crash.software
Projects
Pull Requests
Issues
Builds
wrongsecrets
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY wrongsecrets Commits 85d9026d
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    .github/scripts/docker-create-and-push.sh
    skipped 86 lines
    87 87  echo "committing changes and new pom file with version ${tag}"
    88 88  git commit -am "Update POM file with new version: ${tag}"
    89 89  git push
    90  -echo "tagging version"
    91  -git tag -a $tag -m "${message}"
    92  -git push --tags
     90 +#echo "tagging version"
     91 +#git tag -a $tag -m "${message}"
     92 +#git push --tags
    93 93   
    94 94  echo "Don't forget to update experiment-bed"
    95 95  echo "git checkout experiment-bed && git merge master --no-edit"
    96 96  echo "git push"
    97 97   
    98 98  #staging (https://arcane-scrubland-42646.herokuapp.com/)
    99  -echo "Completed docker upload for X86, now taking care of heroku, do yourself: update Dockerfile.web, then run 'heroku container:login' 'heroku container:push --recursive --arg argBasedVersion=${tag}heroku' and 'heroku container:push --recursive --arg argBasedVersion=${tag}heroku --arg CANARY_URLS=http://canarytokens.com/feedback/images/traffic/tgy3epux7jm59n0ejb4xv4zg3/submit.aspx,http://canarytokens.com/traffic/cjldn0fsgkz97ufsr92qelimv/post.jsp --app=wrongsecrets' and release both (heroku container:release web --app=wrongsecrets)"
     99 +echo "Completed docker upload for X86, now taking care of heroku, do yourself: update Dockerfile.web, then run 'heroku container:login'"
     100 +echo "then for the test container: 'heroku container:push --recursive --arg argBasedVersion=${tag}heroku --app arcane-scrubland-42646' and 'heroku container:release web --app arcane-scrubland-42646'"
     101 +echo "then for the prd container:'heroku container:push --recursive --arg argBasedVersion=${tag}heroku --arg CANARY_URLS=http://canarytokens.com/feedback/images/traffic/tgy3epux7jm59n0ejb4xv4zg3/submit.aspx,http://canarytokens.com/traffic/cjldn0fsgkz97ufsr92qelimv/post.jsp --app=wrongsecrets' and release 'heroku container:release web --app=wrongsecrets'"
    100 102  #want to release? do heroku container:release web --app=wrongsecrets
    101 103   
    102 104   
  • ■ ■ ■ ■
    Dockerfile.web
    1  -FROM jeroenwillemsen/wrongsecrets:1.4.5-no-vault
     1 +FROM jeroenwillemsen/wrongsecrets:challenge21test5-no-vault
    2 2   
    3 3  ARG argBasedVersion="1.4.5"
    4 4  ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
    skipped 9 lines
  • ■ ■ ■ ■
    aws/k8s/secret-challenge-vault-deployment.yml
    skipped 36 lines
    37 37   volumeAttributes:
    38 38   secretProviderClass: "wrongsecrets-aws-secretsmanager"
    39 39   containers:
    40  - - image: jeroenwillemsen/wrongsecrets:1.4.5-k8s-vault
     40 + - image: jeroenwillemsen/wrongsecrets:challenge21test5-k8s-vault
    41 41   imagePullPolicy: IfNotPresent
    42 42   ports:
    43 43   - containerPort: 8080
    skipped 31 lines
  • ■ ■ ■ ■
    azure/k8s/secret-challenge-vault-deployment.yml.tpl
    skipped 34 lines
    35 35   volumeAttributes:
    36 36   secretProviderClass: "azure-wrongsecrets-vault"
    37 37   containers:
    38  - - image: jeroenwillemsen/wrongsecrets:1.4.5-k8s-vault
     38 + - image: jeroenwillemsen/wrongsecrets:challenge21test5-k8s-vault
    39 39   imagePullPolicy: IfNotPresent
    40 40   ports:
    41 41   - containerPort: 8080
    skipped 36 lines
  • ■ ■ ■ ■
    gcp/k8s/secret-challenge-vault-deployment.yml.tpl
    skipped 36 lines
    37 37   volumeAttributes:
    38 38   secretProviderClass: "wrongsecrets-gcp-secretsmanager"
    39 39   containers:
    40  - - image: jeroenwillemsen/wrongsecrets:1.4.5-k8s-vault
     40 + - image: jeroenwillemsen/wrongsecrets:challenge21test5-k8s-vault
    41 41   imagePullPolicy: IfNotPresent
