From ceafe77eee85d07cbaa6584f1b53ed3a3f7b4348 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Wed, 8 Mar 2023 18:42:42 +0100 Subject: [PATCH 1/8] feat(x): First implementation for running ctf party as part of okteto --- README.md | 2 +- .../secret-challenge-ctf-party-deployment.yml | 113 ++++++++++++++++++ okteto/k8s/secrets-service-ctf-party.yml | 11 ++ 3 files changed, 125 insertions(+), 1 deletion(-) create mode 100644 okteto/k8s/secret-challenge-ctf-party-deployment.yml create mode 100644 okteto/k8s/secrets-service-ctf-party.yml diff --git a/README.md b/README.md index 51a49962b..20f37be40 100644 --- a/README.md +++ b/README.md @@ -309,7 +309,7 @@ The branch will contain a Docker container generation script using which you can We have 3 ways of playing CTFs: -- The quick "let's play"-approach based on our own Heroku domain [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com), which we documente for you here. +- The quick "let's play"-approach based on our own Heroku domain [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com), which we documented for you here. - A more extended approach documented in [ctf-instructions.md](/ctf-instructions.md). - A fully customizable CTF setup where every player gets its own virtual instance of WrongSecrets and a virtual instance of the wrongsecrets-desktop, so they all can play hassle-free. For this you have to use [the WrongSecrets CTF Party setup](https://github.com/OWASP/wrongsecrets-ctf-party). diff --git a/okteto/k8s/secret-challenge-ctf-party-deployment.yml b/okteto/k8s/secret-challenge-ctf-party-deployment.yml new file mode 100644 index 000000000..be5848c60 --- /dev/null +++ b/okteto/k8s/secret-challenge-ctf-party-deployment.yml @@ -0,0 +1,113 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: secret-challenge-ctf-party + name: secret-challenge-ctf-party + namespace: $OKTETO_NAMESPACE +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: secret-challenge-ctf-party + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: secret-challenge-ctf-party + name: secret-challenge-ctf-party + spec: + securityContext: + runAsUser: 2000 + runAsGroup: 2000 + fsGroup: 2000 + containers: + - image: jeroenwillemsen/wrongsecrets:1.5.14-no-vault + name: secret-challenge-ctf-party + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 8080 + protocol: TCP + readinessProbe: + httpGet: + path: "/actuator/health/readiness" + port: 8080 + initialDelaySeconds: 30 + timeoutSeconds: 5 + periodSeconds: 5 + failureThreshold: 8 + livenessProbe: + httpGet: + path: "/actuator/health/liveness" + port: 8080 + initialDelaySeconds: 35 + timeoutSeconds: 30 + periodSeconds: 40 + failureThreshold: 5 + resources: + requests: + memory: "512Mi" + cpu: "200m" + ephemeral-storage: "1Gi" + limits: + memory: "512Mi" + cpu: "1000m" + ephemeral-storage: "2Gi" + volumeMounts: + - name: "ephemeral" + mountPath: "/tmp" + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + env: + - name: ctf_enabled + value: "true" + - name: hints_enabled + value: "false" + - name: ctf_key + value: TRwzkRJnHOTckssAeyJbysWgP!Qc2T + - name: vaultpassword + value: if_you_see_this_please_use_K8S_and_Vault + - name: default_aws_value_challenge_9 + value: if_you_see_this_please_use_AWS_Setup + - name: default_aws_value_challenge_10 + value: if_you_see_this_please_use + - name: default_aws_value_challenge_11 + value: if_you_see_this_please_use + - name: canarytokenURLs + value: "http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp" + - name: challenge_acht_ctf_host_value + value: "not set" + - name: K8S_ENV + value: Okteto(k8s) + - name: SPECIAL_K8S_SECRET + valueFrom: + configMapKeyRef: + name: secrets-file + key: funny.entry + - name: SPECIAL_SPECIAL_K8S_SECRET + valueFrom: + secretKeyRef: + name: funnystuff + key: funnier + volumes: + - name: "ephemeral" + emptyDir: {} + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + terminationGracePeriodSeconds: 30 diff --git a/okteto/k8s/secrets-service-ctf-party.yml