Projects STRLCPY wrongsecrets Commits 815e2157
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■
    .github/scripts/docker-create.sh
    skipped 6 lines
    7 7   # Display Help
    8 8   echo "A versatile script to create a docker image for testing. Call this script with no arguments to simply create a local image that you can use to test your changes. For more complex use see the below help section"
    9 9   echo
    10  - echo "Syntax: docker-create.sh [-h (help)|-t (test)|-p (publish)|-e (herokud)|-f (herokup)|-n (notag) [tag={tag}|message={message}|buildarg={buildarg}|springProfile={springProfile}]"
     10 + echo "Syntax: docker-create.sh [-h (help)|-t (test)|-p (publish)|-e (herokud)|-f (herokup)|-g (fly)|-n (notag) [tag={tag}|message={message}|buildarg={buildarg}|springProfile={springProfile}]"
    11 11   echo "options: (All optional)"
    12 12   echo "tag= Write a custom tag that will be added to the container when it is build locally."
    13 13   echo "message= Write a message used for the actual tag-message in git"
    skipped 6 lines
    20 20  # Heroku helpers #
    21 21  ################################################################################
    22 22   
     23 +break_on_tag(){
     24 + if test -n "${tag+x}"; then
     25 + echo "tag is set"
     26 + else
     27 + echo "tag ${tag} was not set properly, aborting"
     28 + exit
     29 + fi
     30 +}
    23 31  heroku_check_container() {
    24  - if test -n "${tag+x}"; then
    25  - echo "tag is set"
    26  - else
    27  - echo "tag ${tag} was not set properly, aborting"
    28  - exit
    29  - fi
     32 + break_on_tag
    30 33   echo "validating dockerfile to contain tag "${tag}" (should be part of '$(head -n 1 ../../Dockerfile.web)')"
    31 34   if [[ "$(head -n 1 ../../Dockerfile.web)" != *"${tag}"* ]]; then
    32 35   echo "tag ${tag} in dockerfile FROM was not set properly, aborting"
    skipped 28 lines
    61 64   exit
    62 65  }
    63 66   
     67 +Fly_publish(){
     68 + echo "Publishing to Fly.io (wrongsecrets.fly.dev)"
     69 + echo "Check if all required binaries are installed"
     70 + source ../../scripts/check-available-commands.sh
     71 + checkCommandsAvailable fly
     72 + break_on_tag
     73 + echo "validating fly.toml to contain tag "${tag}" (should be part of '$(cat ../../fly.toml | grep argBasedVersion)')"
     74 + if [[ "$(cat ../../fly.toml | grep argBasedVersion)" != *"${tag}"* ]]; then
     75 + echo "tag ${tag} in fly.toml not properly set, aborting"
     76 + exit
     77 + fi
     78 + cd ../.. && fly deploy
     79 + exit
     80 +}
     81 + 
    64 82  ################################################################################
    65 83  ################################################################################
    66 84  # Main program #
    skipped 5 lines
    72 90  # Set option to local if no option provided
    73 91  script_mode="local"
    74 92  # Parse provided options
    75  -while getopts ":htpefn*" option; do
     93 +while getopts ":htpefgn*" option; do
    76 94   case $option in
    77 95   h) # display Help
    78 96   Help
    skipped 11 lines
    90 108   f) # Helper
    91 109   script_mode="heroku_p"
    92 110   ;;
     111 + g) #Helper
     112 + script_mode="fly_p"
     113 + ;;
    93 114   n) #notags
    94 115   disable_tagging_in_git="true"
    95 116   ;;
    skipped 10 lines
    106 127  ################################################
    107 128  for ARGUMENT in "$@";
    108 129  do
    109  - if [[ $ARGUMENT != "-h" && $ARGUMENT != "-t" && $ARGUMENT != "-p" && $ARGUMENT != "-e" && $ARGUMENT != "-f" ]]
     130 + if [[ $ARGUMENT != "-h" && $ARGUMENT != "-t" && $ARGUMENT != "-p" && $ARGUMENT != "-e" && $ARGUMENT != "-f" && $ARGUMENT != "-g" ]]
    110 131   then
    111 132   KEY=$(echo "$ARGUMENT" | cut -f1 -d=)
    112 133   KEY_LENGTH=${#KEY}
    skipped 52 lines
    165 186   Heroku_publish_demo
    166 187  elif [[ $script_mode == "heroku_p" ]]; then
    167 188   Heroku_publish_prod
     189 +elif [[ $script_mode == "fly_p" ]]; then
     190 + Fly_publish
    168 191  fi
    169 192  
    170 193   
    skipped 176 lines
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 62 lines
    63 63   
    64 64  [![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)
    65 65   
     66 +### Running on Fly.io
     67 + 
     68 +You can test them out at [https://wrongsecrets.fly.dev](https://wrongsecrets.fly.dev) as well! Please understand that we run on a free-tier instance, we cannot give any guarantees. Please do not fuzz and/or try to bring it down: you would be spoiling it for others that want to testdrive it.