    42 42   ports:
    43 43   - containerPort: 8080
    skipped 33 lines
  • ■ ■ ■ ■
    k8s/secret-challenge-deployment.yml
    skipped 27 lines
    28 28   runAsGroup: 2000
    29 29   fsGroup: 2000
    30 30   containers:
    31  - - image: jeroenwillemsen/wrongsecrets:1.4.5-no-vault
     31 + - image: jeroenwillemsen/wrongsecrets:challenge21test5-no-vault
    32 32   imagePullPolicy: IfNotPresent
    33 33   ports:
    34 34   - containerPort: 8080
    skipped 23 lines
  • ■ ■ ■ ■
    k8s/secret-challenge-vault-deployment.yml
    skipped 29 lines
    30 30   runAsNonRoot: true
    31 31   serviceAccountName: vault
    32 32   containers:
    33  - - image: jeroenwillemsen/wrongsecrets:1.4.5-k8s-vault
     33 + - image: jeroenwillemsen/wrongsecrets:challenge21test5-k8s-vault
    34 34   imagePullPolicy: IfNotPresent
    35 35   ports:
    36 36   - containerPort: 8080
    skipped 27 lines
  • ■ ■ ■ ■
    pom.xml
    skipped 8 lines
    9 9   </parent>
    10 10   <groupId>org.owasp</groupId>
    11 11   <artifactId>wrongsecrets</artifactId>
    12  - <version>1.4.5-SNAPSHOT</version>
     12 + <version>challenge21test5-SNAPSHOT</version>
    13 13   <name>OWASP WrongSecrets</name>
    14 14   <description>Examples with how to not use secrets</description>
    15 15   <url>https://owasp.org/www-project-wrongsecrets/</url>
    skipped 416 lines
  • ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/AllControllerAdvice.java
    skipped 18 lines
    19 19   
    20 20   private final List<ChallengeUI> challenges;
    21 21   private final String version;
    22  - private RuntimeEnvironment runtimeEnvironment;
     22 + private final RuntimeEnvironment runtimeEnvironment;
    23 23   
    24 24   public AllControllerAdvice(List<Challenge> challenges, @Value("${APP_VERSION}") String version, RuntimeEnvironment runtimeEnvironment) {
    25 25   this.challenges = ChallengeUI.toUI(challenges, runtimeEnvironment);
    skipped 25 lines
  • ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/HerokuWebSecurityConfig.java
    skipped 2 lines
    3 3  import org.springframework.context.annotation.Configuration;
    4 4  import org.springframework.core.annotation.Order;
    5 5  import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    6  -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    7 6  import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    8 7   
    9 8  @Configuration
    skipped 11 lines
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/RuntimeEnvironment.java
    skipped 21 lines
    22 22  @Component
    23 23  public class RuntimeEnvironment {
    24 24   
    25  - private static Map<Environment, List<Environment>> envToOverlappingEnvs = Map.of(
     25 + private static final Map<Environment, List<Environment>> envToOverlappingEnvs = Map.of(
    26 26   HEROKU_DOCKER, List.of(DOCKER, HEROKU_DOCKER),
    27 27   DOCKER, List.of(DOCKER, HEROKU_DOCKER),
    28 28   GCP, List.of(DOCKER, K8S, VAULT),
    skipped 13 lines
    42 42   }
    43 43   
    44 44   static Environment fromId(String id) {
    45  - return Arrays.asList(Environment.values()).stream().filter(e -> e.id.equalsIgnoreCase(id)).findAny().get();
     45 + return Arrays.stream(Environment.values()).filter(e -> e.id.equalsIgnoreCase(id)).findAny().get();
    46 46   }
    47 47   }
    48 48   
    skipped 19 lines
  • ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/SessionConfiguration.java
    skipped 11 lines
    12 12  @Slf4j
    13 13  public class SessionConfiguration {
    14 14   
    15  - private static AtomicInteger numberOfSessions = new AtomicInteger(0);
     15 + private static final AtomicInteger numberOfSessions = new AtomicInteger(0);
    16 16   
    17 17   @Bean
    18 18   public HttpSessionListener httpSessionListener() {
    skipped 18 lines
  • ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/StartupListener.java
    skipped 35 lines
    36 36   
    37 37   private String envsToReadableString() {
    38 38   return Arrays.stream(RuntimeEnvironment.Environment.values())
    39  - .map(env -> env.toString())
     39 + .map(Enum::toString)
    40 40   .collect(Collectors.joining(", "));
    41 41   }
    42 42   }
    skipped 3 lines
  • ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/asciidoc/AsciiDoctorTemplateResolver.java
    skipped 16 lines
    17 17  public class AsciiDoctorTemplateResolver extends FileTemplateResolver {
    18 18   
    19 19   private static final String PREFIX = "doc:";
    20  - private TemplateGenerator generator;
     20 + private final TemplateGenerator generator;
    21 21   
    22 22   public AsciiDoctorTemplateResolver(TemplateGenerator generator) {
    23 23   this.generator = generator;
    skipped 18 lines
  • ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/canaries/CanaryCounterImpl.java
    skipped 7 lines
    8 8  @Service
    9 9  public class CanaryCounterImpl implements CanaryCounter {
    10 10   
    11  - private static AtomicInteger numberofCanaryCalls = new AtomicInteger(0);
     11 + private static final AtomicInteger numberofCanaryCalls = new AtomicInteger(0);
    12 12   
    13 13   private static String lastToken;
    14 14   
    skipped 25 lines
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge11.java
    skipped 42 lines
    43 43   private final String azureDefaultValue;
    44 44   private final String challengeAnswer;
    45 45   private final String projectId;
    46  - private final RuntimeEnvironment runtimeEnvironment;
    47 46   private final String azureVaultUri;
    48 47   private final String azureWrongSecret3;
    49 48   
    skipped 16 lines
    66 65   this.gcpDefaultValue = gcpDefaultValue;
    67 66   this.azureDefaultValue = azureDefaultValue;
    68 67   this.projectId = projectId;
    69  - this.runtimeEnvironment = runtimeEnvironment;
    70 68   this.azureVaultUri = azureVaultUri;
    71 69   this.azureWrongSecret3 = azureWrongSecret3;
    72  - this.challengeAnswer = getChallenge11Value(this.runtimeEnvironment);
     70 + this.challengeAnswer = getChallenge11Value(runtimeEnvironment);
    73 71   }
    74 72   
    75 73   @Override
    skipped 12 lines
    88 86   
    89 87   private String getChallenge11Value(RuntimeEnvironment runtimeEnvironment) {
    90 88   if (runtimeEnvironment != null && runtimeEnvironment.getRuntimeEnvironment() != null) {
    91  - switch (runtimeEnvironment.getRuntimeEnvironment()) {
    92  - case AWS:
    93  - return getAWSChallenge11Value();
    94  - case GCP:
    95  - return getGCPChallenge11Value();
    96  - case AZURE:
    97  - return getAzureChallenge11Value();
    98  - default:
    99  - return "please_use_supported_cloud_env";
    100  - }
     89 + return switch (runtimeEnvironment.getRuntimeEnvironment()) {
     90 + case AWS -> getAWSChallenge11Value();
     91 + case GCP -> getGCPChallenge11Value();
     92 + case AZURE -> getAzureChallenge11Value();
     93 + default -> "please_use_supported_cloud_env";
     94 + };
    101 95   }
    102 96   return "please_use_supported_cloud_env";
    103 97   }
    skipped 75 lines
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/BinaryExecutionHelper.java
    skipped 10 lines
    11 11  public class BinaryExecutionHelper {
    12 12   
    13 13   
    14  - public static String ERROR_EXECUTION = "Error with executing";
     14 + public static final String ERROR_EXECUTION = "Error with executing";
    15 15   private final int challengeNumber;
    16 16   
    17 17   public BinaryExecutionHelper(int challengeNumber) {
    18 18   this.challengeNumber = challengeNumber;
    19 19   }
    20 20   
     21 + public String executeGoCommand(String guess) {
