crash.software
Projects
Pull Requests
Issues
Builds
wrongsecrets
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY wrongsecrets Commits 7b7c9948
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■
    Dockerfile.web
    1  -FROM jeroenwillemsen/wrongsecrets:ctfdtest7-no-vault
     1 +FROM jeroenwillemsen/wrongsecrets:ctfdtest8-no-vault
    2 2   
    3 3  ARG argBasedVersion="1.4.7"
    4 4  ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
    skipped 13 lines
  • ■ ■ ■ ■ ■ ■
    pom.xml
    skipped 94 lines
    95 95   <version>${spring.security.version}</version>
    96 96   </dependency>
    97 97   <dependency>
     98 + <groupId>org.springframework.security</groupId>
     99 + <artifactId>spring-security-test</artifactId>
     100 + <version>${spring.security.version}</version>
     101 + <scope>test</scope>
     102 + </dependency>
     103 + <dependency>
    98 104   <groupId>org.springframework.boot</groupId>
    99 105   <artifactId>spring-boot-starter-web</artifactId>
    100 106   </dependency>
    skipped 336 lines
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java
    skipped 51 lines
    52 52   
    53 53   @GetMapping("/spoil-{id}")
    54 54   public String spoiler(Model model, @PathVariable Integer id) {
    55  - var challenge = challenges.get(id - 1).getChallenge();
    56  - model.addAttribute("spoiler", challenge.spoiler());
     55 + if (!ctfModeEnabled) {
     56 + var challenge = challenges.get(id - 1).getChallenge();
     57 + model.addAttribute("spoiler", challenge.spoiler());
     58 + } else {
     59 + model.addAttribute("spoiler", new Spoiler("Spoils are disabled in CTF mode"));
     60 + }
    57 61   return "spoil";
    58 62   }
    59 63   
    skipped 105 lines
  • ■ ■ ■ ■ ■
    src/test/java/org/owasp/wrongsecrets/ChallengeAPiControllerTest.java
    skipped 32 lines
    33 33   try {
    34 34   var response = restTemplate.getForEntity(callbackAdress, String.class);
    35 35   assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
     36 + assertThat(response.getBody()).contains("hint");
    36 37   } catch (RestClientResponseException e) {
    37 38   fail(e);
    38 39   }
    skipped 7 lines
  • ■ ■ ■ ■ ■ ■
    src/test/java/org/owasp/wrongsecrets/ChallengesControllerCTFModeTest.java
     1 +package org.owasp.wrongsecrets;
     2 + 
     3 +import org.junit.jupiter.api.Test;
     4 +import org.junit.jupiter.api.extension.ExtendWith;
     5 +import org.owasp.wrongsecrets.challenges.ChallengeForm;
     6 +import org.owasp.wrongsecrets.challenges.docker.Challenge1;
     7 +import org.springframework.beans.factory.annotation.Autowired;
     8 +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
     9 +import org.springframework.boot.test.context.SpringBootTest;
     10 +import org.springframework.http.MediaType;
     11 +import org.springframework.test.context.junit.jupiter.SpringExtension;
     12 +import org.springframework.test.web.servlet.MockMvc;
     13 + 
     14 +import static org.hamcrest.Matchers.containsString;
     15 +import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
     16 +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
     17 +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
     18 +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
     19 +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
     20 + 
     21 +@ExtendWith(SpringExtension.class)
     22 +@SpringBootTest(
     23 + properties = {"CTF_ENABLED=true", "CTF_KEY=randomtextforkey"},
     24 + classes = WrongSecretsApplication.class
     25 +)
     26 +@AutoConfigureMockMvc
     27 +class ChallengesControllerCTFModeTest {
     28 + 
     29 + @Autowired
     30 + private MockMvc mvc;
     31 + 
     32 + 
     33 + @Test
     34 + void shouldNotSpoilWhenInCTFMode() throws Exception {
     35 + mvc.perform(get("/spoil-1"))
     36 + .andExpect(status().isOk())
