Merge pull request #951 from OWASP/hotfix-challenge-17

Fixes for Challenge17 generation

.github/scripts/docker-create.sh

@@ -281,7 +281,8 @@ generate_test_data() {
     openssl rand -base64 32 | tr -d '\n' > thirdkey.txt
     answer=$(<thirdkey.txt)
     answerRegexSafe="$(printf '%s' "$answer" | $findAndReplace -e 's/[]\/$*.^|[]/\\&/g' | $findAndReplace ':a;N;$!ba;s,\n,\\n,g')"
-    $findAndReplace -i "s/Placeholder Password, find the real one in the history of the container/$answerRegexSafe/g" ../../src/main/resources/.bash_history
+    cp ../../src/main/resources/.bash_history .
+    $findAndReplace -i "s/Placeholder Password, find the real one in the history of the container/$answerRegexSafe/g" .bash_history
 }
 
 build_update_pom() {
@@ -343,6 +344,7 @@ restore_temp_change() {
     git restore ../../js/index.js
     git restore ../../pom.xml
     git restore ../../src/main/resources/.bash_history
+    rm .bash_history
 }
 
 commit_and_tag() {

Dockerfile

@@ -19,7 +19,7 @@ RUN useradd -u 2000 -m wrongsecrets
 
 COPY --chown=wrongsecrets target/wrongsecrets-${argBasedVersion}-SNAPSHOT.jar /application.jar
 COPY --chown=wrongsecrets .github/scripts/ /var/tmp/helpers
-COPY --chown=wrongsecrets src/main/resources/.bash_history /home/wrongsecrets/
+COPY --chown=wrongsecrets .github/scripts/.bash_history /home/wrongsecrets/
 COPY --chown=wrongsecrets src/main/resources/executables/ /home/wrongsecrets/
 COPY --chown=wrongsecrets src/test/resources/alibabacreds.kdbx /var/tmp/helpers
 COPY --chown=wrongsecrets src/test/resources/RSAprivatekey.pem /var/tmp/helpers/

README.md

@@ -284,6 +284,7 @@ Testers:
 -   [Dave van Stein @davevs](https://github.com/davevs)
 -   [Marcin Nowak @MarcinNowak-codes](https://github.com/MarcinNowak-codes)
 -   [Marc Chang Sing Pang @mchangsp](https://github.com/mchangsp)
+-   [Vineeth Jagadeesh @djvinnie](https://github.com/djvinnie)
 
 Special mentions for helping out:
 

src/main/resources/.bash_history

@@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb
 git rebase -i main
 git rebase -i master
 git stash
-export tempPassword="Dn3BtvzV7+j2IyRUsEsuVciTPStgxn3GRQsqsnqIXiE="
+export tempPassword="Placeholder Password, find the real one in the history of the container"
 mvn run tempPassword
 k6
 npx k6

src/main/resources/explanations/challenge17_hint.adoc

@@ -3,8 +3,8 @@ As the challenge states you need to look for Bash commands that have been execut
 You can solve this challenge using the following steps:
 
 1. Use `bash` within the container to access the history and find the secret:
-- Access the bash shell of the container, this can be done with `docker exec -it jeroenwillemsen/wrongsecrets: bash` (Replace  with the version of the container you want to use).
+- Access the bash shell of the container, this can be done with `docker exec -it jeroenwillemsen/wrongsecrets:<version> bash` (Replace `<version> with the version of the container you want to use).
 - Type `history` to list the commands that have been used within the container
 2. Print contents of any .bash_history file within a running container:
-- Start the container with `docker run -it --entrypoint bash jeroenwillemsen/wrongsecrets:`
+- Start the container with `docker run -it --entrypoint bash jeroenwillemsen/wrongsecrets:<version>` (Replace `<version> with the version of the container you want to use)
 - cat the contents of the file: `cat ~/.bash_history`. Once you have this file you can use grep or any other search tool to narrow down the answer.

src/main/resources/templates/welcome.html

@@ -137,6 +137,7 @@
                                     <a href="https://github.com/MarcinNowak-codes">Marcin Nowak @MarcinNowak-codes</a>
                                 </li>
                                 <li><a href="https://github.com/mchangsp">Marc Chang Sing Pang @mchangsp</a></li>
+                                <li><a href="https://github.com/djvinnie">Vineeth Jagadeesh @djvinnie</a></li>
                             </ul>
                             Special mentions for helping out:
                             <ul>