Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce separate configuration for challenges #1083

Merged
merged 28 commits into from
Dec 6, 2023
Merged
Show file tree
Hide file tree
Changes from 14 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
04ee7c2
refactor: configure a challenge in a configuration file.
Oct 27, 2023
d800df5
[pre-commit.ci lite] apply automatic fixes
pre-commit-ci-lite[bot] Nov 17, 2023
47dcdc0
refactor: remove license information
Nov 17, 2023
b643eb4
documentation: remove `isLimittedWhenOnlineHosted`
Nov 17, 2023
40d9943
[pre-commit.ci lite] apply automatic fixes
pre-commit-ci-lite[bot] Nov 17, 2023
8105ff3
chore: fix Checkstyle errors
Nov 17, 2023
64515af
[pre-commit.ci lite] apply automatic fixes
pre-commit-ci-lite[bot] Nov 17, 2023
2f06e55
chore: fix ESLint error
Nov 17, 2023
3ca0af1
chore: fix ESLint error
Nov 17, 2023
e52162a
[pre-commit.ci lite] apply automatic fixes
pre-commit-ci-lite[bot] Nov 17, 2023
cc52594
chore: fix challenge name matching
Nov 17, 2023
7fb373a
[pre-commit.ci lite] apply automatic fixes
pre-commit-ci-lite[bot] Nov 17, 2023
5c389d3
chore: remove matching
Nov 17, 2023
a955af0
chore: remove separate Cypress step
Nov 17, 2023
2b38acf
chore: fix failing test
Nov 17, 2023
66d8ebc
chore: fix deprecation warning link-checker
Nov 17, 2023
093b625
Update POM file with new version: 1.8.0RC1
commjoen Nov 20, 2023
418e6ce
chore: use `shortName` instead of `url`
Nov 20, 2023
47ec917
chore: fix navigation.
Nov 20, 2023
1ac6940
chore: fix spoiler link on welcome page.
Nov 21, 2023
8a2680d
chore: load contents on demand.
Nov 21, 2023
bb8c787
feature: add Gatling performance test.
Nov 21, 2023
edf1b7b
[pre-commit.ci lite] apply automatic fixes
pre-commit-ci-lite[bot] Nov 21, 2023
9440d29
Update POM file with new version: 1.8.0RC2
commjoen Nov 21, 2023
7051dc7
feature: fix startup message when env is not set.
Dec 4, 2023
6105ad2
chore: fix SpotBugs errors
Dec 4, 2023
e0e2489
Merge branch 'master' into nbaars/config-challenges
commjoen Dec 5, 2023
9fb2fa7
[pre-commit.ci lite] apply automatic fixes
pre-commit-ci-lite[bot] Dec 5, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/scripts/.bash_history
Original file line number Diff line number Diff line change
Expand Up @@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb
git rebase -i main
git rebase -i master
git stash
export tempPassword="4QMUMCz8BUpSizlIfnb0XPpCDGir1NyfIxkrkN3Emdc="
export tempPassword="Placeholder Password, find the real one in the history of the container"
commjoen marked this conversation as resolved.
Show resolved Hide resolved
mvn run tempPassword
k6
npx k6
Expand Down
9 changes: 0 additions & 9 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,15 +48,6 @@ jobs:
with:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this whole ui-test section need removing?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it is now part of the normal tests. You can run it as a normal unit-test with different Spring Boot configurations per Cypress test if necessary

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tests are still there they are now part of the normal tests

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh yeah sorry, I was saying that so far you have just deleted a step in the ui-test section. I think the whole "ui-test:" object needs removing

java-version: "21"
distribution: "corretto"
- name: Test with Cypress
run: |
./mvnw verify -Dexec.id=xcypress-test -DskipTests -Ddependency-check.skip
- name: Uploading screenshots
uses: actions/upload-artifact@v3
if: failure()
with:
name: screenshots
path: cypress/screenshots
lint:
name: lint javacode
runs-on: ubuntu-latest
Expand Down
24 changes: 12 additions & 12 deletions .github/workflows/minikube-k8s-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,29 +44,29 @@ jobs:
echo "Do minikube delete to stop minikube from running and cleanup to start fresh again"
echo "wait 20 seconds so we can check if vault-k8s-container works"
sleep 20
if curl http://localhost:8080/spoil-5 -s | grep -q spoiler-answer
if curl http://localhost:8080/spoil/challenge-5 -s | grep -q spoiler-answer
commjoen marked this conversation as resolved.
