Prepare release 0.1.0

OWASP · Oct 27, 2021 · 4d36cbf · 4d36cbf
1 parent dff5b6f
commit 4d36cbf
Show file tree

Hide file tree

Showing 8 changed files with 7 additions and 22 deletions.
diff --git a/.github/scripts/docker-create-and-push.sh b/.github/scripts/docker-create-and-push.sh
@@ -18,5 +18,3 @@ docker build --build-arg "$3" --build-arg "spring_profile=local-vault" -t jeroen
 docker push jeroenwillemsen/addo-example:$1-local-vault
 docker build --build-arg "$3" --build-arg "spring_profile=kubernetes-vault" -t jeroenwillemsen/addo-example:$1-k8s-vault ./../../.
 docker push jeroenwillemsen/addo-example:$1-k8s-vault
-docker build --build-arg "$3" --build-arg "spring_profile=kubernetes-vault-ssm" -t jeroenwillemsen/addo-example:$1-kubernetes-vault-ssm ./../../.
-docker push jeroenwillemsen/addo-example:$1-kubernetes-vault-ssm
diff --git a/README.md b/README.md
@@ -18,7 +18,7 @@ For the basic docker exercises you currently require:
 You can install it by doing:
 
 ```bash
-docker run -p 8080:8080 jeroenwillemsen/addo-example:0.0.3-no-vault
+docker run -p 8080:8080 jeroenwillemsen/addo-example:0.1.0-no-vault
 ```
 
 Now you can try to find the secrets by means of solving the challenge offered at:

diff --git a/aws/k8s/secret-challenge-vault-deployment.yml b/aws/k8s/secret-challenge-vault-deployment.yml
@@ -33,7 +33,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-aws-secretsmanager"
       containers:
-        - image: jeroenwillemsen/addo-example:AWS-test14-kubernetes-vault-ssm
+        - image: jeroenwillemsen/addo-example:0.1.0-k8s-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080

diff --git a/k8s/secret-challenge-deployment.yml b/k8s/secret-challenge-deployment.yml
@@ -25,7 +25,7 @@ spec:
       name: secret-challenge
     spec:
       containers:
-        - image: jeroenwillemsen/addo-example:0.0.3-no-vault
+        - image: jeroenwillemsen/addo-example:0.1.0-no-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080

diff --git a/k8s/secret-challenge-vault-deployment.yml b/k8s/secret-challenge-vault-deployment.yml
@@ -26,7 +26,7 @@ spec:
     spec:
       serviceAccountName: vault
       containers:
-        - image: jeroenwillemsen/addo-example:0.0.3-k8s-vault
+        - image: jeroenwillemsen/addo-example:0.1.0-k8s-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080

diff --git a/src/main/java/com/example/secrettextprinter/SecretLeakageController.java b/src/main/java/com/example/secrettextprinter/SecretLeakageController.java
@@ -233,7 +233,7 @@ private String getAWSChallenge9and10Value(String fileName) {
         try {
             Path filePath = Paths.get(this.filePath, fileName);
             return Files.readString(filePath);
-        } catch (IOException e) {
+        } catch (Exception e) {
             log.error("Exception during file reading, defaulting to default without aWS", e);
             return awsDefaultValue;
         }

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -10,21 +10,8 @@ default_aws_value = not_using_aws
 AWS_ROLE_ARN= not_using_aws
 AWS_WEB_IDENTITY_TOKEN_FILE= not_using_aws
 secretmountpath = /mnt/secrets-store
-logging.level.root=INFO
-#---
-spring.config.activate.on-profile=kubernetes-vault-ssm
-spring.config.import=vault://secret/secret-challenge
-spring.application.name=secret-challenge
-spring.cloud.vault.scheme=http
-spring.cloud.vault.enabled=true
-spring.cloud.vault.kv.enabled=true
-spring.cloud.vault.uri=http://vault:8200
-spring.cloud.vault.authentication=KUBERNETES
-spring.cloud.vault.kubernetes.role=secret-challenge
-spring.cloud.vault.kubernetes.kubernetes-path=kubernetes
-spring.cloud.vault.kubernetes.service-account-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token
-AWS_WEB_IDENTITY_TOKEN_FILE=not_using_aws
 AWS_REGION=not_using_aws
+logging.level.root=INFO
 #---
 spring.config.activate.on-profile=kubernetes-vault
 wrongsecretvalue = wrongsecret

diff --git a/src/main/resources/explanations/challenge1.adoc b/src/main/resources/explanations/challenge1.adoc
@@ -1,6 +1,6 @@
 === Challenge 1: Hardcoded password
 
-There is a hardcoded password directly hidden in the controller by a developer. He tried to hide it by overloading the value using the `application.properties`.
+There is a hardcoded password directly hidden in the controller by a developer. He tried to hide it by putting the value in the `application.properties`.
 
 This you can easily detect by SAST solutions, solutions like https://github.com/trufflesecurity/truffleHog[truffleHog] and https://github.com/awslabs/git-secrets[git-secrets], and by manual inspection of your `application.properties`.