     37 + .andExpect(content().string(containsString("Spoils are disabled in CTF mode")));
     38 + 
     39 + }
     40 + 
     41 + @Test
     42 + void shouldShowFlagWhenRespondingWithSuccessInCTFMode() throws Exception {
     43 + var spoil = new Challenge1(new InMemoryScoreCard(1)).spoiler().solution();
     44 + mvc.perform(post("/challenge/1")
     45 + .contentType(MediaType.APPLICATION_FORM_URLENCODED)
     46 + .param("solution", spoil)
     47 + .param("action", "submit")
     48 + .with(csrf()))
     49 + .andExpect(status().isOk())
     50 + .andExpect(content().string(containsString("ba9a72ac7057576344856")));
     51 + 
     52 + }
     53 +}
     54 + 
  • ■ ■ ■ ■ ■ ■
    src/test/java/org/owasp/wrongsecrets/ChallengesControllerTest.java
    skipped 42 lines
    43 43   when(challenge.solved(anyString())).thenReturn(false);
    44 44   
    45 45   this.mvc.perform(post("/challenge/1")
    46  - .param("solution", "wrong")
    47  - .param("action", "submit"))
    48  - .andExpect(status().isOk())
    49  - .andExpect(model().attributeDoesNotExist("answerCorrect"))
    50  - .andExpect(model().attributeExists("answerIncorrect"));
     46 + .param("solution", "wrong")
     47 + .param("action", "submit"))
     48 + .andExpect(status().isOk())
     49 + .andExpect(model().attributeDoesNotExist("answerCorrect"))
     50 + .andExpect(model().attributeExists("answerIncorrect"));
    51 51   this.mvc.perform(get("/challenge/1"));
    52 52   }
    53 53   
    skipped 1 lines
    55 55   void shouldReturnSpoiler() throws Exception {
    56 56   when(challenge.spoiler()).thenReturn(new Spoiler("solution"));
    57 57   this.mvc.perform(get("/spoil-1"))
    58  - .andExpect(status().isOk())
    59  - .andExpect(model().attribute("spoiler", new Spoiler("solution")));
     58 + .andExpect(status().isOk())
     59 + .andExpect(model().attribute("spoiler", new Spoiler("solution")));
    60 60   }
    61 61   
    62 62   @Test
    skipped 1 lines
    64 64   when(challenge.solved(anyString())).thenReturn(false);
    65 65   
    66 66   this.mvc.perform(post("/challenge/1")
    67  - .param("solution", "wrong")
    68  - .param("action", "submit"))
    69  - .andExpect(status().isOk())
    70  - .andExpect(model().attributeDoesNotExist("answerCorrect"))
    71  - .andExpect(model().attributeExists("answerIncorrect"));
     67 + .param("solution", "wrong")
     68 + .param("action", "submit"))
     69 + .andExpect(status().isOk())
     70 + .andExpect(model().attributeDoesNotExist("answerCorrect"))
     71 + .andExpect(model().attributeExists("answerIncorrect"));
    72 72   }
    73 73   
    74 74   @Test
    skipped 1 lines
    76 76   when(challenge.solved(anyString())).thenReturn(true);
    77 77   
    78 78   this.mvc.perform(post("/challenge/1")
    79  - .param("solution", "wrong")
    80  - .param("action", "submit"))
    81  - .andExpect(status().isOk())
    82  - .andExpect(model().attributeExists("answerCorrect"))
    83  - .andExpect(model().attributeDoesNotExist("answerIncorrect"));
     79 + .param("solution", "wrong")
     80 + .param("action", "submit"))
     81 + .andExpect(status().isOk())
     82 + .andExpect(model().attributeExists("answerCorrect"))
     83 + .andExpect(model().attributeDoesNotExist("answerIncorrect"));
    84 84   }
    85 85   
    86 86   @Test
    87  - void shouldReturnCompleteWhenAllItemsDone() throws Exception{
     87 + void shouldReturnCompleteWhenAllItemsDone() throws Exception {
    88 88   when(challenge.solved(anyString())).thenReturn(true);
    89 89   this.mvc.perform(post("/challenge/1")
    90 90   .param("solution", "wrong")
    skipped 2 lines
    93 93   .andExpect(model().attributeExists("answerCorrect"))
    94 94   .andExpect(model().attributeExists("allCompleted"));
    95 95   }
     96 + 
    96 97  }
    97 98   
Please wait...
Page is in error, reload to recover