Skip to content

Commit

Permalink
Merge branch 'master' into doc-fix
Browse files Browse the repository at this point in the history
  • Loading branch information
commjoen authored Nov 15, 2023
2 parents 5f38116 + 5a772a7 commit 7ec1314
Show file tree
Hide file tree
Showing 18 changed files with 439 additions and 284 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/dast-zap-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
- name: Start wrongsecrets
run: nohup ./mvnw spring-boot:run -Dspring-boot.run.profiles=without-vault &
- name: ZAP Scan
uses: zaproxy/action-baseline@v0.9.0
uses: zaproxy/action-baseline@v0.10.0
env:
ZAP_AUTH_HEADER_VALUE: "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
ZAP_AUTH_HEADER: "Authorization"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pre-commit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ jobs:
path: ~/.tflint.d/plugins
key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.1.7
- name: Setup TFLint
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/terraform.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v2
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 0.13.1
- run: terraform init
Expand Down
43 changes: 23 additions & 20 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -142,49 +142,49 @@ Please be sure to take a careful look at our [Code of Conduct](https://github.co
Navigate to the landing page of the repository in your web browser and click on the **_Fork_** button on the repository’s home page.
A forked copy of that Git repository will be added to your personal GitHub.

![](images/fork-project-1.png)
![Click the 'fork' button](images/fork-project-1.png)


### Step 2: Clone the Project.

A **clone** is a full copy of a repository, including all logging and versions of files.
To **_clone_** the Project to your local desktop by clicking on the button as shown below.

![](images/clone-project-2.png)
![Click 'Open the GitHub Desktop' from the code dropdown](images/clone-project-2.png)

### Step 3: Open the Project using IntelliJ IDEA
**_Open_** the Cloned Project using IntelliJ IDEA by clicking on the button as shown below.

![](images/open-project-3.1.png)
![Click 'Open in JetBrains IntelliJ IDEA' button](images/open-project-3.1.png)

**Wait** till the Project Loads.

![](images/wait-3.2.png)
![Loading project](images/wait-3.2.png)


### Step 4: Setup.

Open Settings by pressing **_Ctrl+Alt+S_**

![](images/open-settings-4.1.png)
![Click on 'Settings' button or press Cltr + Alt + S](images/open-settings-4.1.png)

Follow the path **_IDE settings>Language & Frameworks > Lombok_** and then click on **_Lombok._**

![](images/lombok-setup-4.2.png)
![Click on the 'Lombok' button within the path: Settings > Language & Frameworks.](images/lombok-setup-4.2.png)

Make sure that the **_Lombok processing_** is enabled.

![](images/lombok-processing-4.3.png)
![Lombok checkboxes checked ](images/lombok-processing-4.3.png)

Select **_Plugins > Marketplace_** and type 'google-java-format' and restart IntelliJ to install the plugin.

Open Settings by pressing **_Ctrl+Alt+S_**

![](images/open-settings-4.1.png)
![Click on 'Settings' button or press Cltr + Alt + S](images/open-settings-4.1.png)

Select **_google-java-format Settings_** and click enable.

![](images/open-settings-4.4.png)
![The Google-java-format Settings checkbox are checked](images/open-settings-4.4.png)

### Step 5: Project Structure

Expand All @@ -199,11 +199,11 @@ In the tab `SDKs` make sure that an SDK of version `21` is selected.

Open the **_Maven_** Tab

![](images/open-maven-5.1.png)
![Maven tab](images/open-maven-5.1.png)

Press the **_Reload_** button as shown below and allow the project to Reload.

![](images/reload-maven-5.2.png)
![Click the 'Reload' button in the Maven tab.](images/reload-maven-5.2.png)

Further use the **_OWASP WrongSecrets --> Lifecycle --> install_** step to load all the depedencies

Expand All @@ -213,44 +213,47 @@ Further use the **_OWASP WrongSecrets --> Lifecycle --> install_** step to load

Open the **_WrongSecretsApplication_** by following the path **_main>java>org.owasp.wrongsecrets>WrongSecretApplication_**.

![](images/open-application-6.1.png)
![Click on the 'WrongSecretsApplication' file located at main > java > org.owasp.wrongsecrets > WrongSecretApplication](images/open-application-6.1.png)

Press **_Shift+F10_** to run the application, this will open up the **_Run/Debug Configurations Menu._**

![](images/run-application-6.2.png)
![Click the 'Run' button or press Shift + F10](images/run-application-6.2.png)

### Step 8: Setting up Configurations.

Select **_Edit configuration templates_** then select **_Application_** section.

![](images/edit-config-7.1.png)
![In the bottom left corner click on 'Edit configuration templates...'](images/edit-config-7.1.png)

There under the **_Application_** section click on the button shown below.