     22 + try {
     23 + File execFile = createTempExecutable("wrongsecrets-golang");
     24 + String result;
     25 + if (Strings.isNullOrEmpty(guess)) {
     26 + result = executeCommand(execFile, "spoil");
     27 + } else {
     28 + result = executeCommand(execFile, "guess", guess);
     29 + }
     30 + log.info("stdout challenge {}: {}", challengeNumber, result);
     31 + 
     32 + deleteFile(execFile);
     33 + return result;
     34 + } catch (IOException | NullPointerException | InterruptedException e) {
     35 + log.warn("Error executing:", e);
     36 + return ERROR_EXECUTION;
     37 + }
     38 + }
     39 + 
     40 + public String executeCommand(String guess, String fileName) {
     41 + if (Strings.isNullOrEmpty((guess))) {
     42 + guess = "spoil";
     43 + }
     44 + try {
     45 + File execFile = createTempExecutable(fileName);
     46 + String result = executeCommand(execFile, guess);
     47 + deleteFile(execFile);
     48 + log.info("stdout challenge {}: {}", challengeNumber, result);
     49 + return result;
     50 + } catch (IOException | NullPointerException | InterruptedException e) {
     51 + log.warn("Error executing:", e);
     52 + return ERROR_EXECUTION;
     53 + }
     54 + 
     55 + }
     56 + 
     57 + private String executeCommand(File execFile, String argument, String argument2) throws IOException, InterruptedException {
     58 + ProcessBuilder ps;
     59 + if (Strings.isNullOrEmpty(argument2)) {
     60 + ps = new ProcessBuilder(execFile.getPath(), argument);
     61 + } else {
     62 + ps = new ProcessBuilder(execFile.getPath(), argument, argument2);
     63 + }
     64 + ps.redirectErrorStream(true);
     65 + Process pr = ps.start();
     66 + BufferedReader in = new BufferedReader(new InputStreamReader(pr.getInputStream()));
     67 + String result = in.readLine();
     68 + pr.waitFor();
     69 + return result;
     70 + }
     71 + 
     72 + private String executeCommand(File execFile, String argument) throws IOException, InterruptedException {
     73 + return executeCommand(execFile, argument, "");
     74 + }
     75 + 
    21 76   private boolean useX86() {
    22 77   String systemARch = System.getProperty("os.arch");
    23 78   log.info("System arch detected: {}", systemARch);
    skipped 45 lines
    69 124   return execFile;
    70 125   }
    71 126   
    72  - private String executeCommand(File execFile, String argument) throws IOException, InterruptedException {
    73  - ProcessBuilder ps = new ProcessBuilder(execFile.getPath(), argument);
    74  - ps.redirectErrorStream(true);
    75  - Process pr = ps.start();
    76  - BufferedReader in = new BufferedReader(new InputStreamReader(pr.getInputStream()));
    77  - String result = in.readLine();
    78  - pr.waitFor();
    79  - return result;
    80  - }
    81  - 
    82  - 
    83  - public String executeCommand(String guess, String fileName) {
    84  - if (Strings.isNullOrEmpty((guess))) {
    85  - guess = "spoil";
    86  - }
    87  - try {
    88  - File execFile = createTempExecutable(fileName);
    89  - String result = executeCommand(execFile, guess);
    90  - if (!execFile.delete()) {
    91  - log.info("Deleting the file {} failed...", execFile.getPath());
    92  - }
    93  - log.info("stdout challenge {}: {}", challengeNumber, result);
    94  - return result;
    95  - } catch (IOException | NullPointerException | InterruptedException e) {
    96  - log.warn("Error executing:", e);
    97  - return ERROR_EXECUTION;
     127 + private void deleteFile(File execFile) {
     128 + if (!execFile.delete()) {
     129 + log.info("Deleting the file {} failed...", execFile.getPath());
    98 130   }
    99  - 
    100 131   }
    101 132  }
    102 133   
  • ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge12.java
    skipped 18 lines
    19 19  @Order(12)
