crash.software
Projects
Pull Requests
Issues
Builds
wrongsecrets
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY wrongsecrets Commits 79a98255
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 212 lines
    213 213  Want to know if your tool detects everything? We will keep track of the embedded secrets in [this issue](https://github.com/commjoen/wrongsecrets/issues/201) and have a [branch](https://github.com/commjoen/wrongsecrets/tree/experiment-bed) in which we put additional secrets for your tool to detect.
    214 214  The branch will contain a Docker container generation script using which you can eventually test your container secret scanning.
    215 215   
    216  -## CTFD Support - Experimental
     216 +## CTFD Support
    217 217   
    218  -NOTE: CTFD support is experimental, but can work based on the [Juiceshop CTF CLI](https://github.com/juice-shop/juice-shop-ctf).
     218 +NOTE: CTFD support is experimental, and now works based on the [Juiceshop CTF CLI](https://github.com/juice-shop/juice-shop-ctf).
    219 219  NOTE-II: https://wrongsecrets-ctf.herokuapp.com is based on a free heroku instance, which takes time to warm up. Initial creation of the zip file for CTFD requires you to visit [https://wrongsecrets-ctf.herokuapp.com/api/Challenges](https://wrongsecrets-ctf.herokuapp.com/api/Challenges) once before executing the steps below.
    220 220   
    221 221  Follow the following steps:
    222 222   
    223 223  ```shell
    224 224   npm install -g juice-shop-ctf-cli
    225  - juice-shop-ctf #choose ctfd and https://wrongsecrets-ctf.herokuapp.com as domain. No trailing slash! The key is 'TRwzkRJnHOTckssAeyJbysWgP!Qc2T'
    226  - docker run -p 8001:8000 -it ctfd/ctfd:3.4.3 # configure challenge and import the zip from juice-shop-ctf
     225 + juice-shop-ctf #choose ctfd and https://wrongsecrets-ctf.herokuapp.com as domain. No trailing slash! The key is 'TRwzkRJnHOTckssAeyJbysWgP!Qc2T', feel free to enable hints. We do not support snippets or links/urls to code or hints.
     226 + docker run -p 8001:8000 -it ctfd/ctfd:3.4.3
    227 227  ```
    228 228   
     229 +Now visit the CTFD instance at [http://localhost:8001](http://localhost:8001) and setup your CTF. Then use the administrative backup function to import the zipfile you created with the juice-shop-ctf command.
    229 230  Game on using [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com) !
    230  -Want to setup your own? You can!
     231 +Want to setup your own? You can! Watch out for people finding your key though, so secure it properly: make sure the running container with the actual ctf-key is not exposed to the audience, similar to our heroku container.
    231 232   
    232 233  ## Notes on development
    233 234   
    skipped 78 lines
  • ■ ■ ■ ■ ■ ■
    config/fbctf.yml
     1 +ctf:
     2 + showFlagsInNotifications: true
     3 + showCountryDetailsInNotifications: both
     4 + countryMapping:
     5 + challenge1:
     6 + name: Canada
     7 + code: CA
     8 + challenge2:
     9 + name: Austria
     10 + code: AT
     11 + challenge3:
     12 + name: Israel
     13 + code: IL
     14 + challenge4:
     15 + name: Russian Federation
     16 + code: RU
     17 + challenge5:
     18 + name: Honduras
     19 + code: HN
     20 + challenge6:
     21 + name: Guatemala
     22 + code: GT
     23 + challenge7:
     24 + name: Germany
     25 + code: DE
     26 + challenge8:
     27 + name: Uruguay
     28 + code: UY
     29 + challenge9:
     30 + name: Myanmar
     31 + code: MM
     32 + challenge10:
     33 + name: Costa Rica
     34 + code: CR
     35 + challenge11:
     36 + name: Paraguay
     37 + code: PY
     38 + challenge12:
     39 + name: Slovakia
     40 + code: SK
     41 + challenge13:
     42 + name: Madagascar
     43 + code: MG
     44 + challenge14:
     45 + name: Belize
     46 + code: BZ
     47 + challenge15:
     48 + name: Korea (Democratic People's Republic of)
     49 + code: KP
     50 + challenge16:
     51 + name: Korea
     52 + code: KR
     53 + challenge17:
     54 + name: Belarus
     55 + code: BY
     56 + challenge18:
     57 + name: Bolivia
     58 + code: BO
     59 + challenge19:
     60 + name: Switzerland
     61 + code: CH
     62 + challenge20:
     63 + name: Peru
     64 + code: PE
     65 + challenge21:
     66 + name: Ukraine
     67 + code: UA
     68 + challenge22:
     69 + name: United States of America
