STRLCPY/wrongsecrets

■ ■ ■ ■ ■ ■

src/main/java/org/owasp/wrongsecrets/InMemoryScoreCard.java

		skipped 5 lines
6	6		import java.util.Set;
7	7
8	8		/**
9		-	* In memory implementation of the scorecard (E.g. no persistence).
	9	+	* In memory implementation of the ScoreCard (E.g. no persistence).
10	10		*/
11	11		public class InMemoryScoreCard implements ScoreCard {
12	12
		skipped 33 lines

■ ■ ■ ■ ■ ■

src/main/java/org/owasp/wrongsecrets/MvcConfiguration.java

		skipped 21 lines
22	22		import java.util.Set;
23	23
24	24		/**
25		-	* Used to generate and return all the html in thymeleaf and convert asciidoc to html
	25	+	* Used to generate and return all the html in thymeleaf and convert asciidoc to html.
26	26		*/
27	27		@Configuration
28	28		@Slf4j
		skipped 56 lines

■ ■ ■ ■ ■ ■

src/main/java/org/owasp/wrongsecrets/RuntimeEnvironment.java

		skipped 12 lines
13	13
14	14		import static org.owasp.wrongsecrets.RuntimeEnvironment.Environment.*;
15	15
	16	+	/**
	17	+	* Class establishing whether a challenge can run or not depending on the given RuntimeEnvironment and whether components are configured & the CTFmode is enabled or not.
	18	+	*/
16	19		@Component
17	20		public class RuntimeEnvironment {
18	21
		skipped 11 lines
30	33
31	34		private static final Map<Environment, List<Environment>> envToOverlappingEnvs = Map.of(FLY_DOCKER, List.of(DOCKER, FLY_DOCKER), HEROKU_DOCKER, List.of(DOCKER, HEROKU_DOCKER), DOCKER, List.of(DOCKER, HEROKU_DOCKER, FLY_DOCKER), GCP, List.of(DOCKER, K8S, VAULT), AWS, List.of(DOCKER, K8S, VAULT), AZURE, List.of(DOCKER, K8S, VAULT), VAULT, List.of(DOCKER, K8S), K8S, List.of(DOCKER), OKTETO_K8S, List.of(K8S, DOCKER, OKTETO_K8S));
32	35
	36	+	/**
	37	+	* Enum with possible environments supported by the app.
	38	+	*/
33	39		public enum Environment {
34	40		DOCKER("Docker"), HEROKU_DOCKER("Heroku(Docker)"), FLY_DOCKER("Fly(Docker)"), GCP("gcp"), AWS("aws"), AZURE("azure"), VAULT("k8s-with-vault"), K8S("k8s"), OKTETO_K8S("Okteto(k8s)");
35	41
		skipped 11 lines
47	53		@Getter
48	54		private final Environment runtimeEnvironment;
49	55
50		-	private boolean isK8sUnlockedInCTFMode() {
51		-	String defaultValueChallenge5 = "if_you_see_this_please_use_k8s";
52		-	return ctfModeEnabled && !challenge5Value.equals(defaultValueChallenge5);
53		-	}
54		-
55		-	private boolean isVaultUnlockedInCTFMode() {
56		-	String defaultVaultAnswer = "ACTUAL_ANSWER_CHALLENGE7";
57		-	String secondDefaultVaultAnswer = "if_you_see_this_please_use_K8S_and_Vault";
58		-	return ctfModeEnabled && !challenge7Value.equals(defaultVaultAnswer) && !challenge7Value.equals(secondDefaultVaultAnswer);
59		-	}
60		-
61		-	private boolean isCloudUnlockedInCTFMode() {
62		-	String defaultValueAWSValue = "if_you_see_this_please_use_AWS_Setup";
63		-	return ctfModeEnabled && !defaultChallenge9Value.equals(defaultValueAWSValue);
64		-	}
65		-
66	56		@Autowired
67	57		public RuntimeEnvironment(@Value("${K8S_ENV}") String currentRuntimeEnvironment) {
68	58		this.runtimeEnvironment = Environment.fromId(currentRuntimeEnvironment);
		skipped 26 lines
95	85		return ctfModeEnabled;
96	86		}
97	87
	88	+	private boolean isK8sUnlockedInCTFMode() {
	89	+	String defaultValueChallenge5 = "if_you_see_this_please_use_k8s";
	90	+	return ctfModeEnabled && !challenge5Value.equals(defaultValueChallenge5);
	91	+	}
	92	+
	93	+	private boolean isVaultUnlockedInCTFMode() {
	94	+	String defaultVaultAnswer = "ACTUAL_ANSWER_CHALLENGE7";
	95	+	String secondDefaultVaultAnswer = "if_you_see_this_please_use_K8S_and_Vault";
	96	+	return ctfModeEnabled && !challenge7Value.equals(defaultVaultAnswer) && !challenge7Value.equals(secondDefaultVaultAnswer);
	97	+	}
	98	+
	99	+	private boolean isCloudUnlockedInCTFMode() {
	100	+	String defaultValueAWSValue = "if_you_see_this_please_use_AWS_Setup";
	101	+	return ctfModeEnabled && !defaultChallenge9Value.equals(defaultValueAWSValue);
	102	+	}
98	103		}
99	104