b/okteto/k8s/secrets-service-ctf-party.yml new file mode 100644 index 000000000..dd07a4ca8 --- /dev/null +++ b/okteto/k8s/secrets-service-ctf-party.yml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: wrongsecrets-ctf-party +spec: + type: LoadBalancer + ports: + - name: http + port: 8080 + selector: + app: secret-challenge-ctf-party From e3b735d72c9647fab7f30753316e13cea84e0c97 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Thu, 9 Mar 2023 08:41:58 +0100 Subject: [PATCH 2/8] Renamed to CTF instead of CTF party --- js/package-lock.json | 3 +++ ...yment.yml => secret-challenge-ctf-deployment.yml} | 12 ++++++------ ...service-ctf-party.yml => secrets-service-ctf.yml} | 4 ++-- 3 files changed, 11 insertions(+), 8 deletions(-) rename okteto/k8s/{secret-challenge-ctf-party-deployment.yml => secret-challenge-ctf-deployment.yml} (93%) rename okteto/k8s/{secrets-service-ctf-party.yml => secrets-service-ctf.yml} (64%) diff --git a/js/package-lock.json b/js/package-lock.json index 60730c216..3dd6f7a90 100644 --- a/js/package-lock.json +++ b/js/package-lock.json @@ -8,6 +8,9 @@ "name": "wrongsecrets", "version": "1.3.1", "license": "MIT", + "dependencies": { + "minimatch": ">=7.3.0" + }, "devDependencies": { "javascript-obfuscator": "^4.0.2", "minimatch": ">=7.3.0" diff --git a/okteto/k8s/secret-challenge-ctf-party-deployment.yml b/okteto/k8s/secret-challenge-ctf-deployment.yml similarity index 93% rename from okteto/k8s/secret-challenge-ctf-party-deployment.yml rename to okteto/k8s/secret-challenge-ctf-deployment.yml index be5848c60..595bb5141 100644 --- a/okteto/k8s/secret-challenge-ctf-party-deployment.yml +++ b/okteto/k8s/secret-challenge-ctf-deployment.yml @@ -2,8 +2,8 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - app: secret-challenge-ctf-party - name: secret-challenge-ctf-party + app: secret-challenge-ctf + name: secret-challenge-ctf namespace: $OKTETO_NAMESPACE spec: progressDeadlineSeconds: 600 @@ -11,7 +11,7 @@ spec: revisionHistoryLimit: 10 selector: matchLabels: - app: secret-challenge-ctf-party + app: secret-challenge-ctf strategy: rollingUpdate: maxSurge: 25% @@ -20,8 +20,8 @@ spec: template: metadata: labels: - app: secret-challenge-ctf-party - name: secret-challenge-ctf-party + app: secret-challenge-ctf + name: secret-challenge-ctf spec: securityContext: runAsUser: 2000 @@ -29,7 +29,7 @@ spec: fsGroup: 2000 containers: - image: jeroenwillemsen/wrongsecrets:1.5.14-no-vault - name: secret-challenge-ctf-party + name: secret-challenge-ctf imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/okteto/k8s/secrets-service-ctf-party.yml b/okteto/k8s/secrets-service-ctf.yml similarity index 64% rename from okteto/k8s/secrets-service-ctf-party.yml rename to okteto/k8s/secrets-service-ctf.yml index dd07a4ca8..0cdb7529e 100644 --- a/okteto/k8s/secrets-service-ctf-party.yml +++ b/okteto/k8s/secrets-service-ctf.yml @@ -1,11 +1,11 @@ apiVersion: v1 kind: Service metadata: - name: wrongsecrets-ctf-party + name: wrongsecrets-ctf spec: type: LoadBalancer ports: - name: http port: 8080 selector: - app: secret-challenge-ctf-party + app: secret-challenge-ctf From a2e590bc85c69eab6acb89afada014b73bf694a4 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Thu, 9 Mar 2023 09:13:29 +0100 Subject: [PATCH 3/8] update url checks --- config/.lycheeignore | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/config/.lycheeignore b/config/.lycheeignore index 79196fd53..2e3c6a7ef 100644 --- a/config/.lycheeignore +++ b/config/.lycheeignore @@ -3,9 +3,16 @@ file://.* # This is used as an example when creating a pull request https://github.com/Your_Github_Handle.* -https://wrongsecrets-ctf.herokuapp.com/api/Challenges +# Heroku is not guaranteed to be up +https://wrongsecrets-ctf.herokuapp.com/ https://wrongsecrets.herokuapp.com +# Okteto is not guaranteed to be up https://wrongsecrets-commjoen.cloud.okteto.net/ +https://wrongsecrets-ctf-commjoen.cloud.okteto.net/ https://wrongsecrets.fly.dev/ https://betterprogramming.pub/stop-writing-bad-commit-messages-8df79517177d +# Twitter its API does not like us https://twitter.com/intent/tweet?