Show resolved Hide resolved
then
echo "spoil-5 works"
echo "spoil-challenge-5 works"
else
echo "error in spoil-5"
echo "error in spoil-challenge-5"
fi
if curl http://localhost:8080/spoil-6 -s | grep -q spoiler-answer
if curl http://localhost:8080/spoil/challenge-6 -s | grep -q spoiler-answer
then
echo "spoil-6 works"
echo "spoil-challenge-6 works"
else
echo "error in spoil-6"
echo "error in spoil-challenge-6"
fi
if curl http://localhost:8080/spoil-7 -s | grep -q spoiler-answer
if curl http://localhost:8080/spoil/challenge-7 -s | grep -q spoiler-answer
then
echo "spoil-7 works"
echo "spoil-challenge-7 works"
else
echo "error in spoil-7"
echo "error in spoil-challenge-7"
fi
if curl http://localhost:8080/spoil-33 -s | grep -q spoiler-answer
if curl http://localhost:8080/spoil/challenge-33 -s | grep -q spoiler-answer
then
echo "spoil-33 works"
echo "spoil-challenge-33 works"
else
echo "error in spoil-33"
echo "error in spoil-challenge-33"
fi
echo "logs from pod to make sure:"
cat pod.log
2 changes: 1 addition & 1 deletion .github/workflows/minikube-vault-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,4 @@ jobs:
id: install
- name: test script
run: |
./k8s-vault-minkube-start.sh && sleep 5 && curl http://localhost:8080/spoil-7 && minikube delete
./k8s-vault-minkube-start.sh && sleep 5 && curl http://localhost:8080/spoil/challenge-7 && minikube delete
5 changes: 3 additions & 2 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,9 @@ node_modules
.npm

# Cypress
cypress/videos
cypress/screenshots
src/test/e2e/cypress/videos
src/test/e2e/cypress/screenshots
src/test/e2e/cypress/reports
cypress/downloads
py_env
tmp/
Expand Down
79 changes: 32 additions & 47 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,6 @@ First make sure that you have an [Issue](https://github.com/OWASP/wrongsecrets/i
Add the **new challenge** in this folder `wrongsecrets/src/main/java/org/owasp/wrongsecrets/challenges/`.
These are the things that you have to keep in mind.
- First and foremost make sure your challenge is coded in **Java**.
- Don't forget to add your challenge number in `@Order(28)` annotation, **_28_** in my case.
- Here is an example of a possible Challenge 28:

```java
Expand All @@ -287,62 +286,25 @@ These are the things that you have to keep in mind.
*/
@Slf4j
@Component
@Order(28) //make sure this number is the same as your challenge
public class Challenge28 extends Challenge {
public class Challenge28 implements Challenge {
private final String secret;
public Challenge28(ScoreCard scoreCard) {
super(scoreCard);
secret = "hello world";
}
//is this challenge usable in CTF mode?
@Override
public boolean canRunInCTFMode() {
return true;
public Challenge28() {
secret = "hello world";
}

//return the plain text secret here
@Override
public Spoiler spoiler() {
return new Spoiler(secret);
return new Spoiler(secret);
}
//here you validate if your answer matches the secret
@Override
public boolean answerCorrect(String answer) {
return secret.equals(answer);
}
//which runtime can you use to run the challenge on? (You can just use Docker here)
/**
* {@inheritDoc}
*/
@Override
public List<RuntimeEnvironment.Environment> supportedRuntimeEnvironments() {
return List.of(RuntimeEnvironment.Environment.DOCKER);
}
//set the difficulty: 1=low, 5=very hard
/**
* {@inheritDoc}
* Difficulty: 1.