     69 + 
    66 70  ## Basic K8s exercise
    67 71   
    68 72  _Can be used for challenges 1-6, 8, 12-23_
    skipped 278 lines
  • ■ ■ ■ ■ ■ ■
    fly.toml
     1 +# fly.toml file generated for wrongsecrets on 2022-08-27T22:42:28+02:00
     2 + 
     3 +app = "wrongsecrets"
     4 +kill_signal = "SIGINT"
     5 +kill_timeout = 5
     6 +processes = []
     7 + 
     8 +[build]
     9 + dockerfile = "Dockerfile"
     10 + 
     11 +[build.args]
     12 + argBasedVersion="1.5.2"
     13 + spring_profile="without-vault"
     14 + argBasedEnv="Fly(Docker)"
     15 + 
     16 +[env]
     17 + K8S_ENV="Fly(Docker)"
     18 + 
     19 +[experimental]
     20 + allowed_public_ports = []
     21 + auto_rollback = true
     22 + CMD = "java -Xms128m -Xmx128m -Xss512k -jar -XX:MaxRAMPercentage=75 -XX:MinRAMPercentage=25 -Dspring.profiles.active=without-vault application.jar"
     23 + 
     24 +[[services]]
     25 + http_checks = []
     26 + internal_port = 8080
     27 + processes = ["app"]
     28 + protocol = "tcp"
     29 + script_checks = []
     30 + [services.concurrency]
     31 + hard_limit = 25
     32 + soft_limit = 20
     33 + type = "connections"
     34 + 
     35 + [[services.ports]]
     36 + force_https = true
     37 + handlers = ["http"]
     38 + port = 80
     39 + 
     40 + [[services.ports]]
     41 + handlers = ["tls", "http"]
     42 + port = 443
     43 + 
     44 + [[services.tcp_checks]]
     45 + grace_period = "1s"
     46 + interval = "15s"
     47 + restart_limit = 0
     48 + timeout = "2s"
     49 + 
  • ■ ■ ■ ■
    pom.xml
    skipped 8 lines
    9 9   </parent>
    10 10   <groupId>org.owasp</groupId>
    11 11   <artifactId>wrongsecrets</artifactId>
    12  - <version>challenge22t1-SNAPSHOT</version>
     12 + <version>1.5.2-SNAPSHOT</version>
    13 13   <name>OWASP WrongSecrets</name>
    14 14   <description>Examples with how to not use secrets</description>
    15 15   <url>https://owasp.org/www-project-wrongsecrets/</url>
    skipped 427 lines
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/RuntimeEnvironment.java
    skipped 10 lines
    11 11  import java.util.List;
    12 12  import java.util.Map;
    13 13   
    14  -import static org.owasp.wrongsecrets.RuntimeEnvironment.Environment.AWS;
    15  -import static org.owasp.wrongsecrets.RuntimeEnvironment.Environment.DOCKER;
    16  -import static org.owasp.wrongsecrets.RuntimeEnvironment.Environment.GCP;
    17  -import static org.owasp.wrongsecrets.RuntimeEnvironment.Environment.AZURE;
    18  -import static org.owasp.wrongsecrets.RuntimeEnvironment.Environment.K8S;
    19  -import static org.owasp.wrongsecrets.RuntimeEnvironment.Environment.VAULT;
    20  -import static org.owasp.wrongsecrets.RuntimeEnvironment.Environment.HEROKU_DOCKER;
     14 +import static org.owasp.wrongsecrets.RuntimeEnvironment.Environment.*;
    21 15   
    22 16  @Component
    23 17  public class RuntimeEnvironment {
    skipped 8 lines
    32 26   private String defaultChallenge9Value; //used to determine if the cloud challenge values are overriden
    33 27   
    34 28   private static final Map<Environment, List<Environment>> envToOverlappingEnvs = Map.of(
     29 + FLY_DOCKER, List.of(DOCKER, FLY_DOCKER),
    35 30   HEROKU_DOCKER, List.of(DOCKER, HEROKU_DOCKER),
    36 31   DOCKER, List.of(DOCKER, HEROKU_DOCKER),
    37 32   GCP, List.of(DOCKER, K8S, VAULT),
    skipped 4 lines
    42 37   );
    43 38   
    44 39   public enum Environment {
    45  - DOCKER("Docker"), HEROKU_DOCKER("Heroku(Docker)"), GCP("gcp"), AWS("aws"), AZURE("azure"), VAULT("k8s-with-vault"), K8S("k8s");
     40 + DOCKER("Docker"), HEROKU_DOCKER("Heroku(Docker)"), FLY_DOCKER("Fly(Docker)"), GCP("gcp"), AWS("aws"), AZURE("azure"), VAULT("k8s-with-vault"), K8S("k8s");
    46 41   
    47 42   private final String id;
    48 43   
    skipped 46 lines
  • ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/ChallengesAPIController.java
    skipped 72 lines
    73 73   
    74 74   private String getCategory(ChallengeUI challengeUI) {
    75 75   return switch (challengeUI.getChallenge().supportedRuntimeEnvironments().get(0)) {
    76  - case DOCKER, HEROKU_DOCKER -> "Docker";
     76 + case DOCKER, HEROKU_DOCKER, FLY_DOCKER -> "Docker";
    77 77   case GCP, AWS, AZURE -> "Cloud";
    78 78   case VAULT -> "Vault";
    79 79   case K8S -> "Kubernetes";
    skipped 48 lines
Please wait...
Page is in error, reload to recover