* +# We noticed the site being down, while the github repo is very much alive +http://www.thymeleaf.org +https://www.thymeleaf.org From 14434df8686656b28b4d414ac6fe4c246090a2f8 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Thu, 9 Mar 2023 20:48:33 +0100 Subject: [PATCH 4/8] Adding missing ciphertext for okteto envs for challenge15 --- okteto/k8s/secret-challenge-ctf-deployment.yml | 4 +++- okteto/k8s/secret-challenge-deployment.yml | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/okteto/k8s/secret-challenge-ctf-deployment.yml b/okteto/k8s/secret-challenge-ctf-deployment.yml index 595bb5141..527800b3f 100644 --- a/okteto/k8s/secret-challenge-ctf-deployment.yml +++ b/okteto/k8s/secret-challenge-ctf-deployment.yml @@ -89,7 +89,9 @@ spec: - name: default_aws_value_challenge_11 value: if_you_see_this_please_use - name: canarytokenURLs - value: "http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp" + value: "https://canarytokens.org/history?token=cs07k832u9t1u4npowbvsw4mb&auth=7f75f2b2a4207c91fbc1ea59f7a495eb" + - name: challenge15ciphertext + value: "k9+HuPXEiFD6efujS5h1lOL1xgAC2OIgE2alg9JweUDy8k2SHUoG6I9FOhM1mgPKIUlyPWvROo+2T5p4qrAnuPYC/xAzVjGDUoN4eIXdXn+gwcYmL+Be8TodjXUt9U3g1/B9O2wyVZTT9Q839FaDHeBR4Og=" - name: challenge_acht_ctf_host_value value: "not set" - name: K8S_ENV diff --git a/okteto/k8s/secret-challenge-deployment.yml b/okteto/k8s/secret-challenge-deployment.yml index 43d25af1b..bf4ffb400 100644 --- a/okteto/k8s/secret-challenge-deployment.yml +++ b/okteto/k8s/secret-challenge-deployment.yml @@ -74,6 +74,10 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File env: + - name: canarytokenURLs + value: "https://canarytokens.org/history?token=n0cnd92mavmv1m61tjmyj9of5&auth=6519be82ef910868529091527c3edb3f" + - name: challenge15ciphertext + value: "k9+HuPXEiFD6efujS5h1lOL1xgAC2OIgE2alg9Jwe0qQlT+RGDJH/otpFgUzixTbCndwPW3HOqOCQYY844MgxM0N+RRbclS1bpJnYd7BT2aj8v4iA9xR8DwAjU0tt2n84PFKN4vNKjyNATETwPE1GQKBTIi1" - name: K8S_ENV value: Okteto(k8s) - name: SPECIAL_K8S_SECRET From 43d6429098e4d3acdf6938dfc159172c4dd99220 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Thu, 9 Mar 2023 23:33:36 +0100 Subject: [PATCH 5/8] Update docs for okteto challenge 15 --- HELP.md | 2 ++ SECURITY.md | 2 +- .../resources/explanations/challenge15.adoc | 22 +++++++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/HELP.md b/HELP.md index 48b7c0e18..327afd1e1 100644 --- a/HELP.md +++ b/HELP.md @@ -1,5 +1,7 @@ # Getting Started +Please consult the [readme](./README.md), [Contributing](./CONTRIBUTING.md), [Code of Conduct](./CODE_OF_CONDUCT.md), our [ctf instructions](./ctf-instructions.md) and our [Wiki](https://github.com/OWASP/wrongsecrets/wiki) when you are getting started. + ### Reference Documentation For further reference, please consider the following sections: diff --git a/SECURITY.md b/SECURITY.md index d35d2fa06..c6f79c4e6 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -14,4 +14,4 @@ The "support latest only" holds both for WrongSecrets and WrongSecrets-CTF-party Please use Slack to report a vulnerability in the [#project-wrongsecrets](https://owasp.slack.com/archives/C02KQ7D9XHR) channel. You can register for the OWASP Slack [here](https://owasp.org/slack/invite). Given this is a p0wnable app, we do not have any bug bounty or rewards for you ;-). -Given the project is ran by volunteers, we intend to respond within a week. +Given the project is run by volunteers, we intend to respond within a week. diff --git a/src/main/resources/explanations/challenge15.adoc b/src/main/resources/explanations/challenge15.adoc index 7965ab575..1590fc5b5 100644 --- a/src/main/resources/explanations/challenge15.adoc +++ b/src/main/resources/explanations/challenge15.adoc @@ -10,3 +10,25 @@ Alternatively you can just provide the secret access key with we are looking for Note-2: Did you know that these are working access keysfootnote:disclaimer[They are not "normal" AWS access keys: they are canary tokens! Though you can do `aws sts get-caller-identity` with them. When you use them, some of your data (IP/agent) is being logged.]