![](images/modify-options-7.2.png)
![In the application section, click 'Modify options' to show below](images/modify-options-7.2.png)

**_Select_** all the fields that are Selected in the below picture.

![](images/select-options-7.3.png)
![In the Run Options select: 'Enviroment variables' | 'Add VM options' | 'Shorten command line' | 'Specify classes and packages' | 'Open run/debug tool window when started'](images/select-options-7.3.png)

**_Fill out_** all the fields as shown below.

![](images/fill-fields-7.4.png)
![Fill out the fields(The working directory depends on the enviroment setup): | Build and run: org.owasp.wrongsecrets.WrongSecretsApplication : -Dserver.port=8080 - Dspring.profiles.active=local,without-vault. | Working directory: /Users/razr/workspace/owasp/wrongsecrets | Environment variables: K8S_ENV=docker| Packages and classes to include in covarege data: org.owasp.wrongsecrets.*| ](images/fill-fields-7.4.png)

Again press **_Shift+F10_** which runs the Application.

![](images/run-application-6.2.png)
![Click the 'Run' button or press Shift + F10](images/run-application-6.2.png)

### There you have it, **_WrongSecrets_** running successfully.

Here is a _preview_ on how does it look after successfully running the Application.
**Note:** Running the Application doesn't open any kind of **_GUI_**, it only initializes the **_local webserver_** that you can open via a **_browser._**
![](images/final-output-8.png)
![LOGS:
Tomcat initialized with port(s): 8080 (http) | Startubg servuce [Tomcat] | Starting Servlet engine: [Apache Tomcat/10.1.4] | Initializing Spring embedded WebApplicationContext | Root WebApplicationContext: initialization completed | Initializing challenge 8 with random value DpUOgeqY47 | Using generated security password: 652e1f46-bad4-48e2-983e-8534a4748796| This generated password is for development use only. Your sercurity configuration must be updated before running your application in production. | Validated configuration attributes | Adding welcome page template: index| Exposing endpoint(s) beneath base path '/actuator' | Tomcat started on port(s) (http) with context path '' | Started WrongSecretsApplication (process running) ](images/final-output-8.png)
Here is the preview of the **web server**, you can try to find the secrets by means of solving the challenge offered at: [**Challenges**](https://github.com/OWASP/wrongsecrets#basic-docker-exercises)
![](images/screenshot.png)
![Preview Challenge 1](images/screenshot.png)
---
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM amazoncorretto:21.0.0-alpine
FROM amazoncorretto:21.0.1-alpine

ARG argBasedPassword="default"
ARG argBasedVersion="0.0.0"
Expand Down
34 changes: 17 additions & 17 deletions aws/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions aws/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -111,15 +111,15 @@ The documentation below is auto-generated to give insight on what's created via
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.1 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.19.0 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.23.1 |
| <a name="requirement_http"></a> [http](#requirement\_http) | ~> 3.4.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.5.1 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.19.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.23.1 |
| <a name="provider_http"></a> [http](#provider\_http) | 3.4.0 |
| <a name="provider_random"></a> [random](#provider\_random) | 3.5.1 |

Expand All @@ -128,7 +128,7 @@ The documentation below is auto-generated to give insight on what's created via
| Name | Source | Version |
|------|--------|---------|
| <a name="module_ebs_csi_irsa_role"></a> [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 5.5 |
| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | 19.16.0 |
| <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | 19.17.4 |
| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.1.1 |

## Resources
Expand Down
2 changes: 1 addition & 1 deletion aws/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ module "vpc" {

module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "19.16.0"
version = "19.17.4"

cluster_name = var.cluster_name
cluster_version = var.cluster_version
Expand Down
2 changes: 1 addition & 1 deletion aws/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.19.0"
version = "~> 5.23.1"
}
random = {
source = "hashicorp/random"
Expand Down
30 changes: 15 additions & 15 deletions azure/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions azure/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -106,15 +106,15 @@ The documentation below is auto-generated to give insight on what's created via
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.1 |
| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 3.75.0 |
| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 3.78.0 |
| <a name="requirement_http"></a> [http](#requirement\_http) | ~> 3.4.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.5.1 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.75.0 |
| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.78.0 |
| <a name="provider_http"></a> [http](#provider\_http) | 3.4.0 |
| <a name="provider_random"></a> [random](#provider\_random) | 3.5.1 |

Expand Down
2 changes: 1 addition & 1 deletion azure/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ terraform {
}
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.75.0"
version = "~> 3.78.0"
}
http = {
source = "hashicorp/http"
Expand Down
56 changes: 28 additions & 28 deletions gcp/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 7ec1314

Please sign in to comment.