*/
@Override
public int difficulty() {
return 1;
return secret.equals(answer);
}
//on which tech is this challenge? See ChallengeTechnology.Tech for categories
/**
* {@inheritDoc}
* Secrets based.
*/
@Override
public String getTech() {
return ChallengeTechnology.Tech.SECRETS.id;
}
//if you use this in a shared environment and need to adapt it, then return true here.
@Override
public boolean isLimittedWhenOnlineHosted() {
return false;

}
}
}
```

### Step 3: Adding Test File.

Add the **new TestFile** in this folder `wrongsecrets/src/test/java/org/owasp/wrongsecrets/challenges/`. TestFile is required to do **unit testing.**
Expand Down Expand Up @@ -410,5 +372,28 @@ Use this block as refrence for hints:
This challenge is only meant for helping new contributors to add new challenges. Please, have fun with trying more difficult challenges;-).
```

### Step 5: Submitting your PR.

### Step 5: Add challenge configuration.

In this step we configure the challenge to make it known to the application.
Open `src/main/resources/wrong_secrets_configuration.yaml` and add the following configuration:

```yaml
- name: Challenge 28
url: "challenge-28"
commjoen marked this conversation as resolved.
Show resolved Hide resolved
# For each environment you can add a different implementation and documentation
sources:
# Fully qualified name of the class
- class-name: "org.owasp.wrongsecrets.challenges.docker.Challenge28"
explanation: "explanations/challenge28.adoc"
hint: "explanations/challenge28_hint.adoc"
reason: "explanations/challenge28_reason.adoc"
environments: *docker_envs
difficulty: *easy
category: *secrets
ctf:
enabled: true
```

### Step 6: Submitting your PR.
After completing all the above steps, final step is to submit the PR and refer [**Contributing.md**](https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md#how-to-get-your-pr-accepted) on how to get your PR accepted.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
FROM amazoncorretto:21.0.1-alpine

ARG argBasedPassword="default"
ARG argBasedVersion="0.0.0"
ARG argBasedVersion="1.7.2"
ARG spring_profile=""
ENV SPRING_PROFILES_ACTIVE=$spring_profile
ENV ARG_BASED_PASSWORD=$argBasedPassword
Expand Down
84 changes: 42 additions & 42 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,40 +87,40 @@ docker run -p 8080:8080 jeroenwillemsen/wrongsecrets:latest-no-vault

Now you can try to find the secrets by means of solving the challenge offered at:

- [localhost:8080/challenge/1](http://localhost:8080/challenge/1)
- [localhost:8080/challenge/2](http://localhost:8080/challenge/2)
- [localhost:8080/challenge/3](http://localhost:8080/challenge/3)
- [localhost:8080/challenge/4](http://localhost:8080/challenge/4)
- [localhost:8080/challenge/8](http://localhost:8080/challenge/8)
- [localhost:8080/challenge/12](http://localhost:8080/challenge/12)
- [localhost:8080/challenge/13](http://localhost:8080/challenge/13)
- [localhost:8080/challenge/14](http://localhost:8080/challenge/14)
- [localhost:8080/challenge/15](http://localhost:8080/challenge/15)
- [localhost:8080/challenge/16](http://localhost:8080/challenge/16)
- [localhost:8080/challenge/17](http://localhost:8080/challenge/17)
- [localhost:8080/challenge/18](http://localhost:8080/challenge/18)
- [localhost:8080/challenge/19](http://localhost:8080/challenge/19)
- [localhost:8080/challenge/20](http://localhost:8080/challenge/20)
- [localhost:8080/challenge/21](http://localhost:8080/challenge/21)
- [localhost:8080/challenge/22](http://localhost:8080/challenge/22)
- [localhost:8080/challenge/23](http://localhost:8080/challenge/23)
- [localhost:8080/challenge/24](http://localhost:8080/challenge/24)
- [localhost:8080/challenge/25](http://localhost:8080/challenge/25)
- [localhost:8080/challenge/26](http://localhost:8080/challenge/26)
- [localhost:8080/challenge/27](http://localhost:8080/challenge/27)
- [localhost:8080/challenge/28](http://localhost:8080/challenge/28)