    20 20  public class Challenge12 extends Challenge {
    21 21   
    22  - private String dockerMountPath;
     22 + private final String dockerMountPath;
    23 23   
    24 24   public Challenge12(ScoreCard scoreCard, @Value("${challengedockermtpath}") String dockerMountPath) {
    25 25   super(scoreCard);
    skipped 29 lines
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge13.java
    skipped 22 lines
    23 23  @Order(13)
    24 24  public class Challenge13 extends Challenge {
    25 25   
    26  - private String plainText;
    27  - private String cipherText;
     26 + private final String plainText;
     27 + private final String cipherText;
    28 28   
    29 29   @Override
    30 30   public Spoiler spoiler() {
    skipped 49 lines
  • ■ ■ ■ ■ ■ ■
    src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge21.java
     1 +package org.owasp.wrongsecrets.challenges.docker;
     2 + 
     3 + 
     4 +import lombok.extern.slf4j.Slf4j;
     5 +import org.owasp.wrongsecrets.RuntimeEnvironment;
     6 +import org.owasp.wrongsecrets.ScoreCard;
     7 +import org.owasp.wrongsecrets.challenges.Challenge;
     8 +import org.owasp.wrongsecrets.challenges.Spoiler;
     9 +import org.springframework.core.annotation.Order;
     10 +import org.springframework.stereotype.Component;
     11 + 
     12 +import java.util.List;
     13 + 
     14 +import static org.owasp.wrongsecrets.RuntimeEnvironment.Environment.DOCKER;
     15 + 
     16 +@Component
     17 +@Order(21)
     18 +@Slf4j
     19 +public class Challenge21 extends Challenge {
     20 + 
     21 + private final BinaryExecutionHelper binaryExecutionHelper;
     22 + 
     23 + public Challenge21(ScoreCard scoreCard) {
     24 + super(scoreCard);
     25 + this.binaryExecutionHelper = new BinaryExecutionHelper(21);
     26 + }
     27 + 
     28 + 
     29 + @Override
     30 + public Spoiler spoiler() {
     31 + return new Spoiler(binaryExecutionHelper.executeGoCommand(""));
     32 + }
     33 + 
     34 + @Override
     35 + public boolean answerCorrect(String answer) {
     36 + return binaryExecutionHelper.executeGoCommand(answer).equals("This is correct! Congrats!");
     37 + }
     38 + 
     39 + public List<RuntimeEnvironment.Environment> supportedRuntimeEnvironments() {
     40 + return List.of(DOCKER);
     41 + }
     42 +}
     43 + 
  • src/main/resources/executables/wrongsecrets-golang
    Binary file.
  • src/main/resources/executables/wrongsecrets-golang-arm
    Binary file.
  • src/main/resources/executables/wrongsecrets-golang-linux
    Binary file.
  • ■ ■ ■ ■ ■ ■
    src/main/resources/explanations/challenge21.adoc
     1 +=== Obfuscating part 3: the Go binary
     2 + 
     3 +Our third language of choice for a compiled application is Go. With the rise of its popularity, we see an increase of secrets hidden inside the binaries. Can you find the secret in our binary?
     4 + 
     5 +Let's debunk the "secrets are hard to find in native compiled applications" myth for Go: can you find the secret in https://github.com/commjoen/wrongsecrets/tree/master/src/main/resources/executables/wrongsecrets-golang[wrongsecrets-golang] (or https://github.com/commjoen/wrongsecrets/tree/master/src/main/resources/executables/wrongsecrets-golang-arm[wrongsecrets-golang-arm], https://github.com/commjoen/wrongsecrets/tree/master/src/main/resources/executables/wrongsecrets-golang-linux[wrongsecrets-golang-linux])?
     6 + 
  • ■ ■ ■ ■ ■ ■
    src/main/resources/explanations/challenge21_hint.adoc
     1 +This challenge is specifically looking at a secret in a Go binary
     2 + 
     3 +This one is a little harder, as we used Cobra to create the CLI, introducing some more overhead.
     4 +You can solve this challenge using the following steps:
     5 + 
     6 +1. Find the secrets with https://ghidra-sre.org/[Ghidra].