     70 + code: US
     71 + challenge23:
     72 + name: Turkey
     73 + code: TR
     74 + challenge24:
     75 + name: Suriname
     76 + code: SR
     77 + challenge25:
     78 + name: Colombia
     79 + code: CO
     80 + challenge26:
     81 + name: Poland
     82 + code: PL
     83 + challenge27:
     84 + name: Ecuador
     85 + code: EC
     86 + challenge28:
     87 + name: Sri Lanka
     88 + code: LK
     89 + challenge29:
     90 + name: Eritrea
     91 + code: ER
     92 + challenge30:
     93 + name: Panama
     94 + code: PA
     95 + 
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/InMemoryScoreCard.java
    skipped 6 lines
    7 7   
    8 8  public class InMemoryScoreCard implements ScoreCard {
    9 9   
    10  - private final int maxPoints;
     10 + private final int maxNumberOfChallenges;
    11 11   private final Set<Challenge> solvedChallenges = new HashSet<>();
    12 12   
    13 13   public InMemoryScoreCard(int numberOfChallenge) {
    14  - maxPoints = numberOfChallenge * 50;
     14 + maxNumberOfChallenges = numberOfChallenge;
    15 15   }
    16 16   
    17 17   @Override
    skipped 8 lines
    26 26   
    27 27   @Override
    28 28   public float getProgress() {
    29  - return (100 / (float) maxPoints) * getTotalReceivedPoints();
     29 + return ((float) 100 / maxNumberOfChallenges) * solvedChallenges.size();
    30 30   }
    31 31   
    32 32   @Override
    33 33   public int getTotalReceivedPoints() {
    34  - return solvedChallenges.size() * 50;
     34 + return solvedChallenges.stream().map(challenge -> challenge.difficulty() * (100 + (challenge.difficulty() - 1) * 25)).reduce(0, Integer::sum);
    35 35   }
    36 36   
    37 37   @Override
    skipped 5 lines
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/ChallengesAPIController.java
    skipped 12 lines
    13 13  import org.springframework.util.ResourceUtils;
    14 14  import org.springframework.web.bind.annotation.GetMapping;
    15 15  import org.springframework.web.bind.annotation.RestController;
     16 +import org.yaml.snakeyaml.Yaml;
    16 17   
    17 18  import java.io.BufferedReader;
    18 19  import java.io.IOException;
    19 20  import java.io.InputStreamReader;
    20 21  import java.util.ArrayList;
    21 22  import java.util.List;
     23 +import java.util.Locale;
    22 24   
    23 25  @Slf4j
    24 26  @RestController
    skipped 95 lines
    120 122   }
    121 123   return null;
    122 124   }
     125 + 
    123 126  }
    124 127   
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/Country.java
     1 +package org.owasp.wrongsecrets.challenges;
     2 + 
     3 +import lombok.RequiredArgsConstructor;
     4 + 
     5 +@RequiredArgsConstructor
     6 +public class Country {
     7 + 
     8 + public String name;
     9 + public String code;
     10 +}
     11 + 
  • ■ ■ ■ ■ ■
    src/test/java/org/owasp/wrongsecrets/InMemoryScoreCardTest.java
    skipped 6 lines
    7 7  import org.mockito.junit.jupiter.MockitoExtension;
    8 8  import org.owasp.wrongsecrets.challenges.Challenge;
    9 9   
     10 +import static org.mockito.ArgumentMatchers.anyString;
     11 +import static org.mockito.Mockito.when;
     12 + 
    10 13  @ExtendWith(MockitoExtension.class)
    11 14  class InMemoryScoreCardTest {
    12 15   
    skipped 5 lines
    18 21   
    19 22   @Test
    20 23   void whenOneChallengeSolvedPointsShouldBeCalculatedCorrectly() {
     24 + when(challenge1.difficulty()).thenReturn(2);
    21 25   var scoring = new InMemoryScoreCard(2);
    22 26   scoring.completeChallenge(challenge1);
    23 27   
    24  - Assertions.assertThat(scoring.getTotalReceivedPoints()).isEqualTo(50);
     28 + Assertions.assertThat(scoring.getTotalReceivedPoints()).isEqualTo(250);
    25 29   }
    26 30   
    27 31   @Test
    28 32   void solvingAllChallengesShouldCalculateMaxPoints() {
     33 + when(challenge1.difficulty()).thenReturn(1);
     34 + when(challenge2.difficulty()).thenReturn(3);
    29 35   var scoring = new InMemoryScoreCard(2);
    30 36   scoring.completeChallenge(challenge1);
    31 37   scoring.completeChallenge(challenge2);
    32 38   
    33  - Assertions.assertThat(scoring.getTotalReceivedPoints()).isEqualTo(100);
     39 + Assertions.assertThat(scoring.getTotalReceivedPoints()).isEqualTo(550);
    34 40   }
    35 41   
    36 42  }
    skipped 1 lines
Please wait...
Page is in error, reload to recover