- [localhost:8080/challenge/29](http://localhost:8080/challenge/29)
- [localhost:8080/challenge/30](http://localhost:8080/challenge/30)
- [localhost:8080/challenge/31](http://localhost:8080/challenge/31)
- [localhost:8080/challenge/32](http://localhost:8080/challenge/32)
- [localhost:8080/challenge/34](http://localhost:8080/challenge/34)
- [localhost:8080/challenge/35](http://localhost:8080/challenge/35)
- [localhost:8080/challenge/36](http://localhost:8080/challenge/36)
- [localhost:8080/challenge/37](http://localhost:8080/challenge/37)
- [localhost:8080/challenge/38](http://localhost:8080/challenge/38)
- [localhost:8080/challenge/39](http://localhost:8080/challenge/39)
- [localhost:8080/challenge/40](http://localhost:8080/challenge/40)
- [localhost:8080/challenge/41](http://localhost:8080/challenge/41)
- [localhost:8080/challenge/challenge-1](http://localhost:8080/challenge/challenge-1)
- [localhost:8080/challenge/challenge-2](http://localhost:8080/challenge/challenge-2)
- [localhost:8080/challenge/challenge-3](http://localhost:8080/challenge/challenge-3)
- [localhost:8080/challenge/challenge-4](http://localhost:8080/challenge/challenge-4)
- [localhost:8080/challenge/challenge-8](http://localhost:8080/challenge/challenge-8)
- [localhost:8080/challenge/challenge-12](http://localhost:8080/challenge/challenge-12)
- [localhost:8080/challenge/challenge-13](http://localhost:8080/challenge/challenge-13)
- [localhost:8080/challenge/challenge-14](http://localhost:8080/challenge/challenge-14)
- [localhost:8080/challenge/challenge-15](http://localhost:8080/challenge/challenge-15)
- [localhost:8080/challenge/challenge-16](http://localhost:8080/challenge/challenge-16)
- [localhost:8080/challenge/challenge-17](http://localhost:8080/challenge/challenge-17)
- [localhost:8080/challenge/challenge-18](http://localhost:8080/challenge/challenge-18)
- [localhost:8080/challenge/challenge-19](http://localhost:8080/challenge/challenge-19)
- [localhost:8080/challenge/challenge-20](http://localhost:8080/challenge/challenge-20)
- [localhost:8080/challenge/challenge-21](http://localhost:8080/challenge/challenge-21)
- [localhost:8080/challenge/challenge-22](http://localhost:8080/challenge/challenge-22)
- [localhost:8080/challenge/challenge-23](http://localhost:8080/challenge/challenge-23)
- [localhost:8080/challenge/challenge-24](http://localhost:8080/challenge/challenge-24)
- [localhost:8080/challenge/challenge-25](http://localhost:8080/challenge/challenge-25)
- [localhost:8080/challenge/challenge-26](http://localhost:8080/challenge/challenge-26)
- [localhost:8080/challenge/challenge-27](http://localhost:8080/challenge/challenge-27)
- [localhost:8080/challenge/challenge-28](http://localhost:8080/challenge/challenge-28)
- [localhost:8080/challenge/challenge-29](http://localhost:8080/challenge/challenge-29)
- [localhost:8080/challenge/challenge-30](http://localhost:8080/challenge/challenge-30)
- [localhost:8080/challenge/challenge-31](http://localhost:8080/challenge/challenge-31)
- [localhost:8080/challenge/challenge-32](http://localhost:8080/challenge/challenge-32)
- [localhost:8080/challenge/challenge-34](http://localhost:8080/challenge/challenge-34)
- [localhost:8080/challenge/challenge-35](http://localhost:8080/challenge/challenge-35)
- [localhost:8080/challenge/challenge-36](http://localhost:8080/challenge/challenge-36)
- [localhost:8080/challenge/challenge-37](http://localhost:8080/challenge/challenge-37)
- [localhost:8080/challenge/challenge-38](http://localhost:8080/challenge/challenge-38)
- [localhost:8080/challenge/challenge-39](http://localhost:8080/challenge/challenge-39)
- [localhost:8080/challenge/challenge-40](http://localhost:8080/challenge/challenge-40)
- [localhost:8080/challenge/challenge-41](http://localhost:8080/challenge/challenge-41)

Note that these challenges are still very basic, and so are their explanations. Feel free to file a PR to make them look
better ;-).