     7 +- Install https://ghidra-sre.org/[Ghidra].
     8 +- Start it with `ghidraRun`.
     9 +- Load the application `wrongsecrets-golang` into ghidra by choosing a new project, then import the file and then doubleclick on it.
     10 +- Allow the Ghidra to analyze the application. Note that this takes much longer as our binary is a lot larger.
     11 +- Go to the data type manager in the bottom left, now filter for `string`, now right-click at `string` as a member of `wrongsecrets-golang` and select `find uses of`.
     12 +- Now filter for known keywords: you should easily be able to find the secret now!
     13 + 
     14 +2. Find the secrets with https://www.radare.org[radare2].
     15 +- Install https://www.radare.org[radare2] with either `brew install radare2` on Mac or follow these steps: `git clone https://github.com/radareorg/radare2; cd radare2 ; sys/install.sh`
     16 +- Launch r2 analysis with `$ r2 -A wrongsecrets-golang`
     17 +- Start a search for the string with `/w secret`
     18 +- Now take the results and look for possible answers, how about `/w his is the secret in Golang` ? You should be able to find the secret now.
     19 + 
  • ■ ■ ■ ■ ■ ■
    src/main/resources/explanations/challenge21_reason.adoc
     1 +*Why Using binaries to hide a secret will only delay an attacker.*
     2 + 
     3 +With beautiful free Reverse engineering applications as Ghidra, not a lot of things remain safe. Anyone who can load the executable in Ghidra or Radare2 can easily start doing a reconnaissance and find secrets within your binary.
     4 + 
     5 +Encrypting the secret with a key embedded in the binary, and other funny puzzles do delay an attacker and just make it fun finding the secret. Be aware that, if the secret needs to be used by the executable, it eventually needs to be in memory ready to be executed.
     6 + 
     7 +Still need to have a secret in the binary? Make sure it can only be retrieved remotely after authenticating against a server.
     8 + 
  • ■ ■ ■ ■ ■
    src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge19Test.java
    skipped 19 lines
    20 20   var challenge = new Challenge19(scoreCard);
    21 21   
    22 22   Assertions.assertThat(challenge.spoiler()).isNotEqualTo(new Spoiler(BinaryExecutionHelper.ERROR_EXECUTION));
     23 + Assertions.assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue();
    23 24   }
    24 25   
    25 26  }
    skipped 1 lines
  • ■ ■ ■ ■ ■
    src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge20Test.java
    skipped 18 lines
    19 19   var challenge = new Challenge20(scoreCard);
    20 20   
    21 21   Assertions.assertThat(challenge.spoiler()).isNotEqualTo(new Spoiler(BinaryExecutionHelper.ERROR_EXECUTION));
     22 + Assertions.assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue();
    22 23   }
    23 24   
    24 25  }
    skipped 1 lines
  • ■ ■ ■ ■ ■ ■
    src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge21Test.java
     1 +package org.owasp.wrongsecrets.challenges.docker;
     2 + 
     3 +import org.assertj.core.api.Assertions;
     4 +import org.junit.jupiter.api.Test;
     5 +import org.junit.jupiter.api.extension.ExtendWith;
     6 +import org.mockito.Mock;
     7 +import org.mockito.junit.jupiter.MockitoExtension;
     8 +import org.owasp.wrongsecrets.ScoreCard;
     9 +import org.owasp.wrongsecrets.challenges.Spoiler;
     10 + 
     11 +@ExtendWith(MockitoExtension.class)
     12 +class Challenge21Test {
     13 + 
     14 + @Mock
     15 + private ScoreCard scoreCard;
     16 + 
     17 + @Test
     18 + void spoilerShouldNotCrash() {
     19 + var challenge = new Challenge21(scoreCard);
     20 + 
     21 + Assertions.assertThat(challenge.spoiler()).isNotEqualTo(new Spoiler(BinaryExecutionHelper.ERROR_EXECUTION));
     22 + Assertions.assertThat(challenge.answerCorrect(challenge.spoiler().solution())).isTrue();
     23 + }
     24 + 
     25 +}
     26 + 
Please wait...
Page is in error, reload to recover