Merge pull request #1786 from OWASP/release-1.10.0

release 1.10.0
OWASP · Dec 11, 2024 · fbc1568 · fbc1568
2 parents 62026b4 + 872bf40
commit fbc1568
Show file tree

Hide file tree

Showing 19 changed files with 172 additions and 173 deletions.
diff --git a/.github/scripts/.bash_history b/.github/scripts/.bash_history
@@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb
 git rebase -i main
 git rebase -i master
 git stash
-export tempPassword="uzsmJV29aLxsikOElqENg9O2dUkuY6Q4zg6ysYaO4HE="
+export tempPassword="QA4+PZIWSubBOhJEf+leCo+S4vlCY9/W8Nl+bxilvkE="
 mvn run tempPassword
 k6
 npx k6

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -9,11 +9,11 @@ ci:
   submodules: false
 repos:
   - repo: https://github.com/renovatebot/pre-commit-hooks
-    rev: 39.17.1
+    rev: 39.60.0
     hooks:
       - id: renovate-config-validator
   - repo: https://github.com/eslint/eslint
-    rev: v9.15.0
+    rev: v9.16.0
     hooks:
       - id: eslint
         args:
@@ -46,7 +46,7 @@ repos:
           - "--args=--only=terraform_workspace_remote"
       - id: terraform_docs
   - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
-    rev: v9.18.0
+    rev: v9.19.0
     hooks:
       - id: commitlint
         stages: [commit-msg]

diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 FROM eclipse-temurin:23.0.1_11-jre-alpine
 
 ARG argBasedPassword="default"
-ARG argBasedVersion="1.8.5"
+ARG argBasedVersion="1.10.0"
 ARG spring_profile=""
 ENV SPRING_PROFILES_ACTIVE=$spring_profile
 ENV ARG_BASED_PASSWORD=$argBasedPassword
@@ -17,7 +17,6 @@ RUN echo "$argBasedPassword"
 
 RUN apk add --no-cache libstdc++ icu-libs
 
-#RUN useradd -u 2000 -m wrongsecrets
 RUN adduser -u 2000 -D wrongsecrets
 USER wrongsecrets
 

diff --git a/Dockerfile.web b/Dockerfile.web
@@ -1,5 +1,5 @@
-FROM jeroenwillemsen/wrongsecrets:1.9.2-no-vault
-ARG argBasedVersion="1.9.2-no-vault"
+FROM jeroenwillemsen/wrongsecrets:1.10.0-no-vault
+ARG argBasedVersion="1.10.0-no-vault"
 ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
 ARG CTF_ENABLED=false
 ARG HINTS_ENABLED=true

diff --git a/aws/k8s/secret-challenge-vault-deployment.yml b/aws/k8s/secret-challenge-vault-deployment.yml
@@ -58,7 +58,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-aws-secretsmanager"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.9.2-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.10.0-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           command: [ "/bin/sh" ]

diff --git a/azure/k8s/secret-challenge-vault-deployment.yml.tpl b/azure/k8s/secret-challenge-vault-deployment.yml.tpl
@@ -61,7 +61,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "azure-wrongsecrets-vault"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.9.2-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.10.0-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           command: ["/bin/sh"]

diff --git a/fly.toml b/fly.toml
@@ -8,7 +8,7 @@ app = "wrongsecrets"
 primary_region = "ams"
 
 [build]
-  image = "docker.io/jeroenwillemsen/wrongsecrets:1.9.2-no-vault"
+  image = "docker.io/jeroenwillemsen/wrongsecrets:1.10.0-no-vault"
 
 [env]
   K8S_ENV = "Fly(Docker)"

diff --git a/gcp/k8s/secret-challenge-vault-deployment.yml.tpl b/gcp/k8s/secret-challenge-vault-deployment.yml.tpl
@@ -58,7 +58,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-gcp-secretsmanager"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.9.2-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.10.0-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           command: ["/bin/sh"]

diff --git a/js/index.js b/js/index.js
@@ -1,5 +1,5 @@
 
  function secret() {
- var password = "MgvPITU=" + 9 + "+EVD" + 6 + "1wg=" + 2 + "GaRN" + 7;
+ var password = "an3UzRg=" + 9 + "vrR9" + 6 + "KSs=" + 2 + "ARBN" + 7;
  return password;
  }
diff --git a/k8s/secret-challenge-deployment.yml b/k8s/secret-challenge-deployment.yml
@@ -28,7 +28,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.9.2-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.10.0-no-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           ports:

diff --git a/k8s/secret-challenge-vault-deployment.yml b/k8s/secret-challenge-vault-deployment.yml
@@ -50,7 +50,7 @@ spec:
           type: RuntimeDefault
       serviceAccountName: vault
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.9.2-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.10.0-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           command: ["/bin/sh"]

diff --git a/okteto/k8s/secret-challenge-ctf-deployment.yml b/okteto/k8s/secret-challenge-ctf-deployment.yml
@@ -28,7 +28,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.9.2-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.10.0-no-vault
           name: secret-challenge-ctf
           imagePullPolicy: IfNotPresent
           securityContext:

diff --git a/okteto/k8s/secret-challenge-deployment.yml b/okteto/k8s/secret-challenge-deployment.yml
@@ -28,7 +28,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.9.2-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.10.0-no-vault
           name: secret-challenge
           imagePullPolicy: IfNotPresent
           securityContext:

diff --git a/pom.xml b/pom.xml
@@ -11,7 +11,7 @@
 
   <groupId>org.owasp</groupId>
   <artifactId>wrongsecrets</artifactId>
-  <version>1.9.2-SNAPSHOT</version>
+  <version>1.10.0-SNAPSHOT</version>
 
   <name>OWASP WrongSecrets</name>
   <description>Examples with how to not use secrets</description>

diff --git a/scripts/apply-and-portforward.sh b/scripts/apply-and-portforward.sh
@@ -1,3 +1,4 @@
+#!/usr/bin/env bash
 kubectl apply -f./k8s/secret-challenge-vault-deployment.yml
 while [[ $(kubectl get pods -l app=secret-challenge -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') != "True" ]]; do echo "waiting for secret-challenge" && sleep 2; done
 #kubectl expose deployment secret-challenge --type=LoadBalancer --port=8080

diff --git a/scripts/check-available-commands.sh b/scripts/check-available-commands.sh
@@ -1,3 +1,4 @@
+#!/usr/bin/env bash
 function checkCommandsAvailable() {
   for var in "$@"
   do

diff --git a/scripts/install-consul.sh b/scripts/install-consul.sh
@@ -1,3 +1,4 @@
+#!/usr/bin/env bash
 helm list | grep 'consul' &>/dev/null
 if [ $? == 0 ]; then
   echo "Consul is already installed"

diff --git a/scripts/install-vault.sh b/scripts/install-vault.sh
@@ -1,3 +1,4 @@
+#!/usr/bin/env bash
 helm list | grep 'vault' &>/dev/null
 if [ $? == 0 ]; then
   echo "Vault is already installed"