Expand Down Expand Up @@ -169,9 +169,9 @@ The K8S setup currently is based on using Minikube for local fun:

now you can use the provided IP address and port to further play with the K8s variant (instead of localhost).

- [localhost:8080/challenge/5](http://localhost:8080/challenge/5)
- [localhost:8080/challenge/6](http://localhost:8080/challenge/6)
- [localhost:8080/challenge/33](http://localhost:8080/challenge/33)
- [localhost:8080/challenge/challenge-5](http://localhost:8080/challenge/challenge-5)
- [localhost:8080/challenge/challenge-6](http://localhost:8080/challenge/challenge-6)
- [localhost:8080/challenge/challenge-33](http://localhost:8080/challenge/challenge-33)

### k8s based

Expand All @@ -190,9 +190,9 @@ Want to run vanilla on your own k8s? Use the commands below:

now you can use the provided IP address and port to further play with the K8s variant (instead of localhost).

- [localhost:8080/challenge/5](http://localhost:8080/challenge/5)
- [localhost:8080/challenge/6](http://localhost:8080/challenge/6)
- [localhost:8080/challenge/33](http://localhost:8080/challenge/33)
- [localhost:8080/challenge/challenge-5](http://localhost:8080/challenge/challenge-5)
- [localhost:8080/challenge/challenge-6](http://localhost:8080/challenge/challenge-6)
- [localhost:8080/challenge/challenge-33](http://localhost:8080/challenge/challenge-33)

### Okteto based

Expand Down Expand Up @@ -258,7 +258,7 @@ Therefore, you can manipulate them by overriding the following settings in your

- `hints_enabled=false` will turn off the `Show hints` button.
- `reason_enabled=false` will turn of the `What's wrong?` explanation button.
- `spoiling_enabled=false` will turn off the `/spoil-x` endpoint (where `x` is the number of the challenge).
- `spoiling_enabled=false` will turn off the `/spoil/challenge-x` endpoint (where `x` is the short-name of the challenge).
commjoen marked this conversation as resolved.
Show resolved Hide resolved

## Enabling Swaggerdocs and UI

Expand Down Expand Up @@ -474,7 +474,7 @@ Follow the steps below on adding a challenge:
1. First make sure that you have an [Issue](https://github.com/OWASP/wrongsecrets/issues) reported for which a challenge is really wanted.
2. Add the new challenge in the `org.owasp.wrongsecrets.challenges` folder. Make sure you add an explanation in `src/main/resources/explanations` and refer to it from your new Challenge class.
3. Add unit, integration and UI tests as appropriate to show that your challenge is working.
4. Don't forget to add `@Order` annotation to your challenge ;-).
4. Do not forget to configure the challenge in `src/main/resources/wrong-secrets-configuration.yaml`
5. Review the [CONTRIBUTING guide](CONTRIBUTING.md) for setting up your contributing environment and writing good commit messages.

For more details please refer [_Contributing.md_](https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md#how-to-add-a-challenge).
Expand Down
2 changes: 1 addition & 1 deletion k8s-vault-minkube-start.sh
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,6 @@ kubectl port-forward \
echo "Do minikube delete to stop minikube from running and cleanup to start fresh again"
echo "wait 20 seconds so we can check if vault-k8s-container works"
sleep 20
curl http://localhost:8080/spoil-7
curl http://localhost:8080/spoil/challenge-7
echo "logs from pod to make sure:"
cat pod.log
Loading
Loading