■ ■ ■ ■ ■ ■

src/main/java/org/owasp/wrongsecrets/ScoreCard.java

		skipped 1 lines
2	2
3	3		import org.owasp.wrongsecrets.challenges.Challenge;
4	4
	5	+	/**
	6	+	* Interface of a scorecard where progress of a player is stored into.
	7	+	*/
5	8		public interface ScoreCard {
	9	+
	10	+	/**
	11	+	* Marks a challenge as completed.
	12	+	* @param challenge Challenge object which is completed
	13	+	*/
6	14		void completeChallenge(Challenge challenge);
7	15
	16	+	/**
	17	+	* Checks if the given challenge is marked as completed in the scorecard.
	18	+	* @param challenge Challenge object tested for completion
	19	+	* @return true if challenge solved correctly
	20	+	*/
8	21		boolean getChallengeCompleted(Challenge challenge);
9	22
	23	+	/**
	24	+	* Gives a 0-100 implementation completeness score.
	25	+	* @return float with completeness percentage
	26	+	*/
10	27		float getProgress();
11	28
	29	+	/**
	30	+	* Gives total number of received points.
	31	+	* @return int with points
	32	+	*/
12	33		int getTotalReceivedPoints();
13	34
	35	+	/**
	36	+	* Resets the status of a given challenge its entry in the score-card.
	37	+	* @param challenge Challenge of which the status should be reset.
	38	+	*/
14	39		void reset(Challenge challenge);
15	40		}
16	41

■ ■ ■ ■ ■ ■

src/main/java/org/owasp/wrongsecrets/SecretsErrorController.java

1	1		package org.owasp.wrongsecrets;
2	2
	3	+	import io.swagger.v3.oas.annotations.Operation;
3	4		import org.springframework.boot.web.servlet.error.ErrorController;
4	5		import org.springframework.stereotype.Controller;
5	6		import org.springframework.web.bind.annotation.GetMapping;
6	7		import org.springframework.web.bind.annotation.RequestMapping;
7	8
	9	+	/**
	10	+	* Controller used to generate content for the error page.
	11	+	*/
8	12		@Controller
9	13		public class SecretsErrorController implements ErrorController {
10	14
11	15		@GetMapping("/error")
	16	+	@Operation(summary = "Returns data for the error page")
12	17		public String handleError() {
13	18		return "error";
14	19		}
		skipped 2 lines

■ ■ ■ ■ ■ ■

src/main/java/org/owasp/wrongsecrets/SecurityHeaderAddingFilter.java

		skipped 5 lines
6	6		import jakarta.servlet.http.HttpServletResponse;
7	7		import java.io.IOException;
8	8
	9	+	/**
	10	+	* Filter used to provide basic security headers in all cases.
	11	+	*/
9	12		@Component
10	13		public class SecurityHeaderAddingFilter implements Filter {
11	14
		skipped 11 lines

■ ■ ■ ■ ■ ■

src/main/java/org/owasp/wrongsecrets/SessionConfiguration.java

		skipped 7 lines
8	8		import jakarta.servlet.http.HttpSessionListener;
9	9		import java.util.concurrent.atomic.AtomicInteger;
10	10
	11	+	/**
	12	+	* HTTPSessionListener with decorator: adds logging on new sessions started so we can keep track somewhat.
	13	+	*/
11	14		@Configuration
12	15		@Slf4j
13	16		public class SessionConfiguration {
		skipped 23 lines

■ ■ ■ ■ ■ ■

src/main/java/org/owasp/wrongsecrets/StartupListener.java

		skipped 8 lines
9	9		import java.util.Arrays;
10	10		import java.util.stream.Collectors;
11	11
	12	+	/**
	13	+	* Helps handling application startup and breaks nicely if K8S_ENV is wrong.
	14	+	*/
12	15		@Slf4j
13	16		public class StartupListener implements ApplicationListener<ApplicationEvent> {
14	17
		skipped 31 lines

■ ■ ■ ■ ■ ■

src/main/java/org/owasp/wrongsecrets/StatsController.java

		skipped 7 lines
8	8		import org.springframework.ui.Model;
9	9		import org.springframework.web.bind.annotation.GetMapping;
10	10
	11	+	/**
	12	+	* Controller that is used to render data in the stats page.
	13	+	*/
11	14		@Controller
12	15		public class StatsController {
13	16
		skipped 47 lines

■ ■ ■ ■ ■ ■

src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java

		skipped 26 lines
27	27		import java.util.stream.Collectors;
28	28
29	29		/**
30		-	* Controller used to host the Challenges UI
	30	+	* Controller used to host the Challenges UI.
31	31		*/
32	32		@Controller
33	33		public class ChallengesController {
		skipped 217 lines

feat(#680): added more missing javadoc - checkstyle fixes