?! Go to https://wrongsecrets.herokuapp.com/stats[stats] when you tried them to find out more! + +[default] +aws_access_key_id=AKIASP2TPHJS6R72AFU2 +aws_secret_access_key=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 +region=us-east-2 +output=json + +#https://canarytokens.org/manage?token=cs07k832u9t1u4npowbvsw4mb&auth=7f75f2b2a4207c91fbc1ea59f7a495eb + +aws_access_key_id=AKIASP2TPHJS6R72AFU2aws_secret_access_key=tpRLTDr0/PTZtUkS1rCUeWzQvknekDIpe4U3cxbv + +[default] +aws_access_key_id=AKIASP2TPHJS4XUU3EPJ +aws_secret_access_key=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 +region=us-east-2 +output=json + +#https://canarytokens.org/manage?token=n0cnd92mavmv1m61tjmyj9of5&auth=6519be82ef910868529091527c3edb3f + +aws_access_key_id=AKIASP2TPHJS4XUU3EPJaws_secret_access_key=CU0oKt4Gt1lHDtJjnRLfdBUZWadmYIHevq/TyUz/ + +https://wrongsecrets-commjoen.cloud.okteto.net/canaries/tokencallbackdebug From 061322b105502c498f2423196adcadc358a4ad36 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Thu, 9 Mar 2023 23:34:07 +0100 Subject: [PATCH 6/8] remove the oopsie for challenge15 --- .../resources/explanations/challenge15.adoc | 22 ------------------- 1 file changed, 22 deletions(-) diff --git a/src/main/resources/explanations/challenge15.adoc b/src/main/resources/explanations/challenge15.adoc index 1590fc5b5..7965ab575 100644 --- a/src/main/resources/explanations/challenge15.adoc +++ b/src/main/resources/explanations/challenge15.adoc @@ -10,25 +10,3 @@ Alternatively you can just provide the secret access key with we are looking for Note-2: Did you know that these are working access keysfootnote:disclaimer[They are not "normal" AWS access keys: they are canary tokens! Though you can do `aws sts get-caller-identity` with them. When you use them, some of your data (IP/agent) is being logged.]?! Go to https://wrongsecrets.herokuapp.com/stats[stats] when you tried them to find out more! - -[default] -aws_access_key_id=AKIASP2TPHJS6R72AFU2 -aws_secret_access_key=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 -region=us-east-2 -output=json - -#https://canarytokens.org/manage?token=cs07k832u9t1u4npowbvsw4mb&auth=7f75f2b2a4207c91fbc1ea59f7a495eb - -aws_access_key_id=AKIASP2TPHJS6R72AFU2aws_secret_access_key=tpRLTDr0/PTZtUkS1rCUeWzQvknekDIpe4U3cxbv - -[default] -aws_access_key_id=AKIASP2TPHJS4XUU3EPJ -aws_secret_access_key=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 -region=us-east-2 -output=json - -#https://canarytokens.org/manage?token=n0cnd92mavmv1m61tjmyj9of5&auth=6519be82ef910868529091527c3edb3f - -aws_access_key_id=AKIASP2TPHJS4XUU3EPJaws_secret_access_key=CU0oKt4Gt1lHDtJjnRLfdBUZWadmYIHevq/TyUz/ - -https://wrongsecrets-commjoen.cloud.okteto.net/canaries/tokencallbackdebug From 33dea39fc814447a15064938af378d845c234c4e Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Thu, 9 Mar 2023 23:41:25 +0100 Subject: [PATCH 7/8] Added the missing documentation for the okteto ctf setup --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 48b211cad..12d7167f8 100644 --- a/README.md +++ b/README.md @@ -309,7 +309,7 @@ The branch will contain a Docker container generation script using which you can We have 3 ways of playing CTFs: -- The quick "let's play"-approach based on our own Heroku domain [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com), which we documented for you here. +- The quick "let's play"-approach based on our own Heroku domain [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com) or our Okteto domain [https://wrongsecrets-ctf-commjoen.cloud.okteto.net/](https://wrongsecrets-ctf-commjoen.cloud.okteto.net/), which we documented for you here. - A more extended approach documented in [ctf-instructions.md](/ctf-instructions.md). - A