped 3 lines
  • ■ ■ ■ ■ ■
    src/main/resources/application.properties
    skipped 68 lines
    69 69  spring.config.activate.on-profile=local
    70 70  challengedockermtpath=./
    71 71  asciidoctor.enabled=true
     72 +spring.cloud.vault.enabled=false
    72 73  #---
    73 74  spring.config.activate.on-profile=local-vault
    74 75  wrongsecretvalue=wrongsecret
    skipped 29 lines
Please wait...
Page is in error, reload to recover