fully customizable CTF setup where every player gets its own virtual instance of WrongSecrets and a virtual instance of the wrongsecrets-desktop, so they all can play hassle-free. For this you have to use [the WrongSecrets CTF Party setup](https://github.com/OWASP/wrongsecrets-ctf-party). @@ -318,20 +318,20 @@ We have 3 ways of playing CTFs: Want to use CTFD to play a CTF based on the free Heroku wrongsecrets-ctf instance together with CTFD? You can! NOTE: CTFD support now works based on the [Juiceshop CTF CLI](https://github.com/juice-shop/juice-shop-ctf). -NOTE-II: [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com) (temporary down based on lack of oss credits) is based on a free heroku instance, which takes time to warm up. -Initial creation of the zip file for CTFD requires you to visit [https://wrongsecrets-ctf.herokuapp.com/api/Challenges](https://wrongsecrets-ctf.herokuapp.com/api/Challenges) once before executing the steps below. +NOTE-II: [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com) (temporary down based on lack of oss credits) is based on Heroku and has limited capacity. Alternatively you can use our Okteto setup at [https://wrongsecrets-ctf-commjoen.cloud.okteto.net/](https://wrongsecrets-ctf-commjoen.cloud.okteto.net/), which uses a free tier and needs some time to warm up. However, the Okteto environment does have more resources & supports the kubernetes challenges, unlike our Heroku setup that only supports the Docker challenges. +Initial creation of the zip file for CTFD requires you to visit [https://wrongsecrets-ctf.herokuapp.com/api/Challenges](https://wrongsecrets-ctf.herokuapp.com/api/Challenges) or [https://wrongsecrets-ctf-commjoen.cloud.okteto.net/](https://wrongsecrets-ctf-commjoen.cloud.okteto.net/) once before executing the steps below. Follow the following steps: ```shell npm install -g juice-shop-ctf-cli@9.1.0 - juice-shop-ctf #choose ctfd and https://wrongsecrets-ctf.herokuapp.com as domain. No trailing slash! The key is 'TRwzkRJnHOTckssAeyJbysWgP!Qc2T', feel free to enable hints. We do not support snippets or links/urls to code or hints. + juice-shop-ctf #choose ctfd and https://wrongsecrets-ctf.herokuapp.com (or https://wrongsecrets-ctf-commjoen.cloud.okteto.net/) as domain. No trailing slash! The key is 'TRwzkRJnHOTckssAeyJbysWgP!Qc2T', feel free to enable hints. We do not support snippets or links/urls to code or hints. docker run -p 8001:8000 -it ctfd/ctfd:3.4.3 ``` Now visit the CTFD instance at [http://localhost:8001](http://localhost:8001) and setup your CTF. Then use the administrative backup function to import the zipfile you created with the juice-shop-ctf command. -Game on using [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com)! +Game on using [https://wrongsecrets-ctf.herokuapp.com](https://wrongsecrets-ctf.herokuapp.com) or [https://wrongsecrets-ctf-commjoen.cloud.okteto.net/](https://wrongsecrets-ctf-commjoen.cloud.okteto.net/)! Want to setup your own? You can! Watch out for people finding your key though, so secure it properly: make sure the running container with the actual ctf-key is not exposed to the audience, similar to our heroku container. ## FBCTF Support (Experimental!) From 1f74078bf73955c6022ffc9a5a33f4b4a4a13ad2 Mon Sep 17 00:00:00 2001 From: Ben de Haan <53901866+bendehaan@users.noreply.github.com> Date: Fri, 10 Mar 2023 09:07:36 +0100 Subject: [PATCH 8/8] fix: remove thymeleaf from ignore as site is up --- config/.lycheeignore | 3 --- 1 file changed, 3 deletions(-) diff --git a/config/.lycheeignore b/config/.lycheeignore index 2e3c6a7ef..ffeb0c95b 100644 --- a/config/.lycheeignore +++ b/config/.lycheeignore @@ -13,6 +13,3 @@ https://wrongsecrets.fly.dev/ https://betterprogramming.pub/stop-writing-bad-commit-messages-8df79517177d # Twitter its API does not like us https://twitter.com/intent/tweet?* -# We noticed the site being down, while the github repo is very much alive -http://www.thymeleaf.org -https://www.thymeleaf.org